top of page

Privacy Policy of bizpando AG

Introduction 

The company bizpando AG is a Switzerland-based entity. As such, it must comply with the rights and obligations arising from Swiss laws and, specifically, the provisions of the Swiss New Federal Act on Data Protection (nFADP). For this reason, the following privacy statement includes references to both the European General Data Protection Regulation (GDPR) and the nFADP, as bizpando is also subject to the provisions of European data protection pursuant to the principle of market location (GDPR Article 3, Swiss nDSG Article 3). 

Your Privacy Matters to Us 

bizpando aims to implement global supply chain laws in practice. We connect businesses directly with their customers and suppliers and indirectly with all levels of their supply and customer chains. Trust is a core aspect of our mission (GDPR Article 5, para. 1f, Swiss nFADP Article 4 para. 2). Therefore, we only collect two types of data: the data entered by you or other users, and technical data to provide you with a better user experience and to improve our platform (GDPR Article 6, Swiss nFADP Article 6). 

Privacy Regulations 

This privacy policy applies when you use our services. We offer users choices regarding the data we collect, use, and share (GDPR Article 13, Swiss nFADP Article 19). 

Purpose of bizpando 

We are a social network and online platform for businesses, focusing on business data and as little personal data as possible (GDPR Article 5, para. 1c, Swiss nFADP Article 6 para. 3). Our privacy policy applies to all members and visitors of our services. 

Services 

This privacy policy applies to all bizpando-related sites, apps, and other services, including the Cookie Policy (GDPR Article 13, Swiss nFADP Article 19). 

 

Controllers 

The bizpando platform is divided into various regional servers. In each case, bizpando AG is the controller (GDPR Article 4, para. 7, Swiss nFADP Article 5 j). 

Amendments 

Amendments to the privacy policy become effective after they are "enacted" (GDPR Article 6, para. 1a, Swiss nFADP Article 6). 

Data We Collect

 

1.1 Personal Data 

There is very limited data that we request from you when you create a user account (e.g., your job title and work email address, GDPR Article 6, para. 1b, Swiss nFADP Art. 6 para. 6 (necessity for consent)). All these data are related to your business. Your activities regarding the modification of business data are stored (GDPR Article 6, para. 1f, Swiss nFADP Article 6 para. 2). In all cases where you actively decide to send messages or post, these data are also stored. It is your decision whether you want to publish sensitive information in your profile. Please do not add personal data to your profile that you do not want to make public. Occasionally, someone else might write about you; however, these pieces of information will only be text-based and not linked to your user ID. 

1.2 Whistleblowers 

Whistleblowers will not create an account (unless they do so professionally, e.g., for NGOs or as journalists). Nonetheless, as a whistleblower, you have the option to add personal data to the content and for communication. We only store data that you or another person enters themselves (GDPR Article 6, para. 1a, Swiss nFADP Article 6 para. 2). Please note when using that, in accordance with the provisions in the Whistleblower Protection Act (HinSchG), we must maintain the anonymity of the reporting person. IMPORTANT: If you make an anonymous report from a company network (from your workplace), it is very likely that a note on the visit to our website will be stored in the log files of your company network. Therefore, if you want to give an anonymous hint, please do this from a computer that is NOT operated in the company network. Unfortunately, we have no control over the logging of network activities in company networks. 

1.3 Company Data 

Registration 

For account creation, various company data are required, which must be provided by an authorized person (GDPR Article 6, para. 1b, Swiss nFADP Article 6 para. 2). 

Posts and Uploads 

bizpando is a B2B platform. Posts and uploads should not contain personal data. If they do, we formally collect these data from you (GDPR Article 6, para. 1a, Swiss nFADP Article 6 para. 2). 

1.4 Data from Others 

Others may post or write about you, but this is not the intention of the bizpando platform. If you wish to have such data deleted, we will gladly assist you (GDPR Article 17, Swiss nFADP Article 19).

1.5 Use of the Service 

We log your visits and use of our services, including mobile apps (GDPR Article 6, paragraph 1f, Swiss nFADP Article 6 clause 2).

1.6 Messages 

When you communicate through our services, we become aware of it. We collect information to support and protect our services (GDPR Article 6, paragraph 1f, Swiss nFADP Article 6 clause 2).

1.7 Workplace Data 

If your organization uses bizpando through you, we receive basic communication data about you (GDPR Article 6, paragraph 1b, Swiss nFADP Article 6 clause 2).

1.8 Miscellaneous 

Our services are dynamic, and we may collect new types of data (GDPR Article 6, paragraph 1a, Swiss nFADP Article 6 clause 2).

How We Use Your Data 

We use your data to provide, support, and develop our services (GDPR Article 6, paragraph 1b, Swiss nFADP Article 6 clause 2).

2.1 Services 

Our services are business oriented. All communication should only address business topics (GDPR Article 6, paragraph 1b, Swiss nFADP Article 6 clause 2).

2.2 Communication 

We might contact you directly via email or phone (GDPR Article 6, paragraph 1a, Swiss nFADP Article 6 clause 2). We minimize personal messages to the minimum necessary for the proposed business functions. Therefore, there are no opt-out options.

2.3 Service Development and Research 

We develop our services and conduct research.

2.4 Service Development 

We use data, including public feedback, to conduct research and development for our services. The aim is to provide you and others with a better, more intuitive, and personalized experience (GDPR Article 6, paragraph 1f, Swiss nFADP Article 6 clause 2).

2.5 Surveys 

Surveys and questionnaires are conducted by us and others through our services. Participation is voluntary, but some of the questionnaires may be relevant for your compliance or that of your business partners (GDPR Article 6, paragraph 1a, Swiss nFADP Article 6 clause 2).

2.6 Customer Support 

We use data to assist you and resolve issues. To process complaints and address service issues (e.g., bugs), we use data, including your communications (GDPR Article 6, paragraph 1b, Swiss nFADP Article 6 clause 2).

2.7 Security and Investigations 

We use data for security, fraud prevention, and investigations. For security purposes or to prevent and investigate potential fraud cases or other violations of our user agreement, we use your data, including your communications (GDPR Article 6, paragraph 1f, Swiss nFADP  Article 6 clause 2).

How We Share Information

3.1 Our Services 

All data that you include in your profile or in content you post is visible to others, depending on their role and business relationship with your assigned company (GDPR Article 6, paragraph 1a, Swiss nFADP Article 6 clause 2).

Profile 

Your limited company profile is fully visible to members and customers of our services. Personal communication data is only visible to others if the email is associated with certain services (GDPR Article 6, paragraph 1a, Swiss nFADP Article 6 clause 2).

Corporate Accounts 

We do not have purely personal accounts. All accounts are associated with at least one organization. Your organization may grant you access to our corporate services, depending on your role on the platform (GDPR Article 6, paragraph 1b, Swiss nFADP Article 6 clause 2).

3.2 Archiving of Communication 

Regulated members may need to store communication outside of our service. Some organizations are required for legal or professional reasons to archive their communication and social media activities. We enable the archiving of messages by and to these members outside of our services (GDPR Article 6, paragraph 1c, Swiss nFADP Article 6 clause 1).

3.3 Third-Party Services 

Your organization might be linked with third-party services. In this case, your personal data might also be used in this service (GDPR Article 6, paragraph 1b, Swiss nFADP Article 6 clause 2).

3.4 Service Providers 

We might use third parties to assist with our services. We use third parties to support our services (e.g., maintenance, analysis, audit, payments, fraud detection, marketing, and development). They have access to your data only to the extent necessary to perform these tasks and are obligated not to use it for other purposes (GDPR Article 28, Swiss nFADP Article 9).

3.5 Legal Disclosure 

We might share your data when it is legally required or to protect your and our rights and safety. The disclosure of your data might be necessary to comply with legal requirements or to protect the security and rights of you, us, or third parties (GDPR Article 6, paragraph 1c, Swiss nFADP Article 19).

3.6 Change of Control or Sale 

In the event of a sale of our business, your data may be transferred but must continue to be used in accordance with this privacy policy (GDPR Article 6, paragraph 1b, Swiss nFADP Article 6 clause 2).

Your Choices and Obligations

4.1 Data Retention 

As long as your account is open, we will store most of your personal information (GDPR Article 5, paragraph 1e, Swiss nFADP Article 6).

4.2 Rights to Access and Control Your Personal Data 

You have the right to delete, amend, or access your personal information (GDPR Articles 15-22, Swiss nFADP Articles 19, 20, 21).

Additional Important Information 

After closing your account, your data will be deleted within 48 hours, provided there are no legal obligations to retain it (GDPR Article 17, Swiss nFADP Articles 19, 20, 21). However, data that you have shared with others will remain visible and we have no control over data that other members have copied from our services. Your profile may continue to be visible on third-party services until they update their cache.

5.1 Security 

We monitor for potential security breaches and strive to prevent them. Please use the security features available through our services. We implement security measures such as HTTPS to protect your data. Although we regularly monitor our systems, we cannot guarantee the security of information transmitted to us (GDPR Article 32, Swiss nFADP Articles 7, 8).

5.2 Cross-Border Data Transfers 

We store and use your data outside of your country. We process data globally and use lawful mechanisms for cross-border data transfer. The laws of the countries where we process data may differ from the laws of your country.

5.3 Legal Bases for Processing 

We have lawful reasons for collecting, using, and sharing your data. You can withdraw your consent at any time. The legal bases include your consent, contracts, and "legitimate interests" (GDPR Article 6, Swiss nFADP Article 6 clause 2).

5.4 Direct Marketing and "Do Not Track" Signals 

We currently do not share personal data with third parties and also respect "Do Not Track" signals.

5.5 Contact Information 

For any questions or complaints about this policy, you can contact us.

Address: 

bizpando AG 

Bösch 21 

CH - 6331 Hünenberg 

Switzerland

 

Rights of Data Subjects under GDPR and Swiss New Federal Act on Data Protection (nFADP) 

Right to Information 

Data subjects have the right to request confirmation as to whether their personal data is being processed and, if so, to obtain information about this data.

Right to Rectification 

If your data is incorrect or incomplete, you have the right to request its correction or completion.

Right to Erasure 

Under certain circumstances, such as if consent is withdrawn or the processing is unlawful, data subjects have the right to request the erasure of their data.

Right to Restriction of Processing 

In certain cases, you may request the restriction of processing of your data, e.g., if you contest the accuracy of the data or have objected to processing.

Right to Data Portability 

Data subjects have the right to receive their data in a standard, machine-readable format and to transfer it to another controller.

Right to Object 

You have the right to object at any time to the processing of your data for reasons arising from your particular situation, provided the processing is based on legitimate interests.

Automated Decision-Making and Profiling 

You have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you.

Right to Withdraw Consent for Data Protection 

If the data processing is based on your consent, you have the right to withdraw this at any time.

Right to Lodge a Complaint with a Supervisory Authority 

If you believe that the processing of your data violates data protection laws, you have the right to lodge a complaint with a supervisory authority.

It is important to note that the rights under the Swiss nFADP and the GDPR are similar but not identical. The respective applicability depends on various factors such as the location of data processing and the specific context.

Appointment of a Data Protection Officer (Swiss nFADP: Data Protection Advisor)

bizpando AG has appointed a Data Protection Officer (Data Protection Advisor) in accordance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) of the Federal Republic of Germany, and the Swiss New Federal Act on Data Protection (nFADP).

GDPR 

According to Article 37 of the GDPR, the appointment of a Data Protection Officer is required if the core activity of the controller or processor consists of processing operations that, due to their nature, scope, and/or purposes, require extensive regular and systematic monitoring of data subjects. Our Data Protection Officer will ensure that our company complies with the provisions of the GDPR in all relevant aspects.

BDSG 

Pursuant to Section 38 of the Federal Data Protection Act (BDSG), a Data Protection Officer must also be appointed if more than nine persons in Germany are permanently engaged in the automated processing of personal data. This officer will additionally ensure compliance with the national data protection provisions of the BDSG.

Swiss nFADP 

The Swiss New Federal Act on Data Protection (nFADP) has provided for the appointment of a Data Protection Advisor in its Article 12a, who acts as an internal control body, particularly in the case of complex data processing or a large number of data subjects. The Data Protection Advisor will be responsible for compliance with Swiss data protection legislation.

Our Data Protection Officer/Advisor will serve as the central contact point for data protection inquiries for employees as well as data subjects and supervisory authorities. They will take all necessary measures to ensure compliance with data protection regulations.

If you have any questions regarding data protection at our company, you can contact our Data Protection Advisor at any time: 

 

Wolfgang Evers 

DSZ GmbH 

Brandlweg 5 

D-83543 Rott am Inn 

Phone: +49 8039 40 6995 0 

Email: wolfgang.evers@dsz365.de


 
In case of doubt, the German version of this Privacy Policy shall prevail.

 

Last updated: November 8, 2023

bottom of page