Okomo Privacy Policy

Okomo Privacy Policy

Important note: The German version of this document will govern our relationship – this translated version is provided for convenience only and will not be interpreted to modify the German version.

 

Okomo AG (hereinafter referred to as “Okomo” or “we”) respects your privacy and takes great care to protect your data and its confidentiality. The collection and use of personal data is therefore exclusively within the framework of the legal provisions of the applicable data protection laws of the European Union and Switzerland.

This Privacy Policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “Data”) within the Okomo Services, e.g. use within the Okomo solution and online offering (“Services”) as well as the websites, functions and content associated with them and external online presences, such as our social media profiles. With regard to the terms used, such as “processing” or “responsible body”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

1. Responsible

is the body responsible for the collection, processing and use of data in accordance with the EU General Data Protection Regulation (“GDPR”):

Okomo AG
Rebbergstrasse 20
8832 Wollerau
Switzerland

You can reach our data protection officer not only by post but also by e-mail at [email protected].

2. Subject of data protection

The subject of data protection is personal data. According to Art. 4 No. 1 GDPR, this is all information relating to an identified or identifiable natural person; this includes, for example, names or identification numbers.

3. Collection and use of data

Personal data is collected when you use our website, insofar as this is necessary for technical reasons or if you use certain functions or services offered on our website, such as the Okomo solution or apply to become a partner or employee. In addition, we process data that we receive from you when you contact us.

3.1 Visiting our website
When you access our website, your end device automatically transmits data for technical reasons. This data is stored separately from other data that you may transmit to us: Date and time of access, browser type/version, operating system used, URL of the previously visited website, IP address (shortened by one octet).

The processing of this data is necessary in order to enable you to visit the website and to ensure the permanent operability, availability and security of our systems. The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.

The access data is temporarily stored in internal log files for the purposes described above in order to compile statistical data on the use of our website, to further develop our website with regard to the usage habits of our visitors and to maintain our website in general for administrative purposes. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in the proper optimisation of our website.

Further information on data collection and use during visits to our website can be found in sections 4.2.a (Google Analytics), 4.2.b (Hotjar) and 4.2.c (HubSpot).

3.2 Comment functions on the website
When you visit our blog, we offer the possibility to voluntarily post a comment. Name, email address and the comment text are mandatory fields, and optionally it is possible to specify a website. The comments will only be activated after manual review by the team. Released comments are then publicly displayed under the corresponding blog post. If you would like to change or delete the comment, please contact us.

In this case, the collection and processing of your personal data is carried out in order to be able to publish your comment on the website, Art. 6 para. 1 lit. b GDPR.

3.3 Contact forms on the website
We also offer you the possibility via our website to send us inquiries about a partnership, inquiries about a company presentation and an investment paper for an investment in our company, inquiries for a presentation of our product (“Demo”) within the scope of a direct contact form. In addition, we offer you the opportunity to contact us within the framework of special events or other events on action pages.

For the use of all contact forms provided by us, it is particularly necessary to provide your name, an e-mail address and, if necessary, a telephone number so that we can reach and address you. Other mandatory fields are marked as such. In order to enable us to make a quick initial assessment of your request, you can also provide further information.

We process the data you provide in the contact form in order to answer your enquiry, check your application, put together an individual offer, contact you for the purpose of further discussions or to be able to react to requests, questions and criticism. The legal basis of the data processing described is Art. 6 Par. 1 lit. b GDPR.

3.4 Newsletter
We offer a free newsletter for interested parties, customers and partners. The newsletter informs you about our company and the development of the Okomo service, as well as about related topics.

To receive our newsletter, please enter your e-mail address under the following Link. After your registration we will send you an e-mail to confirm your subscription. Only after you have confirmed your registration, you will receive the newsletter.

You can cancel the newsletter at any time. Each newsletter will contain information on how to unsubscribe with effect for the future.

In this case, the collection and processing of your personal data is carried out in order to be able to offer you the newsletter as ordered by you, Art. 6 Para. 1 lit. b GDPR.

3.5 Application
further, we offer you the opportunity to contact us by email for the purpose of applying for an advertised position. The collection of your personal data during the application process and the associated data processing is necessary for the implementation of pre-contractual measures, which are carried out at your request, based on Art. 6 para. 1 lit. b GDPR.

The following personal application data may be processed as part of the application process, in particular, but not exclusively, all personal data that you provide us with about your application: Name, e-mail address, telephone number, picture, cover letter, resume, LinkedIn profile, and the position you applied for, status, notes and plans regarding your application and e-mail communication

Once the application process has been completed, we delete the personal data we have received from you in the course of the application process, in principle within a period of 12 months.

3.6 Communication with our customer service
If you contact our customer service or are contacted by them, depending on the contact channel, we will collect the personal data you have transmitted for the purpose of processing your request, such as Your email address, your telephone number and, if applicable, your name. In order to process your request properly, we may need further information (e.g. a customer number or address).

We will use this information to process your request properly and, if necessary, to connect you with the responsible person. The legal basis for data processing when contacting our customer service is Art. 6 Para. 1 lit. b and lit. f GDPR. The data will generally be deleted after the expiry of the limitation period for the underlying process, provided that it does not have to be saved due to the connection with another process. otherwise, the statutory retention requirements apply.

3.7 Use of the Okomo service
If you are a contractual partner or interested in our Okomo solution and use our services, we collect master data (e.g. name and addresses), contact details (e.g. e-mail) as part of the cooperation and communication with you for the purpose of providing our contractual or pre-contractual services and obligations. Mail and telephone numbers) as well as contract data (e.g. contract content, contractual communication, names of contact persons) and possibly payment data (e.g. bank details, payment history).

As a contract partner of Okomo, you have access to our admin and expert portals. In order to use the two portals, each user is required to provide their name, an email address and a password. Before transmission, the password is made illegible (hashed), transmitted in encrypted form and saved. Through the communication of your experts with your end customers via the Okomo solution, depending on the setting and use of the individual functions, name, email address, chat history, exchanged documents and agreed online appointments are saved. No data is saved and the call is not recorded during the consultation via audio and video call and screen sharing.

This end customer communication data is automatically deleted after a period of 12 months. All data is transmitted and stored encrypted. In order to delete stored data of your end customers prematurely, you can select and delete the interaction. When an expert or administrator is deleted, all associated data (including login data, profile photo, description text, availability and end customer interactions) are permanently deleted.

In addition, Okomo stores anonymized telemetry data for the use and improvement of the service and for statistics collection. These telemetry data do not store an IP address and do not allow any conclusions to be drawn about individual persons.

The operation of our services requires infrastructure, computing capacity, storage space and database services for which we use Microsoft Azure, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. Microsoft collects anonymized data based on our legitimate interests in the efficient and secure provision of our online and service offering in accordance with Art. 6 Para. 1 lit. f. i.V.m. Art. 28 GDPR. You can find more information in the EU-US Privacy Shield and the Privacy Policy from Microsoft Corporation.

We use a service from Twilio Inc., Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105 USA to initiate an audio or video call and screen sharing. At no time will personal data be transferred to Twilio or processed. Twilio only collects anonymized data based on our legitimate interests in the efficient and secure provision of our online and service offering in accordance with Art. 6 Para. 1 lit. f. i.V.m. Art. 28 GDPR. For more information, see the EU-US Privacy Shield and the Privacy Policy from Twilio Inc.

Experts can optionally synchronize their Microsoft Office 365, Microsoft Outlook.com or Google calendar with Okomo. Only the following information is stored, which does not contain any personal identifiable information: Required information for calendar synchronization (access token, refresh token) and required information for the individual’s calendar entries (only start and end time, no title, content or participants, whereas the entries will be shown as busy). Upon disconnecting the synchronized calendar, the data will be deleted.

We process the data of our contractual partners and interested parties in accordance with Art. 6 Para. 1 lit. b. GDPR to provide services to you. The data processed here, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship.

3.8 Maintaining contacts
For the purpose of maintaining contacts, we use the Customer Relationship Management System [CRM] from HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA (“HubSpot”) and the Office 365 Suite (SharePoint, Teams, Planner, Exchange) from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (“Microsoft”). In CRM and the Office 365 suite, we collect company contacts and information from business partners, customers and prospects.

The HubSpot servers that we use are generally located within the European Union. However, for technical reasons, parts of your data may e.g. processed within the scope of HubSpot support services in countries outside the European Economic Area, especially in the USA. In order to ensure the protection of your data in this case too, HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA takes on the EU-US Privacy Shield . The legal basis is Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in organizing our business contacts efficiently using an external service provider.

The Microsoft servers that we use are generally located within the European Union. However, for technical reasons, parts of your data may e.g. are processed as part of Microsoft support services in countries outside the European Economic Area, especially in the USA. In order to guarantee the protection of your data in this case, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA takes on the EU-US Privacy Shield . The legal basis is Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in organizing our business contacts efficiently using an external service provider.

4. Cookies and usage analysis

We save so-called “cookies” in order to be able to offer you all the functions of our website and the Okomo service and to make their use more convenient. Cookies are small files that are saved on your device using your internet browser. Cookies are only stored locally on your device and you can delete them at any time. If you do not want cookies to be used, you can prevent cookies from being stored on your device by configuring your Internet browser accordingly. Please note that the functionality and range of functions of our website and the Okomo service may be restricted.

Specifically, we use the following cookies:

  • Okomo cookie to ensure functionality and to ensure that certain information does not have to be provided multiple times (details under section 4.1);
  • Cookies from Google Analytics for statistical analysis of the use of the website and for the improvement of our offer (details under 4.2a);
  • Hotjar cookie to evaluate the use of the website and to improve our offer (details in section 4.2b);
  • HubSpot cookie, which among other things ensure that the service can recognize whether a communication has already taken place (details under section 4.2c).

4.1 Use of own cookies

When you visit our website or use the Okomo service, different cookies are used.

We use our own cookies on the website in particular to note that you have been shown information placed on our website so that it is not displayed again the next time you visit the website. The main purpose of our own cookies is to make the use of our services as time-saving and user-friendly as possible. We want to enable you to use our website more conveniently and individually. The processing of the respective cookies is based on our aforementioned legitimate interests, the legal basis is Art. 6 para. 1 lit. f GDPR.

The following cookies are saved when you use the Okomo service:

  • Okomo expert portal: a cookie that stores your basic expert information (including name, email address, language, time zone, description) and enables easier login;
  • Okomo admin portal: a cookie that enables easier login;
  • Okomo end customer webapp: a cookie that allows you to contact a consultant, make appointments and have a conversation. Your name and email address and, if applicable, the chat messages are stored in this cookie.

4.2 Use of third-party cookies for usage analysis

We also use various approaches on our website to better understand the use of the website and to find out which content is particularly relevant for our users and what type of devices they were visited on. This enables us to optimize our content and adapt the page design to the browser types and devices actually used.

For this purpose we use the services of various external providers, which are listed below. The legal basis for the data processing described below is Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in the needs-based design and continuous optimization of our website.

4.2a) Google Analytics

Our website, as well as the Okomo Expert Portal and the Okomo Adminportal, but not the Okomo End Customer Webapp, use the web analytics service Google Analytics, which is offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses 14-month cookies to collect your anonymous access data when you visit our website. The access data is summarized by Google on our behalf to pseudonymous usage profiles and transferred to a Google server in the USA. Before hand, your IP address will be anonymized. Therefore, we cannot determine which usage profiles belong to a particular user. Based on the data collected by Google, we cannot identify you or determine how you use our website. In the event that, exceptionally, personal data is transferred to the United States, Google has also contacted the EU-US Privacy Shield subject to. Google is thus committed to ensuring the European data protection principles and the local data protection level also within the framework of data processing taking place in the USA.

Google will use the information obtained through cookies on our behalf to evaluate the use of our website, to compile reports on website activity and to provide us with other services related to website and internet usage. For more information, see the Google Privacy Policy.

You can object to the web analysis by Google at any time. You have several options for this: (1) You can set your browser to block cookies from Google Analytics (Enable Do not Track Mode). (2) You can adjust your settings for advertising on Google. (3) You can install the Google Analytics deactivation plug-in provided by Google at the following link in your Browsers Firefox, Edge, Safari, Opera or Chrome (this variant does not work on mobile devices): browser-plugin.

For more information about Google Analytics, please refer to the Google Privacy Policy.

The data stored by Google Analytics is stored for a period of 14 months. At the end of this period, Google Analytics only keeps aggregated statistics.

The use of Google Analytics is based on our legitimate interest in a needs-based design, the statistical evaluation as well as the efficient promotion of our website and the fact that your legitimate interests do not prevail, Art. f GDPR.

4.2b) Hotjar

Our website also uses the web analysis service Hotjar, which is offered by Hotjar Ltd, Level 2 St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 3155, Malta (“Hotjar”). This collects completely anonymized usage data that provides information about how the website is used. Hotjar saves a cookie with a validity of 14 months to collect your anonymous access data when you visit our website. At no time is it possible to draw conclusions about individual persons. The data is automatically deleted after 14 months. For more information, see also Hotjar’s privacy policy.

You can object to the web analysis by Hotjar at any time. You have several options for this: (1) You can set your browser so that cookies are blocked by Hotjar (activate Do not Track Mode). (2) You can change your settings according to the instructions from Hotjar to adjust.

4.2c) HubSpot

In addition to the purpose of maintaining contacts, we also use the CRM from HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA in the context of our website, the Okomo expert portal and the Okomo admin portal, but not the Okomo end customer web app, for usage analyzes by create our website and improve the user experience. On our behalf, HubSpot groups the access data into anonymous usage profiles and transfers it to a HubSpot server in the USA. Your IP address will be anonymized beforehand. We can therefore not determine which usage profiles belong to a particular user. Based on the data collected by Google, we can neither identify you nor determine how you use our website. In the event that personal data is exceptionally transferred to the USA, HubSpot has also adopted the EU-US Privacy Shield. HubSpot is committed to guaranteeing the European data protection principles and the local level of data protection also in the context of data processing taking place in the USA.

HubSpot will use the information obtained from the cookies on our behalf to evaluate the use of our website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. Further information can also be found in the data protection declaration of HubSpot.

You can object to the web analysis by HubSpot at any time by setting your browser so that cookies are blocked by HubSpot (activate Do not Track Mode).

The data stored at HubSpot is generally stored until it is requested to be deleted. After this time, the data will be deleted within 30 days.

The use of HubSpot is based on our legitimate interest in a needs-based design, the statistical evaluation as well as the efficient advertising of our website and the fact that your legitimate interests do not prevail, Art. 6 para. 1 lit. f GDPR.

5. Links to other websites

Our website may link the websites and online offers of other providers not affiliated with us. If you use these links, we no longer have any influence on what data is collected by the respective providers and which data is collected by you. Detailed information on data collection and use can be found in the data protection declaration of the respective provider. As the collection and processing of data by third parties is beyond our control, we cannot assume any responsibility for this.

We include videos from Google Ireland Limited’s YouTube platform, Gordon House, Barrow Street, Dublin 4, Ireland, on our website. By clicking on the YouTube videos, Google receives the information that you have viewed a corresponding video of our website. This is done regardless of whether you are logged in to Google or your YouTube account or not. When you are logged in, the information about the video being played will be directly associated with your Google account and your YouTube account. If you do not wish to do so, you must log out before playing the video. Google stores your data and uses it, if necessary, for advertising, market research and to design its own websites according to requirements. Such an evaluation is carried out even for unlogged users. For more information, please contact the Privacy Policy, you can also opt out of a Opt-Out.

Okomo also presents itself within social networks and other online platforms in order to communicate with current and future business partners, customers and prospects as well as potential applicants and to inform them about our services. The processing of personal data is carried out on the basis of our legitimate interests in effective information and communication in accordance with Art. f. GDPR. If the data subjects are asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis of the processing is Art. a., Art. 7 GDPR. A detailed description of the respective processing and the possibilities of opposition can be obtained from the linked information provided by the providers: Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland): Agreement on Joint Processing of Personal Data, Privacy Policy, Privacy Shield. Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA): Privacy, Privacy Shield. LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland): Privacy Policy, Privacy Shield.

6. Disclosure of data

6.1 Request from law enforcement authorities

In principle, the data collected by us will only be passed on if you give your express consent in accordance with Art. 6 sec. 1 lit. a GDPR, the transfer in accordance with Article 6(1) of the lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to believe that there is an overriding interest worthy of protection in the absence of disclosure of the data, we are required under Article 6(1) lit. c GDPR are legally obliged to pass on or are permitted by law and are legally permissible in accordance with Art. b GDPR is required for the processing of contractual relationships with you or for the implementation of pre-contractual measures, which are taken at your request.

6.2 Order processing companies

We rely on contractually affiliated third-party companies and external service providers for the provision of our service ( “processors”). If we pass on data to our service providers, they may only use the data for the performance of their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions and confidentiality regulations, have appropriate technical and organisational measures in place to protect the rights of the data subjects, ensure an adequate level of data protection and are carefully monitored by us.

In addition, disclosure may be made in connection with administrative requests, court orders and legal procedures where necessary for the prosecution or enforcement.

In particular, we use the following processors:

  • Google LLC (Google Analytics), see 4.2.a)
  • Hotjar (Website Analytics), see 4.2.b)
  • Hubspot Inc (Sales), see 4.2c) and 3.8
  • Microsoft Corporation (Office 365, Microsoft Azure), see 3.8
  • Virtido (Ricentis GmbH Switzerland)

6.3 Corporate structure

As part of the further development of our business, the structure of Okomo AG may change by changing the legal form, by setting up, buying or selling subsidiaries, parts of companies or components. In such transactions, the customer information is shared with the part of the company to be transferred. Any transfer of personal data to third parties to the required extent will ensure that this is done in accordance with this Privacy Policy and the relevant data protection laws.

Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances if necessary and that your rights and interests in the protection of your personal data do not prevail, in accordance with Art. f GDPR.

7. Deletion of your data

We delete and anonymize your personal data as soon as it is no longer necessary for the purposes for which we collected or used it in accordance with the preceding paragraphs. As a rule, we store your personal data for the duration of the user or contract relationship. In particular, we will delete your data in the following cases according to the following deadlines:

  • Okomo Services: 12 months (manual deletion by customer possible)
  • Google Analytics: 14 months
  • Hotjar: 12 months
  • Microsoft Office 365: According to a manual request, within 30 days
  • HubSpot: According to a manual request, within 30 days

After expiry of these deadlines, the data will be deleted, unless this data is needed for a longer period of time due to statutory retention periods, for criminal prosecution or for securing, asserting or enforcing legal claims. In this case, they are locked. The data will no longer be available for further use.

8. Automated case-by-case decisions or profiling measures

We do not use automated processing processes to make a decision, including profiling.

9. Your rights

9.1 Right of Access

You have the right at any time in accordance with Art. 15 GDPR to request information about the processing of your personal data by us. We will explain the data processing to you in the context of the provision of information and provide you with an overview of the data stored about you.

9.2 Right to correct incorrect data

If data stored by us is incorrect or out of date, you have the right to have this data corrected based on Art. 16 GDPR.

9.3 Right to erasure

You can also request the deletion of your data in accordance with Art. 17 GDPR. If, exceptionally, deletion is not possible due to other legal provisions, the data will be blocked so that it is only available for this legal purpose. Furthermore, in accordance with Art. 18 GDPR, you have the right to request a restriction of the processing of the data.

9.4 Right to data portability

You have the right to request that you receive your personal data that you have provided to us in accordance with Article 20 GDPR and to request their transmission to other controllers.

9.5 Right of Withdrawal and Opposition

In accordance with Art. 7 sec. 3 GDPR, you have the right to revoke your consent to us at any time. As a result, we will no longer continue to process data based on this consent for the future. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Insofar as we provide your data on the basis of legitimate interests in accordance with Art. f GDPR, you have the right, in accordance with Article 21 GDPR, to object to the processing of your data and to give us reasons that arise from your particular situation and which, in your opinion, support the preponderance of your legitimate interests. If there is an objection to data processing for direct marketing purposes, you have a general right of objection, which is implemented by us even without giving reasons. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

9.6 Right of Appeal

They finally have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 GDPR. You may assert this right with a supervisory authority in the Member State of your place of residence, your place of work or the place of alleged infringement.

9.7 Use of your rights

If you wish to exercise your rights or your right of withdrawal or right of objection, an informal notification to the above in section 1.

 

Last updated: April 2020