Privacy Policy

1. Principle and scope of application

This Privacy Policy applies to the processing of personal data in relation to visits to the websites at Volalti.ch. In order for you to use our websites and the associated online services or online applications (collectively referred to as “Services”), we process your personal data (hereinafter also referred to as “Data”). Please note that this privacy policy does not apply to websites of other providers to which our website may link.

This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation (“GDPR”) and the Swiss Data Protection Act (“DSG”). However, whether and to what extent these laws apply depends on the specific case.

Personal data refers to information relating to an identified or identifiable natural person. Certain categories of particularly sensitive personal data, such as health data, are subject to special legal protections. The term “processing” encompasses all operations related to your data, including collection, storage, use, disclosure, archiving, or deletion. When processing data, we comply with the Federal Act on Data Protection (FADP), the corresponding Implementing Ordinance (FADPO), and other applicable data protection laws (e.g., the European General Data Protection Regulation, GDPR), to the extent that they are applicable.

In the following, we would like to explain what data we collect, for what purpose we use it, and what rights you have regarding your data. If you provide us with data about third parties, we assume that you are authorized to do so and that the data provided is accurate. We therefore ask you to inform the third parties concerned about our processing of their data and to provide them with a copy of this privacy notice or the relevant product information. Should we notify you of an updated version of these documents, we ask that you also share these new versions.

2. Responsible entities and contact information

Volalti AG is responsible for the processing of data described in this Privacy Policy. If you have any questions or concerns regarding the processing of your data or your data protection rights in relation to us, please contact:

Quizea SA
Via Luciano Zuccoli 19
CH-6900 Paradiso
Switzerland
amendolagine@quizea.com

3. Collection and Processing of Personal Data

We attach great importance to the protection of your personal data. When you use our website and services, we primarily process the data necessary for such use, which you provide to us, as well as information collected directly by us (see below).

Where permitted, we obtain personal data not only from you but also from publicly available sources (e.g. debt collection registers, land registers, commercial registers, the media or the internet) as well as from public authorities and other third parties (e.g. credit reference agencies or address brokers).

This includes, in particular, details from public registers, information relating to administrative or legal proceedings, details of professional roles and activities, the content of correspondence and meetings with third parties, creditworthiness information, as well as data provided to us by individuals in your circle (e.g. advisers, legal representatives or employers) in connection with the initiation or execution of contracts.

In addition, data from media and the internet, address and socio-demographic data (e.g. for marketing purposes) as well as technical data relating to the use of our website (e.g. IP address, device information, cookies, date and time of access, content accessed) may be processed.

We will only store and process further personal data if you provide it to us when using our services and tools (e.g. the contact form). Further information regarding data protection for specific tools can be found further down in this privacy policy, where applicable.

3.1 Contact form

When you contact us via the contact form, we collect your contact details in order to process your enquiry and respond to any follow-up questions. This data is transmitted in encrypted form.

If you have provided us with your email address or contacted us directly by email, we may also send you information by email relating to the processing of your enquiries and questions.

The legal basis for processing your data is our legitimate interest in being able to process your online enquiry efficiently and effectively. If the purpose of the email contact is to conclude a contract, the data processing is based on the initiation of this contractual relationship.

4. Purpose

We process your data exclusively for the purposes we informed you of when collecting your data, as well as for other purposes compatible with these objectives. Further information on the legal basis for our data processing can be found further down in this privacy policy.

We process your data for various purposes relating to our communication with you. This includes, in particular, responding to enquiries, enabling you to exercise your rights, and contacting you in the event of queries. In doing so, we primarily use communication data and master data, as well as registration data relating to the offers and services you use. This data may be stored for documentation purposes, training, quality assurance and follow-up enquiries.

Furthermore, we process data for marketing purposes and to maintain customer relationships. We may send general or personalised information about our services to our users, for example in the form of occasional communications via email, post or telephone, as well as through other channels for which we hold your contact details. You have the option at any time to opt out of such communications or to refuse or withdraw your consent to be contacted for marketing purposes. With your consent, we can tailor our online offering more effectively to the needs of our users.

We may also use your data for market research, to improve our online offering and our services, and, where appropriate, for product development.

Finally, we may also store and process your data on our website for security reasons and for access control purposes.

5. Website usage

5.1 Cookies

We typically use ‘cookies’ and similar technologies on our website to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you are using when you visit our website. This allows us to recognise you when you visit this website again, even if we do not know who you are. In addition to cookies that are only used during a session and deleted after your visit to the website (‘session cookies’), cookies may also be used to store user settings and other information for a specific period (e.g. two years) (‘persistent cookies’). However, you can set your browser to reject cookies, store them only for a single session, or delete them early. Most browsers are set by default to accept cookies. We use persistent cookies to save your user settings (e.g. language) so that we can better understand how you use our services and content. If you block cookies, certain features (such as language selection, shopping basket, and ordering processes) may no longer work.

By using our websites, you consent to the use of these technologies. If you do not wish to do so, you must adjust your browser settings accordingly.

5.2 Third-party services

We use services provided by specialist third-party providers to ensure that our website and our activities and operations are secure, reliable and user-friendly. Such services enable us, for example, to integrate features or content into our website.
‍
When using these services, it may be technically necessary for the providers to collect certain data, at least temporarily, in particular the IP addresses of users.
‍
Third-party providers may also process data relating to the use of their services for security, statistical or technical purposes. This may also take place in aggregated, anonymised or pseudonymised form, for example to provide, analyse and improve the respective services.

5.3 Google services in particular

We may use web analytics services such as Google Analytics or similar services on our websites. These are third-party services that enable us to analyse and evaluate the use of our website.

In the case of Google Analytics, this is a service provided by Google Ireland Limited (Ireland). Google Ireland relies on Google LLC (USA) as its data processor. The providers may, in principle, be located in any country. Permanent cookies are used for web analytics, which are set by the respective service provider. These enable your browser to be recognised when you visit our website, thereby allowing us to compile statistical analyses of how our website is used.

We have configured the service so that IP addresses of visitors within Europe are truncated before any potential transfer to the USA takes place. This generally reduces the possibility of direct personal identification. We have also disabled the ‘Data Sharing’ and ‘Google Signals’ functions. Nevertheless, it cannot be ruled out that the provider may draw conclusions about individual persons from the data collected, create personal profiles or link the data to existing user accounts, particularly if you are registered with the respective provider.

6. Data sharing and data transfers abroad

In the scope of our business activities and for the purposes set out in section 4, we may also disclose personal data to third parties, where permitted and appropriate. This applies in particular to the following categories of recipients:

• Service providers and contractors (e.g. IT providers) as well as other companies within our group
• Banks, insurance companies and other business partners
• Retailers, suppliers and subcontractors
• Customers
• local and foreign authorities, government departments or courts
• The media and the public (e.g. via websites or social media)
• Industry organisations, associations and other organisations
• Purchasers or parties interested in acquiring business units or companies
• Parties to potential or actual legal proceedings

These recipients may be located both in Switzerland and abroad. Data may be transferred in particular to countries where our group companies are represented, as well as to other European countries or to the USA, where service providers engaged by us are located (e.g. providers of IT or cloud services).
‍
If a recipient is located in a country without adequate legal data protection, we ensure an appropriate level of data protection through suitable contractual safeguards (in particular through the European Commission’s standard contractual clauses). This is subject to statutory exceptions, such as in the case of legal proceedings abroad, where there are overriding public interests, where the data transfer is necessary for the performance of a contract, where you have given your consent, or where the data has been made publicly available by you and you have not objected to its processing.

7. Data storage

We process and store your personal data for as long as is necessary to fulfil our contractual and legal obligations, as well as for the purposes for which the data is processed. This includes, in particular, the duration of the entire business relationship, i.e. from the initial contact through to the execution and termination of a contract.

In addition, personal data may continue to be stored in accordance with statutory retention and documentation requirements. Data may also be retained for a longer period where this is necessary for the assertion, exercise or defence of legal claims, or where legitimate business interests so require (e.g. for evidential or documentation purposes).

As soon as your personal data is no longer required for the aforementioned purposes, it will, where possible, be deleted or anonymised.

8. Data security

We implement various technical and organisational security measures to ensure the protection of your data within our system. Nevertheless, we would like to point out that, despite these measures, there remains a risk of data loss, unauthorised access to, or manipulation of data by third parties. Please also note that certain network segments and your computer lie outside our controllable security perimeter. As a user, you are responsible for informing yourself about the necessary security precautions and for taking the necessary measures within your sphere of influence. We accept no liability whatsoever for any damage you may incur as a result of data loss or manipulation.

8.1 SSL

Due to the technical structure of the internet as an open network, the secure transmission of your data cannot be guaranteed in all cases. If you send us your personal data, you do so at your own risk.

To ensure the protection of the data you transmit, we use encryption mechanisms in accordance with current security standards (Transport Layer Security, TLS). TLS is a protocol for secure data transmission over the internet and is supported by most browsers. It uses the public-key method, whereby data is encrypted using a publicly available key and can only be decrypted using a specific private key. Most browsers indicate whether a connection is secure by displaying a key symbol or a padlock.

9. Obligation to provide personal data

As part of our business relationship, you must provide the personal data necessary for establishing and conducting a business relationship and for fulfilling the associated contractual obligations (you are not generally under a legal obligation to provide us with data). Without this data, we will generally not be able to enter into a contract with you (or the body or person you represent) or to fulfil it. Furthermore, the website cannot be used if certain details required to ensure data transmission (such as your IP address) are not disclosed.