Privacy Policy

This Privacy Policy was machine translated with help from ChatGPT from German.

With this Privacy Policy, we inform you about the personal data we process in connection with our activities and operations, including our We specifically inform you about the purposes, methods, and locations of the personal data processing. We also provide information about the rights of individuals whose data we process.

For specific or additional activities and operations, additional privacy policies and other legal documents such as Terms and Conditions (T&C), Terms of Use, or Participation Terms may apply.

We are subject to Swiss data protection law and, if applicable, foreign data protection law, particularly the European Union's (EU) General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law provides adequate data protection.

1. Contact Addresses

Responsibility for the processing of personal data:

People Investor AG
Taubenstrasse 32
3011 Bern

We will inform you if, in specific cases, there are other data controllers for the processing of personal data.

2.1 Terms

Personal data refers to any information relating to a specific or identifiable natural person. A data subject is a person about whom we process personal data.

Processing includes any handling of personal data, regardless of the means and methods used, such as collecting, comparing, adapting, archiving, retaining, extracting, disclosing, obtaining, recording, collecting, deleting, disclosing, arranging, organizing, storing, altering, disseminating, linking, destroying, and using personal data.

The European Economic Area (EEA) includes the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) defines the processing of personal data as the processing of personal data.

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Data Protection Act, DPA), and the Data Protection Ordinance (Data Protection Ordinance, DPO).

We process - to the extent that the General Data Protection Regulation (GDPR) is applicable - personal data based on at least one of the following legal bases:

  • Art. 6(1)(b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject and for the performance of pre-contractual measures.
  • Art. 6(1)(f) GDPR for the necessary processing of personal data to protect the legitimate interests of us or third parties, unless the fundamental rights and freedoms and interests of the data subject prevail. Legitimate interests include, in particular, our interest in being able to conduct our activities and operations on a permanent, user-friendly, secure, and reliable basis and to communicate about them, ensuring information security, protecting against misuse, enforcing our own legal claims, and complying with Swiss law.
  • Art. 6(1)(c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under the law of member states in the European Economic Area (EEA).
  • Art. 6(1)(e) GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
  • Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.

3. Type, Scope, and Purpose

We process personal data that is necessary to be able to carry out our activities and operations on a permanent, user-friendly, secure, and reliable basis. Such personal data may include, in particular, categories of inventory and contact data, browser and device data, content data, metadata, and usage data, location data, sales data, as well as contract and payment data.

We process personal data for the duration necessary for the respective purpose(s) or as required by law. Personal data that is no longer necessary for processing will be anonymized or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. These third parties may include specialized service providers whose services we use. We ensure data protection with these third parties.

We generally process personal data only with the consent of the data subjects. To the extent that processing is permissible for other legal reasons, we may refrain from obtaining consent. For example, we may process personal data without consent to fulfill a contract, comply with legal obligations, or protect overriding interests.

In this context, we particularly process information that a data subject voluntarily provides to us when contacting us - for example, by postal mail, email, instant messaging, contact form, social media, or telephone - or when registering for a user account. We may store such information, for example, in an address book, in a Customer Relationship Management System (CRM system), or with similar tools. When we receive data about other persons, the data providers are obligated to ensure data protection for these persons and to ensure the accuracy of this personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, provided that such processing is legally permissible.

4. Applications

We process personal data of applicants to the extent necessary to assess their suitability for employment or for the subsequent execution of an employment contract. The necessary personal data primarily consist of the information provided, for example, in a job posting. We also process personal data that applicants voluntarily disclose or publish, especially as part of cover letters, resumes, other application documents, and online profiles.

We process – to the extent that the General Data Protection Regulation (DSGVO) is applicable – personal data about applicants, especially according to Art. 9(2)(b) DSGVO.

We can allow applicants to store their information in our Talentpool for consideration in future job openings. We can also use such information to maintain contact and provide updates. If we believe that an applicant is suitable for an open position based on the information, we can inform the applicant accordingly.

We use third-party services to advertise positions using E-Recruitment and enable and manage applications.

5. Personal Data Abroad

We process personal data primarily in Switzerland and in the European Economic Area (EEA). However, we can also export or transmit personal data to other countries, especially to have them processed there.

We can export personal data to all countries and territories on Earth as well as elsewhere in the universe, provided that the local law, according to the decision of the Swiss Federal Council, ensures adequate data protection and – to the extent that the General Data Protection Regulation (DSGVO) is applicable – according to the decision of the European Commission ensures adequate data protection.

We can transmit personal data to countries whose law does not ensure adequate data protection if data protection is guaranteed for other reasons, especially based on standard data protection clauses or other appropriate safeguards. Exceptionally, we can export personal data to countries without adequate or appropriate data protection if the special data protection requirements are met, such as the explicit consent of the data subjects or a direct connection to the conclusion or execution of a contract. Upon request, we will gladly provide data subjects with information on any guarantees or provide a copy of any guarantees.

6. Rights of Data Subjects

6.1 Data Protection Claims

We grant data subjects all claims under applicable data protection law. Data subjects have the following rights in particular:

  • Information: Data subjects can request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data as such, but also, among other things, information on the purpose of processing, the duration of storage, any disclosure or transfer of data to other countries, and the origin of the personal data.
  • Correction and Restriction: Data subjects can correct incorrect personal data, complete incomplete data, and request a restriction on the processing of their data.
  • Deletion and Objection: Data subjects can request the deletion of personal data ("right to be forgotten") and object to the processing of their data with effect for the future.
  • Data Disclosure and Data Transfer: Data subjects can request the disclosure of personal data or the transfer of their data to another controller.

We can postpone, restrict, or deny the exercise of data subjects' rights within the legally permissible framework. We can inform data subjects of any conditions that may need to be met for the exercise of their data protection rights. For example, we can refuse to provide information, referring to trade secrets or the protection of other persons, in whole or in part. We can also refuse to delete personal data, referring to legal retention obligations, in whole or in part.

We can exceptionally impose costs for the exercise of rights. We will inform data subjects in advance of any potential costs.

We are obliged to identify data subjects who request information or exercise other rights with appropriate measures. Data subjects are required to cooperate.

6.2 Right to Lodge a Complaint

Data subjects have the right to enforce their data protection claims in court or to file a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (EDÖB).

7. Data Security

We implement suitable technical and organizational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security.

Access to our website is secured with transport encryption (SSL/TLS), particularly using the Hypertext Transfer Protocol Secure, abbreviated as HTTPS. Most browsers indicate transport encryption with a padlock in the address bar.

Our digital communication, like virtually all digital communication, is subject to mass surveillance without cause or suspicion and other monitoring by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct control over the corresponding processing of personal data by intelligence agencies, police authorities, and other security agencies.

8. Website Usage

8.1 Cookies

We may use cookies. Cookies, including first-party cookies (First-Party Cookies) as well as cookies from third parties whose services we use (Third-Party Cookies), are data stored in the browser. Such stored data is not necessarily limited to traditional text cookies.

Cookies can be stored in the browser temporarily as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specified storage duration. Cookies, in particular, enable the recognition of a browser on the next visit to our website, allowing, for example, the measurement of our website's reach. Permanent cookies can also be used for online marketing, among other purposes.

Cookies can be disabled or deleted in the browser settings at any time, either completely or partially. Without cookies, our website may not be fully available. We request, at least as far as necessary, your explicit consent for the use of cookies.

For cookies used for success and reach measurement or for advertising, a general objection ("opt-out") for numerous services is possible via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

8.2 Server Log Files

We may collect the following information for each access to our website, provided that it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time, including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual subpage of our website including the amount of data transmitted, and the last webpage visited in the same browser window (referrer).

We store such information, which may also constitute personal data, in server log files. The information is necessary to ensure the permanent, user-friendly, and reliable provision of our website and to ensure data security, particularly the protection of personal data, also through third parties or with the help of third parties.

8.3 Count Pixels

We may use count pixels on our website, also known as web beacons. Count pixels, including those from third parties whose services we use, are small, typically invisible images that are automatically retrieved when visiting our website. Count pixels can capture the same information as server log files.

9. Notifications and Messages

We send notifications and messages via email and through other communication channels, such as instant messaging or SMS.

9.1 Success and Reach Measurement

Notifications and messages may include web links or count pixels that capture whether a single message was opened and which web links were clicked. Such web links and count pixels can also capture personal usage of notifications and messages. We need this statistical measurement of use for success and reach measurement to effectively, user-friendly, and permanently, securely, and reliably send notifications and messages based on the needs and reading habits of the recipients.

You must generally expressly consent to the use of your email address and other contact addresses unless the use is permissible for other legal reasons. Where possible, we use the "double opt-in" procedure, meaning you receive an email with a web link that you must click to confirm, ensuring no misuse by unauthorized third parties can occur. We can log such consents, including the IP address, as well as the date and time for evidentiary and security purposes.

You can generally object to receiving notifications and messages, such as newsletters, at any time. Such an objection allows you to simultaneously object to the statistical measurement of use for success and reach measurement. Necessary notifications and messages related to our activities and operations are reserved.

9.3 Service Providers for Notifications and Messages

We send notifications and messages with the assistance of specialized service providers.

10. Social Media

We are present on social media platforms and other online platforms to be able to communicate with interested individuals and inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The general terms and conditions (AGB) as well as the terms of use and data protection declarations and other provisions of the respective operators of such platforms also apply. These provisions inform in particular about the rights of data subjects directly to the respective platform, including, for example, the right to information.

11. Third-Party Services

We use services from specialized third parties to be able to carry out our activities and operations on a permanent, user-friendly, secure, and reliable basis. With such services, we can, among other things, embed functions and content into our website. For such embedding, the services used, for technical reasons, at least temporarily collect the IP addresses of users.

For necessary security, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data to provide the respective service.

We use, in particular:

11.1 Digital Infrastructure

We use services from specialized third parties to be able to use the required digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

We use, in particular:

11.2 Contact Options

We use services from selected providers to better communicate with third parties, such as potential and existing customers.

We use, in particular:

11.3 Scheduling

We use services from specialized third parties to be able to schedule appointments online, for example, for meetings. In addition to this privacy policy, the terms and conditions of use or privacy policies directly apparent in the services used also apply.

We use, in particular:

11.4 Audio and Video Conferencing

We use specialized services for audio and video conferences to communicate online. With them, we can conduct virtual meetings, online classes, and webinars, for example. Additional terms and conditions, such as privacy policies and usage terms, apply when participating in audio and video conferences.

Depending on your situation, we recommend muting the microphone by default and blurring the background or displaying a virtual background during audio or video conferences.

We primarily use:

11.5 Online Collaboration

We use third-party services to facilitate online collaboration. In addition to this privacy policy, the terms and conditions of the services used, such as usage terms or privacy policies, also apply and may be directly visible.

11.6 Map Material

We use third-party services to embed maps into our website.

We primarily use:

11.7 Fonts

We use third-party services to embed selected fonts, as well as icons, logos, and symbols into our website.

We primarily use:

11.8 Advertising

We have the option to display targeted advertisements for our activities and initiatives on third-party platforms, such as social media and search engines.

Our aim with such advertising is to reach individuals who are already interested in our activities and initiatives or could potentially be interested (Remarketing and Targeting). For this purpose, we may transmit relevant – potentially even personally identifiable – information to third parties that enable such advertising. We can also determine if our advertising is successful, particularly whether it leads to visits to our website (Conversion Tracking).

Third parties on which we advertise and where you, as a user, are logged in, may potentially associate the use of our website with your respective profile there.

We primarily use:

12. Website Extensions

We use extensions for our website to enable additional functionalities.

We primarily use:

  • Google reCAPTCHA: Spam protection (distinguishing between desired comments from humans and unwanted comments from bots and spam); Provider: Google; Specific details about Google reCAPTCHA: "What is reCAPTCHA?".

13. Success and Reach Measurement

We aim to determine how our online offering is used. In this context, we can measure the success and reach of our activities and initiatives, as well as the impact of third-party links to our website. We may also experiment and compare how different parts or versions of our online offering are used (the "A/B Test" method). Based on the results of success and reach measurement, we can particularly address errors, enhance popular content, and make improvements to our online offering.

In most cases, IP addresses of individual users are stored for success and reach measurement. IP addresses are generally shortened (IP masking) to follow the principle of data minimization through appropriate pseudonymization.

Cookies may be used in the success and reach measurement, and user profiles may be created. Any created user profiles may include, for instance, visited individual pages or viewed content on our website, information about the screen size or browser window, and the – at least approximate – location. User profiles, in principle, are created solely pseudonymized and are not used to identify individual users. Some third-party services, where users are logged in, may potentially associate the use of our online offering with the user's account or profile on the respective service.

We primarily use:

  • Google Analytics: Success and Reach Measurement; Provider: Google; Google Analytics-specific details: Measurement across different browsers and devices (Cross-Device Tracking) as well as with pseudonymized IP addresses, which are transferred to Google in the USA only in exceptional cases, "Data Privacy", "Browser Add-on to Deactivate Google Analytics".
  • Google Tag Manager: Integration and management of other services for success and reach measurement, as well as other services from Google and third parties; Provider: Google; Google Tag Manager-specific details: "Data Collected with Google Tag Manager"; further data privacy information is available for individual integrated and managed services.

14. Final Provisions

We have created this privacy policy using the Data Privacy Generator by Datenschutzpartner.

We may adjust and supplement this privacy policy at any time. We will inform you of such adjustments and supplements in an appropriate manner, particularly by publishing the current privacy policy on our website.