Call us for free
0221/97587891
en

MOVEAGAIN GmbH

PRIVACY POLICY & COOKIE POLICY

Privacy & Cookie Policy

Version from [1.03.2021]

The Privacy Policy (hereinafter referred to as "A.") explains how we, Moveagain GmbH, Holzgasse 7-11, 50676 Köln, Germany (hereinafter referred to as "we", "us" or the like) collect and process personal data in connection with the operation and use of our website and online mediation platform (hereinafter collectively referred to as the "Platform"), which can be accessed via the URL www.moveagain.de, and its applications.

Furthermore, the Cookie Policy (hereinafter under B.) explains how we use cookies and comparable techniques in this context.

The responsible and legally compliant handling of personal data is very important to us. We comply at all times with current and applicable law, in particular the EU General Data Protection Regulation (GDPR), to the standard of which this Privacy Policy & Cookie Policy are aligned.

If you are acting for a company, we will assume that you are authorised to act for that company. When we refer to "you", "your", "you're" or the like in this Privacy Policy & Cookie Policy, we always mean the company you are acting for and its employees, whose data we protect in the same way as yours, and to whom the following Privacy Policy also applies.

The following privacy policy also notifies you of your rights under the GDPR and the options you have to manage your personal data and protect your privacy.

We may amend this privacy policy and the cookie policy at any time without prior notice. The current version published on the platform applies.

A. PRIVACY DECLARATION


The data controller for the platform is Moveagain GmbH, Holzgasse 7-11, 50676 Köln. If you have any data protection concerns, you can contact our data protection officer by e-mail or letter. You can reach him or her as follows:

  • MoveAgain GmbH
  • Alexander Renner
  • Holzgasse 7-11, 50676 Köln
  • info@moveagain.de

In the context of the GDPR, personal data means all personal data relating to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing means any handling of personal data, in particular its collection, storage, retention, use, modification, disclosure and deletion.

If you provide us with personal data of other persons (e.g. family members, work colleagues), you must ensure that these persons have consented to such provision and have taken note of the contents of this privacy policy.

1. Data collected and processed on the platform


We process personal data that we receive from you or collect about you in connection with the operation and use of our platform and its applications. The entry of personal or business data on our platform and its applications is voluntary.

Please note:


You are under no legal or contractual obligation to provide us with the personal data specified in this privacy policy. However, if you do not provide us with certain personal data, we may not be able to enter into a contract with you and you may not be able to use our services and platform or may only be able to use them to a limited extent.

When we make our platform available, we process personal data from various sources. On the one hand, this is data that we automatically process for technical reasons each time a visitor accesses the platform. On the other hand, we only process certain data if you decide to contact us or to use certain functions of the platform.

a. Data that we process automatically when you visit our platform

As soon as you visit the platform, you send technical information to our web servers, which we store in server log files. This happens regardless of whether you subsequently contact us (e.g. via the contact form). In any case, we collect the following usage and web access data (which we call "usage data" below):

  • the date and time of the visit and the duration of the use of the platform;
  • Your location details (as far as you allow access in your browser and device);
  • the IP address and MAC address of your device;
  • the referral URL (the website from which you may have been referred);
  • The data is used to identify the websites and content accessed and the functions used on the platform;
  • further information about your device (device type, browser type and version, settings, installed plug-ins, operating system).

We process the usage data exclusively in a pseudonymous manner to enable you to use the platform and to ensure its functionality. At no time can we use the usage data to identify you as a person. In addition, we process the pseudonymous usage data to analyse the performance of the platform, to continuously improve it and to correct errors or to personalise the content of the platform for you. We also process the usage data to ensure IT security and the operation of our systems and to prevent or detect misuse, in particular fraud. These server log files are deleted after a maximum of 7 days. Our legal basis for processing this data is Art. 6 (1) lit. f) DSGVO

Cookies and other tracking tools: We use cookies for the automatic processing of usage data. Cookies are small text files that are stored on your device when you visit our websites and contain the above information about you. For more information about the use of cookies on the Platform, please see section B. (below).

b. Data that you transmit to us yourself

In addition to the data we process for all visitors to our platform, we also process other data when you use our contact form on the platform. You can see the details in the contact form. We process this data exclusively for the purpose of processing your request.

We also process your data if you register for our newsletter. You can find the required data in the registration form for the e-mail newsletter.

The legal basis in each case is Art. 6 (1) lit. a) DSGVO (your consent).

2. Data that we process in the provision of our services on the platform

a. Data collected on the platform

In addition, we process other personal data when you use our services on the platform. These are:

  • Your login details
  • Usage data

We process this data to provide you with services via the Platform. We also process this data in order to detect and correct errors, to improve the platform (for example through pseudonymous A/B tests to optimise the user interface) or, in individual cases, to prevent use in breach of contract or the law.

The legal basis for the processing of your registration data and the usage data within the framework of the platform is, with regard to the provision of the platform and the services mediated via it, Art. 6 (1) lit. b) DSGVO, and with regard to the other purposes Art. 6 (1) lit. f) DSGVO.

b. Third party data

Furthermore, we process personal data that we receive about you from third parties, in particular information from public registers (e.g. commercial register). The legal basis for this is, depending on the individual case, either Art. 6 para. 1 lit. b DSGVO or Art. 6 para. 1 lit. f DSGVO.

If we make advance payments (e.g. in the case of an order on account), we obtain creditworthiness information about you in order to protect the legitimate interests of MoveAgain. For this purpose, we transmit the personal data required for a credit assessment to PowerPay [address] ("PowerPay") or SCHUFA [address] ("SCHUFA"). The information received about the probability of a payment default is used for a weighed decision about the establishment, implementation or termination of the contractual relationship. The legal basis for this is Art. 6 (1) lit. f DSGVO.

We also process data on your interests and other socio-demographic data for marketing purposes, provided you have given us your consent to do so. The legal basis for this is your consent (Art. 6 para. 1 lit. a DSGVO).

3. The purposes for which we process your data


We process personal data in general:

  • with the consent of the data subject (Art. 6 para. 1 lit. a DSGVO),
  • for the performance of a contract with the data subject as well as for the implementation of corresponding pre-contractual measures (Art. 6 para. 1 lit. b DSGVO),
  • to fulfil a legal obligation to which we are subject (Art. 6 para. 1 lit. c DSGVO) as well as,
  • in order to safeguard the legitimate interests of us or of third parties, unless the interests or fundamental rights and freedoms of the data subject prevail (Art. 6 para. 1 lit. f DSGVO). Legitimate interests are in particular our business interest in being able to operate our platform and its applications, information security, the enforcement of our own legal claims and compliance with the law applicable to us.

In addition to the purposes for the data processing listed above (see points 1. and 2.), we process personal data for the following purposes:

  • Management of your customer account (Art. 6 para. 1 lit. b DSGVO)
  • Conclusion and processing of contracts for services that you order on our platform and its application (Art. 6 para. 1 lit. b DSGVO)
  • Ensuring the operation of our platform and its applications (Art. 6 para. 1 lit. f DSGVO)
  • Responding to enquiries you send us via contact and feedback forms on our platform and its applications (Art. 6 para. 1 lit. a DSGVO)
  • Fulfilment of our legal obligations at home and abroad (Art. 6 para. 1 lit. c DSGVO)

In addition, we also process personal data, insofar as legally permissible and this appears to us to be appropriate, for the following purposes in which we have a legitimate interest corresponding to the purpose:

  • Further development of our platform and its applications as well as our offers and services
  • Marketing (e.g. sending newsletters), provided you have registered to receive our newsletter and have not objected to the use of your personal data for marketing purposes.
  • Assertion of legal claims and defence in connection with legal disputes and official proceedings

4. To whom we transfer your data


Your personal data will only be disclosed to third parties if this is necessary for the provision of the platform and/or provision or use of the mediated services.

a. Disclosure to technical service providers

We share your data with the hosting providers, software suppliers and IT service providers listed below.

Our platform is hosted on [DigitalOcean - The developer cloud]. All these data recipients have entered into strict contractual agreements with us to process data exclusively within the scope of our instructions (so-called order processing agreements).

If you have registered to receive our newsletter, we will also pass on your data to the technical provider for the newsletter dispatch. We use MailChimp, a service of The Rocket Science Group LLC in Atlanta, USA ("MailChimp"), for the newsletter dispatch.

When you register for our newsletter, MailChimp first sends you an email in which you can confirm the registration for the newsletter mind ("double opt-in"). MailChimp stores your email address and any other data you provide as part of the newsletter registration, the date of registration and the IP address under which the registration was made. The storage and processing of this data by MailChimp takes place in the USA. You can find more information in their privacy policy under the following link:

https://mailchimp.com/legal/privacy/

We use the data you provide as part of the newsletter registration or separately to send you our newsletter regularly by e-mail based on your consent. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the addresses given above or via a link provided for this purpose in the newsletter. After unsubscribing, your e-mail address and the other data provided as part of the newsletter registration will be deleted, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this in accordance with this data protection declaration.

In our newsletters, where permitted, we use techniques (e.g. visible and invisible image elements and/or links) to determine whether and when you have opened the newsletter and which links have been clicked on, and to measure and better understand how you use our offers and tailor them to you.

By agreeing to receive newsletters, you consent to the use of the techniques used in our newsletters. Most email applications are pre-set to allow the use of these techniques. If you do not want this, then you must adjust the settings of your e-mail application (e.g. Microsoft Outlook) accordingly.

The data recipients also include the other third-party providers mentioned in our overview of cookies and analysis tools. Detailed information about the third-party providers we use in this context, e.g. for processing customer requests or web analytics, can be found in the information about cookies, web analytics and other tracking technologies at the end of this document (section B).

b. Disclosure to providers of services brokered via the platform

As we do not offer the services mediated via the platform ourselves, we pass on your personal data to the providers of the services that we have mediated to you via the platform in order to process the mediated contractual services.

c. Disclosure to payment service providers

Please note that we do not permanently store your credit card details (credit card number, CSV and expiry date), but only process them in order to transmit them in encrypted form to the service provider we refer via our platform. If you choose a MoveAgain product, we will use your payment data to collect the fee. We use the services of our partner Stripe, 510 Townsend Street, San Francisco, CA 94103, USA ("Stripe") in some cases. Where Stripe is involved, your credit card details are requested via an iFrame from the partner. Stripe collects and stores the data in order to transmit it in encrypted form to the organiser you have selected. Your credit card details are not transmitted to us in this case. You can find more information about Stripe here: https://stripe.com/en-gb-gr/privacy

In the event of default of payment, we may pass on your data to a bank or a debt collection service provider.

5. Data processing outside the EEA


We do not transfer your personal data to countries outside the EEA (so-called "third countries") without taking appropriate protective measures.

However, we will ensure that an adequate level of data protection is guaranteed at all times. We will ensure that either a so-called adequacy decision is in place, EU standard contractual clauses (including any necessary additional measures) are included in our contracts with processors or that other appropriate safeguards (such as Binding Corporate Rules or approved codes of conduct) are in place to ensure security of processing and an adequate level of data protection at all times.

6. Duration of storage


We process and store your personal data to the extent necessary to fulfil our contractual or legal obligations. Therefore, we store the data for the duration of the contractual relationship with you and after termination only to the extent and for as long as required by law (e.g. for the purpose of retention and documentation obligations). If the data is no longer required for the fulfilment of legal obligations (e.g. tax or commercial law), it will be deleted, unless further processing is necessary for the preservation of evidence or for the enforcement or defence of legal claims.

We store usage data within the scope of our services for a period of 3 years.

As soon as your personal data is no longer required for the above-mentioned purposes, we will delete it or make it anonymous. In the case of longer-term storage obligations, we restrict processing.

7. Automated individual rulings and user profiles


We do not process your personal data in the context of exclusively automated processing for the purpose of making decisions that produce legal effects vis-à-vis you or similarly significantly affect you. We do not use your data to create a personal user profile. Any evaluations of usage data are carried out exclusively anonymously on the basis of aggregated data of sufficiently large comparison groups to be able to exclude any identification of your person.

8. Data security


We take appropriate technical and organisational security precautions to protect your personal data from unauthorised access and misuse (e.g. encryption of data carriers and data transfers, access restrictions). Access to our platform and its applications is via SSL/TLS encryption.

9. Your legal rights under the GDPR


Under the GDPR, you can assert the following rights towards us:

  • Your right to information and access according to Art. 15 DSGVO,
  • Your right to rectification pursuant to Art. 16 of the GDPR,
  • Your right to deletion pursuant to Article 17 of the GDPR,
  • Your right to restriction of processing pursuant to Article 18 of the GDPR, and
  • Your right to data portability pursuant to Art. 20 of the GDPR.

You also have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR). You can file this complaint both at your place of residence, at your place of work or at the place of the data protection breach you are complaining about. You can also file a complaint with the supervisory authority at our place of business.

In addition, you can also revoke any consent you have given at any time. However, this revocation only applies for the future. Any processing that took place before the revocation remains unaffected. If you wish to exercise your rights as a data subject, you can also do so by contacting: [info@moveagain.de].

Information about your right to object according to Art. 21 DSGVO

In addition to the rights already mentioned, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation, provided that such processing is based on Art. 6(1)(f) DSGVO (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate circumstances that override your interests, rights and freedoms and therefore justify the processing.

You also have the right to object at any time to the processing of your personal data for the purpose of direct marketing (including subscription to our newsletter) without incurring any costs other than the transmission costs according to the base rates; this also applies to the creation of a user profile (so-called "profiling"), to the extent that this is associated with direct marketing. If you object, we will no longer process your personal data in the future.

Please note that you may not be able to use the platform or only to a limited extent if you do not provide us with certain data or if you object to the use of this data. The objection can be submitted informally to [info@moveagain.de].

B. COOKIE AND ANALYSIS GUIDELINES

1. General information on the use of cookies, other tracking techniques and analysis tools


On our platform and its applications, we use cookies and similar technologies to identify your browser or device to enable the use of certain functions and to make visiting and using our platform and its applications more attractive. Cookies are small files that are sent to your device or automatically stored on your device by the browser you are using when you access our platform. Among other things, this enables us to recognise you when you visit our platform again. We use so-called "session cookies", which are used during your visit to our platform and are deleted again when you close the browser, as well as so-called "permanent cookies", which store user settings and other information for a certain period of time. We use "permanent cookies" in particular to save certain user settings (e.g. language) and to analyse the use of our offers and content so that we can optimise these offers and content based on the analyses. Some cookies are set by us, others by service providers of us (e.g. Google). The list of third-party tracking technology providers used can be found below in section 3.

By using our platform and its applications, you agree to the use of cookies. If you do not want this, you must leave our platform or adjust the settings of your browser accordingly (see section 2). You have the option to restrict the use of certain cookies and tracking techniques via the cookie control panel on our platform.

2. Adjustment of the browser settings


Most browsers are preset to allow the use of cookies. However, in the settings of your browser you have the option, among other things, to block cookies, to save them only for one browser session or to delete them prematurely. If you block cookies, certain functions of our platform and its applications (e.g. language selection, ordering processes) may no longer function or no longer function properly.

3. Third-party providers of tracking techniques and analysis tools

Google Analytics, Google Web Fonts and Google TAG

We use Google Analytics. This service of Google LLC in Mountain View, USA ("Google") enables us to measure and evaluate the use of our platform and its applications on a non-personal basis. The service uses permanent cookies that Google sets. Google does not receive any personal data from us (and does not retain any IP addresses), but it can track your use of our platform and its applications, combine this information with data from other websites that you have visited and which are also tracked by Google, and use these findings for its own purposes (e.g. controlling advertising). If you have registered with Google yourself, Google also knows you. Google is responsible for processing your personal data in accordance with their data protection regulations. Google only informs us how our platform and its applications are used, without providing any information about you personally. You can find more information in Google's privacy policy under the following link:

https://policies.google.com/privacy

Google Ads and Google Conversion-Tracking:

We use Google Ads. This service of Google LLC in Mountain View, USA ("Google") is an online advertising programme. Within the scope of Google Ads, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. If you subsequently visit certain pages of our platform and the conversion cookie has not yet expired, Google and we can recognise that you clicked on the ad and were redirected to this page. Google uses the information collected via the conversion cookie to create conversion statistics for us and other Google Ads customers. This tells us the total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. We do not receive any information from Google with which we can identify you personally. For more information, please see Google's privacy policy at the following link:

https://policies.google.com/privacy

Google Maps, Google Invisible reCAPTCHA and YouTube:

We use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos. These services of Google LLC in Mountain View, USA ("Google") use cookies, among other things, and data is transferred to Google in the USA, although we assume that no personal tracking takes place in this context solely through the use of our platform and its applications. For more information, please see Google's privacy policy at the following link:

https://policies.google.com/privacy

Google Dynamic Remarketing

On our platform, we use the dynamic remarketing function of Google AdWords. The technology enables us to display automatically generated, target group-oriented advertisements after your visit to our platform. The ads are based on the products and services that you clicked on during your last visit to our platform. The provider of Google Dynamic Remarketing is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

Google uses cookies to create interest-based ads. Cookies are small text files that are stored in your browser when you visit our platform. Google usually stores information such as your web request, IP address, browser type, browser language, date and time of your request. This information is only used to associate the web browser with a specific computer. It cannot be used to identify an individual.

If you do not wish to receive user-based advertising from Google, you can disable the display of advertisements using Google's ad setting. For more information on how Google uses cookies, please see Google's privacy policy.

You can object to the collection or analysis of your data by this tool by following these application instructions from Google: https://support.google.com/ads/answer/7395996

Facebook Pixel, Facebook Custom Audiences and Facebook-Conversion:

We use the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc. in Menlo Park, USA or, if you are a resident of the EU, by Facebook Ireland Ltd. in Dublin, Ireland ("Facebook"). The service is used to analyse the use of our platform and its applications so that we can optimise the offer of our platform and its applications as well as our advertising based on this. With the help of the Facebook pixel, it is possible for Facebook to determine you as a visitor to our platform as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown interest in the offer of our platform and its applications or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. Furthermore, with the help of the Facebook Pixel, we can track the effectiveness of our Facebook Ads for statistical and market research purposes by seeing whether users were redirected to our platform after clicking on our Facebook Ads (so-called "conversion"). Facebook is responsible for processing your personal data in accordance with its data protection regulations. You can find more information in Facebook's privacy policy under the following link:

www.facebook.com/about/privacy/

Social Plugins:

We use so-called social plugins from social networks such as Facebook, Twitter and Pinterest on our platform. You can usually recognise the social plugins by the logos/symbols of the respective social networks. The social plugins enable you, among other things, to share certain content of our platform (e.g. a blog post). When you access our platform, your browser establishes a connection to the servers of the respective social network and transmits certain usage data (including the information that you are on our platform) to its operator.

We have no influence on the type and scope of the data collected in this process or its subsequent processing by the operators of the respective social networks. These operators are responsible for processing the data in accordance with their data protection regulations. You can find these under the following links:

Facebook: www.facebook.com/about/privacy/ and www.facebook.com/help/?faq=186325668085084

Instagram: https://help.instagram.com/519522125107875

Twitter: https://twitter.com/de/privacy

Pinterest: http://about.pinterest.com/privacy/

Salesforce

We use the CRM system of the provider salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, in order to be able to process user enquiries more quickly and efficiently (legitimate interest pursuant to Art. 6 Para. 1 lit. f. DSGVO).

Salesforce only uses the users' data for the technical processing of the enquiries and does not pass them on to third parties. To use Salesforce, at least a correct e-mail address is required. Pseudonymous use is possible. In the course of processing service requests, it may be necessary to collect further data (name, address, telephone number, etc.).

If users do not agree to data collection via and data storage in Salesforce's external system, we offer them alternative contact options for submitting service requests by e-mail, telephone, fax or post.

For more information, users should refer to Salesforce's privacy policy: https://www.salesforce.com/de/company/privacy/

LinkedIn

Our platform uses links from the social network LinkedIn, LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. If you visit a page that contains such a link, a direct connection is established between your browser and the LinkedIn servers. MoveAgain as provider has no knowledge of which information is transmitted to LinkedIn and its use by LinkedIn. You can find more information on this in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

Tableau

When you visit our Platform or use our products and services, this information is further processed in a business intelligence system operated by Tableau Software, LLC, The Oval, Shelbourne Road, Dublin 4, Ireland ("Tableau").

The categories of information collected on Tableau depend on your interactions with MoveAgain: Contact information, such as name, title, email address, physical address, phone number and similar contact information, usernames and passwords. Payment and financial information. Credit card number, bank information and billing address. Demographic information. Employment status, occupation, region. If you participate in a survey or enquiry, you will have the opportunity to provide additional information such as gender, origin, salary, age and other personal information. From the surveys, in turn, data such as inclinations and attributes that Tableau generates can help us further understand you and your preferences. In addition, information generated during the course of your transaction with MoveAgain, including account information, logins, passwords and purchase history is processed and analysed, including travel information, scheduling information, furniture selection or accessibility requirements, and usage and geographic data. Tableau collects information related to your use of our products, services and websites and the Platform.

In partnership with Tableau, MoveAgain analyses usage data so that we can improve our products and your experience with them. In certain cases, Tableau uses administrative tools that allow you to opt-out of the collection of certain usage data. Usage data includes online and technical information about your computer or mobile device's operating system and browser type; your device type; details about how you use our products (including natural language queries); your internet protocol (IP) address and geographic areas derived from your IP address; Network connection data; Tableau cookie information; file information; metadata; timestamped logs of access times and visit duration; the web pages you visited before coming to the Platform (referring URL); and other usage data relating to your activities on our Sites, including the pages you requested. We may link this data to the personal data we have collected about you and use it for the purposes described in this Privacy Policy, and we may send you targeted marketing and product information based on your usage data.

https://www.tableau.com/privacy

Trustpilot

We use the rating platform Trustpilot A/S, Pilestræde 58, DK-1112 Copenhagen, Denmark (www.trustpilot.de). Trustpilot is the responsible party in terms of data protection with regard to the data provided by customers on the Trustpilot website. The rating is published on Trustpilot's website and can also be displayed on our website in so-called widgets. Further details can be found in the data protection provisions (https://de.legal.trustpilot.com/end-user-privacy-terms) of Trustpilot and their GTC (https://de.legal.trustpilot.com/end-user-terms-and-conditions).

SMSup

We use SMSup as a service of SMSup Sàrl in Route du Coteau 33, 1752 Villars-sur-Glâne, which enables us to send automated SMS on an order-related basis from our system. SMSup does not receive any personal data from us (and does not keep any IP addresses). For further information, please refer to MailGun's privacy policy under the following link: https://smsup.ch/wp-content/uploads/doc/CGV/Conditions%20G%C3%A9n%C3%A9rales%20SMSup%20S%C3%A0rl%20-%20SEPTEMBRE%202018.pdf

MailGun

We use MailGun as a service provided by MailGun San Antonio HQ, 112 E Pecan St. #1135, San Antonio, TX 78205, USA, which allows us to send automated text messages on an order-by-order basis from our system. MailGun does not receive any personal data from us (and does not keep any IP addresses). For more information, please see MailGun's privacy policy at the following link: https://www.mailgun.com/privacy-policy/

Bexio

We use Bexio as a service of bexio AG, Alte Jonastrasse 24, 8640 Rapperswil, Switzerland, which enables us to send manual invoices, if required, on an order-by-order basis. Bexio does not receive any personal data from us (and does not keep any IP addresses). For more information, please see Bexio's privacy policy at the following link: https://www.bexio.com/de-CH/richtlinien/datenschutz