Privacy policy ecocoach AG

Companyecocoach AG
AddressGersauerstrasse 71
CH-6440 Brunnen
Contact us+ 41 41 811 41 41
info@ecocoach.com (general enquiries)
privacy@ecocoach.com (privacy related enquiries)
Webwww.ecocoach.com
  1. Scope

    The following privacy policy is applicable to ecocoach AG. It is also applicable to its internal divisions existing today and to be created in the future as well as its subsidiaries existing today and to be created in the future.

  2. Legal grounds for data processing

    This privacy policy informs about the way, the scope and the reasoning ecocoach AG and its affiliates and subsidies in Switzerland and abroad (hereinafter “we” / “us”) process personal data. This policy applies on- as well as offline, regardless of domain, system platform or device (e.g. desktop / mobile).

    As a Swiss company with a European focus we adhere to Swiss and EU legal requirements. To stay on-top of fast changing legal, technical and business advancements our employees are schooled internally and externally to make sure, that our business partners and users of our products can rest assured that they do not only buy safe high-quality products, but also that their personal data is processed in accordance with national and international data privacy provisions and are handled with the necessary care and secrecy in mind.

    As of to the meaning and definition of words we guide you to article 4 of the EU General Data Protection Regulation which entered into force on May 25th 2018 (hereinafter GDPR).

    The notion of “business partner and users” comprises all persons affected by our data processing activities. Among them are in particular all interested parties and other visitors of our offers on- and offline. All terms used in this policy shall be understood gender-neutral.

    Among the processed personal data of our business partners and users are the following:

    1. Inventory data (name and address)
    2. Contractual data (products and services ordered, responsible employee, payment information)
    3. Usage data (e.g. visited websites within our online offer or interest in our products.
    4. Content data (e.g. inputs in a contact form, energy usage data, billing data concerning energy consumption or energy data in general).
      1. We want to stress that our data processing activities are solely aimed at offering and delivering our products and services. Our newsletter is only sent to people or corporations who explicitly agree thereon in a double opt-in principle. This measure allows us to determine and proof consent internally and externally vis à vis the data protection authorities. In case of revocation of consent, we are able to quickly delete personal data and make sure they will not be used again.

  3. Security measures

    We have taken various state of the art technical, organisational and contractual security measures. This is done in order to comply with Swiss and European Union regulations and to make sure that all personal data are protected against random and intentional manipulation, loss, destruction or unauthorised internal or external access. Amongst the security measures taken are the following:

    1. Communication between your end-device and our server is only through encrypted channels. Those channels are protected by a 256bit asymmetric encryption. As of today, this is the most secure encryption technology. We follow the new technical developments carefully and adjust our security measures accordingly if needed.
    2. Communication between the control unit and the cloud takes place through encrypted channels only.
    3. The databases we use to store all our data including personal data are encrypted too.
    4. The sign-up for our app and newsletter is only possible through a double-authentication system. Through this measure we guarantee, that only the owner of a certain valid e-mail address has access to the app or to our newsletter, which can be unsubscribed to with a single click in each e-mail.
    5. All our data are stored exclusively in Europe. With the General Data Protection Regulation Europe has an updated and stringent legal framework protecting your data and giving the data subject control over his or her personal data. We are determined to adhere thereto.
  4. Data transfers to third parties

    If we transfer data to third parties, this only happens within the legal framework given us through the Swiss Data Protection Act and the GDPR. Data transfers to third parties only occur if this is strictly necessary to provide our services. Where we are using subsidiaries to perform or services or to assemble our products we are taking legal, technical and organisational measures to make sure that they protect your personal data to an equally high standard as we do.

    If data processing is done by third parties on our behalf who are not based in the European Union or Switzerland, it can be assumed that there is data transfer in the country where the third party has his or her place of work. Data transfer to third countries (non-EU and non-EEA countries e.g. Switzerland, Liechtenstein, Norway and Island) only happens if the European Commission has determined that this country has an adequate level of data protection according to article 45 GDPR. Alternatively, and where appropriate we base our data transfer on a contractual agreement or another clear legal basis within the realm of article 6 GDPR.

  5. Purpose of the data processing

    All our data processing is aimed at delivering the best products and services possible and constantly improve them.

    Among the data processed are the following data which serve us to perform our contract according to article 6 lit. b GDPR

    1. Inventory data (name, address, a user’s contact data)
    2. Contractual data (ordered products or services, contact person within the company, payment information
  6. Account creation:

    To use our products and services you have to open an account with us. Your account gives you access to our products and services. Depending on your role as business partner or user different options unlock and different data is collected in order to perform the contract or possible contract between you and us.

  7. Accountability

    Your stored inventory and contractual data can be accessed constantly via your account. As far as data being collected through our website, read this privacy notice, read our cookie-policy, e-mail us at privacy@ecocoach.com.

    With the first registration the required information (in most cases, first name, last name and e-mail address) will be asked for. User accounts are private and cannot be indexed by search engines.

    With the registration and the subsequent logins or the usage of our online products your IP address and a time stamp will be stored. The storage happens based on our legitimate interest to protect the user from abuse or other unauthorized usage. There will be no transfer to third parties unless it is necessary to protect our legitimate claims, or we face a legal requirement to disclose your data according to article 6 lit. c GDPR. In case of further contractual relationships, the data to perform and account for these contracts are also stored by us.

    To perform our services, we also store configuration data, authorization data or controlling data which is used by our cloud system in an encrypted database. The aforementioned data is solely connected to the control, because they are created or used by the control only and therefore are connected to the control and not to a person (except for authorisation data which are linked to the control and to the individual e-mail address of the user. Therefore, in the event of a change of owner the aforementioned data the new owner also owns this particular data set.

  8. Contacting us

    If you contact us (via contact form or e-mail) the relevant data is processed to answer your question or concern according to Art. 6 lit. b GDPR. The data given to us by the user can be stored in a customer relationship management system or a similar data compiling system.

  9. Comments and posts

    If users leave comments on our website or elsewhere their IP address will be stored for seven days.

    This happens for our own security reasons. In case someone leaves illegal or inappropriate content we as operator are legally liable for the content. Therefore, we are interested in knowing the user leaving illegal or inappropriate content. We explicitly reserve the right to delete criminal relevant content.

  10. Access data and logfiles

    Based on our legitimate interests according to article. 1 lit. f GDPR we are collecting data on every access to our server, on which the service is located (server logfiles). Among this data are name of the requested website, file, date and time of request, data volume transferred, notice of successful retrieval, browser type and version, operating system of the user, referrer URL (website from which the user came to our website), IP-address and the requesting provider.

    We store this data again for security reasons to solve abusive usage and to track fraudulent behaviour). The data are stored for a maximum period of 7 days and thereafter deleted. We reserve the right to store the data longer, if they are needed to solve an ongoing issue until this issue is solved.

  11. Cookies

    Concerning our use of cookies, please consult our separate cookie policy for more thorough information.

  12. Newsletter

    The following paragraphs are explaining the content, the sign-up, distribution and analytic processes concerning our newsletter. By signing-up to our newsletter you are agreeing to the following terms and conditions:

    We are sending out newsletters, e-mails and other electronic messages with marketing content (hereinafter “newsletter”) only with the consent of the receiving party or based on a clear legal basis or legal requirement.

    Our newsletter contains information about products, offers, special offers or about our company and its affiliates. The sign-up process is managed by a double opt-in system. This means that after signing up for the newsletter, you will receive an e-mail to confirm your sign-up. This lets us know that nobody signs up with another person’s e-mail address. Furthermore, we can fulfil our legal requirements to proof a person’s consent upon request by the data protection authorities. Among the stored data are the time stamp of the sign-up and the time stamp of the confirmation and the IP-address. Change in your data are also noted to our newsletter distributor.

    Our newsletter-distributor is “MailChimp” a newsletter distribution platform of the US firm “ Rocket Science Group, LLC, 675 Ponce de Leon Ave NE # 5000, Atlanta, GA 30308, USA. Their privacy policy can be found at https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp ist certified under the Privacy-Shield-Agreement https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active. Thereby Rocket Science Group and MailChimp proof to have a comparable data protection level as in Europe.

    The distribution provider can according to its own information use the data provided in pseudonymized form, which means that the data cannot be linked to a specific user to optimize its services e.g. to technically optimize the distribution, to improve the display of the message or for statistical purposes, to determine from which countries the recipients are coming. Our distributor does not use the data to directly contact individuals or corporations or to transfer this data to third parties.

    To sign-up for the newsletter the only information you need to provide us is a valid e-mail address linked to you. The newsletter contains a “web-beacon”. This is a pixel-sized file that will be retrieved from the distributor’s server. This retrieval contains technical information as information concerning web browser, operating system and your IP-address and a time stamp. This information is used to technically improve the service based on the technical data or the target groups or their reading habits based on location data (which are retrievable from the IP-address) or the time of service-usage.

    For statistical purposes the fact if the newsletter is being opened or not is stored, at what time it is opened and what links are clicked on. For technical reasons this information can be linked to individual users. It is in no-way neither our nor the distributor’s intention to observe individual users. Our goal is to analyse the reading habits of our users and thereby to improve the contents that interest our users most and to send more thorough information about those areas to our newsletter recipients.

    The whole data processing concerning the newsletter serves our legitimate interests according to Art. 6 Al. 1 lit. f DSGVO. We are doing this to establish a user-friendly and secure newsletter-scheme. It serves our business interests as well as the expectations of our clients to receive information tailored to their needs and interests.

  13. Unsubscribe / revocation of consent

    The recipient can unsubscribe the newsletter at any time and thereby revoke your consent to receiving the newsletter. By revoking your consent, you are revoking the right of our distributor to send you the newsletter and do statistical analysis of your behaviour. For technical reasons it is unfortunately not possible to revoke the statistical analysis and still receiving the newsletter.

    Every newsletter provides the link to unsubscribe. If you are unsubscribing, all your personal data will be deleted.

  14. Embedding third-party services and content

    Based on our legitimate interest to analyse and optimise our online services according to article 6 al. 1 f GDPR we use service and content of third party providers. Such services can be e.g. videos (hereinafter referred to as “content”).

    Using third party services and content requires that the third party has access to your IP-address since the content can otherwise not be send to your browser. The IP-address is therefore a prerequisite to display content. We are doing our best, only to use providers, who only use the IP-address to deliver the content. Third party providers can use pixel tags (invisible graphics also called “web beacons”) for statistical or marketing purposes. Through pixel tags information about user traffic on the individual pages of a website. This information can be stored as cookies on the user’s device and deliver technical information about the browser, operating system, referrer URLs time of visit and other information about the usage of our online services. They can also be linked to similar information from different sources.

    The next paragraph provides information about our third-party providers and their content and their privacy policies and your opt out options, if you will reduce the spread of your data outside the European Union.

    Third party providers we are working with:

    1. Maps of the google maps service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. https://policies.google.com/privacy?hl=de&gl=ch., opt out: www.google.com/settings/ads/.
    2. Videos of the service “YouTube” from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. https://policies.google.com/privacy?hl=de&gl=ch., opt out: www.google.com/settings/ads/.
      1. Third parties clients may work with:

        1. If our clients are using third party payment methods (e.g. PayPal or instant payment) the terms and conditions and privacy policies of these third-party providers apply which are available either on their website or within the transaction apps We have no influence over third party terms and conditions or privacy policies and therefore waiver any responsibility for them.
  15. User’s rights

    Inventory data, contractual data and content data can directly be accessed over the user account on the app. Should you have further questions about the data we are collecting, please feel free to contact us at privacy@ecocoach.com.

    The right of data portability is granted where it is technically feasible and in accordance with article 20 GDPR. Further rights granted by the GDPR are the right to correct incorrect data, the right to limit the data processing and under the conditions laid out in article 17 GDPR you also have the right to erasure, commonly known as “the right to be forgotten”.

    We are aware of the trust you put in us, entrusting us with your personal data and we try to do everything to best protect them. If you are convinced that we fail on this mission and process your data incorrectly, you can turn to the relevant national data protection authority. In Switzerland this is the Federal Data Protection and Information Comissioner. If you disagree with our data protection that is strictly necessary to perform the contract, you always have the possibility to terminate the contract. If you have questions regarding your rights as data subject, do not hesitate to contact us at privacy@ecocoach.com.

  16. Deletion of data

    Data we store, will be deleted as soon as the user wishes us to do so and there are no legal requirement impeding us to do so, e.g. legal archiving prescriptions. In this case, the data processing will be limited. The data will be locked and not processed anymore. This applies e.g. to business or tax data. We reserve the right to store the data longer, if this is allowed or required by the resident-state of the user in question. If the data that we are not granted access to based on a data subjects rights, it can happen that the services cannot be performed in the same way or your contractual relation may even be terminated according to the contract by our side.

  17. Right to object

    According to article. 21 GDPR the data subject has the right to object to the processing of personal data. If the data subject wants to object to our processing of his data, he contacts privacy@ecocoach.com. The objection against our data processing can lead to a termination of contract, if the data in question were strictly necessary to provide our services or deliver our products.

  18. Changes to the privacy policy

    We reserve the right to change our privacy policy due to regulatory changes, changes of products and services and changes in our data processing schemes. If they are changes to portions of this privacy policy to which you explicitly consented, you will be informed by e-mail and will be requested to accept our new privacy policy. If you do not want to agree to our changes, the right to terminate the contractual relationship is still yours. As much as we encourage you to stay updated with our legal documents, particularly the privacy policy you will also be informed about occurring changes via e-mail containing a link to the actual privacy policy.If there are any questions left, please feel free to contact us at privacy@ecocoach.com.