DATA PRIVACY POLICY for the one11 platform

Last adjustments: august 2022

The responsible party within the meaning of data protection laws, in particular the EU General Data Protection Regulation (DSGVO), is:

one11 AG
E-mail: [email protected]
Phone: +41 56 525 66 00

General notes

The following privacy policy explains how one11 ag and affiliated companies ("one11", "we", "us(er)") process personal data in relation to the use of our one11 platform ("one11 app", "app").
Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Swiss Confederation (Data Protection Act, DSG), every person is entitled to privacy protection and protection against misuse of their personal data. We take these provisions very seriously and comply with them. Personal data is treated as strictly confidential and is neither sold nor passed on to third parties.
In close cooperation with our hosting providers (Heroku and AWS), we strive to protect the databases as much as possible from unauthorized access, loss, misuse or forgery.
We point out that data transmission on the Internet (for example, when communicating by e-mail) may have security gaps. Complete protection of data against access by third parties is not possible.
By using one11, you agree to the collection, processing and use of data as described below. The one11 app can generally be used without registration. In the process, data such as pages accessed, date or time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or e-mail address are collected on a voluntary basis as far as possible. Without your consent, the data will not be passed on to third parties.
We reserve the right to update our privacy policy at any time. With the following statements we inform you about the possible processing of your personal data and the actual processes.

What you need to know in advance

The one11 mobile app is installed via distribution platforms operated by third parties (app stores; in particular App Store and Google Play). The download always requires registration with the respective app store. It is important for you as a user that we have no influence on this process, respectively that the collection, storage, use and other processing ("processing" according to Art. 4 No. 2 DS-GVO) of personal data is carried out by the app store. If you have any questions or would like to assert your rights, please contact the respective app store directly.
In order for the app to function properly, it may be necessary for you to grant access to certain functionalities (e.g. access camera, memory, etc.) and personal data. If this is the case, your device will inform you the first time.

Processing of personal data

Personal data is any information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection law. In addition, we process personal data - to the extent and insofar as the EU GDPR is applicable - in accordance with the following legal bases in connection with Art. 6 (1) GDPR:

  1. Processing of personal data with the consent of the data subject.
  2. Processing of personal data for the performance of a contract with the data subject as well as for the implementation of corresponding pre-contractual measures.
  3. Processing of personal data to comply with a legal obligation to which we are subject under any applicable law of the EU or under any applicable law of a country in which the GDPR applies in whole or in part.
  4. Processing of personal data to protect the vital interests of the data subject or another natural person.
  5. Processing of personal data to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and rights and interests of the data subject override these. Legitimate interests are in particular our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.

We process personal data for the duration required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

Cookies

We use cookies. These small text files make it possible to store specific information related to you on the user's end device while the one11 app is being used. Cookies make it possible, in particular, to determine the frequency of use and number of users of the app and website, to analyze behavior, but also to make our offer more customer-friendly. Cookies remain stored beyond the end of a browser session and will be retrieved when you visit the site again.
You can also prevent the setting of cookies by our platform at any time by means of an appropriate setting of the web browser used by you and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted automatically or manually via a web browser or other software programs. This is possible in all common web browsers. You can also specify that certain cookies may not be placed at all or that you will receive a message each time a cookie is set. You can find further information in your browser. Please note that if cookies are deactivated, not all functionalities of our platform can be used to their full extent.

SSL/TLS encryption

For security reasons and in order to protect the transmission of confidential content, we use SSL encryption (Secure Locket Layer). You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in the browser line. We use this technology to protect ourselves against accidental or intentional manipulation and against access by third parties. Our security measures are also continuously adapted and improved in line with technological developments.

Server log files

We automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:

  • Time of the server request
  • Requested URL
  • Time until process has been completed
  • IP address

This data cannot be assigned to specific persons. A combination of this data with other data sources is not made. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

Contact form

If you send us an enquiry via the contact form, the information provided in the enquiry form, including the contact details provided, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We do not pass on this data without your consent.

Third-party services

The one11 app uses third-party services for various services. These are described in the following sections.

Heroku (Hosting) & AWS (Assets)

Hosting of the application and the database with server location in Frankfurt.
You can find more information here: https://devcenter.heroku.com/articles/security-privacy-compliance & https://aws.amazon.com/privacy

Vonage

We use this service for sending SMS in order to complete the two-step verification. You can find more information here: https://www.vonage.com/legal/privacy-policy/

Google Firebase

Is used for sending push notifications. The push notifications can be set individually by each user.
You can find more information here: https://firebase.google.com/support/privacy

Stripe

For the provision of chargeable services, one11 requests additional data, such as payment details, in order to be able to execute your order. We store this data in third-party systems of Stripe (USA). Stripe is DSGVO-compliant and does not share this data. Stripe does not receive any information in connection with your profile. More information can be found here: https://stripe.com/en-ch/privacy

Sentry / NewRelic / Papertrail

Our monitoring services are used for error, performance, log files and user behavior monitoring.
Sentry (USA) is used to track errors within the application and website. For this monitoring, information about runtime errors and crashes is collected. This includes browser type and version, operating system used, and referrer URL. Sentry does not see any personal data, only the console log is recorded. Sentry is covered by the Privacy Shield. You can find more information here: https://sentry.io/privacy
The one11 app uses New Relic (USA) to track the technical performance within the application and website. For this purpose, New Relic collects application data that cannot be linked to a person. New Relic sets one or more cookies in your browser for this purpose. The application data is stored on New Relic's servers and is also used to analyze the performance of this website. New Relic is covered by the Privacy Shield. You can find more information here: https://newrelic.com/privacy
We use Papertrail (USA) to manage server logs. This helps us see internal metrics of the application and data flows. Papertrail is under the Privacy Shield. You can find more information here: https://www.papertrail.io/privacy

Google Ads

The one11 app uses Google conversion tracking. If you have accessed the one11 app via an ad placed by Google, Google Ads will set a cookie on your device. The cookie for conversion tracking is set when users click on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If users visit certain pages on the one11 app and the cookie has not yet expired, we and Google can recognize that users clicked on the ad and were redirected to this page. Each Google Ads customer receives a different cookie. The information collected using the conversion cookie is used to create conversion statistics for Ads customers. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users.
If you do not want to participate in the tracking, you can refuse the necessary setting of a cookie - for example, by a browser setting that generally disables the automatic setting of cookies or set your browser to block cookies from the domain "googleleadservices.com".
Please note that you may not delete the opt-out cookies as long as you do not wish any measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.

Google Maps

Helps us to present things better and clearer. For more information, please visit: https://policies.google.com/privacy?hl=en

reCAPTCHA

We use the service reCAPTCHA of Google Inc. The query serves the purpose of distinguishing whether the input is made by a human or by automated, machine processing. The query includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and used there. However, Google will truncate your IP address beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of one11, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCaptcha will not be merged with other data from Google. Your data may also be transmitted to the USA in the process. For data transfers to the USA, an adequacy decision of the European Commission, the "Privacy Shield", is available. Google participates in the "Privacy Shield" and has submitted to the requirements. By pressing the query, you consent to the processing of your data. The processing is based on Art. 6 (1) lit. a DSGVO with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. You can find more information about Google privacy policy at: https://policies.google.com/privacy?hl=en-US

Google Analytics

The one11 app uses Google Analytics, a web analytics service provided by Google Inc. To disable Google Analytiscs, Google provides a browser plug-in at: https://tools.google.com/dlpage/gaoptout?hl=de
Google Analytics uses cookies. The information collected by the cookie about your use of one11 (including your IP address) will be transmitted to and stored by Google on servers in the United States. However, Google truncates your IP address beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, which is why no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google complies with the data protection provisions of the "Privacy Shield" agreement and is registered with the "Privacy Shield" program of the U.S. Department of Commerce and uses the information collected to evaluate the use of the one11 app, to compile reports for us in this regard and to provide other related services to us. You can learn more at: https://support.google.com/analytics/answer/6004245?hl=de

Sparkpost

Is used for sending transactional emails (e.g. notifications). For more information, click here: https://www.sparkpost.com/policies/privacy/

MailChimp

Is used for sending newsletters, storing and managing our customer data.

Notifications

When registering on our platform, you can adjust the settings for your notifications (via email or mobile using a push). These notifications and pushes are free of charge. To send the notifications, we use the email address you provided during registration. Your registrations as well as the subscription to the notifications are logged.

Right to information, deletion, blocking

You have the right at any time to free information about your stored personal data, its origin, recipients and the purpose of data processing, as well as the right to correct, block or delete this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.
Please note the following if you request the deletion of your personal data or if your one11 account is blocked, terminated or voluntarily closed:

  • We may retain some of your personal information for our legitimate business interests. These legitimate interests include preventing money laundering, fraud detection and prevention, and enhancing security. For example, if we suspend a one11 account for security reasons or because of a fraud case, we may store certain data from that account to prevent that member from opening a new one11 account in the future.
  • We may store and use your personal information to the extent necessary to comply with our legal obligations. For example, we may retain some of your information for tax purposes or to comply with legal obligations.
  • Information that you have shared with others (for example, reviews and messages) will continue to be publicly visible, even after you cancel your account. However, the data can no longer be attributed to your person. Some copies of your data (such as log entries) will remain in our database, but will be separate from personal identifiers.
  • Because we take measures to protect data from accidental or malicious loss and destruction, copies of your personal information may not be removed from our backup systems for a limited period of time.

Copyrights

The copyright and all other rights to content, images, photos or other files in the one11 app belong exclusively to the operators or the specifically named rights holders. For the reproduction of all files, the written consent of the copyright holder must be obtained in advance.
Anyone who commits a copyright infringement without the consent of the respective rights holder max be liable to prosecution and at most to damages.

General disclaimer

All information on our website has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, correct and complete. Nevertheless, the occurrence of errors cannot be completely excluded, so we cannot guarantee the completeness, accuracy and timeliness of information, including journalistic and editorial information. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected.
The publisher may change or delete texts at his own discretion and without notice and is not obliged to update the contents of this application and website. Use of or access to the one11 app is at the visitor's own risk. The publishers, their commissioning parties or partners are not responsible for any damage, such as direct, indirect, accidental, damage to be specifically determined in advance or consequential damage, which is allegedly caused by the use of one11 and consequently assume no liability for this.
The operators also assume no responsibility or liability for the messages sent by the operations and users as well as for the content and availability of third-party websites that can be accessed via external links from one11. The operators of the linked sites are solely responsible for their content. The publishers thus expressly distance themselves from all third-party content that may be relevant under criminal or liability law or that may offend common decency.

Changes

Due to the further development of the one11 app and its offers or also due to changed legal or official requirements, it may be necessary for us to make changes to the data protection declaration. We can adapt these at any time and without prior notice. The current version published on our website applies. If we make an adjustment, we will publish the updated privacy policy and adjust the date above under "Last updated". We therefore recommend that you check our data protection declaration regularly.

Questions to the data protection officer

If you have any questions about data protection please send us an e-mail or contact directly the person responsible for data protection in our organization listed at the beginning of the Privacy Policy.