Hoop Corporate Services SA

How we protect your data

We, Hoop Corporate Services SA (“Hoop”) respect your privacy and protect your personal data according to the applicable data protection laws. This is the Privacy Policy of Hoop. It is valid for all our websites, including

Hoop.swiss

Hoop.ch

with the associated subpages, as well as for our corporate presence on LinkedIn and YouTube. Access to our website is free, although some of our online services are restricted to certain users and require registration. Our online offers are not aimed at children, consumers or the general public.

Our websites are structured so that you can visit them without having to disclose any personal data. When you visit our websites, we ask you for your consent to certain data processing, which you can accept or reject.

If you decide to provide us with personal data, we consider it our obligation to handle this personal data very carefully and within the framework of the legal requirements.

This Privacy Policy is intended to provide you with comprehensive information about the data processing performed by us and applies to all data processing by Hoop, regardless of whether we receive your personal data online or offline and regardless of the communication channel (such as company website, other company websites on the Internet, by telephone, email, post, or personal contact).

Responsible parties

Hoop Corporate Services SA

Heiligkreuzstrasse 5

9008 St. Gallen

Switzerland

and

Via al Chioso 8

6900 Lugano

Switzerland

T +41 58 854 14 32

contact@hoop.ch

Insofar as Hoop processes personal data and the General Data Protection Regulation (“GDPR”) or another Regulation of the EU applies to such processing, we have designated as our representative in the EU:

Abacus Business Solutions GmbH

Mies-van-der-Rohe-Strasse 6 Tower 1 – 10. OG

80807 Munich

Germany

datenschutz@abacus.eu

If you have any questions about data protection, you may contact us at any time.

What is personal data?

Personal data is any information relating to the personal or material circumstances of an identified or identifiable natural person (“data”). This includes, for example, the name, address, telephone number, or email address. This term does not include anonymous data or information whose content does not indicate or suggest the identity or factual circumstances of an identifiable individual, such as the number of visitors to a website. There are also so-called special categories of data (“sensitive data”). This includes data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data to uniquely identify you, health data, or data concerning your sex life or sexual orientation. We will only process such data – if at all – with your explicit consent, unless another legal basis makes such data processing necessary.

Our data processing and your data

The content and information presented on our websites serve to provide you with general information about us as a company and about our HoopServices. While using our websites, it is possible that data may be disclosed by you or collected by us for certain purposes. Furthermore, as a company, we process data that you disclose to us or transmit to us in other ways, for example by mail, email, telephone, during a business transaction, or personal contact. Our data processing includes, for example, the collection, storage, transmission, deletion, and other processing of your data. Only data that is necessary and appropriate for the intended purpose will be processed. Our data processing is carried out for the purposes stated by us or for the purposes requested by you. Data processing outside of the intended purposes will only take place if we inform you accordingly and if a change of purpose is lawful.

In the following, we inform you about the individual data processing, its purpose, and its legal basis for us as a company.

Your contact information

You can provide your contact information and interest in our services in a contact form, an inquiry, through a personal contact during an event or web demo or contact us in other ways so that we or partners we select can contact you, inform you about HoopServices, conduct a web demo with you, or fulfil other offers. Furthermore, we store and process information that you select in lists and menus on our websites. When you send us an email, we save the content of the email as such, and the data that is generated when inquiries are sent to our email servers, such as sender and recipient IDs, time stamps and, if necessary, reasons for errors or rejections if the transmission of an email fails. If you wish to receive information material, you can also provide us with your email address so that we can send you the requested information by email with your consent. We use your data ourselves or provide it to the relevant companies. This is done within the framework of data protection and competition law requirements. We process your data based on legitimate interests. Processing is done both in your interest – you have contacted us – and in ours, to establish the satisfaction of all inquirers, if necessary to fulfil a contract with you, or to carry out pre-contractual measures. We will only process your data for the purpose of contacting you. Your data may be stored in our CRM system and in other technical systems. When using website forms, your data will be transmitted in encrypted form according to the current state of the art. You provide us with your data voluntarily, and only as much data as necessary is requested (mandatory data are marked with *). All other information is optional.

Forwarding of data to selected partners or companies of the Abacus Group

If we determine that we can only answer your enquiry satisfactorily with the support of another company in the Abacus Group or a selected partner, we may share your data based on legitimate interests or, if necessary, we will obtain your consent to share your data. Consent is given voluntarily and can be revoked at any time for the future.

For the fulfilment of our HoopServices in the context of our order processing for the Hoop customer, it is also necessary to pass on personal data of the parties involved (such as employees or representatives of the company) to certain authorities (such as the commercial register), notaries (such as a notary), providers of signature and signature validation solutions, secure messaging service providers for the transmission of data between the parties involved and financial service providers when companies are founded and companies are changed. A Hoop customer (such as a trustee/lawyer) can also be given access to your data as an authorised person. Such disclosure concerns the information required for the respective process (such as contact details, data for the commercial register such as name, date of birth, gender, any academic titles, place of origin or, in the case of foreign nationals, nationality, data from identity documents, bank account and credit card details, documents and forms as well as all data collected within the Hoop account and Hoop services for the specific process).

The notaries working with Hoop are registered in the Swiss Register of Notaries (UPReg) and can enter data offline or digitally. They check the documents received for accuracy and completeness and pass them on to the competent authority. The notary and the persons involved are subject to statutory confidentiality obligations for the provision of contractual services (such as the notarisation of documents).

Offers requiring registration and login

While providing our HoopServices, your visits of our websites or your use of our support, there is the possibility of using online offers that require you to register, authenticate, and log in. This applies in particular to the opening of a Hoop account, the use of our Hoop Services, but also to the execution of a web demo so that you can get a better picture of our services in the context of an online presentation, access in a support case, the registration for events, or the scheduling of an appointment. This involves providing and transmitting to us a variety of data resulting from the respective form or our queries. When using such a form, your data will be transmitted in encrypted form according to the current state of the art. You provide us with your data voluntarily, and only as much data as necessary is requested (mandatory data are marked with *). All other information is optional. Hoop is free to choose their authentication methods. The data to be provided results directly from the specific procedure used. You are required to choose strong passwords when choosing login credentials. You are responsible for the security of your login data and must not pass it on to unauthorised third parties. The processing of your data within the scope of our (registration and login required) offers is carried out with your consent when registering or logging in, based on our legitimate interest in providing you with the information necessary to use our services satisfactorily, to be able to contact us, and for the proper processing of an existing contractual relationship.

Registration and Hoop account login

Successful registration is required to open a Hoop account. The link sent to the e-mail address provided must be used for this purpose. When registering for a Hoop account, a DeepBox account (for the HoopBox) is also opened for the owner, which offers certain functionalities. The registration form must be completed in accordance with the requirements. As part of these processes, relevant data on the Hoop customer is transmitted between Hoop and DeepCloud AG as the provider of the DeepBox account and DeepServices. Details on data processing relating to the DeepBox account and DeepServices can be found in DeepCloud AG’s privacy policy: https://www.deepcloud.swiss/datenschutz/.

Hoop offers the Hoop account and various Hoop services as cloud-based software as a service. These are web-based software applications with different functionalities. The focus is on setting up companies, carrying out mutations and utilising further third-party services. Hoop provides forms and sample documents for this purpose, which must be completed with information. The Hoop customer is responsible for the data processing when using the Hoop account. Hoop is commissioned by the Hoop customer as a processor for the data processing that takes place.

The Hoop customer uses services from third-party providers such as DeepCloud AG for the HoopServices. These may include storage, signature and identification services that are commissioned separately by the respective parties and to which the data protection declarations of the respective third-party providers apply.

Sending messages with the HoopServices

We use the mail provider retarus GmbH, Bahnhofplatz 65, 8500 Frauenfeld, Switzerland, to send messages to Hoop customers (such as invoices, offers, system notifications). The current Privacy Policy of retarus is available on their website.

Additional services activated by the user

If additional services are used as part of the HoopServices from third-party providers, the respective user agrees to their terms of use and data protection and authorises Hoop to enable the necessary data processing, data access, and data exchange so that these additional services can be integrated and used for HoopServices. The responsibility for providing and processing the additional services and processing data when using said services (including the payment and account information processed via these services) does not lie with Hoop.

If the Hoop customer uses a company commissioned by him, such as a trust company, a corporate or legal consultancy, to use the Hoop services, he shall grant this company access to his HoopBox so that the necessary data processing and data synchronisation can take place. The Owner is responsible for granting and restricting or revoking the fiduciary’s and also authorized users’ access rights to its data and whether they engage in lawful data processing activities within HoopBox. HoopServices contains the option of connecting to services of different payment providers such as banks or payment service providers. Hoop merely provides the interface to these third-party providers for a data exchange so that the executed transactions can be triggered. Data is exchanged between the parties involved to carry out the transaction. An application-relevant ID is used together with additional access data to the respective party for unequivocal attribution. This can be bank or payment-specific data such as account information, IBAN, or the credit card number. Each party involved is responsible for the data processing taking place in its area of responsibility and for the security of the data in accordance with the agreed provisions. The responsibility for providing and processing the additional services and processing data when using said services (including the payment and account information processed via these services) does not lie with Hoop.

Commissioned data processing and commissioned service providers

The content stored in DeepBox is processed within the framework of the existing contractual relationship with the Hoop customer. We process this data within the framework of commissioned data processing with the Hoop customer. A commissioned data processing agreement is entered into with us for the use of the Hoop account. The contents of the Hoop account are stored in Switzerland. If we engage commissioned service providers in the EU (for example in Germany) for certain services, then we aim to arrange server solutions in Switzerland. Should it nevertheless become necessary for our commissioned service providers to process data in the EU (for example in a support case), the EU offers a level of data protection that is adequate for Switzerland. If we use commissioned service providers ourselves as controllers, we endeavour to process data in Switzerland. In special cases, we may require the services of service providers who provide their services outside Switzerland. In such cases, we try to commission service providers in a country that has a level of data protection appropriate for Switzerland. Otherwise, we ensure with suitable guarantees such as standard data protection clauses or upon your consent that a legally compliant data transfer can take place. In any case, our commissioned service providers are carefully selected and commissioned. They are bound to our instructions and are regularly monitored. Only such data is transmitted that is necessary for the provision of the respective service.

Registration for a Webinar via Zoom Events

On some of our websites you can schedule an appointment with us on certain topics. To do this, select the topic that interests you from a variety of options and specify a date. To set up the appointment, the form asks for your email address, your name, and the location of the meeting. Your company name and whether you are interested in other topics are optional. Before you complete the appointment, you can check and adjust your data again. We need this data to be able to plan and conduct the meeting with you. We use Zoom Events from Zoom Video Communications, Inc. Zoom), 55 Almaden Blvd, Suite 600, 95113 San Jose, California/USA, to register for and conduct the Webinar. Zoom process data in the USA so there is the possibility that data might also be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to ensure that further safeguards are provided such as entering standard data protection clauses or obtaining consent to commissioned data processing in order to ensure lawful data transmission.

Here you will find Zoom’s current privacy policy:

https://explore.zoom.us/de/privacy

Events

Registration and participation in an event

You can register for an event such as a course, workshop, forum, webinar, seminar, consultation, (online) event, training, or trade fair (“Event”) on our website. You can send your registration for an Event in writing by post or fax to the contact address given in each case or book participation in the event directly on our websites on the Internet or by telephone. The data provided by you will be stored by us and processed for the planning and implementation of the Event as well as for the follow-up support of the participants and, if necessary, passed on to our commissioned service providers. If you take part in an (online) event, a webinar or a survey, certain data such as your email address, name or the company you work for are required for the implementation of the (online) Event, the webinar or for the evaluation of the survey. In some cases, a survey is also conducted anonymously. Commissioned service providers are used precisely for the implementation of such events. We are happy to provide information about our commissioned service providers upon request. When participating in an Event, the General Terms and Conditions for Events apply. We reserve the right to publish your name, company and, if applicable, photo and company logo after an event (e.g. website, flyers, reports, company appearances in social media, etc.). We reserve the right to delete these publications at any time without giving reasons.

Participation in a sweepstakes

If participation in a sweepstakes is possible at an event, we process your data so that you can participate in the sweepstakes and a winner can be determined and notified at the end. We use your data within the scope of the sweepstakes based on your consent to participate in the sweepstakes. You can revoke this at any time with effect for the future. You can find more information on a possible revocation under “Your rights”.

Video and photo recordings

We reserve the right to take photos and videos during an event in which you may also be featured. These photos and videos will be used for our own purposes (e.g. use for company websites, flyers, reports or via newsletters, for company appearances in social media, information to participants via email, etc.) to report on, or document the event. If you are shown as part of a larger group of people or are merely an “accessory” to a building or location where you are not the focus of the shots, we may take these photos and videos based on our legitimate interests for the purposes described above. You can object to their use at any time. If you are portrayed as an individual or are the focus of any recording, we will seek your consent for such recording. You then have a right of withdrawal in relation to your consent. If photos and videos (sound and image) are taken of you, e.g. for testimonials, for giving presentations or training, for your support in improving or developing our services, this will be done with your consent. You can also revoke this consent at any time. Details can be found in the specific declaration of consent.

At some of our events, you can use a photo box. Photos of you will be taken with your consent. You use the shutter release and can then print the photo directly. Some photo boxes also allow the photo to be sent by SMS and/or e-mail. To do this, enter your own mobile number or email address. We use this information during or after an event to send you the photos and, depending on your consent, to contact you personally so that you can get to know our products and services better. Advertising is carried out within the framework of the existing legal requirements.

There is also the possibility that, with your consent, the photos will be displayed on our social media channels so that we can report on the event and its participants.

We use commissioned service providers, preferably in Switzerland and the EU, to offer a photo box and display photos on social media channels. They will only receive your data for the purposes described. They are carefully selected by us, are bound by our instructions and are monitored accordingly. If they process data abroad or also use providers abroad for their services, suitable guarantees will ensure that there is an appropriate level of data protection for your data. On request, we are happy to provide information about our commissioned service providers and the locations of data processing.

Your information will be stored and processed in accordance with the information provided and the intended purpose. As soon as the purpose of the data processing has been fulfilled, your data will be deleted promptly.

Online events and meetings

Many events and meetings are offered as online versions without a physical presence. This requires an invitation or registration, for which you will be sent an email with a participant link. There may be live presentations, video demonstrations and active information exchange. It is possible that we record an online event with sound and video and that participants can be heard and/or seen. These recordings are used exclusively for the company’s own purposes (e.g. use within a lecture or training series, webinars, for company websites, flyers, reports, for company appearances in social media, newsletters, information to participants by email), to report on it, to document it or to replay it. When participating in such an event, participants are set to “mute”, also, it is not necessary for the participant to activate their camera to send pictures of themselves. Sound and/or video activation is only carried out by the participant after their approval. By agreeing to this, the user gives their consent for sound and image recordings to be made of them if the online event is recorded. No sound or images are edited out afterwards. If the participant does not want to be recorded, they should not activate their audio and video functions throughout the event. It will still be possible to send questions to the moderator(s) via the chat function or in breakout rooms. These will be answered by the moderator(s) as far as possible during the event or in person. For the planning and implementation of such events and meetings (including the sending invitations and confirmations of participation, the analysis of the event or surveys relating to it) we use evenito AG, Limmatquai 122, 8001 Zurich, Switzerland. This is a service provider commissioned by us which receives your data for the purposes described above and which itself uses commissioned service providers for this purpose. We also use software solutions from Zoom Video Communications (“Zoom”), Inc, 55 Almaden Blvd, Suite 600, 95113 San Jose, California/USA and Microsoft Teams, Microsoft Corporation, One Microsoft Way, 8052-6399 Redmond, Washington, USA for meetings.

We use a Swiss server solution for MS Teams and an EU server solution for Zoom webinars.

However, data may still be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

Your application

On our website under “Jobs” and our company presence on LinkedIn, as well as on various job portals, you can find out about current vacancies at DeepCloud and to apply for them. Now, applications, including unsolicited applications, can be sent by email to contact@hoop.ch. Note that unencrypted emails are not protected against unauthorised access when they are sent. You can encrypt your attachments to the application yourself, for example with a ZIP solution and communicate the corresponding password separately (by telephone). If you apply for an advertised position by email, the data you provide (e.g. title, name, postal address, email address, telephone number, languages, earliest start date, your cover letter, and other data and documents you provide) will be stored to process your application. This is done to carry out pre-contractual measures with you in relation to possible employment as an employee.

Other data processing in the context of your application

If you provide references as part of the application process, we will assume that, where the data relates to an individual, you have obtained their consent for us to contact them and you consent to us obtaining the reference from that individual. If we ask for a reference, we will only contact them with your consent. Consent is given voluntarily and can be revoked at any time for the future. To get a better picture of your professional history, we may visit your professional profiles on LinkedIn and Xing. We process this publicly available job-related data about you in our interest to find out whether you fit the advertised position and our company. If you do not want this, you can let us know. We do not look at or process data from social networks or other websites that do not have a company or employment-oriented context.

Quality of your data when applying

The data you provide should be accurate, complete, not misleading, and up to date. Failure to do so may result in your application not being considered or appropriate legal consequences being drawn after you have already been recruited.

Storage period of your application

If the application procedure does not lead to a position being filled, your application will be deleted at the latest four months after completion of the application procedure, unless the data is needed to defend legal claims asserted against us from the application procedure (this is done on the basis of our legitimate interests), unless a different period is provided for by law or you have expressly consented to further processing of your data. If your application leads to employment, all data required for this will be processed within the framework of your employment relationship in accordance with the statutory provisions.

Recommendations and references

With your consent, we publish on our websites and other places (such as in our Newsletter) personal recommendations from you or references by photo, video or written statements as a satisfied customer or how to use our services. In some cases, we also use your company logo. This is done after you have given your consent. You can revoke your consent to this; details can be found in the specific declaration of consent.

Surveys about our services

We may conduct surveys on certain topics (e.g. to improve and expand our services). Your opinion is very important. A survey will help us determine customer satisfaction of current solutions and the needs of our customers. This is in our interest as well as yours when using our services. To do this, we send selected people an invitation email with the link to the survey, whereby we can receive your name and email address as part of our contractual relationship with the company for which you work. Participation in a survey is always voluntary and only takes place with your consent. By closing the browser, it is possible to terminate the survey at any time without any adverse consequences for you. We store and analyse the results of the survey based on legitimate interests to improve our services. We may also share the results of surveys with our business partners or prospects, but no personal information will be disclosed. As part of a survey, you also provide us with data such as your name, email address or the company you work for, as well as data resulting from the survey that you can provide (in a free text) within the survey. We use the survey tool MS Teams from Microsoft to conduct surveys.

Use of Hoop Support

Within the framework of existing contractual relationships, you have the option of contacting Hoop Support with support questions. You can contact us in various ways, for example by telephone or e-mail. The data processed is used to answer your support enquiry and is processed within the framework of contractual relationships. If no solution can be found, another option is to authorise access to your Hoop account via TeamViewer. We will inform you if a recording of the session or a print screen appears necessary and, if necessary, obtain your consent for this. You can refuse this consent directly or revoke it at any time. There will be no audio recordings. We use TeamViewer from TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen, Germany. If we have a support case with TeamViewer, TeamViewer Germany GmbH can also access our system. There is a possibility that data can be viewed by you. TeamViewer Germany GmbH is a service provider commissioned by us who is authorised to access your data for the purposes described above. It has been carefully selected and commissioned by us, is bound by our instructions and is regularly monitored. The data may also be processed outside Switzerland; TeamViewer Germany GmbH has contractually undertaken to offer an appropriate level of data protection for Switzerland by means of corresponding regulations.

The data processing that takes place during support is carried out with your consent when you register for a support session or use the respective support tools, based on our legitimate interests in providing our customers with the desired support and for the proper processing of contractual relationships.

We will delete your data in this regard if storage is no longer necessary, the purpose of the processing has been fulfilled, you have withdrawn your consent or you have objected to the processing, unless there are storage or documentation obligations to the contrary or further processing is justified, about which we will inform you.

Data processing when using our websites

We use the services of commissioned service providers in Switzerland for the purpose of designing and operating our website. If data is also processed outside Switzerland as a result, it is contractually ensured that a level of data protection appropriate for Switzerland is established, either through existing guarantees or through corresponding regulations. We are happy to provide information about our commissioned service providers upon request. Through this data processing, contact data, content data, usage data, meta data, and communication data are processed by us or our service providers on our behalf when you use our website. This is done based on our legitimate interests in the efficient and secure provision of our website, to protect against misuse and other unauthorised use, on the basis of a service requested by you or a contract to be concluded with you following an order by you or, in certain cases, following your consent.

Automatic collection of access data and server log files

Access data and server log files are collected for each access to the server on which a service used by us is located (so-called server log files). These include:

• the domain visited and the files accessed
• the IP address of the terminal device used
• date and time and duration of the visit
• website from which the access was made
• Operating system of the end device used
• the browser used for access as well as all information from the ‘user-agent’, which the browser transmits to the server
• extent of the transmitted data volume

We use this information based on the following legitimate interests:

• to view our website
• to ensure the stability and security of our website
• for statistical evaluations of our websites
• to improve our web presence
• for clarification work of support cases
• for the analysis of technical problems
• for safety-relevant clarifications
• in suspected cases of unlawful use (e.g. to clarify acts of abuse or fraud)

This information is stored for a maximum of 60 days and then deleted, unless its retention beyond this period is necessary for evidential purposes, such as for use as evidence before authorities or courts for unlawful use of our website. We will then exempt them from deletion until the respective incident has been finally clarified and may keep them until a legally binding decision or judgement has been reached. This information is stored in such a way that, as a rule, it cannot be assigned to any specific person by us, except if you register for a special offer on the website. As a matter of principle, the above-mentioned data will not be passed on to third parties, unless it is necessary for the pursuit of our claims, for the fulfilment of the intended purposes, after your consent or there is a legal obligation to do so.

Cookies and other technical means

Here we would like to inform you which cookies or other technical means such as web beacons, pixels, other tracking technologies (hereinafter “cookies”) are used when using our website. Cookies are small text files that are stored on your terminal device. They do not cause any damage to your end device and do not contain viruses. The data obtained in this way may subsequently be evaluated by us or third parties and merged with other data. As a rule, they serve to make the entire internet offer secure, more user-friendly and more effective, which is in both your and our interest. For some cookies that are not essential for technical storage or access to our website, or that are not used only to enable the use of a service you have explicitly requested, we will ask for your consent by means of a so-called cookie consent banner.

What are the basic cookies?

Our websites may use cookies from us or third parties to fulfil certain purposes (such as displaying our website, improving functionality, statistical web analysis, product optimisation, personalisation of content). The cookies we use are either session cookies (they are automatically deleted after you close your browser) or so-called persistent cookies (these remain stored on your end device until a specified expiry date). The following cookies are generally possible:

Necessary including preferences

Necessary cookies are required for the secure operation of our website, to enable us to transmit and display our website content to you, to enable you to navigate the website or to enable us to quickly identify and rectify technical problems. Preference cookies allow you to use the website more comfortably by remembering options you have chosen (such as a language choice) or providing functionality you have requested (such as remembering a choice or performing a function). These cookies do not require your consent, but their use is based on justifiable interests.

Statistics

These cookies allow statistics and analyses to be created, whereby pseudonymized or anonymized data is collected to gain knowledge about website usage, to improve our service or to quickly identify and solve technical problems.

Marketing

Enable the display of personalized content by recording and analysing your usage behaviour. This is also performed outside of our websites, as these cookies can follow you. Cookies from third-party providers are also used and (pseudonymised) data about your surfing habits are given to them for evaluation and further use.

Which cookies do our websites use?

You can find out which specific cookies are used on our websites by means of informative banners on the respective websites. If only functional cookies are used, we will inform you accordingly by means of a Cookies Consent Banner. If cookies, possibly also from third parties, are used that require your consent, we will obtain your consent in advance by means of a Cookies Consent Banner before activating these cookies. For information on the data processing of possible third-party providers whose cookies you can consent to when using our websites, please refer to their data protection declarations. Please note that you can set the common browsers in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages cookie settings. The help menu of each browser explains how you can change your cookie settings. We cannot guarantee that you will be able to access all functions of our websites without restriction if you do not allow cookies. We recommend that you regularly delete your cookies and browser history manually.

You have the option of changing your cookie selection at any time by using the function provided on the website.

You can also prevent the transmission of the data generated by cookies and related to the use of websites (including the IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link (see Google or Matomo opt-out plugin). The same procedure should then be followed on all the devices used. Please note that if all cookies are deleted, you will need to perform steps outlined above again to prevent the use cookies.

Details on the use of Matomo

Within the Hoop account and on Hoop websites, the web analytics service Matomo is used. Matomo makes it possible to analyse the use of the Hoop account and Hoop Services and to improve the respective functions. To this end, various data and information on usage and its users are collected during a visit. Possible data/information can be:

• Cookies
• User ID
• File downloads
• Location (country, region, city)
• Date and time of the visit
• IP address (in abbreviated form)
• Technical information about the browser and the end devices used (e.g. language setting, screen resolution)
• Referrer URL (via which website/advertising medium this website was accessed)
• URL and title of the website viewed
• URL of the previously viewed website
• Loading time of the pages
• User agent of the browser

Matomo uses cookies, which are stored on the end device and enable the use of the Hoop account and Hoop services to be analysed.

The information collected and generated is then stored and analysed in Switzerland. Matomo is used with the extension “AnonymizeIP”. This means that IP addresses are processed in abbreviated form, which means that they cannot be directly linked to a person. The IP address transmitted by the browser via Matomo is not merged with other data collected by Hoop. Hoop automatically deletes the data in Matomo 14 months after its collection, once a month. Matomo is an open-source project and is hosted on premise at Hoop. Further information and Matomo’s privacy policy can be found at https://matomo.org/privacy-policy/.

We have a legitimate interest in improving the user experience for you and other visitors based on the analysed data.

Details on the use of Mouseflow

We use Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. We have carefully selected this commissioned service provider, whose server location is in Denmark, which as an EU member state has an adequate level of data protection. There are no data transfers to other third countries (such as the USA).

Mouseflow is used to analyse our websites and their visitors and to improve our web presence. For this purpose, data is collected and stored for marketing and optimisation purposes. The data collected can be used to create pseudonymised user profiles. Cookies can be used to make this possible.

Selected individual visits (exclusively with anonymised IP addresses) are recorded and a log of mouse movements and clicks during the visit to the website is created. This protocol is used to derive potential improvements for the website. The data collected with Mouseflow will not be used to personally identify visitors and will never be merged with personal data about the bearer of the pseudonym without the visitor’s separate consent. The data processing described above is based on our legitimate interests in customising the website.

Further information on the purpose and scope of data collection and its processing can be found in Mouseflow’s privacy policy at: https://mouseflow.com/legal/visitor/. There you will also find further information on your rights and setting options to protect your privacy. You can deactivate the recording on all websites that use Mouseflow globally for the browser you are currently using at any time by clicking on the following link: https://mouseflow.com/opt-out/.

Data processing by Google

GoogleTag Manager (a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google” as the controller in the EU, the EEA and Switzerland) is used on our websites. That way, it is possible to manage website-tags. Tags are little pieces of code on the website that facilitate using Google’s implemented services. No data is processed by Google Tag Manager alone, but it does allow cookies to be set.

In addition, Google Analytics (“GA”), Google Fonts, and Google Signals (which are likewise Google services) are also used on our websites. GA enables cookies to be set with the aim of analysing the use of our websites by the user and improving their functions. Google Fonts are fonts that are provided by Google. These fonts are hosted in Google’s cloud, so there is a possibility that data such as the IP address may be transmitted to the USA when you visit the website. Google Signals collects additional information about Users who have activated personalized displays (interests and demographic data). This allows shipping displays to such Users in cross-device remarketing-campaigns. To that purpose, various data and information about the usage and its Users are collected and generally sent to a Google server in the USA, where that data is stored.

Hoop uses Google Analytics exclusively with the extension “anonymizeIp(),” which is designed to prevent any direct personal reference. That extension is used by Google to truncate the IP address within EU Member States or other Contracting States to the EEA Agreement. Only in exceptional cases is the full IP-address sent to a Google server in USA and truncated there. According to Google, the IP address sent by the browser within GA will not be combined with other Google data.

During a visit, User behaviour is recorded in the form of “events”. Events can be:

• Page views
• First visit to the website
• Start of the session
• Websites visited
• “Click path”, interaction with the website
• Scrolls (whenever a user scrolls to the end of the page (90%))
• Clicks on external links
• internal search queries
• Interaction with videos
• File downloads
• Viewed / clicked adverts
• Language setting
• Approximate location (region)
• Date and time of the visit
• IP address (in abbreviated form)
• Technical information about the browser and the end devices used (e.g. language setting, screen resolution)
• Internet provider
• Referrer URL (via which website/advertising medium this website was accessed)

Google uses this information to analyse the pseudonymous use of a user and to compile reports on activities.

Recipients of the data are/may be

• Google Ireland Limited (cf. above)
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

This is an American company, so there is the possibility that data might also be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try whenever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

We automatically delete the data within the scope of Google Analytics after 14 months of its collection, once a month.

The storage of cookies can be disabled by the corresponding setting in the browser-software. In such a case, however, it is possible that not all functions of our website can be used to their full extent. You can also prevent the transmission of the data generated by the cookies and related to the use of websites (including the IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link. The same procedure should then be followed on all the devices used.

The current link is https://tools.google.com/dlpage/gaoptout?hl=de

Please note that if all cookies are deleted, you will need to perform steps outlined above again to prevent the use of cookies.

Further information from Google can be found directly on their website, Google’s privacy policy can be found at https://policies.google.com/privacy?hl=de.

ReCAPTCHA from Google

To protect our systems from bots and possible spam, we have integrated reCAPTCHA from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 5, Ireland) on certain registration and login forms. This allows us to distinguish whether we are receiving a registration or login from a human or whether there is improper processing by an automated, machine program (e.g. a bot). For this purpose, certain entries are required before registration or login so that verification is possible. In addition, your IP address and, if applicable, other data such as the website that you visit with us and on which reCAPTCHA is integrated, the date and the time spent on our website, the identification data of the browser and operating system type, your Google account if you are logged into Google, mouse movements on the reCAPTCHA areas as well as the tasks in which you identify images are also required by Google for reCAPTCHA. They are sent to Google and processed by them. The analysis starts automatically as soon as you open the website with reCAPTCHA. We use reCAPTCHA from Google to ensure the security of our systems, as data and documents uploaded via a form are stored directly in our systems. If we did not install such a security tool, bots would be able to log on to our systems unhindered. This is how we protect ourselves from unwanted and dangerous automated calls. It is in our legitimate interest to protect our system security. Further information about reCAPTCHA or Google can be found directly on their websites, Google’s privacy policy can be found at: https://policies.google.com/privacy?hl=de.

Google Maps

We integrate the maps of the “Google Maps” service (a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, “Google”). This allows us to show you an interactive map directly on the website so that you can use the map function conveniently. Simply by visiting the website with the Google Map, Google receives information from your IP address that the corresponding subpage has been accessed. Other access data and log files are also transmitted. Data processing takes place regardless of whether you have a user account and are logged in to it. If you are logged in, your data will be directly assigned to your user account. We recommend that you log out regularly after using such a platform, as this will prevent it from being assigned to your profile.

Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customised website design. Such an analysis is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users of the network about the activities of users. You have the right to object to the creation of these user profiles, whereby you must contact Google directly to exercise this right.

As a user of Google Maps, you are bound by the terms of use displayed when using Google Maps, including Google’s privacy policy. These documents provide you with further information on the purpose and scope of data collection and processing by Google by clicking on the map section. It also contains further information about your rights and the settings options for protecting your privacy vis-à-vis Google.

Google LLC. as the parent company of Google is an American company, so there is the possibility that data might also be processed in the U.S. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

Further information from Google can be found directly on their website, Google’s privacy policy can be found at https://policies.google.com/privacy?hl=de.

Use of Cloudflare

We use the DNS service and the Content Delivery Network (CDN) of Cloudflare (Cloudflare, Inc. 665 3rd St. #200, San Francisco, CA 94107, USA) to provide our websites quickly and securely. The information transfer between your browser and our website is routed via the Cloudflare network. In this way, Cloudflare can analyse the data traffic between you and our websites to detect and ward off attacks on our website, for example. This is in our legitimate interest to provide our websites securely. Cloudflare collects statistical data about visits to our websites: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, visitor’s operating system, referrer URL, IP address and requesting provider. This data is used for statistical evaluations for the purpose of the operation, security and optimisation of Cloudflare’s offering.

Further information and Cloudflare’s privacy policy can be found at https://www.cloudflare.com/de-de/privacypolicy/

Cloudflare is an American company, so there is the possibility that data might also be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

Newsletter and promotional information

In the following, we will show you how we would like to inform you in terms of advertising.

Newsletter

With us you have the possibility to subscribe to a newsletter. In the following we explain the procedure involving newsletters.

Content of the individual newsletter: We only send e-mails with advertising information (hereinafter “newsletter”) with your consent or if you are our customer and you have not exercised your right to object. Our newsletters contain information about our services.

Automated processing: Web beacons are used in our newsletters. These are small, unrecognisable embedded images or objects (such as clear GIF, pixel tags and single pixel GIFs) that return information from you after you open the email you receive. In this way, we can measure success to compile statistics for the popularity of our offer. It also allows us to evaluate your user behaviour accordingly. We also store information about the browser you are using and the settings you have made in the operating system you are using, as well as information about the internet connection you are using to access our website. Through the newsletter sent to you, we receive, among other things, receipt and read confirmations as well as information about the links you have clicked on in our newsletter. Through this data processing (performance measurement), we aim to align our advertising approach to your interests and optimise our information on our website.

Consent: The dispatch of the newsletter and the associated performance measurement is based on your consent when registering for the newsletter.

Registration procedure and logging: To ensure that no one can register with other people’s email addresses, you will receive an email asking you to confirm your registration. This confirmation is necessary to receive the newsletter. If the registration is not confirmed within 4 days, the information will subsequently be deleted. Registrations for the newsletter are logged to be able to prove the registration process in accordance with the legal requirements and to clarify any possible misuse of your data. This includes storing the time of login and confirmation as well as the IP address. Changes to your stored data are also logged.

Login data: To subscribe to the newsletter, all you need to do is enter your email address. Optionally, you can enter a name for the purpose of a personal address in the newsletter.

Revocation: You can stop receiving a newsletter at any time, i.e. withdraw your consent, by sending an email to contact@hoop.ch and clicking on the unsubscribe link in the newsletter or through the contact details provided in the Imprint. You will find a corresponding link for revocation at the end of each newsletter.

Storage after revocation: We may store unsubscribed email addresses for up to three years to prove consent was previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. Your data will only be used for other purposes after you have withdrawn your consent if you have expressly consented to this or if further processing is justified, about which we will inform you.

Marketing measures by email to existing customers

If we have received your email address from you in connection with the provision of a service and you have not objected to its subsequent use, we reserve the right to use your email address for direct advertising for our own similar services already purchased. After considering our interests, these marketing measures serve our legitimate interests in providing promotional information to our existing customers. The prerequisite is that we inform you when collecting the e-mail address and each time it is used that you can object to its use at any time.

Commissioned service providers for marketing measures

Marketing measures by email can be carried out by commissioned service providers. For this purpose, your data such as name and email address will be passed on. We use the service mailXpert GmbH, Schulstrasse 37, 8050 Zurich, among others, to send newsletters.

The data required for this is transferred to a server at mailXpert GmbH with a server location in Switzerland. Newsletters are sent with your consent or based on our legitimate interests in providing our existing customers with promotional information. Further information and the privacy policy of mailXpert GmbH can be found at: https://www.mailxpert.ch/datenschutz.

We are happy to provide information about our other commissioned service providers upon request. You can object to marketing measures at any time by sending an email to contact@hoop.ch by clicking on the unsubscribe link in the email or by contacting the contact details given in the imprint. You will find a corresponding link to the opting out at the end of each such email.

Telephone and postal advertising

We reserve the right to use your first and last name as well as your telephone number and postal address for our own advertising purposes to be able to send you interesting offers about us, our services or events organised by us by telephone or by post. Telephone advertising is only carried out with your presumed consent. After considering our interests, the advertising approach by letter serves our justified interests in addressing our customers and potential interested parties. We will check and respect a possible advertising objection (e.g. through a star entry in public telephone directories) in advance. Promotional letter mail can be processed and sent by a commissioned service provider. For this purpose, we will pass on name and address data to them. We are happy to provide information about our commissioned service provider upon request.

Objection to advertising information and revocation of consent

You can revoke your consent to be contacted for advertising information or object to the storage and use of your data for the above-mentioned purposes at any time by sending a message to contact@hoop.ch or by contacting the contact details given in the imprint. Your contact data (e.g. from the newsletter) will then be deleted (except for “Storage after cancellation”). Further processing of your data remains possible insofar as its use is further permitted or permitted by law.

Transfer of data for advertising information

Your contact details may be passed on to partner companies such as those from of the Abacus Group in Switzerland or Germany as well as to solution partners. Promotional information will be carried out within the framework of legal requirements. If you have given your consent, where necessary, to receive advertising information (e.g. by newsletter) and to your personal data being transferred to a solution partner, this data may be used by the authorised party for the corresponding advertising information.

Our company presence on LinkedIn

We maintain a company presence on LinkedIn and there are links to our LinkedIn company presence on our websites. There we can see all the information that visitors voluntarily provide to our corporate presence on this platform by either liking one of our posts or posting a comment.

Your data will also be processed if you communicate with us within this platform, e.g. write articles on the various online presences or send messages. In addition, we are provided with statistical data of the visitors to our company website in our administrator account. This includes data evaluating visitors’ interactions with our respective posts, a follower demographic and its origin, as well as web traffic and activity on our corporate presence on the platform. We are not able to view any personal data of the visitors, but only general data without any personal reference. Further data processing carried out by the platform operator during your visit to the platform is not subject to this Privacy Policy, but to its own Privacy Policy. Nevertheless, we check our company presence on this platform at regular intervals for possible violations of the law to be able to take immediate action. We have no influence on the data collected and data processing operations by a platform operator. It stores the data collected about you as a usage profile and uses this for the purposes of advertising, market research, and/or designing the website to meet your needs. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the network about your activities on our website. You have a right to object to the creation of these user profiles, whereby you must contact the platform operator directly to exercise this right. Data processing by the platform operator after use of a link on our website takes place regardless of whether you have a user account there and are logged in there. If you are logged in, your data will be directly assigned to your user account. We recommend that you log out regularly after using such a platform, as this allows you to avoid being assigned to your profile. For further information on the purpose and scope of data collection and processing, please refer to LinkedIn’s Privacy Policy. There you will also find further information on your rights and setting options to protect your privacy. LinkedIn: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA http://www.linkedin.com/legal/privacy-policy

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

LinkedIn is an American company, so there is the possibility that data might also be processed in the U.S. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

YouTube videos

On our website, we have partially integrated the YouTube video player from Google Ltd (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter “Google”) to offer YouTube videos for the presentation of editorial content on some of our websites, which are also stored on YouTube and can be played directly from our website. This is done for the optimal presentation of our services, which is in our legitimate interest.

To protect your data, these YouTube videos are integrated in “extended data protection mode” (YouTube nocookies). YouTube informs you that no information about visitors to this website is stored until they watch the video. However, this does not necessarily exclude the transfer of data to YouTube partners, such as those of the Google Double-Click network.

By visiting our website on which a YouTube video is embedded, Google at least receives the information that you have accessed the corresponding subpage of our website with the embedded video. In addition, information and data such as server log files, IP address and user agent are transmitted at the latest when the video is accessed. This takes place regardless of whether you have a YouTube user account through which you are logged in or whether no user account exists. If you are logged in, this data will be directly assigned to your user account.

When the video is accessed, YouTube uses various cookies and other tracking technologies. Google then stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customised website design. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of customised advertising and to inform other users of the network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google directly to exercise this right.

Further information from Google can be found directly on their website, Google’s privacy policy can be found at https://policies.google.com/privacy?hl=de.

As the parent company of Google, Google LLC. is an American company, so there is a possibility that data could also be processed in the USA. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

Vimeo Videos

We have embedded the Vimeo video player from Vimeo. (Vimeo, Inc. 555 West 18th Street, 10011 New York, U.S., hereinafter “Vimeo”) into some of our websites to present editorial content in the form of videos, which are also stored on Vimeo and can be played directly from our websites. This is done for the optimal presentation of our products and services, which is in our legitimate interest.

A connection to the Vimeo servers is established when you view one of these videos. In doing so, Vimo receives the information that you have accessed the corresponding subpage of our website containing the embedded video and the IP address. Vimeo is set up so that your user activities are not tracked, and no cookies are set.

Further information on the purpose and scope of data collection and processing can be found in Vimeo’s privacy policy. There you will also receive further information about your rights and setting options to protect your privacy: https://vimeo.com/privacy

Vimeo, Inc. is an American company, so there is a chance that data could also be processed in the U.S. The EU and Switzerland have adopted corresponding adequacy decisions with regard to the USA, following the conclusion of corresponding Swiss/EU-US Data Privacy Frameworks, so that data transfer to the USA is legally compliant following certification of these companies. In addition, wherever possible, we endeavour to conclude further suitable guarantees such as standard data protection clauses or consent is obtained for certain data processing in order to ensure legally compliant data transfer.

Links

Our websites may contain links to external websites of other companies outside Hoop. This Privacy Policy does not extend to the websites of these other companies. When using these websites, the data protection declarations of these companies must be observed as far as their data processing is concerned. Nevertheless, we check these websites at regular intervals to remove the link immediately in the event of possible infringements. If you have any indications of possible legal violations on the pages linked by us, we ask you to inform us so that we can stop a possible connection. If you click on such links, your data may be transferred to companies in countries outside Switzerland, the EU or the EEA that do not ensure an adequate level of protection for the processing of personal data. Please remember this before clicking on a link and thereby triggering a possible transfer of data.

Data processing within the scope of our business operations, its purposes and its legal basis

In the following, we would like to inform you about the data processing that we carry out as a company within the scope of our business operations.

What data is processed and where does it come from?

We process data from our employees, customers, suppliers, applicants, interested parties, other business partners, or third parties and their employees. This data is either provided by the data subject or the respective company itself, from third parties such as other business partners (e.g. customers, suppliers or other service providers), public authorities or from publicly accessible sources (e.g. public telephone, address and trade directories, public notices or databases, the Internet, trade, cooperative or association registers). The data provided by you or the relevant company, for example when making an enquiry, registering, obtaining a quote, entering a contract, completing a questionnaire or otherwise communicating with us, may be as follows:

• Contact details including full name, position, company, address, telephone, email address
• Master data in official documents in which you are mentioned (such as extract from the commercial register)

• Contractual data arising from pre-contractual measures or the fulfilment of a contract, including delivery data
• Payment data, including bank details, payment history, credit card data, debit card data, access data, as well as other data for smooth payment transactions
• Content data including entries in our CRM or project system, in contact forms, data of a communication made via email or another form of communication
• Registration data (such as username and password) when using offers requiring registration or login
• Data for the prevention of fraud, money laundering or other criminal offences
• All data in connection with an application or employment as an employee about the profession, the previous employer, the professional career including certificates and further training, all data that are provided or may be legitimately collected and processed in the context of an application procedure or employment relationship
• Sensitive data such as health data, which is only collected by us with the explicit, prior consent of the data subject, which can be revoked at any time, or where there is a legal obligation to process it
• Data on the company for which a person works
• Data as described above when using one of our websites
• Data obtained from other companies, authorities or publicly accessible sources, such as contact data (name, company, postal addresses, e-mail addresses, telephone numbers, publicly accessible data as shown in the commercial register) from credit agencies, which are used within the legal framework for advertising information; creditworthiness information; data from banks or insurance companies in connection with the fulfilment of a legal or contractual obligation; data from legal or official proceedings; references from previous employers or business partners;
• Data related to fraud and money laundering prevention or screening related to export restrictions
• Data from publicly accessible sources such as the internet, the press or public registers such as the commercial register

For what purposes is data processed and on what legal basis?

Data is processed for different purposes and based on different legal bases:

• Carrying out pre-contractual measures in the context of an application or in connection with the conclusion of contracts with customers or other business partners, such as when preparing an offer. Due to their function at the contractual partner, data of their employees is also processed, in which we have the legitimate interest of a successful business development
• Processing of employee data based on contract, legal obligation, given consent or legitimate interests
• Provision of contractual services and customer care in the fulfilment of contracts, implementation of contractual measures, payments and accounting, guarantee of contractual claims. Due to their function at the contractual partner, data of their employees is also processed, in which we have the legitimate interest of a successful business development
• Processing of contact requests based on the legitimate interest of customer satisfaction or pre-contractual measures
• Communication and exchange with the press due to our legitimate interest in successful business development
• Sending personalised newsletters, carrying out other marketing measures, sending Christmas mail/gifts as well as internal market and opinion research to provide customers in an advertising manner about our companies and services in order to increase sales after consent has been granted or in special cases due to justified interests in direct marketing within the framework of existing legal requirements
• Improvement of our online offers and services based on consent or legitimate interests in successful business development.
• Collection of data from publicly accessible sources based on legitimate interests for customer acquisition and expansion of our services.
• To establish, maintain and protect the operation and security of our IT, online offering, services and other offerings, based on legitimate interests to prevent potential security threats, criminal offences, or other adverse activities
• Video surveillance to safeguard domiciliary rights and damage prevention and other IT security measures to protect persons, intangible assets and tangible assets
• Compliance with internal policies or industry standards due to legitimate interests to comply with specified regulations
• Enforcing contracts, settling, asserting or defending legal claims in judicial or official proceedings based on our legitimate business interests
• Mergers, transfers, and acquisitions of companies, parts thereof or business divisions, as well as other transactions under company law, including the transfer of data based on legitimate interests of successful business development or after consent has been granted
• Provision of certain online services for the management of customers and business partners and communication in the context of the use of online services requiring registration (including orders, payments, document management, other information) based on legitimate business interests
• Examination of companies for possible cooperation based on our legitimate business interests

• Enabling participation in interactive functions of our online offer due to legitimate interests upon request
• Determination of winners of sweepstakes/competitions and, if applicable, publication of winners based on consent

• Obtaining references as part of an application procedure after consent has been given
• Verification of identity to be able to fulfil rights and obligations under data protection law, due to legal obligation
• Credit assessments based on (pre-) contractual relationships or after consent has been given
• Other data processing after consent has been given
• Fulfilment of legal obligations and due diligence for the prevention or investigation of criminal offences, economic crime or money laundering
• To fulfil the purposes which you specified when you provided the data or that we notified you of when we collected the data
• Legal protection, enforcement of our claims/defence against claims; due to legitimate interests in the protection of our rights, as well as the rights of persons associated with us (such as employees) or group companies

In addition, data from different sources are brought together, which can also be processed for the purposes listed above. This allows us to compare customer data with companies in the Abacus Group and manage it in a centralised system. For current and correct address data, we may match existing data with other sources, correct it if necessary and use it; this is due to legitimate business interests

Data transmission to foreign countries

As a company, we use various tools from companies in the U.S., whereby we take care to contractually agree storage locations in Switzerland or the EU with these companies wherever possible. Nevertheless, data may be sent to their servers in the USA during use or in cases of support. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies. In addition, we will try wherever possible, to provide further safeguards such as entering standard data protection clauses or obtaining consent to commissioned data processing to ensure lawful data transmission.

For data processed in a third country that lacks an adequate level of data protection, we provide suitable safeguards, such as entering standard data protection clauses (with adjustment of the necessary contractual and technical measures), to ensure lawful data transmission to foreign countries. We resort to legally permissible exceptions only in isolated cases, such as allowing data transmission to a Third Country that lacks an adequate level of data protection based on express consent by the data subject.

Time limits for the deletion or blocking of data

In principle, we process and store your data for as long as is necessary and permissible for the purposes for which we received the data. Specifically, this means that we will retain your data for as long as we have a (business) relationship with you or the company for which you work, when you use our website, when you are employed, when you send us newsletters, when we perform a contract or a continuing obligation, for as long as you have given us permission to store the data, for as long as any obligations exist or are owed to us, for as long as a particular legal situation requires, such as with regard to legal disputes, limitation periods or official investigations, or for as long as you were notified when the data was collected. In addition, legislation has provided for a variety of documentation and retention obligations and periods, so that if such a legal obligation for retention or documentation exists, we also store data – possibly limited – for a correspondingly long period of time. In Switzerland, for example, there are retention obligations under tax or commercial law of up to 10 years, as well as possible retention obligations of 30 years due to existing statutes of limitation, plus obligations under special laws. For this reason, an examination of the respective storage period takes place in each individual case for the corresponding data processing. After exercising your right of revocation or objection, after the stated purposes have been achieved or after the expiry of existing tax or commercial law, other legal or contractual documentation and retention obligations and periods, we delete or anonymise your data or, if permissible, restrict its processing, unless you have consented to the further use of your data or unless we have expressly reserved the right to use your data in a manner that goes beyond this, which is permitted by law or contract, and we will inform you accordingly.

Data security

If you use areas that require registration or login, you should store the login data carefully and protect it from access by third parties. If you log in from computers or other devices that are used by multiple people, please remember to properly log out after each session and close the browser window you are using. We take data security very seriously and treat your data confidentially and in accordance with the statutory provisions. To this end, we have taken technical and organisational measures to ensure a level of protection appropriate to the risk. These measures may include the pseudonymisation and encryption of data, security measures relating to the confidentiality, integrity, availability and resilience of systems, the ability to rapidly restore the availability of and access to data in the event of a physical or technical incident, and the regular review, assessment and evaluation of the effectiveness of technical and organisational measures to ensure the security of processing. That way, we provide your data with state-of-the-art protection against loss, misuse, change, destruction and unauthorized access. Our standard of security is constantly upgraded to the latest technological developments. Our employees and commissioned service providers are bound to confidentiality and act within the framework of our instructions. It is possible that emails are sent in unencrypted form (i.e. that they are immediately readable without any required prior decryption), especially if you cannot access encrypted emails yourself. Such unencrypted emails are exposed to a greater risk than encrypted emails, which is why we hereby expressly advise you not to send any confidential information such as application documents without encryption. When using website forms or in the context of email communication with us, your data will be transmitted encrypted according to the current state of the art when it is sent. Our website including the areas requiring registration and login are secured (https). Bear in mind that online security gaps can never be ruled out completely. We cannot guarantee 100% security of all systems, especially when using our websites. We assume no liability for wrongful actions by authorized third parties.

Decisions based solely on automated processing, including profiling

In the application procedure, data is used in the context of partially automated processing according to certain criteria to evaluate personal aspects of an applicant (profiling). We use these assessments to make a prediction of suitability for employment. However, the decision on employment is made by the respective line managers and employees in the HR department. As a matter of principle, when concluding a contract or executing it, no decisions are made exclusively based on automated processing which would produce legal effects against you, or which would significantly affect you in a similar way. We will inform you in advance if this should take place in individual cases and ensure that data processing is lawful.

Use of AI applications

We use AI applications in various areas to facilitate our work or for other purposes, such as to fulfil data security requirements (such as virus protection), to improve our software or services, to support the creation of software code, troubleshooting and troubleshooting, the creation of (advertising) texts and information, training videos, translations, the processing of support cases and their evaluation for future support cases.

We therefore use AI applications in our work, but they do not necessarily always process personal data. When we use AI applications, we pay attention to their legally compliant use and want to ensure the necessary transparency in their use. If an AI application supports us in our work, we use it in accordance with existing regulations and our values. We examine their use and possible negative consequences for those affected. We do not use AI applications that make decisions for us and could have a significant impact on an individual. We ensure that preparatory decisions made by them are always reviewed by a human. If an AI application used by us is in direct dialogue with people, we inform them of this in advance by means of a notice. We are and remain responsible for personal data, even if we use AI applications to support us.

Applicable law

It is possible that different law applies to certain data processing. It must therefore be examined on a case-by-case basis whether the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP) and Swiss national law or another foreign law, such as the GDPR (General Data Protection Regulation of the EU) and the national law of another country are applicable to data subjects. In each individual case, Hoop checks this and will carry out the data processing that takes place within the framework of the applicable legal requirements.

Your rights

You are entitled to the following rights about your data, insofar as we have been able to duly establish your identity and the respective conditions for this are met:

Right to information

Right of rectification

Right to erasure

Right to restrict processing

Right to object to processing

Right to data portability or transfer

Furthermore, you have the right to assert your claims in court and to complain to a data protection supervisory authority about the processing of your data by us.

We will comply with your request for deletion unless it conflicts with an obligation to retain data or we need the data to assert, exercise or defend our legal claims. You can revoke your consent to the processing of your data at any time for the future. Such a revocation shall not affect the lawfulness of the processing carried out based on the consent until the revocation. If we base the processing of your data on our legitimate interests or those of a third party following a balancing of interests, you may object to such processing. In such a case, we will review your objection and either stop or adapt the data processing or show you our compelling interests worthy of protection why we want to continue the processing. These must override your interests, rights and freedoms or the processing must serve the assertion, exercise or defence of legal claims.

Should we process your data to conduct direct advertising with it, you have the right to object to this processing of your data for the purpose of direct advertising at any time. This also applies to any profiling that may take place if it relates to such direct advertising. In such a case, we will stop this data processing.

You are not obliged to provide us with your data. However, it is possible that certain functions of our website will not be available or will only be available to a limited extent if you do not provide any data. Furthermore, it is possible that no contractual relationship can be entered into with you without the corresponding data.

If you have any questions about data protection or if you wish to exercise your rights, withdraw consent or object to data processing, please contact us using the contact details provided above under “Responsible party”. You can reach us at contact@hoop.ch

If you have any questions about data protection, you may contact us at any time.

Changes to this Privacy Policy, March 2025 version

This Privacy Policy is subject to periodic review and may be amended, if necessary, in the event of legal or technical changes or due to new or revised services, at any time with effect for the future without prior notice. For this reason, we ask you to read this Privacy Policy at regular intervals to be aware of possible changes.Änderungen zu erfahren.