Privacy Policy

1. Introduction

In the following, we provide information about the processing of personal data

on our website www.converto.com
in our profiles in social media
within application processes
outside the website (e.g., when sharing with recipients of the data).

Personal data refers to any information relating to an identified or identifiable natural person, such as their name or email address.

1.1 Contact details

The controller according to Art. 5 lit. j Federal Act on Data Protection (FADP) is Converto AG, Uetlibergstrasse 134b, 8045 Zurich, Switzerland, e-mail: info@converto.com.
We are legally represented by Kim Engels.

Our data protection advisor can be reached via heyData GmbH, Schützenstrasse 5, 10117 Berlin, www.heydata.eu, e-mail: datenschutz@heydata.eu.

1.2 Disclosure abroad

Insofar as we transfer personal data to service providers or other third parties outside Switzerland, Federal Council decisions according to Art. 16 para. 1 FADP usually guarantee the security of the data during the transfer. According to these decisions, the legislation there provides adequate protection. Such adequacy has been determined by the Federal Council for the states, territories, specific sectors within a state, and international bodies listed in Art. 8 para. 1 Ordinance on Data Protection (Data Protection Ordinance, DPO) in conjunction with Annex 1. These can be accessed at https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html .

This is the case for the following countries:

Germany
Andorra
Argentina
Austria
Belgium
Bulgaria
Canada (An adequate level of data protection is considered guaranteed if the Canadian federal law "Loi sur la protection des renseignements personnels et les documents électroniques" of April 13, 2000, applies within the private sector, or the law of a Canadian province that largely corresponds to this federal law. The federal law applies to personal data collected, processed, or disclosed in the course of commercial activities, regardless of whether they are organizations like associations, partnerships, individuals, or unions, or federally regulated businesses such as facilities, works, undertakings, or activities that fall within the legislative jurisdiction of the Canadian Parliament. The provinces of Quebec, British Columbia, and Alberta have enacted legislation that largely corresponds to the federal law; the provinces of Ontario, New Brunswick, Newfoundland and Labrador, and Nova Scotia have enacted legislation that largely corresponds to the federal law in the area of health data. In all Canadian provinces, the federal law applies to all personal data collected, processed, or disclosed by federally regulated businesses, including data about employees of these businesses. The federal law also applies to personal data transferred in the course of commercial activities to another province or country.)
Cyprus
Croatia
Denmark
Spain
Estonia
Finland
France
Gibraltar
Greece
Guernsey
Hungary
Isle of Man
Faroe Islands
Ireland
Iceland
Israel
Italy
Jersey
Latvia
Liechtenstein
Lithuania
Luxembourg
Malta
Monaco
Norway
New Zealand
Netherlands
Poland
Portugal
Czech Republic
Romania
United Kingdom
Slovakia
Slovenia
Sweden
Uruguay

In other cases (e.g., if no adequacy decision exists), the legal basis for data transfer is usually, unless we indicate otherwise, standard data protection clauses. These are a set of rules adopted by the Federal Data Protection and Information Commissioner (FDPIC) and are part of the contract with the respective third party. According to Art. 16 para. 2 lit. d FADP, they ensure data security during the transfer. Many of the providers have given contractual guarantees beyond the standard contractual clauses to protect the data. These include, for example, guarantees regarding the encryption of data or regarding an obligation of the third party to notify data subjects if law enforcement agencies wish to access the respective data.

1.3 Rights of data subjects

Data subjects generally have the following rights against us, among others, regarding their personal data:

Right to access information about whether personal data about them is being processed.
Right to obtain their personal data that they have disclosed to us,
Right to rectification,
Right to object to processing.

2. Newsletter

Interested parties have the option to subscribe to a free newsletter. We process the data provided during registration for sending the newsletter. Registration is done by selecting the appropriate field on our website, by ticking the corresponding field in a paper document, or by another clear action, whereby interested parties declare their consent to the processing of their data. We process the data for the purpose of direct marketing. The consent of the interested party may be revoked at any time, for example, by clicking the corresponding link in the newsletter or notifying our above-mentioned email address.

We also process the opening and click rates of our newsletters by interested parties to understand which content is relevant to our recipients. This serves to improve our direct marketing.

We use a service from the provider Zoho Corporation GmbH, Trinkausstr. 7, 40213 Düsseldorf, Germany for email marketing. The provider is the recipient of personal data within the scope of the specified processing. Further information can be found in the provider's privacy policy at https://www.zoho.com/privacy.html?zredirect=f&zsrc=langdropdown&lb=de.

The provider processes personal data in the EU. Notes on guarantees according to Article 16 paragraph 2 can be found in the section "Disclosure abroad".

3. Data processing on our website www.converto.com

3.1 Notice for website visitors from Germany

Our website stores information in the terminal equipment of website visitors (e.g. cookies) or accesses information that is already stored in the terminal equipment (e.g. IP addresses). What information this is in detail can be found in the following sections.

This storage and access is based on the following provisions:

Insofar as this storage or access is absolutely necessary for us to provide the service of our website expressly requested by website visitors (e.g., to carry out a chatbot used by the website visitor or to ensure the IT security of our website), it is carried out on the basis of Section 25 para. 2 no. 2 of the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutzgesetz, "TDDDG").
Otherwise, this storage or access takes place on the basis of the website visitor`s consent (Section 25 para. 1 TDDDG).

The subsequent data processing is carried out in accordance with the following sections and on the basis of the provisions of the GDPR.

3.2 Informational use of the website

When using the website for informational purposes, i.e., if visitors do not transmit specific information to us, we collect the personal data that the browser transmits to our server in order to ensure the stability and security of our website. This serves to ensure the IT security of the website.

These data include, for example:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software

These data are also stored in log files.

3.3 Data on third-party devices

Through our website, we process data on third-party devices by means of telecommunications transmission within the scope described in the previous and following sections.

Visitors can refuse the processing, for example, by making appropriate presettings in their browser to block or delete cookies.

3.4 Web hosting and provision of the website

We host our website internally. In doing so, we process the personal data transmitted via the website, some of which is also mentioned in other sections of this privacy policy, e.g., content, usage, meta/communication data, or contact data. Processing is a prerequisite for us to be able to offer a website and thus present ourselves to the outside world.

We process personal data in the EU. Information on guarantees under Article 16(2) can be found in the section “Disclosure abroad”.

3.5 Contact Form

When contacting us via the contact form on our website, we process the data requested there and the content of the message to handle the request. As far as legally permissible, we may also process the data for direct marketing purposes.

3.6 Technically Necessary Cookies

Our website uses cookies. Cookies are small text files that are stored in the web browser on the end device of a site visitor. Cookies help to make the offer more user friendly, effective, and secure. If data is processed in this context, it is for the purpose of providing a functional website to customers and other site visitors.

Specifically, we use technically necessary cookies for the following purpose(s):

Cookies that store language settings

3.7 Third-party providers on the website

3.7.1 Permaleads

We use a service provided by the provider to generate leads. The provider is the recipient of personal data within the scope of the aforementioned processing. Further information can be found in the provider's privacy policy at https://www.permagroup.ch/datenschutz?param=1.

The provider processes personal data in Switzerland.

3.7.2 Microsoft Clarity

We use a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, for analysis and to identify business opportunities. The provider is the recipient of personal data within the scope of the aforementioned processing. Further information can be found in the provider's privacy policy at https://privacy.microsoft.com/de-de/privacystatement.

The provider processes personal data in the EU.

Information on guarantees under Article 16 paragraph 2 can be found in the "Disclosure Abroad" section.

3.7.3 umami

We use a service provided by Umami Software, Inc., 1362 42nd Ave, San Francisco, California, 94122, USA for analysis. The provider is the recipient of personal data within the scope of the aforementioned processing. Further information can be found in the provider's privacy policy at https://umami.is/privacy.

The provider processes personal data.

Information on guarantees under Article 16 paragraph 2 can be found in the "Disclosure Abroad" section.

3.7.4 heyData

We use a data protection seal from the provider heyData GmbH, Schützenstrasse 5, 10117 Berlin, Germany (privacy policy: https://heydata.eu/datenschutzerklaerung ) to provide site visitors with confirmation of our data protection compliance. The provider is a recipient of personal data in the context of the mentioned processing.

The provider processes personal data in Germany. Information on guarantees according to Article 16 paragraph 2 can be found in the section "Disclosure abroad".

4. Data Processing on Social Media Platforms

We are present on social media networks to showcase our organization and services there. Operators of these networks regularly process users' data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to display advertisements on the networks' sites and also elsewhere on the Internet that match users' interests. To this end, network operators store information about usage behavior in cookies on users' computers. It is also possible that operators merge this information with other data. Further information and hints on how users can object to processing by the page operators can be found in the privacy policies of the respective operators listed below. Operators or their servers may also be located abroad, so they may process data there. This may pose risks for users, for example, because the enforcement of their rights is more difficult or government agencies may access the data.

When users of the networks contact us via our profiles, we process the data provided to us to respond to inquiries.

4.1 LinkedIn

We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://https://www.linkedin.com/legal/privacy-policy?_l=de_DE. One way to object to data processing is via the settings for advertisements: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

5. Data processing of applicants

When individuals apply to our open positions (which we have posted ourselves or on third-party websites) or submit unsolicited applications, we process their data for the purposes of the application process.

It may also be that we directly contact interesting applicants for a position. In this case, we process their personal information (e.g., name), contact information (e.g., email address), as well as other data that might be relevant for the specific position.

Recipients of the data are service providers used in the application process (e.g., processors as part of recruiting) and cloud software providers that we use. Recipients that we can currently identify are listed below in the section "Recipients of data".

We ask applicants to refrain from including references to political opinions, religious beliefs, and similarly sensitive data in their CVs and cover letters. They are not necessary for an application. However, if applicants still provide such information, we cannot prevent their processing.

6. Data Processing Outside the Website

6.1 Processing Purposes

We process personal data for the purposes mentioned below or elsewhere in this document (e.g., under "Recipients of Data"):

Provision of contractual services
Fulfillment of contractual obligations Contact (e.g., via email or phone)
Communication
Responding to inquiries
IT security measures
Direct marketing
Request and consideration of feedback
Security measures in our office

6.2 Recipients of Data

Recipients of data are service providers we use (e.g., processors), cloud software providers we deploy, and other external entities. Recipients we can currently identify are listed by name below. However, this list is not to be considered exhaustive.

6.2.1 Amazon AWS

We use a service from the provider Amazon Web Services EMEA Sarl, 38 avenue John F. Kennedy, L-1855, Luxemburg (Privacy policy: https://aws.amazon.com/privacy/ ) as platform as a service, as infrastructure as a service, as serverless computing environments, as cloud storage. The provider is the recipient of personal data within the scope of the mentioned processing. Data subjects are Employees, Users, Third parties, Customers.