Privacy Policy | Raydesk

Privacy Policy Raydesk

Welcome to Raydesk and our website and app at www.raydesk.co!

The protection of your personal data is of particular concern to us, which is why we only process personal data to the extent necessary.

Which data is required and processed for which purpose and on which basis depends largely on the type of service you are using or on the task for which we require it.

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by means of an association with an identifier such as a name, an identification number, location data or an online identifier.

For more information on which data is collected, for what purpose and on what basis, how to contact us and what rights you have with regard to the processing of personal data, please continue reading.

The processing of your personal data takes place only in strict accordance with of the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR).

The Controller

The responsible party for the processing of personal data, Raydesk GmbH, Weissbadstrasse 8b, 9050 Appenzell, Switzerland ("Raydesk", "we", "our" or "us"). You can reach us per email using contact@raydesk.co.

Your Rights

First of all, we would like to inform you about your rights as a data subject. These rights are standardised in Art. 15 - 22 GDPR. This includes:

The right to information (Art. 15 GDPR),
The right to erasure (Art. 17 GDPR),
The right to rectification (Art. 16 GDPR),
The right to data portability (Art. 20 GDPR),
The right to restriction of data processing (Art. 18 GDPR),
The right to object to data processing (Art. 21 GDPR).

To assert these rights, please contact us. The same applies if you have questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.

The Federal Data Protection and Information Commissioner (FDPIC) is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the FDPIC. We would, however, appreciate the chance to deal with your concerns before you approach the FDPIC so please contact us in the first instance.

Legal Bases for Processing

The processing of your personal data may be based on the following legal grounds:

Art. 6 (1) lit. a GDPR serves as our legal basis for processing operations where we obtain your consent for a specific processing purpose.
Art. 6 (1) lit. b GDPR, insofar as the processing of personal data is necessary for the performance of a contract, e.g., if you purchase a product. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in the case of enquiries about our products or services.
Art. 6 (1) lit. c GDPR, insofar as we are subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations.
Art. 6 (1) lit. d GDPR in the event that vital interests of you or another natural person require the processing of personal data.
Art. 6 (1) lit. f GDPR applies on the basis of our legitimate interests, e.g., when using service providers as part of order processing, such as shipping service providers or when carrying out statistical surveys and analyses and logging registration procedures. Our interest is directed towards the use of a user-friendly, appealing, and secure presentation as well as optimisation of our website, which serves our business interests as well as meeting your expectations.

How secure is your data?

We take appropriate technical and organisational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons and to ensure the protection of your rights and compliance with the applicable data protection regulations.

The measures taken are intended to guarantee the confidentiality and integrity of your data and to ensure the availability and resilience of the systems and services when processing your data on a permanent basis. They are also designed to quickly restore the availability of data and access to you in the event of a physical or technical incident.

Our security measures also include encryption of your data. All information you enter online is technically encrypted and only then transmitted. This means that this information cannot be viewed by unauthorised third parties at any time.

Our data processing and security measures are continuously improved in line with technological developments.

Our employees are, of course, bound to confidentiality in writing (data secrecy).

What is my data used for?

We store and use (process) the personal data you provide to us, such as name, email address, payment information, IP address, only for the purpose of,

to respond to your enquiries,
to provide you with our services,
to compile anonymous usage statistics,
to manage the customer relationship,
to carry out payment transactions
and to detect, prevent and investigate attacks on our website.

Your information will never be shared with third parties for marketing or other promotional purposes without your prior consent.

What is personal data?

Personal data is any information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR). This includes your address data, telecommunication data, registration data, order data, advertisement data, subscription data, financial data and application data, but also your IP address.

Data processing when using our service

Access to our website and app

Every time you use website and app (collectively the “service”), data is collected and exchanged that is required to use the service. These are:

IP address of the internet service provider
date and time,
the specific destination address,
name of the retrieved file,
amount of data transferred,
message as to whether the access/retrieval was successful.

When using our service, this data is also stored in log files on a server at our web provider beyond the time of the visit. We are authorised to process this data beyond the time of your visit on the basis of Article 6(1)(e) of the GDPR.

This data is analysed and used for statistical and security purposes, as well as for optimisation. Data logged when accessing the Service are only transmitted to third parties if we are legally obliged to do so. Data will not be passed on in other cases. Raydesk does not combine this data with other data sources.

To ensure the highest possible level of data security, your personal data is protected by us with the greatest care and with technological procedures such as SSL encryption. SSL stands for "Secure Socket Layer" and is an encryption method that is used successfully throughout the World Wide Web.

Use of cookies and similar technologies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. The primary purpose of a cookie is to store information about a user during or after their visit within an online service. Stored information may include, for example, language settings on a web site, login status, or where a video was watched. We also include in the term cookies other technologies that perform the same functions as cookies (e.g., where user details are stored using pseudonymous online identifiers, also known as 'user IDs'). For further information on cookies in general, please visit www.allaboutcookies.org and for specific info on the cookies we use please read our Cookie Policy.

Collection of personal data when contacting us

When you contact us, we store your data only for the purpose of responding to you and processing your request. The processing of your personal data is necessary for the purpose of dealing with your request.

If you contact us via e-mail, the processing of the transmitted (personal) data and the content (which may also contain personal data transmitted by you) is based on Article 6(1)(a) of the GDPR for the purpose of processing your request. Retention is carried out in accordance with the applicable time limits and the applicable retention periods.

If you contact us by post, the data you provide (e.g., surname, first name, address, telephone number, subject, e-mail address) and the information contained in the letter (any personal data you may have provided) will be stored and processed for the purpose of contacting you and dealing with your request.

When you watch our videos and video tutorials

On our website, we implement videos of the video portal "YouTube" of the company Google Inc.

Doing so, we use the "extended data protection mode" option provided by Google. When you call up a page that has an embedded video, a connection is established to Google's servers and in the process the content is displayed on the website by notifying your browser. According to Google's information, in "extended data protection mode" your data - in particular which of our Internet pages you have visited as well as device-specific information including the IP address - is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission.

If you are logged in to Google at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your YouTube account before visiting our website.

When opening a user account

We collect personal data when you are opening a customer account. This requires your Full Name, Email address, Company Name, Department. We use a double opt-in procedure (confirmation of your registration) to ensure that you agree to sign up. We use the data you provide to provide you access to your account and our services, your data will be blocked for further use and deleted after you have deleted your account and the retention periods under tax and commercial law have expired. The deletion of your customer account and update of your personal information is possible at any time and can be done either by sending a message to us or via a function provided for this purpose in the customer account. The legal basis for the processing is the performance of a pre-contractual and/or contractual measure on the basis of Art. 6 para. 1 p. 1 b) GDPR and your consent to the signup on the basis of Art. 6 para. 1 p. 1 a) GDPR.

We also use "Google reCAPTCHA" on our signup. The provider is Google Inc. The purpose of reCAPTCHA is to check whether the data input on our websites is made by a human being or by an automated programme, and reCAPTCHA also protects our users from SPAM when using the signup function. For this purpose, reCAPTCHA analyses the behaviour of the user on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. We have a legitimate interest in protecting our offers from abusive automated spying and our users from SPAM.

When using our desk sharing management app as a service user

If you get an invite to use Raydesk from your administrator, your data is first processed to set up a service user account. A service user account is required to use our desk sharing management app. If you use our desk sharing management app via your service user account, we transmit your data that is collected during the signup (Full Name, Email address, Company Name, Department) to the respective administrator of your company. This transmission requires your consent. The purpose of the transmission and processing of your data is to enable you to use the service offered by us. The legal basis for the processing is the performance of a pre-contractual and/or contractual measure on the basis of Art. 6 para. 1 p. 1 b) GDPR and your consent to the signup on the basis of Art. 6 para. 1 p. 1 a) GDPR.

When using our desk sharing management app as an administrator

In the app, your data is first processed to set up an administrator account. An administrator account is required to manage the desk sharing within your company and the respective users. If you use our desk sharing management app as an administrator, we transmit the data collected from you and your users to provide you with the functions of the app. This transmission is necessary and to enable you to use the service offered by us on basis of a contractual measure on the basis of Art. 6 para. 1 p. 1 b) GDPR. The data uploaded and processed by administrators during the use of Raydesk is subject to the concepts of controller and processor requirements as set out in Chapter 4 of the GDPR. For further details on the controller and processor relationship please refer to our Data Processing Terms.

When you use our Social Media Pages

We also process information that you have provided to us via our company pages on the relevant social media website. Such information may be the username used, contact details or a message sent to us. We regularly process this personal data only if we have previously expressly requested you to provide us with this data, for example as part of a survey. These processing operations are carried out by us as the sole data controller.

We process this data on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in contacting people who make enquiries. In addition, we may process such data for evaluation and marketing purposes. This processing is carried out on the legal basis of our legitimate interest and serves our interest in further developing our offer and informing you specifically about our offers. Further data processing may take place if you have consented or if this serves the fulfilment of a legal obligation. The sole controller of this processing of personal data is the relevant social media website.

When you send a data subject access request

The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.

The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.

Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.

You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion or object to its processing, please do so within your user account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.

Subscription Payments (Stripe)

Payment by credit card and SEPA direct debit is made via the payment service provider "Stripe", to which we pass on your mandatory details (e-mail address) provided during the registration process, together with information about your booked packages, in accordance with Art. 6 Para. 1 lit. b GDPR for payment processing. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe and only insofar as it is necessary for this purpose (data protection Stripe). Information on the service provider: Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland.

Hosting (Wix)

We use the services of the homepage provider Wix.com Ltd, Namal 40, 6350671 Tel Aviv, Israel. Hereinafter referred to as "wix.com". The registered office in Europe: Wix.com Luxembourg S.a.r.l., 5 Rue Guillaume Kroll, L - 1882 Luxembourg. Wix.com collects two types of data: personal data (which can be used to uniquely identify an individual) and non-personal data (which is not used for identification purposes). Wix.com collects such information about our users and visitors, as well as users of users and others who provide it to us. Wix.com may also collect, solely for and in the interest of our users, similar data related to visitors and users of our users' web sites or services. Wix.com collects and uses data to provide our services and make them better and safer, as well as to contact our visitors, users and job applicants, and to comply with legal requirements applicable to Wix.com.

Wix.com may store and process personal data in the United States, Europe, Israel or other jurisdictions - either itself or through our affiliated companies and service providers. The data storage providers with whom Wix.com works are contractually obligated to protect your data. Wix.com may also collect, process and store such data in other locations, including the United States.

Wix may collect and process data about our users. We do so solely on behalf of and at the direction of our users. Our users are solely responsible for their users of user’s data, including for its legality, security and integrity. Wix has no direct relationship with users of users.

We may share the data of our visitors, users and their users of users with various third parties, including certain service providers, law enforcement agencies and application developers. In doing so, the data may only be shared in accordance with this policy.

Newsletter

If you would like to receive the newsletter offered on the website, we require an e-mail address from you. We use a double opt-in procedure (confirmation of your registration) to ensure that you agree to receive the newsletter.

No further data is collected, or only on a voluntary basis. We use this data exclusively for the desired form of address in the newsletter and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent. You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.

The legality of the data processing operations already carried out remains unaffected by the revocation. Your data will only be stored for as long as is necessary to fulfil the purpose (sending the newsletter).

Electronic notifications

We send notifications, e-mails and other electronic notifications only with the consent of the recipients or with a legal permission. If the contents of a notification are specifically described in the course of registration, they are decisive for the consent of the users. In addition, our notifications contain information about our services and us.

In order to subscribe to our notifications, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name, for the purpose of personal address in the notification, or further details, if these are necessary for the purposes of the notification.

The registration for our notification is always carried out in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. The registrations for the notification are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the dispatch service provider are also logged.

We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove consent previously given. The processing of this data will be limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the e-mail address in a block list (so-called "block list") for this purpose alone.

The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

Notes on legal basis: The notification is sent on the basis of the recipients' consent. The registration process is recorded on the basis of our legitimate interests to prove that it has been carried out in accordance with the law.

The notifications contain a so-called "tracking pixel", i.e., a pixel-sized file that is retrieved from our server or, if we use a dispatch service provider, from their server when the notification is opened. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of the retrieval, are initially collected.

This information is used for the technical improvement of our notification on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the notifications are opened, when they are opened, and which links are clicked. This information is assigned to the individual notification recipients and stored in their profiles until they are deleted. The analyses help us to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The measurement of opening rates and click rates as well as the storage of the measurement results in the users' profiles and their further processing are based on the users' consent.

Security measures

We take appropriate technical and organisational measures in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk; the measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input of, disclosure of, assurance of availability of, and separation of, the data relating to them. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise.

Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR). The security measures include in particular the encrypted transmission of data between your browser and our server.

Transfer of data

Unless otherwise stated above, we do not disclose personal data to companies, organisations, or persons outside our company, except in one of the following circumstances:

a) data sharing with affiliated companies in the context of joint data maintenance.

Stream Radio stores and processes your data collected from you in the course of using our website services (candidate application; customer enquiry; the contact form) and visiting our website in a IT system that can only be accessed by Stream Radio Employees based on a strict need to know basis.

b) With your consent

As far as already described in detail above, but in individual cases also beyond that, we pass on personal data to companies, organisations, or persons outside our company if we have received your consent for this (Art. 6 para. 1 sentence 1 lit. a, if applicable in conjunction with Art. 9 para. 2 lit. a GDPR).

c) processing by other bodies

We make personal data available to other companies that are affiliated with us, as well as to our third-party business partners, other trusted companies or persons who process it on our behalf. This is done on the basis of our instructions and in accordance with our privacy policy and other appropriate confidentiality and security measures.

d) for legal reasons

We will disclose personal data to companies, organisations or persons outside our company if we can reasonably assume that access to this data or its use, storage or disclosure is necessary, in particular, to comply with applicable laws, regulations or legal procedures or to comply with an enforceable official order; the legal basis in this respect is Art. 6 para. 1 sentence 1 lit. c, if applicable, in conjunction with Art. 9 para. 2 lit. c, if applicable. Art. 9 para. 2 lit. b GDPR.

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "processing agreement", this is done on the basis of Art. 28 GDPR.

Google Cloud Platform (GCP)

We use the Google Cloud for hosting. For hosting in the Google Cloud (Google Cloud Platform, GCP), the Zurich, Switzerland region is used. However, the Google Cloud operates according to the principle of a multi-tenant environment, so that data is replicated between several geographically distributed data centres (data centre resilience).

A transfer of personal data to countries outside the EU takes place within the framework of hosting. The legal basis for this is the corresponding EU standard contractual clauses, see GCP model contractual clauses and further information on data protection in the Google Cloud at https://cloud.google.com/security/gdpr/resource-center/contracts-and-terms?hl=en.

Transfers to third countries

Since we are based in Switzerland, we process data outside the European Union (EU) but within the European Economic Area (EEA)). In this sense we are relying on the adequacy decision of the EU. If processing takes place outside the EEA this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. GDPR are met. This means, for example, that processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

Data Subject Access Request

For clarification, you have the right to request confirmation from us at any time as to what information we hold about you and to request that we amend, update, or delete that information. We may comply with your request in response. In addition, we have the following options: Ask you to confirm your identity, or ask you for more information about your request, and were permitted by law, refuse your request. (However, in this case we will explain the reasons for the refusal).

Deletion of data

The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated within the scope of this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

Obligation to provide personal data

You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for the provision of the above services. If you do not provide us with this personal data, we may not be able to provide the service.

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

Children Data

Our website is not intended for children, and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.

Authorisations and Access

We may request access or permission to certain functions from your mobile device, such as your permission to send notifications.

The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can deactivate push notifications at any time via Settings/Messages (iOS) or Settings/Notifications/ (Android).

Push notifications for advertising purposes will only be sent to you if you have given your prior consent. The legal basis for sending promotional push notifications is consent. Deactivation is also possible via Settings/Messages (iOS) or Settings/Apps/ (Android).

Automated decision-making

We do not use automated decision-making or profiling.

Do Not Sell My Personal Information

We do not sell information that directly identifies you, like your name, address or phone records.

Changes to the privacy policy

In the course of further development and the implementation of new technologies, changes to this privacy policy may become necessary. We therefore recommend that you read this privacy policy regularly.

Last updated: 03.03.2022

Privacy Policy Raydesk

​