This is an English translation provided for convenience. The legally binding version is the German Datenschutzerklärung.

Preamble

With the following privacy policy we would like to explain to you which types of your personal data (hereinafter also referred to as “data”) we process for which purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our website, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”).

The terms used are not gender-specific.

Controller

Just Clean KLG
Entlebucherstrasse 49
6110 Wolhusen
Switzerland

UID: CHE-178.653.648

Contact person: Oleksandr Mykhalchenko
Email address: a@justclean.ch
Phone: +41 79 522 29 19

Contact for data protection matters

For questions about data protection you can reach us at: info@justclean.ch

Overview of processing operations

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

Categories of data subjects

Purposes of processing

We process your data on the basis of the Swiss Federal Act on Data Protection (Data Protection Act, FADP). In principle, the Swiss FADP does not require that a legal basis be cited for every processing of personal data. We process personal data in good faith, lawfully and proportionately (Art. 6 para. 1 and 2 FADP). We obtain personal data only for a specific purpose that is recognisable to the data subject and process it only in a manner compatible with that purpose (Art. 6 para. 3 FADP).

Insofar as your consent is required or obtained by us for certain processing operations (e.g. when using certain cookies and third-party services), we base these processing operations on your consent (Art. 6 para. 6 and Art. 31 FADP). Otherwise, the processing takes place for the performance of a contract or pre-contractual measures, to fulfil legal obligations or to safeguard our legitimate interests in proper and secure business operations.

Security measures

In accordance with the legal requirements and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, availability and separation concerning it. Furthermore, we have established procedures that ensure the exercise of data subjects’ rights, the erasure of data and responses to threats to the data. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default.

Securing online connections using TLS/SSL encryption technology (HTTPS): In order to protect the data of users transmitted via our online services against unauthorised access, we use TLS/SSL encryption technology. When a website is secured by an SSL/TLS certificate, this is signalled by the display of HTTPS in the URL. This serves as an indicator to users that their data is transmitted securely and in encrypted form.

Transmission of personal data

In the course of our processing of personal data, it may happen that the data is transmitted to or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content embedded in a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

International data transfers

In accordance with the Swiss FADP, we only disclose personal data abroad if adequate protection of the data subjects is ensured (Art. 16 FADP). If the Federal Council has not determined adequate protection for the relevant country, we take alternative security measures, in particular the conclusion of standard data protection clauses recognised by the Federal Data Protection and Information Commissioner (FDPIC).

For data transfers to the USA, we rely, where applicable, on the Swiss-U.S. Data Privacy Framework (DPF), which has been recognised by Switzerland as a secure legal framework by means of an adequacy decision. In addition, where necessary, we have concluded standard data protection clauses with the respective providers. With the individual service providers we inform you whether they are certified under the DPF and whether standard data protection clauses exist.

General information on data storage and erasure

We erase personal data that we process in accordance with the legal provisions as soon as the underlying consents are withdrawn or there are no further legal grounds for the processing. This concerns cases where the original purpose of the processing no longer applies or the data is no longer required. Exceptions to this rule apply where legal obligations or special interests require a longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons, must be archived accordingly. If several specifications regarding the retention period or erasure deadlines of a piece of data apply, the longest period is always decisive.

Retention and erasure of data: The following general periods apply to retention and archiving under Swiss law:

Rights of data subjects

As a data subject, you are entitled to the following rights in accordance with the provisions of the Swiss FADP:

If you are of the opinion that the processing of your data violates data protection law, you have the right to file a report with the Federal Data Protection and Information Commissioner (FDPIC).

Business services

We process the data of our contractual and business partners, e.g. customers and prospective customers (collectively referred to as “contractual partners”), in the context of contractual and comparable legal relationships and associated measures, and with a view to communication with the contractual partners (or pre-contractually), for example to answer enquiries.

We use this data to fulfil our contractual obligations. This includes in particular the obligations to provide the agreed cleaning services as well as remedies for warranty and other service defects. In addition, we use the data to safeguard our rights and for the purposes of the administrative tasks associated with these obligations as well as the company’s organisation. Within the framework of applicable law, we only disclose the data of contractual partners to third parties insofar as this is necessary for the aforementioned purposes or to fulfil legal obligations (e.g. to payment service providers, banks, tax and legal advisors).

We inform the contractual partners which data is required for the aforementioned purposes before or during the data collection, e.g. in online forms, through special marking or personally. We erase the data after expiry of statutory warranty and comparable obligations, unless the data must be retained for legal reasons of archiving (e.g. for tax purposes, generally ten years).

Craft and cleaning services

We process the data of our customers and clients in order to enable them to select and commission the chosen cleaning services and associated activities, as well as their payment and on-site execution. The required information is marked as such in the context of the order or comparable conclusion of contract and includes the information needed for execution and billing as well as contact information in order to be able to hold any consultations.

Provision of the online offering and web hosting

We process the data of users in order to be able to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary in order to transmit the content and functions of our online services to the user’s browser or device.

Provision of the online offering on rented storage space: For the provision of our online offering, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called a “web host”).

Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files”. Server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user’s operating system, the referrer URL and, as a rule, IP addresses and the requesting provider. The server log files are used for security purposes and to ensure the server load and stability. Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further retention is required for evidentiary purposes is exempt from erasure until the respective incident has been finally clarified.

Use of cookies

The term “cookies” refers to functions that store information on users’ devices and read information from them. Cookies can be used for various concerns, for example for the functionality, security and convenience of online offerings as well as the creation of analyses of visitor flows. We use cookies in accordance with the legal provisions. To this end, we obtain the prior consent of users where required. If consent is not necessary, we rely on our legitimate interests. Consent can be withdrawn at any time.

Storage period: With regard to the storage period, a distinction is made between temporary cookies (session cookies, which are deleted at the latest after the device is closed) and permanent cookies (which remain stored even after the device is closed). Unless we provide explicit information on the storage period, users should assume that the storage period can be up to two years.

Withdrawal and objection (opt-out): Users can withdraw the consent they have given at any time and object to the processing in accordance with the legal requirements, including by means of the privacy settings of their browser.

We use a consent management solution with which the consent of users to the use of non-essential cookies can be obtained, logged, managed and withdrawn. The consent declarations are stored in order to avoid having to ask again and to be able to provide proof of consent. Storage takes place on the server side and/or in a cookie. The duration of storage of the consent is up to two years.

Contact and enquiry management

When contacting us (e.g. by post, contact form, email, telephone or via social media) and in the context of existing user and business relationships, the information of the enquiring persons is processed insofar as this is necessary to answer the contact enquiries and any requested measures.

Contact form: When you contact us via our contact form, by email or via other communication channels, we process the personal data transmitted to us to answer and handle the respective request. This generally includes information such as name, contact information and, where applicable, further information provided to us that is required for appropriate processing. We use this data exclusively for the stated purpose of contact and communication.

Web analytics, monitoring and optimisation

Web analytics (also referred to as “reach measurement”) serves to evaluate the visitor flows of our online offering and may include behaviour, interests or demographic information about the visitors as pseudonymous values. With the help of reach analysis, we can recognise at which times our online offering or its functions are used most frequently and which areas require optimisation.

Insofar as we ask users for their consent to the use of third-party services, consent constitutes the legal basis for the processing. Otherwise, the user data is processed on the basis of our legitimate interests.

Google Analytics

We use Google Analytics to measure and analyse the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. Google Analytics does not log or store any individual IP addresses for users in the EU/Switzerland. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Legal basis: consent. Privacy policy: policies.google.com/privacy. Basis for third-country transfers: Data Privacy Framework (DPF), standard data protection clauses.

Umami

We use Umami for web analytics and reach measurement. Umami is a privacy-friendly analytics solution that works without cookies, does not carry out cross-device tracking and does not collect any personal data of users. IP addresses are not stored in plain text. Legal basis: legitimate interests. Website: umami.is.

Microsoft Clarity

We use Microsoft Clarity to analyse the use of our online offering by means of heatmaps and session recordings and to optimise our website. Cookies are used and data about usage behaviour as well as technical data is collected and transmitted to Microsoft. We base this use on your consent; without consent no Clarity cookies are set. Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, Dublin 18, Ireland. Legal basis: consent. Privacy policy: privacy.microsoft.com. Basis for third-country transfers: Data Privacy Framework (DPF), standard data protection clauses.

Presence on social networks (social media)

We maintain online presences within social networks and, in this context, process user data in order to communicate with users active there or to offer information about us.

We point out that user data may be processed outside Switzerland and the European Union in this context. Furthermore, the data of users within social networks is generally processed for market research and advertising purposes. For a detailed description of the respective forms of processing and the options for objection, we refer to the privacy policies and information of the operators of the respective networks.

Instagram: Social network. Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Website: instagram.com. Privacy policy: privacycenter.instagram.com/policy. Basis for third-country transfers: Data Privacy Framework (DPF).

Facebook pages: Profiles within the social network Facebook. The controller is jointly responsible with Meta Platforms Ireland Limited for the collection and transmission of data of visitors to our Facebook page. Facebook provides us with statistical evaluations via the “Page Insights” service. Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland. Website: facebook.com. Privacy policy: facebook.com/privacy/policy. Basis for third-country transfers: Data Privacy Framework (DPF), standard data protection clauses.

LinkedIn: Social network. We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection of data of visitors that is used to create the “Page Insights” of our LinkedIn profiles. Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Website: linkedin.com. Privacy policy: linkedin.com/legal/privacy-policy. Basis for third-country transfers: Data Privacy Framework (DPF), standard data protection clauses.

Plug-ins and embedded functions and content

We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter “third-party providers”). These can be, for example, fonts, maps or videos. The integration always presupposes that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address.

Google Fonts (obtained from the Google server): Obtaining fonts and symbols for the purpose of technically secure, maintenance-free and efficient use of fonts. The provider is informed of the user’s IP address. According to Google, IP addresses are neither logged nor stored on Google servers. Service provider: Google Ireland Limited, Dublin 4, Ireland. Legal basis: legitimate interests. Website: fonts.google.com.

Google Maps: We embed the maps of the “Google Maps” service. The data processed may include, in particular, IP addresses and location data of the users. Service provider: Google Ireland Limited, Dublin 4, Ireland. Legal basis: consent. Website: mapsplatform.google.com.

YouTube videos: Video content. Service provider: Google Ireland Limited, Dublin 4, Ireland. Legal basis: consent. Website: youtube.com.

Amendment and updating

We ask you to inform yourself regularly about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

Definitions of terms