Privacy policy
Data protection is a high priority for mobilezone. We aim to create added value for our customers by utilising data. Transparency and the responsible handling of personal data are key concerns for us.
In the following privacy policy, we inform you about which personal data is collected and processed when using our websites and in the context of a contractual relationship.
In order to ensure a high level of protection for the personal data processed by us, mobilezone has implemented numerous organisational and technical measures.
In the mobilezone Group's Code of Conduct, we have set out further guidelines on how our employees should behave in connection with confidential data.
mobilezone holding ag
Suurstoffi 22
CH-6343 Rotkreuz
Introduction
The privacy policy describes how and for what purpose mobilezone holding ag collects, processes and uses personal data. mobilezone takes the issue of data protection seriously. The responsible handling of customer data is an important matter to us, and customer trust in us and our business activities is important to us. We are constantly making adjustments to protect our customers' personal data even better.
Personal data refers to all information relating to an identified or identifiable person. The objectives of this privacy policy are:
to provide comprehensive information about the processing of personal data by us;
the presentation of rights in connection with the processing of personal data; and
the provision of the contact details of the entity responsible for the processing of personal data and the data protection officer of mobilezone.
We comply with the provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA) and, where applicable, other provisions of data protection law, such as the European General Data Protection Regulation (GDPR). Where the GDPR is applicable, we have described the legal basis for processing.
What personal data do we process and for what purpose?
Depending on the activity or interaction with us, we process different personal data:
Visit to the website
When you visit our websites, our servers temporarily store every access in a log file. The following data is collected without any action on the part of the user and stored by us until it is automatically deleted after six months at the latest:
The IP address of the computer making the request (shortened)
The name of the Internet access provider used
The date and time of access
The name and URL of the retrieved file
The page and address of the website from which you were redirected to our websites and, if applicable, the search term used
The country from which our websites are accessed
The operating system of the computer used and of the browser used (provider, version and language)
The transmission protocol used
This data is collected and processed for the purpose of enabling the use of our websites (establishing a connection), ensuring system security and stability in the long term, and enabling the optimisation of our Internet offering, as well as for internal statistical purposes.
In the event of an attack on the network infrastructure or suspicion of other unauthorised or abusive website use, the IP address is evaluated for clarification and defence purposes and, if necessary, used in the context of criminal proceedings for identification and for civil or criminal processes.
We use cookies and other applications that are based on cookies. Further information on this can be found in the "Cookies" and "Tracking tools" sections.
Registration for financial and media releases
When you register to receive financial and media releases, we collect and process the following personal data:
Company/media title
Title/gender
Surname, first name
Role
Address
Country
Email address
In the relationship as a shareholder of mobilezone holding ag
mobilezone holding ag, or the share registrar authorised by mobilezone holding ag, processes the following personal data of shareholders or shareholder representatives:
Title/gender
Surname, first name
Address
Date of birth
Telephone number
Email address
Data in connection with the position as shareholder or shareholder representative (e.g. number of shares, custodian bank, bank details at the custodian bank, participation in the Annual General Meeting, etc.)
Job application
When interested parties apply for a position, the following personal data is collected:
Title/gender
Surname, first name
Address
Telephone number
Email address
Date of birth
Curriculum vitae and references
Extract from criminal records
Extract from the debt collection register
The purpose of this data processing is to enable mobilezone to check the application and ensure that the applicant is suitable for the advertised position. Furthermore, in the case of an employment relationship, the information is used to maintain the employment relationship.
Sources of personal data
In principle, we collect personal data directly from our customers (e.g. via forms, as part of communication with us, in connection with purchases and the conclusion of contracts, when using the website).
Insofar as this is not prohibited, we also obtain data from publicly accessible sources (such as the media or the Internet, including social media) or receive data from other companies within our Group, from authorities and from other third parties (such as credit agencies, address traders, associations, contractual partners, Internet analysis services, etc.).
The categories of personal data that we receive from third parties include, in particular, information from public registers, information that we learn in connection with official and legal proceedings, information in connection with professional functions and activities (so that we can, for example, conclude and process transactions with our customers' employers), information about correspondence and meetings with third parties, creditworthiness information, information that associated people give us (family, advisors, legal representatives, etc.) so that we can conclude or process contracts with them or with their involvement (e.g. references, the address for deliveries, powers of attorney), information to comply with legal requirements such as combating fraud, money laundering and terrorism, as well as export restrictions, information from banks, insurance companies and sales and other contractual partners of ours on the use or provision of services by our customers (e.g. payments, purchases, etc.), personal information from the media and the Internet (insofar as this is appropriate in a specific case, for example in the context of an application, marketing/sales, press review, etc.), addresses and, if applicable, other socio-demographic data (in particular for marketing and research) and data in connection with the use of third-party websites and online offers where this use can be attributed.
Tracking tools
We use web analysis tools to adapt our websites to requirements. The web analysis tools we use generate user profiles based on pseudonyms. For this purpose, permanent cookies are stored on the user's end device and read by us. This enables us to identify returning visitors and determine their number.
Provider | Service |
Google LLC (USA) Google Ireland Limited (Ireland) | Google Tag Manager |
Google Analytics
On our platforms, we use Google Analytics (including Google Analytics for Firebase), an analysis tool from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). Google Analytics uses methods that make it possible to analyse the use of our platforms, such as cookies. The information generated by the cookie about your use of our platforms,
like
app updates,
browser information,
click path,
date and time of the visit,
device information,
downloads,
Flash version,
location information,
IP address,
JavaScript support,
pages visited,
purchase activity,
referrer URL,
usage data,
widget interactions,
navigation path that a visitor follows on the websites,
time spent on the websites and subpages,
the subpage on which the websites are left,
the country, region or city from which access takes place,
end device (type, version, colour depth, resolution, width and height of the browser window),
returning or new visitor,
browser provider/version,
the operating system used,
the referrer URL (previously visited website),
host name of the computer used for access (IP address),
time of the server request,
is usually transmitted to a Google server in the USA and stored there. The IP address is shortened by activating IP anonymisation ("anonymizeIP") before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area or Switzerland. According to Google, the masked IP address transmitted as part of Google Analytics is not merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we use contractual guarantees to ensure that Google complies with an adequate level of data protection.
The information is used to analyse the use of our platforms, to compile reports on activities on our platforms and to provide further services associated with the use of our platforms for the purposes of market research and the needs-based design of our platforms. This information may be transferred to third parties if this is required by law or if third parties are tasked with processing this data.
The legal basis for processing the data for this purpose is the user's consent. Consent can be revoked at any time with effect for the future.
Users can prevent Google from collecting the data generated by the cookie and relating to the use of our platforms by the user concerned (including the IP address) and from processing this data by preventing cookies or by implementing the appropriate settings on our platforms.
Further information about Google and how Google processes data can be found here.
Cookies
We use cookies on our websites. These cookies help in many ways to make visiting and using our platforms easier, more pleasant and more meaningful.
Cookies are individual codes (e.g. a serial number) that our server or a server of our service providers or contractual advertising partners transmits to the user's system upon connection to our website and that the user's system (browser, mobile) receives and stores until the programmed expiry date. With each subsequent access, the user's system transmits these codes to our server or the server of the third party. In this way, users are recognised even if their identity is unknown.
Whenever a server is accessed (for example, when using a website or an app or because an image is visibly or invisibly integrated into an email), visits can be "tracked". If we integrate offers from a contractual advertising partner or provider of an analysis tool on our website, the latter can track the user in the same way, even if the user cannot be identified in the individual case.
Most end devices/Internet browsers accept cookies automatically. However, the device/Internet browser can be configured so that no cookies are stored or a message always appears when a new cookie appears.
Deactivating cookies may mean that not all functions of our websites/apps/service can be used.
Profiling
We can automatically evaluate certain personal characteristics ("profiling") if we want to determine data about preferences, but also to determine abuse and security risks, to carry out statistical analyses or for operational planning purposes. No automated decision is made.
Disclosure of personal data to third parties
In connection with the use of our offers on our platforms and when visiting our shops, we pass on personal data to the following categories of recipients:
Group companies
For the purpose of providing administrative services, for the provision of IT services and for marketing activities, we also provide the necessary data to our Group companies mobilezone ltd, mobilezone reload ag, Digital Republic AG, IT Business Services GmbH and TalkTalk Ltd.
Service providers
We work with service providers domestically and abroad who process data on our behalf or in joint responsibility with us or who receive data from us on their own responsibility (e.g. network operators, advertising service providers, mail order companies, IT providers, login service providers, banks, insurance companies, credit agencies, address verifiers, debt collection companies, consumer credit providers, cleaning companies, security companies).
We provide these service providers with the data required for their services. These service providers may also use such data for their own purposes, for example information on outstanding debts and payment behaviour in the case of credit reference agencies or anonymised information to improve services. We also conclude contracts with these service providers that include provisions for the protection of personal data. Our service providers may also process data on how their services are used and other data generated in the course of using their services as independent controllers for their own legitimate interests (e.g. for statistical analyses or billing).
Authorities
We may disclose personal data to offices, courts and other authorities domestically and abroad if we are legally obliged or authorised to do so or if this appears necessary to protect our interests. The authorities process the data they receive from us on their own responsibility.
Purchasers or interested parties
Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to carry out a due diligence review or to complete the transaction.
Other parties
in potential or actual legal proceedings.
All of the above categories of recipients may in turn involve third parties, so that data may also be made accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
We also allow certain third parties to collect personal data on our website and at events organised by us (e.g. media photographers, providers of tools that we have integrated on our website, etc.). Insofar as we are not decisively involved in this data collection, these third parties are solely responsible for it. To assert these data protection rights, these third parties must be contacted directly.
Transfer of personal data abroad
As explained above, we also disclose data to other organisations. These are not only located in Switzerland. Data may therefore be processed both in Europe and in countries outside Europe.
Transmission abroad
The data can be transmitted to the following countries:
European Union (EU)
European Economic Area (EEA)
United States of America (USA)
United Kingdom (UK)
Compliance with applicable data protection
If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection law (we use the revised standard contractual clauses of the European Commission for this purpose), unless the recipient is already subject to a legally recognised set of rules to ensure data protection and we can rely on an exemption clause. An exemption may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interest or if the fulfilment of a contract requires such disclosure, if consent has been given or if the data in question has been made generally accessible and its processing has not been objected to.
We have taken the measures described above with our service providers in the USA.
Data that is exchanged via the Internet is often routed via third countries. This means that data can be sent abroad even if the sender and recipient are in the same country.
Note on data transfers to the USA
Some of the third-party service providers mentioned in this privacy policy are based in the USA. For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland that there are surveillance measures by US authorities in the USA that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This takes place without differentiation, restriction or exception on the basis of the objective pursued and without an objective criterion that would make it possible to restrict the US authorities' access to the data and its subsequent use to very specific, strictly limited purposes that could justify the intrusion associated with both access to and use of the data. We would also like to point out that there are no legal remedies available in the USA for data subjects from Switzerland that allow them to gain access to the data concerning them and to obtain its correction or deletion, and that there is no effective legal protection against general access rights of US authorities. We explicitly draw the attention of data subjects to this legal and factual situation so that they can make an appropriately informed decision to consent to the use of their data.
We would like to point out to users residing in Switzerland that the USA does not have an adequate level of data protection from Switzerland's point of view – partly due to the issues mentioned in this section. Insofar as we have explained in this privacy policy that recipients of data (such as Google) are based in the USA, we will ensure that data is protected at an appropriate level by our partners through contractual arrangements with these companies and, if necessary, additional appropriate guarantees that protect the rights of persons whose personal data is transferred to a third country.
Data security
We use suitable technical and organisational security measures to protect personal data stored by us against manipulation, partial or complete loss, and unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
We take data protection within the company seriously. Our employees and the service companies commissioned by us have been obliged by us to maintain confidentiality and to comply with data protection regulations.
Storage of data
Storage location
Personal data is stored in the following countries:
Switzerland
European Union (EU)
European Economic Area (EEA)
Duration of storage
We only store personal data for as long as is necessary to provide services that have been requested or for purposes for which consent has been given. Data is only stored for as long as it is required for these purposes.
Consequently, data will be deleted by mobilezone if:
the corresponding legal basis for processing the data no longer exists,
the purpose of processing the data no longer exists,
the consent to the processing of the data is revoked,
a legal obligation makes deletion necessary, or
the processing of personal data is objected to.
In all other cases, the storage period is generally 10 years – unless there are deviating statutory retention periods.
Personal data in job applications
Personal data processed during the application process will be deleted within 90 days of completion of the application process.
Your rights
You can object to data processing at any time. You also have the following rights:
Right to information
You have the right to request access to your personal data stored by us at any time free of charge if we are processing it. This gives you the opportunity to check what personal data we are processing about you and that we are using it in accordance with the applicable data protection regulations.
Right to rectification
You have the right to have incorrect or incomplete personal data corrected and to be informed of the correction. In this case, we will inform the recipients of the data concerned about the adjustments made, unless this is impossible or involves disproportionate effort.
Right to erasure
You have the right to have your personal data deleted under certain circumstances. In individual cases, the right to erasure may be excluded.
Right to restriction of processing
Under certain conditions, you have the right to request that the processing of your personal data be restricted.
Right to data portability
Under certain circumstances, you have the right to receive from us, free of charge in a machine-readable format, the personal data that you have provided to us.
Right to object
In principle, you have the right to withdraw your consent at any time with effect for the future. Processing activities based on your consent in the past are not rendered unlawful by your objection.
Contact
If you have any questions about data protection at mobilezone ltd, would like information or would like to have your data deleted, please contact us by sending an email to privacy@mobilezone.ch.
Please send your request by post to the following address:
mobilezone holding ag
Datenschutz
6343 Rotkreuz
Switzerland
Adaptation
This privacy policy is not part of a contract. We may amend this privacy policy at any time. The version published on mobilezoneholding.ch is the current version.
Last updated: 1 November 2023