Privacy Policy

1. Contact Addresses

Responsibility for Processing Personal Data:

Fabian Lang
Wydenstrasse 22
6030 Ebikon
Switzerland
info@codealang.ch

In individual cases, there may be other parties responsible for processing personal data or joint responsibility with at least one other responsible party.

Data Protection Advisor

We have the following data protection advisor as a point of contact for affected individuals and authorities for inquiries related to data protection:

Fabian Lang
Wydenstrasse 22
6030 Ebikon
Switzerland
info@codealang.ch

2. Terms and Legal Basis

2.1 Terms

Personal data is any information that relates to an identified or identifiable natural person. A data subject is a person about whom we process personal data.

Processing includes any handling of personal data, regardless of the means and procedures used, such as querying, matching, adapting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, disclosing, organizing, storing, modifying, distributing, linking, destroying, and using personal data.

2.2 Legal Basis

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Data Protection Act, DSG) and the Ordinance on Data Protection (Data Protection Ordinance, DSV).

3. Type, Scope, and Purpose

We process personal data that is necessary to carry out our activities and operations permanently, user-friendly, securely, and reliably. Such personal data may fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales data, as well as contract and payment data.

We process personal data for the duration required for the respective purpose or purposes or as required by law. Personal data whose processing is no longer required will be deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit it to third parties. Such third parties are in particular specialized providers whose services we use. We also ensure data protection with such third parties.

We generally only process personal data with the consent of the data subjects. If and to the extent that processing is permitted for other legal reasons, we may dispense with obtaining consent. For example, we may process personal data without consent to fulfill a contract, to comply with legal obligations, or to protect overriding interests.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, provided that such processing is permitted for legal reasons.

4. Communication

We process personal data to be able to communicate with third parties. In this context, we process in particular data that a data subject transmits when making contact, for example by mail or email. We may store such data in an address book or with comparable tools.

Third parties who transmit data about other persons are obliged to ensure data protection towards such affected persons. Among other things, the accuracy of the transmitted personal data must be ensured.

5. Data Security

We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. With our measures, we ensure in particular the confidentiality, availability, traceability, and integrity of the processed personal data, but cannot guarantee absolute data security.

Access to our website and our other online presence is via transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark transport encryption with a small padlock in the address bar.

Our digital communication is subject – like basically all digital communication – to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police stations, and other security authorities. We also cannot rule out that individual affected persons are specifically monitored.

6. Personal Data Abroad

We generally process personal data in Switzerland. However, we may also disclose or export personal data to other countries, in particular to process it there or have it processed.

We may disclose personal data to all countries and territories on Earth and elsewhere in the universe, provided that the law there ensures adequate data protection according to a decision by the Swiss Federal Council.

We may disclose personal data to countries whose law does not ensure adequate data protection, provided that appropriate data protection is ensured for other reasons. Appropriate data protection can be ensured, for example, through corresponding contractual agreements, on the basis of standard data protection clauses, or with other suitable guarantees. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the special data protection requirements are met, for example the explicit consent of the affected persons or a direct connection with the conclusion or execution of a contract. We are happy to provide affected persons with information about any guarantees or provide a copy of guarantees upon request.

7. Rights of Data Subjects

7.1 Data Protection Claims

We grant data subjects all claims according to applicable data protection law. Data subjects have in particular the following rights:

• Information
• Correction and restriction
• Deletion and objection
• Data disclosure and data transfer

We may postpone, restrict, or refuse the exercise of the rights of data subjects within the legally permissible framework. We may point out to data subjects any prerequisites that may need to be met for the exercise of their data protection claims.

For example, we may completely or partially refuse information with reference to business secrets or the protection of other persons. For example, we may also completely or partially refuse the deletion of personal data with reference to legal retention obligations.

We may exceptionally provide for costs for the exercise of rights. We inform data subjects in advance about any costs.

We are obliged to identify data subjects who request information or assert other rights with appropriate measures. Data subjects are obliged to cooperate.

7.2 Legal Protection

Data subjects have the right to enforce their data protection claims through legal channels or to file a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for complaints by data subjects against private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

8. Use of the Website or Web Application

8.1 Cookies

We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data need not be limited to traditional cookies in text form.

Cookies can be stored in the browser temporarily as "session cookies" or for a certain period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration.

Cookies enable in particular to recognize a browser on the next visit to our website and thereby, for example, measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.

Cookies can be completely or partially deactivated and deleted in the browser settings at any time. Without cookies, our website or web application may no longer be fully available. We actively request – at least if and to the extent necessary – explicit consent to the use of cookies.

8.2 Logging

We may log at least the following information for each access to our website or web application and our other online presence, provided that such information is transmitted to our digital infrastructure during such accesses: Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website or web application accessed including data volume transferred, last web page accessed in the same browser window (Referer or Referrer).

We log such information, which may also constitute personal data, in log files. The information is necessary to be able to provide our online presence permanently, user-friendly, and reliably. The information is also necessary to be able to ensure data security – also by third parties or with the help of third parties.

8.3 Counting Pixels

We may embed counting pixels in our online presence. Counting pixels are also referred to as web beacons. Counting pixels – also from third parties whose services we use – are usually small, invisible images or scripts formulated in JavaScript that are automatically retrieved when accessing our online presence. With counting pixels, at least the same information as in log files can be recorded.

9. Notifications and Messages

We send notifications and messages by email and via other communication channels such as instant messaging or SMS.

9.1 Success and Reach Measurement

Notifications and messages may contain web links or counting pixels that record whether an individual message was opened and which web links were clicked. Such web links and counting pixels can also record the use of notifications and messages on a personal basis.

We need this statistical recording of use for success and reach measurement in order to be able to send notifications and messages effectively and user-friendly as well as permanently, securely, and reliably based on the needs and reading habits of the recipients.

9.2 Consent and Objection

You must generally consent to the use of your email address and your other contact addresses, unless the use is permitted for other legal reasons.

You can generally object to receiving notifications and messages at any time. Required notifications and messages in connection with our activities and operations remain reserved.

10. Social Media

We are present on social media platforms and other online platforms to be able to communicate with interested persons and inform about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland.

The Terms and Conditions (T&C) and privacy policies of the individual operators of such platforms also apply.

11. Third-Party Services

We use services from specialized third parties to be able to carry out our activities and operations permanently, user-friendly, securely, and reliably. With such services, we can, among other things, embed functions and content in our website. With such embedding, the services used capture at least temporarily the IP addresses of users for technically compelling reasons.

For necessary security-relevant, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data to be able to offer the respective service.

Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: "Principles on Privacy and Security", Privacy Policy, "Google is committed to complying with applicable data protection laws", "Guide to Privacy in Google Products", "How we use data from websites or apps on or in which our services are used" (information from Google), "Types of cookies and similar technologies that Google uses", "Advertising you can influence" ("Personalized Advertising").

Microsoft Services: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General information on data protection: "Privacy at Microsoft", "Privacy and Privacy", Privacy Policy, "Data and Privacy Settings".

Zoho Mail Services: Email communication; Provider: Zoho Corporation Pvt. Ltd. (India) / Zoho Corporation B.V. (Netherlands) for users in the European Economic Area (EEA) and Switzerland.

For sending notifications, invitations, and other business-relevant messages, we process email addresses and contents of the respective messages via Zoho Mail.

The processing of personal data is exclusively for the purpose of communication in connection with our activities and operations. Zoho does not use the data for its own purposes.

Depending on the configuration, personal data may also be processed outside of Switzerland or the EEA. In such cases, we ensure that adequate data protection is guaranteed through appropriate guarantees, in particular through contractual agreements and standard data protection clauses.

Information on data protection: Zoho Privacy Policy, "Zoho Privacy Policy".

11.1 Digital Infrastructure

We use services from specialized third parties to be able to use the required digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

We use in particular:

Supabase: Backend platform (database, authentication, file storage, edge functions); Provider: Supabase Inc. (USA).

The personal data relevant to the operation of our web application (in particular database contents, authentication data, and stored files) are processed and stored in data centers in Switzerland.

Supabase may process meta and telemetry data (e.g., technical logs, metrics for system stability and project management) outside of Switzerland as part of technical operations. This data does not contain any content user data from our web application.

Information on data protection: Supabase Privacy Policy, "Data Processing Addendum (DPA)".

11.2 Fonts

We use services from third parties to be able to embed selected fonts as well as icons, logos, and symbols in our website.

We use in particular:

Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: "Your Privacy and Google Fonts", "Privacy and Data Collection".

11.3 Payments

We use specialized service providers to be able to process payments from our customers securely and reliably. For the processing of payments, the legal texts of the individual service providers such as Terms and Conditions (T&C) or privacy policies also apply.

We use in particular:

Stripe: Payment processing; Providers: Stripe Inc. (USA) / Stripe Payments Europe Limited (SPEL, Ireland) for users in the European Economic Area (EEA) and Switzerland as well as partly in the United Kingdom / Stripe Payments UK Limited (United Kingdom) and Stripe Capital Europe Limited (Ireland) partly for users in the United Kingdom; Information on data protection: "Stripe Privacy Center", Privacy Policy, Cookie Policy.

11.4 Use of Google Calendar

Our web application allows users to connect their Google Calendar with our application to determine available time slots for appointment scheduling.

As part of this connection, we access calendar information such as occupied and free time periods, date and time of appointments. Contents of calendar entries (e.g., descriptions or participant lists) are not permanently stored and are used exclusively for carrying out appointment scheduling. Calendar data is only processed temporarily and not permanently stored. After completion of appointment scheduling, no calendar information is retained on our systems.

The connection is made via OAuth authentication provided by Google. Access tokens and refresh tokens are stored to maintain access to the calendar. These tokens can be revoked at any time by the users.

The processing of calendar data is exclusively purpose-bound and not for creating user profiles. Access is exclusively within the scope of the OAuth permissions (scopes) provided by Google, in particular for reading availabilities and appointment times. Access to complete calendar entries or their contents does not occur unless this is absolutely necessary for appointment scheduling.

The calendar data is not used for advertising, analysis purposes, or for disclosure to third parties.

11.5 Use of Microsoft Outlook / Microsoft Graph

Our web application allows users to connect their Microsoft Outlook calendar via the Microsoft Graph API.

Calendar information such as appointment times, occupancies, and availabilities are processed to display free time slots and coordinate appointments. Contents of calendar entries are not permanently stored. Calendar data is only processed temporarily and not permanently stored. After completion of appointment scheduling, no calendar information is retained on our systems.

Authentication is via Microsoft OAuth. Access tokens and refresh tokens are stored to maintain the connection. The connection can be revoked at any time by the users.

Processing is exclusively for appointment organization and not for other purposes.

The calendar data is not used for advertising, analysis purposes, or for disclosure to third parties.

11.6 GitLab Pages and Version Control

Version control and hosting of web applications; Provider: GitLab B.V. (Netherlands) for users in the European Economic Area (EEA) and Switzerland / GitLab Inc. (USA) for users in the rest of the world.

We use GitLab for version control of the source code as well as for providing our web application via GitLab Pages. In particular, technical data such as IP addresses, access data, times of accesses, as well as information about the browser and operating system used may be processed.

The processing of this personal data is for the purpose of secure, stable, and reliable operation of our web application as well as for error analysis and system monitoring.

Depending on the design and use of the services, personal data may also be processed outside of Switzerland or the European Economic Area. In such cases, we ensure that adequate data protection is guaranteed through appropriate guarantees, in particular through contractual agreements and standard data protection clauses.

Information on data protection: GitLab Privacy Policy.

12. Final Provisions

We created this privacy policy with the privacy generator from Datenschutzpartner.

We may adapt and supplement this privacy policy at any time. We will inform about such adaptations and supplements in an appropriate form, in particular by publishing the current privacy policy on our website.