We want you to feel comfortable on www.aumivi.com (our “website”) and not have to worry about the security of your data. That is why data protection is an important part of our corporate philosophy.
What is Personal Data?
Personal Data is “any information relating to an identified or identifiable natural person. This includes, for example, name or address data, telephone number, mobile number, or online identifiers such as your device ID and your IP address.
What is processing?
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
Who is responsible for data processing?
The responsible party for data processing is Aumivi AG, Startfeld Innovationszentrum, Lerchenfeldstrasse 3, CH-9014 St. Gallen, Switzerland (“Aumivi”, “we”, “us”, or “our”). If you have any questions or if you wish to exercise your rights, please contact us by email using firstname.lastname@example.org or write to us at the above address.
What law applies?
Our use of your Personal Data is subject to both the Swiss Federal Data Protection Act, as amended (“nDSG”) and the EU`s General Data Protection Regulation (“GDPR”), and of course we process your Personal Data accordingly.
Further and under consideration that the nDSG has been modeled on the basis of the GDPR, no conflict should arise pursuing a uniform approach. However, should ambiguity occur the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your personal data. The association SwissPrivacy.Law has published a comparison table between the nDSG and the GDPR which can be consulted by visiting here.
What are the Legal Bases for processing Personal Data
In accordance with the nDSG and the GDPR, we have to have at least one of the following legal bases to process your Personal Data: a) you have given your consent, b) the data is necessary for the fulfillment of a contract / pre-contractual measures, c) the data is necessary for the fulfillment of a legal obligation, or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
Who is the competent data protection authority?
The supervisory authority in Switzerland is: The Swiss Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern, Switzerland, www.edoeb.admin.ch
How long will you keep my data?
We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period exists (in particular commercial and tax law in accordance with Switzerland’s Commercial Law and Fiscal Code and others for up to 8 years. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
What Personal Data do we process?
When you access our website, some access data is recorded automatically and stored in a log file on our website’s server. This means if you browse and simply have a look at our website, we process a) the IP address of your computer, b) the date and time of your access, c) the name and URL of the accessed file, d) the browser used, e) the amount of bytes transferred, f) the status of the page request, g) the session ID and g) the referrer URL. The legal basis for processing is our legitimate interest.
Hosting of our website
We use the hosting services of Vautron Rechenzentrum AG (Obermünsterstr. 9, 93047 Regensburg, Germany) for the purpose of hosting and displaying our website. Vautron does so on the basis of processing on our behalf, and that also means that all data collected on our website is processed on Vautron’s servers. The basis for processing is our legitimate interest, and the initiation and/or fulfillment of a contract.
Content Management System
We use the Content Management System (CMS) of WordPress by Automattic Inc (60 29th Street Suite 343 San Francisco, CA 94107 US), to publish and maintain the created and edited content and texts on our website. This means that all content and texts submitted to our website is transferred to WordPress. The legal basis for this processing is our legitimate interest.
We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. There are different types of cookies: i) Essential Cookies. Essential cookies are cookies to provide a correct and user-friendly website; and ii) Non-essential Cookies. Non-essential Cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyze your behavior on a website (“analytical” cookies) or cookies used to display advertisements to you (“advertising” cookies).
Our website uses a cookie consent tool to obtain your consent to the storage of cookies and to document this consent. When you enter our website, the following Personal Data is transferred to us: a) Your consent(s) or revocation of your consent(s); b) Your IP address; c) Information about your browser; d) Information about your device; d) Time of your visit to our website. The basis for processing is our legitimate interest and your consent.
Economic analyses and market research
For business reasons, we analyze the data we have on web and server traffic patterns, website interactions, browsing behavior etc. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarized and or anonymized values. For this purpose we use Google Analytics offered by Google LLC (Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, US, und Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Irland) and Plausible Analytics offered by Plausible Insights OÜ (Västriku tn 2, 50403, Tartu, Estland). The legal basis is our legitimate interest and your consent.
Contacting us and using our services
You can contact us in various ways and data is always collected in the process. You provide us with most of the data that we process when you contact us such as your name, and email address. This data is collected and processed exclusively for the purpose of contacting you and processing your request and then deleted again, provided that there is no legal obligation to retain it.
We also offer to contact us via the messaging services of WhatsApp (Meta Platforms 1601 Willow Road Menlo Park, CA 94025 and 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland). If you contact us via WhatsApp we store and use the mobile phone number, you use and – if provided – your first and last name in accordance with the provision of a contractual or pre-contractual measure to process and respond to your request.
We process the personal data that arises when you use our services in order to provide our contractual services. In particular, this includes our support, correspondence with you, invoicing, fulfilment of our contractual, accounting and tax obligations. Accordingly, the data is processed on the basis of the fulfilment of our contractual obligations and our legal obligations.
Lastly, we process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services.
The legal basis for processing the above is our legitimate interest, the provision or initiation of a contractual service and your consent.
When using our Metaverse Plattform
The personal data processed by us depends on the use of our Metaverse Plattform. While simply accessing our Metaverse Plattform requires Technical Data and the use of Google Maps which is supported by Leaflet API, (Volodymyr Agafonkin). Representing your Business or Organization on our Metaverse Plattform, necessitates the creation of a user account (email address and password), the processing of our contractual data (the same data that we process in the course of providing our contractual services). The legal basis for processing is our legitimate interest, the provision or initiation of a contractual service and your consent.
For this purpose all Service Data processed by us will be stored using the data storage and hosting services of Amazon (AWS) (410 Terry Ave N, Seattle, WA98109, USA) on German and Swiss server locations, and centron GmbH, Heganger 29, D-96103 Hallstadt, Germany and take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of Service Data in accordance with the nDSG and GDPR.
When using our Event Plattform
When you host an event on our Event Plattform we may also process both Personal Data and Special Category Data (“Service Data”) on your behalf. In this sense you have full control over how you and your event participants are using our services. The legal basis is the provision of a contractual service. Further and in accordance with Chapter 4 of the GDPR we act as the Data Processor.
We recognize that you own your Service Data. We provide you complete control of your Service Data by providing you the ability to (i) access your Service Data, (ii) share your Service Data through supported third-party integrations, and (iii) request export or deletion of your Service Data. Where we process Service Data, we will process the Service Data involved in your use of our services in accordance with your instructions and shall use it only for the purposes agreed between you and us.
We ensure that access by our employees to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.
Special Category Data
Some of the Personal Data processed by us when using our Event Platform may be considered “special” or “sensitive”. This includes Personal Data concerning for example your health, racial or ethnic origins, sexual orientation, and religious beliefs. By choosing to provide this data, you consent to our processing of that data. You have choices about the data you provide and how you share it. You don’t have to provide Personal Data; however, information about you helps you to get more from our Services. It’s your choice whether to include Personal Data and to make that information available to us. Please do not share information that you would not want to be available. The legal basis for the processing of your Personal Data is the establishment and implementation of the user contract for the use of our Event Platform as well as your consent.
Where any Personal Data relates to a third party including event participants, you represent and warrant that the Personal Data is up-to-date, complete, and accurate and that you have obtained the third party’s prior consent for our collection, use and disclosure of their Personal Data for the Purposes. You agree that you shall promptly provide us with written evidence of such consent upon demand by us.
In providing our Event Platform, we may derive facial-related information from your content solely for the purpose of providing our Event Platform. We do not collect, use, or store any facial-related information for the purpose of recognising faces outside of this purpose.
Sharing with others
Of course, we also process the content you publish and share with others, as necessary for the operation of our Event Platform. In addition to the information, you may provide us directly, we receive information about you from others. Users may also provide information about you as they use our Event Platform, for instance as they interact with you or if they submit a report involving you.
We also share some users’ information with service providers and partners who assist us in operating our Event Platform. You share information with other users when you voluntarily disclose information on the service. Please be careful with your information and make sure that the content you share is stuff that you’re comfortable being visible.
The legal basis for the data processing is the fulfillment of our contractual obligations and, in individual cases, the fulfillment of our legal obligations as well as your consent.
In certain cases, it is necessary to transmit the processed Personal Data in the course of data processing. In this respect, there are different recipient bodies and categories of recipients.
If necessary, we transfer your Personal Data within Aumivi. Of course, we comply with the associated legal framework and ensure that your data is processed properly. Access to your Personal Data is only granted to authorized employees who need access to the data due to their job, e.g., to provide our services or to contact you in case of queries.
Personal Data is transferred to our service providers in the following instances:
- in the context of fulfilling our contract with you,
- to use marketing services and to advertise our services online,
- to communicate with you,
- to provide our website, and
- to state authorities and institutions as far as this is required or necessary.
Security of your data
In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.
Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as expeditiously as possible after which the breach was discovered.
Insofar as you have given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of email but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out.
We are present on social media on the basis of our legitimate interest (currently Facebook and Instagram (Meta Platforms 1601 Willow Road Menlo Park, CA 94025 and 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland)), X (Twitter) (1355 Market Street, Suite 900, San Francisco, CA 94103, USA) and LinkedIn (605 W Maude Ave, Sunnyvale, CA 94085, USA)). If you contact or connect with us via social media, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The Personal Information collected when contacting us is to handle your request and the bases are both your consent and our legitimate interest.
Market research and advertising
In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behavior and the resulting interests. This allows, for example, advertisements to be placed within and outside the platforms that presumably correspond to your interests. The legal basis is our legitimate interest.
When you visit our profiles and interact with us and others
When you visit our social media profiles, we, as the operator of the profile, process your actions and interactions with our profile (e.g., the content of your messages, enquiries, posts or comments that you send to us or leave on our profile or when you like or share our posts) as well as your publicly viewable profile data (e.g., your name and profile picture). Which Personal Information from your profile is publicly viewable depends on your profile settings, which you can adjust yourself in the settings of your social media account. The legal basis is our legitimate interest and your consent.
We would like to show you interesting advertising outside of our website and use various third-party tools and cookies for this purpose. These collect and process information about your activities on our website – for example, which products you are interested in or which pages you visit. By knowing what you are looking for and how you use our website, we can adapt our advertising to your needs. And thus increase the likelihood that you will also be shown suitable and interesting advertising outside our website.
Your Rights and Privileges
Under the nDSG and GDPR, you can exercise the following rights:
- The right to access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to object to processing;
- The right to data portability;
- The right to complaint to a supervisory authority
Updating your information
If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to its processing, please do so by contacting us.
Withdrawing your consent
You can withdraw consents you have given at any time by contacting us.
In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.
What we do not do
- We do not request Personal Data from minors and children;
- We do not use Automated decision-making including profiling; and
- We do not sell your Personal Data.
Validity and questions