General Terms and Conditions (GTC)

Version from August 2023

1. What is this privacy policy about?

In this Privacy Policy, we explain how we process personal data concerning you or other persons in the context of our business activities and in connection with our website. “Personal data” is all information that can be linked to a specific person, and “processing” means any handling of it, e.g. obtaining, using and disclosing it.

This Privacy Policy also applies to the processing of your personal data in connection with your application to Kitoko People by email and by post. You will therefore also find information on how we process personal data as part of the application process.

If you would like further information on our data processing, please contact us (Section 2).

2. Who is responsible for processing your data?

The following company is the “controller”, i.e. the entity primarily responsible under data protection law (“Kitoko People” or “we”) for data processing in accordance with this Privacy Policy:

Kitoko GmbH
Optingenstrasse 18
3013 Bern

If you have any questions about data protection, you are welcome to contact us at the following email address: hello@kitoko-people.ch

You may provide us with data that also relates to other persons. If you do so, we take this as confirmation that this data is correct. As we often have no direct contact with these third parties, we ask you to inform them about our processing of their data (e.g. by referring them to this privacy policy).

3. How do we process data in connection with our products and services?

If you make use of our products and services (together “services”), we process data for the preparation of the conclusion of the contract and for the performance of the corresponding contract:

We may advertise our Services

When we conclude a contract with you (in particular when you book a training course with us), we process data from the run-up to the conclusion of the contract (e.g. name, email, employer/company, telephone number, billing address and communication data) and information on the conclusion of the contract itself (e.g. date of conclusion and subject matter of the contract).

We also process personal data during and after the term of the contract. This applies, for example, to information on the receipt of services, but also to payments, data on the termination of the contract and – if there are any disputes in connection with the contract – also to these and corresponding proceedings. We use this data because we cannot process contracts without it.

In the case of contractual partners who are companies, we process less personal data because data protection law only covers the data of natural persons (i.e. people). However, we process data of the contact persons with whom we are in contact, e.g. name, contact details, telephone number and details from communication, and details of managers etc. as part of the general information about companies with which we work.

4. How do we process data in connection with an application?

If you apply to us and we assess your suitability for the employment relationship, we will process your personal data. You are not obliged to disclose this data to us.

We process the following personal data from you, insofar as it is or becomes known to us:

Master data and contact information: In connection with your application, we receive certain basic data that we require for the assessment, justification and possible execution of an employment contract, including communication with you. This includes, for example, your first and last name, home address, telephone number, e-mail address, date of birth and age, place of origin and nationality, gender, language skills, marital status, etc.;

Data in connection with your current position and the organisational framework conditions for possible employment: As part of your application, we receive or generate and process – in addition to the personal data and contact information (see above) – various other details about you, your current employment and the organisational framework conditions, e.g. information on the notice period of the current employment contract, data in connection with your position and your employment contract, professional achievements, your motivation, etc.;

Applications, professional background and training and further education: As part of an application, we receive details of your career, qualifications, training and other data, e.g. CV, details of certificates, diplomas, job references or confirmations, language skills, details of previous jobs and employers, references and their contact details, information from references, etc.;

Other data: It is possible that we process other personal data that we cannot list exhaustively here. We will inform you separately about the processing of such data if this is possible or if we are obliged to provide information.

We process the aforementioned data for various purposes in connection with your job application, in particular for the following purposes:

Data in connection with your current position and the organisational framework conditions for possible employment: As part of your application, we receive or generate and process – in addition to the personal data and contact information (see above) – various other details about you, your current employment and the organisational framework conditions, e.g. information on the notice period of the current employment contract, data in connection with your position and your employment contract, professional achievements, your motivation, etc.;

Checking application documents and the suitability of a job applicant, e.g. assessing suitability for a specific position with us for which you apply by e-mail or for which we enquire about you, assessing suitability for other jobs or positions at Kitoko People, including checking or re-checking documents, checking references;

Preparation and conclusion of employment contracts, e.g. drafting, negotiating and concluding the employment contract;

5. How do we process data in connection with our website?

Every time you use our website, certain data is collected for technical reasons and temporarily stored in log files (log data), in particular the IP address of the end device, information about the Internet service provider and the operating system of your end device, information about the referring URL, information about the browser used, date and time of access, and content accessed when visiting the website. We use this data so that our website can be used, to ensure system security and stability and to optimise our website, and for statistical purposes.

Our website also uses cookies, i.e. files that your browser automatically saves on your end device. This enables us to recognise individual visitors, but generally without identifying them. Cookies may also contain information about the pages accessed and the duration of the visit. Certain cookies (“session cookies”) are deleted when the browser is closed. Others (“persistent cookies”) remain stored for a certain period of time so that we can recognise visitors on a subsequent visit.

You can configure your browser settings to block certain cookies or similar technologies or to delete cookies and other stored data. You can find out more about this in the help pages of your browser (usually under the heading “Data protection”).

These cookies and other technologies may also originate from third-party companies that provide us with certain functions. These may also be located outside Switzerland and the EEA. For example, we use analytics services so that we can optimise our website. Cookies and similar technologies from third-party providers also enable them to target you with personalised advertising on our websites or on other websites and social networks that also work with this third party and to measure how effective advertisements are (e.g. whether you have reached our website via an advertisement and what actions you then perform on our website). The relevant third-party providers can record the use of the website for this purpose and combine their recordings with other information from other websites. This allows them to record user behaviour across multiple websites and end devices in order to provide us with statistical analyses on this basis. The providers can also use this information for their own purposes, e.g. for personalised advertising on their own website or other websites. If a user is registered with the provider, the provider can assign the usage data to the person concerned.

The most important third-party provider is Google. You can find more information on this below. Other third-party providers generally process personal and other data in a similar way.

Google Analytics is a web analytics service provided by Google LLC (USA). Google Analytics uses cookies and other technologies to collect data about the behaviour of users of our website and their end devices, in particular the IP address of the end device, screen size, device type, information about the browser used and the location (country only) and language setting of the browser. This information is usually transferred to a Google server in the USA and stored there. We use Google Analytics to analyse and improve the use of our website. We use the “IP anonymisation” function to anonymise the IP addresses of users. The information generated by the cookie about your use of our website (including your IP address) is usually transferred to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

Google. You can find more information about Google Analytics and data protection at Google at https://policies.google.com/privacy

6. Online newsletter

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data (e.g. surname, first name or specific interests) are not collected or are only collected on a voluntary basis. This also applies if you receive our newsletter by means other than via our website. We use this data exclusively for sending the requested information via Mailchimp. Further information on this can be found in the relevant section.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR/Art. 13 FADP). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the cancellation. The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

7. Mailchimp

The newsletter is sent via email using “Mailchimp”, an email marketing platform of the US provider Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308, USA. Your email address and any data described in this notice will be stored on Mailchimp’s servers in the USA. Mailchimp uses this information to send and analyse the newsletter on our behalf. Furthermore, Mailchimp may, according to its own information, use this data to optimise or improve its own services. Mailchimp does not use the data of our newsletter recipients to write to them itself or pass it on to third parties.

Mailchimp is certified under the US-EU Privacy Shield data protection agreement and undertakes to comply with EU data protection regulations. We have also concluded a data processing agreement with Mailchimp. This is a contract in which Mailchimp undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection regulations and, in particular, not to pass it on to third parties.

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the Mailchimp server when the newsletter is opened. As part of this retrieval, technical information about the browser or email client as well as your IP address and the time of retrieval are initially collected. This information is used to improve the services for specific target groups and to measure the results of our e-mail mailings.

The statistical surveys also include determining whether the newsletters have been opened, when they were opened and which links were clicked on. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our nor Mailchimp’s intention to monitor individual users. The evaluations serve us much more to recognise the reading habits and interests of our users in order to be able to optimise or adapt our email distribution and/or content accordingly.

There are cases in which we direct newsletter recipients to the Mailchimp websites. For example, our newsletters contain a link that newsletter recipients can use to access the newsletter online (e.g. in the event of display problems in the email programme). Newsletter recipients can also correct their data, such as their email address, at a later date. Mailchimp’s privacy policy is also only available on their website.

In this context, we would like to point out that cookies are also used on Mailchimp’s websites and that personal data is therefore processed by Mailchimp, its partners and the service providers used (e.g. Google Analytics). We have no influence on this data collection. Further information can be found in Mailchimp’s privacy policy. How do we process data via social media?

We operate our own company presences on social networks and other platforms (LinkedIn, Instagram, Facebook, TikTok, Podbean). If you communicate with us there or comment on or disseminate content, we collect data that we use primarily to communicate with you, for marketing purposes and for statistical analyses. Please note that the provider of the platform also collects and uses data (e.g. on user behaviour) itself, possibly together with other data known to it (e.g. for marketing purposes or to personalise the platform content). If we are jointly responsible with the provider, we will enter into a corresponding agreement, which you can find out about from the provider.

8. Hubspot

We use HubSpot for our online marketing activities. This is an integrated software solution that we use to cover various aspects of our online marketing.

These include, among others:

Content management (website and blog)
Email marketing (newsletters and automated mailings, e.g. to provide downloads)
Reporting (e.g. traffic sources, hits, etc. …)
Contact management (e.g. user segmentation & CRM)
Landing pages and contact forms
Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information.

This information and the content of our website are stored on the servers of our software partner HubSpot. It can be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected solely to optimise our marketing.

HubSpot is a software company from the USA with a branch in Ireland.
Contact us:
HubSpot
2nd Floor 30 North Wall Quay
Dublin 1, Ireland,
Telephone: +353 1 5187500.

HubSpot is certified under the terms of the “Swiss – US Privacy Shield” and is subject to TRUSTe’s Privacy Seal.

More information about HubSpot’s privacy policy
You can find more information about the cookies used by HubSpot here & here

9. How do we process data via social media?

10. Are there other processing operations?

Yes, because very many processes are not possible without processing personal data, including standard and even unavoidable internal processes. It is not always possible to determine this precisely in advance, nor the scope of the data processed, but below you will find details of typical (though not necessarily frequent) cases:

Communication: If we are in contact with you, we process information about the content of the communication and the type, time and place of the communication. We may also process proof of identity information for your identification.

Compliance with legal requirements: We may disclose data to authorities as part of legal obligations or authorisations and to comply with internal regulations.

Prevention: We process data to prevent criminal data and other offences, e.g. as part of the fight against fraud or internal investigations.

Legal proceedings: If we are involved in legal proceedings (e.g. court or administrative proceedings), we process data, e.g. about parties to the proceedings and other persons involved, such as witnesses or persons providing information, and disclose data to such parties, courts and authorities, possibly also abroad.

IT security: We also process data for monitoring, controlling, analysing, securing and checking our IT infrastructure, as well as for backups and archiving data.

Competition: We process data about our competitors and the market environment in general (e.g. the political situation, the association landscape, etc.). We may also process data about key individuals, in particular their name, contact details, role or function and public statements.

Transactions: If we sell or acquire receivables, other assets, business units or companies, we process data to the extent necessary to prepare and execute such transactions, e.g. information about customers or their contact persons or employees, and also disclose corresponding data to buyers or sellers.

Other purposes: We process data to the extent necessary for other purposes such as training and education, administration (e.g. contract management, accounting, enforcement of and defence against claims, evaluation and improvement of internal processes, preparation of anonymous statistics and analyses; acquisition or sale of receivables, businesses, parts of businesses or companies and protection of other legitimate interests.

11. How long do we process personal data?

We process your personal data as long as it is necessary for the purpose of processing (in the case of contracts, generally for the duration of the contractual relationship), as long as we have a legitimate interest in storing it (e.g. to enforce legal claims, for archiving and/or to ensure IT security) and as long as data is subject to a statutory retention obligation (e.g. a ten-year retention period applies to certain data). After these periods have expired, we delete or anonymise your personal data.

12. Data security

We take appropriate technical and organisational security precautions to protect your personal data from unauthorised access and misuse, such as issuing instructions to our employees, confidentiality agreements, internal training or awareness-raising for data protection, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation and controls.

13. What are your rights?

You have certain rights under applicable data protection law to obtain further information about our data processing and to influence it;

You can request further information about our data processing. We are at your disposal for this purpose. You can also submit a request for information if you would like further information and a copy of your data;

You can object to our data processing, in particular in connection with direct marketing;

You can have incorrect or incomplete personal data corrected or completed or have it supplemented by a note of dispute;

You also have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format, provided that the corresponding data processing is based on your consent or is necessary for the fulfilment of the contract;

If we process data on the basis of your consent, you can withdraw your consent at any time. The revocation is only valid for the future, and we reserve the right to continue processing data on another basis in the event of revocation.

If you wish to exercise such a right, please contact us (Section 2). As a rule, we will have to verify your identity (e.g. by means of a copy of your ID). You are also free to lodge a complaint against our processing of your data with the competent supervisory authority, in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC).

14. Changes

We may amend this privacy policy at any time without prior notice. The current version published on our website shall apply. If the privacy policy is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.