We appreciate your interest in our company. Data protection holds a particularly high priority for the management at Youplus Holding AG. The Youplus Holding AG website can be used without the need to enter any personal data. However, personal data processing could become necessary if a data subject wishes to use our enterprise’s special services via the website. We generally obtain the data subject’s consent if personal data processing becomes necessary and there is no legal basis for such processing.
The processing of personal data, such as a data subject’s name, address, e-mail address or telephone number will always comply with the country-specific data protection regulations applicable to Youplus Holding AG. The purpose of this data protection declaration is to allow our company to inform the public about the nature, scope and purpose of the personal data that we collect, use and process. Furthermore, this data protection declaration also informs the data subjects of their rights.
Youplus Holding AG has implemented numerous technical and organisational measures in its capacity as the data administrator to ensure the most complete possible protection of any personal data processed through this website. Nevertheless, internet-based data transmissions are always subject to potential security gaps, which means that absolute protection cannot be guaranteed. For this reason, each data subject is free to submit their personal data to us by alternative means, for example by telephone.
The website of Youplus Holding AG may also contain links to other websites. Those other websites are not controlled by Youplus Holding AG. Visiting these websites are therefore at your own risk. Youplus Holding AG cannot accept any responsibility or liability for said other websites, including their content or their privacy practices.
The data protection declaration of Youplus Holding AG is based on the terms utilised by the European directive and ordinance authority in the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. We would, therefore, like to explain the used terms in order to ensure this.
The following are several of the terms we have used in this privacy policy:
(a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereafter simply referred to as a "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by referencing an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the said natural person.
(b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the administrator.
c) Processing
Processing involves any operation or set of operations performed using personal data, both automatically and manually, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or other provision of access, comparison or combination, restriction, erasure or destruction.
(d) Restricted processing
The restriction of processing involves marking any stored personal data with the aim of limiting its future processing.
e) Profiling
Profiling involves any form of automated personal data processing that involves the use of said personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict any aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location. Youplus Holding AG does not engage in profiling.
(f) Administrator or Entity Responsible for the Processing
The administrator or entity responsible for the processing refers to a natural person, legal entity, public authority, agency or other body that, either alone or jointly with others, determines the purpose and means of the personal data processing. In cases where the purposes and means of processing are determined by Union or member state law, the administrator or the specific criteria for designating the administrator may be specified under said Union or member state law.
g) Processor
A processor is a natural person, legal entity, public authority, agency or other body that processes the personal data on behalf of the administrator.
h) Recipient
A recipient is a natural person, legal entity, public authority, agency or other body to whom the personal data is disclosed regardless of whether or not this involves a third party. However, authorities that may receive any personal data within the context of a specific investigation mandate under Union or member state law will not be considered recipients.
i) Third party
A third party is a natural person, legal entity, public authority, agency or body other than the data subject, the administrator, the processor or the entities authorised to process the personal data under the direct responsibility of the administrator or the processor.
j) Consent
Consent means any specific and informed indication of the data subject's wishes freely given in the form of a statement or any other unambiguous affirmative act by means of which the data subject has signified his or her agreement with the processing of any personal data relating to him or her.
The responsible party under the General Data Protection Regulation, the other data protection laws applicable in the member states of the European Union and any other provisions of a data protection nature is:
Youplus Holding AG
Churerstrasse 25,
8808 Pfäffikon, Switzerland
Swiss website: www.youplus.com
The administrator’s data protection officer is:
Tomas Bielik
Email: datenschutz@youplus.li
Website: www.youplus.com
All data subjects may directly contact our data protection officer at any time with any questions or suggestions regarding data protection.
The Youplus Holding AG website uses cookies. Cookies are text files that are stored on a computer system by an internet browser.
Many websites and servers use cookies. Most cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that can be used to assign web pages and servers to the specific internet browser in which the cookie was stored. This enables visited websites and servers to distinguish between the data subject’s individual browser and other internet browsers that contain different cookies. A specific internet browser can be recognised and identified using the unique cookie ID.
By using cookies, the Youplus Holding AG can provide visitors to its website with more user-friendly services that would otherwise be unavailable.
Cookies enable the information and offers on our website to be optimised in line with user interests. As already mentioned, cookies enable us to recognise our website’s users. The purpose of this recognition is to make it easier for the users to use our website. For example, a website user who uses cookies does not have to re-enter their access data each time they visit the website, because this is performed by the website and the cookie stored in the user's computer system. The data subject can adjust the cookies used by our website at any time by changing the settings in their internet browser and thus permanently rejecting the use of cookies. Furthermore, cookies that have already been established can be deleted at any time using the internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the use of cookies in their internet browser, some functions of our website may not be fully accessible.
The Youplus Holding AG website collects a range of general data and information whenever a data subject or automated system accesses the website. This general data and information is stored in the server's log files. The following data may be collected: (1) the browser types and versions being used, (2) the operating system used by the accessing system, (3) the website from which a system has accessed our website (the so-called referrer), (4) the sub-websites accessed via an accessing system on our website, (5) the date and time of access to the website, (6) the Internet Protocol address (IP address), (7) the accessing system’s internet service provider and (8) any other similar data and information that serves to prevent any danger in the event of an attack on our information technology systems.
Youplus Holding AG does not draw any conclusions about the data subject when using this general data and information. Rather, this information is required in order to (1) accurately deliver the contents of our website, (2) optimise the contents of our website as well as the advertising for it, (3) ensure the permanent functionality of our information technology systems and our website’s technology as well as (4) to provide law enforcement authorities with the necessary information for prosecution in the event of a cyber attack. Youplus Holding AG therefore analyses the anonymously collected data and information for statistical purposes on the one hand and on the other hand for the purpose of increasing our enterprise’s data protection and security with the aim of ensuring an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from any personal data provided by a data subject.
The Youplus Holding AG website contains the legally required information that enables quick electronic contact with our company, as well as direct communication with us, including a general electronic mail (e-mail) address. The personal data transmitted by the data subject is automatically stored whenever a data subject contacts the administrator by e-mail or using a contact form. Such personal data voluntarily provided to the administrator by a data subject will be stored for the purposes of processing or contacting the data subject. This personal data will not be shared with any third parties.
The administrator will only process and store the data subject’s personal data for the period necessary to achieve the purpose of storage or provided for in any laws or regulations issued by the European directive and regulation authority or any other legislator to which the administrator is subject.
If the storage purpose no longer applies or a storage period prescribed by the European directive and regulation authority or any other competent legislator has expired, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
a) The Right to Confirmation
The GDPR provides every data subject with the right to obtain confirmation from the administrator as to whether their personal data is being processed. If a data subject wishes to exercise this right of confirmation, they may contact any of the administrator’s employees at any time.
b) The Right to Information
The GDPR provides any person affected by personal data processing with the right to obtain information about the stored personal data pertaining to their person and to receive a copy of said personal data from the administrator at any time and free of charge, Furthermore, the GDPR likewise grants the data subject access to the following information:
Furthermore, the data subject has the right to be informed as to whether their personal data has been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information on the appropriate safeguards used in connection with the transfer.
The data subject may contact any of the administrator’s employees at any time if they wish to exercise this right of access.
c) The Right of Rectification
The GDPR provides any person affected by the processing of personal data with the right to request the immediate rectification of any inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of any incomplete personal data, including by means of a supplementary declaration, while taking into account the purposes of the processing.
The data subject may contact any of the administrator’s employees at any time if they wish to exercise this right of rectification.
d) The Right to Deletion (The Right to Be Forgotten)
The GDPR provides any person affected by personal data processing with the right to have the administrator delete any personal data concerning them without delay, provided one of the following grounds applies and insofar as the processing is not necessary:
If one of the aforementioned reasons applies and a data subject wishes their personal data stored by the Youplus Holding AG to be deleted, they may contact any of the administrator’s employees at any time. A Youplus Holding AG employee will arrange for the deletion request to be implemented immediately.
If the personal data has been made public by Youplus Holding AG and our company is obliged in its capacity as the administrator to delete the personal data pursuant to Art. 17(1) of the GDPR, Youplus Holding AG will implement all reasonable measures, including technical measures, while taking into account the available technology and the cost of said measures, in order to inform the other data administrators processing the published personal data as to the fact that the data subject has requested said other data administrators to delete all links to or copies or replications of the personal data, unless the processing remains necessary. A Youplus Holding AG employee will arrange for the necessary action to be taken in individual cases.
e) The Right to Restrict Processing
The GDPR provides any person affected by personal data processing with the right to require the administrator to restrict the processing, provided one of the following conditions has been met:
The data subject may contact any of the administrator’s employees at any time if one of the
aforementioned conditions has been met and the data subject wishes to request that the processing of their personal data stored by the Youplus Holding AG be restricted. A Youplus Holding AG employee will arrange for the processing to be restricted.
f) The Right to Data Portability
The GDPR provides any person affected by personal data processing with the right to receive the personal data about their person, which the data subject has provided to the administrator, in a structured, commonly used and machine-readable format.
They also have the right to transfer any such data to another administrator without hindrance from the administrator to whom the personal data has been provided, provided the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or when exercising any official authority vested in the administrator.
Furthermore, when exercising said right to data portability pursuant to Article 20(1) of the GDPR, the data subject also has the right to have the personal data transferred directly from one administrator to another at the extent that it is technically feasible to do so and provided that this does not adversely affect the rights and freedoms of any other individuals.
A data subject may contact any employee of the Youplus Holding AG at any time in order to exercise their right to data portability.
g) The Right to Object
The GDPR provides any person affected by personal data processing with the right to object to their personal data being processed on the basis of Article 6(1)(e) or (f) of the GDPR on grounds relating to their particular situation and to do so at any time. This also applies to any profiling based on these provisions.
In the event of an objection, Youplus Holding AG will no longer process the personal data, unless it can demonstrate compelling, legitimate grounds to do so that override the interests, rights and freedoms of the data subject or apply to the assertion, exercising or defence of any legal claims.
If Youplus Holding AG processes any personal data for the purposes of direct marketing, the data subject will have the right to object to the processing of personal data for said marketing purposes at any time. This also applies to profiling, insofar as it is connected with said direct advertising. If the data subject objects to Youplus Holding AG with regard to any processing undertaken for direct marketing purposes, Youplus Holding AG will cease processing the personal data in question for these purposes.
In addition, the data subject also has the right to object to any processing of their personal data performed by Youplus Holding AG for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the General Data Protection Regulation on grounds relating to the data subject’s particular situation, unless said processing is necessary for the performance of a task performed for reasons that are in the public interest.
The data subject may directly contact any employee of Youplus Holding AG in order to exercise their right to object. The data subject is also free to exercise said right to object in relation to the use of any information society services provided by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
h) Automated Decisions in Individual Cases Including Profiling
The GDPR provides any person affected by personal data processing with the right to not be subject to a decision based solely on any automated processing, including profiling, which produces legal effects concerning the data subject or similarly affects them in a significant manner, provided the decision (1) is not necessary for entering into or fulfilling a contract between the data subject and the administrator or (2) has been authorised by Union or member state law to which the administrator is subject, whereby said law sets out appropriate measures to safeguard the data subject's rights, freedoms and legitimate interests, or (3) has been reached with the data subject's explicit consent. If the decision (1) is necessary for entering into or fulfilling a contract concluded between the data subject and the data administrator or (2) has been reached with the data subject's explicit consent, Youplus Holding AG will implement suitable measures to safeguard the data subject's rights, freedoms and legitimate interests, which at least include the right have the administrator secure the data subject's involvement, to express their point of view and contest the decision.
The data subject may contact any of the administrator’s employees at any time if they wish to exercise their rights concerning automated decisions.
i) The Right to Revoke Consent Under Data Protection Law
The GDPR provides any person affected by personal data processing with the right to withdraw their consent for the processing of their personal data at any time.
The data subject may contact any of the administrator’s employees at any time if they wish to exercise their right to withdraw consent.
The administrator collects and processes applicants’ personal data for the purpose of completing the application procedure. The processing may also be carried out electronically. This is particularly the case if an applicant sends the relevant application documents to the administrator electronically, for example by e-mail or using a web form on the website. If the data administrator concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the administrator does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after the notification of the rejection decision, unless otherwise justified by the administrator. Other legitimate interests in this sense include, for example, the duty to provide evidence in any proceedings under the General Equal Treatment Act (AGG).
Art. 6 I(a) of the GDPR constitutes our company’s legal basis for the processing operations in which we obtain consent for each specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or considerations, the processing is based on Article 6 I(b) of the GDPR. The same applies to any processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services. If our company is subject to a legal obligation involving the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I(c) of the GDPR. In rare cases, the processing of personal data might become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and their name, age, health insurance details or other vital information then needed to be passed on to a doctor, hospital or other third party as a result. In such a case, the processing would be based on Art. 6 I(d) of the GDPR. Finally, processing operations can also be based on Art. 6 I(f) of the GDPR. Any processing operations not covered on the aforementioned legal grounds are based on this if the processing is necessary to protect a legitimate interest of our company or that of a third party, provided the interests, fundamental rights and freedoms of the data subject are not overridden. We are especially permitted to carry out such processing operations, because they have been specifically mentioned by the European legislator. In this respect, he have taken the view that a legitimate interest could be assumed if the data subject is a customer of the administrator (recital 47, the second sentence of the GDPR).
In those cases where the processing of personal data is based on Article 6 I(f) of the GDPR, our legitimate interest includes the conduct of our business for the benefit of the welfare of all our employees and our shareholders.
The criterion for the duration of the storage of personal data is the respective statutory retention period. Once the deadline has expired, the corresponding data is routinely deleted if it is no longer required to fulfil or initiate a contract.
We wish to inform you that the provision of personal data is partly required by law (e.g. the tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). It may be necessary for a data subject to provide us with personal data in order to conclude a contract and we will subsequently process it. For example, data subjects are obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract could not be concluded with the data subject. A data subject must contact one of our employees before providing any personal data. Our employees will inform the data subject on a case-by-case basis as to whether the provision of any personal data is required by law or contractually or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal
data would be.
As a responsible company, we do not use automatic decision-making or profiling.
The business activities of Youplus Holding AG are subject to constant change, which is why this data protection declaration is adapted from time to time. In such cases, Youplus Holding AG will publish an updated privacy policy with the new version date at the bottom line. By continuing to use the websites, Youplus Holding AG will assume that you have accepted this updated version. This data protection declaration has been created by the data protection declaration generator of DGD Deutsche Gesellschaft für Datenschutz GmbH and the law firm WILDE BEUGER SOLMECKE | Rechtsanwälte.