1. What is this privacy policy about?
2. Who is responsible for processing your data?
3. What personal data do we process?
4. For what purposes do we process your personal data?
5. What online tracking and online advertising techniques do we use?
6. What applies to profiling and automated decisions?
7. How do we process data related to social media?
8. To whom do we disclose your personal data?
9. Do we disclose personal data abroad?
10. How long do we process personal data?
11. What are the legal bases for data processing?
12. How do we protect your data?
13. What are your rights?
14. Changes

1. What is this privacy policy about?

Matto-Group AG, General-Guisan-Str. 6, 6300 Zug, processes personal data that concerns you or other people in different ways and for different purposes. As far as we refer to “Matto-Group”, “we” or “us” below, this refers to Matto-Group AG. (see section 2).

“Personal data” is all information that can be associated with a specific person, and “processing” means any handling of it, e.g. obtaining, using, and disclosing it. This data protection declaration explains our processing of personal data (hereinafter data), especially in connection with our websites ( www.lohncheck.ch or www.matto-group.com) or in connection with your application to us or as part of our business activities, if processing is not obvious and the applicable data protection law requires information.Please note that we provide a separate data protection declaration for the wage check offered on our website and other platforms under this link, which also applies to all data processing in connection with wage analysis, registration for our newsletter and direct marketing measures in connection with this wage check.

To make it easier to read, this data protection declaration does not mention multiple genders, but we do mean to address people of all genders.If you would like further information about our data processing, please contact us (Section 2). We have aligned this data protection declaration with both the Swiss Data Protection Act (DSG) and the European General Data Protection Regulation (GDPR). If “personal data” is mentioned in the data protection declaration, this also includes “personal data” in accordance with the GDPR. Whether and to what extent the GDPR is applicable depends on the individual case.

2. Who is responsible for processing your data?

The following company is the “responsible party” for data processing in accordance with this data protection declaration, i.e. the body primarily responsible for data protection (also “we”):

Matto-Group AG
General-Guisan-Str. 6
6300 Zug
Switzerland

If you have any questions about data protection, please feel free to contact the following address:

[email protected]

If you have any questions about the GDPR, you can also contact our EU representative in accordance with Art. 27 GDPR:

DP-Dock GmbH
Attn: Matto-Group AG
Ballindamm 39
20095 Hamburg
Germany

If you have any questions about the UK GDPR, you can also contact our UK representative:

DP Data Protection Services UK Ltd.
Attn: Matto-Group AG
16 Great Queen Street
Covent Garden
London, WC2B 5AH
United Kingdom

The email address for inquiries to our local representatives in the EU and UK is: matto‑group@gdpr‑rep.com

3. What personal data do we process?

We process different categories of personal data depending on the occasion and purpose. The most important categories can be found below, although this list is not exhaustive. In addition to the data mentioned below, we also process other data in connection with the wage analysis offered on our website or other platforms. Please see the separate data protection declaration, which is available here, to find out what data this is (wage check data) and for what purposes we process this data in connection with the wage analysis and the direct marketing based on it.

We process fewer personal data for contractual partners who are companies because the applicable data protection law generally only records data from natural persons (i.e. people). However, we process data of the contact persons with whom we are in contact, e.g. name, contact details, professional details and information from communications, and information about managers, etc. as part of the general information about companies with which we work. You provide us with many of the data mentioned in this section yourself (e.g. via forms, as part of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do this, subject to individual cases. If you want to conclude contracts with us or use services, you must also provide us with data, in particular master and contract data, as part of your contractual obligation in accordance with the relevant contract. However, we may also receive certain data from other people, e.g. from people who work for your company or from third parties such as our contractual partners, associations, and address dealers and from publicly accessible sources such as public registers or the Internet (websites, social media etc.).

If you provide us with information about other people, we will assume that you are authorized to do so, and that the information is accurate. Please ensure that these third parties have been informed about this data protection declaration (e.g. through a reference to this data protection declaration).

3.1. Basic data

We refer to master data as the basic data that we need to process our business relationships or for marketing and advertising purposes and which relate directly to your person and characteristics. For example, we process the following master data:

• Title, surname and first name, gender, and date of birth
• Address, contact details such as email address and telephone and mobile number
• Nationality and residence permit status
• further information from identification documents
• Family data (e.g. marital status)
• Information about language preferences
• Information about your education (e.g. diplomas from educational institution, highest level of education)
• Information about your professional experience (e.g. career level, work experience, management span, etc.)
• Information about your employer (e.g. company, industry, number of employees, orientation, legal form, country)
• Information about your job, salary, and income situation. (e.g. gross income, workload, job title)
• in the case of company contacts, also relationships with the company you work for
• Customer history
• Signature authorizations and declarations of consent

3.2. Contract data

Contract data is information that arises in connection with the conclusion of the contract or the execution of the contract, e.g. information about contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, information about the conclusion of the contract itself (e.g. the conclusion date and the subject matter of the contract), as well the information required or used for processing. For example, we process the following contract data:

• Date, application process, information about the type and duration as well as conditions of the contract in question, data on termination of the contract
• Contact details
• Information about the use of services
• Information on payments and payment methods, invoices, mutual claims, contacts with customer service, complaints, defects, returns, information on customer satisfaction, complaints, feedback, etc.
• For services available online, also access data and logins

We receive this data from you, but also from partners with whom we work. Again, this data can relate to your company, in which case it is not “personal data”, but also to you if you work for a company or if you receive services from us yourself.

3.3. Communication data

Communication data is data related to our communication with you, e.g. if you contact us via the contact form or other means of communication. Communication data is e.g.

• Name and contact details such as postal address, email address and telephone number
• Content of the correspondence (e.g. emails, written correspondence, telephone conversations, chat messages, etc.)
• Information on the type, time and possibly location of the communication and other peripheral data of the communication.

3.4. Technical data

Technical data is generated in connection with the use of our website. This includes, for example, the following data:

• IP address of the end device and device ID
• Information about your device, the operating system of your device or language settings
• Information about your internet provider
• accessed content or logs in which the use of our systems is recorded
• Date and time of access to the website and your approximate location
• Information about the content and files accessed in the user account
• further information that arises when using the user account, such as sending the access code via push message for logging into your user account via the website

We can also assign you or your device an individual code (e.g. through a cookie; see section 5). This code is stored for a certain period, often only during your visit. We cannot determine who you are from technical data.

3.5. Behavioral data

To best tailor our offers and services to you or your company, we try to get to know you better. To do this, we collect and use data about your behavior. Behavioral data is information about your use of our website. They can also be collected based on technical data. This includes, for example, information about your use of electronic communications (e.g. whether and when you opened an email or clicked on a link, especially when sending newsletters). If we show you offers from third parties, we may track how you use the corresponding links. We can also use your other interactions with us as behavioral data, and we can link behavioral data with other data (e.g. with anonymous information from statistical offices) and evaluate this data on a personal and non-personal basis.

3.6. Preference data

Preference data gives us information about what needs you probably have and what services might be of interest to you – or the interest of your company (e.g. when selecting the subject areas for the newsletter). We therefore also process data about your interests and preferences. To do this, we can link behavioral data with other data and evaluate this data on a personal and non-personal basis. This allows us to draw conclusions about characteristics, preferences and expected behavior.

3.7. Other data

We may also collect information from you in other situations. In connection with official or judicial proceedings, for example, data is generated (such as files, evidence, etc.) which can also relate to you.

4. For what purposes do we process your personal data?

We use the personal data we collect primarily to conclude and execute our contracts. In addition, to the extent permitted and deemed appropriate to us, we also process your personal data for other purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

• For communication purposes, that is, to contact you and maintain contact with you. This includes answering inquiries and contacting you if you have any questions, for example by email. For this purpose, we process your communication and master data.
• For customer care and marketing purposes, to inform you about offers tailored to your personal interests and preferences, e.g. through the newsletter and personalized advertising. For this purpose, we process technical data, master, and communication data as well as behavioral data. For information on how we process your wage check data for advertising purposes, please see the separate privacy policy at the following Link. We may also combine your behavioral and preference data with your wage check data to optimize the advertising and job offers on our website and better tailor them to your needs.
• To optimize our services: We use your personal data for analytical purposes to improve the quality of our services (our statistical model for wage calculation) as well as the user-friendliness and functionality of our website.
• To ensure IT security and prevention: We process personal data to monitor the performance of our operations, particularly the IT, our website, applications, and other platforms, for security purposes, to ensure IT security, to prevent theft, fraud, and abuse prevention and for evidence purposes. This includes, for example, the evaluation of system-side records of the use of our systems (log data), the prevention, defense and investigation of cyberattacks and malware attacks, analyses and tests of our networks and IT infrastructures, system and error checks.
• To protect house rules and other measures for IT, building and system security and to protect our employees and other people and assets belonging to or entrusted to us (such as access controls, visitor lists, network and email scanners, telephone records).
• To protect the law: We may also process personal data to enforce claims in court, in court or out of court and before authorities at home and abroad, or to defend ourselves against claims. Master and communication data can be edited for this purpose.
• To comply with legal requirements: This includes, for example, the processing of complaints and other reports, compliance with orders from a court or authority, measures to detect and clarify abuses and general measures that we are required to take in accordance with applicable law, self-regulation or industry standards are obliged. For this purpose, we can process your master and communication data.
• For administration and support: To make our internal processes efficient, we process data as necessary for IT management, accounting, or data archiving. For this purpose, we can process communication and behavioral data as well as technical data.
• We may also process data for other purposes. This includes corporate management including operational organization and corporate development, other internal processes and administrative purposes (e.g. management of master data, accounting and archiving), training and education purposes and the preparation and processing of the purchase and sale of business areas, companies or parts of companies and other corporate law matters, transactions and the associated transfer of personal data, as well as measures for business management and the protection of other legitimate interests. If we ask you for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time by notifying us in writing.

5. What online tracking and online advertising techniques do we use?

We use various techniques on our website with which we and third parties can recognize and engage you when you use it and, in some cases, track you over several visits. The use of such techniques is specifically regulated. In this section we will inform you about it.

5.1. How and why do we use cookies and similar technologies?

We use third-party services for our website to measure and improve the user-friendliness of the website and online advertising campaigns. To do this, we can integrate third-party components on our website and use cookies and other technologies. The core of this is that we can distinguish your access (via your system) from access by other users so that we can ensure the functionality of the website and carry out statistical evaluations. We do not wish to infer your identity. The technologies used are designed in such a way that you are recognized as an individual visitor each time you visit the page, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (so-called “cookie”).

Cookies are files that your browser automatically saves on your device when you visit our website. Cookies contain a unique identification number (an ID) that allows us to distinguish individual visitors from others, but usually without identifying them. Depending on the purpose, cookies contain further information, e.g. about pages accessed and the duration of the visit to a page. On the one hand, we use session cookies, which are deleted when the browser is closed, and on the other hand, permanent cookies, which remain stored for a certain period after the browser is closed and are used to recognize visitors on a later visit.

We use the following types of cookies and similar technologies:

• Necessary cookies: Necessary cookies are necessary for the functionality of the websites, e.g. so that you can switch between pages without losing information entered in a form.
• Performance cookies: These cookies collect information about the use of a website and enable analysis, e.g. which pages are most popular. This allows you to simplify visiting a website and improve user-friendliness.
• Functional cookies: Functional cookies enable extended functions and can display personalized content.
• [Marketing Technologies: Marketing technologies help us and our advertising partners to target you on our websites and on third-party websites with advertisements for products or services that may be of interest to you, or after you visit our websites as you continue to use the Internet, our advertisements to display.]

We use cookies and other technologies for the following purposes:

• Personalization of content
• Displaying personalized advertisements and offers
• Displaying advertisements on third-party websites and measuring success, i.e. whether you respond to these advertisements (remarketing)
• Saving settings between your visits
• Determining whether and how we can improve our website
• Collection of statistical data on the number of users and their usage habits and to improve the speed and performance of the website

We only use cookies and similar technologies for analysis and marketing purposes if you actively confirm the corresponding settings in our cookie banner.

5.2. How can cookies and similar technologies be deactivated?

When you visit our website, you have the option to activate or deactivate certain categories of cookies. You can configure your browser settings to block certain cookies or similar technologies or to delete existing cookies and other data stored in the browser. You can also expand your browser with software (so-called “plug-ins”) that blocks tracking by certain third parties. You can find out more about this in the help pages of your browser (usually under the keyword “data protection”). Please note that if you block cookies and similar technologies, our website may no longer function fully.

5.3. Cookies and technologies from partners and third parties on our website

We use third-party services to measure and improve the user-friendliness of the website and to run online advertising campaigns. Third-party providers may also be located outside of Switzerland and the EU/EEA, provided that the protection of your personal data is adequately ensured. For example, we use analysis services so that we can optimize and personalize our website. The relevant third-party providers can record the use of the website and the behavior of the users and provide us with statistical analyses on this basis. The providers can also use this information for their own purposes, e.g. for personalized advertising on their own website or other websites or to improve their own services. If a user is registered with the provider, the provider can assign the usage data to the person concerned.

Our main third-party provider is Google. You can find further information about this below. Other third parties generally process personal and other data in a similar manner.

• Google Analytics, an analysis service provided by Google LLC (1600 Amphitheater Parkway, Mountain View, CA, USA) and Google Ireland Ltd. (Google Building Gordon House, Barrow St, Dublin 4, Ireland; both together “Google”, whereby Google Ireland Ltd. is responsible for the processing of personal data). Google uses cookies and similar technologies to collect certain information about the behavior of individual users on or in the relevant website and the device used (tablet, PC, smartphone, etc.). Google collects information about the behavior of users on the website and the device used and provides us with evaluations on this basis, but also processes certain data for its own purposes. Google Analytics anonymizes the IP addresses of visitors before forwarding them to the USA. Information on data protection with Google Analytics can be found here. You can deactivate Google Analytics by installing an appropriate browser add-on.
• Google Protected Audience is a Google advertising and ad technology service. With the help of this service, users of a website are assigned to specific interest groups based on their user behavior. The information about membership in interest groups is stored in the browser used and the website operator can enrich it with other information available to him. Using this stored information, the user can be addressed with targeted advertising on other websites. Data is not transmitted across websites. The advertising is displayed using a so-called “Fenced Frame”. This means that the website on which advertising is displayed does not receive any information about which interest group the user belongs to, and which advertisements are displayed. However, the website operators of the participating websites can receive aggregated reports about the advertisements played. You can deactivate the use of Google Protected Audience in your browser settings. Information can be found here.

6. What applies to profiling and automated decisions?

We can process and evaluate your data automatically in accordance with Section 3. This also includes so-called profiling, i.e. automated evaluations of data for analysis and forecasting purposes, to determine preference data (Section 3.6), but also to identify misuse and security risks. The most important examples are profiling for marketing purposes, customer care, fraud prevention, credit checks and risk management.

7. How do we process data related to social media?

If you communicate with us via social media and our profiles there (e.g. on Instagram, LinkedIn, Facebook) or comment on or distribute content, we collect information that we use primarily to communicate with you, for marketing purposes and for statistical evaluations. Please note that when you visit our social media sites, the platform provider also collects and uses data (e.g. about user behavior), possibly together with other data known to them (e.g. for marketing purposes or to personalize the platform content). Further information on data processing by social network providers can be found in the data protection declarations of the relevant social networks.

8. To whom do we disclose your personal data?

In connection with our processing, we also disclose your personal data to other recipients in addition to the recipients named in Section 5.3.

We provide service providers with the personal data required for their services. This applies to IT service providers, but also consulting companies, analysis service providers, debt collection service providers, credit reporting agencies, marketing service providers, etc. If service providers process personal data as processors, they are obliged to process personal data exclusively in accordance with our instructions and to take measures to ensure data security. Data can also be disclosed to other recipients, e.g. to courts and authorities as part of procedures and legal information and cooperation obligations, to buyers of companies and assets, to financing companies for securitizations and to debt collection companies.

In individual cases, it is possible that we pass on personal data to other third parties for their own purposes, e.g. if you have given us your consent to do so or if we are legally obliged or entitled to pass it on. For information related to wage check data, please refer to the relevant data protection declaration, here.

9. Do we disclose personal data abroad?

Recipients of data are not only in Switzerland. This particularly affects certain service providers. These can also be located within the European Economic Area (EEA) (for example in Ireland) but also in other countries around the world (particularly in the USA). For example, we may transfer data to authorities and other persons abroad if we are legally obliged to do so or, for example, as part of a company sale or legal proceedings. Not all these states currently guarantee a level of data protection that corresponds to Swiss law. We compensate for the lower level of protection through appropriate contracts, in particular the standard contractual clauses issued by the European Commission and recognized by the Swiss Data Protection and Information Commissioner (FDPIC). Further details and a copy of these clauses can be found here.

In certain cases, we can transmit data in accordance with data protection regulations even without such contracts, e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the execution of the contract, for the establishment, exercise, or enforcement of legal claims or for overriding public interests.

Please note that data exchange over the Internet is often routed via third countries. In this case, your data can therefore end up abroad even if the sender and recipient are in the same country.

10. How long do we process personal data?

We store and process your personal data for as long as it is necessary for the purpose of processing (in the case of contracts, usually for the duration of the contractual relationship), as long as we have a legitimate interest in storing it (e.g. to enforce legal claims, for archiving and/or to ensure IT security) and as long as data is subject to a legal retention obligation (e.g. a ten-year retention period applies to certain data). If there are no legal or contractual obligations to the contrary, we will destroy or anonymize your data after the storage or processing period has expired as part of our usual processes.

As part of our statutory retention period, we generally store master data for 15 years from the last exchange with you, but at least from the end of the contract. This period may be longer if this is necessary for evidentiary reasons or to comply with legal or contractual requirements or for technical reasons.

We generally store contract data for 15 years from the last contract activity, but at least from the end of the contract. This period may be longer if this is necessary for evidentiary reasons or to comply with legal or contractual requirements or for technical reasons.

We anonymize or delete your behavioral and preference data when it is no longer relevant for the purposes pursued, which may be the case after approximately 26 months, depending on the type of data. This period may be longer if this is necessary for evidentiary reasons or to comply with legal or contractual requirements or for technical reasons.

Regarding cookies, you can find information about the retention period under the “Cookie settings” link.

11.What are the legal bases for data processing?

Depending on the applicable law, data processing is only permitted if the applicable law specifically allows it. This does not apply under the Swiss Data Protection Act, but, for example, under the European General Data Protection Regulation (GDPR), to the extent that this applies. In this case, we base the processing of your personal data on the following legal bases:

• Article 6 (1) (b) GDPR for processing that is necessary to fulfil a contract with the data subject and to carry out pre-contractual measures.
• Art. 6 Para. 1 lit. f GDPR for processing that is necessary to protect the legitimate interests of us or third parties, unless the fundamental freedoms and rights as well as the interests of the data subject outweigh this. This applies in particular to compliance with Swiss law, our interest in carrying out our activities and activities in a permanent, user-friendly, safe and reliable manner;
• Article 6 (1) (c) GDPR for processing that is necessary to fulfil a legal obligation under the law of a member state of the European Economic Area (EEA). The EEA includes the EU states and Iceland, Norway and Liechtenstein;
• Art. 6 Para. 1 lit. a GDPR for processing that we carry out with your separate consent;

12. How do we protect your data?

We take appropriate security measures to maintain the confidentiality, integrity, and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, accidental alteration, unwanted disclosure, or unauthorized access. However, security risks cannot generally be completely ruled out; Residual risks are unavoidable.

13. What are your rights?

Under the conditions and within the scope of applicable data protection law, you have certain rights to request a copy of your personal data or to influence our processing of this data:

• Information: You can request information as to whether we process personal data about you, and if so, which ones, and further information about our data processing.
• Correction and restriction: You can correct incorrect personal data and complete incomplete data and have the processing of your data restricted
• Deletion and objection: You can have personal data deleted and object to the processing of your data with effect for the future. For reasons arising from your situation, you can object at any time to the processing of data for our legitimate interest and to our processing for direct advertising purposes. https://lohncheck.ch/de/daten-loeschen
• Transfer: You can receive the personal data that you have provided to us in a structured, common, and machine-readable format, provided that the corresponding data processing is based on your consent or is necessary to fulfil the contract.
• Revocation: If we process data based on your consent, you can revoke your consent at any time. The revocation only applies for the future, and we reserve the right to continue to process data in the event of a revocation based on another basis.

If you would like to exercise such a right, please contact us (Section 2). As a rule, we must check your identity.

You are also free to lodge a complaint against our processing of your data with the responsible supervisory authority, in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC). To the extent that the GDPR is applicable, you also have the right to lodge a complaint with a responsible European data protection supervisory authority.

14. Changes

We may adjust this privacy policy at any time without prior notice if necessary. The current version published on our website applies.

Status of the data protection declaration: May 22, 2024