Data protectionProtecting your privacy

Protecting your privacy

We, the companies of the Abacus Group in Switzerland (“Abacus”) respect your privacy and protect your personal data according to the applicable data protection laws.

The companies of the Abacus Group in Switzerland include the following companies:

Abacus Research AG / Abacus Research SA
Abacus Business Solutions AG
Abacus Services AG

This is the joint Privacy Policy of these companies of the Abacus Group in Switzerland. It shall apply to all its websites, including

abacus.ch
abacus-solutions.ch
abacus-services.ch
abaclik.ch
abaclock.ch
abaplan.ch
abapoint.ch
abaweb.ch
brand.abacus.ch
downloads.abacus.ch
educationhub.abacus.ch
help.abaclik.ch
hr-portal.ch
jobs.abacus.ch
kurse.abacus.ch/de/home
mediahub.abacus.ch
mistertime.ch
partner.abacus.ch
shop.abacus.ch

with the associated sub-pages, as well as for our corporate pages on LinkedIn, Xing, YouTube, Instagram, and Facebook.

Access to our website is free, although some of our online offers are restricted to certain users and require registration. Our online offer is not aimed at children, consumers, or the general public.

Our websites are generally structured in such a way that you can visit them without having to disclose any personal data. When you visit our websites, we ask you for your consent to certain data processing, which you can accept or reject.

If you decide to provide us with personal data, we consider it our duty to handle this personal data very carefully and within the framework of the legal requirements.

This Privacy Policy is intended to provide you with comprehensive information about the data processing carried out by us, and applies to all data processing by Abacus, regardless of whether we receive your personal data online or offline, and regardless of the communication channel (such as company website, other company websites on the Internet, by telephone, e-mail, post or personal contact).

Data controllers

The controllers for data processing may be – depending on the individual case:

Abacus Research AG
Abacus-Platz 1
9300 Wittenbach – St. Gallen
Schweiz
T +41 71 292 25 25
F +41 71 292 25 00
info@abacus.ch

Abacus Research SA
Place de la Gare 2C – CP 104
2501 Biel
Schweiz
T +41 32 325 62 62
contact@abacus.ch

Abacus Business Solutions AG
Zürcherstrasse 59
8800 Thalwil
Schweiz
T +41 44 723 99 99
F +41 44 723 99 00
info@abacus-solutions.ch

Abacus Services AG
Place de la Gare 2C – CP 104
2501 Biel
Schweiz
T +41 32 325 62 62
contact@abacus.ch

We have appointed a data protection officer for these companies of the Abacus Group. They can be reached at datenschutz@abacus.ch

Insofar as Abacus processes personal data and the General Data Protection Regulation (“GDPR”) applies to this processing, we have appointed as our representative in the EU:

Abacus Business Solutions GmbH
Mies-van-der-Rohe-Straße 6
Tower 1 – 10. OG
80807 München
datenschutz@abacus.eu

If you have any questions about data protection, you can contact us at any time.

What Is Personal Data?

Personal data is any information about personal or factual circumstances of an identified or identifiable natural person (“data”). This includes, for example, the name, address, telephone number or e-mail address. This term does not include anonymized data or information whose content does not indicate or suggest the identity or material circumstances of an identifiable person, such as the number of visitors to a website.

There are also so-called special categories of data (“sensitive data”). This includes data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data for your unique identification, health data, or data concerning your sex life or sexual orientation. We will process such data only – if at all – with your express consent, unless another legal basis requires such data processing.

Our Data Processing and Your Data

The contents and information presented on our websites serve for your general information about us as a company, as well as about our Abacus products and services. It is also possible, however, that data may be disclosed by you or collected by us for certain purposes when using our websites. In addition, as a company we process data that you provide us with or transmit to us in other ways, for example, by post, e-mail, telephone, in a business transaction or through personal contact.

Our data processing includes, for example, the collection, storage, transmission, deletion, and other processing of your data. Only data that is necessary and proportionate for the intended purpose is processed.

We process data for the purposes specified by us in each case or for the purposes requested by you. Data will be processed outside of the respective intended purposes only if we inform you accordingly, and it is lawful to change the purpose.

In the following, we will inform you about the data we, as a company, process, for what purpose, and the legal basis of such processing.

Your Contacting Us

You can enter your contact data and your interest in our products and services in a contact form, a request, in a personal contact during an event or for a web demo or contact us in other ways, so that we or partners selected by us or another company of the Abacus Group can get in contact with you, inform you about Abacus products and services, conduct a web demo with you or present other offers. We also store and process information that you select from lists and menus on the website. When you send us an e-mail, we save the content of the e-mail as such, as well as data that is generated when you send requests to our e-mail server, such as sender and recipient IDs, time stamps and, if applicable, error or rejection reasons if the transmission of an e-mail fails. To receive information material, you can also provide us with your e-mail address so that we can send you the requested information by e-mail based on your consent.

We use your data ourselves, or pass it on to relevant companies. This is done in accordance with data protection and competition law requirements.

We process your data on the basis of legitimate interests. The processing is done both in your interest – you have contacted us – and in ours, in order to ensure the satisfaction of all persons sending inquiries, if necessary to perform a contract with you or to carry out pre-contractual measures. We will only process your data for the purpose of contacting you.

Your data can be stored in our Abacus CRM system and in other technical systems. When you use a website form, your data will be transmitted encrypted according to the current state of technology. You give us your data voluntarily, whereby only as much data as necessary is requested (mandatory fields are marked with *). All other information is optional.

Transfer of Data to Selected Partners or a Company of the Abacus Group
If we find that we can only answer your request to your satisfaction with the support of another company of the Abacus Group or a selected partner, we can transfer your data due to legitimate interests or, if necessary, we will ask for your consent to transfer your data. Consent is voluntary and can be revoked at any time for the future.

Data Processing When Using Our Mobile Applications

As for how and which data is processed when using a mobile Abacus application, please refer to our privacy policy for mobile applications.

Your Application

On our websitejobs.abacus.ch and our company websites at LinkedIn and Xing as well as on various job portals, you have the opportunity to find out about current vacancies at Abacus Research AG in Wittenbach and Abacus Research SA in Biel, and to apply for them. The privacy policy for our job portal, which can be viewed under jobs.abacus.ch/datenschutz-jobportal.

Your Application to Abacus Business Solutions AG
If you would like to apply for a job at Abacus Business Solutions AG in Thalwil, you can obtain information under «Jobs» about current vacancies through the respective links, and apply for them. At this time, applications, including unsolicited applications, can be sent by e-mail to jobs@abacus-solutions.ch. We would like to point out that unencrypted e-mails are not protected against unauthorized access when sent. You can encrypt your attachments for the application yourself, for example, with a ZIP solution, and communicate the corresponding password separately (by telephone).

If you apply by e-mail for an advertised position, the data you provide (e.g., title, name, postal address, e-mail address, telephone number, languages, earliest starting date, your cover letter, as well as other data and documents you provide to us) will be stored in order to process your application. This is done in order to take pre-contractual measures with you in relation to your possible employment.

Other Data Processing in the Context of Your Application
If you provide references as part of the application process, we assume that, if the data of a natural person is involved, you have obtained their consent for us to contact them and that you agree with our obtaining a reference from this person. Should we ask for a reference, we will only contact them with your consent. Consent is voluntary and can be revoked at any time for the future.

To get a better idea of your professional background, we may visit your professional profiles on LinkedIn and Xing. We process this publicly accessible professional data about you in our interest to find out whether you fit the advertised position and our company. You can tell us if you do not want this. Data from social networks or other Internet sites that do not have a company or employment-oriented context will not be viewed by us, or their data will not be processed.

Quality of Your Data for an Application
The information you provide should be accurate, complete, not misleading and up-to-date. Failure to do so may mean that your application cannot be considered, or that appropriate legal consequences may entail after you have already been hired.

Storage Period of Your Application
If the application procedure does not lead to a hiring, your application will be deleted at the latest four months after the end of the application procedure, unless the data is needed to defend against legal claims against us arising from the application procedure (this is done on the basis of our legitimate interests), another deadline is provided for by law, or you have not expressly consented to the further processing of your data. If your application leads to employment, all necessary data will be processed within the framework of your employment relationship in accordance with the statutory provisions.

Services requiring login and registration

As part of our web presence or when using our support, it is possible that you may use online services that require you to log in or register.

This concerns in particular our PartnerPortal, the Media Hub, and the Education Hub on our websites, but also the execution of a web demo (online presentation) which provides you with a better picture of Abacus products and services, remote access in a support case, registration for events, making an appointment or the use of certain Abacus products and services.

When registering or logging in to such services, you are required to enter and transmit to us a certain amount of data resulting from the relevant form or our queries. When using such a form, your data will be transmitted in encrypted form according to the current state of the art. You provide us with your data voluntarily, and only as much data as necessary is requested (mandatory data are marked with *). All other information is optional. In some cases, you must register for certain areas and use login data with a password or another authentication procedure. Abacus is free to choose such authentication procedures. The data to be provided results directly from the specific procedure used. You are under obligation to choose strong passwords. You are responsible for the security of your access data and must not pass them on to unauthorised third parties.

The processing of your data within the scope of such login and registration requirements is carried out with your consent when registering or logging in, based on our legitimate interest in providing you with the information necessary to use our products and services satisfactorily, in order to be able to contact us and for the proper processing of an existing contractual relationship.
 

Log into our Portals
If you are an authorised user of our portals, you can be given access to these portals. This requires you to provide your e-mail address, your first and last name and the company for which you work. To log in to these portals, use the authentication options provided for this purpose and the login data required for this purpose.

After successfully logging in, you have the option of using the services (some of which are subject to a fee) on these portals. In the Media Hub, for example, you can place documents with your company logo in a shopping basket and then download them. A cookie is used for the duration of this session, which enables your logo to be displayed in the documents. Embedded YouTube videos can also be viewed within the framework of YouTube's "nocookies" settings. You can find more information on this under "YouTube videos".

You can subscribe to Abacus mailing lists on specific topics in the PartnerPortal. By saving your registration to a mailing list, you give your consent to receive (personalised) information on the relevant topics by e-mail. You can unsubscribe from mailing lists at any time by making a new selection and saving it. You will then be removed from previous mailing lists.

In the Education Hub you will find all the latest product innovations course materials currently available. This includes documents, videos and sample clients. This content is continuously updated and supplemented. It is possible to determine within the Education Hub who has logged in, which paid training videos are being used and how long the respective user views a training video. We can then inform third parties, such as our partners, whether and how our offer is being used or how it should be used.

Your authorisation to use these portals ends when you leave the company from which you received authorisation. Your access data will be disabled by the company you were working for once your access authorisation has lapsed, if necessary with the assistance of Abacus Support. This also means that you will be deleted from registered mailing lists.
 

Registration for a Webinar via LIVESTORM 
On some of our websites you can schedule an appointment with us on certain topics. To do this, select the topic that interests you from a variety of options and specify a date. To set up the appointment, the form asks for your e-mail address, your name and the location of the meeting. Your company name and whether you are interested in other topics are optional. Before you complete the appointment, you can check and adjust your data again.

We need this data to be able to plan and conduct the meeting with you We use LIVESTORM SAS, 24 rue Rodier, 75009 Paris, France, for the registration and implementation of the Webinar. This is a service provider commissioned by us, to whom your data will be passed on for the purposes described above. It has been carefully selected and contracted by us, is bound by our instructions and is regularly monitored. For its services, it uses Amazon Web Services LLC, P.O. Box 81226. Seattle. This is an American company, so there is the possibility that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is the possibility that U.S. companies are obliged to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. Abacus cannot therefore exclude that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that.  However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.
 

Log in to AbaSky (Internet subscription)
If you are an authorised user of AbaSky as a sales partner or installation operator, an account will be created for you at AbaSky so that Internet subscriptions can be activated for your customers. This requires you to provide your e-mail address, your first and last name, the company for which you work, and an authenticator chosen by Abacus are required.

A login to AbaSky takes place with your consent when registering for it and for the proper processing of an existing contractual relationship regarding the activation of Internet subscriptions.

AbaSky stores your contact data as a sales partner or installation operator and data of your customers such as name, e-mail address, telephone number and (billing) address, and possibly data of your employees if you enter them. The activated Internet subscriptions are stored and how the collection for these is handled. AbaSky is only the platform for managing the activated Internet subscriptions.

The data processed via Internet subscriptions is processed by the installation operator and not by Abacus Research AG.

If you, as the installation operator, have purchased Internet subscriptions for your customers, they can access and use the Abacus software by means of a link sent by you to your customers or by means of the purchased AmID (Abacus Mobile ID) after registering with you. You are required to maintain data protection in the context of your data processing when using AbaSky if you register the customers and their employees there. You also have the option of changing or deleting the data collected there. We recommend that you only collect necessary data and as little as possible and that you anonymise or pseudonymise the data in advance. After termination of the use of an Internet subscription, the corresponding data is deleted in AbaSky in compliance with legal and contractual retention and documentation obligations.

The data hosted in the cloud solution in connection with the purchase of an Abacus terminal when using AbaClock and AbaPoint and the mobile application AbaClik are described in the privacy policy of the mobile applications.

Your authorisation to use AbaSky ends when you leave the company from which you received an authorisation. Your access data will be disabled by the company you worked for after your authorisation has ceased, if necessary with the assistance of the sales partner or Abacus Support.

Using a Help Center

You can obtain publicly accessible information about our products and services on our website. It may sometimes be possible to access an Abacus Help Center, for example, for AbaClock, AbaClik, AbaNinja, Internet subscriptions or AbaTime, to obtain general information, as well as, if you are an authorized user of an Abacus Cloud Account, to write articles and post public comments. We will require your name and e-mail address for this, and, optionally, a profile picture as well as your phone number. Registration for the Abacus Cloud Account requires entering the first and last name, an e-mail address and a password (at least eight characters, one digit, two lower case letters, and one upper case letter). You need the username and password to log in. Alternatively, you can log in using other accounts, such as your Microsoft, Apple, or Google accounts. The privacy policies of these services apply.

After successful registration, you can use the offers available in the Help Center. You can write your own posts and comments, and delete them again, as well as follow or unfollow other posts, members or comments. The Help Centers contain descriptions of how you can use the different functions.

Posts and comments will be published with your specified user name. You can use a pseudonym. If you post a comment, this comment and your IP address will be saved. This is necessary so that we can defend ourselves against liability claims when users publish unlawful content. We need your name and e-mail address in order to contact you, also in the event that your post or comment is flagged as unlawful. We do this due to our legitimate interests and in order to meet existing legal obligations. Posts and comments will not be checked before publication. However, we reserve the right to delete them if they could be flagged as unlawful, or if we have a legitimate interest in deletion.

If you follow a post, member or comment, you will be informed if there are any further comments or posts. We use in this context your e-mail address that you have entered in your profile. You can unsubscribe from the notifications at any time by clicking on the link contained in the e-mail or by logging out of your account.

Your use of the Abacus Cloud Account ends if you inform us that you are no longer interested in any further use, or we have a legitimate interest in terminating your use. This also means that you will be deleted from registered notification lists. In such a case, we will delete your access authorization and your data, unless there is a conflict with storage or documentation obligations or further processing is justified, about which we will inform you.

For various support services, such as our Help Center (e.g., for AbaNinja and AbaTime), Live Chat Tools, website tickets and the Knowledge Base, we use Zendesk, 1019 Market St, San Francisco CA 94103 (hereinafter “Zendesk”). This is a service provider commissioned by us, to whom your data is passed on for the purposes described above. It has been carefully selected and commissioned by us and is bound by our instructions and regularly monitored. The data required for the support service will be transmitted to Zendesk. This data is also processed outside of Switzerland; data is currently being processed in the EU, which offers a level of data protection appropriate for Switzerland. We would like to point out that it is up to you which data you include in the posts or comments in the Help Center or in other support services.

You will find Zendesk’s current privacy policy here: https://www.zendesk.de/company/customers-partners/privacy-policy/

Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

Events

Registration and Participation in an Event
You can register for an event, such as a course, workshop, forum, webinar, seminar, consultation, (online) event, training or trade fair (“event”) via our website. You can send your registration for an event in writing by post or fax to the contact address given in each case, or you can book your participation in the event directly on our website on the Internet or by telephone. The data provided by you will be stored by us and processed for the planning and implementation of the event, as well as for follow-up support of the participants and, if necessary, passed on to our contracted service providers. If you participate in an online event, webinar, survey or exam, certain data, such as your e-mail address, name or the company you work for, will be required for the execution of the online event, webinar, and evaluation of the survey or exam. In some cases, a survey may also be conducted anonymously. Contracted service providers, in particular, are used to organize such events. These have been carefully selected and commissioned by us; they are bound by our instructions and are checked regularly. On request, we will gladly provide information about our contracted service providers.

As part of an event, for example, when participating in a course, you can receive a link for login and password-protected access to a learning environment (e.g., a sample client) for practical exercise regarding the course content, and for a final exam of the course content. You are obligated to choose a strong password and to keep your login data confidential, and not to pass them on. This access is available during the course and for the practical exam.

Data provided in the learning environment is fictitious data. You are also required to process fictitious data in the learning environment. You yourself are responsible for the data processed there. We also have full access to the learning environment to provide support and to evaluate the results following a practical exam. After this evaluation, all data in the learning environment is deleted and all access rights are withdrawn. You will receive a certificate after successfully passing the exam.

Before the exam, you will be informed about the execution, evaluation and the respective weighting of the exam parts. For the theoretical test, a contracted service provider is commissioned to administer the test. You will receive a link for this exam by e-mail, after which you must register for the theoretical exam with your e-mail address and the name of the company you work for. After the theoretical exam, we receive the evaluation and can assess it together with the results of the practical exam. You will receive the result of the exam by e-mail. Each participant will receive a course confirmation and, if the exam is passed successfully, a certificate, which will be sent by post.

For some events (such as for certification as Abacus Solution Expert), it is necessary to survey your customers in order to validate the requirements (e.g., the customer projects). In such a case, you ensure that we can carry out the necessary prerequisites, such as a customer survey. Generally, we do this by interviewing your customer by telephone or by sending a questionnaire by e-mail.

We reserve the right to publish your information, for example, with a certificate stating your name, company and, if applicable, photo and company logo (e.g., website, flyer, reports in the organizer’s customer magazine (e.g., Pages), for company postings in social media, in the PartnerPortal, etc.). We reserve the right to delete these publications at any time without giving reasons.

Data Processing due to COVID-19 Contact Tracing
At events, we maintain attendance lists of the people involved, so that chains of infection can be traced. The name, telephone number and – if available – the seat number (for rows of seats) are recorded. The corresponding list is kept for 14 days and then deleted. It can be made available to the authorities if required, so that they can perform contact tracing. We provide information about our handling of attendance lists before an event.

Registration for an Event via Evenito
You can use our websites to register for events organized by us. These are partly free of charge, but some are also subject to a fee. Such events are subject to the “General Terms and Conditions Events «AGB Veranstaltungen», which you accept by registering for the event.

The following data can be transmitted from you to us: Salutation, name, e-mail address, mobile phone number, your function or position, name and contact details of the company you work for, the industry, and the number of employees. You can also specify your sales partner. You may also subscribe to our newsletter. You can cancel your newsletter subscription at any time. Details can be found in the “Newsletter” section.

We use your data so that you can participate in our event, and we can keep in contact with you. For the planning and implementation of the organization of such an event (including invitations to (future) events and confirmations of participation), we use the services of evenito AG, Limmatquai 122, 8001 Zurich, Switzerland. This is a service provider commissioned by us who receives your data for the purposes described above. It has been carefully selected and commissioned by us and is bound by our instructions and regularly monitored. It also uses providers abroad for its services, and has ensured through appropriate guarantees that an adequate level of data protection exists for your data.

Participation in a Competition at an Event
If it is possible to participate in a competition at an event, the following applies: Participation in the competition is voluntary. There is no right to participate in the competition. Eligible to participate in the competition are people aged 18 and over. By entering the competition, you confirm that you are of legal age. You must be a resident of Switzerland to claim any winnings. Any entrant who provides his or her details (such as e-mail address after a “Catch Mister Time” game or when filling out a form) may enter the competition. The winner is the person who is drawn as the winner at the end of the event or who has the highest score in the “Catch Mister Time” game. At our discretion, additional winners may be determined based on the number of prizes or points scored in the “Catch Mister Time” game (e.g., second and third places). The game “Catch Mister Time” can be played more than once, and the e-mail address can be entered more than once, but only the score will determine the best player and a possible prize. Otherwise, only one entry in a competition is possible at an event.

The determination of the winner(s) will be made by us at the end or after the event. The winner(s) will then be notified directly at the event or later by e-mail. The notification of the winners is subject to change. If a winner does not respond within two weeks after receiving the notification, the claim to the prize will be forfeited and the next ranked winner will be determined as the new winner. The claim to the prize lapses if the prize cannot be sent within one month of the first notification of the prize for reasons attributable to the winner. The prize will be sent by post to the postal address provided by the winner. Delivery is free of charge within Switzerland. The place of performance is our company headquarters despite our payment of the shipping costs. A cash payment of the prize or any substitute prize or the exchange of the prize is not possible. We exclude any liability with regard to a prize, to the extent permitted by law. There is no liability for legal and/or material defects of the prize. The judges’ decision is final. Our employees are excluded from participating in the competition.

We use your data in the context of the competition on the basis of your consent to participate in the competition. You can revoke this at any time with effect for the future. You will find further information on revocation under “Your Rights”.

Video and Photo Recordings When Participating in an Event
We reserve the right to take photos and videos during an event where you might also be seen. These photos and videos are used exclusively for our own purposes (e.g., use within a series of lectures or training courses, webinars, online events, for our own company websites, flyers, reports in our customer magazine (e.g., Pages) or via newsletter, for company postings in social media, in the PartnerPortal, information to participants via e-mail, etc.) to report on the event or to document it. If you are portrayed as part of a larger group of people, or if you are merely an “add-on” to a building or location where you are not the center of attention, we may create these photos and videos for the purposes described above based on our legitimate interests. You can object to such use at any time. Should you be portrayed as an individual or be the focus of recordings, we will obtain your consent for such a recording to be made on site during the event. You will then have a right of revocation regarding your consent.

If photos and videos (sound and image) are taken of you, such as for testimonials, for giving lectures or training, for your support in improving or developing our products or services, this will only be done with your consent. You can also revoke this consent at any time; details are given in the specific declaration of consent.

Online Events
More and more events are being held as pure online events to protect participants. These can be training or information events, but also have other contents. This requires registration for the event, for which you will be sent an e-mail with a participant link to join the online event. There will be live presentations, video demonstrations and active exchange of information between the organizer and the participants.

It is possible that we may record the online event in sound and video and that participants may be heard and/or seen. These recordings are used exclusively for our own purposes (e.g., use within a series of lectures or training courses, webinars, online events, for our own company websites, flyers, reports in customer magazines, company postings in social media, the PartnerPortal, newsletters, information to participants by e-mail) to report on the online event, to document it or to show it again.

When participating in such an event, the participants are set to “mute”, and it is not necessary for participants to release their camera in order to send pictures of themselves. Sound and/or video is activated only by participants following their release. With such release, participants give their consent that sound and image recordings of the online event may also include recordings of them. No sound or image recordings will be edited out subsequently. If participants do not wish to be recorded, they should not activate their audio and video functions during the entire online event. Questions to the moderator(s) can then still be sent via the chat function. These will be answered by the moderator(s) as far as possible within the online event or personally via the chat function.

For the planning and execution of the organization of such online events (invitations to (future) events, confirmations of participation, analysis of the online event or surveys about it), we use the services of evenito AG, Limmatquai 122, 8001 Zurich, Switzerland. This is a service provider commissioned by us, to whom your data is passed on for the purposes described above. It has been carefully selected and commissioned by us and is bound by our instructions and regularly monitored. It also uses a provider abroad for the implementation of such an online event.

Data may be transmitted to Kaltura, Inc., 250 Park Avenue South, 10th Floor, New York, New York 10003. This is an American company, so there is a chance that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

Furthermore, we ourselves use service providers commissioned to plan and organize such online events, who may receive data for the purposes described above. These have been carefully selected and commissioned by us; they are bound by our instructions and are checked regularly. We use software solutions from Zoom Video Communications (Zoom), Inc., 55 Almaden Blvd, Suite 600, 95113 San Jose, California/U.S., and Slack Technologies, Inc. (Slack), 500 Howard Street, San 94105 Francisco, California/U.S.

These companies also process data in the USA, so there is a possibility that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

AbaTime – Cloud-based Time Recording

As AbaTime, we offer you Abacus “Time Recording” as Software as a Service. This enables you to record your employees’ working hours and absences and process them accordingly. For this purpose, the mobile Abacus applications as well as the web-based employee portal MyAbacus are also available. You can take out Internet subscriptions for your employees so that they can record their own times, absences and, if necessary, expenses.

To test AbaTime in advance, you can use a demo environment after consulting with us or following online registration. You will need a username and password to register for this, which you will receive from us. The link for access to the demo environment is only active for one week (from Friday to Friday) If you do not log in within this period, the access link will automatically become invalid. You are responsible for the data you enter into the demo environment. We would like to point out that only test data can be used; personal data cannot be entered. All data is deleted from the demo environment when the use of the demo environment is automatically terminated. A demo environment is available for a maximum of one week until Friday morning at 7.00 a.m.

Afterwards, you may use AbaTime as Software as a Service following registration and acceptance of the General Terms and Conditions and a login. When using the functionalities of AbaTime, your data and the data of your employees are stored and processed. This includes the following data: Salutation, first name, last name, telephone number, e-mail address, department, function/position, absences (illness or holidays), holiday balance, extra hours balance, overtime balance, working hours and workload, postcode, town, canton, plus optionally the date of birth, gender, and home country. You can change, edit and also delete this data yourself in AbaTime.

To use the functionalities of AbaTime, your data is stored in a cloud solution. The servers are located in Germany, which has an adequate level of data protection equivalent to Switzerland, as well as in Switzerland. This is a service provider commissioned by us, to whom your data is passed on for the purposes described above. It has been carefully selected and commissioned by us and is bound by our instructions and regularly monitored. Should data also be processed outside Germany or Switzerland, it is contractually ensured that an adequate level of data protection is established for Switzerland by means of appropriate regulations. On request, we will gladly provide information about our contracted service providers.

Within the framework of AbaTime, we use live chat to process user requests and, for support cases, a ticket system from Zendesk, 1019 Market St, San Francisco CA 94103 (hereinafter “Zendesk”). This is a service provider commissioned by us, to whom your data is passed on for the purposes described above. It has been carefully selected and commissioned by us and is bound by our instructions and regularly monitored. The data required for the support service is transmitted to Zendesk. This data is also processed outside of Switzerland; currently, data processing takes place in the EU, which offers an appropriate level of data protection for Switzerland. We would like to point out that it is up to the user to decide which data is included in the live chat and the ticket system. You are required not to submit any (confidential) data, but only your request or a description of a possible technical fault.

You will find Zendesk’s current privacy policy here:  https://www.zendesk.de/company/customers-partners/privacy-policy/

Zendesk is an American company, so there is a chance that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

If you have taken out Internet subscriptions for your employees via AbaTime, these can be used via a link sent to your employees after they have registered with AbaTime. This means that your employees can also access AbaTime. You yourself are responsible for ensuring data protection when processing data via AbaTime if you enter employees there. You have the possibility to enter, change or delete data there. After termination of the use of AbaTime, access to AbaTime is blocked, and the data stored in it is deleted within five working days. Data that Abacus is legally or contractually obliged to store for a limited period of time, as well as data that is still needed for the settlement or collection of the services provided, shall be excluded from the deletion. You can export certain data from AbaTime.

Your authorization to use AbaTime as an employee ends when you leave the company from which you received authorization to do so. Your access data will be blocked by the company for which you worked, if necessary, with the assistance of AbaTime Support.

When using AbaClock, the modern iPad time recording system from Abacus, the provisions for data processing, as derived from the contract for the use of AbaClock, also apply. As for how and which data is processed by mobile Abacus applications, please refer to our privacy policy for mobile Abacus applications. Regarding the use of AbaTime, it is possible to enter into an agreement for contract data processing with Abacus Research AG in its current version.

Use of Abacus Shop

If you want to order from our Abacus Shop, we will need certain data for the conclusion of a contract for the purpose of processing your order. It is necessary that you register as a customer in the Abacus Shop, so that your order can be assigned to the Abacus products you use. Select login data (any username and password) for the account, and fill in the marked fields correctly (name, address, e-mail address). These necessary mandatory details are marked with an asterisk*; further details are voluntary. Some products require you to enter an “AMID” (Abacus Mobile ID) when ordering, so that we can assign your order. We process the data provided by you to process your order, and within our legitimate interests in a successful customer relationship.

The data in your account is also stored for future purchases. You can edit the data under “My Account” yourself, and delete all data, including your user account, by contacting website@abacus.ch.

In this context, we reserve the right to use your e-mail address for direct advertising or for the transmission of technical information for our own products similar to the products already purchased, unless you have objected to such use. These e-mails serve our legitimate interests in contacting our existing customers for advertising purposes, after a weighing of interests. We are required to clearly inform you, when collecting the e-mail address and during each use, that you can object to such use at any time.

Pursuant to commercial and tax law requirements, we are obligated to store your address, payment and order data for the legally prescribed period. To prevent unauthorized access to your personal data by third parties, the ordering process is encrypted using TLS technology.

Recommendations and References

With your consent, we publish on our websites and elsewhere (such as in newsletters or our customer magazine Pages) your personal recommendations or references by photo, video or written statements as a satisfied customer, or how to use our products and services. We may sometimes also use your company logo. This will be done with your consent. You can revoke your consent to this; details are given in the specific declaration of consent.

Google Maps

We integrate the maps of the “Google Maps” service (a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, “Google”) This allows us to display an interactive map directly on the website, so that you can use the map function conveniently. When you visit the website with the Google Map, Google receives information from your IP address that the relevant subpage has been accessed. In addition, further access data and log files are transmitted. Data is processed regardless of whether you have a user account and are logged in. If you are logged in, your data will be assigned directly to your user account. We recommend that you log out regularly after using such a platform, as this will help you avoid having such data associated with your profile.

As a user of Google Maps, you are bound by the Additional Terms of Use for Google Maps/Google Earth including the Google Privacy Policy [https://policies.google.com/?hl=en]. You can obtain further information on the purpose and scope of data collection and processing by Google by clicking on these documents in the map section. They also contain further information about your rights and the settings available to protect your privacy from Google.

Google LLC. as the parent company of Google is an American company, so there is the possibility that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

Display in Google Maps as Provider of AbaNinja and AbaWeb Applications
If you would like to be listed as a provider of AbaNinja and AbaWeb applications, you can provide the contact details of your company after giving your consent. This information is then displayed on a Google map within our website. This is done following your consent in the relevant registration form. The company and the relevant contact data can be found and displayed on the map by means of a search function. In the registration form for this publication, you can give your consent by checking a box and withdraw it by unchecking the box if you no longer wish the company to be shown on the map. This can be done at any time.

Otherwise, the terms and conditions of Google for the use of Google Maps apply.

Surveys on Our Products and Services

We may conduct surveys on specific topics (e.g., to improve and expand our products and services). Your opinion is very important. A survey will help us determine customer satisfaction with current solutions and the needs of our customers. This is both in our and your interest when you use our products and services. For this purpose, we send selected persons an invitation e-mail with a link to the survey. We receive your name and e-mail address as part of our contractual relationship with the company for which you work. Participation in a survey is always voluntary, and only with your consent. By closing the browser, you can end the survey at any time without any negative consequences for you. We store and evaluate the results of the survey based on legitimate interests in order to improve our products and services. We may also share the results of surveys with our sales partners, other business partners or interested parties, in which case no personal data is disclosed.

In the context of a survey, you also provide us with data, such as your name, your e-mail address or the company you work for, as well as data resulting from the survey and data you enter (in free text) in the survey.

We use the services of QuestionPro GmbH, Friedrichstrasse 171, 10117 Berlin, Germany, for surveys. We have carefully selected this contracted service provider, whose servers are located in the Netherlands, which has an adequate level of data protection. QuestionPro’s “Respondent Anonymity Assurance (RAA)” may also be activated for a survey. This means that no data from you, which could provide information about your identity, will be transmitted to us in the context of the survey results. If you have received an invitation to the survey by e-mail and have clicked on the survey link, it will not be possible to draw any direct conclusions about your person in the evaluation after the survey has been completed. At no time will you have to provide personal information, neither your name nor your e-mail address, as part of the survey. Only such data that you yourself voluntarily enter as free text will be transmitted to us with the evaluation of the survey. Otherwise, the results of the survey will only be transmitted to us in anonymized form. Details on RAA can be found here: https://www.questionpro.de/raa/

After a survey, it may sometimes happen that, due to small participant numbers, we are able to draw conclusions about you as a participant in the survey or as the recipient of the e-mail containing the survey link. After we receive the results of the survey, we will store, evaluate, and use them to improve our products and services. We do not pass on these results or your data to any other third parties, unless we are required to do so by law or regulation.

When you visit the survey website, which uses state-of-the-art encryption, only functional cookies are used, which process only such data as is necessary for the use of the website, the survey, and its evaluation. No other analysis tools are used on the survey website. Generally, an anonymous survey does not link you to the use of the survey website.

AbaNinja – the Cloud-Based Business Software for Small Business

General Use
After successful registration at the Swiss21.org portal and the opening of an AbaNinja account at Abacus Research AG, for which the first and last name, an e-mail address, a password (at least eight characters, one digit, two lower case letters and one upper case letter), as well as further data after confirmation of the e-mail address are requested, the AbaNinja owner can log into Abacus AbaNinja (“AbaNinja”). The login requires a username and password. Alternatively, you can log in using another account, such as your Microsoft, Apple, or Google account. The privacy policies of these services apply.

AbaNinja consists of the use of the Abacus AbaNinja software over the Internet and the storage of data in the context of hosting in order to use AbaNinja. The owner responsible for the use of AbaNinja as well as administrators authorized by the owner can grant access to AbaNinja to other users (as authorized users). These users can be given different rights depending on the user group. The AbaNinja owner is responsible for the processing of the data of these users, and can restrict or withdraw their access.

All data which is collected during registration, as well as all data and documents which is collected and processed in AbaNinja, will be stored for the use of AbaNinja. This includes data in connection with address recording, accounting, invoices and offers, time recording, and expense receipts. In addition, the advice of a trustee or additional services, such as those of payment providers or time recording solutions like AbaClock, AbaClik, or AbaPoint, may be used, in which case data may also be processed and exchanged between the parties involved.

The following data may be processed in AbaNinja: Personal master data such as name, address, date of birth, employer, contact data such as telephone and/or e-mail address, data for time recording such as working hours, absences (illness or vacations), extra hours and overtime, expense receipts, product master data, data on contractual relationships and contract data including delivery, payment and settlement data, bank account and credit card data, and all data that is recorded within AbaNinja. Such data may originate from current and former employees and applicants, from service providers, suppliers, banks and other payment providers, customers, business partners, interested parties, and all employees of the companies acting as contact persons for these companies.

Use of the “Auto-complete” Function to Enter Addresses
In AbaNinja, you can use an “auto-complete” function to enter addresses. To use this function, the AbaNinja owner makes the addresses that they have entered into AbaNinja available to a central Abacus address database. All AbaNinja owners who also want to use this function are then able to do so. Only business addresses are entered into this address database, not the addresses of private individuals, and no reference is made to a specific AbaNinja owner as the source of an address. The AbaNinja owner enters the address as either a private or business address each time an address is entered, and thus determines whether the address is included in the address database. We use a commissioned service provider based in Switzerland to administer and store this address database. The addresses are processed within Switzerland. It has been carefully selected and commissioned by us; it is bound by our instructions and is checked regularly. On request, we provide information about our other contracted service providers.

Abacus offers this function to improve address entry in AbaNinja. Only addresses that have been recorded identically by several different sources are enabled for this function. The aim is to provide addresses that are as up-to-date and correct as possible. The AbaNinja owner ensures that the addresses are used in accordance with the law when using them for their own purposes, and is solely responsible in this respect. Any misuse of the “auto-complete” function, such as using it to build up a proprietary address database, as well as any illegal use of the address data are prohibited. In such a case, Abacus Research AG reserves the right to terminate the use of AbaNinja or the offer of the “auto-complete” function, to demand the deletion of the data, as well as compensation. The AbaNinja owner can object to their addresses being entered for this function. In such a case, Abacus Research AG reserves the right to terminate the use of AbaNinja for the AbaNinja owner or disable the “auto-complete” function.

Information on Google Tag Manager and Google Analytics

We use Google Tag Manager (a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter “Google”) as part of AbaNinja. This allows us to manage website tags. Tags are small code elements on our website that help us use the implemented services of Google. No data is processed by Google Tag Manager alone, but it does allow cookies to be set. In addition to the Google Tag Manager, Google Analytics (also a service of Google) is also used as part of AbaNinja. These Google services enable data and information about website visits and their usage to be tracked and allocated across more than one device using a pseudonymous user ID. This allows user behavior to be analyzed across devices.

Google Analytics allows us to analyze the use of AbaNinja and to improve the functions of AbaNinja. To do so, different data and information about the use of AbaNinja and its users is collected.

Google Analytics uses cookies, which are stored on the end device and allow for the use of AbaNinja to be analyzed. The information collected and generated by the cookie about the use of AbaNinja is usually transferred to a Google server in the U.S. and stored there. We use Google Analytics exclusively with the extension “anonymizeIp()”, which is designed to prevent any direct personal reference. As a result of the extension, Google’s IP address within EU Member States or in other States party to the EEA Agreement will be shortened before it is transmitted. The full IP address shall only be transferred to a Google server in the U.S. and shortened there in exceptional cases.

Google receives this information through our websites and uses it, also for its own purposes, to evaluate the use of a website, to compile reports, and to provide further services associated with the use of the website and the Internet, including to us.

The storage of all cookies can be disabled by changing the corresponding setting in the browser software. If the storage of all cookies is disabled, it may not be possible to use the full functionality of all of the features of the AbaNinja website or other websites. You can also prevent the transmission of the data generated by the cookies and related to the use of websites (including the IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link. This should then be done on all devices that are in use.

The current link is https://tools.google.com/dlpage/gaoptout?hl=en

Please note that if all cookies are deleted, you will need to perform steps outlined above again to prevent the use of Google Analytics.

Once a month, we automatically delete data relating to Google Analytics (such as user and advertising IDs) 14 (fourteen) months after it has been collected.

Here you will find the current terms of use of Google Analytics: Google Analytics Terms of Service [https://marketingplatform.google.com/about/analytics/terms/us/]

You will find Google’s current privacy policy here: https://policies.google.com/privacy?hl=en

Google LLC. as the parent company of Google is an American company, so there is the possibility that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

AbaNinja Support

As part of AbaNinja, the AbaNinja owner and user, in addition to possible contact via e-mail, is provided support through a live chat and, for support requests, a ticket system from Zendesk, 1019 Market St, San Francisco CA 94103 (Zendesk), which is managed by first level support from Swiss21.org AG. For sending e-mails via AbaNinja (invoices, offers, system notifications, etc.) we use the services of the mail provider Mailgun Technologies, Inc, 548 Market St, 43099 San Francisco, U.S. (Mailgun). These are service providers commissioned by us, to whom the data will be passed on for the purposes described above. They have been carefully selected and commissioned by us; they are bound by our instructions and are checked regularly. Such data is transmitted which is necessary for the provision of the respective service, such as name, e-mail address, company, as well as the matter in question. Such data is also processed outside Switzerland. Currently, data is processed in the EU, which offers an adequate level of data protection for Switzerland, and in the U.S. We would like to point out that it is up to the AbaNinja owner and user to determine which data is entered into the live chat and the ticket system. You are requested not to transmit any (confidential) data, but only your request or a description of a possible technical malfunction.

You will find Zendesk’s current privacy policy here: https://www.zendesk.de/company/customers-partners/privacy-policy/

Zendesk is an American company, so there is a chance that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

You will find Mailgun’s current privacy policy here: https://www.mailgun.com/privacy-policy/

Mailgun is an American company, so there is a chance that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

The data contained in AbaNinja will be processed within the existing contractual relationship with the AbaNinja owner. Abacus processes such data in the context of contract data processing with the AbaNinja owner. Regarding the use of AbaNinja, an agreement for contract data processing is concluded with Abacus in its current version.

Additional Services

privacy policy and authorizes Abacus to provide the necessary data processing, data access, and data exchange, so that these additional services can be integrated and used for AbaNinja. These additional services are subject to their contractual and data protection provisions.

Where the services of a trustee are used, the AbaNinja owner grants the trustee access to their data in AbaNinja in order to perform the necessary data processing and data synchronization. The AbaNinja owner is responsible for granting and limiting or withdrawing the access rights of the trustee and also their other authorized users to their data and whether they process data lawfully within AbaNinja. The connection is established either by the AbaNinja owner themselves or by the trustee as an authorized user on their behalf using the Abacus Mobile ID (“AMID”).

AbaNinja contains the option of connecting to services of different payment providers such as banks or payment service providers. These providers can be connected to directly or a connection to these providers can be established by using the deepPay service from DeepCloud AG. If the AbaNinja owner wishes to make use of these services, data must be exchanged between the respective parties. To make the assignment to the respective application clear, an Abacus ID is used together with the necessary access data for the respective provider. This can be bank or payment-specific data such as account information, IBAN, or the credit card number. Each party involved is only responsible for the data processing that takes place and for the security of the data in its area of responsibility in accordance with the agreed provisions. Abacus enables data to be exchanged exclusively through an interface to these providers in order to map them in the applications, without being involved in the services provided by the other parties or having influence on their services.

DeepCloud AG offers additional services, such as deepO (a workflow analysis software program for structuring data using machine learning and automated document posting in accounting using AI) or deepV (a sharing and publishing platform that features additional elements such as a dashboard or chat function), which are integrated into AbaNinja. These additional services are subject to the terms and conditions of DeepCloud AG.

The AbaNinja owner can also use AbaClock, the iPad time recording system from Abacus, by concluding a separate contract for the use of AbaClock. The e-mail address stored in the AbaNinja account is used to connect the AbaClock data from the iPad terminals to AbaNinja. The AbaClock mobile app allows the AbaNinja owner or an administrator authorized by the owner to activate the terminals. Data such as first name and last name, employee language, flextime balance, planned hours, and vacation balance, as well as the recorded times is processed. To ensure that the data is also recorded in AbaNinja, the users receive a time recording badge via the Abacus iPad terminals. Once an initial check has been completed to determine whether time recording is permitted, the users’ times can also be recorded in AbaNinja via the Abacus iPad terminals.

The AbaNinja owner can activate subscriptions for AbaClik for their employees as an additional add-on module. AbaClik is a mobile app provided by Abacus that allows you to record working hours, expenses, services, and all types of information, assign projects, customers, or employees, and synchronize with the Abacus applications. The AbaClik mobile app can be downloaded free of charge for iOS and Android from the respective App Stores. Where AbaClik data is to be collected in AbaNinja, a connection will be established once the owner has logged in using the e-mail address and password stored in their AbaNinja account. The AbaClik user is informed which data is affected by the synchronization. The user must agree to this data being exchanged in order to use the connection. Subscriptions must be purchased for AbaClik users to allow for synchronization with AbaNinja. AbaClik can also be used without a connection to AbaNinja, should this be required. In this case, the captured data remains stored on the local mobile device without any data being transferred to AbaNinja.

As for how and which data is processed in mobile Abacus application, please refer to our privacy policy for mobile applications.

Deletion of Data and Termination of Use of AbaNinja
The AbaNinja owner can delete data from AbaNinja at any time, as long as the data is not related to a business relevant transaction, or terminate their overall AbaNinja use by deleting their Swiss21.org account. To do this, the owner selects “Delete account” in the account management of their Swiss21.org account, and confirms their company name twice. This will terminate the use of all applications used by the owner, including AbaNinja. To protect against unintentional deletion, the system issues a warning beforehand with an appropriate message. After confirmation, the Swiss21.org account and all data, also in the applications used, will be deleted irrevocably and completely. There is no way to recover the data in AbaNinja. The AbaNinja owner will save their data in time before a deletion independently. If Abacus terminates the use of AbaNinja for the AbaNinja owner, they will be given the opportunity to save this data by data export before Abacus blocks the access and deletes the data. After the use of AbaNinja has been terminated in this way, the data will be deleted in compliance with legal and contractual storage and documentation obligations to which Abacus is subject.

Otherwise, the other provisions of this Privacy Policy shall also apply when using AbaNinja.

AbaSalary – the Cloud-based Payroll Software for Small Businesses

General Usage
Once you have successfully registered on the Swiss21.org portal and opened an AbaNinja account, you can use Abacus “AbaSalary” (AbaSalary) from Abacus Research AG within AbaNinja. To do this, log in with the necessary login data such as username and password. Alternatively, you can log in using another account such as your Microsoft, Apple, or Google account. Their data protection provisions apply.

AbaSalary is a web-based software application for internal payroll accounting with the option to integrate your own trustee, use interfaces to various banks and payment providers, and a wide range of other options. In particular, AbaSalary allows the AbaNinja Owner to manage payroll at any time and from any location, including settlement, payment, evaluation, and booking, as well as the option to create documents such as pay slips, monthly overviews, and reports.

AbaSalary consists of the use of the Abacus AbaSalary software over the Internet and the storage of data in the context of hosting in order to use AbaSalary. The Owner responsible for the use of AbaSalary can grant other users access to AbaSalary (as authorized users). They are responsible for the data processing of these users and can restrict or withdraw their access.

To use AbaSalary, all data that is collected during the registration process is saved, as well as all data and documents that are collected and processed in AbaSalary. This includes data related to payroll accounting, such as payroll settlement, payment, evaluation, and booking. In addition, the advice of a trustee or additional services, such as those of payment providers or time recording solutions such as AbaClock, AbaClik, or AbaPoint, may also be used, whereby data may also be processed and exchanged between the parties involved.

The data processed in AbaSalary can be the following: Personnel master data such as name, address, date of birth, employer, contact data such as telephone number and/or e-mail address, data for time recording purposes such as working hours, absences (illness or vacation), hours worked that exceed the maximum number of working hours permitted by law and overtime, expense receipts, pay slips and monthly overviews thereof for all employees, wage type master data, employee evaluations, payroll and salary statements, data and documents in the personnel dossier, photos of employees, data on contractual relationships and contract data including payment and accounting data, bank account and credit card data, and all data that is recorded within AbaSalary and migrated from AbaNinja. This data can come from current and former employees and applicants, from service providers, banks, payment providers and customers, interested parties, and all the employees of the companies who act as contact persons for these companies.

The data contained in AbaSalary will be processed within the existing contractual relationship with the AbaNinja Owner. Abacus processes this data as part of a commissioned processing with the AbaNinja owner.

Support with AbaSalary
Within AbaSalary, the AbaSalary Owner and user receive support through a live chat and there is a ticket system for support requests provided by Zendesk, 1019 Market St, San Francisco CA 94103 (Zendesk), which is managed by a first level support team from Swiss21.org AG. These are contracted service providers to whom data is passed on for the purposes described above. They have been carefully selected and commissioned, are bound by our instructions and are regularly monitored. Data is transmitted that is required for the provision of the respective service, such as name, e-mail address, company and the request. This data is also processed outside Switzerland. At present, data processing takes place in the EU, which offers an adequate level of data protection for Switzerland. We would like to point out that it is up to the AbaNinja owner and user which data is entered into the live chat and ticket system. They are requested not to submit any (confidential) data, but only their request or a description of a possible technical malfunction.

You will find Zendesk’s privacy policy here: https://www.zendesk.de/company/customers-partners/privacy-policy/

Zendesk is an American company, so there is a chance that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

Additional Services
If additional services are used within AbaSalary, the AbaNinja Owner shall agree to their terms of use and privacy policy and authorize Abacus to provide the necessary data processing, data access, and data exchange, so that these additional services can be integrated and used for AbaSalary.

Where the services of a trustee are used, the AbaNinja Owner shall grant the trustee access to their data in AbaSalary in order to carry out the necessary data processing and data synchronization. The AbaNinja Owner is responsible for granting and restricting or withdrawing the trustee’s access rights to their data and whether they perform legal data processing within AbaSalary.

AbaSalary contains the option of connecting to services of different payment providers such as banks or payment service providers. These providers can be connected to directly or a connection to these providers can be established by using the deepPay service from DeepCloud AG. If the AbaNinja Owner wishes to make use of such services, an exchange of data takes place between the respective participants. To make the assignment to the respective application clear, an Abacus ID is used together with the necessary access data for the respective provider. This can be bank or payment-specific data such as account information, IBAN, or the credit card number. Each party involved is only responsible for the data processing that takes place and for the security of the data in its area of responsibility in accordance with the agreed provisions. Abacus enables data to be exchanged exclusively through an interface to these providers in order to map them in the applications, without being involved in the services provided by the other parties or having influence on their services.

AbaSalary also allows you to use additional services of DeepCloud AG such as deepV (a sharing and publishing platform with additional elements such as a dashboard or chat function). Accepting these additional modules also triggers data processing in connection with AbaSalary, to which the privacy policy of DeepCloud AG applies.

The AbaNinja Owner can also use AbaClock, the iPad time recording system from Abacus, for AbaSalary by concluding a separate contract for the use of AbaClock. The e-mail address stored in the AbaNinja account is used to connect the AbaClock data from the iPad terminals to AbaSalary. The AbaNinja Owner or an authorised administrator can activate the terminals via the AbaClock mobile app. Data such as first name and last name, employee language, flextime balance, planned hours, and vacation balance, as well as the recorded times is processed. To ensure that the users’ data is also recorded in AbaSalary, they receive time recording badge via the Abacus iPad terminals. Once an initial check has been completed to determine whether time recording is permitted, the users’ times can also be recorded in AbaSalary via the Abacus iPad terminals.

In addition, the AbaNinja owner can activate subscriptions for their employees for AbaClik as a further additional module. AbaClik is a mobile app provided by Abacus that allows you to record working hours, expenses, services, and all types of information, assign projects, customers, or employees, and synchronize with the Abacus applications. The AbaClik mobile app can be downloaded free of charge for iOS and Android from the respective App Stores. If data from AbaClik is to be collected in AbaSalary, a connection will be established once the user has logged in using the e-mail address and password stored in their AbaNinja account. The AbaClik user is informed which data is affected by the synchronization. The user must agree to this data being exchanged in order to use the connection. Subscriptions must be purchased for AbaClik users to be able to synchronize with AbaSalary. AbaClik can also be used without a connection to AbaSalary, should this be required. In this case, the captured data remains stored on the local mobile device without any data being transferred to AbaSalary.

For information on how data is processed in the Abacus mobile applications, please refer to our privacy policy for mobile applications.

Deletion of Data and Termination of Use of AbaSalary
The AbaNinja Owner may delete data from AbaSalary at any time or terminate their AbaNinja account by deleting their Swiss21.org account. To do this, the user selects "Delete account" in the account management of their Swiss21.org account and double confirms their company name. This will terminate the use of all applications they are using, including AbaSalary. To protect against unintentional deletion, the system will first issue a warning with a corresponding message. After confirmation, the Swiss21.org account and all data, including in the applications used, will be irrevocably and completely deleted. There is no way to recover the data in AbaSalary. It is also possible to deactivate just the AbaSalary application without deleting the Swiss21.org account. The result will be the same for AbaSalary as if the Swiss21.org had been deleted.

The AbaNinja owner will independently delete their data in good time before deletion. If Abacus terminates the use of AbaNinja or AbaSalary for the AbaNinja Owner, they will be given the opportunity to save this data by data export before Abacus blocks the access and deletes the data. After such termination of AbaNinja use, the data will be deleted in compliance with legal and contractual retention and documentation obligations to which Abacus is subject. Otherwise, the other provisions of this Privacy Policy shall also apply when using AbaSalary.

Use of Abacus Support

You can contact Abacus Support within the scope of existing contractual relationships should you have support questions. There are various ways of contacting us, such as by telephone or e-mail. The data processed will be used to answer your support request and is processed within the framework of the contractual relationships. If a solution cannot be found, your data can be transferred us via a K-Save or you can make an appointment for remote maintenance.

After making an appointment (by e-mail or telephone), you can download the required software (such as TeamViewer) and – after sufficient authentication – register for the respective support session with the access data provided to you. You are responsible for the security of your access data and must not pass them on to unauthorised third parties. We will inform you if it appears that the session needs to be recorded or a print screen will need to be made and, if this is the case, we will ask for your consent. You can refuse to give this consent directly or revoke it at any time. The audio will not be recorded. We use TeamViewer from TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen, Germany. Should we have a support case using TeamViewer, TeamViewer Germany GmbH can also access the system with us. There is the possibility that your data will be visible. TeamViewer Germany GmbH is a service provider commissioned by us, which is permitted to view your data for the purposes described above. They have been carefully selected and commissioned by us, are bound by our instructions and are regularly inspected. The data may also be processed outside of Switzerland. TeamViewer Germany GmbH is contractually committed to offering an appropriate level of data protection for Switzerland via the relevant regulations.

The data processing that takes place during a support request is carried out after you have given your consent when you register for a support session or use the respective support tools. This is in order to provide our customers with the support they require based on our legitimate interests and to properly handle contractual relationships.

We will delete your data in this respect if it is no longer necessary to store the data, the purpose of the processing is no longer necessary, you have revoked your consent, or you have objected to the processing, unless the storage or documentation obligations are contrary to this or further processing is justified, about which we will inform you.

Data Processing when Using our Websites and the Abacus Shop

designing and operating our website or Abacus Shop, which receives your data for the purposes described above. These have been carefully selected and commissioned by us; they are bound by our instructions and are checked regularly. If data is also processed outside Switzerland, it is contractually ensured that an adequate level of data protection for Switzerland is established, either through existing guarantees or through appropriate regulations. Auf Anfrage geben wir gerne Auskunft über unsere beauftragten Dienstleister.

In these data processing procedures, your contact data, content data, usage data, metadata, and communication data are processed by us or our service providers on our behalf when using our website or Abacus Shop. This happens because of our legitimate interests in the efficient and secure provision of our website and Abacus Shop, to protect against abuse and other unauthorized use, because of a service requested by you or a contract to be concluded with you after you have placed an order, or in certain cases after you have given your consent.

Automatic Collection of Access Data and Server Log Files

Access data and server log files are collected by us or our service provider about every access to the server on which a service used by us is located (called server log files). These include:

  • The domain visited and the files accessed.
  • The IP address of the end device used.
  • Date, time, and duration of the visit.
  • Web page from which the server was accessed.
  • Operating system of the end device used.
  • The browser used for access and all information from the “user-agent”’ that the browser transfers to the server.
  • Scope of the data volume transferred.

We use this information for the following legitimate interests:

  • To display our website.
  • To guarantee the stability and security of our website.
  • For statistical evaluations of our websites.
  • To improve our website.
  • For clarification purposes in support cases.
  • To analyze technical problems.
  • To clarify safety issues.
  • In suspected cases of illegal use (such as to clarify acts of abuse or fraud).

This information will be stored for a maximum period of 90 days and then deleted, unless its retention beyond this period is necessary for purposes of evidence, for example to be used as evidence before authorities or courts to prove our website has been used illegally. We will then remove this data from the data to be deleted until final clarification of the respective incident and may retain them until a legally binding decision or judgment has been issued.

The above-mentioned data will not be passed on to third parties, unless it is necessary to pursue our claims, to fulfil the intended purposes, after you have given your consent, or if there is a legal obligation to do so.

This information is stored in such a way that, as a rule, it cannot be assigned by us to any particular person, except when you register for a special offer on the website.

Cookies and Other Technical Means

In this section, we would like to inform you about which cookies or other technical means, such as web beacons, pixels, and other tracking technologies (hereinafter referred to as “cookies”), are used when using our website. Cookies are small text files that are stored on your end device. They do not cause any damage to your end device and do not contain viruses. The data obtained by these cookies can then be evaluated by us or third parties and merged with other data. As a rule, they serve to make the Internet offering more user-friendly and effective overall, which is in both your interest and ours.

We will ask you for your consent via a cookie content banner for some cookies that are not required for technical storage purposes, to access to our website, or that serve more purposes than just to enable the use of a service you have expressly requested.

What Types of Cookies Are There?

Our websites may use cookies from us or third parties to fulfill certain purposes (such as to present our website, improve functionalities, statistical web analytics, product optimization, personalization of content).

The cookies we use are either session cookies (these are automatically deleted when you close your browser) or persistent cookies (these remain stored on your end device until a specified expiry date).

The following cookies are generally possible:

  • Strictly necessary incl. preferences

Strictly necessary cookies are essential for the safe and reliable operation of our website, in order to be able to transfer and display our website content, to allow you to navigate on the website, or to be able to quickly identify and solve technical problems.

Preference cookies allow you to make the site more enjoyable to use by remembering options you choose (such as language selection) or by providing functionalities you request (such as remembering a selection or performing a function).

These cookies do not require your consent, but their use is based on legitimate interests.

  • Statistics
    These cookies enable us to compile statistics and analyses, whereby pseudonymized or anonymized data is collected in order to gain knowledge about the use of the website, to improve our offering, or to quickly detect and remedy technical problems.
  • Marketing
    They enable the display of personalized content by recording and analyzing your usage behavior. This is also done outside our websites, in that these cookies can track you. As part of this, cookies of third-party providers are also used and (pseudonymized) data of your surfing behavior is passed on, evaluated, and used by them.

Use of Cloudflare

We use the DNS service provided by Cloudflare (Cloudflare, Inc. 665 3rd St. #200, San Francisco, CA 94107, U.S.) to provide our web pages quickly and securely. The transfer of information between your browser and our website is routed through the Cloudflare network. This means Cloudflare is able to analyze the data traffic between you and our websites to detect and defend against attacks on our website, for example. It is in our legitimate interest to provide our websites securely. Cloudflare thereby collects statistical data about visits to our websites: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, visitor’s operating system, referrer URL, IP address, and requesting provider. This data is used for statistical evaluations for the purpose of operation, security, and optimization of the Cloudflare service. 

You can find further information and Cloudflare’s privacy policy at: https://www.cloudflare.com/privacypolicy/

Cloudflare is an American company, so there is the possibility that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

Google reCAPTCHA

To protect our systems from bots and potential spam, we have included Google reCAPTCHA (Google Ireland Limited, Gordon House, Barrow Street, Dublin 5, Ireland) in certain registration and login forms. This enables us to determine whether we receive a registration or login from a human being or whether the registration or login attempt stems from abusive processing by an automated, machine program (such as a bot). For this purpose, certain information must be entered before registration or login so that the attempt can be verified. In addition, your IP address and, if applicable, other data such as the website of ours that you are visiting on which reCAPTCHA is integrated, the date and the duration of your visit to our website, the identification data of the browser and operating system type, your Google account if you are logged in with Google, mouse movements on the reCAPTCHA surfaces, as well as the tasks in which you identify images, are required by Google for reCAPTCHA. This data is sent to Google and processed by them. The analysis starts automatically as soon as you open the website with reCAPTCHA. We use Google reCAPTCHA to ensure the security of our systems. Data and documents uploaded via a form are stored directly in our systems. If we did not install this type of security tool, bots would be able to freely log into our systems. This enables us to protect ourselves from unwanted and dangerous automated accesses. It is in our legitimate interest to protect our system security.
If you would like to know more about reCAPTCHA or how Google processes data, you can view Google’s privacy policy and terms and conditions here:

Privacy policy https://policies.google.com/privacy
Terms and conditions https://policies.google.com/terms/update

 

Newsletter and Contact for Advertising Purposes

In the following section, we will explain you how we intend to contact your for advertising purposes within the framework of legal requirements.

Newsletter
We offer a newsletter, which you can register to receive. Below, we explain how the newsletter works.

  • Content of the individual newsletter: We only send e-mails containing advertising information (hereinafter referred to as the “newsletter”) with your consent. Our newsletters contain information about our products and services, as well as achievements of the companies of the Abacus Group.

Automated processing: web beacons are used for our newsletters. These are small, invisible embedded images or objects (such as clear gifs, pixel tags, and single-pixel gifs) that send your information back to us after you open the e-mail you have received. This allows us to measure success in order to generate statistics for the popularity of our offer. It also enables us to evaluate your user behaviour accordingly. We also store information about the browser you use and the settings in the operating system you use, as well as information about your Internet connection with which you reach our website. Through the newsletter sent to you, we receive, among other things, confirmation that you have read and received the newsletter, as well as information about the links you have clicked in our newsletter. We intend to use this data processing (success measurements) to align how we contact you for advertising purposes to your interests and optimize our offers on our website.

  • Consent: The sending of the newsletter and the associated measurement of success is based on you giving your consent when you register for the newsletter.
  • Login procedure and logging: In order to ensure that nobody can register with external e-mail addresses, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to receive the newsletter. If the registration is not confirmed within four days, the information will be deleted after this period has expired. Newsletter registrations are logged in order to be able to prove the registration process according to the legal requirements and to clarify a possible misuse of your data. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your stored data are also logged.
  • Login data: To subscribe to the newsletter, you only need to enter your e-mail address. Optionally, you can enter a name to be addressed personally in the newsletter.
  • Revocation: You can stop receiving a newsletter at any time, that is, revoke your consent by sending an e-mail to marketing@abacus.ch, by clicking the unsubscribe link in the newsletter, or via the contact details given in the imprint [link with imprint]. You will not incur any costs other than the transmission costs pursuant to the basic tariffs. You will find the link to revoke your consent at the bottom of each newsletter.
  • Storage after revocation: We may store the unsubscribed e-mail addresses for up to three years to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for cancellation is possible at any time, provided that the existence of the previously given consent is confirmed at the same time. After you have revoked your consent, your data will only be used in any other way if you have expressly consented to it or if further processing is justified, about which we will inform you.

Other E-mail Marketing Measures
If we have received your e-mail address from you in connection with the sale of a product or the provision of a service, and you have not objected to the following use, we reserve the right to use your e-mail address for direct marketing of our own similar products or services already purchased. These marketing measures serve our legitimate interests in contacting our existing customers for advertising purposes, after a balancing of interests.

We are obliged to expressly point out that you can object to the use at any time when we collect your e-mail address and for each use (no other costs than the transmission costs according to the basic tariffs are incurred for this).

Contracted Service Providers for Marketing Measures
Marketing measures can be sent via e-mail by contracted service providers. For this purpose, we will pass on your data such as your e-mail address to them. These contracted service providers have been carefully selected and commissioned by us; they are bound by our instructions and are checked regularly. They only receive data to the extent necessary for the performance of the specifically agreed order processing. Appropriate safeguards to ensure an adequate level of data protection will be applied to data transfers abroad.

To send newsletters, we use, among others, the MailChimp service provided by The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30318, U.S. The data required for this is transferred to a server at The Rocket Science Group in the U.S. Newsletters are sent out with your consent or to contract our existing customers for advertising purposes on the basis of our legitimate interests.

You can find further information and The Rocket Science Group LLC’s privacy policy at: https://mailchimp.com/legal/privacy/

 

The Rock Science Group LLC is an American company, so there is a chance that data could also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

On request, we will gladly provide information about our other contracted service providers.

You can opt out of these marketing measures by sending an e-mail to marketing@abacus.ch, by clicking the unsubscribe link in the e-mail, or via the contact details given in the imprint. Ihnen entstehen hierdurch keine anderen Kosten als die Übermittlungskosten nach den Basistarifen. You will find the link to opt out at the bottom of each of these e-mails.

Telephone and Postal Advertising
In order to be able to announce interesting offers about us, our products, services, or events organized by us either by telephone or to send them to you by post, we reserve the right to use your first and last name as well as your telephone number and postal address for such advertising purposes. We will only contact you for advertising purposes via telephone after you have given your presumed consent to this. The advertising material we send by post serves our legitimate interests in contacting our existing customers for advertising purposes, after a balancing of interests. We will check for and respect any possible objections to receiving advertising material (also by checking for starred entries in public telephone directories) in advance.

Advertising material sent by post can be processed and sent by a contracted service provider. We will pass on your name and address data to them for this purpose. This contracted service provider has been carefully selected and commissioned by us; it is bound by our instructions and is checked regularly. On request, we will gladly provide information about our contracted service providers.

Objection to Advertising and Revocation of Consent
You can revoke your consent to being contacted for advertising purposes or object to the storage and use of your data for the above-mentioned purposes at any time by sending an e-mail to marketing@abacus.ch or via the contact details given in the imprint. You will not incur any costs other than the transmission costs according to the basic rates. Your contact data will then be deleted (from the newsletter, for example). Your data may still be subject to further processing as far as the use of this data is still possible or permitted by law.

Passing On of Data for Advertising Purposes
Your contact details may be passed on to another company of the Abacus Group in Switzerland or Germany as well as to sales or solution partners. We will contact you for advertising purposes within the framework of legal requirements. If you have, if necessary, given your consent to being contacted for advertising purposes (by newsletter, for example), and also personal data to be transferred to a company of the Abacus Group or one of our sales or solution partners, then this data may be used by the entitled partner to contact you for advertising purposes.

Our company pages on LinkedIn, Xing, YouTube, Instagram, and Facebook

Some companies of the Abacus Group maintain company pages on LinkedIn, Xing, YouTube, Instagram, and Facebook. Our websites contain links to our company pages on these platforms.

On these pages, we can see all the information that visitors voluntarily provide to our company on these platforms by either liking one of our posts or posting a comment. Your data will also be processed if you communicate with us within these platforms, for example by posting on the company pages or sending messages.

In addition, the statistical data of visitors to our company pages are made available to us in our admin account for the respective platform. This includes data to evaluate the interactions of visitors with our respective posts, a follower demographic and its origin, as well as Internet traffic and activity on our company page on the platform. We cannot see any visitors’ personal data, only general data without any personal reference.

Further data processing, which the respective platform operator carries out when you visit the platform, is not subject to this, but to its own privacy policy. Nevertheless, we regularly check our company pages on these platforms for possible legal violations in order to be able to act immediately.

We have no influence on the collected data and how the platform operators process the data. They store the data collected about you as user profiles and use these for the purposes of advertising, market research, and/or design the website to meet your needs. This sort of an evaluation is carried out in particular (also for users who are not logged in) for the purpose of displaying advertising that meets the needs of the users and to inform other users of the network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective platform operator directly to exercise this right.

Data is processed by the platform operator after using a link on our website regardless of whether you have a user account on that platform and are logged in. If you are logged in, your data will be directly assigned to your user account. We recommend that you log out regularly after using such a platform, as this allows you to avoid being assigned to your profile.

Further information on the purpose and scope of data collection and processing can be found in the respective privacy policy. In these policies, you will also find further information on your rights and setting options to protect your privacy.

LinkedIn:
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, U.S.
http://www.linkedin.com/legal/privacy-policy

Opt out
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

LinkedIn is an American company, so there is a chance that data could also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

Xing:
XING Luxembourg, XING S.á r.l., 9, Avenue Guillaume, 1651 Luxembourg, Luxembourg
https://privacy.xing.com/de/datenschutzerklaerung

Kununu:
kununu GmbH, Neutorgasse 4-8, Top 3.02, 1010 Vienna, Austria
The Xing privacy policy applies to Kununu.
YouTube from Google LLC: https://policies.google.com/privacy?hl=en&gl=de

Google LLC is an American company, so there is a chance that data could also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

Facebook: https://www.facebook.com/about/privacy/update

Instagram from Facebook: https://help.instagram.com/519522125107875

Facebook is an American company, so there is a chance that data could also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

YouTube Videos

We have embedded the YouTube video player from Google Ltd. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter “Google”) into some of our websites to present editorial content in the form of YouTube videos, which are also stored on YouTube and can be played directly from our websites. This is done in order present our products and services in the best possible way, which is in our legitimate interest.

In order to protect your data, these YouTube videos are embedded in “Privacy Enhanced Mode” (YouTube-nocookies). YouTube will inform you that no information about visitors to this website is stored until they watch the video.  However, this does not necessarily exclude the passing on of data to partners of
YouTube such as those within the Google Double-Click network.

By visiting our website in which a YouTube video is embedded, Google receives at least the information that you have accessed the corresponding subpage of our website containing the embedded video. In addition, information and data such as server log files, IP address, and user agent are transmitted when the video is accessed at the latest. This happens regardless of whether you have a YouTube account that you are logged in with or whether you do not have a user account. If you are logged into your Google account, this data is directly assigned to your user account.

YouTube uses various cookies and other tracking technologies when the video is accessed. Google then stores your data as user profiles and uses them for the purposes of advertising, market research, and/or the design of websites to meet your needs. This sort of an evaluation is carried out in particular (even for users who are not logged in) for the purpose of providing advertising that meets the needs of the users and to inform other users of the network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the Google directly to exercise this right.

Further information on the purpose and scope of data collection and processing can be found in Google’s privacy policy. In this policy, you will also find further information on your rights and setting options to protect your privacy.

https://policies.google.com/privacy?hl=en&gl=de

Google LLC. as the parent company of Google is an American company, so there is the possibility that data might also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

Vimeo Videos

We have embedded the Vimeo video player from Vimeo. (Vimeo, Inc. 555 West 18th Street, 10011 New York, U.S., hereinafter “Vimeo”) into some of our websites to present editorial content in the form of videos, which are also stored on Vimeo and can be played directly from our websites. This is done for the optimal presentation of our products and services, which is in our legitimate interest.

A connection to the Vimeo servers is established when you view one of these videos. In doing so, Viemo receives the information that you have accessed the corresponding subpage of our website containing the embedded video and the IP address. Vimeo is set up so that your user activities are not tracked and no cookies are set.

Further information on the purpose and scope of data collection and processing can be found in Vimeo’s privacy policy. There you will also receive further information about your rights and setting options to protect your privacy: https://vimeo.com/privacy

Vimeo, Inc. is an American company, so there is a chance that data could also be processed in the U.S. Abacus hereby expressly points out that the U.S. is not a safe third country in the sense of Swiss data protection law and that due to existing regulations, there is a possibility that U.S. companies are obligated to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes. We have no control over that. However, we will endeavor to ensure that appropriate guarantees, such as standard data protection clauses, are in place or your consent is obtained to ensure that data is transferred in accordance with the law.

Links

Our websites may refer to external websites of other companies outside the Abacus Group via the use of links. This Privacy Policy does not extend to the websites of these other companies. When using these websites, the privacy policies of these companies are to be observed as far as their data processing is concerned. Nevertheless, we regularly check these websites in order to remove the links immediately in the event of possible infringements. Should you have any indications of possible infringements on the pages linked by us, we ask you to inform us of this so that we can prevent a possible linking.

If you click one of these links, your data may be transferred to companies in countries outside Germany, Switzerland, the EU, and the EEA that do not ensure an adequate level of protection for the processing of personal data. Please remember this before you click a link and thereby trigger a possible transfer of your data.

Data Processing Within the Scope of our Business Operations, its Purposes, and Legal Basis

In the following section, we would like to inform you about the data processing that we as a company perform in the course of our business operations.

What Data Is Processed and Where Does it Come From?
We process data from our employees, customers, suppliers, applicants, interested parties, other business partners or third parties, and their employees. This data is either provided by the data subject or the respective company itself, or we receive it from another company of the Abacus Group, from third parties such as other business partners (such as customers, suppliers, or other service providers), authorities, or from publicly accessible sources (such as public telephone, address, and industry directories, public notices or databases, the Internet, trade, cooperative, or association registers).

The data provided by you or the respective company, for example, by making an inquiry, registering for a platform or service, receiving a quote, concluding a contract, filling out a questionnaire, or communicating with us in any other way, can be the following:

  • Contact information including full name, position, company, address, telephone number, e-mail address
  • Contract data, which arise during pre-contractual measures or during the fulfilment of a contract, including delivery data
  • Payment data, including bank details, payment history, credit card data, debit card data, access data, and other data required for smooth payment transactions
  • Content data including input in our CRM or project system, in contact forms, data contained in communication via e-mail, or any other form of communication
  • Registration data (such as username and password) when using services requiring registration or login
  • Data for the prevention of fraud, money laundering, or other criminal offences
  • All data in connection with an application or employment as an employee in relation to the profession, previous employer, professional career including certificates and further training, all data that is made available in the context of an application procedure or employment relationship, or that may be legitimately collected and processed
  • Sensitive data such as health data, which is collected by us exclusively with the express, prior, and at any time revocable consent of the data subject, or in the case of a legal obligation to process this
  • Data on the company for which a person works
  • Data when using one of our websites as described above

Data obtained from other companies, authorities, or publicly available sources, such as

  • Credit reports
  • Contact data (name, company, postal addresses, e-mail addresses, telephone numbers, publicly accessible data as shown in the commercial register) of credit agencies, which are used within the legal framework for advertising purposes
  • Data held by banks or insurance companies in connection with the fulfilment of a legal or contractual obligation
  • Data from judicial or administrative proceedings
  • References from previous employers or business partners
  • Data relating to fraud and money laundering prevention or screening in relation to export restrictions
  • Data from publicly available sources, such as the Internet, the press, or public registers such as the commercial register

For What Purposes is Data Processed and on What Legal Basis?

The data is processed for different purposes and on different legal bases:

  • Execution of pre-contractual measures in the context of an application or in connection with the conclusion of contracts with customers or other business partners as in the preparation of offers. Due to their function with the contractual partner, the data of their employees is also processed because we have a legitimate interest in successful business development
  • Processing of employee data on the basis of contract, legal obligation, given consent, or legitimate interests
  • Provision of contractual services and customer care in the performance of contracts, implementation of contractual measures, payments and accounting, guarantee of contractual claims. Due to your function at the contractual partner, data of your employees will also be processed, in which we have the legitimate interest of a successful business development. Processing of contact inquiries based on the legitimate interest of customer satisfaction or pre-contractual measures
  • Communication with the media due to our legitimate interest in successful business development
  • Sending personalized newsletters, carrying out other marketing measures, sending Christmas mail/gift items, as well as internal market and opinion research to address customers with regard to our companies, products, and services to increase sales after consent has been given or in special cases due to justified interests in direct marketing within the framework of existing legal requirements
  • Exchange of information and maintaining contacts with the press on the basis of legitimate interests in successful business development
  • Improvement of our online offers, products, and services on the basis of legitimate interests in successful business development
  • Collection of data from publicly available sources on the basis of legitimate interests for customer acquisition
  • To establish, maintain, and protect the operation and security of our IT, our online offer, our products, services, and other offers to prevent possible security threats, criminal offences, or other detrimental activities based on legitimate interests
  • Video surveillance to safeguard property rights, to prevent damage, and ensure other measures for IT security to protect persons, as well as tangible and intangible assets
  • Compliance with internal guidelines or industry standards based on legitimate interests to comply with specified regulations
  • Enforcement of contracts, settlement, assertion or defense of legal claims in court or official proceedings based on our legitimate business interests
  • Mergers, transfers, and acquisitions of companies, parts thereof or business units, as well as other transactions under company law, including the transfer of data on the basis of legitimate interests in successful business development or after consent has been given
  • Provision of certain online offers for the management of customers and business partners, and communication within the scope of the use of online offers requiring registration (including orders, payments, document management, other information) on the basis of legitimate business interests
  • Enabling the participation in interactive functions of our online offer upon request based on the legitimate interests
  • Obtaining references within the framework of an application procedure after consent has been given
  • Verification of identity to be able to fulfil rights and obligations under data protection law due to legal obligation
  • Credit assessments due to (pre-)contractual relationships or after consent has been given
  • Other data processing after consent has been given
  • Fulfilment of legal obligations and duties of care to prevent or solve criminal offences, economic crime, or money laundering
  • Fulfilment of the purposes that you specified when you provided the data or that we communicated when collecting the data
  • In addition, data from different sources are merged together, which can also be processed for the purposes listed above. This means that within the Abacus Group we can compare, match, use, and manage customer or sales partner data of the individual companies in a central system. We may compare existing data with other sources, and correct and use them, if necessary, to ensure up-to-date and correct delivery and address data; this is based on legitimate business interests

Data Transfers to the U.S. or to Third Countries Without an Adequate Level of Data Protection

We as a company use different tools provided by U.S. companies, whereby we take care to contractually agree storage locations in Switzerland or the EU with these companies as far as possible. Nevertheless, it is possible that data may be transferred to their servers in the U.S. during use or in support cases. If you are resident in Switzerland or in a member state of the EU/EEA, we expressly point out that Switzerland, the EU, and the EEA do not consider the U.S. to have an adequate level of data protection. There is a chance that data could also be processed in the U.S. when transferring data to an American company. In this regard, we inform you that due to existing regulations in the U.S., U.S. companies may be obliged to hand over data to security authorities. In this respect, data subjects currently do not have sufficient legal remedies to take action. We therefore cannot rule out that U.S. authorities (such as intelligence services) process, evaluate, or store such data in the U.S. for monitoring purposes without our being able to influence this.

For data that is processed in a third country that does not have an adequate level of data protection, Abacus provides for appropriate guarantees such as the conclusion of standard data protection clauses (while adapting necessary contractual and technical measures) to ensure that data is transferred abroad in accordance with the law. Only in individual cases will the legally possible exceptions be used, such as the data subject providing explicit consent to the data being transferred to a third country without an adequate level of data protection.

Deadlines for the Deletion or Blocking of Data

In principle, we process and store your data for as long as it is necessary and permissible for the purposes for which we have received the data. Specifically, this means that we retain your data for as long as we have a (business) relationship with you or the company for which you work, when you use our website, when you are employed, when sending newsletters, when we perform a contract or a continuing obligation, as long as you have given us your consent to store the data, as long as there are any obligations or which exist vis-á-vis us, as long as this requires a special legal situation, as in the case of legal disputes, limitation periods, or official investigations, or as long as you were informed when the data was collected.

In addition, the legislator has provided for various documentation and retention obligations and periods, so that if such a legal obligation to retain or document exists, we also store data – possibly with restrictions – for a period corresponding to the length of the obligation. For example, in Switzerland there are obligations pertaining to tax or commercial law to retain records for a period of up to 10 (ten) years and possible retention obligations of 30 (thirty) years due to existing limitation periods, in addition to special legal obligations. For this reason, the respective storage period is reviewed in individual cases for the corresponding data processing.

After you have exercised your right of revocation or objection, after the stated purposes have been achieved, or after the expiry of existing tax or commercial law, other legal, or contractual documentation and retention obligations and periods, we will delete your data or, if permissible, restrict its processing, unless you have consented to the further use of your data or unless we have expressly reserved the right to use your data in a manner that goes beyond this, which is permitted by law or contract, and we will inform you accordingly.

Data Security

If you use areas requiring registration or that you log in, you should keep your login data in a safe place and ensure it is protected from access by third parties. If you are logging in via computers or other devices that are used by several people, please do not forget to log out properly after each session and close the browser window used.

We take data security very seriously and treat your data confidentially and in accordance with the legal regulations. To this end, we have taken technical and organizational measures to ensure a level of protection appropriate to the risk. Such measures may include the pseudonymization and encryption of data, security measures relating to the confidentiality, integrity, availability, and capacity of the systems, the ability to rapidly restore the availability of and access to the data in the event of a physical or technical incident, and the regular review, assessment, and evaluation of the effectiveness of the technical and organizational measures to ensure the security of the processing. This is how we intend to protect your data from loss, misuse, alteration or destruction, and unauthorized access in accordance with the current state of technology. The security standard is continuously adapted to current technological developments. Our employees and contracted service providers are bound to confidentiality and act in accordance with our instructions.

There is a chance that e-mails are sent in unencrypted form (that is, they are immediately readable without the need for prior decryption), especially if you cannot access encrypted e-mails yourself. Such unencrypted e-mails are exposed to a greater risk than encrypted e-mails, which is why it is hereby expressly advised out not to send confidential information such as application documents without encryption.

When you use a website form or communicate with us via e-mail, your data will be transmitted encrypted according to the current state of technology. Our website including the areas requiring registration and login are secured (https). Please remember that security gaps can never be completely ruled out when transferring data over the Internet. It cannot be guaranteed that all systems are 100% secure, especially when using our websites. We do not assume any liability for unauthorized actions of unauthorized third parties.

Decisions based on Exclusively Automated Processing, Including Profiling

During the application procedure, data is used in the context of partially automated processing according to certain criteria to evaluate personal aspects of an applicant (profiling). We use these evaluations to make a prediction about suitability for employment. However, the decision on employment is made by the respective line managers and employees of the Human Resources department.

As a matter of principle, no decisions based exclusively on automated processing will be made when concluding a contract or its execution, which would have legal effect on you, or which would significantly affect you in a similar way. We will inform you in advance should such an event occur in individual cases and ensure that data is processed lawfully.

Applicable Law

Different laws may be applicable to certain data processing operations. This means that individual case must be reviewed to determine whether the Swiss Federal Data Protection Act (Bundesgesetz über den Datenschutz, DSG), the Ordinance to the Swiss Federal Data Protection Act (Verordnung zum Bundesgesetz über den Datenschutz, VDSG), as well as national law of Switzerland or another foreign law such as the General Data Protection Regulation and the respective national law of another country is applicable to data subjects. Abacus will check this for each individual case and will carry out the data processing within the framework of the respective legal requirements.

Your Rights

You are entitled to the following rights with regard to your data, provided that we have been able to establish your identity and the respective prerequisites are given:

Right of access

  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object to the processing
  • Right to data portability

In addition, you also have the right to assert your claims in court and to complain to a data protection supervisory authority about the processing of your data by us.

We will comply with your request for erasure unless it conflicts with an obligation to retain data or we need the data to assert, exercise, or defend our legal claims.

You can revoke your consent to the processing of your data at any time for the future. Such revocation shall not affect the lawfulness of the processing carried out on the basis of the consent given until revocation.

If we base the processing of your data on our legitimate interests or those of a third party after weighing up the interests, you can object to such processing. In such a case, we will examine your objection and will either stop or adapt the data processing or present you with our compelling interests worthy of protection as to why we would like to continue the processing. These must outweigh your interests, rights, and freedoms, or the processing must serve to assert, exercise, or defend legal claims.

If we process your data for the purpose of direct advertising, you have the right to object to this processing of your data for the purpose of direct advertising at any time. This also applies to any profiling that may take place if it is related to this sort of direct advertising. We will stop this data processing in such a case.

You are not obliged to provide us with your data. However, there is a chance that certain functions of our website may not be available or may only be available to a limited extent if you do not provide data. Furthermore, there is also a chance that no contractual relationship can be entered into with you without the corresponding data.

If you have any questions regarding data protection or if you wish to exercise your rights, revoke your consent, or object to data processing, please contact us via the contact details given above under “Data controllers.”

We have appointed a data protection officer. They can be reached at datenschutz@abacus.ch

If you have any questions on the subject of data protection, you can contact us at any time.

Changes to this Privacy Policy, as of March 2021

This Privacy Policy is subject to periodic review and may be changed at any time without notice with effect for the future, if necessary, in the event of legal or technical changes or due to new or revised services. For this reason, we ask you to read this Privacy Policy at regular intervals to learn about possible changes.