Data privacy ecoo

If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization listed at the beginning of the data protection declaration.


Who are we

The app was developed by DU DA Data & Commtech by Farner and Papers AG with the support of Tezos Foundation. The customer (e.g. the municipal administration) acts as the exchange office (hereinafter Exchange).

This website and its content is operated by DU DA Data & Commtech by Farner (hereinafter DU DA).

DU DA – Data & CommTech by Farner: https://www.dudagroup.com

Papers AG: https://papers.ch

Farner Consulting AG: https://farner.ch

Tezos Foundation: https://tezos.foundation

The responsible body in the sense of the data protection laws is:

DU DA – Data & Commtech by Farner
Langstrasse 18
8004 Zurich
Switzerland
Tel.: +41 43 377 88 55
Email: hey@ecoo.ch


ecoo Mobile App

Terms of use

Copyright

The copyright for all contents of the app – unless otherwise indicated – is held by DU DA – Data & Commtech by Farner (DU DA) & Papers AG or a contractual partner of the same. It is prohibited to use the content (in particular images and graphics) and the concept without first obtaining the consent of DU DA.

Rights and obligations of users

To achieve the full functionality of the app, the input of personal data is required. This data is stored in and can be viewed by the exchange operator (e.g. city or event organizer).

Disclaimer

All texts and links have been carefully checked and are constantly updated. We endeavour to provide correct and complete information on the app, but do not accept any responsibility, guarantees or liability that the information provided by the ecoo app is correct, complete or up-to-date. Any liability for damages of any kind, which are in any way related to the access, use or query of the app or the information contained therein, is excluded. We reserve the right to change the information on this website and in the app at any time and without prior notice, and we do not undertake to update the information contained therein. All links to external providers have been checked for accuracy at the time of inclusion, however we are not liable for the content or availability of websites accessed via hyperlinks. Access to and use of such websites is at the user’s own risk. For illegal, incorrect or incomplete contents and in particular for damage, which develops from contents of linked sides, alone the offerer of the side, to which one referred, is responsible. It is irrelevant whether the damage is of a direct, indirect or financial nature or any other damage that could result from loss of data, loss of use or other reasons of any kind.

Severability

Should individual provisions of these terms of use be or become invalid, the remaining provisions shall remain unaffected in their content and validity and the invalid provision shall be replaced by a valid provision that comes as close as possible to the purpose of the invalid provision.

Applicable law, place of jurisdiction

These Terms of Use are governed exclusively by Swiss law. The exclusive place of jurisdiction is Zurich.

Why we collect what personal data

Login to the app is done with your AppleID or Google account. However, neither Apple nor Google have insight into the usage within the app.

The app needs access to the following functions:

  • Camera: to trigger payments via QR Code
  • Mobile data or WiFi: to transmit payment information during a transaction

The app can only be used with limited functionality without these permissions. Without camera access, payment details must be entered manually. Without internet connection, the other person involved in the transaction must have internet connection.

As is common with blockchain technology, transactions are stored on a Tezos blockchain for public viewing and are verified and settled according to smart contracts. Data that can be viewed in the chain: Public wallet address of the sender (e.g. tz1hkzS6pnfnHv9KzX1nbtqXVqUkzcem8FJs), Public wallet address of the receiver (e.g. tz1hkzS6pnfnHv9KzX1nbtqXVqUkzcem8FJs), Amount of the transaction.

Private individual

In order to receive a credit from the Exchange, the user submits personal data such as name, address, hometown, phone number and date of birth. These are encrypted for transit and stored in your database in the Google Cloud location Switzerland. The database is accessible to the administrators of the Exchange. Access to the database is secured with 2FA

The data entered will be used exclusively for the verification of the credit request or exchange authorization. It will not be used for any other purpose and will not be transmitted to third parties.

Store

In order to exchange purchased coins for fiat currency at the exchange, data such as company name, UID, address and telephone number must be provided. These are encrypted for transit and stored in your database in the Google Cloud (location Switzerland). The database is accessible for the administrators of the Exchange. Access to the database is secured with and is secured with 2FA.

The data entered will be used exclusively for the verification of the credit request or exchange authorization. They will not be used for any other purpose and will not be transmitted to third parties.

How long we store your data

The data collected in the context of the app usage will be deleted after the end of the campaign. Entries in the blockchain remain.

What rights you have to your data

You can request the deletion of all personal data that we have stored about you. This does not include data that we need to keep due to administrative, legal or security needs.

Where we send your data

The verification data is stored in the Google Cloud location Switzerland. Transactions are stored publicly on the Tezos Chain.

How we protect your data

SSL encryption

To protect the security of your data during transmission, we use the encryption method (e.g. SSL) via HTTPS, which corresponds to the current state of the art.

two-factor authentication

Access to the database is secured with 2FA.


Website

Terms of use

Copyright

The copyright for all contents of this website – unless otherwise indicated – is owned by DU DA – Data & Commtech by Farner (DU DA) or a contractual partner thereof. It is prohibited to use the contents (in particular pictures and graphics) without having obtained the prior consent of DU DA.

Disclaimer

All texts and links have been carefully checked and are constantly updated. We endeavour to provide correct and complete information on this website, but do not accept any responsibility, guarantees or liability that the information provided by this website is correct, complete or up-to-date. Any liability for damages of any kind in connection with the access, use or querying of the website or the information contained therein is excluded. We reserve the right to change the information on this website at any time and without prior notice and do not undertake to update the information contained therein. All links to external providers were checked for accuracy at the time of their inclusion, however, we are not liable for the content and availability of websites that can be reached via hyperlinks. Access to and use of such websites is at the user’s own risk. For illegal, incorrect or incomplete contents and in particular for damage, which develops from contents of linked sides, alone the offerer of the side, to which one referred, is responsible. It is irrelevant whether the damage is of a direct, indirect or financial nature or any other damage that could result from loss of data, loss of use or other reasons of any kind.

Severability

Should individual provisions of these terms of use be or become invalid, the remaining provisions shall remain unaffected in their content and validity and the invalid provision shall be replaced by a valid provision that comes as close as possible to the purpose of the invalid provision.

Applicable law, place of jurisdiction

These Terms of Use are governed exclusively by Swiss law. The exclusive place of jurisdiction is Zurich.

Privacy policy

1 Privacy

The protection of your privacy is important to DU DA – Data & Commtech by Farner (hereinafter referred to as DU DA). Please note the following data protection provisions.

2 Scope of application

DU DA collects, processes, stores and protects the data of individuals who access its website. This privacy policy applies to this website and all of its applications and features, such as chat, newsletters, events, etc..

3 Legal basis

The present data protection principles are based on the Swiss Data Protection Act (DSG) and, where applicable, the European Data Protection Regulation (DSGVO).

4 Name and address of the controller and its representative

The responsible person in the sense of the data protection laws is:

DU DA – Data & Commtech by Farner

Langstrasse 18

8004 Zurich

Switzerland

Tel.: +41 43 377 88 55

Email: info@dudagroup.com

Marc van Nuffel, Partner & CEO at DU DA

5 Use of information

The visit of the website of DU DA is possible without any indication of personal data. Impersonal usage data such as the IP address, the browser used, date, time, etc. are evaluated without drawing conclusions about your person.

Visitors to our website can also activate the “do not track” function on their browser so that only logging in as such is tracked.

Personal data is collected and processed strictly in accordance with the relevant laws and regulations and, as a matter of principle, only with your express consent.

6 Disclosure of personal data

We treat your personal data confidentially and only pass it on if you have expressly consented to this, if we are legally obliged or entitled to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. Furthermore, we pass on your personal data to third parties insofar as this is necessary or expedient in the context of the use of the website or for the possible provision of the services requested by you.

We disclose your personal data to the following categories of recipients:

  • Business partners
  • Service providers
  • Service provider
  • Authorities as far as this is required or necessary

In doing so, we naturally comply with the legal regulations on the transfer of personal data to third parties. If we involve third parties to provide our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of your personal data in accordance with the relevant legal regulations.

If the level of data protection in a country in which the data is processed does not comply with the applicable data protection regulations, we will ensure by contract that the protection of your personal data is at all times equivalent to that in Switzerland or the European Economic Area (EEA).

7 Contact options via the website

If you contact DU DA via our website, the personal data you provide will be stored automatically. Such data transmitted on a voluntary basis will be stored exclusively for the purpose of processing your request or contacting you. Our legitimate interest lies in the processing of your contact enquiries. This personal data will not be passed on to third parties.

You can object to this data processing at any time. Please send your objection to info@dudagroup.com. In this case, your data will be deleted and your request will not be processed further, unless there are legal obligations to retain data.

8 Routine deletion and locking of personal data

Unless expressly stated in this data protection declaration, DU DA processes and stores personal data of data subjects only for the period of time required to achieve the purpose of storage or if this has been provided for by legal requirements to which DU DA is subject.

If the purpose of storage ceases to apply or if any statutory storage period expires, the personal data will be routinely locked or deleted in accordance with the statutory provisions.

9 Legal basis of the processing

No data will be processed without a legal basis. As such serve:

  • the consent
  • the conclusion or performance of a contract or the request of data subjects in advance thereof (preliminary contract)
  • legal obligations
  • the protection of a legitimate interest of DU DA or a third party
  • vital interests, if any

10 Rights of the data subjects

  1. a) Right of access

Any person concerned by the processing of personal data has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed and to obtain, free of charge, access to such data, as well as further information and a copy of the data, in accordance with the law.

  1. b) Right of rectification

Any person concerned by the processing of personal data has the right to obtain the immediate rectification of inaccurate personal data and/or the completion of incomplete personal data.

  1. c) Right to deletion (Right to be forgotten)

Any person affected by the processing of personal data has the right, in accordance with the law, to request that personal data concerning him or her be deleted without delay.

  1. d) Right to restrict processing

Any person affected by the processing of personal data has the right, in accordance with the law, to request the restriction of processing.

  1. f) Right to data portability

Any person concerned by the processing of personal data has the right to obtain the personal data concerning him or her, which have been provided by the data subject to DU DA, in a structured, commonly used and machine-readable format, in accordance with the law, or to request that they be transferred to another controller.

  1. e) Right to object

Any person concerned by the processing of personal data has the right to object at any time to the processing of personal data concerning him or her. This also applies to profiling based on these provisions.

DU DA shall no longer process the personal data in the event of the objection, unless compelling legitimate grounds for the processing can be demonstrated which override the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims.

  1. f) Automated decisions in individual cases, including profiling

Any person affected by the processing of personal data shall have the right, in accordance with the law, not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning him or her or similarly significantly affects him or her.

  1. g) Right to revoke consent under data protection law

Every person affected by the processing of personal data has the right to revoke consent to the processing of personal data at any time with effect for the future. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

  1. h) Right to complain to a supervisory authority

Depending on the applicable data protection legislation, the person concerned by the processing of personal data may have the right to lodge a complaint with a competent data protection authority.

Please note that exceptions apply to these rights. In particular, DU DA may need to process and store personal data of data subjects in order to perform a contract with you, to protect its own legitimate interests such as the assertion, exercise or defence of legal claims, or to comply with legal obligations. To the extent permitted by law, DU DA may therefore also refuse your data protection-related requests or only comply with them to a limited extent.

For questions in connection with the data protection practiced by DU DA and for information regarding the rights of the data subjects as well as for the assertion thereof, the data subject may contact DU DA at any time using the contact details provided at the beginning of this data protection declaration. If necessary, DU DA reserves the right to request the identification of the data subjects in an appropriate manner for the processing of requests.

11 Links to other websites

The DU DA website links to other websites which are not operated by DU DA and to which this data protection declaration does not apply. After clicking on the link, DU DA no longer has any influence on the processing of any data transmitted to third parties (such as the IP address), as the behaviour of third parties is naturally beyond our control. Therefore DU DA cannot take over any guarantee for these foreign contents. The respective provider or operator of the websites is always responsible for the content of the linked sites.

The linked sites were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. A permanent control and examination of the linked pages without concrete evidence of a violation of the law is not reasonable. If we become aware of any infringements, such links will be removed immediately.

12 Cookies

This website uses cookies. Cookies are small text files that are stored permanently or temporarily when you visit this website. The purpose of the cookies is in particular the analysis of the use of this website for statistical evaluation as well as for continuous improvements.

In the settings of your browser, you can disable cookies in whole or in part at any time. If cookies are deactivated, you may no longer be able to use all the functions of this website.

12.1 What are cookies?

Cookies are small files that are stored on your data carrier and that store certain settings and data for exchange with our system via your browser.

Basically, we distinguish between 2 different types of cookies, so-called session cookies, which are deleted as soon as you close your browser, and temporary/permanent cookies, which are stored on your data carrier for a longer period of time or indefinitely. This storage helps us to design our websites and our offers for you accordingly and makes it easier for you to use them, for example by storing certain entries you make so that you do not have to keep repeating them.

12.2 Which cookies does DU DA use?

Most of the cookies we use are automatically deleted from your hard drive at the end of the browser session (end of session) (therefore also session cookies). In addition, we also use cookies that remain on your hard drive. During a further visit, it is then automatically recognised that you have already been with us and which inputs and settings you prefer.

These temporary or permanent cookies (lifetime 1 month to 10 years) are stored on your hard drive and delete themselves after the specified time. These cookies in particular serve to make our offer more user-friendly, effective and secure. Thanks to these files, it is possible, for example, for you to receive information on the site that is specifically tailored to your interests.

The exclusive purpose of these cookies is to adapt our offer to your customer wishes in the best possible way and to make surfing with us as comfortable as possible for you.

12.3 What data is stored in the cookies?

Only pseudonymous data is stored in the cookies used by DU DA. When the cookie is activated, it is assigned an identification number and an assignment of your personal data to this identification number is not made. Your name, your IP address or similar data that would enable the cookie to be assigned to you are not stored in the cookie. On the basis of the cookie technology, we only receive pseudonymised information, for example, about which pages of our website were visited, which services, articles or cases were viewed, etc. This information is not passed on to third parties.

12.4 What is Onsite Targeting?

On the DU DA website, data is collected on the basis of cookie technology to optimise our advertising and the entire online offer. This data is not used to identify you personally, but is used solely for a pseudonymous evaluation of the use of the homepage. At no time will your data be merged with personal data stored by us.

This technology allows us to present you with advertisements and/or special offers and services whose content is based on information obtained in connection with clickstream analysis (for example, advertisements that are targeted to the fact that content on topics such as digital marketing or media relations has been viewed exclusively in the last few days).

Our aim is to make our online offer as attractive as possible for you and to present you with advertising that corresponds to your areas of interest.

12.5 Are there also cookies from third party providers? (so-called third party cookies)?

DU DA uses some advertising partners who help to make the internet offer and our website more interesting for you. Therefore, cookies from partner companies are also stored on your hard drive when you visit the website. These are temporary/permanent cookies that are automatically deleted after the specified time. These temporary or permanent cookies (lifetime 14 days to 10 years) are stored on your hard drive and delete themselves after the specified time.

The cookies of our partner companies also contain only pseudonymous, usually even anonymous data. This is, for example, data about which products you have viewed, whether something was purchased, which products were searched for, etc.. Some of our advertising partners also collect information beyond the web pages about which pages you have previously visited or which products you were interested in, for example, in order to be able to show you advertising that best matches your interests.

These pseudonymous data are at no time merged with your personal data. Their sole purpose is to enable our advertising partners to address you with advertising that might actually interest you.

12.6 How can you prevent cookies from being stored?

In your browser you can set that a storage of cookies is only accepted if you agree to this. If you only want to accept the DU DA cookies but not the cookies of our service providers and partners, you can select the setting in your browser “Block third-party cookies”.

You will usually be shown how to reject new cookies and turn off those you have already received via the help function in the menu bar of your web browser. Alternatively, you can visit the website https://www.aboutcookies.org. There you will find step-by-step instructions on how to control and delete cookies in most browsers.

We recommend that if you use shared computers that are set to accept cookies and Flash cookies, you always log out completely when you are finished.

13 Log files

With each access to the pages of DU DA, usage data is transmitted by the respective internet browser and stored in log files, the so-called server log files. The data records stored contain the following data: Date and time of access, name of the page accessed, IP address, referrer URL (origin URL from which you came to the web pages), the amount of data transferred, as well as product and version information of the browser used.

The IP addresses of the users are deleted or anonymized after termination of use. In the case of anonymisation, the IP addresses are changed in such a way that the individual details about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person, or only with a disproportionate amount of time, cost and effort.

We evaluate these log file data records in anonymous form in order to further improve our offer and make it more user-friendly, to find and correct errors more quickly and to control server capacities. For example, we can determine at what times the DU DA website is particularly popular and provide the corresponding data volume to ensure that you can shop as quickly as possible. In addition, by analysing the log files, we can also identify and rectify any errors on the DU DA website more quickly. Our legitimate interest in data processing also lies in these purposes.

14 Web analysis

This website uses various services for website analysis and tracking, which we explain in more detail below. In addition, we will show you how you can prevent these services from evaluating your usage behaviour on our website. If we ask for your consent to use the third-party services, the legal basis for this form of data processing is your consent. If we do not obtain your consent, your personal data will be processed on the basis of our legitimate interests (i.e. for optimisation and marketing purposes and the interest-based design of our website).

14.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you are a resident of the European Economic Area (EEA) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics uses “cookies”. The information collected by the cookie about the use of our website (including your IP address) may be transmitted to and stored by Google on servers in the United States.

We only use Google Analytics with IP anonymization enabled. This means that your IP address is shortened by Google within Switzerland or the EU/EEA.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website.

You can also prevent data collection and processing by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. An opt-out cookie will be set, which prevents the future collection of your data when visiting our website.

Google is certified under the Swiss-U.S. and EU-U.S. Privacy Shield agreements and thereby offers a guarantee of compliance with Swiss and European data protection law respectively. Further information in this context can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

You can find more information on Google Analytics and data protection at www.google.com/analytics/terms/de.html or at https://policies.google.com/privacy.


Amendments

We may amend this privacy policy at any time without prior notice. The current version published on our website applies.

Zurich, 17.08.2020