Privacy Policy

Home / Privacy Policy
Privacy Policy

PRIVACY POLICY FOR SWITZERLAND

1. Introduction

Below, we provide information about the processing of personal data

  • on our website https://yourself.health/ (aliases: healthyourself.ch, .de, .at, .eu)
  • in our social media profiles
  • in the context of application procedures
  • outside the website (e.g. when forwarding data to recipients).

Personal data is any information relating to an identified or identifiable natural person, e.g. their name or e-mail address.

1.1 Contact details

The controller pursuant to Art. 5 lit. j of the Federal Act on Data Protection (FADP) is Health Yourself AG, Lerchenfeldstrasse 3, 9014 St. Gallen, Switzerland, e-mail: privacy@yourself.health. We are legally represented by Anna Rosenkranz, Dirk Pieter Kruyswijk, Timothy Ebeling-Born, Anne van Berkel-Meier, Gido Karges.

Our data protection advisor can be contacted via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, e-mail: datenschutz@heydata.eu.

1.2 Disclosure abroad

Insofar as we transfer personal data to service providers or other third parties outside Switzerland, decisions of the Federal Council in accordance with Art. 16 para. 1 FADP usually guarantee the security of the data during transfer. According to these decisions, the legislation there guarantees adequate protection. The Federal Council has established such adequacy for the states, territories, specific sectors in a state and international bodies listed in Art. 8 para. 1 of the Ordinance on Data Protection (DPO) in conjunction with Annex 1. These can be found at https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html.

This is the case for the following countries:

  • Germany
  • Andorra
  • Argentina
  • Austria
  • Belgium
  • Bulgaria
  • Canada (Adequate data protection is deemed to be guaranteed if the Canadian federal law "Loi sur la protection des renseignements personnels et les documents électroniques" of April 13, 2000 is applied in the private sector or the law of a Canadian province that largely corresponds to this federal law. The federal law applies to personal data that is obtained, processed or disclosed in the course of commercial activities, regardless of whether it concerns organizations such as associations, partnerships, individuals or trade unions or federally regulated enterprises such as plants, works, companies or business activities that fall within the legislative competence of the Canadian Parliament. The provinces of Québec, British Columbia and Alberta have enacted legislation that largely corresponds to the federal law; the provinces of Ontario, New Brunswick, Newfoundland and Labrador and Nova Scotia have enacted legislation that largely corresponds to this law in the area of health data. In all Canadian provinces, the Federal Act applies to all personal information obtained, processed or disclosed by federally regulated entities, including information about employees of those entities. The Federal Act also applies to personal information that is transferred to another province or country in the course of commercial activities).
  • Cyprus
  • Croatia
  • Denmark
  • Spain
  • Estonia
  • Finland
  • France
  • Gibraltar
  • Greece
  • Guernsey
  • Hungary
  • Isle of Man
  • Faroe Islands
  • Ireland
  • Iceland
  • Israel
  • Italy
  • Jersey
  • Latvia
  • Liechtenstein
  • Lithuania
  • Luxembourg
  • Malta
  • Monaco
  • Norway
  • New Zealand
  • Netherlands
  • Poland
  • Portugal
  • Czech Republic
  • Romania
  • United Kingdom
  • Slovakia
  • Slovenia
  • Sweden
  • Uruguay

In other cases (e.g. if there is no decision on appropriateness), the legal basis for data transfer is usually standard data protection clauses, i.e. unless we indicate otherwise. These are a set of rules adopted by the Federal Data Protection and Information Commissioner (FDPIC) and form part of the contract with the respective third party. According to Art. 16 para. 2 lit. d FADP, they guarantee the security of data transfer. Many of the providers have issued contractual guarantees that go beyond the standard contractual clauses and protect the data beyond the standard contractual clauses. These are, for example, guarantees regarding the encryption of the data or regarding the obligation of the third party to inform the data subject if law enforcement agencies wish to access data.

1.3 Rights of the data subjects

Data subjects generally have the following rights vis-à-vis us with regard to their personal data:

  • Right to information as to whether personal data concerning them is being processed.
  • Right to disclosure of the personal data they have disclosed to us,
  • Right to rectification,
  • Right to object to processing.

2. Newsletter

Interested parties have the option of subscribing to a free newsletter. We process the data provided during registration to send the newsletter. Registration takes place by selecting the corresponding field on our website, by ticking the corresponding field in a paper document or by another clear action, whereby interested parties declare their consent to the processing of their data. We process the data for the purpose of direct marketing. The consent of the interested party can be revoked at any time, e.g. by clicking on the corresponding link in the newsletter or by sending a message to our e-mail address given above.

We also process the opening and click rate of our newsletters by interested parties in order to understand which content is relevant for our recipients. This serves to improve our direct marketing.

We use a service of the provider Klaviyo, Inc., 125 Summer St, Floor 6 Boston, MA 02111, USA (privacy policy: https://www.klaviyo.com/privacy/policy) for email marketing. The provider is the recipient of personal data within the scope of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3. Data processing on our website https://yourself.health/ (aliases: healthyourself.ch, .de, .at, .eu)

3.1 Informational use of the website

When the website is used for informational purposes, i.e. when visitors to the site do not transmit information to us separately, we collect the personal data that the browser transmits to our server in order to ensure the stability and security of our website. This serves to ensure the IT security of the website.

These data are e.g:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

This data is also stored in log files.

3.2 Data on third-party devices

Via our website, we process data on third-party devices by means of telecommunications transmission within the framework described in the previous and following sections.

Visitors can refuse processing, e.g. by selecting the appropriate settings in their browser to block or delete cookies.

3.3 Web hosting and provision of the website

Our website is hosted by Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes the personal data transmitted via the website, some of which is also mentioned in other sections of this privacy policy, e.g. content data, usage data, meta/communication data or contact data. The provider is therefore the recipient of the data. Further information can be found in the provider's privacy policy at https://www.shopify.de/legal/datenschutz. Processing is a prerequisite for us to be able to offer a website and thus present ourselves to the outside world.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

We use the Shopify content delivery network for our website. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes the personal data transmitted via the website, some of which is also mentioned in other sections of this privacy policy, e.g. content, usage, meta/communication or contact data, in the USA. The provider is therefore the recipient of the data. Further information can be found in the provider's privacy policy at https://www.shopify.de/legal/datenschutz. The processing is a prerequisite for us to be able to offer an easily accessible website and thus present ourselves to the outside world.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.4 Contact form

When you contact us via the contact form on our website, we process the data requested there and the content of the message in order to process the request. To the extent permitted by law, we may also process the data for direct marketing purposes.

3.5 Offer of goods and services

We offer goods and services via our website. The processing of personal data is carried out for the performance of the contract concluded with the respective website visitor.

3.6 Technically necessary cookies

Our website uses cookies. Cookies are small text files that are stored in the web browser on the end device of a site visitor. Cookies help to make the website more user-friendly, effective and secure. Insofar as data is processed, this is done for the purpose of providing customers and other site visitors with a functional website.

Specifically, we use technically necessary cookies for the following purpose or purposes:

  • Cookies that save log-in data, cookies that adopt language settings, cookies that payment providers set for payment processing and do not analyze user behavior and cookies that save the shopping cart

3.7 Third-party providers on the website

3.7.1 Google Ads

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) for advertising. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.7.2 Trustpilot

We use a service from the provider Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen K, Denmark (privacy policy: https://de.legal.trustpilot.com/for-businesses/business-privacy-policy) for customer reviews. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.7.3 Microsoft Advertising (Bing Ads)

We use a service of the provider Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (privacy policy: https://privacy.microsoft.com/de-de/privacystatement) for analysis and conversion tracking. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.7.4 Google Web Fonts

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) for fonts on the website. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.7.5 Meta Pixel

We use a service of the provider Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (privacy policy: https://www.facebook.com/policy.php) for analysis. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.7.6 Google Analytics

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) for analysis. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.7.7 YouTube videos

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy) for videos on the website. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.7.8 Shopify

We use a service from the provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (privacy policy: https://www.shopify.de/legal/datenschutz) to maintain an online store. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.7.9 Google Tag Manager

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) for analysis and advertising. The provider is the recipient of personal data within the scope of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.7.10. Google reCAPTCHA

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) to manage authentication. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.7.11. Hotjar

We use a service of the provider Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's, STJ 3141, Malta (privacy policy: https://www.hotjar.com/legal/policies/privacy/) for analysis. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.7.12. Google Merchant Center

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) to maintain an online store. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.7.13. Intercom

We use a service of the provider R&D Unlimited Company 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Ireland (privacy policy: https://www.intercom.com/legal/privacy) to communicate with users. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3.7.14. Google Conversion Tag

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy?hl=de https://support.google.com/tagmanager/answer/9323295?hl=de&ref_topic=3441532) for conversion tracking. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

We use the following measures to ensure the security of the personal data transmitted to the Google Ads API:

  • Minimization of data transmission: Only the data that is absolutely necessary for the integration and functionality of the Google Ads API is transmitted.
  • Encryption: Data is always encrypted with SSL/TLS during transmission to Google.
  • Data access policies: Access to data transmitted to the Google Ads API is restricted to authorized employees and systems.
  • Regular checks: The configurations for data transfer are regularly checked for security and data protection compliance.

The data transmitted to the Google Ads API is only stored in our system for as long as is necessary to fulfill contractual obligations or to comply with legal requirements. Once processing has been completed or at the user's request, this data is deleted or anonymized. Data processing takes place exclusively on the basis of a legal basis, e.g. the user's consent or fulfillment of a contract.

4. Payment service provider

To process payments, we use payment processors, most of whom are themselves data controllers under data protection law. When they are used, they process payment data. The purpose of the processing is to execute the payments.

These payment service providers are:

  • PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg

5. Data processing on social media platforms

We are represented on social media networks in order to present our organization and our services. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to display advertising on the pages of the networks and elsewhere on the Internet that corresponds to the interests of the users. For this purpose, the network operators store information on user behavior in cookies on the user's computer. It is also possible that the operators may combine this information with other data. Users can find further information and information on how users can object to processing by the site operators in the privacy policies of the respective operators listed below. It is also possible that the operators or their servers are located abroad, meaning that they process data there. This may result in risks for users, e.g. because the enforcement of their rights is made more difficult or government agencies gain access to the data.

When users of the networks contact us via our profiles, we process the data provided to us in order to respond to the inquiries.

5.1 Facebook

We maintain a profile on Facebook. The operator is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://www.facebook.com/policy.php. You can object to data processing via the settings for advertisements: https://www.facebook.com/settings?tab=ads.

We are jointly responsible for processing the data of visitors to our profile on the basis of an agreement with Facebook. Facebook explains exactly which data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects can exercise their rights both against us and against Facebook. However, according to our agreement with Facebook, we are obliged to forward requests to Facebook. Data subjects will therefore receive faster feedback if they contact Facebook directly.

5.2 Instagram

We maintain a profile on Instagram. The operator is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://help.instagram.com/519522125107875.

5.3 LinkedIn

We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://www.linkedin.com/legal/privacy-policy?_l=de_DE. You can object to data processing via the settings for advertisements: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

6. Data processing of applicants

When people apply to us for open positions or submit unsolicited applications, we process their data for the purposes of the application process.

We may also contact interesting applicants directly for a position. In this case, we process your master data (e.g. name), contact details (e.g. e-mail address) and other data that may be of interest for the specific position.

Recipients of the data are service providers used as part of the application process (e.g. contract processors as part of the recruitment process) and providers of cloud software that we use. We have listed the recipients that we can currently identify in the "Recipients of data" section below.

We ask applicants to refrain from providing information on political opinions, religious beliefs and similar sensitive data in their CV and cover letter. They are not required for an application. If applicants nevertheless provide such information, we cannot prevent it from being processed.

7. Data processing outside the website

7.1 Processing purposes

We process personal data for the purposes stated below or elsewhere in this document (e.g. under "Recipients of data"):

  • Provision of contractual services and fulfillment of contractual obligations
  • Contact us (e.g. by e-mail or telephone)
  • Communication
  • Answering inquiries
  • IT security measures
  • Direct marketing
  • Request and consideration of feedback
  • Security measures in our office

7.2 Recipients of data

Recipients of data are service providers used by us (e.g. contract processors), providers of cloud software that we use and other external bodies. We list the names of recipients that we can currently identify below. However, the list is not exhaustive.

7.2.1 Notion

We use a service from the provider Notion Labs, Inc, 2948 20th St, Apt. 300 San Francisco, CA 94110, USA (privacy policy: https://www.notion.so/Privacy-Policy-3468d120cf614d4c9014c09f6adc9091) for storage in the cloud. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.2 Google Cloud

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) as serverless computing environments, as infrastructure-as-a-service and as platform-as-a-service. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees, users, third parties and customers.

The provider processes personal data in Switzerland.

7.2.3 Microsoft 365

We use a service of the provider Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (privacy policy: https://privacy.microsoft.com/de-de/privacystatement?culture=de-de&country=DE) for collaboration at work, for writing documents and for storage in the cloud. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees, users, third parties and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.4 Google Workspace

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) for collaboration at work, for creating documents and for storage in the cloud. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees, users, third parties and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.5 Slack

We use a service from the provider Slack Technologies Limited, One Park Place, Upper Hatch Street, Dublin 2, Ireland (privacy policy: https://slack.com/intl/de-de/trust/privacy/privacy-policy) for video conferencing and communication. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees and customers.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.6 Google Meet

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) for video conferencing. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.7 Twilio

We use a service of the provider Twilio, Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA (privacy policy: https://www.twilio.com/legal/privacy) for communication. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties, users and customers.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.8 Slack

We use a service of the provider Slack Technologies Limited, One Park Place, Upper Hatch Street, Dublin 2, Ireland (privacy policy: https://slack.com/intl/de-de/trust/privacy/privacy-policy) for communication. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees and customers.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.9 Notion

We use a service from the provider Notion Labs, Inc, 2948 20th St, Apt. 300 San Francisco, CA 94110, USA (privacy policy: https://www.notion.so/Privacy-Policy-3468d120cf614d4c9014c09f6adc9091) for project management. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties, employees and third parties.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.10. DocuSign

We use a service from the provider DocuSign Germany GmbH, Neue Rothofstrasse 13-19, 60313 Frankfurt (privacy policy: https://www.docusign.de/unternehmen/datenschutz) for electronic signatures. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are employees.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.11. Google Ads

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) for advertising. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.12. Microsoft Advertising (Bing Ads)

We use a service of the provider Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (privacy policy: https://privacy.microsoft.com/de-de/privacystatement) for advertising and analysis. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.13. Shopify

We use a service from the provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (privacy policy: https://www.shopify.de/legal/datenschutz) to maintain an online store. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.14. Facebook Ads

We use a service of the provider Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (privacy policy: https://www.facebook.com/policy.php) for advertising. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.15. Outbrain

We use a service of the provider Outbrain Inc., 222 Broadway 19th Floor, New York, NY 10038, USA (privacy policy: https://www.outbrain.com/legal/privacy#privacy-policy) for advertising. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.16. Intercom

We use a service of the provider R&D Unlimited Company 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Ireland (privacy policy: https://www.intercom.com/legal/privacy) to communicate with users. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.17. Trustpilot

We use a service from the provider Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen K, Denmark (privacy policy: https://de.legal.trustpilot.com/for-businesses/business-privacy-policy) for customer reviews. The provider is the recipient of personal data in the context of the aforementioned processing. The data subjects are customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.18. Klaviyo

We use a service from the provider Klaviyo, Inc, 125 Summer St, Floor 6 Boston, MA 02111, USA (privacy policy: https://www.klaviyo.com/privacy/policy) to manage customer relationships. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are customers.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.19. Intercom

We use a service from the provider Intercom R&D Unlimited Company 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Ireland (privacy policy: https://www.intercom.com/legal/privacy) to communicate with customers. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users and customers.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.20. Mailchimp

We use a service from the provider Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (privacy policy: https://mailchimp.com/legal/privacy/) to send emails. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are customers.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.21. Mailjet

We use a service from the provider Mailjet GmbH, Friedrichstraße 68, 10117 Berlin (privacy policy: https://www.mailjet.de/privacy-policy/) to send emails. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.22. Smallpdf

We use a service from the provider Smallpdf AG, Steinstrasse 21, 8003 Zurich, Switzerland (privacy policy: https://smallpdf.com/de/datenschutz) to process documents, compose documents and for electronic signatures. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties, employees and customers.

7.2.23. Notion

We use a service from the provider Notion Labs, Inc, 2948 20th St, Apt. 300 San Francisco, CA 94110, USA (privacy policy: https://www.notion.so/Privacy-Policy-3468d120cf614d4c9014c09f6adc9091) for project management. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties, employees and third parties.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.24. Postman

We use a service from the provider Postman Inc, 55 2nd St Ste 300, San Francisco, CA 94105, USA (privacy policy: https://www.postman.com/legal/privacy-policy/) for API development. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.25. Hotjar

We use a service of the provider Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's, STJ 3141, Malta (privacy policy: https://www.hotjar.com/legal/policies/privacy/) for analysis. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.26. Twilio

We use a service from the provider Twilio, Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA (privacy policy: https://www.twilio.com/legal/privacy) to send emails. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties, users and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.27. Firebase

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland (privacy policy: https://firebase.google.com/terms/data-processing-terms/) for application development. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.28. Google Cloud

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland (privacy policy: https://policies.google.com/privacy?hl=de) as serverless computing environments, as infrastructure-as-a-service and as platform-as-a-service. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users and customers.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.29. bexio AG

We use a service from the provider bexio AG, Alte Jonastrasse 24, 8640 Rapperswil, Switzerland (privacy policy: https://www.bexio.com/de-CH/richtlinien/datenschutz) for accounting purposes. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are interested parties, employees and customers.

The provider processes personal data in Switzerland. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.30. Firebase

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland (privacy policy: https://firebase.google.com/terms/data-processing-terms/) for application development. The provider is the recipient of personal data in the context of the aforementioned processing. Data subjects are users.

The provider processes personal data in the EU. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

7.2.31. Google Conversion Tag

We use a service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy: https://policies.google.com/privacy?hl=de https://support.google.com/tagmanager/answer/9323295?hl=de&ref_topic=3441532) for conversion tracking. The provider is the recipient of personal data in the context of the aforementioned processing.

The provider processes personal data in the USA. Information on guarantees in accordance with Article 16 paragraph 2 can be found in the section "Disclosure abroad".

8. Changes to this privacy policy

We reserve the right to amend this privacy policy with effect for the future. A current version is always available here.

9. Questions and comments

If you have any questions or comments regarding this privacy policy, please do not hesitate to contact us using the contact details above.