Privacy Policy
Last updated: September 25, 2024
Imprint
Bont Software GmbH
Monbijoustrasse 24
3011 Bern
Switzerland
Commercial register entry
CH-036.4.098.587-9
Commercial Register Office: Bern
Value added tax number: CHE-256.599.544 MWST
Data Policy
I. General information
1. Contact
Bont Software GmbH (hereinafter referred to as 'we' or 'us') is responsible for data processing. If you have any questions or suggestions regarding this information or would like to contact us to assert your rights, please send your request to
Bont Software GmbH
Monbijoustrasse 24
3011 Bern
Switzerland
E-mail: privacy@bont.ai
2. Legal basis
The data protection term 'personal data' refers to all information relating to an identified or identifiable person.
We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the FADP. Data processing by us only takes place on the basis of legal permission. We only process personal data with your consent (Art. 6 (1) (a) GDPR), to fulfill a contract to which you are a party or at your request to carry out pre-contractual measures (Art. 6 (1) (b) GDPR), to fulfill a legal obligation (Art. 6 (1) (c) GDPR) or to fulfill a legal obligation (Art. 6(1) (f) GDPR). (c) GDPR) or if the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 (1)(f) GDPR).
3. Duration of storage
Unless otherwise stated in the following information, we only store the data for as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax regulations.
4. Recipients of the data
We use contracted service providers for individual processing operations. This includes, for example, hosting, maintenance and support of IT systems, marketing measures or file and data carrier destruction. These service providers only process the data in accordance with explicit instructions and are contractually obliged to guarantee suitable technical and organizational measures for data protection. In addition, we may transfer personal data of our customers to bodies such as postal and delivery services, house banks, tax consultants/auditors or the tax authorities.
5. Processing when exercising your rights
If you exercise your rights in accordance with Art. 12 to 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide proof of this. We will only process data stored for the purpose of providing information and its preparation for this purpose and for the purposes of data protection monitoring and otherwise restrict processing in accordance with Art. 18 GDPR. This processing is based on the legal basis of Art. 6 para. 1lit. c) GDPR in conjunction with. Art. 15 to 22 GDPR and Art. 23 to 25, and 27 to 28 FDAP.
6. Your rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
In accordance with Art. 15 GDPR and Art. 25 FDAP, you have the right to request information as to whether or not we process personal data relating to you and, if so, to what extent.
You have the right to request that we rectify your data in accordance with Art. 16 GDPR.
You have the right to demand that we erase your personal data in accordance with Art. 17 GDPR and Art. 25 para. 2 FDAP.
You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
If you have given us separate consent to data processing, you can revoke this consent at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.
If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
7. Right to object
In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 (2) and (3) GDPR.
8. Children's Privacy
We do not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If we become aware that we have collected Personal Data from anyone under the age of 18 without verification of parental consent, we take steps to remove that information from our servers.
9. Personnel
If you are a Bont worker or applicant, we collect information you voluntarily provide to us. We use the information collected for Human Resources purposes in order to administer benefits to workers and screen applicants.
You may contact us in order to (1) update or correct your information, (2) change your preferences with respect to communications and other information you receive from us, or (3) receive a record of the information we have relating to you. Such updates, corrections, changes and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Privacy Policy prior to such update, correction, change or deletion.
10. Sale of Business
We reserve the right to transfer information to a third party in the event of a sale, merger or other transfer of all or substantially all of the assets of Bont, or that portion of Bont to which the Service relates, or in the event that we discontinue our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding, provided that the third party agrees to adhere to the terms of this Privacy Policy.
II. Data processing on our website
When you use the website, we collect information that you provide yourself. In addition, certain information about your use of the website is automatically collected by us during your visit to the website. Under data protection law, the IP address is also considered personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.
1. Processing of server log files
When using our website for purely informational purposes, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). By default, this includes: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 letter f) GDPR. This processing serves the technical administration and security of the website. The stored data will be deleted after seven days unless there is a justified suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason. We are not in a position to identify you as a data subject on the basis of the stored information. Art. 15 to 22 GDPR therefore do not apply in accordance with Art. 11 para. 2 GDPR, unless you provide additional information that enables you to be identified in order to exercise your rights set out in these articles.
2. Cookies
We use cookies and similar technologies ('cookies') on our website. Cookies are small data sets that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete cookies at any time in the security settings of your browser. You can object to the use of cookies through your browser settings in principle or for certain cases. The use of cookies is technically necessary for the operation of our website and is therefore permitted without the user's consent.
3. Usage Analytics
We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/.
We use HubSpot to report on and manage website activity. This service uses cookies for tracking activity across our site. You can view the privacy policy of this service provider at: https://legal.hubspot.com/privacy-policy.
III. Data processing on our social media pages
We are represented on social media platforms with a company page. In this way, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms
LinkedIn of LinkedIn Ireland Unlimited Company, (Ireland, EU), hereinafter 'LinkedIn';
When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also includes messages and statements made using the profile. In addition, certain information is often automatically collected during your visit to a social media profile, which may also constitute personal data.
1. Visiting a social media page
When you visit our social media page, which we use to present our company or individual products from our range, certain information about you is processed. The operators of the social media platforms are solely responsible for this processing of personal data. Further information on the processing of personal data can be found in their privacy policies, which we link to below:
LinkedIn (https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer- privacy-policy)
The operators of the social media platforms collect and process event data and profile data and provide us with anonymized statistics and insights for our pages, which help us to gain knowledge about the types of actions that people take on our site (so-called 'page insights'). These Page Insights are created on the basis of certain information about people who have visited our site. This processing of personal data is carried out by the social media operators and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these findings. The legal basis for this processing is Article 6(1)(f) GDPR.
We cannot assign the information obtained via Page Insights to individual user profiles that interact with our pages. We have entered into agreements with the operators of the social media platforms on processing as joint controllers, in which the distribution of data protection obligations between us and the operators is defined. Details on the processing of personal data for the creation of Page Insights and the agreement concluded between us and the operators can be found at the following links
You also have the option of asserting your rights against the operators.
You can find further information on this under the following links
We have agreed with LinkedIn that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.
2. Communication via social media sites
We also process information that you have provided to us via our company page on the respective social media platform. Such information may include the username used, contact details or a message to us. This processing is carried out by us as the sole controller. We process this data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for data processing is Art. 6 (1) (f) GDPR. Further data processing may take place if you have given your consent (Art. 6 (1) (a) GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 (1) (c) GDPR).
IV. Application data processing
1. Contractual relationship
The processing of the personal master data, contract data and payment data provided to us is regularly required to establish or execute the contractual relationship with our customers. The legal basis for this processing is Art. 6 (1) (b) GDPR. We also process customer and prospective customer data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 para. 1 letter f) GDPR and serves our interest in further developing our services and informing you specifically about offers from Bont. Further data processing may take place if you have given your consent (Art. 6 para. 1 letter a) GDPR) or if this serves to fulfill a legal obligation (Art. 6 para. 1 letter c) GDPR).
2. Payment processing with Stripe
If you make a payment in our app, payment by credit card is possible. The provider of this payment service is Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Stripe collects data such as name and address as well as bank details such as payment method, credit card number, account numbers and contract amount. In addition, Stripe uses cookies to carry out the payment process and to ensure the security of the payment process.
We have entered into a data processing agreement with Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland in accordance with Art. 28 GDPR. You can find the agreement here: https://support.stripe.com/questions/accept-and-downloadyour-data-processing-agreement-(dpa)-with-stripe.
We would like to point out that when using Stripe, user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Stripe has implemented the standard contractual clause for data transfer in its contracts, see https://support.stripe.com/questions/does-stripe-offer-new-standard-contractualclauses-(sccs).
For a detailed description of the respective forms of processing carried out by Stripe and the possibilities of objection, please refer to the data protection declarations and information provided by Stripe at https://stripe.com/ch/privacy.
The legal basis for the transfer of data is Art. 6 para. 1 sentence 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing and only to the extent that it is necessary for this purpose.
3. Application Usage Analytics
We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our application through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
We use Mixpanel to help analyze how our customers use the application. Mixpanel uses cookies to collect standard Internet log information and visitor behavior information. The information generated by the cookie about your use of the website is transmitted to Mixpanel. This information is then used to compile statistical reports on website activity for us. Mixpanel will not share any personally identifiable information or associate your information with any other data held by Mixpanel through their other clients. For more information, please visit: https://mixpanel.com/legal/privacy-policy/.
4. Google Workspaces Information
Contents of emails and calendar invites from that you choose to share from Google Workspaces through Bont (“Email Content Data”), which we analyze on your behalf solely to provide you services. Bont does not use and will never use this data for marketing or advertising purposes. Contents of your emails will be stored in order to provide recommendation services.
Google Workspace APIs are not used to develop, improve, or train generalized/non-personalized AI and/or ML models.
The use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
5. Other Information
Other information not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
V. California Online Privacy Protection Act (CalOPPA)
1. Rights Under CalOPPA
CalOPPA requires us to disclose categories of Personal Information we collect and how we use it, the categories of sources from whom we collect Personal Information, and the third parties with whom we share it, which we have explained above.
CalOPPA users have the following rights:
Right to Know and Access. You may submit a verifiable request for information regarding the: (1) categories of Personal Information we collect, use, or share; (2) purposes for which categories of Personal Information are collected or used by us; (3) categories of sources from which we collect Personal Information; and (4) specific pieces of Personal Information we have collected about you.
Right to Equal Service. We will not discriminate against you if you exercise your privacy rights.
Right to Delete. You may submit a verifiable request to close your account and we will delete Personal Information about you that we have collected.
Right to request that a business that sells a consumer's personal data, not sell the consumer's personal data.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at privacy@bont.ai
We do not sell the Personal Information of our users.
For more information about these rights, please contact us at privacy@bont.ai