(Version 2023.06.09 - valid until 2023.09.24)
Data protection is a matter of trust and your trust is important to us. We, Skribble AG, Förrlibuckstrasse 190, 8005 Zurich, Switzerland (hereinafter "Skribble", "we", "us" or the like) respect your privacy and personal data. Responsible and legally compliant handling of personal data is very important to us. We treat your personal data confidential at all times and process it in compliance with applicable law, in particular the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation of the European Union (EU-GDPR), as well as in accordance with these data protection provisions.
In particular, we protect, in cooperation with our service providers and partners, all data processing processes as best as possible and according to the current state of the art against unauthorized access, loss, misuse and unauthorized changes.
If you are already using Skribble's services, this Policy also applies to data about you that we have collected and stored in the past, which we may link and process with data we collect or receive in the future.
This Policy will form part of the contract between you and us if it is listed in the relevant contract as part of the contract or if reference is made to it in the applicable General Terms and Conditions (GTC). If this is the case and if contradictions arise between the contents of this declaration and the provisions of the relevant contract or the General Terms and Conditions (GTC), the provisions of the latter documents shall take precedence over the contents of this Policy.
1. Data controller
Data controller in the sense of the applicable data protection law:
CH - 8005 Zurich
Phone:+41 44 505 16 64
Personal data (hereinafter “Data”) means all data and information relating to an identified or identifiable natural person.
In this Policy we use the terminology according to Art. 4 EU-GDPR.
2.1 Categories of data processed
We process different categories of data from you, such as:
- Contact and identification data such as surname, first name, title, address, email address, telephone number and customer number;
- Personal information such as age, gender, nationality, and language;
- User account information such as username, password and user account number.
- Financial data such as bank details, payment information (incl. credit card data), payment history and average revenue;
- Contract data such as contract type, contract content, type of products and services, applicable terms and conditions, contract start date, contract term, remuneration claims, billing data and offer restrictions;
- Interaction and usage data such as correspondence, chat content, customer preferences, type and extent of use of products and services, customer service information such as complaints, delivery information, etc., customer segment and target group information, information about the end devices used (end device type, device ID, manufacturer, operating system, language, device settings, etc.), information from the assertion of rights and feedback;
- Information regarding use of the website and platform such as internet pages visited, IP address, cookie information, browser settings, frequency of visits, time and duration of visits, search terms, clicks on content, Internet page of origin, information in forms and ratings and comments submitted.
2.2 Legal basis for data processing
We use your data on the basis of various legal grounds, depending on
- the services you make use of from us (contract or pre-contractual measures, Art. 6 para. 1 lit. b EU-GDPR);
- a legal obligation (Art. 6 para. 1 lit. c EU-GDPR);
- your consent that you have given us (consent, Art. 6 para. 1 lit. a EU-GDPR); or
- a legitimate interest, e.g. to ensure the security of the website, to send you information about the use of our platform or products to the extent that they are similar to those you have already purchased from us or requested from us and you have not deactivated such communications (Art. 6 (1) lit. f EU-GDPR).
2.3 Purposes of data processing
The purposes for which we process your data may include:
- to provide and maintain our services to you;
- to notify you of changes in relation to our services;
- to provide customer services to you;
- to improve our services;
- to monitor the use of our services;
- to detect, prevent and correct technical problems;
- to provide you with news, special offers and general information about other products, services and events offered by us to the extent they are similar to those you have already purchased from or requested from us and you have not opted out of such communications.
When we provide services to you or you use our services, we rely on you or you are required to provide us with certain data in connection with the conclusion of the contract and the provision or use of the services. If you do not provide us with the required data or only provide it in part, this may mean that no contract can be concluded between you and us or that the provision of services is not possible or only possible to a limited extent.
2.4 Duration of data processing
We process your data for the duration required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.
3. Processing on our website (www.skribble.com)
3.1 SSL/TLS encryption on our website
On our website, we use SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as your inquiries that you send to us. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and, depending on the browser, by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the information you send to us via the contact form cannot be read by third parties.
We would like to point out that data transmission on the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties without the use of email encryption, such as PGP or S/MIME, is not possible and is at your own risk.
3.2 Collection of server log files
Our website can generally be visited without registration. Information such as pages accessed or names of files accessed, date and time are stored on the server for statistical purposes without this data being directly related to your person.
We automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:
- browser type and browser version
- operating system used
- referrer URL
- host name of the accessing computer
- time of the server request
- IP address
This information can only be indirectly assigned to your person by us. We do not combine this data with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.
3.3 Website analysis with Matomo
We use the open source tool Matomo on our own servers for web analysis in order to provide our users with the best possible service. For this purpose, we evaluate the use of the respective pages and functions and derive improvements to the functionality of our services to make them easier and more valuable and to improve usability.
Matomo uses so-called cookies. For this purpose, the usage information obtained by the cookie is transmitted to our server and stored so that usage behavior can be evaluated. Your IP address is immediately anonymized; thus you remain anonymous as a user. The information generated by the cookie about your use of the website will not be disclosed to third parties.
The data is further processed to analyze the behavior of users and to evaluate the use of individual components of the website. The aim is to constantly optimize the website and its user-friendliness.
3.4 Google Fonts
We use Google Fonts on our website. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for this. We have integrated the Google Fonts locally, i.e. on our web server - not on Google's servers. This means that there is no connection to Google servers and thus no data transfer to or storage on Google servers.
4. Processing on our platform (my.skribble.com)
4.1 Security of data processing
To ensure the protection of your data, we use appropriate technical and organizational measures. In doing so, we always observe the current state of the art. Our employees are regularly sensitized and trained. The infrastructure of our platform is operated on servers in Swiss data centers that have ISO 27001 certification and have implemented high security standards.
4.2 Registration on the platform
To open a user account on the platform, only the following data is required:
- Email address
- First and last name
- Mobile phone number
Alternatively, you can register using one of the supported single sign-on solutions (such as trustID).
In the case of a company, if you use single sign-on to provide your employees with easy access to our platform, the data transfer is done via the API interface OpenID Connect. Which data you send to us for authentication is based on your decision as the data controller.
4.3 Your details for chargeable services
For the provision of chargeable services, we ask for additional data, such as payment details, in order to be able to execute your order. We store this data in our systems until the legal retention periods expire.
4.4 Data processing for signature solutions from our partners
If you apply for or use advanced electronic signatures (AES) and/or qualified electronic signatures (QES) via our platform, the identification is performed by our partners. We either request information from these partners via an API interface as to whether a valid identification exists for you or create a digital identity for you based on your data.
Our partners for signatures and identification are:
CH - 8005 Zurich
GMO GlobalSign, Ltd.
Springfield House Sandling Road
UK - Kent ME12 2LP
A-Trust Gesellschaft für Sicherheitssysteme im elektronischen Datenverkehr GmbH
Landstraßer Hauptstraße 1b
4.5 Processing your support requests
In the context of processing data via HubSpot, we cannot exclude that data is transferred to the USA, although the EU has been agreed as the storage location of the data. Data protection is secured via the so-called standard contractual clauses of the EU Commission, which ensure that the processing of data is subject to a level of protection that corresponds to that of the EU-GDPR.
4.6 External payment service provider Stripe
When you use payment with Stripe, the data you enter is transmitted to Stripe. The transmission of your data takes place on the basis of Art. 6 para. 1 lit. b EU-GDPR (contract you conclude with Stripe). The transfer of your data takes place exclusively for the purpose of payment processing and only to the extent necessary for this purpose.
4.7 External SMS provider
5. Third-party services on our website (www.skribble.com)
5.1 General information about cookies
5.2 Communication with Skribble users
You can adjust your preferences for receiving our messages at any time, unless they are mandatory for the provision of our services. In every message from us you will find the option to adjust the preferences at the bottom.
5.3 Notification emails via SparkPost
To send emails (known as "notification emails") via our platform (my.skribble.com), we use the provider SparkPost, a Message Systems, Inc. company.
For this purpose, Skribble uses the name and email address of its users to forward the email to the intended recipient and may process other personal data directly relevant to the communication. The email is sent by Message Systems, Inc. doing business as SparkPost, a Delaware corporation, Attn: Privacy, 9160 Guilford Road, Columbia, MD 21046, USA, (www.sparkpost.com), which acts as a data processor for Skribble in this regard.
For more information about Sparkpost's privacy practices, please visit: https://www.sparkpost.com/gdpr/
For each interaction, the service provider processes, at a minimum, data about:
Your IP address, date, subject line of your email, response times to your server request, time of the server request, and email address.
5.4 LinkedIn Insights Tag and conversion tracking
Using this technology, we can generate reports on the performance of our ads on LinkedIn as well as website interaction information. For this purpose, the LinkedIn Insight tag is embedded on this website, which establishes a connection to the LinkedIn server, provided you have agreed via the cookie banner and are logged into your LinkedIn account.
5.5 Google Remarketing
We use the remarketing function within the Google Ads service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With the remarketing function, we can present users of our website with advertisements based on their interests on other websites within the Google advertising network (in Google Search or on YouTube, so-called "Google Ads" or on other websites). For this purpose, the interaction of users on our website is analyzed, e.g. which offers you are interested in, in order to be able to show you targeted advertising on other sites even after you have visited our website. For this purpose, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google display network. These cookies are used to record the visits of these users. The cookies are used to uniquely identify a web browser on a specific end device and not to identify a person.
5.6 Use of the SalesViewer-Technology
On our website, data is collected and stored for marketing and optimization purposes using the SalesViewer technology of SalesViewer GmbH on the basis of legitimate interests (Art. 6 para. 1 lit. f EU-GDPR).
The data stored as part of SalesViewer is deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations that prevent its deletion.
The collection and processing of data can be objected to at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection on our website. In doing so, an opt-out cookie will be placed on your device. If you delete all cookies in your browser, you must click this link again.
5.7 Activation of your account & marketing
We send the emails for activating your account and our newsletter via Hubspot (Hubspot Ireland Limited, Hubspot House, 1 Sir John Rogerson's Quay Dublin 2, Ireland).
If you have shown interest in our products via one of our campaigns, we will send you information and marketing material as part of pre-contractual measures. For this purpose, we use the ERP system of the provider HubSpot (Hubspot Ireland Limited, Hubspot House, 1 Sir John Rogerson's Quay Dublin 2, Ireland). You can unsubscribe from receiving these messages at any time via the unsubscribe link.
5.8 Social media links
Our website contains links to our company profiles on LinkedIn, Xing, Youtube and Twitter. When you click on the links, you will leave our website and be redirected to the servers of the relevant social media providers.
5.9 Surveys with Lamapoll
For customer survey purposes and to improve our services, we regularly conduct online surveys with the web service Lamapoll (Lamano GmbH & Co. KG, Frankfurter Allee 69, 10247 Berlin, Germany).
Participation in such surveys is voluntary and anonymous. Lamapoll stores the answers on servers in Germany that meet the highest security standards and from there the data is transmitted to us via encrypted connections. It is not possible to establish a personal reference to you from your answers.
You can find more information about data protection at Lamapoll here: https://www.lamapoll.de/Support/Datenschutz
6. Further data processing
For our own marketing purposes, we may combine and use publicly available data about you with the data we already hold about you. Data about you may also be obtained for the same purposes from third-party providers (e.g. address dealers), who may lawfully pass this data on to us. In addition, we may use and exploit further data for non-personal data analyses for the same purpose. Any further use of data, if required by law, will only take place with your additional consent.
7. Data subjects rights
As a data subject, you have the rights listed below in accordance with the data protection law applicable to you. To exercise one or more of these rights, please contact our data protection officer.
7.1 Right to information
You have the right to request confirmation from us as to whether data relating to you is being processed. If this is the case, you have a right of access to this data and to the information as described in Art. 15 EU-GDPR.
7.2 Right to rectification
As a data subject, you may have us correct your data processed by us at any time or, where possible, adjust it independently.
7.3 Right to erasure
You may at any time submit a request to us for deletion in relation to your data processed by us. Unless a legal or other obligation requires us to continue to retain the data, we will be happy to comply with your request. In the event of non-erasure, we will restrict processing.
You can delete your user account independently via the profile settings. We will be happy to support you in this process.
7.4 Right to data portability
You have the right to receive your data, which is processed on the basis of your consent or a contract, in a structured, common and machine-readable format and, if necessary, to transfer it to another controller.
7.5 Right to object
You have the right to object the processing of data relating to you at any time on grounds relating to your particular situation.
We will no longer process the data in the event of the objection, unless we can demonstrate compelling legitimate grounds for further processing which override the interests, rights and freedoms of you as the data subject, or if the processing serves the assertion, exercise or defense of legal claims.
7.6 Revocation of consent
You can revoke consent once given at any time. To do so, contact our data protection officer or use our contact form or, if your revocation relates to the sending of the newsletter, the opt-out link in the newsletter.
7.7. Right of complaint to the supervisory authority
You have the right to lodge a complaint with the supervisory authority responsible for you if you believe that the processing of your data violates applicable data protection law. The competent supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner.
8. Questions to our data protection officer
If you have any questions about data protection, please contact our data protection officer:
PSW GROUP Consulting GmbH & Co. KG
+49 661-480 276 24
We make regular changes to our data protection provisions as part of our continuous improvement process, in particular in order to remain compliant with legal regulations in the future. Your rights as a data subject remain unaffected by such changes. Please always refer to the current version of this Policy, which is published on our website (skribble.com).