Data protection statement

goTom AG, Lessingstrasse 11, 8002 Zurich, Switzerland (hereinafter “goTom”), is the author of this data protection statement and the controller of your information (data) collected under this data protection statement.

The collection, processing and use of your personal data is at all times conducted in compliance with the applicable data protection regulations. They are never used for any other purposes than those set out in this data protection statement. The data protection statement can be accessed at any time at www.gotom.io/datenschutz. Below, we explain when and for purpose goTom collects, processes and uses what data.

By accepting this statement, you give your consent to goTom collecting, processing and using your personal data for the purposes specified in this statement. goTom will in this process be responsible for collecting, processing, passing on, storing and protecting your personal data and will ensure compliance with the Swiss Data Protection Act. This consent may be withdrawn at any time with effect for the future.

1. Scope of the collection of personal data

when visiting our website (without logging in)

When you visit our website outside the login-protected area, the web server and analytics technologies used by us automatically log technical visit information. This includes, among other things, the IP address of the device used (anonymised), information on the type of browser, on the internet service provider and on the operating system used.

when using the goTom software (with login)

When using the software provided by goTom within the login-protected area, additionally all data entered or submitted by the user during the login procedure and within the framework of using the software are also stored. This is the case, in particular, when a user account is created for you and your contact details are stored or when you enter into correspondence with our support team.

On the first login (account activation), you consent to the processing, use and passing on of your personal data within the framework and scope of this data protection statement.

2. Data security

We use technical and organisational security measures in accordance with recognised market standards in order to protect personal data stored with us against unintended, unlawful or unauthorised manipulation, deletion, modification, access, passing on or use and against partial or full loss. goTom uses the server infrastructure of DigitalOcean, Inc. (software), Amazon Web Services, Inc. (files), Exoscale (Akenes SA, backups) as well as Cyon GmbH (website). The servers are located in Germany or Switzerland in a multiple-certified and secured data centre. The connection to our servers is established using 256-bit SSL encryption. We perform regular backups of the customer data. To avoid data loss also in extreme cases (e.g. destruction of data centre by earthquake), the encrypted backups are stored in parallel in several data centres domestically and abroad. Our security measures are continuously being adjusted and improved in accordance with the technological development.

3. Purpose of the processing of personal data

We process the data collected in order to consistently improve the products and services requested by you, to manage your use and your requested access to our applications, products and information, to maintain our business relationship with you, to monitor and improve the performance of our range, to send you advertising, information or marketing material on products and services, of which we assume on the basis of the data that they may be of interest to you. Within the framework of the above purposes, the data may also be passed on to partner companies and service providers, selected, institutions and/or legally authorised state authorities domestically and abroad. If the processing or storage of personal information takes place in states that do not guarantee appropriate data protection compared to Swiss data protection legislation, we will nevertheless endeavour to ensure appropriate protection of your personal information.

4. Cookies

Cookies help to make your visit to our websites easier, more pleasant and more practical. Cookies are information files that your web browser stores automatically on the hard disk of your computer when you visit our website or use our offering.

You have the option of preventing cookies from being stored on your computer by making the appropriate browser settings or by making specific settings here.

5. Technical tools

The use of our digital offering is measured and analysed using various technical systems, largely from third-party providers. These measurements can be made both anonymously and on a personal basis. Below, we list all tools used by us.

Google Analytics

goTom uses Google Analytics, the web analysis service of Google Inc. (“Google”). Google Analytics uses so-called cookies, text files, that are stored on your computer and which enable analysing your use of the website. The information about your use of this website generated by the cookie (including your anonymised IP address) is transmitted to a Google server in the US and stored there. Google will use this information to analyse your use of the website, to compile reports on the website activities for the website operators and to provide further services associated with the website use and internet use. Google will also transfer this information to third parties if prescribed by law or if third parties process these data on behalf of Google. Google will not associate your IP address with other data of Google in any event. You can prevent the installation of cookies by making corresponding settings in your browser software; however, we point out that you may not be able to use all functions of goTom in full in this event. By using goTom, you consent to the processing of the data about you collected by Google in the above manner and for the above purpose. You may prevent the collection and storage of your data at any time with effect for the future by using a corresponding tool (https://tools.google.com/dlpage/gaoptout/). goTom also uses the Google Analytics reports on demographic features, in which data from interest-related advertising of Google and visitor data of third-party providers (e.g. age, gender and interests) are merged. These data cannot be traced back to a certain person and can be deactivated at any time via the display settings (http://www.google.de/ads/preferences). In light of the debate about analysis tools with full IP addresses, we wish to point out that in order to rule out any direct personal link, IP addressed are only processed on goTom in a shortened manner, as goTom uses Google Analytics with the _anonymizeIp() extension.

Heap Analytics

Heap Analytics, a service offered by Heap Analytics, Inc., logs page impressions and site activity. The information about your use of our website generated by the cookies is generally transmitted to a server of Heap Analytics in the US and stored there. In doing so, pseudonym usage profiles of the users can be created from the processed data. The IP address sent by your browser within the framework of Google Analytics is not merged with other data of Heap Analytics. You can find further information on the data protection provisions of Heap Analytics at the below link.

MailChimp

goTom uses the technical service provider MailChimp for sending email drives, in particular newsletters. MailChimp is an offering of the The Rocket Science Group, LLC, 512 Means Street, Suite 404 Atlanta, GA 30318, USA. MailChimp offers comprehensive analysis options on how the newsletters of goTom are opened and used. These analyses are group-related and not used by goTom for individual analysis. You can find further information on MailChimp here: mailchimp.com/legal/privacy/

Intercom

Within our software and website we use Intercom, a service provided by Intercom Inc. 55 2nd Street, 4th Floor, San Francisco, CA 94105. We transmit personal data such as email address and registration date for analysis purposes. Intercom analyses the use of our website and/or our product and follows the development of our customer relationship so that we can improve our service for you. We also use Intercom as a medium for communication, either by email or in the form of messages within our product/our products. The legal basis is Art. 6 para. 1 (1) f) GDPR. Intercom also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. For more information on Intercom’s privacy practices, please visit intercom.com/legal/privacy.

Datadog

The functions of the Datadog service are incorporated in our application. Datadog is a monitoring system (SAAS) of the US-based company Datadog, Inc., 620 8th Ave, 45th Floor, New York, NY 10018 USA. The system notifies our development team of potential mistakes in the application. To this end, log data are sent to Datadog, Inc. You can find further information on the collection and use of data by Datadog, Inc., at datadoghq.com/legal/privacy/.

Albacross

On the website, we use Albacross, a service provided by Albacross Nordic AB, Kungsgatan 26, 111 35, Stockholm, Sweden, to analyse your website access. With your consent, you agree to the processing of personal data in the name of Albacross Nordic AB (“Albacross”). Information from cookies that is stored in a device and deemed to be personal data is processed by Albacross. This includes information on the IP address from where you visited our website, as well as technical information that enables Albacross to distinguish between various visitors from the same IP address. Albacross saves the domain from the form entry in order to correlate the IP address with your employer. This process provides us with information on the employers of persons who have viewed our website. This supports us in generating new leads. Comprehensive information on the processing of personal information can be found in the full data protection statement of Albacross.

Sendgrid

We use Sendgrid, a service provided by Twilio Inc., a Delaware corporation, with a place of business at 101 Spear Street, 1st Floor, San Francisco, California, 94105, United States of America, to send emails from our application to recipients. For this purpose, we transmit the email address to the servers of Sendgrid. You can read the relevant Twilio Inc. privacy policy here.

6. Data of end customers

When using goTom, personal data of the end user’s employees are, of course, sent to goTom. goTom treats these data with due care and ensures their security in accordance with the standards in this data protection statement. The end customer gives its consent and releases goTom from any potential claims from employees of the end customer against goTom. The end customer also declares that it bears sole responsibility for the information of its employees regarding the potential data storage, use and processing by goTom in accordance with the policies of this data protection statement. If individual employees of the end customer do not consent to the intended data processing, the end customer shall be responsible for deleting the relevant data of its employees in its goTom application accordingly.

7. Interfaces

When using the optionally available interfaces of goTom or when connecting the proprietary instance to the software of a third-party provider (e.g. Adserver), data are exchanged between goTom and the third-party system. The data are exchanged within the framework of the tasks to be fulfilled. On using the interfaces, the customer gives its express consent to this data exchange in accordance with the provisions in this data protection statement.

8. Communication by email

You can unsubscribe from receiving electronic mailings at any time.

Last updated: May 2020