Privacy policy

1. The purpose of this Privacy Policy?

Voicepoint AG (hereinafter also “we”, ”us”) procures and processes personal data relating to other people (known as ”third parties”). In this document, we take the term ”data” to have an identical meaning to ”personal data”.

In this Privacy Policy we describe what we do with your data when you use *.voicepoint.ch or *.voicepoint-cloud.ch (hereinafter “website”), purchase services or goods from us or otherwise have dealings with us under a contract, communicate with us or have any other dealings with us. Where appropriate, we shall inform you by suitable advance notice concerning any additional processing activities that are not mentioned in this Privacy Policy. In addition, we may inform you separately about the processing of your data, e.g. in declarations of consent, contractual terms and conditions, additional privacy policies, forms and notices.

If you transmit or provide to us any data concerning other people such as e.g. colleagues, we assume that you are authorised to do so and that the data are correct. You confirm this by submitting data concerning other people.Please also ensure that any such third parties have been informed concerning this Privacy Policy.

This Privacy Policy is intended to meet the requirements of the EU General Data Protection Regulation (“GDPR”) and the Swiss Federal Data Protection Act (“FDPA”). However, whether and to what extent these laws are applicable depends on the individual circumstances.

2. Who is responsible for the processing of your data?

Unless indicated otherwise in any specific individual instance, e.g. in another privacy policy, a form or a contract, for data protection law purposes Voicepoint AG, Schellerstrasse 14, CH-8620 Wetzikon (”Voicepoint”) is responsible for the data processing carried out by Voicepoint AG as described in this Privacy Policy.

You can contact us at the following address with any data protection queries and in order to exercise your rights under section 11:

Voicepoint AG
Schellerstrasse 14
CH-8620 Wetzikon
datenschutz@voicepoint.ch

3. What data do we process?

We process various categories of data. The most important categories are:

  • Technical data: when you use our website or any other electronic content, we collect the IP address of your device and other technical information to guarantee the functionality and security of the content in question. These data also include logs that record the use of our systems. We retain technical data as a general rule for up to 12 months. In order to ensure the proper functioning of this content, we may also allocate an individual code to you or to your device (e.g. in the form of a cookie, cf. section 12). Technical data do not in themselves enable any inferences to be made concerning your identity. However, in the context of user accounts, registrations, access controls or the performance of contracts, they may be linked to other categories of data (and thus potentially to you individually).
  • Registration data: certain specific content and services (e.g. newsletter dispatch, login areas on our website, etc.) can only be used with a user account or after registering, which can be done directly with us or via our external login service provider. When registering you will have to enter certain data, and we collect data about how the content or service is used. Registration data may be generated in the relation to controls on access to particular equipment. We retain registration data as a general rule for 12 months after usage of the service ended or after the user account was deleted.
  • Communication data: if you communicate with us using the contact form, by email, telephone or letter or using any other means of communication, we shall record the data exchanged between you and us, including your contact data and the metadata relating to the communication. We shall inform you specifically if we record or listen to any telephone conversations or video conferences, e.g. for training and quality assurance purposes. Any such recordings may only be made and used in accordance with our internal regulations. You will be informed whether and when any such recording takes place, e.g. by a notice during the respective video conference. If you do not wish any recording to take place, please let us know or stop taking part. If you simply do not wish any images of you to be recorded, please simply disable your camera. Should we wish or be required to establish your identity, we shall collect data in order to identify you (e.g. a copy of an identification document). We retain data as a general rule for 12 months after the last interaction with you. This period may be longer where necessary or essential on a technical level for the purpose of securing evidence or compliance with statutory or contractual requirements. Emails in email accounts and written correspondence are generally retained for at least 10 years. Recordings of (video) conferences are generally retained for 12months.
  • Master data: we take master data to be the core data that we require in addition to contractual data (see below) in order to manage our contractual and other business relationships or for marketing and advertising purposes, such as your name and contact details along with information concerning e.g. your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authority and declarations of consent. We process your master data if you are or work for (e.g. as a contact person or business partner) a customer or another business contact or if we wish to contact you for our own purposes or for the purposes of a contractual partner (e.g. in relation to marketing and advertising, invitations to events, newsletters etc.). We receive master data from you yourself (e.g. in the event of a purchase or in relation to registration), from bodies active on your behalf or from third parties such as e.g. our contractual partners, associations and address managers and from publicly accessible sources such as e.g. public registers or the internet (websites, social media etc.). We retain these data as a general rule for 10 years after the last interaction with you, or otherwise after termination of the contract. This period may be longer where necessary or essential on a technical level for the purpose of securing evidence or compliance with statutory or contractual requirements. The period is normally significantly shorter for pure marketing and advertising contacts, and in most cases no longer than 2 years since the last contact.
  • Contract data: these are data obtained in relation to the conclusion or performance of a contract, e.g. information concerning contracts and the services that are to be or have been provided, as well as data obtained prior to the conclusion of a contract, information required or used for the purpose of performance as well as information concerning responses (e.g. complaints or information concerning satisfaction etc.). We collect these data as a general rule from you, from contractual partners and from third parties involved in the performance of the contract, although also from third-party sources (e.g. providers of credit reference information) and from publicly accessible sources. We retain these data as a general rule for 10 years after the last activity under the contract, or otherwise after termination of the contract. This period may be longer where necessary or essential on a technical level for the purpose of securing evidence or compliance with statutory or contractual requirements.
  • Behavioural and preference data: depending upon the relationship between us and you, we shall attempt to get to know you and to tailor our products, services and content better to you. For this purpose, we collect and use data concerning your behaviour (website) and your preferences (where you inform us e.g. that you are interested in a particular service). We anonymise or erase these data after 24 months, whenever they are no longer relevant for the purposes pursued. This period may be longer where necessary or essential on a technical level for the purpose of securing evidence or compliance with statutory or contractual requirements. We describe how tracking works on our website in section 12.
  • Other data: we also collect data from you under other circumstances. Data received within the ambit of administrative or judicial proceedings (such as case documentation, evidence etc.) may concern you. We may also collect data on health protection grounds (e.g. in relation to security concepts). We may receive or create photographs, videos or sound recordings in which you are recognisable (e.g. at events, using security cameras etc.). We may also collect data about who enters particular buildings and when or who has access rights to buildings (including within the ambit of access controls, on the basis of registration data or visitor lists etc.), who participants in events or initiatives and when, or who uses our infrastructure or systems and when. The retention period for these data is determined having regard to the purpose and is limited to the period that is strictly necessary. This ranges from a couple of days for the many security cameras through, as a rule, a few weeks for contract tracing data to, generally speaking, 3 months for visitor data. On the other hand, reports concerning events containing images may be retained for several years or longer.

Many of the data referred to in this section 3 are provided to us by you yourself (e.g. within forms, when communicating with us, in relation to contracts, when using the website etc.). You are not obliged to do so except under specific individual circumstances, e.g. within the ambit of binding security concepts (statutory obligations). If you conclude contracts with us or wish to use services, you are also required to provide data to us in accordance with your contractual obligations under the relevant contract, including in particular master data, contractual data and registration data. Usage of our website inevitably involves the processing of technical data. If you would like to access particular systems or buildings, you will need to provide us with registration data. However, you generally have the option of objecting or withdrawing consent in relation to behavioural and preference data.

Unless this is unlawful, we also obtain data from publicly accessible sources or from authorities and other third parties (such as e.g. credit reference agencies, address dealers, associations, contractual partners, internet analysis services etc.).

4. For what purposes do we process your data?

We process your data for the purposes described below. Further information concerning online processing can be found in sections 12 and 13. These purposes or the objectives underlying them constitute legitimate interests of ours and, where appropriate, of third parties. You can find further information concerning the legal basis for processing by us in section 5.

We process your data for purposes relating to communication with you, in particular in order to answer queries and to enable you to exercise your rights (section 11) and to contact you with any follow-up questions. We use in particular communication data and master data for these purposes. We retain these data for the purpose of documenting our communication with you, for training purposes, for quality assurance and for enquiries.

We process data in relation to the establishment, management and implementation of contractual relationships.

We process data for marketing and relationship management purposes, e.g. in order to send personalised advertising to our clients and other contractual partners concerning our products and services. This may occur e.g. in the form of newsletters and other regular contacts (electronically or by post or telephone), through other channels for which we have your contact details, although also within the ambit of individual marketing initiatives (e.g. events etc.), and may also feature free services (e.g. invitations etc.). You can object to this type of contact at any time (see at the end of this section 4) or withhold or withdraw consent to being contacted for marketing purposes. With your consent, we may tailor our online advertising to you in a more targeted manner (see section 12).

We also process your data for the purpose of market research, in order to improve our services and our operations as well as for product development.

We may also process your data for security and access control purposes.

We process personal data for the purpose of compliance with the law, with instructions and recommendations of authorities and with internal regulations (”compliance”).

We also process data for the purposes of our own risk management and within the ambit of prudent business management, including our business organisation and company development.

We may process your data for other purposes, e.g. without the ambit of our own internal processes and administration or for training and quality assurance purposes.

5. What is the basis for our processing of your data?

If we ask for your consent to particular forms of processing (e.g. for the processing of sensitive personal data, for marketing emails, for advertising optimisation and behaviour analysis on the website), we shall inform you separately concerning the particular purpose for which processing occurs. You can withdraw consent at any time with future effect by sending to us a written notice (by post) or, unless specified or agreed otherwise, by email; our contact information can be found in section 2. For the withdrawal of your consent to online tracking, see section 12. If you have a user account, you can also withdraw consent or contact us where applicable through the respective website or other service. As soon as we receive notice from you concerning the withdrawal of your consent, we shall no longer process your data for the purposes for which you originally consented, unless we have another legal basis for doing so. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

If we have not asked you to consent to processing, the basis for the processing of your personal data is that processing is necessary to take steps prior to entering into a contract or for the performance of a contract with you (or with the body represented by you) or that we or a third party have/has a legitimate interest in processing, in particular in order to pursue the purposes described in section 4 above and related objectives and in order to be able to carry out related acts. Our legitimate interests also include compliance with statutory requirements, unless this is already recognised as a legal basis under the applicable data protection law (e.g. under the GDPR and the law applicable in the EEA and in Switzerland). However, this also includes the marketing of our products and services, the interest in understanding our markets better and the secure and efficient management of our company, including operational management, and its further development.

If we receive sensitive data (e.g. data concerning health, information concerning political opinion, religion or beliefs or biometric identification data), we may process your data in accordance with another legal basis, e.g. in the event of disputes as to whether processing is necessary, within any litigation or for the exercise or defence of legal claims. Other legal bases may apply under specific individual circumstances, and where necessary we shall inform you concerning them separately.

6. What rules apply to profiling and automated decision making?

We may assess some of your personal characteristics according to automated procedures with reference to your data (section 3) for the purposes mentioned in section 4 (”profiling”) if we would like to obtain preference data, although also in order to identify any risk of misuse or security risks, to carry out statistical assessments or for operational planning purposes. We may also create profiles for the same purposes, i.e. we may cross-reference behavioural data and preference data, although also master data and contractual data as well as technical data attributed to you in order to understand you better as a person along with your different interests and other characteristics.

In both cases, we ensure that the results are proportionate and reliable and take action to prevent misuse of these profiles or of profiling. If these could potentially entail legal implications or significant adverse consequences for you, as a general rule we carry out a manual review.

7. With whom do we share your data?

We also transmit your personal data to third parties, including in particular the following categories of recipient, in relation to our contracts, the website, our services and products, our legal obligations or otherwise in order to uphold our legitimate interests and for the other purposes referred to in section 4:

  • Service providers: we work with service providers in Switzerland and abroad, which process data concerning you on our behalf or under joint responsibility with us or which obtain data concerning you from us under their own responsibility (e.g. IT providers, shipping companies, advertising service providers, login service providers, cleaning companies, security monitoring companies, banks, insurers, collection firms and credit agencies). These may also include data concerning health.
  • Contractual partners including customers: these include primarily customers (e.g. recipients of services) and other contractual partners of ours, as such data processing occurs in accordance with these contracts. If you yourself work for any such contractual partner, we may transmit data to it concerning you also in this regard. Recipients include other contractual partners with which we cooperate or that conduct advertising for us, and to which we therefore transmit data concerning you for analytical and marketing purposes. We ask these partners only to send advertising to you or play advertising to you based on your data if you have consented (for online advertising cf. section 12).
  • Authorities: we may transmit personal data to offices, courts and other authorities in Switzerland and abroad if we are obliged or entitled to do so by law or if this appears necessary to us in order to uphold our interests. The authorities process data concerning you that they receive from us under their own responsibility.
  • Other persons: this applies in other instances where third parties are involved for the purposes mentioned in section 4, e.g. service providers, media and associations in which we are involved or if you feature in any of our publications.

All of these categories of recipient may in turn involve third parties, with the result that your data may also be made accessible to them. We are able to limit processing by certain third parties (e.g. IT providers) although not by these other third parties (e.g. authorities, banks etc.).

8. Are your personal data also transferred abroad?

As explained in section 7, we also transfer your data to other bodies. These are not located exclusively in Switzerland. Your data may therefore be processed both in Europe and also in the USA, although under exceptional circumstances in any country around the world.

If a recipient is located in a country without adequate statutory data protection, we contractually require the recipient to comply with the applicable data protection regulations (to do this we use the revised standard contractual clauses of the European Commission found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en) unless it is already subject to a legally recognised set of data protection regulations and we cannot rely on an exemption clause. An exemption may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires such disclosure, if you have given your consent or if you have made the data generally accessible and you have not objected to its processing.

9. For how long do we process your data?

We process your data for as long as required by our processing purposes, the legal retention periods, and our legitimate interests in the processing for documentation and evidence purpose, or for as long as storage is technically necessary. You can find further information concerning the respective duration of storage and processing for the individual data categories in section  3 or for the different categories of cookie in section 12. If there are no legal or contractual obligations to the contrary, we erase or anonymise your data after the expiry of the retention or processing period in the scope of our standard processes.

10. How do we protect your data?

We take adequate security measures in order to uphold the confidentiality, integrity and availability of your personal data, to protect them against unauthorised or unlawful processing and also to counter the risk of loss, inadvertent alteration, unintended disclosure or unauthorised access.

11. What rights do you have?

The applicable data protection law grants you the right, under certain circumstances, to object to the processing of your data, in particular for the purposes of direct marketing, processing conducted in relation to direct marketing and other legitimate interests in processing.

In order to make it easier for you to control how your personal data are processed, depending upon the applicable data protection law, you also have the following rights in relation to data processing by us:

  • the right to obtain information from us as to whether we are processing any of your personal data, and if so which;
  • the right to obtain the rectification by us of any inaccurate data;
  • the right to obtain the erasure of data;
  • the right to obtain from us the disclosure of certain personal data in a commonly used electronic format or their transfer to another controller;
  • the right to withdraw consent insofar as our processing is based on your consent;
  • the right, upon request, to obtain any additional information necessary for the exercise of these rights;
  • the right to present your point of view in the event of automated individual decision making (section 6) and to request that the decision be reviewed by a natural person.

If you would like to exercise any of the above-mentioned rights with us, please contact us by writing to our address or, unless specified or agreed otherwise, by sending us an email; you can find our contact information in section 2. In order for us to prevent misuse, we must identify you (e.g. with a copy of your identification document).

You can also exercise these rights against other operators that cooperate with us under their own responsibility – please contact them directly if you would like to exercise your rights in relation to processing by them. You can find details of our key cooperation partners and service providers in section 7, and further information in section 12.

Please note that, depending upon the applicable data protection law, conditions, exceptions or limitations apply to these rights (e.g. for the protection of third parties or business secrets). We shall inform you accordingly in such cases.

Please let us know if you do not think we are respecting your rights or if you do not agree with our approach to data processing (section 2). In particular, if you are situated in the EEA, the United Kingdom or Switzerland, you also have the right to lodge a complaint with the data protection supervisory authority in your own country. A list of EEA authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en. You can contact the Swiss supervisory authority here: https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html.

12. Do we use online tracking techniques?

We use various techniques on this website so that we and the third parties involved by us can recognise you in the event of subsequent usage, and in some circumstances also track your interaction in the event of multiple visits. We provide you with information concerning them in this section.

The key issue is for us to be able to differentiate between access by you (through your system) and access by another user, thus enabling us to guarantee proper website functionality and to carry out assessments and personalise content. Our intention in doing so is not to establish your identity, even if we are able to do so where we, or a third party involved by us, could identify you by cross-referencing with registration data. However, the techniques used are configured in such a manner as to recognise you as an individual user, irrespective of registration data, each time you access the website, for instance thanks to the allocation to you or your browser of a particular ID (in the form of a cookie) by our server (or a third-party server).

We use such techniques on our website and allow certain third parties to do so as well. Depending on the purpose of these techniques, however, we will ask for your consent before they are used. You can configure your browser to block or mislead particular cookies or alternative techniques, or to delete any cookies saved. You can also expand your browser with software that blocks tracking by certain third parties. Further information can be found on the help pages of your browser (in most cases under the heading “Privacy”) or on the third-party websites mentioned by us below.

The following cookies (techniques with comparable functions such as fingerprinting also fall under this category) are distinguished:

  • Necessary cookies: some cookies are necessary for the functioning of the website as such or for certain functions. For example, they ensure you can switch between pages without losing the information entered in a form. They also ensure you remain logged in. These cookies are only stored temporarily (session cookies). If you disable them, the website may not work properly. Other cookies are necessary in order for the server to be able to store your decisions or inputs after a session (i.e. a visit to the website) if you use this function (e.g. language chosen, consent given, automatic login function, etc.). These cookies have an expiry date of up to 24 months.
  • Performance cookies: with a view to optimising our website and related content and tailoring it better to the needs of users, we use cookies to log and analyse usage of our website, in some instances across more than one session. We do this by using third-party analysis services. Performance cookies also have an expiry date of up to 24 months. You can find details on the websites of the third-party providers.

We may also incorporate other third-party content into our website, in particular from social media providers. This content is disabled by default. After you have enable it (e.g. by clicking on a button), the respective provider will be able to establish that you have visited our website. If you have an account with the social media provider, it may allocate this information to you, and as a result track your usage of online content. These social media providers process these data under their own responsibility.

We currently incorporate content from the following service providers and advertising contractual partners (where these partners use your data or the cookies saved in relation to you for the purpose of personalising advertising):

  • Voicepoint AG uses the statistical solution Matomo, which stores analytical data and offers processes for processing these data as an outsourced data processor. In this context personal data are not subjected to detailed machine analysis (profiling) and no automated data processing procedures are used for decision making (matching). Data shared with Voicepoint are stored at an IT centre in Switzerland. As a general rule, the data are used to simplify the management and implementation of tracking tags and other code snippets. Website operators can use Matomo Tag Manager to simplify the tracking of visitor activities on their site and streamline data capture in order to obtain a better understanding of user behaviour. This can help to increase the website’s performance and improve the user experience.
  • We use hCaptcha to guarantee the security of our website. This means that you will have to complete a short test when using particular functions (e.g. contact form) in order to confirm that you are a real person. This test is quick and simple and helps to protect our website against misuse. This service is provided by Intuition Machines, Inc., a Delaware US Corporation (“IMI”), 350 Alabama St, San Francisco, CA 94110.

    hCaptcha analyses the behaviour of visitors to a website or mobile app with reference to various characteristics. This analysis starts automatically as soon as the visitor has accessed part of the website or app on which hCaptcha is enabled. Various information is assessed during the analysis, such as for instance the IP address, the period of time spent by the visitor on the website or app as well as the user’s mouse movements. The data collected during this analysis are sent to IMI, which acts as a “data processor”. hCaptcha analysis in “invisible mode” can operate entirely in the background without the website or app user being informed, unless a request is displayed. This data processing occurs on the basis of point (f) of Article 6(1) of the Data Protection Regulation (GDPR). The website or mobile app operator has a legitimate interest in protecting its website against misuse by automated crawlers and spam.

    Standard Contractual Clauses (SCC) provide the basis for data processing or data sharing with recipients based on third countries such as e.g. the USA. These are templates provided by the EU Commission, which ensure that data protection complies with European standards even if your data are transmitted to and stored in third countries. These standard contractual clauses oblige providers such as hCaptcha to comply with European data protection standards when processing personal data. The decision on standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32021D0914. The data processing agreement concluded by IMI that refers to the standard contractual clauses can be found here: https://newassets.hcaptcha.com/dpa/IMI.DPA.9.23.21.New.SCCs.pdf. Further information concerning hCaptcha and IMI’s Privacy Policy and Master Terms of Service can be found here: https://www.hcaptcha.com/privacy and here: https://www.hcaptcha.com/terms.

13. What data do we process on our pages on social networks?

We may operate pages and other online profiles on social networks and other platforms operated by third parties (”fan pages”, ”channels”, ”profiles” etc.), where we may collect data concerning you as described in section 3 and below. We obtain these data from you and from the platforms whenever you come into contact with our online profiles (e.g. if you communicate with us, comment on our content or visit our profile). At the same time, the platforms assess your usage of our online profiles and cross-reference these data with other data held by the platforms concerning you (e.g. concerning your behaviour and your preferences). They also process these data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. in order to personalise advertising) and to manage their platforms (e.g. which content they display to you).

We process these data for the purposes described in section 4, thus in particular communication, marketing (including advertising on these platforms, cf. section 12) and market research. You can find information concerning the respective legal bases in section 5. We may process ourselves (e.g. in our advertising on the platform or elsewhere) any content published by you yourself (e.g. comments on a post). We or the operators of platforms may also delete or restrict content uploaded by you or concerning you in accordance with the respective terms of use (e.g. inappropriate comments).

Please refer to the platforms’ respective privacy policies for further information concerning processing by platform operators. These also contain information concerning the countries in which they process your data, your right of access, your right to erasure and the other rights you have as a data subject and how you can exercise them or obtain further information. We currently use the following platforms:

14. Can this Privacy Policy be amended?

The Privacy Policy does not form part of a contract concluded with you. We may amend this Privacy Policy at any time. The most up-to-date version is published on this website.

Last updated: 07.08.2024