Data privacy statement
DAYquiri GmbH, Freier Platz 10, 8200 Schaffhausen, Switzerland
Tel.: +41 22 518 32 02 (Swiss)
are the operator of the website zistemo.com as well as the service provider of the zistemo.com iOS and Android App, including the other services that are provided via the websites (e.g. api.zistemo.com) and the zistemo.com App. We are responsible for the collection, processing, and use of personal data according to all Data Protection legislation -specifically the General Data Protection Regulation (“GDPR”).
You, the Customer, are the Data Controller and DAYquiri, the Service Provider, is the Data Processor on your behalf. We only use your data under consideration of the relevant data protection legislation. DAYquiri also have an appointed Data Protection Officer (“DPO”) who can be contacted by letter or by email to firstname.lastname@example.org. As a Swiss Company we also have an appointed EU Representative:
Advovox Rechtsanwalts GmbH
Tel.: +49 - (0) 30 - 22 48 75 28
With this data privacy statement, we want to inform you which of your personal data is collected and saved when you visit our website or use our website offered services. Furthermore, you will receive information about how we use your data and which rights you have regarding the use of your data. This data privacy statement also applies for the access and use of the DAYquiri App as well as the other available services.
1. Data security
In order to protect your data, all the data you provide us with is encrypted according to the security standard TLS (Transport Layer Security). TLS is a secure and tested standard, that is used, for instance, for online banking. You can recognize the secure TLS connection, for example from the “s” after the “http” in the URL shown in your browser (thus https://..), or from the lock symbol depicted in the browser tab.
We also take technical and organizational suitable security measures, in order to protect your data against random or deliberate manipulations, partial or complete losses, destruction and- or against unauthorized access. In order to avoid loss of data, we run a mirrored database setup which means that your data is always stored in two separate locations. Additionally, we update and store the data every 3 hours in an Off-Site backup, and in line with high risk analysis we continuously run safety tests on our infrastructure. Your password is stored through a safe encrypted process. We will never ask you for your password, neither via email nor over the phone. If you happen to forget your password, we can reset it for you. Our security measures are continuously improved according to the technological development.
The personal data that we collect is stored only in a secure environment within Switzerland, and treated confidentially. Access to this data is limited to selected DAYquiri Group employees and suppliers. We adhere to Data Protection legislative requirements at all times.
We do our utmost to secure your data in the best possible way, but we cannot guarantee the safety of your data when transferred over the Internet. When data is transferred over the Internet, there is a certain risk that others can access the data illicitly. In other words, the safety of your data transfer is your own responsibility as the Data Controller.
2. Collection and storage of personal data, and nature and purpose of its use
a) If you visit our website
You can visit the DAYquiri website without disclosing your identity. Your browser only sends automatically collected information to the servers of our website. This information is temporarily stored in a so called logfile. This is the information which is automatically collected and stored until the automatic deletion:
- IP-Address of the requesting computer
- Date and time of the access
- Name and URL of the accessed data
- Website, from which the access came (Referrer-URL)
- Browser in use, and if necessary, the operating system of your computer as well as the name of your access provider
This data is collected and processed for the purpose of making our website use (connection establishment) possible, for the purpose of guaranteeing the security and stability of our system, as well as for the purpose of technical administration of the network infrastructure (art. 6 para 1 f GDPR). We do not draw any conclusions about you as a person.
b) If you register for our online services
On our website we offer services for online invoicing and accounting. In order to use these services, you have to first register (art. 6 para. 1 a GDPR). When you register, you have to enter an email address and create a password, so we can create an account for you and you can log in. In order to use country specific features, you have to select the country where your business is located.
In order to use our services to its full extent, it might be necessary to enter more personal data. For example, in order to create a legal invoice, it is necessary to enter your business name, address, invoice number and payment information etc.
We also use your name and your contact data:
- To know who our contracting party is
- For the justification, structure, processing and changes of the contractual relationship with you about the use of our services
- To verify the plausibility of the entered data
- If necessary, to contact you
This data is stored until the customer account is deleted. Insofar as we are legally obliged to store for a longer period of time (for example to fulfill accounting obligations) or are legally entitled to longer storage (for example because of a current legal dispute against the holder of a user account), the deletion takes place after expiration of the storage obligation or legal authorization.
c) If you register for our newsletter/info mail
If you have agreed to receive our newsletter/info mail we can use your email address to send you regular newsletters, as well as information about our services (art. 6 para 1 a). In order to receive the newsletters, we must first gain consent from you agreeing to such communication. This consent can be chosen during sign up. You can revoke your consent to receiving such communications at any time, either within your account, opting out of the emails[s2] or by emailing us to request that you no longer wish to receive such communications.
You can also opt out of the newsletters at any time, for example by clicking the opt out link at the bottom of the newsletter.
We delete your data by unsubscribing from the newsletter. The data, which we need as proof that you have agreed to the transmission of the newsletter, we delete after expiration of the limitation period for corresponding proof obligations.
d) Developer, customer, supplier, accountant, and team
With our services you have the possibility to enter data of third-parties, to give third-parties access to your account, to connect your account with third-parties and to offer third-parties your own applications or use applications of third-parties. Of course, we respect the data privacy also regarding data of third-parties, which we can access through the use of our service through you. Sometimes this can require a separate contract with you. If you think this is the case, please contact us.
According to our terms and conditions you have no right to share your login data with third-parties, and you are obliged to treat your data with due care. Furthermore, you are responsible for the data of third-parties that you enter in zistemo.com. Please note that we have no influence on the compliance with data protection and security standards outside of our website, the zistemo App or the services provided by us. In such cases, you - or the third-party that you have granted access to your data - are responsible.
3. Consent to transfer of data
We transmit your personal data to third-parties if you order us to do so (for example when you send an invoice electronically or if you declare your VAT to the financial authorities), only if you have given your explicit consent or if there are legislative obligations to do so.
A transfer of personal data to third-parties for other purposes does not take place. Your data is not disclosed to any third-party without your permission, unless legislative authorities require that they be delivered, and even then, only to the extent necessary.
DAYquiri maintain the right to share data within their Group of Companies, DAYquiri Germany GmbH, as required to provide services to you. By signing up with zistemo.com, you are giving your consent to the processing of your data.
You are also giving explicit consent to the sharing of your data with any third-parties as required to allow us to provide our service to you. We confirm that we share your data only with third-parties whom we are satisfied in maintaining your data at a standard which is acceptable to us and the standard required under all Data Protection legislation.
Specifically, when we share data with territories outside the EU/EEA or to one not under the approved EU Commission listing, we fully satisfy ourselves with their data security and confidentiality standards and are assured that they maintain all shared data in a manner which is acceptable to EU standards. We are required to make available, upon request, evidence of - or reference to - the appropriate safeguards and can do so following receipt of a request received to DAYquiri either in writing or by email.
You retain the right at any time to withdraw your consent to the processing and/or sharing of your data by either closing down your account, which has effect to the next payment period, or by contacting us to request closure, at which stage we will do so as soon as is practicable. After your relationship with DAYquiri ends, we maintain, only the minimum data that we are required to hold to satisfy all legal requirements, and only for the minimum period required.
If you have any queries about the processing of your personal data, or you would like to make a data access request, the Data Protection Officer can be contacted at dpo@DAYquiri.com or by writing to the DPO at the previously stated address or contact our European Representative, Advovox Rechtsanwalts GmbH, email@example.com. If you are not satisfied, you have the right to lodge a complaint with the relevant data protection authority. DAYquiri will cooperate fully with any such investigation and endeavor to satisfy all queries as fully as possible. The relevant authority for each country can be found on the European Commission website: http://ec.europa.eu/newsroom/article29/item-detail.cfm
The cookies store information in relation to your specific device. However, this does not mean that we receive any detailed knowledge about your identity.
For usability purposes we are using temporary cookies, that are stored on your device for a specific time duration. If you visit our website again to use our services, it will be recognized that you have already visited our website before and which settings and actions you have performed, in order for you to not have to perform them again.
Most of the browsers accept cookies automatically. You can configure your browser in a way so that no cookies are saved on your computer or so that a warning will always appear before a new cookie is created.
However, please note that the complete deactivation of cookies can also lead to a limited functionality of our website.
5. Web analysis
Below you can find further information about our web analysis services and further deactivation options:
a) Google Analytics
We are using Google Analytics (art. 6 para. 1 f GDPR). This is a web analysis service by Google Inc. The information about your use of our website (including your IP address) that is collected via a cookie, is transferred to a Google server in the US and is stored there. IP addresses are anonymized; therefore, it is not possible to assign it to you (IP masking). The information is used to analyze the use of our website, to create reports about website activities for us and to provide us with further services that are connected with the use of our website and internet. The data you have entered while using our service will not be merged with other data that is collected via Google in any way.
The transfer of information by Google to third-parties will only be carried out if it is legally required or if third-parties are processing the data on their behalf.
Furthermore, we are using Google Optimize. This is a web analysis service by Google Inc, which is integrated in Google Analytics. Google Optimize enables us to do A/B- and multivariate-testing. Thereby we can find out, which version of our website is preferred by the users. Here you can find further information about this service.
You can prevent the data collection, that is carried out via the cookie, as well as the data processing of Google by downloading and installing a browser-add-on here. As an alternative to the browser-add-on, especially for browsers on mobile devices, you can prevent the data collection of Google Analytics, by clicking on this link. An opt-out-cookie will be placed, that prevents the future collection of data when visiting this website. The opt-out-cookie is valid only in this browser and for our website and will be archived on your device. If you delete the cookie in your browser, you will have to place the opt-out-cookie again.
You can find further information about data protection in conjunction with Google Analytics in Google Analytics help.
Furthermore we are using Google Cloud Vision-API. The OCR (Optical Character Recognition)-tool serves the purpose of optical character recognition and allows the automatic recognition and analysis of letters as well as the categorisation of documents. You can find further information about this service here. The character recognition based on Cloud Vision-API is essential for the use of our services. If you don’t want Cloud Vision-API to be used, you have the possibility to create expenses without uploading documents. In this case you cannot use the services of DAYquiri to their full extent.
Here you can find further information about data protection by Google: https://www.google.com/policies/privacy/
Additionally, we use Mixpanel. This is a web analysis service by Mixpanel Inc. The service is used to provide statistical data regarding the use of our website, the DAYquiri-App as well as the offered services.
You can find further information about data protection by Mixpanel in their data privacy statement.
Finally, we are using Intercom by Intercom Inc. in the context of customer support, in order to manage customer requests.
The collection and evaluation are carried out anonymously and doesn’t allow us to identify you. In particular we don’t connect this information with your personal data. If you don’t want to receive interest-based advertising, you can prevent that via the relevant cookie settings in your browser.
You can change the settings for the display of interest-based advertising via the advertising settings manager.
7. Facebook tracking
In connection with our Facebook advertising, we are using a pixel based tracking mechanism. This is a web analysis service provided by Facebook Ireland Ltd. The information is used to track conversions coming from the Facebook platform.
This service is provided by Facebook Ireland Ltd. for which the data privacy law of the European Union applies. We do not share any data that you enter while using our service with Facebook.
Please look into the data protection information of Facebook for more information about purpose and extent of the data collection, and the processing and use of the data by Facebook, as well as your rights and setting options for privacy protection.
8. Information, correction, blocking, and deletion
Right to information
According to Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data relating to you are being processed. If this is the case, you have a right to get information about this personal data and to further information (Art. 15 GDPR).
Right to rectification
According to Art. 16 GDPR, you have the right to demand immediate correction of inaccurate personal data concerning you. Furthermore, taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
Right to delete
You have the right to demand that you delete your personal data without delay. We are obliged to delete personal data immediately, provided that the corresponding requirements of Art. 17 GDPR are met. For details please refer to Art. 17 GDPR.
Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right under certain circumstances to demand that we restrict the processing of your personal data.
Right to data portability
According to Art. 20 GDPR, you have the right to receive the personal data that you have provided us in a structured, common and machine-readable format, and you have the right to transfer this data to another person without hindrance, provided that the processing is based on a consent pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) of the GDPR which is based on a contract pursuant to Article 6 (1) (b) GDPR and the processing is carried out by automated means.
Right to opposition
According to Art. 21 GDPR, you have the right to object to the processing of personal data concerning you, which is based on Article 6 (1) (e) or (f) of the GDPR. This also applies to profiling based on these provisions.
If we process your personal data in order to operate direct mail, you have the right at any time to object to the processing of your personal data for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you wish to exercise your right, please contact us as the person responsible under the above contact information or use any of the other forms offered by us and send this message. If you have any questions, please contact us.
Right to complain Supervisory authority
According to Art. 77 GDPR, without prejudice to any other administrative or judicial remedy, you have the right to complain to the supervisory authority. This right shall apply, in particular, to the Member State of the person's place of abode, place of work or the place of the alleged infringement if you consider that the processing of the personal data concerning you is contrary to the GDPR.
If you send us a message via one of the contact options offered, we will use your data communicated to us to process your request. The legal basis for this is our legitimate interest in answering your request in accordance with Art. 6 para. 1 f) GDPR. If your request serves the conclusion of a contract with us, further legal basis for processing is Art. 6 para. 1 b) GDPR. The data will be deleted after completion of your request. If we are legally obliged to a longer storage, the deletion takes place after expiry of the appropriate period.
If you use the comment function on our site, the following personal data will be stored: comment, time of creation of the comment, e-mail address and username (except anonymous posting), IP address.
The data processing is based on our legitimate interest in providing a commentary function, the analysis, improvement and economic operation of our business operations and our Internet offerings as well as to combat infringing comments (Article 6 (1) f DSGVO).
Comments and related data (e.g., IP address) are deleted when the commented content has been completely deleted.
You can subscribe to comments if necessary. If you do, you will receive a confirmation email to verify that you have the email address you have specified. You can unsubscribe from this function at any time via a link in the info mails. After unsubscribing we delete the data specified in the framework of subscriptions; if you have also sent us data for other purposes and elsewhere (such as product order), this information will not be deleted.
As Data Controller, you are responsible for the content you publish. You have the right to rectify, block or erase any of your data at any time. We may decide to remove content published by you on your request, but we maintain our right not to remove content which is already published or which we are required to maintain to satisfy legal requirements. For information about your personal data, for correction of wrong data or for the blocking or deletion as well as for further questions about the use of your personal data please send an email to firstname.lastname@example.org.
Furthermore, you can look into and change the data that is stored in your account by logging into our website via your login data. You can delete your data on your account at all times. This can be done by use of the relevant option in your account. We are pointing out that if you delete your data, you will not be able to make use of our service to full extent or at all.
9. Changes to this data privacy statement
This data privacy statement is currently effective and has been last updated in May 2018.