Privacy Policy
In this privacy policy, we inform you about the processing of personal data when using our website. We are M^0 Foundation, a foundation registered in Switzerland under CHE-132.878.734 at registered address c/o PSC Consulting GmbH, Bergliweg 15, 6300 Zug. We process personal data, which is information that relates to an identified or identifiable person (PII). This primarily includes information that allows conclusions to be drawn about your identity, for example your name, your telephone number, your address or e-mail address. However, certain identifiers such as your IP address or the device ID of your device used also belong to personal data.
1. Controller and contact person
The contact person and controller acc. to GDPR is the
M0 Foundation CHE-132.878.734
c/o PSC Consulting GmbH
Bergliweg 15, 6300 Zug
Switzerland
E-mail: [email protected]
This Privacy Notice is aligned with the EU General Data Protection Regulation ("GDPR"), and the Swiss Data Protection Act ("DPA"). However, the application of these laws or other applicable data protection laws depends on each individual case.
2. Data processing on our website
The legal basis for processing your personal data is Art. 6 (1)(b) GDPR, insofar as the page view occurs in the course of the preparation or performance of a contract, and otherwise Art. 6 (1)(f) GDPR due to our legitimate interest in enabling website access and permanent functionality and security of our systems or complying with local law.
2.1. Access our website, connection data and log files
Each time you use our website, we process connection data that your browser automatically transmits to enable you to visit the website. This connection data includes the so-called HTTP header information, including the user agent, and contains in particular:
- IP address of the requesting device;
- Method (e.g. GET, POST), date and time of the request;
- Address of the requested website and path of the requested file;
- If applicable, the previously accessed website/file (HTTP referrer);
- Information about the browser and operating system used;
- HTTP protocol version, HTTP status code, size of the delivered file;
- Request information such as language, type of content, encoding of content, character sets;
- Cookies of the accessed domain stored on the terminal device.
The data processing of this connection data is strictly necessary to enable the visit of the website, to ensure the permanent operability and security of our systems as well as for the general administrative maintenance of our website. The connection data is also stored in internal log files for the purposes described above, temporarily and limited to the necessary content, in order, for example, to find the cause of repeated or criminal calls that endanger the stability and security of our website and to take action against them. The log files are stored for a short period of time and then anonymized. Exceptionally, individual log files and IP addresses are kept longer in order to prevent further attacks from this IP address in the event of cyber attacks and/or to take action against the attackers by way of criminal prosecution.
2.2. Contact
If you want to contact us, you have the option to write us an e-mail. In this context, we process your data exclusively for the purpose of communicating with you.
The data we collect when you contact us will be deleted after we have fully processed your request, unless we still need your request to fulfill contractual or legal obligations.
2.3. Newsletter
You have the possibility to subscribe to our newsletter, in which we will inform you regularly about news on our products, updates and exclusive deals.
For the subscription of our newsletters, we use the so-called double opt-in procedure, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the specified e-mail address. If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The storage serves the sole purpose of sending you the newsletters and to be able to prove your registration. In addition, we measure whether our newsletter can be delivered at all.
To withdraw your consent a corresponding unsubscribe link can be found in each newsletter. A message to the contact information provided above (e.g. by e-mail or letter) or in the newsletter is also sufficient for this purpose.
3. Tools used on this website
3.1. Technologies used
This website uses various services and applications (collectively, “tools”) that are provided either by us or by third parties. These include, in particular, tools that use technologies to store or access information in the terminal device:
Cookies:
Information stored on the terminal device, consisting in particular of a name, a value, the storing domain and an expiration date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the specified expiration date. Cookies can also be removed manually.
Most browsers are set by default to accept Cookies, the execution of scripts and the display of graphics. However, you can usually adjust your browser settings to reject all or certain Cookies or to block scripts and graphics. If you block Cookies from being stored, graphics from being displayed, and scripts from running entirely, our services are not likely to function properly or at all.
In the following, we list the tools we use by category, informing you in particular about the providers of the tools, the storage period of the Cookies or information in Local Storage and Session Storage, and the transfer of data to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can withdraw it.
3.2. Legal basis and withdrawal
3.2.1. Legal basis
We use necessary tools for website operation based on our legitimate interest pursuant to Art. 6 (1)(f) GDPR to provide the basic functions of our website. In certain cases, these tools may also be necessary for the performance of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6 (1)(b) GDPR. In these cases, access to and storage of information in the terminal device is strictly necessary and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states.
We use all other non-essential (optional) tools that provide additional functions as listed below on the basis of your consent pursuant to Art. 6 (1)(a) GDPR. Access to and storage of information in the terminal device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states. Data processing using these tools only takes place if we have previously received your consent for this.
For personal data transferred to third countries (such as the USA), please refer to section 6 (“Data transfer to third countries”), also with regard to the risks associated with this. We will inform you if an Adequacy Decision exists for the third country in question or if Standard Contractual Clauses or other safeguards have been concluded for the use of certain tools. If you have given your consent to the use of certain tools and to the associated transfer of your personal data to third countries, we (also) transfer the data processed when using the tools to third countries on the basis of this consent pursuant to Art. 49 (1)(a) GDPR.
3.2.2. Obtaining consent
For the collection and management of your consents, we use a banner that informs you about the data processing on our website and gives you the opportunity to consent to all, individual or no data processing through optional tools. This banner appears the first time you visit our website and when you revisit the selection of your preferences to change them or withdraw consents. The banner will also appear on further visits to our website, if you have disabled the storage of Cookies or if the Cookies have been deleted or have expired.
We store necessary information on your terminal device to document your granted consents and withdrawals (“consentForAnalyticsGiven” and “consentForMarketingGiven” (for 2 months each)).
The data processing is necessary to provide you with the legally required consent management and to comply with our documentation obligations.
3.2.3. Withdrawal of your consent or changing your selectiona
You can withdraw your consent for certain tools, i.e. for the storage and access to information in the terminal device, the processing of your personal data and the transfer of your data to third countries, at any time with effect for the future.
3.3. Necessary tools
We use certain tools to enable the basic functions of our website (“necessary tools”). These include, for example, tools to prepare and display website content, to manage and integrate tools, to provide payment processing services, to detect and prevent fraud, and to ensure the security of our website. Without these tools, we could not provide our service. Therefore, necessary tools are used without consent.
In the event that personal data is transferred to third countries (such as the USA), we refer to section 6 ("Data transfer to third countries") in addition to the information provided below.
3.4. Analytics tools
In order to improve our website, we use optional tools for the recognition of visitors and for the statistical collection and analysis of general usage behavior based on access data (“analytics tools”). We also use analytics services to evaluate the use of our various marketing channels. The usage information collected is processed in aggregated form and enables us to track usage behavior of our visitors. This is used to adapt and optimize the design of our website and to make the user experience more pleasant.
The legal basis for the analysis tools is your consent in accordance with Art. 6 (1)(a) GDPR. For withdrawal of your consent, see section 3.2.3: "Withdrawal of your consent or changing your selection".
In the event that personal data is transferred to third countries (such as the USA), your consent expressly extends to the transfer of data (Art. 49 (1)(a) GDPR). Please refer to section 6 ("Data transfer to third countries") for the associated risks.
3.4.1. Google Analytics 4
Our website uses the Google Analytics 4 service ("Google Analytics"), which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for persons from Europe, the Middle East and Africa (EMEA) and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for all other persons (collectively "Google").
Google Analytics uses JavaScript and pixels to read information on your terminal device and Cookies to store information on your terminal device. This is used to analyze your usage behavior and improve our website. We will process the information obtained to evaluate your use of the website and to compile reports on website activities for the website operators. The data generated in this context may be transferred by Google to a server in the USA for evaluation and stored there.
We have activated granular location and device data collection, enhanced measurement and reporting identity. Furthermore, we have activated advertising personalization including Google Analytics Audience for target group remarketing. Also, we use Google Signals for cross-device and cross-site tracking.
As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning for automated analysis and enrichment of the data. This is done in particular for predictive metrics on the future behavior of visitors based on structured event data, such as the purchase probability, churn probability and predicted revenue. The predictive metrics can also be used for predictive audiences. To learn more, visit: https://support.google.com/analytics/answer/9846734. In addition, Google Analytics 4 models conversions where insufficient data is available to optimize analysis and reports. Find out more at: https://support.google.com/analytics/answer/10710245. Data evaluations are automated using artificial intelligence or based on specific individually defined criteria. You can find out more about this at: https://support.google.com/analytics/answer/9443595.
We have made the following data protection settings for Google Analytics:
- IP anonymization (shortening of the IP address before evaluation);
- Event data retention after 2 months;
- No reset of the retention period of the user identifier on new activity;
- Deactivated Data Sharing Settings, including Google products and services, Benchmarking, Technical support, Account Specialists.
The following data is processed by Google Analytics:
- IP address;
- User ID, Google ID (Google Signals) and/or device ID;
- Referrer URL (previously visited page);
- Pages viewed (date, time, URL, title, time spent);
- Downloaded files;Clicked links to other websites;
- Achievement of specific goals (conversions), if applicable;
- Technical information: operating system; browser type, version and language; device type, brand, model and resolution;
- Approximate location (country and city, if applicable, based on anonymized IP address.
Google Analytics sets and reads the following cookies for the specified purpose with the respective storage period:
- "_ga" (400 days), "_gid" (24 hours): Recognition and identification of visitors by a user ID;
- "_ga_Z9QEGWZ048" (400 days): Keeping the information of the current session;
- As appropriate: "IDE" (13 months): Recognition and identification of visitors by a user ID, recording of interaction with advertisements, playing out of personalized advertisements.
Additional information about Google’s Cookies you can find at: https://support.google.com/analytics/answer/11397207.
We have concluded a Data Processing Agreement with Google Ireland Limited. In the event that personal data is transferred from Google Ireland Limited to the USA or other third countries, Google Ireland Limited and Google LLC have concluded Standard Contractual Clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 (2)(c) GDPR.
For additional information, please visit Google’s privacy policy at: https://support.google.com/analytics/answer/6004245.
3.5. Marketing tools
We also use optional tools for advertising purposes (“marketing tools”). Some of the access data generated during the use of our website is used to create usage profiles that store, in particular, your usage behavior, the advertisements you have viewed or clicked on and, based on this, the classification into advertising categories, interests and preferences. By analyzing and evaluating this data, we are able to display personalized advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites and services of other providers. In doing so, we also analyze your usage behavior in order to recognize you on other sites and to address you in a personalized manner based on your use of our site (so-called retargeting). In addition, we evaluate the effectiveness and success of our advertising campaigns (especially so-called conversions and leads).
In the following section, we would like to explain the tools and the providers used for this in more detail. The data collected may include, in particular:
- the IP address of the device;
- the information of a Cookie and in Local or Session Storage;
- the device identifier of mobile devices (e.g. device ID, advertising ID);
- Referrer URL (previously visited page);
- Pages viewed (date, time, URL, title, time spent);
- Downloaded files;
- Clicked links to other websites;
- Achievement of specific goals (conversions), if applicable;
- Technical information: operating system; browser type, version and language; device type, brand, model and resolution;
- Approximate location (country and city, if applicable).
However, the collected data is stored only pseudonymously, so that no direct conclusions can be drawn about individuals.
4. Business pages on social media
We maintain business pages on social media in order to communicate there with customers and interested parties, among others, and to provide information about our products. The users' data is generally processed by the social media providers concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users. For this purpose, Cookies and other identifiers are stored on the terminal devices of the data subjects. Based on these usage profiles, for example, advertisements are then placed within the social media but also on third-party websites.
As part of the operation of our business pages, it is possible that we can access information such as statistics on the use of our business pages, which are provided by the social media providers. These statistics are aggregated and may include, in particular, demographic information (e.g., age, gender, region, country) as well as data on interaction with our business pages (e.g., likes, subscribing, sharing, viewing images and videos) and the posts and content distributed through them. This may also provide information about the interests of users and which content and topics are particularly relevant to them. This information may also be used by us to adapt the design and our activities and content on the business pages and to optimize it for our audience. Please see the list below for details and links to the social media data that we, as operators of the business pages, can access. The collection and use of these statistics is generally subject to joint controllership. Where this applies, the relevant agreement is listed below.
The legal basis for data processing is Art. 6 (1)(f) GDPR, based on our legitimate interest in effective information and communication with users, or Art. 6 (1)(b) GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with interested parties.
If you have an account at the social media, it is possible that we can see your publicly available information and media when we access your profile. In addition, the social media provider may allow us to contact you. For example, this may be through direct messages or posted articles. The content communication via the social media and the processing of the content data is thereby subject to the responsibility of the social media provider as a messenger and platform service. As soon as we transfer or further process personal data from you into our own systems, we are independently responsible for this, and this is done to carry out pre-contractual measures and to fulfill a contract in accordance with Art. 6 (1)(b) GDPR.
For the legal basis of the data processing carried out by the social media providers under their own responsibility, please refer to the privacy policy of the respective social media provider. The links below also provide you with further information on the respective data processing and the options to object.
We would like to point out that data protection requests can be exercised most efficiently with the respective provider of the social media, as only these providers have access to the data and can take appropriate measures directly. Of course, you can also contact us with your request. In this case, we will process your request and forward it to the provider of the social media.
Below is a list with information about the social media on which we operate business pages:
- LinkedIN (LinkedIN Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA)
- Information about data processed and further contact information can be found here: https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com&trk=homepage-basic_footer-about .
- Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-ou.
- Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland)
- Privacy policy: https://twitter.com/de/privacy;
- Opt-out: https://twitter.com/personalization.
5. Disclosure of data
The data we collect will only be disclosed if there is a legal basis for this under data protection law in the specific case, in particular if:
- you have given your express consent in accordance with Art. 6 (1)(a) GDPR,
- the disclosure is necessary pursuant to Art. 6 (1)(f) GDPR for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed,
- we are legally obliged to disclose your data according to Art. 6 (1)(c) GDPR, in particular if this is necessary for legal prosecution or enforcement due to official requests, court decisions and legal proceedings, or
- this is legally permissible and necessary according to Art. 6 (1)(b) GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures, which are carried out at your request.
Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centers that store our website and databases (like AWS Amplify), software providers, IT service providers that maintain our systems (like AWS Cloudfront as CDN), agencies, market research companies, group companies and consulting companies. If we pass on data to our service providers, they may only use the data to perform their tasks. The service providers have been carefully selected and contracted by us. They are contractually bound to our instructions, have appropriate technical and organizational measures in place to protect the rights of the data subjects, and are regularly monitored by us.
6. Data transfer to third countries
We disclose data to other parties, not all of them located in Switzerland. Your data may be processed in the European Economic Area (EEA) and in exceptional circumstances also in countries outside the EEA and around the world, which includes countries that do not provide the same level of data protection as Switzerland or the EEA and are not recognized as providing an adequate level of data protection. We only transfer data to these countries when it is necessary for the performance of a contract or for the exercise or defence of legal claims, or if such transfer is based on your explicit consent or subject to safeguards that assure the protection of your data, such as the European Commission approved standard contractual clauses.
7. Storage period
In principle, we store personal data only for as long as necessary to fulfill the purposes for which we collected the data. Thereafter, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case.
For evidence purposes, we must retain contractual data in particular for three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred at this point at the earliest in accordance with the standard statutory limitation period.
We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of complying with legal retention requirements and where required to assert or defend against any legal claims or other such action(s) by you and/or third parties, until the end of the relevant retention period or until the claims in question have been settled. The criteria we use to determine what is ‘necessary’ depends on the particular personal data in question and the specific relationship we have with you (including its duration). Upon expiry of the applicable retention period, we will either securely delete or anonymize the personal data in question.
8. Your rights, especially objection and withdrawal
You shall have the rights of data subjects pursuant to Art. 7 (3), Art. 15 to 21, Art. 77 GDPR at any time, provided that the respective legal requirements are fulfilled:
- Right to withdraw your consent (Art. 7 (3) GDPR);
- Right to object to the processing of your personal data (Art. 21 GDPR);
- Right to access your personal data processed by us (Art. 15 GDPR);
- Right to rectification of your personal data stored by us that is incorrect (Art. 16 GDPR);
- Right to erasure of your personal data (Art. 17 GDPR);
- Right to restriction of the processing of your personal data (Art. 18 GDPR);
- Right to data portability of your personal data (Art. 20 GDPR);
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
To exercise your rights described here, you can contact us at any time using the contact details above. This also applies insofar as you wish to receive copies of safeguards demonstrating an adequate level of data protection. Provided that the respective legal requirements are fulfilled, we will comply with your data protection request.
Your requests to exercise data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for longer if there are grounds for asserting, exercising or defending legal claims. The legal basis is Art. 6 (1)(f) GDPR, based on our interest in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR, and fulfilling our accountability obligations under Art. 5 (2) GDPR.
You have the right to withdraw your consent at any time. This has the consequence that we no longer proceed with the data processing based on this consent for the future. The withdrawal of consent does not affect the lawfulness of the processing based on the consent before the withdrawal.
Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it is a matter of objecting to data processing for direct marketing purposes, you have a general right of objection, which will be fulfilled by us without giving reasons.
If you wish to exercise your right of withdrawal or objection, it is sufficient to send an informal message to the above-mentioned contact details.
Finally, you have the right to lodge a complaint with a data protection supervisory authority. If you believe that your data protection rights might have been breached, please let us know our contact the applicable supervisory authority. The Federal Data Protection and Information Commissioner is the competent data protection authority in Switzerland. The contact details are available here: www.edoeb.admin.ch.
If you are residing in the European Union, you also have the right to complain to your local data protection supervisory authority. You can find some contact details of the respective authorities of the Member States of the European Union here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
9. Amendments of this privacy policy
We may occasionally update this privacy policy, for example, if we make changes to our website or if statutory or regulatory requirements change.
Version 1.0 of February 2024