‘Personal data’ means any information relating to an identified or identifiable natural person. A ‘data subject’ is a person whose personal data is processed, i.e., you as a user of Mindoo App. ‘Processing’ means any handling of personal data, irrespective of the means and procedures applied.
Mindoo App is subject to Swiss data protection laws as well as any applicable foreign data protection legislation, in particular of the European Union (EU), i.e., the General Data Protection Regulation (GDPR).
We have the following data protection representation pursuant to Art. 27 GDPR in the European Economic Area (EEA), including the European Union (EU) and the Principality of Liechtenstein as an additional point of contact for supervisory authorities and data subjects for enquiries in connection with the GDPR:
VGS Datenschutzpartner UG
Am Kaiserkai 69
Processing of personal data
We process personal data in accordance with Swiss data protection legislation, including, in particular, the Federal Act on Data Protection (FADP). Where and to the extent that the GDPR is applicable, we process personal data at least in accordance with one of the following legal bases:
- Art. 6 (1) (b) GDPR for the necessary processing of personal data in order to perform a contract with the data subject and to implement pre-contractual measures.
- Art. 6 (1) (f) GDPR for the necessary processing of personal data for the purposes of our legitimate interests, except where such interests are overridden by the fundamental rights and freedoms as well as by interests of the data subject. Legitimate interests in particular include our interest to be able to provide Mindoo App in a permanent, user-friendly, secure and reliable way and to advertise it when necessary, information security as well as protection against misuse and unauthorized use, the enforcement of our own legal claims and compliance with Swiss laws.
- Art. 6 (1) (c) GDPR for the necessary processing of personal data in order to fulfil a legal obligation to which we are subject under any applicable legislation of member states in the European Economic Area (EEA).
- Art. 6 (1) (e) GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest
- Art. 6 (1) (a) GDPR for the necessary processing of personal data with the consent of the data subject.
- Art. 6 (1) (d) GDPR for the necessary processing of personal data in order to protect the vital interests of the data subject or of any other natural person.
We process any personal data that is necessary in order to develop and provide Mindoo App. We process personal data for any duration that is required for the respective purpose or the respective purposes or by law. Any personal data whose processing is no longer necessary will be anonymized or deleted.
We may engage third parties, especially data processors, to process personal data. Such third parties include, in particular, providers whose services we use. We guarantee adequate data protection when engaging third parties to process personal data.
Third parties are located, in principle, in Switzerland as well as in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein. Third parties may also be located in other countries in the world or elsewhere in the universe, if their data protection legislation guarantees adequate data protection according to the Swiss Federal Data Protection and Information Commissioner (FDPIC) and, where and to the extent that the GDPR is applicable, according to the assessment of the European Commission, or if adequate data protection is guaranteed for other reasons, for example by an adequate contractual agreement, especially based on standard contractual clauses, or by an adequate certification.
Rights of Data Subjects
Data subjects, whose personal data we process, have the rights granted according to Swiss data protection legislation, including the right of access as well as the right to rectification, erasure and blocking of the personal data processed.
Where and to the extent that the GDPR is applicable, data subjects, whose personal data we process, may request a confirmation free of charge as to whether we process their personal data and, if yes, request access to information concerning the processing of their personal data, may have the processing of their personal data restricted, may exercise their right to data portability and may have their personal data rectified, erased (‘right to be forgotten’), blocked or completed.
Where and to the extent that the GDPR is applicable, data subjects, whose personal data we process, may revoke a consent given at any time with effect for the future and may object to the processing of their personal data at any time.
Data subjects, whose personal data we process, have the right to lodge a complaint with a competent supervisory authority, for example with the FDPIC in Switzerland.