Data protection statement
valid from: 20.05.2022
The processing of personal data of users of the websites www.finnova.com, www.finnova.ch, www.finnova.org and www.finnovasmarterbanking.com (hereinafter 'the websites'), and other persons whose personal data we process, is subject to Swiss data protection law, in particular in accordance with the Federal Act on Data Protection (FADP) and – where applicable – foreign data protection law, such as the General Data Protection Regulation (GDPR) of the European Union (EU). The EU recognises that Swiss data protection law ensures appropriate data protection.
Processing of personal data
Personal data is any information relating to an identified or identifiable person.
A data subject is a person whose personal data is processed.
Processing is any operation performed on personal data, independently of the tools and processes used, in particular storing, disclosing, collecting, deleting, saving, altering, destroying or using personal data.
Finnova processes personal data in accordance with Swiss data protection law. Otherwise, Finnova processes – where the GDPR is applicable – personal data pursuant to:
- Art. 6 par. 1 (a) GDPR for the processing of personal data with the consent of the data subject.
- Art. 6 par. 1 (b) GDPR for the necessary processing of personal data for the fulfilment of a contract with the data subject as well as the implementation of the corresponding pre-contractual measures.
- Art. 6 par. 1 (c) GDPR for the necessary processing of personal data for compliance with a legal obligation to which Finnova is subject in accordance with EU legislation that may apply, or in accordance with legislation that may apply of a country in which the GDPR is wholly or partially applied.
- Art. 6 para. 1 (d) GDPR for the necessary processing of personal data in order to protect the vital interests of the data subject or another natural person.
- Art. 6 para. 1 (f) GDPR for the necessary processing of personal data for the purposes of the legitimate interests pursued by Finnova or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Legitimate interests are in particular: the economic interest of Finnova in being able to provide the websites, information security, the enforcement of own legal claims, and compliance with Swiss law. Finnova processes personal data for the duration necessary for the respective purpose or the respective purposes. In the event of longer retention periods due to legal and other obligations Finnova is subject to, we restrict processing accordingly.
Collection and processing of personal data; consent of data subjects
This data protection statement describes which personal data we collect via the following channels, and how we process it:
(a) When the websites are accessed, in particular when users provide data on contact forms or registration pages, or when users subscribe to email newsletters. By accessing the websites, the user accepts this data protection statement. Any user who does not accept the content of this data protection statement must refrain from accessing other pages of the websites.
(b) In the context of the registration and implementation of events and other activities organised and carried out by Finnova for the marketing of Finnova products and services with the explicit consent of the data subjects with regard to the respective data processing. For the implementation of online events and activities, namely webcasts and webinars, we use solutions and services of third-party providers (see section 'Services of third parties' below).
(c) ) In the context of the registration for use of offers from Finnova and/or from service providers commissioned by Finnova for cloud-based services such as software as a service (SaaS) or platform as a service (PaaS).
(d) In the context of Finnova's strategic and operational corporate management and in communication with various contact persons, Finnova uses different instruments and tools, in particular:
- To ensure the operation, maintenance and further development of the software, including services (for example releasing, documentation, manuals, checklists, support, development tools etc.)
- To ensure the sale and marketing of the software and services (for example product/service information/promotions, white papers, newsletters, surveys, contractual agreements and financially relevant information)
- To ensure the continued existence of the company on a sustainable and long-term basis (for example contractual agreements, financially relevant Information)
Collection and processing of data
Visiting the websites does not generally require the user to identify themself or enter personal data.
Finnova processes the personal data collected via the above-mentioned channels within the scope of applicable legislation and regulations for the following purposes:
- The technical administration of the websites
- Client and user administration and marketing
- Informing data subjects about Finnova's products and services
- All other purposes expressly specified during collection via the above-mentioned channels or requested by the data subjects
Analysis of website visitors with web analytics solution Matomo and cookies
The websites use the web analytics solution Matomo (formerly Piwik), which is open source software provided under the GNU General Public License (GPL) for statistical analysis of all visits to the websites in real time.
Matomo compiles detailed statistics about visitors to the websites and records the following protocol data and information:
- Date of visit
- Time of visit
- URL of the referring (previously visited) web page (referrer URL)
- Files viewed
- Amount of data transferred
- Length of visit, entry pages, exit pages and exit rates
- Search terms entered in the search screen
- Origin of users by country
- Browser type and version, and browser plugins used
- Operating system and version
- IP address
Matomo is configured by Finnova in such a way that:
- The last two groups of numbers ('octets') of the IP address are stored in an anonymised form (for example: if the website is viewed by a user with the IP address 18.104.22.168, the address is stored as 22.214.171.124)
- Any opt-out carried out by the user by enabling the check box 'Your visit to this web site is currently being recorded by Matomo web analytics. Click here to stop your visit being recorded' is stored in the form of an opt-out cookie, which means that the user has to declare their opt-out again following deletion of all cookies, for example
- Opt-out cookies last for two years
- Tracking cookies last for two years (period during which users are identified again after viewing the websites)
- Data collected by Matomo is not stored by Finnova for longer than 12 months
If cookies are disabled, it is possible that not all functions of the websites can be used.
Services of third parties
Microsoft Dynamics 365 Marketing
Vimeo live streaming and webinar platform
We use the services of the Vimeo live streaming and webinar platform for webcasts and webinars. The Vimeo live streaming and webinar platform is operated by the American company Vimeo.com, Inc. with headquarters in New York, NY 10011. We collect the following personal data from you for registration and participation in webcasts and webinars and consequently for the use of Vimeo's services:
- First name and last name
- Company or organisation name
- Email address
In the context of the implementation of webcasts and webinars, this personal data is transferred to Microsoft data centres in Switzerland as well as to Vimeo data centres and to processors in the USA commissioned by Vimeo. Processing of this personal data by Vimeo and by processors commissioned by Vimeo takes place on the basis of contracts between us and Vimeo, which include the Vimeo Enterprise Terms, the Vimeo Enterprise Data Processing Addendum, as well as the so-called EU standard contractual clauses (standard contractual clauses [processors] for the transfer of personal data to processors established in third countries which do not offer adequate level of protection), whereby compliance with the data protection requirements of both the FDAP and the GDPR is guaranteed.
Appropriate technical and organisational measures protect the websites against loss, destruction and manipulation, and against being accessed, modified or distributed by unauthorised persons.
Finnova stores the data collected from visitors to the sites and obtained through cookies or the input in contact forms on registration pages exclusively on its own servers in Switzerland, which are protected by suitable security measures.
The protection of internal company data is also of great importance to Finnova: Finnova employees and service providers appointed by Finnova in connection with the creation, operation and maintenance of the websites have been obliged by Finnova to maintain confidentiality and to comply with data protection regulations.
Social media plugins
No social media plugins are used on the websites.
Disclosure of data to third parties
Finnova only discloses personal data collected via the aforementioned channels, namely for the use of third-party services (see section 'Services of third parties', above) if (a) the data subject explicitly gives their consent, or (b) a legal obligation to do so exists, or (c) this is necessary for Finnova to enforce its rights, in particular in relation to claims from a contractual relationship.
Rights of data subjects
Users whose personal data we collect via the above-mentioned channels have the right to request, in writing and free of charge, information about the personal data relating to them that is stored when they visit the websites. Furthermore, data subjects have the right to have incorrect personal data relating to them corrected and to have their personal data deleted. However, information can only be provided, and requests for blocking and deletion can only be processed, by Finnova if the data subject identifies themself sufficiently and communicates to Finnova in writing the IP address(es) used when accessing the websites.
Persons whose personal data we process have the right to file complaints with a responsible supervisory authority for data protection. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Amendment of the data protection statement
Finnova reserves the right to amend this data protection statement at any time and therefore recommends that users of the websites read the data protection statement on a regular basis. Any amendments to the data protection statement will always be notified on the homepage of the websites with a link to this web page. The validity date of the data protection statement is indicated at the top of this page.
Contact addresses and responsibility
Data subjects and supervisory authorities can contact us by the following means:
By email to: firstname.lastname@example.org
By post to: finnova AG Bankware, Merkurstrasse 6, CH-5600 Lenzburg
Our data protection representative in the EU in accordance with Art. 27 GDPR is:
msg systems ag, Datenschutzbeauftragter, Robert Bürkle-Strasse 1, 85737 Ismaning/Munich, Germany
email to: email@example.com