The company bizpando AG is a Switzerland-based entity. As such, it must comply with the rights and obligations arising from Swiss laws and, specifically, the provisions of the Swiss New Federal Act on Data Protection (nFADP). For this reason, the following privacy statement includes references to both the European General Data Protection Regulation (GDPR) and the nFADP, as bizpando is also subject to the provisions of European data protection pursuant to the principle of market location (GDPR Article 3, Swiss nDSG Article 3).
Your Privacy Matters to Us
bizpando aims to implement global supply chain laws in practice. We connect businesses directly with their customers and suppliers and indirectly with all levels of their supply and customer chains. Trust is a core aspect of our mission (GDPR Article 5, para. 1f, Swiss nFADP Article 4 para. 2). Therefore, we only collect two types of data: the data entered by you or other users, and technical data to provide you with a better user experience and to improve our platform (GDPR Article 6, Swiss nFADP Article 6).
Purpose of bizpando
The bizpando platform is divided into various regional servers. In each case, bizpando AG is the controller (GDPR Article 4, para. 7, Swiss nFADP Article 5 j).
Data We Collect
1.1 Personal Data
There is very limited data that we request from you when you create a user account (e.g., your job title and work email address, GDPR Article 6, para. 1b, Swiss nFADP Art. 6 para. 6 (necessity for consent)). All these data are related to your business. Your activities regarding the modification of business data are stored (GDPR Article 6, para. 1f, Swiss nFADP Article 6 para. 2). In all cases where you actively decide to send messages or post, these data are also stored. It is your decision whether you want to publish sensitive information in your profile. Please do not add personal data to your profile that you do not want to make public. Occasionally, someone else might write about you; however, these pieces of information will only be text-based and not linked to your user ID.
Whistleblowers will not create an account (unless they do so professionally, e.g., for NGOs or as journalists). Nonetheless, as a whistleblower, you have the option to add personal data to the content and for communication. We only store data that you or another person enters themselves (GDPR Article 6, para. 1a, Swiss nFADP Article 6 para. 2). Please note when using that, in accordance with the provisions in the Whistleblower Protection Act (HinSchG), we must maintain the anonymity of the reporting person. IMPORTANT: If you make an anonymous report from a company network (from your workplace), it is very likely that a note on the visit to our website will be stored in the log files of your company network. Therefore, if you want to give an anonymous hint, please do this from a computer that is NOT operated in the company network. Unfortunately, we have no control over the logging of network activities in company networks.
1.3 Company Data
For account creation, various company data are required, which must be provided by an authorized person (GDPR Article 6, para. 1b, Swiss nFADP Article 6 para. 2).
Posts and Uploads
bizpando is a B2B platform. Posts and uploads should not contain personal data. If they do, we formally collect these data from you (GDPR Article 6, para. 1a, Swiss nFADP Article 6 para. 2).
1.4 Data from Others
Others may post or write about you, but this is not the intention of the bizpando platform. If you wish to have such data deleted, we will gladly assist you (GDPR Article 17, Swiss nFADP Article 19).
1.5 Use of the Service
We log your visits and use of our services, including mobile apps (GDPR Article 6, paragraph 1f, Swiss nFADP Article 6 clause 2).
When you communicate through our services, we become aware of it. We collect information to support and protect our services (GDPR Article 6, paragraph 1f, Swiss nFADP Article 6 clause 2).
1.7 Workplace Data
If your organization uses bizpando through you, we receive basic communication data about you (GDPR Article 6, paragraph 1b, Swiss nFADP Article 6 clause 2).
Our services are dynamic, and we may collect new types of data (GDPR Article 6, paragraph 1a, Swiss nFADP Article 6 clause 2).
How We Use Your Data
We use your data to provide, support, and develop our services (GDPR Article 6, paragraph 1b, Swiss nFADP Article 6 clause 2).
Our services are business oriented. All communication should only address business topics (GDPR Article 6, paragraph 1b, Swiss nFADP Article 6 clause 2).
We might contact you directly via email or phone (GDPR Article 6, paragraph 1a, Swiss nFADP Article 6 clause 2). We minimize personal messages to the minimum necessary for the proposed business functions. Therefore, there are no opt-out options.
2.3 Service Development and Research
We develop our services and conduct research.
2.4 Service Development
We use data, including public feedback, to conduct research and development for our services. The aim is to provide you and others with a better, more intuitive, and personalized experience (GDPR Article 6, paragraph 1f, Swiss nFADP Article 6 clause 2).
Surveys and questionnaires are conducted by us and others through our services. Participation is voluntary, but some of the questionnaires may be relevant for your compliance or that of your business partners (GDPR Article 6, paragraph 1a, Swiss nFADP Article 6 clause 2).
2.6 Customer Support
We use data to assist you and resolve issues. To process complaints and address service issues (e.g., bugs), we use data, including your communications (GDPR Article 6, paragraph 1b, Swiss nFADP Article 6 clause 2).
2.7 Security and Investigations
We use data for security, fraud prevention, and investigations. For security purposes or to prevent and investigate potential fraud cases or other violations of our user agreement, we use your data, including your communications (GDPR Article 6, paragraph 1f, Swiss nFADP Article 6 clause 2).
How We Share Information
3.1 Our Services
All data that you include in your profile or in content you post is visible to others, depending on their role and business relationship with your assigned company (GDPR Article 6, paragraph 1a, Swiss nFADP Article 6 clause 2).
Your limited company profile is fully visible to members and customers of our services. Personal communication data is only visible to others if the email is associated with certain services (GDPR Article 6, paragraph 1a, Swiss nFADP Article 6 clause 2).
We do not have purely personal accounts. All accounts are associated with at least one organization. Your organization may grant you access to our corporate services, depending on your role on the platform (GDPR Article 6, paragraph 1b, Swiss nFADP Article 6 clause 2).
3.2 Archiving of Communication
Regulated members may need to store communication outside of our service. Some organizations are required for legal or professional reasons to archive their communication and social media activities. We enable the archiving of messages by and to these members outside of our services (GDPR Article 6, paragraph 1c, Swiss nFADP Article 6 clause 1).
3.3 Third-Party Services
Your organization might be linked with third-party services. In this case, your personal data might also be used in this service (GDPR Article 6, paragraph 1b, Swiss nFADP Article 6 clause 2).
3.4 Service Providers
We might use third parties to assist with our services. We use third parties to support our services (e.g., maintenance, analysis, audit, payments, fraud detection, marketing, and development). They have access to your data only to the extent necessary to perform these tasks and are obligated not to use it for other purposes (GDPR Article 28, Swiss nFADP Article 9).
3.5 Legal Disclosure
We might share your data when it is legally required or to protect your and our rights and safety. The disclosure of your data might be necessary to comply with legal requirements or to protect the security and rights of you, us, or third parties (GDPR Article 6, paragraph 1c, Swiss nFADP Article 19).
3.6 Change of Control or Sale
Your Choices and Obligations
4.1 Data Retention
As long as your account is open, we will store most of your personal information (GDPR Article 5, paragraph 1e, Swiss nFADP Article 6).
4.2 Rights to Access and Control Your Personal Data
You have the right to delete, amend, or access your personal information (GDPR Articles 15-22, Swiss nFADP Articles 19, 20, 21).
Additional Important Information
After closing your account, your data will be deleted within 48 hours, provided there are no legal obligations to retain it (GDPR Article 17, Swiss nFADP Articles 19, 20, 21). However, data that you have shared with others will remain visible and we have no control over data that other members have copied from our services. Your profile may continue to be visible on third-party services until they update their cache.
We monitor for potential security breaches and strive to prevent them. Please use the security features available through our services. We implement security measures such as HTTPS to protect your data. Although we regularly monitor our systems, we cannot guarantee the security of information transmitted to us (GDPR Article 32, Swiss nFADP Articles 7, 8).
5.2 Cross-Border Data Transfers
We store and use your data outside of your country. We process data globally and use lawful mechanisms for cross-border data transfer. The laws of the countries where we process data may differ from the laws of your country.
5.3 Legal Bases for Processing
We have lawful reasons for collecting, using, and sharing your data. You can withdraw your consent at any time. The legal bases include your consent, contracts, and "legitimate interests" (GDPR Article 6, Swiss nFADP Article 6 clause 2).
5.4 Direct Marketing and "Do Not Track" Signals
We currently do not share personal data with third parties and also respect "Do Not Track" signals.
5.5 Contact Information
For any questions or complaints about this policy, you can contact us.
CH - 6331 Hünenberg
Rights of Data Subjects under GDPR and Swiss New Federal Act on Data Protection (nFADP)
Right to Information
Data subjects have the right to request confirmation as to whether their personal data is being processed and, if so, to obtain information about this data.
Right to Rectification
If your data is incorrect or incomplete, you have the right to request its correction or completion.
Right to Erasure
Under certain circumstances, such as if consent is withdrawn or the processing is unlawful, data subjects have the right to request the erasure of their data.
Right to Restriction of Processing
In certain cases, you may request the restriction of processing of your data, e.g., if you contest the accuracy of the data or have objected to processing.
Right to Data Portability
Data subjects have the right to receive their data in a standard, machine-readable format and to transfer it to another controller.
Right to Object
You have the right to object at any time to the processing of your data for reasons arising from your particular situation, provided the processing is based on legitimate interests.
Automated Decision-Making and Profiling
You have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you.
Right to Withdraw Consent for Data Protection
If the data processing is based on your consent, you have the right to withdraw this at any time.
Right to Lodge a Complaint with a Supervisory Authority
If you believe that the processing of your data violates data protection laws, you have the right to lodge a complaint with a supervisory authority.
It is important to note that the rights under the Swiss nFADP and the GDPR are similar but not identical. The respective applicability depends on various factors such as the location of data processing and the specific context.
Appointment of a Data Protection Officer (Swiss nFADP: Data Protection Advisor)
bizpando AG has appointed a Data Protection Officer (Data Protection Advisor) in accordance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) of the Federal Republic of Germany, and the Swiss New Federal Act on Data Protection (nFADP).
According to Article 37 of the GDPR, the appointment of a Data Protection Officer is required if the core activity of the controller or processor consists of processing operations that, due to their nature, scope, and/or purposes, require extensive regular and systematic monitoring of data subjects. Our Data Protection Officer will ensure that our company complies with the provisions of the GDPR in all relevant aspects.
Pursuant to Section 38 of the Federal Data Protection Act (BDSG), a Data Protection Officer must also be appointed if more than nine persons in Germany are permanently engaged in the automated processing of personal data. This officer will additionally ensure compliance with the national data protection provisions of the BDSG.
The Swiss New Federal Act on Data Protection (nFADP) has provided for the appointment of a Data Protection Advisor in its Article 12a, who acts as an internal control body, particularly in the case of complex data processing or a large number of data subjects. The Data Protection Advisor will be responsible for compliance with Swiss data protection legislation.
Our Data Protection Officer/Advisor will serve as the central contact point for data protection inquiries for employees as well as data subjects and supervisory authorities. They will take all necessary measures to ensure compliance with data protection regulations.
If you have any questions regarding data protection at our company, you can contact our Data Protection Advisor at any time:
D-83543 Rott am Inn
Phone: +49 8039 40 6995 0
Last updated: November 8, 2023