This data protection declaration refers to the Internet site www.collaboard.app (hereinafter referred to as "Website") and describes which personal data (hereinafter referred to as "Data")
IBV Informatik, Beratungs und Vertriebs AG
8906 Bonstetten, Switzerland
Switzerland: +41 (44) 745 92 92
Germany: +49 (30) 577 076 850
(hereinafter referred to as "IBV", "collaboard.app" or "we") for what purposes and to what extent.
Collaboard is operated by various hosting providers and different terms apply depending on the hosting provider (Open Telekom Cloud, Microsoft Azure Cloud). It is noted in each case which hosting providers have different regulations. Depending on the data protection requirements, customers can choose the hosting provider that is relevant for them. Collaboard offers the following hosting environments.
Hosting with the Open Telekom Cloud (data storage in Germany, hereinafter "DE-hosting")
Hosting with Microsoft Azure Switzerland (data storage in Switzerland, hereinafter "CH-Hosting" or "EDU-Hosting")
Hosting with Microsoft Azure Holland (data storage in Europe, hereinafter "Global Hosting")
General information on data processing
Based on Article 13 of the Swiss Federal Constitution, the data protection regulations of the Swiss Confederation (Data Protection Act, DSG) and the EU-GDPR, every person is entitled to protection of his or her privacy and protection against misuse of his or her personal data. We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
In cooperation with our hosting providers, we make every effort to protect the databases as well as possible against unauthorized access, loss, misuse or forgery.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
By using this website, you agree to the collection, processing and use of data in accordance with the following description. This website can be visited without registration. Data such as pages called up or the name of the file called up, date and time are stored on the server for statistical purposes without these data being directly related to your person. Personal data, in particular name, address or e-mail address are collected on a voluntary basis as far as possible. The data will not be passed on to third parties without your consent.
Scope of the processing of personal data
As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of personal data of our users regularly only takes place with the user's consent. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.
Categories of personal data
The following categories of personal data can be collected, processed and used by us in connection with the use of the website:
- personal details, for example: First name, surname, date of birth, address, email address, telephone number, etc;
- Data from the fulfilment of our contractual obligations, advertising and contract data, documentation data or other comparable data;
- IP address of the user, information about the operating system, browser type, version and configuration, name of the Internet service provider, host name of the accessing computer, date and time of access and other relevant types of information that help to identify the type of terminal device of the user and enable a comfortable and secure data exchange with the user and the device. The data cannot be assigned to specific persons. The data is not merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.
- Contents of all communication via the website,
- URL and IP address of the website from which users visit our website or from which users are redirected to our website, including date and time.
We collect, process and use this personal data as far as necessary for the following purposes:
- For the administration, operation, maintenance and improvement of the website and the services offered on it;
- For the contractual services and service;
- For answering user inquiries and fulfilling their requests;
- For the implementation of pre-contractual measures, including for example advertising, and
- For the prevention of illegal use of the website.
Services subject to charges
In order to provide services that are subject to a charge, we will ask you for additional data, such as payment details, so that we can execute your order. We store this data in our systems until the legal retention periods have expired.
External payment service providers
External payment service providers are only used in Global Hosting. No external payment service provider is integrated in DE-Hosting and CH-Hosting.
Our website uses external payment service providers, through whose platforms the users and we make payment transactions. Our main service provider is stripe.com, a technology company that provides online payment processing solutions.
Here you can find more information about stripe's security and compliance:
Within the framework of the performance of contracts, we appoint payment service providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. b. EU-GDPR. Otherwise, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. f. EU-GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service providers include inventory data, such as name and address, bank data, such as account or credit card numbers, passwords, TANs and check and contract amounts and recipient-related information. This information is required to complete the transactions. However, the data entered is only processed by the payment service providers and stored by them. As operators, we do not receive any information about (bank) accounts or credit cards, but only information to confirm (accept) or reject the payment. Under certain circumstances, the payment service providers may transfer the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the general terms and conditions and data protection notices of the payment service providers.
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to check that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected. We use these data exclusively for sending the requested information and do not pass them on to third parties.
You can revoke your consent to the storage of your data, your email address and its use for sending the newsletter at any time, for example by clicking on the "unsubscribe link" in the newsletter.
When using DE-Hosting and CH-Hosting, no personal data is collected, stored or processed by Hubspot.
All collected, processed and stored data are treated confidentially by collaboard.app and IBV Informatik AG.
The data collected from you is processed and stored exclusively in Switzerland.
Certain usage data is linked to your person (e.g. after entry in a registration form) and stored in our CRM. This enables us to send you information and offers tailored to your specific interests.
Your personal information may also be transferred to HubSpot's servers in either Ireland or the United States. HubSpot is TRUSTe Certified for Enterprise Privacy. The infrastructure providers also hold ISO 27001, SOC2 Type II and many other certifications (AWS) (GCP). Because HubSpot is a U.S. stock exchange listed company, its key IT controls are regularly reviewed for compliance with the Sarbanes-Oxley Act. Public information about HubSpot's Sarbanes-Oxley compliance can be found in our SEC documents. Certified protection includes dedicated security personnel, tightly enforced physical access controls and video surveillance.
We use HubSpot to provide you with information and offers tailored to your needs. Accordingly, we have a legitimate interest within the meaning of Art. 6 para. 1 letter f) GDPR in this processing. The legal basis for the processing of your personal data by us in connection with the use of HubSpot is Art. 6 para. 1 lit. f) GDPR.
When using HubSpot, we store your personal data for as long as necessary to provide you with information and offers tailored to your needs.
You can object to the use of your data at any time, e.g. by sending an email to our email address.
Learn more about safety and reliability at HubSpot.
For the processing of your data we also use the cloud service Microsoft Azure (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA).
With Global Hosting, Microsoft servers in the Western Europe region are primarily used.
With CH-hosting and EDU-hosting, the user data will only be stored in Microsoft Switzerland's data centres in western and northern Switzerland in accordance with the architecture of Microsoft Azure
More information can be found here:
If you want an another solution (hybrid or On Premise), please contact us at firstname.lastname@example.org
Open Telekom Cloud
For the processing of data, we also use the cloud service Open Telekom Cloud of Telekom Deutschland GmbH, Landgrabenweg 151, 53277 Bonn, Germany.
DE hosting primarily uses the servers in the Open Telekom Cloud data centres in Germany. The data is therefore only stored in Germany.
You can find more information here.
When using DE-Hosting and CH-Hosting, no personal data is collected, stored or processed by Google Analytics.
We use Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to obtain anonymous usage statistics for marketing analysis, monitoring the malfunction of our product and further planning of processes to optimize and improve our services and software. The following data is collected: page views, registrations, logins, information on usage times and the terminal device used, recognition of returning visitors.
The information generated by the cookie about your use of the website is transferred to a Google server in the USA and stored there. Your IP address will, however, be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being stored and thus made anonymous. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
You can object at any time: http://tools.google.com/dlpage/gaoptout?hl=de
SendinBlue is used as a CRM system and for email marketing, marketing automation, segmentation, sign-up forms and retargeting to improve our platform.
You can find more information about Sendinblue privacy here.
For the comment function on this website, in addition to your comment, information on the time of the creation of the comment, your email address and, if you are not anonymously posting, the user name you have chosen will be stored.
- Storage of IP address: Our comment function stores the IP addresses of users who post comments. Since we do not check comments on our website before they are activated, we need this data to be able to take action against the author in case of legal violations such as insults or propaganda.
- Subscribe to comments: As a user of the site, you can subscribe to comments after logging in. You will receive a confirmation email to check if you are the owner of the email address you entered. You can unsubscribe at any time via a link in the info mails.
On this website functions of the service "YouTube" are integrated. "You Tube" is owned by google Ireland Limited, a company incorporated and operated under the laws of Ireland, with registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the Services in the European Economic Area and Switzerland.
Your legal agreement with YouTube consists of the terms and conditions set forth.
This website uses features of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. When you access our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. In the process, data is already being transferred to Facebook. If you have a Facebook account, this data can be linked to it. If you do not want this data to be linked to your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or clicking on a "Like" or "Share" button are also forwarded to Facebook.
More information here.
Functions of the Instagram service are integrated on our website. These functions are offered and integrated by Instagram Inc, 1601 Zillow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our sites with your account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.
This website uses features from Twitter Inc, 1355 Market St., Suite 900, San Francisco, CA 94103, USA. When you access our Twitter plug-ins page, a connection is established between your browser and the Twitter servers. Data is already being transferred to Twitter. If you have a Twitter account, this data can be linked to it. If you do not want this data to be linked to your Twitter account, please log out of Twitter before visiting our website. Interactions, in particular the use of a comment function or clicking a "Re-Tweet" button, are also forwarded to Twitter.
More information hier.
This website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stilrein Court, Mountain View, CA 94043, USA. Each time you access one of our pages that contains LinkedIn features, a connection to LinkedIn servers is established. LinkedIn is notified that you have visited our site using your IP address. If you use LinkedIn's "Recommend Button" and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our site with you and your account. We would like to point out that we, as the provider of these pages, have a thorough knowledge of the content of the data transmitted and how LinkedIn uses it.
This website uses SSL/TLS encryption for reasons of security and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Deletion of data
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or Swiss legislator in EU ordinances, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
Rights of data subjects
If personal data is processed, you are a data subject within the meaning of the GDPR or DSG (Switzerland) and you are entitled to the following rights:
Right of access to information
You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us. If such processing has taken place, you can request information from the person responsible about information pursuant to Art. 15 GDPR.
You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.Right of rectification
You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the correction without delay.Right to limit processing
You may request the restriction of the processing of personal data concerning you in compliance with Art. 18 GDPR.Right of cancellation ("right to be forgotten")
a) Obligation to delete
You may request the controller to delete personal data concerning you without delay and the controller is obliged to delete such data without delay if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based(2) pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a FADP, and there is no other legal basis for the processing.
(3) You object to the processing(3) pursuant to Art. 21 (1) DPA and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 (2) DPA.
(4) The personal data concerning you have been processed (4) unlawfully.
The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you has been collected in relation to(6) information society services offered in accordance with Art. 8 para. 1 GDPR.
b)Information to third part
If the controller has made public the personal data concerning you and is obliged to delete them pursuant to Art. 17 para. 1 DPA, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.
The right of cancellation does not exist insofar as the processing is necessary:
(1) on the exercise of the right to freedom of expression and information;
(2) in order to comply with a legal obligation to which the processing relates under Union or national law to which the controller is subject or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller
(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.Right to information
If you have asserted the right to rectify, erase or limit the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.
They have the right to be informed of these recipients by the person responsible.
- Right to data transferability
In compliance with the requirements of Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format.
- Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6, paragraph 1, letter e or f FADP.
- Right to revoke the declaration of consent under data protection law
You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.
- Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the DPA.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
General disclaimer of liability
All information on our website has been carefully checked. We make every effort to ensure that the information we offer is up-to-date, correct and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that we cannot guarantee the completeness, correctness and topicality of information, including journalistic and editorial information.
Liability claims arising from material or non-material damage caused by the use of the information provided are excluded, unless there is evidence of wilful intent or gross negligence.
The publisher can change or delete texts at his own discretion and without notice and is not obliged to update the contents of this website. The use or access to this website is at the visitor's own risk. The publisher, its clients or partners are not responsible for damages, such as direct, indirect, accidental, pre-determined concrete or consequential damages, which are allegedly caused by visiting this website and therefore do not assume any liability for them.
The publisher also assumes no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The content of linked sites is the sole responsibility of their operators. The publisher thus expressly distances itself from all third-party content that may be relevant under criminal or liability law or that is contrary to public decency.
The copyrights and all other rights to images, content, photos and other files on the website belong exclusively to the operator of this website or the specifically named rights holders. For the reproduction of all files, the written consent of the copyright holder must be obtained in advance.
In the case of a copyright infringement, you can make yourself liable to prosecution or compensation.
Bonstetten, 12.05.2020, updatet 29.04.2022.