Introduction to this Privacy Policy
For people who are not used to it, reading a privacy policy is rarely a pleasant experience. Privacy policies are often endlessly long, awkwardly formulated, seemingly repetitive – and one might wonder: is this complexity necessary?
The problem is this: a privacy policy must explain which law applies, which personal data is processed for which purpose. Furthermore: Where the data comes from, to whom we pass it on, what rights you have as a data subject and what happens to the data that your web browser reveals. That is essentially all. However, in our interconnected world, there is simply much to be said about these points. And the information must be complete.
The privacy policy that Locomot creates as a data protection consultant for its customers not only covers the use of the website – it is also interesting, for example, to whom a school makes the performance grades of its children or a trust company makes their financial data accessible. Here, the individualities of institutions become apparent, and it is worth it to take a look. At Locomot, for instance, what we do with your location data when you provide it to us is particularly interesting.
Let us go through important Locomot aspects of the points mentioned above as an example. Afterward, reading our privacy policy will be easier for you.
Which law: The Swiss Data Protection Act
Which data: Username, email address. But also data that your browser leaves behind when it visits our homepage. Locomot tools often require your location data.
Which purpose: For accounts, we need logins. We require location data in order to provide georeferenced content, and authorities may want access to data for tax or other reasons.
Where does the data come from: From you or from others (yes, this section is always disappointing).
To whom do we pass on the data: These are primarily service providers and contractual partners. We do not name them all. What is important is that when, for example, data is stored in a cloud, it has been ensured that this provider also adheres to our data protection standards. A non-standard at Locomot is that when you capture content, it is stored and used – even if you no longer have an account with us. That is exactly the concept: to collect and convey data that is interesting for everyone.
What rights do you have: You may request information about your data or the disclosure of data. However, there are always legal restrictions on these claims.
Data of our website: These usually list "contractual partners" referred to in the section "To whom do we pass on the data." These providers also use your data for their own purposes. Since this listing is quite long, we include it in a separate section at the end of the privacy policy.
It is also important to provide a contact point that you may contact if you have questions.
Now you are well prepared for reading and understand why a privacy policy can hardly be shorter because all this is legally required. Have fun and we look forward to feedback.
1. General Information on this Privacy Policy
The protection of your personal data, which Locomot GmbH ("Locomot", "we", "us") collects and processes in the course of its business activities, is done in accordance with the provisions of the Swiss Data Protection Act (DSG) and, if and to the extent applicable, in accordance with the EU General Data Protection Regulation (GDPR).
This privacy policy informs you about how and for what purposes we process your personal data and what rights you have in this regard. "Personal data", here also briefly "data", includes all details and information that relate to you, an identified or identifiable natural person, and "processing" means any handling of such data, e.g., the gathering, storage, use, disclosure, and deletion.
If you provide us with data about other individuals (e.g., people in photographs, family members), we assume that you are authorized to do so and that this data is accurate, and that you have ensured that these individuals are informed about this disclosure.
We try to work with providers of electronic tools based in Switzerland or Europe. We are pleased to have excellent partners like MapTiler, Hetzner, or Framer. However, this is not always possible.
2. Responsible for Processing Personal Data
Locomot GmbH, Regierungsplatz 30, 7000 Chur
Email: contact@locomot.ch
3. What Data We Process for What Purpose
We primarily process personal data to provide, document, bill for, and improve our services in the context of digital transformation and consultancy in data protection.
We operate a cloud database (CMS) to which our customers can upload content. We are a processor for this content.
This also applies to our web applications and apps that are used to collect and communicate information. Data can be uploaded by any individuals, but always in the context of a Locomot customer. This customer is responsible for the respective data.
There are Locomot applications like Pictomap where location and direction data of users are stored and used when users capture content. Aside from that, no location and direction data of users are stored and used. In particular, we do not store location and direction data when a user is not logged in.
The main categories and purposes are explicitly listed below.
3.1. The Main Categories of Data We Process
· Master Data: Basic data such as name, contact details, personal data, photos, username, consent declarations, and information about third parties.
· Contract Data: Data incurred in the course of providing our services and during contract signings, such as contractual services, data regarding service provision, data from the lead-up to contract conclusion, information for execution (e.g., invoicing), or financial data.
· Applicant Data: Data that arises in the context of an application for a job with us, such as professional background, references, and data from public sources (e.g., the Internet), particularly also information about criminal convictions and professional/activity bans.
· Technical Data: Data that arises during the use of our offerings (e.g., website), such as IP address, geographical information, and the time of use.
· Communication Data: Data arising in connection with communication between us and third parties (e.g., via email, phone, video call, letters, or other means of communication), such as the content of emails or letters, your contact details, and ancillary data of the communication.
· Behavioral Data: Data about your behavior and preferences, such as presence, absence (reasons for this – including health-related), reactions to announcements, navigation on the website, interactions with our social media profiles, participation in events, potentially supplemented with information from third parties (also from publicly available sources).
· Other Data: In particular, data arising in connection with regulatory or legal proceedings, data collected for health protection, photos, video or sound recordings that we create or receive from third parties where you are identifiable.
· Location Data: Certain Locomot applications require location and direction data. The application will always ask for your consent. If you wish to deny consent, close the application and reopen it. You can then refuse the consent and use the application in a limited manner. The location data will not be stored. Exception: If you make text, image, sound, or video recordings in Locomot applications, these recordings will be linked to your user account and stored and used.
· Content uploaded to our systems, especially individuals in images, photographs, sound recordings, or videos: This can include portraits or group photos. Individuals may be the focus of the recording, have more of a statistical nature, or may be present coincidentally in the recording.
3.2. For What Purposes We Process Data
· Provision of Our Service: Digitally transforming content, storing, valuing, and conveying it are part of our services. This also includes personal data, particularly location data and usernames. We collect location data to be able to deliver content geographically.
· Communication: To communicate with you, we process data from you. This can also occur through electronic channels, and especially via email and video calls.
· Contracts: In connection with contract conclusions or executions, we process personal data. This also includes the enforcement of legal claims from contracts (e.g., court proceedings), termination, bookkeeping, and conducting application processes.
· Marketing and Relationship Management: For marketing purposes and relationship management, we process data, e.g., to send our customers, contractual partners, and interested parties personalized advertising or news (e.g., via email or as printed materials). You can refuse or revoke such contacts.
· Event Organization: We organize events with participants. For this, data must be processed, particularly to invite, support, and potentially provide participants with information afterward.
· Improvement of Our Services and Operations: To continuously improve our services (including the website), we analyze, e.g., how you behave on our website.
· Registration: To use certain services (e.g., newsletters, login areas), you must register with us directly or through external service providers; we process data for this.
· Compliance with Laws, Directives, and Recommendations from Authorities. In the context of complying with laws, we may process personal data (e.g., tax obligations, health concepts). Data processing may also occur during investigations (e.g., by a prosecution authority or an appointed private entity).
· Other Purposes: These include, e.g., training and educational purposes, risk management, corporate governance, administrative purposes (e.g., management of master data or accounting), business development, the safeguarding of our rights, and evaluation and improvement of internal processes, safeguarding further legitimate interests, and others.
4. Where the Data Comes From
· From You: Many of the data is provided by you (e.g., in connection with our services). With exceptions (e.g., legal obligations), you are not obliged to disclose your data. However, if you wish to use our services, you must provide us with certain data.
· From Third Parties: We may also obtain data from publicly available sources (e.g., debt collection registers, the Internet including social media) or receive them from authorities (e.g., supervisory authorities, courts), your employer, who has a business relationship with us or otherwise interacts with us, and from other third parties (e.g., associations).
5. To Whom We Disclose Your Data
Only in connection with our contracts, the website, our services, our legal obligations, or otherwise to protect our legitimate interests and the other purposes outlined in Section 3 do we transmit your personal data to third parties, particularly to:
· Service Providers: We work with service providers in Switzerland and abroad who (i) process data on our behalf, (ii) in joint responsibility with us, or (iii) in their own responsibility (e.g., IT providers, banks, insurance companies, accounting services). This may also include health data.
· Contractual Partners: These are customers and other contractual partners of ours, where a transmission of your data arises from the contract. The recipients generally process the data under their own responsibility. In Section 12, you will find our contractual partners whose services we have incorporated into our websites and apps.
· Authorities: We may disclose personal data to offices, courts, and other authorities (e.g., municipalities, supervisory authorities) in Switzerland and abroad if we are legally obliged or entitled to do so or if it appears necessary to protect our interests.
· In particular, to be able to localize content, we use location and direction data from our users. If you create text, image, sound, video, or other recordings in Locomot applications, these recordings will be linked to your user account and used by Locomot. In particular, your username may be displayed together with the recording and location data within our applications for all users to see.
· Content that contains personal data (in particular individuals in images/photographs/sound recordings/videos) may be displayed visibly and audibly to other users.
· Other Persons: This refers to other cases where the inclusion of third parties arises from the purposes outlined in Section 3. As part of corporate development, we may sell or acquire businesses, assets, or companies or enter into partnerships, which may also involve the disclosure of data to persons involved in these transactions. In the context of communication with our competitors, industry organizations, associations, and other bodies, data exchanges may also occur that may affect you.
All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them.
6. How Long We Process Your Data
We process your data as long as required for our processing purposes, the statutory retention periods, and our legitimate interests in processing for documentation and evidential purposes, or if a storage is technically necessary (e.g., in case of backups or document management systems).
In particular, we process content captured by you indefinitely. If you delete your account, the content you have captured will be decoupled from your username and will continue to be displayed and used.
7. What Rights You Have
You can particularly request information about the processing of your personal data, have incorrect personal data corrected, object to data processing, request the release of certain personal data in a common electronic format or their transfer to other controllers, or revoke consent as far as our processing is based on your consent.
8. Data Transfer Abroad
We primarily process and store personal data in Switzerland and the European Economic Area (EEA), but in exceptional cases – for example through subcontractors of our service providers – potentially in any country in the world, particularly in the USA.
If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with applicable data protection, e.g., through the EU Standard Contractual Clauses. An exception may particularly apply in the case of legal proceedings abroad but also in cases of overriding public interest or if a contract performance requires such disclosure, if you have consented, or if it involves data that you have made publicly accessible, to which you have not opposed processing.
9. How We Process Data from Our Website and Digital Services
When using our website (including newsletters and other digital offers), data is collected that is stored. We may also use cookies and similar techniques to recognize website visitors and detect preferences. Technical data may be linked with personal data and thus possibly with you. You can set your browser to automatically reject, accept, or delete cookies (small files).
Additionally, we use our own tools and services from third parties (which can also use cookies) on our website, especially to improve our website (e.g., integration of videos or maps), generate statistics, and display advertisements.
Some of the third-party providers we use may be located outside Switzerland. Information on data disclosure abroad can be found in Section 8.
10. How We Process Data from Social Networks
We may process data about you on social networks and other third-party operated platforms (e.g., if you comment on our content). The providers of the platforms may also analyze your use. They process this data for their own purposes and act as their own controllers for this purpose. For more information on processing by the platform operators, please refer to the privacy notices of the respective platforms.
11. Adjustments to the Privacy Policy
This privacy policy is not part of a contract. We may adjust it at any time. The version published on this website is the current version.