This data protection and privacy information applies to data processing by Pingen GmbH, Sihlquai 125, CH-8005 Zürich (Switzerland), phone: +41 44 508 09 09, e-mail: email@example.com (hereinafter we or Pingen), represented by Sandro Kunz and Graem Lourens.
As a Swiss company without branches abroad, we are obliged to the data protection regulations and laws of Switzerland. In order to enable customers from the European Union (EU) to use our services, we also comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC („General Data Protection Regulation“, hereinafter "GDPR"). In this context, we would like to point out that there is no obligation for Pingen to appoint a data protection officer in accordance with GDPR Art. 37.
Responsible according to Art. 4 para. 7 of the GDPR: Pingen GmbH, Sihlquai 125, 8005 Zürich, Switzerland, firstname.lastname@example.org
Data protection representative in the European Union pursuant to Art. 27 para. 1 of the GDPR: Graem Lourens, c/o Lourens Systems Polska Sp. z o.o., Wincentego Rzymowskiego 31, 02-697 Warszawa, Poland, email@example.com
Personal Data Personal data means any information relating to an identified or identifiable natural person (hereinafter „Data Subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Subject Data Subject is any identified or identifiable natural person whose personal data are processed by the controller.
Processing Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of Processing Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, particularly to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller Controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Recipient Recipient means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be compliant with the applicable data protection rules according to the purposes of the processing.
Third Party Third party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him/her.
Service Service means the service offered via a website operated by Pingen. In connection with this, data is collected from the user of the service to be able to fulfil the described offering of the service.
When you visit our websites, we or our provider automatically process information which your browser automatically transmits to us in so-called server log files. These are:
Browser type and browser version
Operating system used
Name of your access provider
Name and URL of the retrieved file(s)
Host name and/or IP address of the accessing device
Date and time of the server request
The mentioned data will be processed by us for the following purposes:
Ensuring a smooth connection of the website
Ensuring a comfortable use of the website
Evaluation of system security and stability
For further administrative purposes
The legal basis for data processing is Art. 6 Par. 1 S.1 lit. f GDPR. Our legitimate interest arises from the purposes listed above for data collection. The data cannot be assigned to specific persons. These data are not combined with other data sources. We reserve the right to check the data subsequently if we become aware of concrete indications of an illegal use.
Your personal data will not be disclosed to third parties for purposes other than those listed below. We will only disclose on your personal data to third parties if:
You have given your express consent pursuant to Art. 6 para. 1 section 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 section 1 f GDPR is necessary to assert,
exercise or defend legal claims and there is no reason to assume that you have a predominant interest worthy of protection in not disclosing your data if a legal obligation exists for the transfer pursuant to Art. 6 para. 1 section 1 lit. c GDPR,
and this is legally permitted by Art. 6 para. 1 section 1 b GDPR and is required for the processing of contractual relationships with you.
Contact Forms and Support Forms
For questions of any kind, including support requests, we offer you the opportunity to contact us using the forms provided on the website. In addition to the actual message, we need your name and a valid e-mail address so that we know what kind of information you want from us, from whom the request originated and to be able to answer it. Further information can be provided voluntarily. The data will be processed for the purpose of contacting us in accordance with Art. 6 para. 1 section 1 lit. a GDPR based on your voluntary consent. The personal data collected by us for the use of the contact form will be used exclusively for processing your inquiry. To process your request, it may be necessary for data to be transferred to third parties. Whether, to whom, under which circumstances and what data are disclosed to third parties can be checked via the following link:
If you do not agree with the processing and or the data protection and privacy provisions of one or more of these third parties, we recommend that you do not use our contact form or do not continue to use it and request any data already transmitted via the contact form to be deleted. If you do not explicitly revoke the data, it will remain stored as long as we consider it useful for the provision of our services.
At www.flyernator.ch as well as other country-specific top-level domains and application-specific subdomains, we operate the service "Flyernator". This service enables participants to place flyers and advertisements and have them distributed to letterboxes in geographically selected areas. The detailed features as well as the specific range of services can be viewed at www.flyernator.ch as well as other country-specific top-level domains. To be able to provide this service, data is collected and processed in accordance with Art. 6 Para. 1 S. 1 lit. A and b GDPR. For an order with Flyernator, your first and last name as well as your e-mail address and telephone number are stored in addition to your company name and postal address. Personal data is only collected by Flyernator to the extent contractually and technically necessary and is used to fulfil the service offered by the service. Under no circumstances will this data be sold or passed on to third parties for reasons other than those mentioned.
At www.superpost.com we operate the service "superpost". This enables participants to send texts or documents via postal mail to recipients at home and abroad. The detailed features as well as the specific range of services can be found at www.superpost.com. To be able to provide this service, data is collected and processed in accordance with Art. 6 para. 1 p. 1 lit. A and b GDPR. For an order placed with superpost, the postal address of the recipient, your first and last name, your billing address, your e-mail address, and the means of payment used, including validity and anonymised card number, are stored in addition to the content of the letter. Optionally, additional information can be provided when creating the letter, which will also be stored by superpost. Personal data is only collected by superpost to the extent contractually and technically necessary and is used to fulfil the service offered by the service. Under no circumstances will this data be sold or passed on to third parties for reasons other than those mentioned.
At www.pingen.com and other country-specific top-level domains as well as application-specific subdomains we operate the service "Pingen". Pingen essentially enables participants to send letters and electronic documents as snail mail to recipients locally and abroad. The detailed features of Pingen as well as the specific range of services can be found at www.pingen.com and other country-specific top-level domains. To provide these services, data is collected and processed in accordance with Art. 6 para. 1 section 1 lit. a and b GDPR. When registering for Pingen, your company name and/or your first and last name as well as your e-mail address will be requested and saved. To complete your profile, your postal address, and the necessary information for sending letters and documents will also be recorded during the later course of use. You may voluntarily provide additional personal data. The scope of this data depends on how and for what purpose Pingen is to be used. Certain functions of Pingen can therefore only be used if the necessary data is collected. Personal data is only collected and used in Pingen to the extent contractually and technically necessary to provide you with an optimal user experience. This also applies to the personal data of the recipients, which is required to be able to provide the explicitly communicated service. Under no circumstances will this data be sold or passed on to third parties for reasons other than those mentioned.
To provide the best possible user experience and specific functions, we use third parties and have data processed by third parties for certain services provided by us.
Wherever possible, Pingen collaborates with third parties who are subject to the provisions of the GDPR and the Privacy Shield Framework between the USA and the EU or the USA and Switzerland or who have voluntarily committed themselves to comply with the GDPR. Further information regarding the processing steps and the data protection regulations of the third-party providers can be requested directly from the respective third-party providers.
A list of these third-party providers with a description of the data processed by them, the purpose of the processing, as well as the time when the disclosure takes place, can be viewed under this link:
Pingen reserves the right to change this list as well as the cooperation with third parties at any time and to make use of additional third parties for the purpose of providing services. Relevant changes of the list as well as the cooperation with existing third parties or new third parties will be communicated to the participant by appropriate means.
If you do not agree with the processing and or the data protection provisions of one or more of these third-party providers, you can object to the use by terminating the business relationship with Pingen in writing and requesting any data already disclosed to Pingen to be deleted. The termination of the business relationship is the only way for you to object to the processing, or also to the changed processing, by Pingen or the third-party providers used.
Data Retention and Deletion
To be able to fulfil offers and contractually agreed services within a defined framework, data will be stored for as long as there is a business relationship between you and Pingen, unless otherwise stipulated by law for the storage of the processed data. Unless otherwise defined, a business relationship begins with your use of a service; in particular, with the collection of data through a service or the placing of an order via a service of Pingen and ends with the termination by you or by Pingen or 18 months after the conclusion of the order. Additionally, certain Pingen services offer the possibility to determine the storage period of certain data. The deletion of data may be requested by you within the scope of your business relationship with Pingen on the basis the rights of the data subject. For legal reasons, the right to delete data only extends to the data that was collected by Pingen or at the request of Pingen or the data that you have collected. Data which is delivered to us outside of a business relationship or outside the use of one of our offers will be deleted within the scope of the rights of the data subject, provided that they do not contradict applicable law. Pingen reserves the right to charge you expenses for data modifications which were requested by you based on rights of data subject and which exceed a reasonable and proportionate level, at a cost rate customary in the Swiss IT industry.
Use of Google reCaptcha
Some of Pingen’s services use Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA: "Google"). The use includes the "Universal Analytics" operating mode. This makes it possible to assign data, sessions, and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices.
Payment Processing via Stripe
For certain services, we offer the option of processing payment transactions via the payment service provider Stripe, ℅ Legal Process, 510, Townsend St., San Francisco, CA 94103 (Stripe). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR). In this context, the following data is particularly collected by Stripe to the extent necessary for the performance of the contract (Art. 6 para. 1 lit b. GDPR).
Name of the cardholder E-mail address Customer number Order number Credit card data Period of validity of the credit card Credit card verification number (CVC) Date and time of transaction Transaction amount Name of the provider Place
The processing of the data provided under this section is not required by law or contract. We cannot process a payment through Stripe without the submission of your personal data.
Stripe has a dual role as a controller and processor in data processing activities. As a controller, Stripe uses your submitted data to comply with regulatory obligations. This corresponds to Stripe's legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the execution of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). We have no influence on this process.
Stripe acts as a processor to be able to complete transactions within payment networks. Within the scope of the order processing relationship, Stripe acts exclusively according to our instructions and has been contractually obligated within the meaning of Art. 28 GDPR to comply with the provisions of data protection law.
Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).
to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect or complete personal data stored by us;
to request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
in accordance with Art. 18 GDPR, to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection against the processing in accordance with Art. 21 GDPR;
in accordance with Art. 20 GDPR, to receive your personal data, which you have provided to us, in a structured, established, and machine-readable format or to request the transfer to another person responsible;
in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. As a result, we will no longer be allowed to continue processing data based on this consent in the future and
to complain to a supervisory authority pursuant to Art. 77 GDPR. You can either contact the supervisory authority of your usual place of residence, your workplace or our office location.
To exercise your rights as a data subject, you can either contact firstname.lastname@example.org or our data protection representative in the European Union.
Pingen reserves the right to bill you expenses incurred by you due to the exercise of the rights of the data subject and which exceed a reasonable and proportionate level based on a cost rate customary in the Swiss IT industry.
Right to Object
If your personal data is processed based on legitimate interests pursuant to Art. 6 para. 1 section 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided there are reasons for this which arise from your particular situation, or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without stating a particular situation; if you wish to make use of your right of revocation or objection, simply send an e-mail to email@example.com
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form can be seen from the closed representation of the key or lock symbol in the status bar of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.