Privacy policy
Privacy- regulations
LIST OF PROCESSING [1] PERSONAL DATA [2]
Date of introduction: 09/01/2018 / Status: 09/01/2018
1. General information about the company
| 1.1. Name and contact details | Plan & Play AG (hereinafter “Company”) / email: info@plan-play.ch / phone: 041 552 39 09 |
| 1.2. Names Legal Representatives | Cornelio Kauz |
| 1.3. Name internal responsible for data protection | Cornelio Kauz |
| 1.4. Name and contact details of the EU representative | Cornelio Kauz |
| 1.5. Name and contact details of any data protection officer | Cornelio Kauz |
1.1. Name and contact details
Plan & Play AG (hereinafter “Company”) / email: info@plan-play.ch / phone: 041 552 39 09
1.2. Names Legal Representatives
Cornelio Kauz
1.3. Name internal responsible for data protection
Cornelio Kauz
1.4. Name and contact details of the EU representative
Cornelio Kauz
1.5. Name and contact details of any data protection officer
Cornelio Kauz
2. Information on processing activities
| 2.1. Processing activities | Management of member and team data |
| 2.2. Categories of data subjects | Customers, members |
| 2.3. Categories of personal data | Addresses, telephone numbers, date of birth, qualifications, products ordered, bank details, performance data |
| 2.4. Purposes of processing | Easy management of member data, events, purchase of plans |
| 2.5. Legal basis for processing | Consent of the data subject |
| 2.6. Place of processing | Data centers CH / NL / IR |
| 2.7. Special processing risks | No |
2.1. Processing activities
Management of member and team data
2.2. Categories of data subjects
Customers, members
2.3. Categories of personal data
Addresses, telephone numbers, date of birth, qualifications, products ordered, bank details, performance data
2.4. Purposes of processing
Easy management of member data, events, purchase of plans
2.5. Legal basis for processing
Consent of the data subject
2.6. Place of processing
Data centers CH / NL / IR
2.7. Special processing risks
No
3. Disclosure of personal data (including disclosure that is not yet planned)
| 3.1. Who has access to which personal data within the company and for what purposes? | Only employees with the appropriate rights and a signed confidentiality agreement. |
| 3.2. Which subsidiaries or other affiliated companies receive which personal data and for what purposes? | None |
| 3.3. Which external contractors (such as trustees, hosting providers, cloud computing providers, etc.) receive personal data and for what purposes? | Application development is carried out by Kauz Informatik Medien AG, Ballwil / CH |
| 3.4. Which other external parties receive personal data and for what purposes? | The website uses tracking mechanisms from Google Inc. (“Google Analytics”). This gives Google access to the visited URL, anonymized IP address of the visitor, the randomly generated user ID and information of the browser (e.g. user agent), and Google Inc. the possibility of saving your own cookies and other data in the visitor’s browser. Details: https://policies.google.com/privacy |
| 3.5. With regard to the transfer of data to countries outside Switzerland and the EEA: What security measures have been taken to ensure data protection? | To be structured according to recipients in third countries (ie in countries outside Switzerland and the EEA) (i) EU Model Clauses or comparable Data Transfer Agreement, (ii) Privacy Shield certification of the recipient, (iii) From the point of view of Switzerland and the EU, the recipient’s country has equivalent data protection laws or (iv) Consent in a specific individual case |
3.1. Who has access to which personal data within the company and for what purposes?
Only employees with the appropriate rights and a signed confidentiality agreement.
3.2. Which subsidiaries or other affiliated companies receive which personal data and for what purposes?
None
3.3. Which external contractors (such as trustees, hosting providers, cloud computing providers, etc.) receive personal data and for what purposes?
Application development is carried out by Kauz Informatik Medien AG, Ballwil / CH
3.4. Which other external parties receive personal data and for what purposes?
The website uses tracking mechanisms from Google Inc. (“Google Analytics”). This gives Google access to the visited URL, anonymized IP address of the visitor, the randomly generated user ID and information of the browser (e.g. user agent), and Google Inc. the possibility of saving your own cookies and other data in the visitor’s browser. Details: https://policies.google.com/privacy
3.5. With regard to the transfer of data to countries outside Switzerland and the EEA: What security measures have been taken to ensure data protection?
To be structured according to recipients in third countries (ie in countries outside Switzerland and the EEA) (i) EU Model Clauses or comparable Data Transfer Agreement, (ii) Privacy Shield certification of the recipient, (iii) From the point of view of Switzerland and the EU, the recipient’s country has equivalent data protection laws or (iv) Consent in a specific individual case
4. Retention periods and technical and organizational measures to protect personal data
| 4.1. Scheduled deadlines for the retention period / deletion of the various data categories. If this is not possible, a description of the criteria for setting the deadlines | Accounts cannot be completely deleted if another user has collected data about this person; These data are retained because they are important for the use of the user making the record. Data on financial transactions are not deleted when the account is removed but are kept for at least as long as required by law. |
| 4.2. Description of the IT infrastructure used for data processing, such as Software, systems, own servers, third-party servers, cloud services; if applicable, designation of the infrastructure operator and location of the data server / data storage | The data is hosted in the cloud. A backup copy is hosted on Swiss servers. The original is in the EU. |
| 4.3. General description of the technical and organizational measures to protect personal data | Technical: Password protection with own setting options for confidentiality per data field / Organizational: Protection by password and separation of DB servers and application servers. |
4.1. Scheduled deadlines for the retention period / deletion of the various data categories. If this is not possible, a description of the criteria for setting the deadlines
Accounts cannot be completely deleted if another user has collected data about this person; These data are retained because they are important for the use of the user making the record. Data on financial transactions are not deleted when the account is removed but are kept for at least as long as required by law.
4.2. Description of the IT infrastructure used for data processing, such as Software, systems, own servers, third-party servers, cloud services; if applicable, designation of the infrastructure operator and location of the data server / data storage
The data is hosted in the cloud. A backup copy is hosted on Swiss servers. The original is in the EU.
4.3. General description of the technical and organizational measures to protect personal data
Technical: Password protection with own setting options for confidentiality per data field / Organizational: Protection by password and separation of DB servers and application servers.
[1] “Processing” means any process (carried out with or without the help of automated processes) or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, using, disclosing through transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.
[2] “Personal data” is all information that relates to an identified or identifiable natural or legal person (hereinafter “data subject”). For the purposes of this directory, IP addresses should also be considered personal data.
USEFULL LINKS
PLAN & PLAY AG