Privacy Policy

Which services we use

• Supabase
• Vercel

What data do we collect from you and from whom do we receive this data?

First and foremost, we process personal data that you send to us or that we collect when operating our website. We may also receive personal data about you from third parties. This may include the following categories:

• Personal master data (name, address, date of birth, etc.)
• Contact data (mobile phone number, email address, etc.)
• Financial data (e.g. account details); Online identifiers (e.g. cookie identifier, IP addresses)
• Location and traffic data; Sound and image recordings; Data that requires special protection (e.g. biometric data or information about your health).

Under what conditions do we process your data?

We treat your data confidentially and in accordance with the purposes set out in this privacy policy. We ensure that processing is transparent and proportionate.

If, in exceptional cases, we are unable to comply with these principles, the data processing may still be lawful because there is a justification. The following may be justifications:

Your consent; the execution of a contract or pre-contractual measures; our legitimate interests, provided that your interests do not outweigh them.

How can you revoke your consent?

If you have given us your consent to process your personal data for certain purposes, we will process your data within the scope of this consent unless we have another justification.

You can revoke your consent at any time by sending an email to the address provided in the imprint. This does not affect data processing that has already taken place.

In which cases can we pass your data on to third parties?

Principle

We may be dependent on using the services of third parties or affiliated companies and commissioning them to process your data (so-called processors). Categories of recipients are:

• Accounting, trust and auditing companies
• Consulting companies (legal advice, taxes, etc.)
• IT service providers (web hosting, support, cloud services, website design, etc.)
• Payment service providers
• Providers of tracking, conversion and advertising services

We ensure that these third parties and our affiliated companies comply with the data protection requirements and treat your personal data confidentially.

We may also be obliged to disclose your personal data to authorities.

Transfer abroad?

In certain circumstances, your personal data may be transferred to companies abroad as part of the order processing. These companies are obliged to protect data to the same extent as we are. The transfer can take place worldwide.

If the level of data protection does not correspond to that of Switzerland, we will carry out a prior risk assessment and contractually ensure that the same level of protection is guaranteed as in Switzerland (e.g. by means of the new standard contractual clauses of the EU Commission or other legally prescribed measures). If our risk assessment is negative, we will take additional technical measures to protect your data. You can access the standard contractual clauses of the EU Commission at the following link. https://commission.europa.eu/publications/standard-contractual-clauses-controllers-and-processors-eueea_de

How long do we keep your data?

We only keep personal data for as long as is necessary to fulfil the individual purposes for which the data was collected. Data that we save when you visit our website is kept for twelve months. An exception applies to analysis and tracking data, which can be kept for longer. We keep contract data for longer because we are required to do so by law. In particular, we must keep business communications, concluded contracts and booking documents for up to 10 years. If we no longer need such data from you to carry out the services, the data will be blocked and we will only use it for accounting and tax purposes.

How do we protect your data?

We will keep your data safe and take all reasonable measures to protect your data from loss, access, misuse or changes.

Our contractual partners and employees who have access to your data are obliged to comply with data protection regulations. In some cases it will be necessary for us to forward your inquiries to companies associated with us. Even in these cases, your data will be treated confidentially.

Within our website we use the SSL (Secure Socket Layer) process in conjunction with the highest level of encryption supported by your browser.

What rights do you have?

Right to information

You can request information about the data we have stored about you at any time. We ask you to send your request for information together with proof of identity.

You also have the right to receive your data in a common file format if we process your data automatically and if:

• You have given your consent for this data to be processed; or
• You have disclosed data in connection with the conclusion or execution of a contract.

We can restrict or refuse to provide information or data if this conflicts with our legal obligations, legitimate own or public interests or the interests of a third party.

The processing of your request is subject to the statutory processing period of 30 days. However, we may extend this period due to a high volume of requests, for legal or technical reasons or because we require more detailed information from you. You will be informed of the extension in good time, at least in text form.

Deletion and correction

You have the option of requesting the deletion or correction of your data at any time. We can reject the request if legal regulations require us to store the data for a longer period or without any changes, or if a permit conflicts with your request.

Please note that the exercise of your rights may conflict with contractual agreements and have corresponding effects on the performance of the contract (e.g. early termination of the contract or cost consequences).

Legal recourse

If you are affected by the processing of personal data, you have the right to enforce your rights in court or to file a report with the responsible supervisory authority. The responsible supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch

Changes to the data protection declaration

We can change this data protection declaration at any time. The changes will be published on www.questnest.vercel.app; you will not be informed separately.

Individual data processing operations

Providing the website and creating log files

What information do we receive and how do we use it? When you visit www.questnest.vercel.app, certain data is automatically stored on our servers or on servers of services and products that we purchase and/or have installed for the purposes of system administration, for statistical or backup purposes or for tracking purposes. This includes:

• the name of your Internet service provider;
• your IP address (where applicable);
• the version of your browser software;
• the operating system of the computer used to access the URL;
• the date and time of access;
• the website from which you visit the URL;
• the search terms you used to find the URL.
• Why are we allowed to process this data?

This data cannot be assigned to a specific person and this data is not merged with other data sources. The log files are stored to guarantee the functionality of the website and to ensure the security of our information technology systems. This is our legitimate interest.

How can you prevent data collection?

The data is only stored for as long as is necessary to achieve the purpose of its collection. Accordingly, the data is deleted at the end of each session. The storage of the log files is essential for the operation of the website, so you have no option to object to this.