Privacy Policy

Version: 27.05.2024

1.0 Scope

The protection of your personal data and your privacy is important to us. Accordingly, it is a matter of course for us to comply with the legal requirements of the Swiss Federal Act on Data Protection (DSG), the Ordinance to the Federal Act on Data Protection (VDSG), the Swiss Telecommunications Act (FMG) and other provisions on data protection which might be applicable, in particular the EU General Data Protection Regulation (GDPR).

Personal data is defined as data/information relating to identified or identifiable natural persons. Online identification characteristics such as IP addresses are considered personal data, unless such were rendered anonymous.

Procivis AG (“Procivis”) is a Data Controller within the meaning of the DSG and GDPR. If you are a resident of the European Union or other regions with laws governing data collection and use, then you agree to the transfer of your information to Switzerland.

This Privacy Notice applies to all persons whose data we process (hereinafter referred to as “you”), regardless of which channel you use to contact us (e.g., in person, by phone, on a website, in an app, via a social network, at an event, etc.). It applies to the processing of personal data that have already been collected and personal data that will be collected in the future.

In the Privacy Notice below, we inform you about the claims and rights under data protection laws to which you are entitled and about the most important aspects of data processing performed in our company.

2.0 Contact

If you have any questions on data protection at Procivis AG, please contact:

Procivis AG
Dietzingerstrasse 3
8003 Zurich
Switzerland
Phone: +41 44 523 65 35
Email: legal@procivis.ch
Website: www.procivis.ch

3.0 Data categories

3.1 Master Data

Master data comprise the fundamental data about you, such as title,name, contact details, or date of birth. We collect master data in particularas part of our regular business activities, in particular if you contact orconnect with us through any digital channel or approach one of ourrepresentatives in person (e.g., trade fairs). We also collect master data if,for example, you take part in a survey, competition or prize draw, register fora newsletter or download materials such as whitepapers. Moreover, we collectmaster data for access controls to our events or office premises. Weadditionally collect master data about contacts and representatives ofcontractual partners, organizations, and authorities.

Examples of master data can include:

  • salutation, first name,last name, gender, date of birth;
  • address, e-mailaddress, telephone number, and other contact details;
  • payment information;
  • details about yourrelationship with us (client, applicant etc.);
  • settings concerning thesubscribed newsletter;
  • details aboutparticipation in surveys, competitions and prize draws;
  • official documents inwhich you appear (e.g., ID documents, permits, register extracts etc.);
  • details of titles andcorporate functions of representatives of our prospects, clients and businesspartners as well as applicants;
  • date and time of registration.

Under certain circumstances, you can also connect with us via the login of a third-party provider (e.g., LinkedIn). In this case, we receive access to certain data saved with the provider in question, for example your username, profile picture, date of birth, gender, and other information, the scope of which you can normally determine. Information in this regard can be found in the Privacy Notice of the provider concerned.

3.2 Contract Data

Contract data are personal data accrued in connection with theconclusion or processing of a contract, e.g., information on the conclusion ofthe contract, acquired claims and receivables, or information about clientsatisfaction. We primarily conclude contracts with clients, business partners,and job applicants, but also with other contractual partners. If based on acontract, we often also collect transaction and behavior data.

Contract data can include details:

  • about the initiationand conclusion of contracts, e.g., date of contract conclusion, details fromthe application process, and details of the contract in question (e.g., typeand duration);
  • about the processing and administration of contracts (e.g., contactdetails, delivery addresses, successful or unsuccessful deliveries, andinformation about payment methods);
  • in connection with our client support with technical issues and complaints;
  • about our interactions with you (where applicable, a history withcorresponding entries);
  • about contract amendments;
  • about client satisfaction that we may collect via surveys;
  • about financial matters such as to establish creditworthiness (i.e.information that allows conclusions to be drawn about the likelihood thatreceivables will be settled), about reminders, about collection proceedings,and about the enforcement of claims;
  • in connection with a job application, such as curriculum vitae,references, qualifications, certificates, meeting notes, etc. (that may alsocontain personal data of third parties);
  • about interactions with you as the point of contact or representative ofa business partner;
  • in connection with security and other checks with regard to enteringinto a business relationship.
  • In connection with the access to our Procivis One Trial Environment.

3.3 Communication Data

If you contact us or we contact you, for example when you contact our supportservices, or when you write to us, or call us, we process the exchangedcommunication contents and information about the type, time, and place ofcommunication. In certain situations, we may also ask you to provide proof ofidentity.

Examples of master data can include:

  • name and contact details such as postal address, e-mail address, and telephone number;
  • content of e-mails, written correspondence, chat messages, social media posts, comments on a website, telephone conversations, video conferences, etc.;
  • responses to client and user experience surveys;
  • details of the type, time, and in certain circumstances place of communication;
  • proofs of identity such as copies of official IDs.

3.4 Transaction and behavior data

When we send you electronic messages (e.g., newsletter), you download our mobile apps, you visit our website or visit our premises and make use of our infrastructure, we frequently collect data about this usage and generally about your behavior.

Examples of transaction and behavior data can include the following information if available to us as personal data:

  • details about the attendance of events (e.g., date, place, and type of event or use);
  • details about participation in surveys, competitions, prize draws, and similar events;
  • details about your behavior on our websites (e.g., subscription to a newsletter, download of materials);
  • details about the installation and use of our mobile apps;
  • details about your use of electronic messages (e.g., whether and when you opened an e-mail or clicked on a link);
  • details about your use of our Wi-Fi networks (e.g., date, time, and duration of connection, location of the Wi-Fi network, and data volume).

3.5 Preference Data

We wish to tailor our offers and services to our clients as effectively as possible. We therefore also process data about your interests and preferences. To do so, we may combine transaction and behavior data with other data and analyze such data on a personal and non-personal basis. This enables us to draw conclusions about characteristics, preferences, and likely behavior, such as your preferences and affinities regarding specific products and services.

In particular, we may create segments (permanently or case-related), that is, groups of persons displaying similarities with regard to specific characteristics. Preference data may be used either personally (e.g., in order to send you relevant marketing material) or on a non-personal basis (e.g., for market research or product development purposes).

3.6 Technical Data

When you make use of our websites, apps, Wi-Fi networks, or other electronic services, we collect certain technical data such as your IP address or device ID. Technical data also include the protocols in which we record the use of our systems (log files). In some cases, we may also assign a unique code number (an ID) to your end device (tablet, PC, smartphone, etc.), for example by using cookies or similar technologies, in order to be able to recognize it. Further details concerning this can be found in section 6.

Technical data can include:

  • the IP address of your device and further device IDs (e.g., MAC address);
  • code numbers assigned to your device by cookies and similar technologies (e.g., pixel tags);
  • details of your device and its configuration, such as operating system and language settings;
  • details about the browser with which you access the site, and its configuration;
  • information about your movements and actions on our websites and in our apps;
  • details about your Internet provider;
  • your approximate location and the time of use;
  • system recordings of access and other events (log files).

Technical data can in particular also be used to collect behavior data, that is, details about your use of websites and mobile apps (see section 3.4). However, we are usually unable to derive who you are from technical data.

Concerning the processing of technical data, please also consult section 12.

3.7 Images, Video and Sound Recordings

We regularly produce photos, videos, and sound recordings in which you might be featured, for example if you attend an event or visit our office premises.

For security and evidentiary purposes, the entrance areas of our office premises are secured via video recording. Thereby, we may obtain information on your behavior when accessing the premises. The use of video surveillance systems is localized and clearly indicated.

Examples of image and sound recordings can include:

  • photos, videos, and sound recordings of employee, client and public events (e.g., advertising, sponsorship, cultural events, and sports events);
  • photos, videos, and sound recordings of courses, presentations, trainings, etc.;
  • recordings from video surveillance systems for the physical access management.

4.0 Data Origin

4.1 Provided Data

You often disclose personal data to us yourself, for instance when sending us data or communicating with us. Master, contract, and communication data in particular are generally something you disclose to us yourself. You are in many cases also responsible for disclosing preference data to us.

For example, you provide us with personal data yourself in the following cases:

  • you take part in a survey, prize draw or competition;
  • you take sign up for our newsletter;
  • you apply for a job opening.

The provision of personal data is largely voluntary, which means that you are not generally obliged to disclose your personal data to us. However, we do have to collect and process the personal data that are required for processing contractual relationships and fulfilling associated obligations or that are prescribed by law, such as mandatory master and contract data, as we would otherwise be unable to conclude or continue the contract in question.

If you send us data about other persons (e.g., co-workers), we assume that you are authorized to do so and that these data are correct. Please also ensure that these other persons have been informed about this Privacy Notice.

4.2 Collected Data

We may also collect personal data about you ourselves or automatically, such as when you interact with our website, newsletters or any other electronic promotional materials, or procure our products and services. Such data frequently comprise transaction and behavior data and technical data.

For example, we independently collect personal data about you in the following cases:

  • you visit our website or use one of our apps;
  • you click on a link in one of our newsletters or interact with one of our electronic promotional materials in another way.

We may also derive personal data from personal data already available to us, for example by analyzing transaction and behavior data.

4.3 Received Data

We may also receive information about you from other third parties, such as from companies with which we cooperate, persons who communicate with us, or public sources .

For example, we may receive information about you from the following third parties:

  • your employer and work colleagues in connection with a job application and professional functions;
  • third parties if correspondence and discussions concern you;
  • Swiss Post and address dealers, e.g., for address updates;
  • providers of online services, e.g., providers of Internet analysis services and Social Media;
  • information services for compliance with statutory requirements such as anti-money laundering and export restrictions;
  • authorities, parties, and other third parties in connection with official and judicial proceedings;
  • public registers such as the debt collection or commercial register, from public offices such as the Swiss Federal Statistical Office, from the media, or from the Internet.

5.0 Purposes of Processing Personal Data

5.1 Communication

We wish to remain in contact with you and address your individual requirements. We therefore process personal data for the communication with you, in order to answer inquiries and support requests, for instance. In particular, we make use of communication and master data for this, as well as contract data if the communication concerns a contract. We may also personalize the content and time of dispatch of messages on the basis of behavior, transaction, preference, and other data.

The purpose of communication can comprise:

  • responding to inquiries;
  • contacting you in the event of questions;
  • client and support services;
  • communication in connection with security incidents;
  • quality assurance and training;
  • all other processing purposes for which we communicate with you (e.g., contract processing, information, and direct advertising).

5.2 Contract processing

We wish to offer you the best possible service. We therefore process personal data in connection with the initiation, administration, and processing of contractual relationships, for instance to provide a service, or host a prize draw. Contract processing also includes any agreed personalization of services. For this purpose, we particularly make use of master data, contract data, communication data, transaction and behavior data, as well as preference data.

The purpose of contract processing generally comprises everything that is necessary or appropriate for concluding, executing, and, where applicable, enforcing a contract.

For example, this includes processing to:

  • decide whether and how we enter into a contract with you;
  • provide contractually agreed services;
  • provide client support and enhance client satisfaction;
  • establish, notify, and, if applicable, publish winners of competitions and prize draws;
  • invoice our services and generally for accounting purposes;
  • plan and prepare the provision of our services, for example briefing of our employees;
  • review the suitability of job applicants and, if applicable, prepare and conclude employment contracts;
  • review whether we are willing and able to cooperate with a company and to monitor and assess its services;
  • assert legal claims from contracts (legal proceedings, etc.);
  • administer and manage our IT and other resources;
  • store data in compliance with obligations to preserve records;
  • terminate and end contracts.

5.3 Information and Marketing

We wish to present you with attractive offers. We therefore process personal data for relationship management and marketing purposes, for example in order to send you written and electronic messages and offers and carry out marketing campaigns. These may comprise our own offers, or those of advertising partners. Messages and offers may also be personalized in order to – as far as possible – only send you information that is likely to be of interest to you. For this purpose, we in particular make use of master data, contract data, communication data, transaction data, behavior data, and preference data, but also image and sound recordings.

Examples include can include the following messages and offers:

  • Newsletters, advertising e-mails, in-app messaging, and other electronic messages;
  • Advertising brochures, magazines, and other printed matter;
  • Invitations to events, prize draws, and competitions.

Unless we separately ask for your consent to contact you for marketing purposes, you may decline such contacts at any time. In the case of newsletters and other electronic messages, you can generally opt out of the corresponding service via an unsubscribe link integrated in the message.

The personalization of our messages enables us to tailor information to your individual needs and interests, and to only present you with information that is likely to be relevant for you.

5.4 Market Research and Product Development

We aim to improve our offers continuously and make them more attractive for you. We therefore process personal data for market research and product development purposes. To do so, we particularly process master, behavior, transaction, and preference data, as well as communication data and information from customer surveys, other surveys and studies, and further information, for example from the media, the Internet, and other public sources. As far as possible, we make use of pseudonymized or anonymized information for these purposes.

Market research and product development may include:

  • the conducting of client and user surveys, other surveys, and studies;
  • the improvement of our offering (pricing and campaign planning, etc.);
  • the assessment and improvement of the acceptance of products and our communication in connection with our products;
  • the optimization and improvement of user-friendliness of websites and apps;
  • the development and testing of new products;
  • the review and improvement of our internal processes;
  • the training and education of our employees;
  • statistical evaluations;
  • market monitoring, for example to understand current developments and trends and respond to them.

5.5 Security and Prevention

We wish to guarantee your and our security and prevent misuse. We therefore also process personal data for security purposes, to guarantee IT security, to prevent theft, fraud, and misuse, and for evidentiary purposes. This can concern all the personal data categories, in particular also transaction and behavior data and image, video and sound recordings. We can acquire, analyze, and store these data for the purposes mentioned.

Examples of the purpose of security and prevention include:

  • the analysis of transaction and behavior data in order to detect suspicious behavior patterns and fraudulent activities;
  • the evaluation of system recordings of the use of our systems (log files);
  • the prevention, mitigation, and detection of cyber and malware attacks;
  • analysis and tests of our networks and IT infrastructures, and system and error checks;
  • control of access to electronic systems (e.g., logins for user accounts);
  • physical access controls (e.g., access to office premises);
  • documentation purposes and creation of backups.

5.6 Compliance With Statutory Requirements

We wish to lay the foundations for compliance with statutory requirements. We therefore also process personal data to comply with legal obligations and to prevent and detect infringements. Examples of this include receiving and processing complaints and other messages, complying with court and administrative orders, and measures for detecting and investigating misuse. This can concern all personal data categories.

All such cases may concern Swiss law or foreign regulations to which we are subject, as well as self-regulations, industry and other standards, our own corporate governance, or official directives.

5.7 Protection of Rights

We wish to be able to enforce our claims defend ourselves against the claims of others. We therefore also process personal data for the protection of rights, for instance to enforce claims judicially, before or out of court, and before authorities in Switzerland and abroad, or to defend ourselves against claims. Depending on the situation, we process different categories of personal data, such as contact data and details of events that have led to or could lead to a dispute.

5.8 Administration and Support within the Group

Procivis AG is part of the Orell Füssli Group. As a Group we wish to shape our internal processes efficiently, use resources effectively and create synergies. We therefore process personal data for administration, marketing and sales within the Group. We can process master data, contract data, and technical data, as well as transaction data, behavior data, and communication data.

Administration within the Group can include:

  • access control to company premises.

6.0 Legal basis

Depending on the purpose of the data processing, our processing of personal data is based on different legal grounds. In particular, we may process personal data if

  • doing so is necessary to fulfill an agreement with the person concerned or for pre-contractual measures (e.g., to review a request for an agreement);
  • doing so is necessary to safeguard legitimate interests;
  • doing so is based on consent;
  • doing so is required for compliance with Swiss and foreign legal obligations.

In particular, we have a legitimate interest in processing for the purposes set out in section 5 above and the disclosure of data in accordance with section 8 and the associated objectives. These legitimate interests include our own interests and third-party interests.

7.0 Data Security

We take technical and organizational measures to protect your personal data against manipulation, loss, destruction or against the access by unauthorized persons. The measures taken permanently protect the confidentiality and integrity of your personal data and the availability and resilience of our systems and services in the processing of your personal data. Furthermore, they ensure a quick recovery of the availability of your personal data and the access to them in case of a physical or technical incident.

Our security measures also include an encoding of your personal data. All information that you enter online will be transferred through an encoded transmission path. Therefore, such information can, at no time, be inspected by any unauthorized third parties.

Our data processing and our security measures are subject to continuous improvement in line with technological developments and are audited on an annual basis as well as certified under the ISO 27001 standard.

We also take our own, internal data protection seriously. Our employees and the service providers engaged by us are committed to secrecy and to the compliance with provisions under data protection laws. Moreover, they are granted access to your personal data only to the extent necessary.

8.0 Data Recipients

We may disclose personal data, to the extent permitted, to service providers generally process personal data on our behalf as so-called “contract processors”. Our contract processors are obliged to only process personal data in accordance with our instructions and to take suitable measures to ensure data security. We ensure through the selection of service providers and suitable contractual agreements that data protection is upheld during the entire processing of your personal data.

In individual cases, it is also possible that we may disclose personal data to other third parties for their own purposes, for example if you have granted your consent or we are legally obliged or authorized to share such information. In such cases, the data recipient is legally responsible as the controller of the data.

Please take note of our Cookie Policy concerning independent data collection by third-party providers whose tools we have integrated into our websites and apps.

9.0 Disclosure of personal data abroad

We process and storepersonal data mostly in Switzerland and the European Economic Area (EEA). Incertain cases, however, we may also disclose personal data to service providersand other recipients who are located outside this area or who process personaldata outside this area, in principle in any country in the world. The countriesin question may not have laws that protect your personal data to the sameextent as in Switzerland or the EEA. If we transfer your personal data to sucha country, we will ensure the protection of your personal data in anappropriate manner.

One means of ensuring adequate data protectionis, for example, to conclude data transfer agreements with the recipients ofyour personal data in third countries that ensure the required level of dataprotection. This includes agreements that have been approved, issued, orrecognized by the European Commission and the Swiss Federal Data Protection andInformation Commissioner, known as standard contractual clauses. Please notethat such contractual arrangements can partially compensate for weaker or missingstatutory protection but cannot rule out all risks completely (e.g., governmentaccess abroad). Data may also be transferred to countries without adequateprotection in exceptional cases, for example if consent is granted, inconnection with legal proceedings abroad, or if transfer is necessary for theprocessing of an agreement.

10.0 Storage Period

We process and store your personal data

In certain cases, wewill also ask for your consent if we want to store your personal data forlonger periods (e.g., for job applications that we wish to keep on file). Atthe end of the periods specified, we will erase or anonymize your personaldata.

For example, weadhere to the following retention periods, although we may deviate from them in individual cases:

  • Contracts: We generally retain master and contractdata for ten years as of the last contractual activity or contract expiry.However, this period may be longer if this is necessary for the provision ofevidence, due to statutory or contractual provisions, or for technical reasons.Transaction data in connection with contracts are generally retained for tenyears.

11.0 Your rights

You have the right toobject to data processing particularly if we process your personal data on thebasis of a legitimate interest and the other applicable requirements are met.You can also object to data processing in connection with direct advertising(e.g., advertising e-mails) at any time.

Provided the applicable conditions are met and there are no applicablestatutory exceptions, you also have the following rights:

Please note thatthese rights may be restricted or excluded in individual cases, e.g., if thereare doubts about the identity or if this is necessary to protect other persons,to safeguard interests worthy of protection or to comply with legalobligations.

You may use the contact options provided in chapter 1 of this Privacy Policy, ifyou have questions in connection with the data protection performed in ourcompany and for information on your rights pursuant to this section as well asfor asserting these rights. Furthermore, you canunsubscribe from newsletters and other advertising e-mails by clicking on thecorresponding link at the end of the e-mail.

In addition, you are free to lodge a complaintwith a competent supervisory authority if you believe that the processing ofyour personal data may be in breach of applicable law. The competentsupervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

12.0 Cookies

12.1 What are Log Files?

Whenever you visit our website, our servers will temporarily store the following data in a protocol file, the so-called server logfiles:

The legitimate interest applies as basis for the temporary storage of your personal data and the log files. The legitimate interest exists to:

  • enable the use of our website (establishment of the connection);
  • permanently ensure the system security and stability;
  • further improve our offer and our internet presentation;
  • collect statistical data;
  • provide information necessary for a prosecution to the prosecution authorities, in case of an incident.

12.2 What are Cookies and similar technologies?

Our website usesso-called cookies. Cookies are small text files which the browser will placeand store on your end device. If you call up a website, a cookie can be storedon your operating system. This cookie contains a characteristic string allowingfor a unique identification of the browser if the website is visited again. Thecookies we use only serve to make the offer more user-friendly and to obtainstatistical information on the use of our website.

We may also use similar technologies such aspixel tags, fingerprints and other technologies for storing data in thebrowser. Pixel tags are small, normally invisible images or a program codeloaded by a server that provide the server operator with specific informationsuch as whether and when a website was visited. Fingerprints compriseinformation collected during your website visit about the configuration of yourend device or your browser that enables your end device to be distinguishedfrom other devices. Most browsers also support further technologies for thestorage of data in the browser that are similar to cookies and that we may alsomake use of (e.g., web storage).

12.3 What types of cookies do we use?

12.3.1 Session / Temporary Cookies

We use session cookies. They store a so-called session ID, by which various requests from your browser can be assigned to the web session. This will allow your computer to be recognized if you return to the website. Session cookies will automatically be erased as soon as you log out or close your browser.

12.3.2 Persistent / Permanent Cookies

In addition, we use persistent cookies which are used on your computer beyond the relevant usage process. These cookies will automatically be erased after a set period of time, which may differ depending on the cookie. We use persistent cookies for analysis purposes (see “Google Analytics”).

12.3.3 Cookies of Third-Party Providers

Furthermore, we use functions of some web analysis services which help us to make the internet offer and the website more interesting for you. Therefore, cookies of partner companies are stored on your hard drive when you visit our website (so-called cookies of third-party providers). More information on the use of cookies of third-party providers are available in chapter 4 of the present policy.

12.4 How can you prevent the use of cookies or erase cookies?

Most internetbrowsers accept cookies automatically. If you do not want this to happen, youcan set your browser settings that you are informed about the placing ofcookies and only allow them to be used in individual cases or you may excludethem in general. You may also active the automatic erasure of cookies when youclose the browser. However, if you deactivate cookies, you might not be able touse all functions of our website.Theprocedure for controlling and erasing cookies depends on the browser you use.Use the following link https://www.youronlinechoices.com/ch-de/ to see different information on how to prevent the placing of cookies.

13.0 Third-party services

We are using the following third party services to process personal data:

13.1 Website hosting

This typeof service has the purpose of hosting Data and files that enable our websitesto run and be distributed as well as to provide a ready-made infrastructure torun specific features or parts of our websites.Some services among those listed below, if any,may work through geographically distributed servers, making it difficult todetermine the actual location where the Personal Data are stored.

13.1.1 Webflow

Our website www.procivis.ch is hosted as Software as a Service (SaaS) product by Webflow Inc.

Personal Data processed: Transaction and behavioral, preference as well as technical data.

Legal basis for processing: Legitimate interest.

Place of processing: USA

Privacy Policy: https://webflow.com/legal/eu-privacy-policy

13.1.2 Atlassian

Our supportportal is hosted as Software as a Service(SaaS) product by Atlassian PTY Ltd.

Personaldata processed: Master data, communication data, technical data, transactionaland behavioral data.

Legal basisfor processing: Legitimate interest to provide our services as contractuallyagreed with our clients.

Place ofprocessing: EU

Privacy Policy: https://www.atlassian.com/legal/privacy-policy

13.2 Advertising

This typeof service allows User Data to be utilized for advertising communicationpurposes. These communications are displayed in the form of banners and otheradvertisements on this Website, possibly based on User interests.

This doesnot mean that all Personal Data are used for this purpose. Information andconditions of use are shown below.

Some of the services listed below may useTrackers to identify Users or they may use the behavioral retargetingtechnique, i.e. displaying ads tailored to the User’s interests and behavior,including those detected outside this Website. For more information, pleasecheck the privacy policies of the relevant services.

13.2.1 LinkedIn Ads

LinkedInAds is an advertising service provided by LinkedIn Ireland Unlimited Company.

PersonalData processed: Transaction andbehavioral, preference as well as technical data.

Legal basisfor processing: Consent.

Place of processing: USA

Privacy Policy: https://de.linkedin.com/legal/privacy-policy

13.3 Analytics

Theservices contained in this section enable the Owner to monitor and analyze webtraffic and can be used to keep track of User behavior.

13.3.1 LinkedIn conversion tracking (LinkedIn Insight Tag)

LinkedIn conversion tracking (LinkedIn Insight Tag) is an analytics and behavioral targeting service provided by LinkedIn Corporation that connects data from theLinkedIn advertising network with actions performed on this Website. TheLinkedIn Insight Tag tracks conversions that can be attributed to LinkedIn adsand enables to target groups of Users on the base of their past use of thisWebsite. Users may opt out of behavioral targeting features through theirdevice settings, their LinkedIn account settings or by visiting the AdChoicesopt-out page.

Personal Data processed: Transaction andbehavioral, preference as well as technical data.

Legal basis for processing: Legitimate interest.

Place of processing: USA


Personal Data processed: Transaction and behavioral, preference as well as technical data.

Legal basis for processing: Legitimate interest.

Place of processing: USA

Privacy Policy: https://de.linkedin.com/legal/privacy-policy

13.3.2 Google Analytics

GoogleAnalytics is a web analysis service provided by Google Ireland Limited.

The informationgenerated by the service can be transferred to Google in the USA and storedthere (including your IP address).

We only use GoogleAnalytics with activated IP anonymization. This means that your IP address isshortened by Google within member states of the European Union or other statesparty to the Agreement on the European Economic Area or Switzerland before it istransmitted to the US. Only in exceptional cases is the full IP addresstransmitted to a Google server in the USA and shortened there.

Google uses thisinformation on our behalf to analyze your use of the website, to compilereports on website activities and to render other services connected with theuse of the website and the internet usage, for the purpose of market researchand a need-based design of our website. The IP address transmitted by yourbrowser in connection with Google Analytics will not be merged with any otherGoogle data.

PersonalData processed: Transaction andbehavioral, preference as well as technical data.

Legal basisfor processing: Legitimate interest.

Place ofprocessing: Globally (see details above)

Privacy Policy: https://policies.google.com/privacy

13.3.3 Google ML Kit

G The Google ML Kit is included in someof our Mobile Applications to add capabilities such as a scanning functionality.The processing of the input data (e.g. images, video, text) fully happenson-device, and ML Kit does not send that data to Google servers.

The ML KitAPIs may contact Google servers from time to time in order to receive thingslike bug fixes, updated models and hardware accelerator compatibilityinformation. The ML Kit APIs also send metrics about the performance andutilization of the APIs in your app to Google. Google uses this metrics data tomeasure performance, debug, maintain and improve the APIs, and detect misuse orabuse.

PersonalData processed: Transaction andbehavioral as well as technical data

Legal basisfor processing: Legitimate interest

Place ofprocessing: Globally

Privacy Policy: https://policies.google.com/privacy

13.3.4 Sentry

Sentry is an application monitoring solution by Functional Software, Inc. It is designed to identify, monitor, and alert developers to errors, bugs, and other performance issues that are occurring in our applications and on our websites.

Personal Data processed: Technical data, Transaction and behavior data.

Legal basis for processing: Legitimate interest.

Place of processing: USA

Privacy Policy: https://sentry.io/privacy

13.4 Hosting

This type of service has the purpose of hosting Data and files that enable our websites to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of our websites.

Some services among those listed below, if any, may work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.

13.4.1 Cloudflare

Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc.

The way Cloudflare is integrated means that it filters all the traffic through this Website, i.e., communication between this Website and the User's browser, while also allowing analytical data from this Website to be collected.

Personal Data processed: Transaction and behavioral as well as technical data.

Legal basis for processing: Legitimate interest for security and prevention.

Place of processing: USA

Privacy Policy: https://www.cloudflare.com/privacypolicy/

13.4.2 MS Azure

Azure is a hosting and backend service provided by Microsoft Ireland Operations Ltd

Personal Data processed: Various types of data as specified in the privacy policy of the service.

Legal basis for processing: Legitimate interest.

Place of processing: Switzerland and EU

Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement

13.4.3 AWS

Amazon Web Services (AWS) is a hosting and backend service provided by Amazon Web Services, Inc.

Personal Data processed: Various types of data as specified in the privacy policy of the service.

Legal basis for processing: Legitimate interest.

Place of processing: Ireland

Privacy Policy: https://aws.amazon.com/privacy/

13.5 CRM, newsletter, messaging, webforms and surveys

This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.

These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

Further, types of services allow us to manage the creation, deployment, administration, distribution and analysis of online forms and surveys in order to collect, save and reuse data from any responding users.

The personal data collected depend on the information asked and provided by the users in the corresponding online form.

13.5.1 Pipedrive

Pipedrive is a CRM tool provided by Pipedrive OU, containing a contact information database and message sending service as well as the provision of webforms.

Personal Data processed: Various types of Data as specified in the privacy policy of the service.

Legal basis for processing: Legitimate interest.

Place of processing: EU

Privacy Policy: https://www.pipedrive.com/en/privacy

13.5.2 Firebase Cloud Messaging

Firebase Cloud Messaging service by Google Ireland Limited provides a connection between our server infrastructure and your devices to deliver and receive messages and notifications on iOS, Android, and the web.

Personal Data processed: Communication, Transaction and behavioral, preference as well as technical data.

Legal basis for processing: Consent.

Place of processing: Globally

Privacy Policy: https://policies.google.com/privacy

13.5.3 Microsoft Forms

Microsoft Forms is a service to create custom surveys, polls and quizzes by Microsoft Ireland Operations Ltd.

Personal Data processed: Various types of Data as specified in the privacy policy of the service.

Legal basis for processing: Legitimate interest and consent.

Place of processing: Switzerland

Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement

13.6 Web conferencing and online telephony

This type of service allows us to manage the deployment, administration, hosting, recording, distribution and analysis of online telephony and web conferencing in order to communicate with you.

The Personal Data collected depend on the information provided by the Users while using the respective service.

13.6.1 Microsoft Teams

We use Microsoft Teams by Microsoft Ireland Operations Ltd to communicate with you.

Personal Data processed: Various types of Data as specified in the privacy policy of the service.

Legal basis for processing: Legitimate interest.

Place of processing: Switzerland

Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement

13.7 Application tracking system

The services included in this section enable us to manage applications efficiently and in compliance with the applicable laws.

13.7.1 Recruitee

For job applications we use the services of the company Recruitee GmbH. Our Jobs sub-site integrates a Recruitee website created for this purpose.

Personal Data processed: Various types of Data as specified in the privacy policy of the service.

Legal basis for processing: Legitimate interest.

Place of processing: EU

Privacy Policy: https://recruitee.com/privacy-policy

13.8 Social Media

We may have our own presences on social networks and similar third-party platforms (e.g., LinkedIn, X, Kununu, Glassdoor, Google My Business). If you communicate with us via such presences or comment on or disseminate contents we post, we will collect corresponding details and process them in accordance with our Privacy Policy. We are entitled but not obliged to review contents prior to or after their publication and to delete contents without notification where this is technically possible, or to report them to the provider of the platform in question. Where rules of decency and codes of conduct are violated, we may also notify the provider of the platform of the user account in question for blocking or deletion.

When visiting our social media presences, data (for example about your user behavior) may also be transmitted to or collected by the provider in question directly and processed together with other data already known to said provider (such as for marketing and market research purposes and the personalization of platform contents and communications). Further information about data processing by the providers of social networks can be found in the data protection provisions of the corresponding social networks.

Our website, newsletters and other marketing materials provides links to our company profiles on LinkedIn, and Twitter. When you access one of these links, you leave our website, and you are redirected to the servers of that social media provider.

13.8.1 LinkedIn

Linkedin Corporation, privacy policy: https://www.linkedin.com/legal/privacy-policy

13.8.2 X

Twitter International Company, privacy policy: https://twitter.com/en/privacy

13.8.3 Kununu

New Work SE, privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

13.8.4 Glassdoor

Glassdoor, Inc., privacy policy: https://hrtechprivacy.com/brands/glassdoor#privacypolicy

13.8.5 Google My Business

Google Ireland Limited, privacy policy: https://policies.google.com/privacy

13.9 Embedded media links

Our website provides links to mentions of Procivis in the media. When you access one of these links, you leave our website, and you are redirected to the servers of that media provider.

13.10 Links to Websites of Other Providers

Our website, newsletters, and other marketing materials may contain links to websites of other providers which are not covered by this Privacy Policy. After clicking on the link, we have no influence on the processing of any data which might be transferred to third parties (such as, e.g., the IP address or the URL) since we have naturally no control over the conduct of any third parties. We are, therefore, unable to assume any responsibility for the processing of your personal data by third parties. Insofar as the use of the websites of other providers is associated with the collection, processing, or use of your personal data, please observe the data protection notices of such providers.

If we become aware of violations of the law, such links will immediately be removed.

14 Amendments to the Privacy Policy

We explicitly reserve the right to supplement or amend this Privacy Policy at any time. All amendments and supplements are subject to the sole discretion of the company. The privacy policy published on our website is valid in each case.