Privacy Policy

General terms

Privacy policy

In this privacy policy, we would like to provide you with information about how we collect and process any personal data obtained in the context of your use of our website and our professional relationship with you. The responsible entity for the processing of data as specified in this privacy policy is "Notion Buddy", "we", "us" or "our" :

Notion Buddy administered by 8 WEEKS GmbH
Hübeliweg 17, 3250 Lyss, Switzerland

Phone: +41 79 332 62 96
Email: [email protected]
Website: https://notion-buddy.com

Throughout this privacy policy, any mention of Notion Buddy also applies to 8 WEEKS GmbH and any of its affiliated companies.

As far as our website is concerned, we waive all responsibility and liability for any links on our website connecting users to a third party website. By choosing to click on any such link, you as a user assume full responsibility.

The collection and storing of personal data and purpose of use

Principle 

Personal data means any information relating to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, irrespective of the means and procedures used, in particular the collection, storage, keeping, use, modification, disclosure, archiving, deletion or destruction of data.

We process your personal data in accordance with the Federal Act on Data Protection (FADP) and, where applicable, the European Union’s General Data Protection Regulation (GDPR).

Collection of personal data

Personal data encompasses all information concerning an identified or identifiable natural person.

We primarily process personal data which we collect as a result of running our website or other applications, or that we receive from our customers, employees and business partners, in the context of our business relationship with them or other persons involved as a result of a mandate or some other contractual relationship or through correspondence (electronically as well as regular mail).

We primarily collect most of the data pertaining to you from you personally. To the extent permitted, we may also collect personal data from sources accessible to the public (e.g. through the media or the internet), from public registries (e.g. the commercial register, the debt collection register or the land register), from authorities, from your employer, employees or colleagues, from other persons from your environment (e.g. references, your address for deliveries, power of attorney, etc.) or from any other third parties.

If you provide us with data about other persons (e.g. family members, representatives or other associated persons), we assume that you are authorised to do so and that this data is correct and that you have ensured that these persons are informed about this disclosure, insofar as a legal obligation to provide information applies (e.g. by bringing this privacy notice to their attention in advance).

The scope of the data processed by us depends on the existence and the specific nature of our mandate or contractual relationship with you. We collect personal data, that you provide to us, such as by filing out a contact form, registering for an account, using interactive features, subscribing to a service, participating in a marketing promotion, ordering a product or a service, requesting information and/or material. Normally, this kind of data includes your name, address, e-mail address and telephone number, information we may obtain from our third-party service providers.

Visiting our website

When you visit our website https://notion-buddy.com information is automatically sent to our website’s server through the browser used on your end device. This information is temporarily saved in a log file. The following information will be collected and saved without your active contribution until its automatic deletion:

  • IP-address of the device sending the query
  • Time and date of the access
  • Name and URL of the file retrieved
  • Website from which our website was accessed (referring URL)
  • Browser used and, where applicable, operating system of your computer as well as your access provider’s name

We will use this data to guarantee the smooth establishment of a connection to our website, convenient use of our website, to analyse our system security and stability as well as for other administrative purposes. The processing of data is justified by the purposes listed above. Under no circumstances do we use the collected data to draw conclusions on your person.

Moreover, we do use cookies.

Purpose and legal basis of data processing

When you use our services, our website or have any discussion with us, we process the personal data required in this context. We process your data only for specified purposes and only in cases permitted by law, namely:

  • to initiate and conclude contracts and/or a business relationship with you: As part of contract negotiations and at the quotation stage, we may in particular obtain and process your name, contact details, powers of attorney, information about third parties, contract content, contract data, creditworthiness data and any other data that you provide to us or that we collect from public sources or third parties. This also applies if you apply for a job with us. In this case, in addition to your contact details and the corresponding communication, we also process the data contained in your application documents as well as the data that we can additionally obtain about you (e.g. from references provided).
  • to fulfil the contract existing between Notion Buddy and you or to maintain our business relationship with you: This also includes data processing for the management of mandates, the enforcement of contracts and accounting. For this purpose, we process in particular, the data that we receive or have collected (from you, from public sources or from other third parties) as part of the initiation, conclusion and fulfilment of the contract, as well as data that we create as part of our contractual services. This includes, in particular, notes, minutes, correspondence, contractual documents, background information, client-related information, proof of performance, invoices and financial and payment information.
  • for other communication purposes, including sending business correspondence, information and newsletters, responding to enquiries and for maintaining our contact list: For this purpose, we process in particular the content of the communication, your contact details and the marginal data of the communication.
  • to operate our website and improve our electronic services: We collect technical data in order to operate our website securely and in a stable manner and to improve our electronic services. For further information, see Section 19 et seq. of this privacy policy.
  • for security purposes and access controls: We obtain and process personal data in order to ensure and continuously improve the appropriate security of our IT and other infrastructure (e.g. buildings). This includes, for example, the monitoring and control of electronic access to our IT systems and physical access to our premises, system and error checks, the creation of backup copies, etc.
  • for compliance purposes, i.e. to comply with laws, directives and recommendations from authorities and internal regulations, for risk management and corporate governance.
  • for other purposes such as training and education purposes and administrative purposes (such as accounting).

Data processing is justified by your consent, the performance of a contract or pre-contractual actions, the fulfilment of legal requirements, our interests and other relevant legal bases.

If you have given us your consent to process your personal data for specific purposes, we will process your data within the scope of and based on this consent, given that there is no other legal basis in those cases requiring one. Consent that has been granted can be revoked at any time, but it has no impact on data processing that has already taken place.

Messages, notifications and updates

Communication for advertising purposes: we may send you marketing content regarding our website, services and products through a number of communication channels. Advertising will only be sent with your express consent.

Communication regarding informational and other purposes: We will send you messages which are necessary and important to all clients; messages containing vital information as well as messages as per your request. You cannot unsubscribe from the communications. However, you may be able to adjust the media and format through which you receive the notifications.

We will post any updates and significant changes made to the privacy policy on our website or communicate them to you by email.

Sensitive personal data / personality profiles

By visiting our website, neither do we collect any sensitive personal data, nor do we establish personality profiles based on the data from those visiting our website.

However, in the context of our mandate-based or business relationship with you, we may need to receive or collect particularly sensitive personal data from you. We attach great importance to protecting sensitive personal data.

We may create personality profiles with the data collected as part of our business relationship in order to provide you with targeted information and advice about certain services or products from us. To this end, we may use analysis tools which allow us to tailor our communication in a needs-based manner and to choose suitable options for advertising.

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, safeguarding of availability and their separation. We have also set up procedures to ensure that data subjects' rights can be exercised, data is deleted and we respond to data threats. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

The SSL procedure (Secure Socket Layer; "https") is used for data transmission on our website.

Data transmission to third parties

The provision of our services as well as our website may require us to use third party services. In this context, we may commission third parties, such as IT providers, to process your personal data.

Under certain circumstances, we may also potentially be obligated to disclose information pertaining to you to authorities or further third parties.

Your data will only be disclosed to third parties with your explicit consent. Furthermore, your data may be disclosed in cases where there is a legal obligation to do so, in case it is necessary for the enforcement of our rights, in particular for the enforcement of demands stemming from a contractual relationship, in case it is necessary for claims arising from contract, to fulfil the contract or the execution of pre-contractual measures (e.g. Swiss Post services or other courier services, telecommunication service providers, authorities in the field of debt collection measures etc.), in case we have a legitimate interest in doing so and your interests do not override ours, as well as in cases where there is another form of legal basis for it.

In all of these cases, we strictly adhere to the applicable data protection laws.

Data transmission abroad 

Under certain circumstances, your personal data may be disclosed to companies abroad. These companies, however, are bound by the same data protection standards as we are.

In case the level of data protection in the country where the recipient company is based does not correspond to the level of data protection in Switzerland or the European Union, we will ensure that an appropriate level of data protection is guaranteed. This can be done through a contractual obligation to maintain an adequate level of data protection by means of standard data protection clauses of the European Commission (available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj , including the supplements required for Switzerland) or a supervisory authority, through a contract under international law, through data protection clauses in the contract communicated to the FDPIC in advance, through specific guarantees drawn up by the Confederation and through binding or approved internal company data protection regulations.

Retention period

We only store your personal data for as long as it is required in order to fulfil the individual purposes for which the data was collected, and to the extent permitted under the relevant applicable laws.

In any case, we store your personal data for as long as statutory retention obligations exist or limitation periods for potential legal claims have not yet expired.

We would like to point out that regular backups are made of all data stored electronically. Even after final deletion of the electronic data, it may be possible to restore it from the backups.

Data security

We take all appropriate technical as well as organizational security measures in order to protect your personal data from any unauthorized access as well as from abuse. This includes the issuing of internal guidelines, internal trainings, adequate IT and network security solutions, access controls as well as restrictions etc.

The SSL procedure (Secure Socket Layer, “https”) is used for the transmission of data on our website.

Transmission of personal data

You of course have the option of contacting us by e-mail. If you choose to do so, your e-mail address, the date, content and subject of your e-mail as well as the contact details you provided us with for the purpose of processing your request and in case of follow-up questions will be saved, as long as is necessary for the completion of the tasks assigned to us or as long as we are obligated to do so by law.

The use of e-mails is not secure from a technical point of view. For example, e-mails may fail to be delivered. When e-mails are transmitted, they may leave national borders, even if the sender and recipient are in Switzerland. The confidentiality of e-mails can therefore not be guaranteed if they are not encrypted or if the encryption is inadequate. Unencrypted e-mails are therefore not suitable for the transmission of confidential information.

By choosing to send us an e-mail, you agree to communication via e-mail with full knowledge of the risks stated above.

Your rights 

Right of access and rectification

You have the right to access to the information about your personal data processed by us free of charge at any time. In particular, you can request information regarding the purpose of the data processing, the category of personal data processed, the categories of the recipients of your data, the planned retention period for your data etc. In addition, you have the right to request rectification of inaccurate personal data.

Please do not hesitate to contact us for this purpose. You can find our contact details in section 18 of this privacy policy.

Right to withdraw consent, to data portability, to object, to delete (right to be forgotten) and restrictions

Under certain circumstances, you shall have the right to withdraw your consent at any time to the processing of your data, object to it or request your data be erased. If applicable, you also have the right to receive the personal data concerning you, which you have provided to us, and that it be returned to you (right to data portability).

If you would like to make use of these rights, please contact us. You can find our contact details under section 18 of this privacy policy.

Please note, however, that conditions, exceptions or restrictions apply to these rights (e.g. to protect third parties or business secrets). In addition, we are obliged under commercial and tax law to retain accounting documents for at least 10 financial years or longer. We can therefore neither delete nor process the personal data contained in these documents. In those cases, your deletion request is therefore only valid for future processing.

In case of ongoing services at the time we receive your objection, withdrawal or deletion request, your data will continue to be processed until our business relationship is completely ended. Your revocation does not have an impact on the execution of existing contractual relationships and does not constitute an extraordinary reason for termination.

Right to revocation of data protection consent and deletion

If the data processing is based on your consent, you can revoke your consent at any time and request the deletion of your personal data. Please also note the information on erasure in section 15 of this privacy policy.

If you would like to exercise these rights, please contact us. Our contact details can be found in section 18 of this privacy policy.

Modifications

We reserve the right to modify this privacy policy at any time without prior notice.

The applicable version is the current version published on our website. If the privacy policy is part of an agreement with you, we will inform you of the change in an appropriate manner in the event of an update.

Contact

We are happy to answer any questions regarding this privacy policy or regarding your personal data. Please send us an e-mail to email [email protected]. You may also contact us by phone under +41 77 491 51 55.

Special information regarding accessing our website

Cookies

We do not use any cookies on this website. We might lack some insights into our users behaviour and expect our customers to speak up if they have any issues.

Social Services 

We do not use any social plugins. We only have links pointing to Facebook, Twitter/X and LinkedIn to share contents from this side. Every provider is directly responsible to guarantee that the operation of their website adheres to data protection regulation:

Google services

We do not use any google services to provide privacy by default.