Data protection statement

goTom AG, Letzigraben 165, 8047 Zurich, Switzerland (hereinafter “goTom”), is the author of this data protection statement and the controller of your information (data) collected under this data protection statement.

The collection, processing and use of your personal data is at all times conducted in compliance with the applicable data protection regulations. They are never used for any other purposes than those set out in this data protection statement. The data protection statement can be accessed at any time at www.gotom.io/datenschutz. Below, we explain when and for purpose goTom collects, processes and uses what data.

By accepting this statement, you give your consent to goTom collecting, processing and using your personal data for the purposes specified in this statement. goTom will in this process be responsible for collecting, processing, passing on, storing and protecting your personal data and will ensure compliance with the Swiss Data Protection Act. This consent may be withdrawn at any time with effect for the future.

  1. Scope of the collection of personal data

when visiting our website (without logging in)

When you visit our website outside the login-protected area, the web server and analytics technologies used by us automatically log technical visit information. This includes, among other things, the IP address of the device used (anonymised), information on the type of browser, on the internet service provider and on the operating system used.

when using the goTom software (with login)

When using the software provided by goTom within the login-protected area, additionally all data entered or submitted by the user during the login procedure and within the framework of using the software are also stored. This is the case, in particular, when a user account is created for you and your contact details are stored or when you enter into correspondence with our support team.

On the first login (account activation), you consent to the processing, use and passing on of your personal data within the framework and scope of this data protection statement.

  1. Data security

We use technical and organisational security measures in accordance with recognised market standards in order to protect personal data stored with us against unintended, unlawful or unauthorised manipulation, deletion, modification, access, passing on or use and against partial or full loss. goTom uses the server infrastructure of DigitalOcean, Inc. (software), Amazon Web Services, Inc. (files) as well as Cyon GmbH (website). The servers are located in Germany or Switzerland in a multiple-certified and secured data centre. The connection to our servers is established using 256-bit SSL encryption. We perform regular backups of the customer data. To avoid data loss also in extreme cases (e.g. destruction of data centre by earthquake), the encrypted backups are stored in parallel in several data centres domestically and abroad. Our security measures are continuously being adjusted and improved in accordance with the technological development.

  1. Purpose of the processing of personal data

We process the data collected in order to consistently improve the products and services requested by you, to manage your use and your requested access to our applications, products and information, to maintain our business relationship with you, to monitor and improve the performance of our range, to send you advertising, information or marketing material on products and services, of which we assume on the basis of the data that they may be of interest to you. Within the framework of the above purposes, the data may also be passed on to partner companies and service providers, selected, institutions and/or legally authorised state authorities domestically and abroad. If the processing or storage of personal information takes place in states that do not guarantee appropriate data protection compared to Swiss data protection legislation, we will nevertheless endeavour to ensure appropriate protection of your personal information.

  1. Cookies

Cookies help to make your visit to our websites easier, more pleasant and more practical. Cookies are information files that your web browser stores automatically on the hard disk of your computer when you visit our website or use our offering.

You can independently manage your security settings in your browser and thereby block or deactivate cookies used by us, which may, however, result in certain goTom services no longer being (fully) available.

  1. Technical tools

The use of our digital offering is measured and analysed using various technical systems, largely from third-party providers. These measurements can be made both anonymously and on a personal basis. Below, we list all tools used by us.

Google Analytics

goTom uses Google Analytics, the web analysis service of Google Inc. (“Google”). Google Analytics uses so-called cookies, text files, that are stored on your computer and which enable analysing your use of the website. The information about your use of this website generated by the cookie (including your anonymised IP address) is transmitted to a Google server in the US and stored there. Google will use this information to analyse your use of the website, to compile reports on the website activities for the website operators and to provide further services associated with the website use and internet use. Google will also transfer this information to third parties if prescribed by law or if third parties process these data on behalf of Google. Google will not associate your IP address with other data of Google in any event. You can prevent the installation of cookies by making corresponding settings in your browser software; however, we point out that you may not be able to use all functions of goTom in full in this event. By using goTom, you consent to the processing of the data about you collected by Google in the above manner and for the above purpose. You may prevent the collection and storage of your data at any time with effect for the future by using a corresponding tool (https://tools.google.com/dlpage/gaoptout/). goTom also uses the Google Analytics reports on demographic features, in which data from interest-related advertising of Google and visitor data of third-party providers (e.g. age, gender and interests) are merged. These data cannot be traced back to a certain person and can be deactivated at any time via the display settings (http://www.google.de/ads/preferences). In light of the debate about analysis tools with full IP addresses, we wish to point out that in order to rule out any direct personal link, IP addressed are only processed on goTom in a shortened manner, as goTom uses Google Analytics with the _anonymizeIp() extension.

Heap Analytics

Heap Analytics, a service offered by Heap Analytics, Inc., logs page impressions and site activity. The information about your use of our website generated by the cookies is generally transmitted to a server of Heap Analytics in the US and stored there. In doing so, pseudonym usage profiles of the users can be created from the processed data. The IP address sent by your browser within the framework of Google Analytics is not merged with other data of Heap Analytics. You can find further information on the data protection provisions of Heap Analytics at the below link.

MailChimp

goTom uses the technical service provider MailChimp for sending email drives, in particular newsletters. MailChimp is an offering of the The Rocket Science Group, LLC, 512 Means Street, Suite 404 Atlanta, GA 30318, USA. MailChimp offers comprehensive analysis options on how the newsletters of goTom are opened and used. These analyses are group-related and not used by goTom for individual analysis. You can find further information on MailChimp here: mailchimp.com/legal/privacy/

Elev.io

Within our software, we use Elevio, a service provided by Elevio Pty. Ltd. Suite 4 / 38 Down Street Collingwood, Victoria 3066 Australia. It is used to offer you support services. Any personal data provided by you when using the service are used exclusively to provide you with the service along with its functions. This includes the following data types, depending on the function of the service partly as mandatory information and partly as voluntary details:

  • Email address

Mandatory information and voluntary details are treated equally by us.

If personal data are collected, processed or used by us via this service as an exception, the legal basis will be Article 6(1)(f) GDPR as of 25.05.2018. Our legitimate interest required for this lies in the major benefit that the above functions have for our offering and the increase in support quality, which is also in the interest of the user. At the same time, we will do everything necessary to minimise the interference with your rights inasmuch possible. In this process, we will not store your data any longer than technically required for the above procedure.

You can find further information in the data protection provisions of the provider: elev.io/privacy

Groove

The functions of the Groove service are incorporated in our software. Groove is a ticket system (SAAS) of the US company Groove Networks,  LLC. 300 Delaware Ave Ste 210-ADE 19801. The data that you send by email to support or via the service form are transferred to Groove Networks, LLC. If you do not want them to be transmitted, please do not send any emails to support and do not fill in the service firm. You can find further information on the collection and use of data by Groove Networks, LLC. at groovehq.com/our/privacy.

Datadog

The functions of the Datadog service are incorporated in our application. Datadog is a monitoring system (SAAS) of the US-based company Datadog, Inc., 620 8th Ave, 45th Floor, New York, NY 10018 USA. The system notifies our development team of potential mistakes in the application. To this end, log data are sent to Datadog, Inc. You can find further information on the collection and use of data by Datadog, Inc., at datadoghq.com/legal/privacy/.

Albacross

On the website, we use Albacross, a service provided by Albacross Nordic AB, Kungsgatan 26, 111 35, Stockholm, Sweden, to analyse your website access. With your consent, you agree to the processing of personal data in the name of Albacross Nordic AB (“Albacross”). Information from cookies that is stored in a device and deemed to be personal data is processed by Albacross. This includes information on the IP address from where you visited our website, as well as technical information that enables Albacross to distinguish between various visitors from the same IP address. Albacross saves the domain from the form entry in order to correlate the IP address with your employer. This process provides us with information on the employers of persons who have viewed our website. This supports us in generating new leads. Comprehensive information on the processing of personal information can be found in the full data protection statement of Albacross.

  1. Data of end customers

When using goTom, personal data of the end user’s employees are, of course, sent to goTom. goTom treats these data with due care and ensures their security in accordance with the standards in this data protection statement. The end customer gives its consent and releases goTom from any potential claims from employees of the end customer against goTom. The end customer also declares that it bears sole responsibility for the information of its employees regarding the potential data storage, use and processing by goTom in accordance with the policies of this data protection statement. If individual employees of the end customer do not consent to the intended data processing, the end customer shall be responsible for deleting the relevant data of its employees in its goTom application accordingly.

  1. Interfaces

When using the optionally available interfaces of goTom or when connecting the proprietary instance to the software of a third-party provider (e.g. Adserver), data are exchanged between goTom and the third-party system. The data are exchanged within the framework of the tasks to be fulfilled. On using the interfaces, the customer gives its express consent to this data exchange in accordance with the provisions in this data protection statement.

  1. Communication by email

You can unsubscribe from receiving electronic mailings at any time.

Last updated: May 2018