Terms of use

Last updated on 10/22/2020

The capzlog.aero Ltd. (hereinafter the "Provider"), registered in Switzerland, enables pilots and other interested persons (hereinafter jointly the "Users") to use capzlog.aero in the form of apps and online services as well as other offers, in particular to keep a flight log or flight books in digital form (hereinafter "capzlog.aero").

These terms of use regulate the rights and obligations of the Provider as well as the Users of capzlog.aero. Supplementary or further conditions may exist for individual offers and for individual or additional functions and services.

Information on the processing of personal data as well as on the rights of persons whose data are processed in connection with capzlog.aero can be found in the Privacy Policy.

1. Use

1.1 The Provider makes capzlog.aero available until further notice. The use of capzlog.aero is restricted to natural persons who are of unrestricted capacity to act and of full age or who act with the consent of such persons, as well as to legal entities. Users agree to use capzlog.aero exclusively in accordance with the terms of use and in compliance with the law.

1.2 The Provider provides information about the range of functions and services offered in a suitable form. The use of capzlog.aero is generally subject to a fee and is granted through subscriptions with certain periods of validity. The Provider informs about fees and terms in a suitable form. The Provider may adjust the scope of functions and services at any time or discontinue the operation of capzlog.aero. The Provider may stipulate that current or otherwise defined versions of apps, operating systems, browsers and other software must be used for access to capzlog.aero. The updating of such software lies in the responsibility of the Users.

1.3 The Provider may provide for different categories of Users, in particular depending on the functions and services used or on any financial or other contributions provided by public authorities and companies (hereinafter the "Contributions"). The Provider may exchange the necessary user data with such authorities and companies in order to verify the entitlement to usage of individual functions and services and to Contributions or to enable billing.

1.4 For payments by means of third party services such as credit card providers, PayPal or TWINT the respective General Terms and Conditions (GTC) and other provisions of the respective third party services apply.

1.5 The Provider grants a right of withdrawal for at least 14 days for functions and services subject to a charge. Users who wish to exercise their right of withdrawal must notify the Provider and provide a reason for the withdrawal. The right of withdrawal can only be claimed once per User for each function or service.

1.6 Fees are due immediately and in advance, unless a payment deadline is granted. Users are automatically and without reminder in payment delay if payment is not made on time. Fees already paid will not be refunded and fees already owed remain due in any case. In case of payment delay, the Provider may deny access to capzlog.aero. The offsetting of claims against the Provider by Users is not allowed.

1.7 The Provider may inform and contact Users by letter post, email, instant messaging, SMS and other communication channels with notifications and messages in connection with capzlog.aero. Users may dissent from the receipt of such notifications and messages at any time ("opt-out"). This does not apply to notifications and messages that are necessary for the use of capzlog.aero.

1.8 The Provider may have capzlog.aero operated in whole or in part by or together with third parties as well as by or together with affiliated companies, in particular the parent company, sister companies and subsidiaries. The Provider may transfer rights and obligations in connection with capzlog.aero to such third parties and companies. Such third parties and companies may be located outside of Switzerland.

2. Licence

2.1 The Provider grants Users a non-exclusive, non-transferable, non-assignable, limited licence for the use of capzlog.aero in the form of executable apps (installed software) or online services (Software as a Service, SaaS). The licence is limited to the purpose or purposes according to the scope of functions and services. The licence is limited to the country or countries where capzlog.aero is offered. All rights to capzlog.aero remain property of the Provider.

2.2 The Provider can withdraw this licence permanently or temporarily at any time in case of violation of these terms of use or in case of illegal use of capzlog.aero as well as in case of suspicion thereof.

3. Registration

3.1 The Provider generally provides for a mandatory registration for the use of capzlog.aero or for the use of individual functions and services. The Provider may use registration services of third parties exclusively or in addition. The Provider may refuse the registration at any time - also subsequently - and without giving reasons.

3.2 Registered Users are responsible for all activities in connection with capzlog.aero that take place under their User account. This responsibility also extends to other Users and their User accounts that an individual User creates or manages for other Users, for example User accounts for employees of a company or for members of an organization.

3.3 The Provider shall inform Users in a suitable form about the data required for the use of capzlog.aero. Registration with false, fictitious or misleading data is prohibited. The Provider may verify data provided by Users - also retrospectively - or have it verified by third parties.

3.4 Registered Users are obliged to keep their access data for capzlog.aero confidential and to use it exclusively for their own purposes. Automated access to capzlog.aero, especially with bots, scripts or similar means, is prohibited. The Provider may provide interfaces for accessing capzlog.aero, for example an Application Programming Interface (API).

3.5 The Provider may at any time permanently or temporarily deny access to capzlog.aero in case of a violation of these Terms of Use or in case of illegal use of capzlog.aero as well as in case of suspicion thereof. The Provider may issue a warning to affected Users at its own discretion, but is not obliged to do so. If access is denied in accordance with this provision, there shall be no claim to the reimbursement of fees paid or to the deferment of fees owed.

4. User Data

4.1 Data of Users remains within the legal sphere of the Users, even if it is processed by the Provider within capzlog.aero. Users expressly agree that the Provider may process their data for the purpose or purposes according to the scope of functions and services in connection with capzlog.aero. The Users are responsible for data backup, even if the Provider endeavours to back up Users' data on a regular basis.

4.2 The Provider may process the data of Users in aggregated, anonymized or pseudonymized form for its own security related, statistical and technical purposes, as long as such processing is necessary for such purposes. The Provider may use such aggregated, anonymized or pseudonymized data for statistics that are published and made available to Users and third parties.

4.3 The data of active Users is stored permanently. Users are no longer considered active if they have their User account deleted. Users can have their data deleted at any time in accordance with the applicable data protection law.

4.4 Users who process the personal data of other Users and other affected persons within the framework of capzlog.aero guarantee by themselves that such processing is only carried out in compliance with the law. This includes in particular the data of the persons concerned and the obtaining of any necessary consent for the processing of personal data.

5. Warranty and Liability

5.1 The Provider operates capzlog.aero professionally and carefully. Nevertheless, capzlog.aero may be temporarily unavailable in part or in whole, especially for technical reasons or due to maintenance work. The Provider informs in advance about planned maintenance windows in a suitable way. The Provider strives for the highest possible availability. However, the Provider does not assume any warranty for functions and services, for the availability of capzlog.aero as well as for provided data of third parties such as airports, aircraft, pilot licences and applicable law. Users are at all times and to the fullest extent responsible for whether, and if so, under what conditions and to what extent they are allowed to engage in flying or other activities.

5.2 The Provider is only liable for direct damages caused by her own grossly negligent or intentional actions. Liability is limited to the amount of fees paid by a User for the use of capzlog.aero in the twelve months prior to a damaging event. Any further liability of the Provider for direct damages, in particular in case of slight and medium negligence, for any errors in apps, online services and other offers as well as for entries made by Users, is explicitly and completely excluded. Any liability of the Provider for indirect damages and consequential damages caused by defects, for claims of any third parties as well as for loss of profit is expressly and completely excluded. Any liability for auxiliary persons is excluded.

5.3 Furthermore, the Provider shall not be liable if the obligations arising from these Terms of Use are only partially or not completely fulfilled due to force majeure. Force majeure includes in particular fires and lightning strikes, floods and other natural disasters, magnetic storms, unforeseen weather conditions, strikes, assassinations and explosions, riots, wars and civil unrest, epidemics and pandemics, nuclear accidents, the restriction or interruption of power supply and telecommunication services, IT security incidents as well as officially ordered prohibitions. The COVID-19 pandemic is considered force majeure within the scope of this provision.

5.4 Users are expressly and fully liable to the Provider and any third parties for all direct and indirect costs as well as for damages resulting from violations of these terms of use or from the use of capzlog.aero in a way that does not comply with the law. This liability applies regardless of fault and also includes indemnity for claims of other Users and possible third parties. Users concerned shall indemnify the Provider from all claims of other Users and third parties and undertake to bear all costs - including legal fees and court costs - as well as direct and indirect damages of the Provider in this context.

5.5 The limitation of liability under these Terms of Use applies regardless of the legal grounds. The right of further reaching mandatory liability, in particular for grossly negligent or intentional acts and in accordance with the applicable data protection law remains reserved.

6. Final provisions

6.1 The Provider can adapt these terms of use at any time and without giving reasons. Users will be informed in an appropriate form of any significant changes to these Terms of Use.

6.2 Should any provision of these Terms of Use prove to be unenforceable, invalid or ineffective, the enforceability, validity and effectiveness of the remaining provisions shall not be affected thereby. In this case, the parties undertake to replace the unfulfillable, invalid or ineffective provision with a fulfillable, valid or effective provision that comes closest to the original intention of the parties in terms of content and economic effect. This severability clause does not apply to Users who are consumers.

6.3 Swiss law applies exclusively to these Terms of Use. The provisions which law applies in the event of a conflict between Swiss and foreign law are not applicable. The exclusive place of performance is the registered office of the Provider. The exclusive place of jurisdiction is at the registered office of the Provider. The Provider is entitled to file a suit at the domicile or residence of Users. The United Nations Convention on Contracts for the International Sale of Goods shall not apply. This clause does not apply to Users who are consumers.

The version of this document in German is authoritative. Versions in other languages have been produced by machine.

Data protection declaration

This data protection declaration provides information about how, where and why we process what personal data in connection with capzlog.aero. In addition to this, the data protection declaration provides information about the rights of individuals whose data we process.

Special, supplementary or further data protection declarations and other legal documents such as General Terms and Conditions of Business (GTCB), terms of usage or conditions of participation may apply for individual or additional offerings and services.

Our offering is subject to Swiss data protection law and to any applicable foreign data protection law such as, in particular, the laws of the European Union (EU) including the General Data Protection Regulation (GDPR). The European Commission recognises that Swiss data protection law ensures an adequate level of data protection.

1. Contact addresses

Responsible for processing of personal data:

capzlog.aero Ltd.
c/o Uraster GmbH
Luegislandstrasse 31
8051 Zurich
Switzerland

To the contact form

Should, in individual cases, other entities be responsible for processing of personal data, then we will draw attention to this.

Data protection representation in the European Economic Area (EEA)

As per Art. 27 GDPR we have the following data protection representation in the European Economic Area (EEA), comprising the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway, as an additional point of contact for supervisory authorities and data subjects making enquiries relating to the General Data Protection Regulation (GDPR):

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Deutschland

To the contact form

2. Processing of personal data

2.1 Definitions

Personal data means all information relating to an identified or identifiable natural person. A data subject is a natural person whose personal data is processed.

Processing means any handling of personal data, independent of the means and procedures which are used and, in particular, the storage, disclosure, acquisition, collection, erasure, saving, alteration, destruction and use of personal data.

The European Economic Area (EEA) comprises the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) defines the processing of personal data as the processing of personal data relating to a specific natural person.

2.2 Legal bases

We process personal data in compliance with Swiss data protection law such as, in particular, the Federal Act on Data Protection (DSG) and the Ordinance to the Federal Act on Data Protection (VDSG). We generally store personal data only in Switzerland.

If and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data according to at least one of the following legal bases:

• Art. 6 Para. 1 (b) GDPR where processing of personal data is necessary to perform a contract with the data subject and to take steps prior to entering into a contract.
• Art. 6 Para. 1 (f) GDPR where processing of personal data is necessary to safeguard our or third-party legitimate interests insofar as these interests are not overridden by the fundamental rights and freedoms of the data subject. Legitimate interests are, in particular, our interest in providing our offering in the long term and in a manner which is user-friendly, secure and reliable as well as to advertise this offering if required; information security and protection against misuse and unauthorised use; exercising of our own legal claims; and compliance with Swiss law.
• Art. 6 Para. 1 (c) GDPR where processing of personal data is necessary to comply with a legal obligation to which we are subject as per any applicable law of member states of the European Economic Area (EEA).
• Art. 6 Para. 1 (e) GDPR where processing of personal data is necessary to perform a task carried out in the public interest.
• Art. 6 Para. 1 (a) GDPR to process personal data given with the data subject’s consent.
• Art. 6 Para. 1 (d) GDPR where processing of personal data is necessary to protect the vital interests of the data subject or of another natural person.

2.3 Type, extent and purpose

We process personal data which is necessary to provide our offering in the long term and in a manner which is user-friendly, secure and reliable. Such personal data can fall into the following categories: master and contact data, browser and device data, pilot logbook data, medical data, content data, licence data, meta- respectively peripheral data and usage data, location data or sales, contractual and payment data.

We process personal data for the period which is required for the relevant purpose or purposes or which is required by law. Personal data which must no longer be processed is anonymised or erased. Data subjects whose data we process in general have a right to erasure.

As a matter of principle we only process personal data after obtaining the data subject’s consent unless processing is permissible for other legal reasons, such as to perform a contract with the data subject and to take steps prior to entering into a contract; in response to justified requests from competent authorities such as in particular the Federal Office of Civil Aviation (FOCA) and the Swiss Transportation Safety Investigation Board (STSB); to safeguard our overriding legitimate interests; because processing is evident from the circumstances; or based on prior information.

Within this framework we process in particular the information which the data subject transmits to us voluntarily and themselves when establishing contact with us – for example by letter, email, contact form, social media or telephone – or when registering for a user account. We may, for example, store such information in an address book, a customer relationship management system (CRM system) or using comparable aids. Insofar as the data subject transmits personal data to us via third parties, they are obliged to ensure data protection vis-à-vis such third parties and to ensure the correctness of such personal data.

In addition to this, we process personal data which we receive from third parties; acquire from publicly accessible sources; or collect when providing our offering, if and insofar as such processing is legally permissible.

Personal data originating from job applications is only processed insofar as it is required to assess suitability for an employment relationship or for subsequent performance of an employment contract. The personal data which is required to carry out an application process arises from the information which is requested and/or provided, for example within the scope of a job description. Candidates have the option of transmitting further voluntary information for their corresponding job application.

2.4 Processing of personal data by third parties, also abroad

We can have personal data processed by contracted third parties or process it together with third parties or with the help of third parties as well as transmit this data to third parties. Such third parties are, in particular, providers whose services we use. Should we use such third parties, then we will ensure an adequate level of data protection.

Such third parties are, as a matter of principle, located in Switzerland and the European Economic Area (EEA). Such third parties may, however, also be located in other states and territories around the world or elsewhere in the universe insofar as their data protection law is, according to the adequacy decision of the Swiss Federal Data Protection and Information Commissioner (EDÖB) and – if and insofar as the General Data Protection Regulation (GDPR) is applicable – according to the adequacy decision of the European Commission, applicable and ensures adequate data protection or if, for other reasons, such as a corresponding contractual agreement, in particular based on standard contractual clauses, or corresponding certification, adequate data protection is ensured. In exceptional cases, such a third party may be located in a country without adequate data protection insofar as the data protection law-related prerequisites, such as the data subject’s explicit consent, are fulfilled.

3. Data subject rights

3.1 Data protection claims

We grant data subjects all rights under applicable data protection law. In particular, data subjects have the following rights:

• Information: Data subjects can request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection rights and to ensure transparency. This includes the personal data processed as such, but also, among other things, information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries and the origin of the personal data.
• Correction and limitation: Data subjects can have inaccurate personal data corrected, incomplete data completed and the processing of their data restricted.
• Deletion and objection: Data subjects can have personal data deleted ("right to be forgotten") and object to the processing of their data with effect for the future.

We may suspend, restrict or refuse the exercise of the rights of data subjects to the extent permitted by law. We can draw the attention of data subjects to any requirements that must be met in order to exercise their rights under data protection law. For example, we may refuse to provide information in whole or in part with reference to business secrets or the protection of other persons. We may also, for example, refuse to delete personal data in whole or in part with reference to statutory retention obligations.

We are obliged to take reasonable steps to identify data subjects who request information or assert other rights. Data subjects are obliged to cooperate.

3.2 Right to complain

Data subjects have the right to enforce their data protection claims through legal channels or to lodge a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for private data controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Data subjects have the right - if and to the extent that the General Data Protection Regulation(GDPR) applies - to lodge a complaint with a competent European data protection supervisory authority.

4. Data security

We take adequate and appropriate technical and organisational measures to ensure data protection and, in particular, data security. Despite these measures there will, however, always be security gaps when personal data is processed on the Internet. We cannot thus guarantee absolute data security.

Access to our online offering is via transport encryption (SSL / TLS, in particular using hypertext transfer protocol secure, or HTTPS for short). Most browsers identify transport encryption with a padlock in the address bar.

Access to our online offering is – as is, as a matter of principle, all Internet use – subject to groundless, non-suspicion-related mass surveillance and other surveillance by security agencies in Switzerland, the European Union (EU), the United States of America (USA) and other states. We have no direct influence on the corresponding processing of personal data by secret services, police authorities and other security agencies.

5. Use of the website

5.1 Cookies

We may use cookies for our website. Cookies – our own cookies (first-party cookies) and also cookies of third parties whose services we use (cookies of third parties or third-party cookies) – are text files installed in your browser. Cookies cannot execute programmes or transmit malware such as trojans and viruses.

When you visit our website cookies can be temporarily stored in your browser as “session cookies” or for a predefined period of time as so-called permanent cookies. “Session cookies” are automatically erased when you close your browser. Permanent cookies are stored for a certain duration. Permanent cookies make it possible in particular to recognise your browser when you next visit our website and thus, for example, measure the website’s reach. Permanent cookies can, however, also be used for purposes such as online marketing.

You fully or partially deactivate or erase cookies at any time by changing your browser settings. Without cookies it may, however, no longer be possible to use our website to its full extent. We will – if and insofar as necessary – actively request you to provide your express consent to the use of cookies.

Where cookies are used to measure success and range or for advertising it is possible to make a general objection (“opt-out”) via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA) for numerous web services.

5.2 Server log files

Each time you visit our website we are able to log the following information insofar as your browser transmits them to our server infrastructure or our web server is able to identify them: date and time including time zone; Internet protocol (IP) address; access status (HTTP status code); operating system including user interface and version; browser including language and version; the sub-pages of our website which were retrieved including the transmitted data volume; and the prior website retrieved in the same browser window (referrer).

We store such information, which can also be personal data, in server log files. The information is necessary to provide our online offering in the long term and in a user-friendly, reliable form as well as to ensure data security and thus in particular the protection of personal data – also by third parties or with the help of third parties.

5.3 Tracking pixels

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. They are small, generally invisible images which are automatically retrieved when you visit our website and also used by third parties whose services we employ. Tracking pixels can gather the same information as server log files.

6. Notifications and messages

We send notifications and communications such as newsletters by email and through other communication channels such as instant messaging.

6.1 Success measurement and reach measurement

Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked on. Such web links and tracking pixels may also track usage of notifications and communications on a personal basis. We need this statistical recording of usage for performance and reach measurement in order to be able to offer notifications and communications effectively and in a user-friendly manner based on the needs and reading habits of the recipients, as well as permanently, securely and reliably.

6.2 Consent and objection

You must basically expressly consent to the use of your e-mail address and other contact addresses, unless the use is permitted for other legal reasons. For any consent to receive e-mails, we use the "double opt-in" procedure where possible, i.e. you will receive an e-mail with a web link that you must click to confirm, so that no misuse by unauthorised third parties can take place. We may log such consents including Internet Protocol (IP) address, date and time for evidence and security reasons.

You can basically unsubscribe from notifications and communications such as newsletters at any time. This does not apply to notifications and communications that are absolutely necessary for our services. By unsubscribing, you can in particular object to the statistical recording of usage for performance and reach measurement.

6.3 Service provider for notifications and messages

We send notifications and communications via third-party services or with the help of service providers. Cookies may also be used in the process. We ensure appropriate data protection for such services as well.

We use in particular:

• Mailchimp: Communication platform; Provider: The Rocket Science GroupLLC DBA Mailchimp (USA) as a subsidiary of Intuit Inc. Data protection declaration (Intuit), "Frequently asked questions about data protection at Mailchimp", "Mailchimp and European data transfers", "Security", Cookie Policy, "Data protection enquiries" ("Privacy Rights Requests"), "Legal provisions".
• SendGrid: Platform for transactional emails ("emailing made easy"); provider: Twilio Inc (USA) / Twilio Ireland Limited (Ireland); data protection information: Data protection declaration.

7. Social Media

We are present on social media platforms and other online platforms in order to be able to communicate with interested persons and provide information about our offer. Personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The General Terms and Conditions (GTC) and Terms of Use as well as data protection declarations and other provisions of the individual operators of such online platforms also apply in each case. These provisions inform in particular about the rights of data subjects, which include in particular the right to information.

For our Social Media presence on Facebook including the so-called Page Insights, we are - if and insofar as the General Data Protection Regulation (GDPR) is applicable - jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights to provide our social media presence on Facebook in an effective and user-friendly way.

Further information on the type, scope and purpose of data processing, information on the rights of data subjects and the contact details of Facebook as well as Facebook's data protection officer can be found in Facebook's data protection statement. We have entered into what is known as the "Responsible Party Addendum"with Facebook and have thus agreed in particular that Facebook is responsible for ensuring the rights of data subjects. For the so-called page insights, the corresponding information can be found on the page "Information on page insights" including "Information on Page Insights data".

8. Success and reach measurement

We try to determine how our online offer is used. In this context, we can, for example, measure the success and reach of our activities and operations as well as the effect of third-party links to our website. But we can also, for example, try out and compare how different parts or versions of our online offer are used ("A/B test" method). Based on the results of the success and reach measurement, we can in particular correct errors, strengthen popular content or make improvements to our online offer.

In most cases, the Internet Protocol (IP) addresses of individual users are stored for performance and reach measurement. In this case, IP addresses are always shortened ("IP masking") in order to follow the principle of data economy through the corresponding pseudonymisation.

Cookies may be used for performance and reach measurement and user profiles may be created. Any user profiles created include, for example, the individual pages visited or content viewed on our website, information on the size of the screen or browser window and the - at least approximate - location. In principle, any user profiles are created exclusively in pseudonymised form and are not used to identify individual users. Individual services of third parties with which users are registered may be able to assign the use of our online services to the user account or user profile of the respective service.

We use in particular:

• Clarity: Recording and analysis of user behaviour on websites; provider: Microsoft; Clarity-specific information on data protection: "What data does Clarity collect?", "Data Retention", Cookie Policy.
• Google Analytics: Performance and reach measurement; provider: Google; Google Analytics-specific information: Measurement also across different browsers and devices (Cross-Device Tracking) and with pseudonymised Internet Protocol (IP) addresses, which are only exceptionally transmitted in full to Google in the USA, "Data protection", "Browser add-on to deactivate Google Analytics".
• Google Tag Manager: Integration and management of other services for performance and reach measurement as well as other services from Google and third parties; provider: Google; Google Tag Manager-specific information: "Data collected with Google Tag Manager"; Further information on data protection can be found with the individual integrated and managed services.

9. Third party services

We use services provided by specialised third parties in order to carry out our activities and operations in a durable, user-friendly, secure and reliable manner. With such services, we can, among other things, embed functions and content in our website. In the case of such embedding, the services used record the Internet Protocol (IP) addresses of the users at least temporarily for technically compelling reasons.

For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymised or pseudonymised form. This is, for example, performance or usage data in order to be able to offer the respective service.

We use in particular:

• Services from Google: "Privacy and Security Principles", Privacy policy, "Google is committed to complying with applicable data protection laws", "Guide to privacy in Google products", "How we use data from websites or apps on or in which our services are used" (Information from Google), "Types of cookies and other technologies used by Google", "Personalised advertising" (Activation / Deactivation / Settings).
• Services from Microsoft: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom and Switzerland; General information on data protection: "Data protection at Microsoft", "Data protection and privacy (Trust Center)", Privacy policy, Privacy Dashboard (Data and Privacy Settings).

9.1 Digital infrastructure

We use services from specialised third parties to provide us with the digital infrastructure we need in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.

We use in particular:

• Cloudflare: Content Delivery Network (CDN); Cloudflare Inc. (USA); Data protection information: "Data protection", Data protection declaration, Cookie Policy.
• Microsoft Azure: Storage and other infrastructure; Provider: Microsoft; Microsoft Azure-specific information: "Data protection in Azure".
• ServerBase: Cloud hosting; provider: ServerBase AG (Switzerland); Data protection information: Data protection declaration, "Swiss data center".

9.2 Contact options

We use services from selected providers to better communicate with third parties such as potential and existing customers.

9.3 Audio and video conferences

We use specialised audio and video conferencing services to communicate online. For example, we can use them to hold virtual meetings or conduct online lessons and webinars. For participation in audio and video conferences, the legal texts of the individual services such as data protection declarations and terms of use apply in addition.

Depending on the life situation, we recommend muting the microphone by default when participating in audio or video conferences, as well as blurring the background or having a virtual background superimposed.

We use in particular:

• Microsoft Teams: Platform for audio and video conferencing, among other things; provider: Microsoft; Teams-specific information: "Data protection and Microsoft Teams".

9.4 Digital audio and video content

We use services from specialised third parties to enable the direct playback of digital audio and video content such as music or podcasts.

We use in particular:

• YouTube: Video platform; Provider: Google; YouTube-specific information: "Data Protection and Security Centre", "My data on YouTube".

9.5 Fonts

We use third-party services to embed selected fonts as well as icons, logos and symbols on our website.

We use in particular:

• Font Awesome: Icons and logos; provider: Fonticons Inc. (USA); Data protection information: Data protection declaration.
• Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: "Privacy and Google Fonts", "Data protection and data collection".

9.6 Payments

We use specialised service providers to process our customers' payments securely and reliably. The legal texts of the individual service providers, such as the General Terms and Conditions (GTC) or data protection declarations, also apply to the processing of payments.

We use in particular:

• Apple Pay: Processing of payments; Providers: Apple Inc (USA) / Apple Distribution International Limited (Ireland) for persons in the EEA, the UK and Switzerland; Data protection information: "Apple Customer Privacy Policy", "Apple Privacy Policy", Transparency report.
• PayPal (including Braintree): Processing of payments; providers: PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxemburg) / PayPal Pte. Ltd. (Singapur); Data protection information: Data protection declaration, "Explanation of cookies and tracking technologies".
• TWINT: Processing of payments in Switzerland; provider: TWINT AG (Schweiz); Data protection information: Data protection declaration, "Safety according to Swiss standards".
• Worldline (former SIX Payment Services): Processing of mobile and online payments; providers: Worldline Schweiz AG (Schweiz) / Worldline Financial Services (Europe) S.A. (Luxemburg) / Worldline Payment Services (Germany) GmbH (Deutschland) / Worldline Financial Services (Europe) S.A., Branch Office Austria; Data protection information: Data protection declaration, "Customer information on data protection".

9.7 Advertising

We use the possibility to display targeted advertisements for our activities and operations on third parties such as social media platforms and search engines.

With such advertising, we would like to reach in particular people who are already interested in our activities and operations or who might be interested in them (Remarketing und Targeting). For this purpose, we may transmit corresponding - possibly also personal - information to third parties who enable such advertising. We can also determine whether our advertising is successful, i.e. in particular whether it leads to visits to our website (Conversion Tracking).

Third parties with whom we advertise and where you are registered as a user may be able to assign the use of our online services to your profile there.

We make use of the possibility of embedding advertising from third parties - in principle against compensation - in our website. Third parties whose advertising is embedded in our website and where you are registered as a user may be able to assign the use of our online offer to your profile there.

We use in particular:

• Facebook Ads: Social media advertising; providers: Meta Platforms Ireland Limited (Ireland) and other Meta-companies (including in the USA); information on data protection: remarketing and targeting in particular with the Facebook Pixel as well as Custom Audiences including Lookalike Audiences, Privacy policy, "Advertising preferences" (User registration required).
• Google Ads: Search engine advertising; Provider: Google; Google Ads-specific claims: Advertising based, inter alia, on search queries, using various domain names - in particular doubleclick.net, googleadservices.com and googlesyndication.com - for Google Ads, "Advertising" (Google), "Why do I see a certain advertisement?".
• Instagram Ads: Social media advertising; providers: Meta Platforms Ireland Limited (Ireland) und other Meta-companies (including in the USA); information on data protection: remarketing and targeting in particular with the Facebook Pixel as well as Custom Audiences including Lookalike Audiences, Privacy policy (Instagram), Privacy policy (Facebook), "Advertising preferences" (Instagram) (User registration required), "Advertising preferences" (Facebook) (User registration required).
• LinkedIn Ads: Social media advertising; providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Irland); Information on data protection: Remarketing and targeting in particular with the LinkedIn Insight Tag, "Data protection", Privacy policy, Cookie Policy, Objection to personalised advertising.
• Microsoft Advertising: Search engine advertising on Bing, DuckDuckGo and Yahoo!; Provider: Microsoft; Microsoft Advertising-specific claims: "Microsoft Advertising Privacy Policy", "Microsoft Advertising Policies: Legal, Privacy and Security", "Settings for advertising" (objection to personalised advertising).

10. Extensions for the website

We use extensions for our website in order to be able to use additional functions.

We use in particular:

• Google reCAPTCHA: Spam protection (differentiation between wanted comments from humans and unwanted comments from bots as well as spam); Provider: Google; Google reCAPTCHA-specific information: "What is reCAPTCHA?".

11. Concluding provisions

We may adjust and add to this data protection declaration at any time. We will provide notification of such adjustments and additions in an appropriate form, in particular by means of publishing the corresponding current data protection declaration on our website.

The version of this document in German is authoritative. Versions in other languages have been produced by machine.