Data protection and privacy

 

Last updated on: 04/05/2024

 

We attach great importance to the transparent handling of personal data. This privacy policy provides information about what personal data we collect, for what purpose and to whom we pass it on. To ensure a high level of transparency, this privacy policy is regularly reviewed and updated.

 

1. which services we use

  • Font Awesome
  • jQuery CDN
  • jsDelivr
  • Cookiebot
  • TYPO3
  • Google reCaptcha
  • Google reCaptcha v2 for Contact Form 7
  • Microsoft Authentication
  • Microsoft Azure AD B2C

2. contact information

If you have any questions or concerns about the protection of your data by us, you can contact us at any time by e-mail at contact@egovstore.online. Responsible for the data processing that takes place via this website is

Bermuda GmbH
Hermigasse 14
8192 Glattfelden
Switzerland

Person responsible for data protection:
Claudia Schlegel
contact@egovstore.online
+41 43 810 74 56

3. general principles

3.1 What data do we collect from you and from whom do we receive this data

First and foremost, we process personal data that you provide to us or that we collect when operating our website. We may also receive personal data about you from third parties. This may include the following categories:

  • Personal master data (name, address, date of birth, etc.);
  • Contact details (mobile phone number, email address, etc.);
  • Financial data (e.g. account details);
  • Online identifiers (e.g. cookie identifier, IP addresses);
  • Location and traffic data;
  • Sound and image recordings;
  • particularly sensitive data (e.g. biometric data or information about your health).

3.2 Under what conditions do we process your data?

We treat your data confidentially and in accordance with the purposes set out in this privacy policy. In doing so, we ensure transparent and proportionate processing.
If, in exceptional cases, we are unable to comply with these principles, data processing may still be lawful because there is a justification. In particular, the following grounds for justification may apply:

  • Your consent;
  • the performance of a contract or pre-contractual measures;
  • our legitimate interests, unless your interests prevail.

3.3 How can you withdraw your consent?

If you have given us your consent to process your personal data for specific purposes, we will process your data within the scope of this consent unless we have another justification.

You can withdraw your consent at any time by sending an email to the address given in the legal notice. Data processing that has already taken place is not affected by this.

3.4 In which cases can we pass on your data to third parties?
a. Principle

We may need to utilise the services of third parties or affiliated companies and commission them to process your data (so-called processors). The categories of recipients are as follows:

  • Accounting, fiduciary and auditing companies;
  • Consultancy firms (legal advice, taxes, etc.);
  • IT service providers (web hosting, support, cloud services, website design, etc.);
  • Payment service provider;
  • Providers of tracking, conversion and advertising services.

We ensure that these third parties and our affiliated companies comply with data protection requirements and treat your personal data confidentially. 
We may also be obliged to disclose your personal data to authorities.

b. Visiting our social media channels

We may have embedded links to our social media channels on our website. This is visible to you in each case (typically via corresponding icons). If you click on the icons, you will be redirected to our social media channels.
In this case, the social media providers learn that you are accessing their platform from our website. The social media providers can use the data collected in this way for their own purposes. We would like to point out that we have no knowledge of the content of the transmitted data or its use by the providers.

c. Transfer abroad

Under certain circumstances, your personal data may be transferred to companies abroad as part of order processing. These companies are obliged to protect data to the same extent as we are. The transfer may take place worldwide.
If the level of data protection does not correspond to that in Switzerland, we carry out a prior risk assessment and contractually ensure that the same level of protection is guaranteed as in Switzerland (e.g. by means of the new standard contractual clauses of the EU Commission or other legally prescribed measures). If our risk assessment is negative, we will take additional technical measures to protect your data. You can access the EU Commission's standard contractual clauses at the following link: commission.europa.eu/publications/standard-contractual-clauses-controllers-and-processors-eueea_de

3.5 How long do we store your data?

We only store personal data for as long as is necessary to fulfil the individual purposes for which the data was collected. 
Data that we store when you visit our website is retained for twelve months. An exception applies to analysis and tracking data, which may be stored for longer.
We store contract data for longer, as we are obliged to do so by law. In particular, we must retain business communications, concluded contracts and accounting documents for up to 10 years. If we no longer need such data from you to perform the services, the data will be blocked and we will only use it for accounting and tax purposes.

3.6 How we protect your data

We will keep your data secure and take all reasonable steps to protect your data from loss, access, misuse or alteration.

Our contractual partners and employees who have access to your data are obliged to comply with data protection regulations. In some cases, it will be necessary for us to pass on your enquiries to companies affiliated with us. Your data will also be treated confidentially in these cases.
Within our website, we use the SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser.

3.7 What rights do you have?
a. Right to information

You can request information about the data we have stored about you at any time. Please send your request for information together with proof of identity to contact@egovstore.online.

You also have the right to receive your data in a commonly used file format if we process your data automatically and if:

  • you have given your consent for the processing of this data; or
  • you have provided data in connection with the conclusion or performance of a contract.

We may restrict or refuse to provide information or data if this conflicts with our legal obligations, our own legitimate interests, public interests or the interests of a third party.

The processing of your request is subject to the statutory processing period of 30 days. However, we may extend this period due to a high volume of enquiries, for legal or technical reasons or because we need more detailed information from you. You will be informed of the extension in good time, at least in text form.

b. Erasure and rectification

You can request the erasure or rectification of your data at any time. We may reject the request if statutory provisions oblige us to store the data for a longer period or to retain it unchanged or if your request conflicts with a legal authorisation. 
Please note that exercising your rights may be in conflict with contractual agreements and may have a corresponding impact on the performance of the contract (e.g. premature cancellation of the contract or cost consequences).

c. Legal recourse

If you are affected by the processing of personal data, you have the right to enforce your rights in court or to file a complaint with the competent supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner: www.edoeb.admin.ch

3.8 Changes to the privacy policy

We may change this Privacy Policy at any time. The changes will be published on egovstore.online, you will not be informed separately.

4. individual data processing operations

4.1 Provision of the website and creation of log files
What information do we receive and how do we use it?

When you visit egovstore.online, certain data is automatically stored on our servers or on servers of services and products that we purchase and/or have installed for the purposes of system administration, for statistical or backup purposes or for tracking purposes. These are:

  • the name of your internet service provider;
  • your IP address (under certain circumstances);
  • the version of your browser software;
  • the operating system of the computer used to access the URL
  • the date and time of access;
  • the website from which you visit URL;
  • the search terms you used to find the URL

Why are we allowed to process this data?

This data cannot be assigned to a specific person and is not merged with other data sources. The log files are stored in order to guarantee the functionality of the website and to ensure the security of our information technology systems. This is our legitimate interest.

How can you prevent data collection?

The data is only stored for as long as is necessary to fulfil the purpose for which it was collected. Accordingly, the data is deleted at the end of each session. The storage of log files is absolutely necessary for the operation of the website, so you have no option to object to this.

4.2 Font Awesome

Font Awesome is operated by Fonticons, Inc. located at 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA. Font Awesome is a collection of scalable vector icons that allows website developers to integrate various icons and social logos on their websites.

We use Font Awesome to integrate visual icons on our website. This may include icons for user interfaces, social media links or other graphical representations that enhance the design and user experience of our website.

Font Awesome can load web fonts from the servers of Fonticons, Inc. when a user visits our website. In doing so, the user's IP address is sent to Fonticons, Inc. This is necessary so that the user's web browser can display the Font Awesome icons correctly.
Fonticons, Inc. only stores the IP addresses of users for a short time and exclusively for the purpose of providing the Font Awesome icons. No further storage or analysis takes place.

4.3 jQuery CDN

On our website, we use the "jQuery CDN" (Content Delivery Network), which is provided by the jQuery Foundation. The jQuery Foundation is a non-profit organisation dedicated to the development and support of open source software, in particular the jQuery library.

jQuery is a widely used JavaScript library that enables us to make website functions more efficient and user-friendly. By utilising the jQuery CDN, we can ensure that this library loads quickly and reliably on our website, improving load times and the overall user experience.

The jQuery CDN uses cookies and similar technologies to process user requests and optimise the delivery of the library. User IP addresses and browser information may be collected to ensure the best possible performance and compatibility.

If you do not want your data to be collected by the jQuery CDN, you can make the appropriate settings in your browser to block the loading of content from external sources. Please note, however, that this may affect the functionality and user experience of our website.

4.4 jsDelivr

On our website we use the service jsDelivr, an open source CDN (Content Delivery Network), to load certain libraries and scripts faster and more reliably. This service is provided by ProspectOne Sp. z o.o., ul. Krolweska 65A, 30-081 Krakow, Poland.

By integrating jsDelivr, data such as your IP address, information about the browser used, the operating system and the duration of the page view are transmitted to jsDelivr servers when you visit our website. This is done to deliver the content to your browser more quickly and efficiently and to reduce the loading time of the website.
jsDelivr uses this data to ensure the delivery of content and to create statistical analyses of the use of its service. The data is not merged with other data sources or used for advertising purposes.

The use of jsDelivr serves to optimise and improve the performance of our website. The data processing is based on our legitimate interest in the efficient and secure provision of our website.

4.5 Cookiebot

Our website uses Cookiebot, a cookie consent and compliance service from Cybot A/S. Cookiebot helps us to obtain and manage our users' consent for cookies and online tracking in accordance with legal requirements. 
When you visit our website, Cookiebot may collect information about your consent choices and your interaction with the consent pop-up. This information is used to ensure that only the cookies and tracking technologies you have authorised are activated on your device.

4.6 TYPO3

Our website is based on the TYPO3 content management system (CMS), an open source software for creating and managing web content. TYPO3 is provided by the TYPO3 Association, Emanuel-Leutze-Strasse 11, D-40547 Düsseldorf, Germany.

When you visit our website, which is based on TYPO3, standard server log files may be created. These log files may contain information such as your IP address, the browser you are using, the date and time of access, the previously visited page and other statistics. This data is mainly used for the purposes of error analysis, to defend against attacks and to optimise the website. 
It should be noted that TYPO3 does not set any cookies in its standard configuration that store personal data of website visitors. However, cookies can be set depending on the individual configuration and the extensions used on the website.

4.7 Google reCaptcha

We use the reCAPTCHA service from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") to protect against unwanted requests via the Internet form on our website. The query is used to distinguish whether the input is made by a human or abusively by automated, machine processing. As part of the query, information such as your IP address or behaviour when filling out the form may be transmitted to Google.

For this purpose, your input is transmitted to Google and processed there. By using reCAPTCHA, you consent to the recognition you have provided being incorporated into the digitisation of old works. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. 
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to analyse your use of this service. The IP address transmitted by your browser as part of reCAPTCHA will not be merged with other Google data.

4.8 Google reCaptcha v2 for Contact Form 7

To protect your enquiries via the Internet form on our website, we use the reCAPTCHA v2 service from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). The query is used to distinguish whether the input is made by a human or abusively by automated, machine processing. The query includes sending your IP address and any other data required by Google for the reCAPTCHA service to Google.

For this purpose, your input is transmitted to Google and used there. By using reCAPTCHA, you consent to the recognition you have provided being included in the digitisation of old works. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. 
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to analyse your use of this service. The IP address transmitted by your browser as part of reCAPTCHA will not be merged with other Google data.

4.9 Microsoft Authentication

For authentication and login on our website, we use Microsoft Authentication, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables users to log in to us via their Microsoft accounts, eliminating the need for additional registration on our site. 
When you sign in via Microsoft Authentication, certain profile information (e.g. your name, email address) is transmitted to us by Microsoft to complete the sign-in process. Microsoft Authentication also uses cookies and similar technologies to make the login request secure and user-friendly.
 

5. Supplement for the use of the SaaS application "eGovStore"

Administrators
Administrators are users who have access to manage data.

Customers
Customers are the users who access the services provided by the administrators.

SaaS application
The "egovStore" application is provided as Software-as-a-Service. The technology consists of PHP (Symfony), Bootstrap (HTML, CSS, JavaScript) and jQuery. The administrators use the technology made available to them. The administrators are responsible for the data and information provided via the application.

5.1 Supplementary notes on the use of the SaaS application
to 1.) The application does NOT use jsDelivr, jQuery CDN, Google reCaptcha, Google reCaptcha v2 for Contact Form 7, TYPO3, FontAwesome.

to 4.) The SaaS application does not use any additional tracking mechanisms, except those legally required by the server operator in accordance with 4.1.

5.3 Use of the SaaS application
When using the SaaS application, the administrators provide the customers with data collection forms. When customers use the SaaS application, the data provided is stored in the SaaS application for further processing by the administrators. The administrators are responsible for deleting this data. The SaaS application offers an automatic mechanism for the regular deletion of processed data. Customers can obtain information from the administrators about the duration of data storage.

The operator of the SaaS platform is Bermuda GmbH. Bermuda GmbH does not have access to the data managed by administrators. In exceptional cases, an administrator may grant the operator access, for example in support cases or to analyse errors.
 

BrainBox Generators

BrainBox Generators is a service provided by BrainBox Solutions GmbH to recognise all data protection-relevant services on a website and, among other things, to help with the creation of the privacy policy. No personal data is collected or processed in the process.