Privacy policy web application
The contents of this privacy policy have been translated automatically. Only the original in German has legal validity. The online version in German can be found HERE.
Updated: December 4, 2025
Table of contents
1. Summary
We want data protection to be easy to understand. That is why you will find the most important principles here in compact form. This abridged version is intended as a guide; the full privacy policy below is authoritative.
The protection of your data is important to us. We use appropriate technical and organizational measures (e.g. encryption, access controls) so that you can work securely with our “Dualoo” software and applicants’ data is protected.
We process technical usage data (e.g. IP address, browser, usage time) in order to operate and further develop Dualoo in a stable, secure and user-friendly manner.
Company users receive a personal login to manage their data. Applicants do not need a login to apply.
We comply with the applicable data protection law (in particular the DSG and – where applicable – the GDPR) and support our users in complying with the legal provisions.
Processing takes place primarily in Switzerland or the EEA; selective transfers to third countries only take place with suitable guarantees (e.g. standard contractual clauses/DPF) in accordance with the privacy policy.
Disclosures are not made for marketing or sales purposes, but as described in the privacy policy: in particular to carefully selected processors (e.g. hosting/support) and, where necessary, for contract performance, fulfillment of legal obligations, IT security or law enforcement.
We will update the privacy policy if the legal or technical framework changes. If you have any questions or concerns, please contact us at datenschutz@dualoo.com
This privacy policy clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the associated websites, features and content as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).
2. Responsible person / provider
Dualoo AG
Rietbergstrasse 37
CH-9403 Goldach
Tel.: +41 71 552 14 14
Link to legal notice: https://www.dev-dualoo.ch/de/rechtliches/impressum/
Data protection officer: Raphael Mösch
E-Mail: datenschutz@dualoo.com
3. terms used
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any handling of personal data, irrespective of the means and procedures used, in particular the collection, storage, retention, use, modification, disclosure, archiving, erasure or destruction of data. The term is broad and covers practically any handling of data.
The term “responsible person” refers to the natural or legal person, public authority, agency or other job that alone or jointly with others decides on the purposes and means of processing personal data.
4. types of data processed
In particular:
- Inventory data (e.g. names, addresses),
- Contact details (e.g. e-mail, telephone numbers),
- Content data (e.g. text entries, photographs, videos, attachments),
- Usage data (e.g. websites visited, click paths, interest in content, access times),
- Meta / communication data (e.g. device information, IP addresses, browser type, operating system, session IDs),
- Applicant data (e.g. CV, letter of motivation, references, certificates, references, qualifications),
- Contract data (e.g. customer number, contract terms, contract content, billing data),
- Transaction data (e.g. invoice and payment transaction data, booking processes, bank details),
- Details of employment (e.g. job title, level of employment, previous employers),
- Communication data (e.g. correspondence, support requests, chat logs, telephone notes),
- Documentation data (e.g. consent logs, proof of training or audits),
- Preference and marketing data (e.g. newsletter registration, interests, features used),
- Public data (e.g. from publicly accessible sources such as LinkedIn, company registers, websites),
- Security and log data (e.g. log files, login attempts, security-related events),
- Location and access data (e.g. time and location data for logins or accesses),
- Support and service data (e.g. error reports, screenshots, system logs in the context of support cases),
- Technical data (e.g. server logs, performance measurements, API accesses),
- Authentication and authorization data (e.g. user IDs, roles, tokens, password hashes).
5. Categories of affected persons
Visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as “users”).
6. processing purposes
In particular:
- Processing applicants and conducting recruiting processes, including rating, communication, scheduling and decision making,
- Provision and operation of the online offering, its features and content (e.g. user accounts, application portals, dashboards),
- Administration and maintenance of user accounts, including authentication and authorization management,
- Answering contact inquiries, support cases and communicating with users, customers, partners and applicants,
- Implementation of security, abuse and fraud prevention measures, including access controls and system monitoring,
- Reach measurement, usage analysis, improvement and further development of the online offer and services,
- Implementation of marketing, information and communication measures (e.g. newsletters, product information, customer invitations),
- Contract processing, in particular in connection with the initiation, conclusion, administration and fulfillment of contractual relationships,
- Customer care, support for existing customers and relationship management,
- Financial and administrative purposes (e.g. invoicing, payment processing, debt collection, accounting),
- Information about product and service developments, system updates or changes to legal documents,
- Implementation of training courses, webinars or events,
- Safeguarding legitimate interests, in particular to ensure IT and data security, service quality and business continuity,
- Processing in the context of company audits, mergers, takeovers, reorganizations or other corporate law processes,
- Assertion, exercise or defense of legal claims and administration of legal proceedings,
- Fulfillment of legal obligations (e.g. retention obligations, obligations to provide evidence and information to authorities),
- Archiving, evidence and documentation purposes.
6.1 Collection of access data and log files
We – or our hosting provider – collect data about every access to the server on which this service is located (server log files) on the basis of our authorization or overriding interests.
The access data includes, in particular, the name of the website or file accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, operating system, referrer URL, IP address and the requesting provider.
Processing is carried out for security reasons (e.g. to defend against attacks, clarify acts of abuse or fraud) and to ensure the stability and operational security of our system. The log file information is stored for up to 12 months for security, error analysis and verification purposes and then deleted or anonymized, provided there are no overriding conflicting interests of the data subjects. The longer storage period is exclusively for the purposes of IT security, system integrity and forensic traceability.
6.2 Provision of contractual services
We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services. The entries marked as mandatory in online forms are required for the conclusion of the contract.
As part of the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s interests in protection against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.
We process usage data (e.g., the websites visited on our online offering, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, e.g., to display product information to the user based on the services previously used.
The deletion of the data takes place after the expiry of statutory warranty and comparable obligations; in the case of statutory archiving obligations, the deletion takes place after their expiry. Information in any customer account remains until it is deleted.
6.3 Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks and the organisation of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of providing our contractual services. Customers, prospective customers, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of data relating to contractual services and contractual communication corresponds to the information specified for these processing activities.
We disclose or transmit data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee centres and payment service providers.
We also store information on suppliers, event organizers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. We generally store this mainly company-related data permanently.
6.4 Business analyses and market research
In order to operate our business economically and to identify market trends, customer and user wishes, we analyze the data available to us on business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data and metadata. In doing so, we process inventory data, communication data, contract data, payment data, usage data and metadata, whereby the data subjects include customers, interested parties, business partners, visitors and users of the online offering.
The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we may take into account the profiles of registered users with details of their purchase transactions, for example. The analyses help us to increase user-friendliness, optimise our offer and improve business efficiency. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised values.
If these analyses or profiles are personal, they will be deleted or anonymised upon termination by the user, otherwise after two years from the conclusion of the contract. Otherwise, the overall business analyses and general trend determinations are created anonymously where possible.
6.5 Data protection information in the application process
We process the applicant data for the purpose and in the context of the application process in accordance with the legal requirements. The processing of applicant data is carried out to fulfil our (pre)contractual obligations within the framework of the application process within the meaning of Art. 6 para. 1 lit. b. DSGVO Art. 6 Abs. 1 lit. f. GDPR if data processing becomes necessary for us, e.g. in the context of legal proceedings (in Germany, § 26 BDSG also applies).
The application procedure requires applicants to provide us with their application data. If we offer an online form, the necessary applicant data is marked, otherwise it results from the job descriptions and basically includes personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. Applicants can also voluntarily provide us with additional information.
By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this data protection declaration.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 lit. a GDPR are voluntarily collected as part of the application process. 1 GDPR, their processing shall also be carried out in accordance with Art. 9(1) GDPR. 2 lit. b GDPR (e.g. health data, such as severe disability or ethnic origin).
If special categories of personal data within the meaning of Article 9(1) are processed as part of the application process, the applicant will be informed of this in advance. 1 GDPR, their processing is additionally carried out in accordance with Art. 9(1) GDPR. 2 lit. a GDPR (e.g. health data, if this is necessary for professional practice).
If provided, applicants can send us their applications using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art.
Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We therefore cannot assume any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using an online form or sending it by post. Instead of applying via the online application form and e-mail, applicants still have the option of sending us their application by post.
The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is not successful, the applicants’ data will be anonymized. Applicants’ data will also be deleted or anonymized if an application is withdrawn, which applicants are entitled to do at any time as long as all legal retention periods are complied with.
The deletion takes place, subject to an authorization revocation of the applicants, after the expiry of a period of no more than six months after a rejection, so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax regulations.
6.6 Talent pool
As part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of two years on the basis of consent.
The application documents in the talent pool will be processed in the context of future job advertisements and employee searches and will be anonymized after the deadline at the latest. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future and declare an objection within the framework of the applicable data protection law.
6.7 Registration function
→ If a registration function is also offered for applicants in the future, users can optionally create a user account. Currently, this is reserved exclusively for companies and their employees.
The required mandatory information is provided during the registration process. The data entered will be used exclusively for the purpose of using the service. Users can be informed by e-mail about information relevant to registration or the offer, such as changes to the scope of functions or technical circumstances.
If users terminate their user account, their personal data will be deleted unless there is a legal obligation to retain it (e.g. pursuant to Art. 6 para. 1 lit. c GDPR). Users are responsible for backing up their data themselves before the end of the contract. After termination of the contract, we are entitled to irretrievably delete all data stored during the term of the contract.
As part of the use of our registration and login functions, we store the IP address and the time of the respective user action. This storage takes place on the basis of legitimate interests (Art. 6 para. 1 lit. f GDPR) on our part as well as on the part of the user in order to prevent misuse and unauthorized use. Data is only passed on to third parties if this is necessary to enforce our claims or if there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c GDPR exists.
7. legal bases
We process your personal data for the above-mentioned processing purposes, depending on the situation, in particular based on the following legal bases:
- the processing of personal data is necessary for the fulfillment of a contract with you or pre-contractual measures;
- You have given your consent to the processing of your personal data;
- the processing of personal data is necessary for compliance with a legal obligation;
- the processing is necessary in order to protect the vital interests of the data subject or of another natural person; or
- We have a legitimate interest in the processing of personal data, whereby our legitimate interests may include the following interests in particular:
Interest in: providing good customer service, maintaining contact and communicating with customers, including outside of a contract; in advertising and marketing activities; improving services and developing new ones; combating fraud; in protecting customers, employees and others, as well as our data, trade secrets and assets; in ensuring appropriate security (both physical and digital); ensuring and organizing business operations, including the operation and further development of websites and other systems; managing and developing the business; selling or buying companies, parts of companies and other assets; enforcing or defending legal claims; complying with Swiss and foreign rights and other rules applicable to us.
8. disclosure of personal data to recipients and abroad
8.1 Disclosure of personal data to recipients
In addition to the data transfers to recipients expressly mentioned in this privacy policy, we may disclose personal data to the following categories of recipients to the extent permitted:
- Providers to whom we have outsourced certain services (e.g. IT and hosting providers; external accounting; debt collection services; photographers; banks) as well as other suppliers and subcontractors;
- Third parties who collect data about you via websites;
- Authorized representative;
- Credit reference agencies, which store this data for credit rating information;
- prospective buyers or investors in the event of restructuring or other corporate actions;
- Auditors;
- (Opposing) parties in potential or actual legal proceedings or legal disputes;
- domestic and foreign authorities, official bodies or courts.
We use content and services from third-party providers (e.g. videos, maps, captchas, fonts) within our web application and website on the basis of our legitimate interest or on the basis of overriding interests and – if necessary – on the basis of your consent.
The respective third-party providers may process data such as IP address, browser and device characteristics, access time, referrer URL or similar technical information that is required for the delivery and presentation of the content. Without this data, correct provision is usually not possible.
The list of our third-party subprocessors can be found at https://www.dev-dualoo.ch/de/rechtliches/unterauftragsverarbeiter/
Below you will find examples of certain providers to whom we have outsourced certain services:
7.1.1 Google Ads (exclusion of existing customers from advertising measures)
→ This section applies to users of corporate customers and not to applicants.
We use Google Ads in conjunction with Google Tag Manager to control our online advertising and to exclude existing customers from targeted advertising measures. For this purpose, we can form target groups (audiences) based on customer lists, page views (e.g. login or pay areas) or – if consent has been given – usage data imported from Google Analytics 4.
In addition, technical data such as IP address, browser information and, if applicable, cookie IDs are transmitted to Google via the Tag Manager to ensure that the exclusion logic functions correctly. When using customer lists, hashed contact identifiers (e.g. email addresses) are processed in order to exclude existing customers from advertising campaigns in Google Ads. Dualoo does not engage in advertising, profiling or personalized analysis.
The processing is based on your consent and our legitimate interest in efficient and data-saving control of advertising campaigns.
Recipient: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data transfer: Google is certified in accordance with the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework. Further information can be found in Google’s privacy policy and in the settings for personalized advertising.
7.1.2 Cloudflare Turnstile
We integrate the feature for recognizing bots (e.g. when entering data in online forms) of the provider Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (“Turnstile”). This feature is used for security and spam prevention on our website.
Data processing is carried out on the basis of our legitimate interest in securing and protecting our website. In the context of Turnstile, for example, the IP address, time spent on the website or movement profiles (e.g. mouse movements) can be evaluated.
Cloudflare is self-certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and/or uses standard contractual clauses for data transfers to the USA. Further information can be found in the privacy policy at https://www.cloudflare.com/privacypolicy/.
7.1.3 Friendly Captcha
We use the ‘Friendly Captcha’ service from Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee (Germany) to secure online forms against automated access (bots/spam).
During use, connection, environment, interaction and function data are transmitted from your browser’s end device to Friendly Captcha and processed there anonymously (e.g. IP address as a one-way hash). Cookies or persistent browser storage are not used.
The processing is based on our legitimate interest in ensuring the functionality and security of our online forms.
Further information on data processing at Friendly Captcha can be found in the privacy policy at https://friendlycaptcha.com/legal/privacy-end-users/.
7.1.4 Intercom (customer communication & support)
We integrate features and content of the Intercom service (provider: Intercom Inc, 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA).
Intercom is used to process support requests, to operate the chat system (“Fin”) and to send personalized messages to customers within our web application (in-app messages) and by email.
This enables us to efficiently design support, information and product notifications and statistically evaluate the use of our web application.
In particular, communication, usage and connection data (e.g. name, e-mail address, message content, times, browser and device data) are processed.
Processing is carried out on the basis of our legitimate interest in efficient and user-oriented communication with our customers and, if necessary, on the basis of contractual necessity.
Intercom transfers data to the USA. The provider is certified in accordance with the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework and has undertaken to comply with the corresponding data protection principles. Further information can be found at: https://www.dataprivacyframework.gov/listand in Intercom’s privacy policy: https://www.intercom.com/legal/privacy
If Intercom is used to send messages, this is done as part of existing customer relationships or with your consent.
7.1.5 Salesforce (lead and customer management)
→ This section applies to users of corporate customers and not to applicants.
We use the Salesforce customer relationship management system from the provider Salesforce Inc, 415 Mission Street, San Francisco, CA 94105, USA, to manage customer, prospect and registration data. When you register on our website or fill out a form (e.g. to request a demo account), the data you provide (e.g. name, email address, company name, telephone number, message) is automatically stored in Salesforce and processed there to handle your request.
The processing is based on our legitimate interest in the efficient and secure management of customer and prospective customer data and for the implementation of pre-contractual measures.
Salesforce Inc. is certified under the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework. Further information can be found in Salesforce’s privacy policy.
7.1.6 Bexio (customer and invoice management)
→ This section applies to users of corporate customers and not to applicants.
We use the cloud-based business software bexio AG, Alte Jonastrasse 24, 8640 Rapperswil-Jona, Switzerland, to manage customer, contact and billing data. As part of registrations, contract conclusions or customer inquiries, personal data (name, email address, company name, address, telephone number, payment or billing information) is automatically transferred to bexio and processed there.
The processing is carried out on the basis of our legitimate interest in efficient and legally compliant customer and accounting management and – where necessary – to fulfill contractual obligations.
Data storage takes place in Switzerland. Further information can be found in bexio’s privacy policy.
8.2 Disclosure of personal data abroad
In principle, we process your personal data in Switzerland. However, in exceptional cases (e.g. when using certain service providers or certain software applications), your personal data may also be transferred abroad, primarily to the member states of the European Union and the EEA (namely Ireland), but in some cases also to other countries worldwide, in particular the USA.
If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection as provided for by law by using appropriate contracts (namely on the basis of the so-called standard contractual clauses of the European Commission) or rely on the legal exceptions of consent, contract execution, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects. Nevertheless, we would like to point out that data transmitted abroad is no longer protected by Swiss law and that foreign laws and official orders may require this data to be passed on to authorities and other third parties.
9. rights of the data subjects
You have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing as well as to the surrender of certain personal data for the purpose of transfer to another job (so-called data portability) within the scope of the data protection law applicable to you and to the extent provided for therein. Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke this) or need it for the assertion of claims. If you incur costs, we will inform you in advance.
If data processing is based on your consent, you can withdraw your consent at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
The exercise of such rights generally requires that you clearly prove your identity (e.g. by providing a copy of your ID if your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the addresses given on page 3 (see the “Controller / Provider” section) of this privacy policy (by post or email).
Every data subject also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner FDPIC(https://www.edoeb.admin.ch/de).
10. cookies and right to object to direct advertising
Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes their browser. The content of a shopping cart in an online store or a login status, for example, can be stored in such a cookie. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be saved if the user visits the website after several days. The interests of users can also be stored in such a cookie and used for reach measurement or marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the controller who operates the online service (otherwise, if they are only the controller’s cookies, they are referred to as “first-party cookies”). We may use temporary and permanent cookies and provide information about this in our privacy policy.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, cookies can be stored by disabling them in your browser settings. Please note that in this case, you may not be able to use all the functions of this online service.
11. storage period
In principle, we delete data as soon as it is no longer required for the respective purpose and there are no statutory retention obligations to the contrary. We retain personal data that we hold on the basis of a contractual relationship with you for at least as long as the contractual relationship exists and limitation periods for possible claims on our part or contractual retention obligations exist.
In Switzerland, the retention period for business records, accounting vouchers and other business-related documents is generally 10 years (Art. 958f CO). In the EU/EEA, national commercial and tax law obligations may provide for different retention periods; in these cases, we comply with the applicable minimum periods.
Once the retention obligations no longer apply, the data will be deleted or – if technically and organizationally appropriate – anonymized. Data subjects’ rights (in particular to erasure and restriction) remain unaffected by statutory retention obligations.
12. data security
We take appropriate security measures of a technical and organizational nature to protect the security of your personal data, in particular to protect it against unauthorized or unlawful processing and to counteract the risk of loss, unintentional modification, unwanted disclosure or unauthorized access.
However, like all companies, we cannot rule out data security breaches with absolute certainty because certain residual risks are unavoidable.
As part of our security measures, we use firewalls, logging and encryption in particular, have authorization concepts and have implemented other protective measures to ensure that personal data is protected as completely as possible.
13. confidentiality of user content
The Provider undertakes to maintain the strictest confidentiality about all confidential processes of which it becomes aware in the course of the preparation, execution and fulfilment of this contract, in particular business or trade secrets of the User, and not to pass these on or exploit them in any other way. This applies to any unauthorised third parties, i.e. also to unauthorised employees of both the Provider and the User, unless the disclosure of information is necessary for the proper fulfilment of the Provider’s contractual obligations. In cases of doubt, the Provider is obliged to request the User’s consent prior to such disclosure. The Provider undertakes to agree with all employees and subcontractors employed by it in connection with the preparation, execution and fulfilment of this contract a regulation with the same content as the preceding paragraph of this contractual item. We reserve the right to comply with statutory notification/issuance obligations and our authorization to enforce our rights.
The user undertakes to maintain the strictest confidentiality about all confidential personal data and processes of other users of which he becomes aware and neither to pass them on nor to exploit them in any other way. This applies to any unauthorized third parties, i.e. also to unauthorized employees, for example, unless the disclosure of information is necessary for proper performance. In cases of doubt, the user is obliged to ask the user whose personal data he is processing for consent before such disclosure.
14. collection of anonymous data
The provider collects anonymous data from users using the software. This includes the IP address, domain and host via which the Internet is used, browser version, the current date, the address of the websites referring to the software and the time of access. In order to improve the user-friendliness of the platform, the actions of individual users during a session can also be recorded anonymously. This data is not assigned to specific persons. This data is not merged with other data sources. The data is also deleted after a statistical analysis.
Anonymised user data is also used by the provider to match applicants with vacancies, for example. However, data is only passed on to other users (or companies) with the consent of the user concerned.
15. collection of personal data
The user agrees that all master data entered by him, i.e. this personally assigned data, may be evaluated for internal purposes. This specifically includes providing information to the specific user, further development of the software and analysis of user behavior.
The provider does not pass on personal data to third parties without the express consent of the user, which can be revoked at any time.
The user grants the provider the rights to make their profile picture, first name, middle name and surname public. Company accounts grant the Provider the right to publish the logo/profile picture, company name, company description and location as well as contact persons. This serves the purpose of being found by other users.
Personal data is collected at the earliest when the user completes the registration form to open an account for the software, or when the written contract between the user and the provider has been concluded and the user creates his profile. Personal data includes the user’s first name and surname, contact details (such as address, telephone number, gender, date of birth, e-mail address, etc.). After registering and activating the account, the user has the option of entering further personal data in their user profile, such as desired training occupation, interests and leisure activities, etc., depending on the type of user. The user can also upload documents such as references, certificates, apprenticeship contracts and many more.
The personal details are visible to registered and logged-in users in the software. Non-members, however, do not have access to this personal data.
If the user is a representative person of a company (e.g. contact person for incoming applications, data protection officer, etc.), the business contact details and the profile picture may be published by authorised persons in the company for a specific purpose. This may only be done with the express consent of the user concerned. The provider cannot be held liable for legal consequences if this consent has not been lawfully obtained.
Users can control access to their data and documents by configuring their privacy and settings accordingly. In principle, user data is anonymous until the user authorises the information to be shared. The user who has made the information accessible to third parties is solely and fully liable for all shared information.
16. use of user data for marketing purposes of the provider
By agreeing to this privacy policy, corporate customers consent to Dualoo AG using their name, company logo and general information about the collaboration as a reference. This use may take place in the context of the website, presentations, brochures or press releases and serves exclusively to draw attention to the existing business cooperation.
This regulation applies to corporate customers and not to applicants or other private individuals.
The legal basis is consent. Consent is voluntary and can be revoked at any time with effect for the future. After a revocation, corresponding representations will be removed or adjusted promptly.
17. adjustments to this privacy policy
We expressly reserve the right to amend this privacy policy at any time. If such changes are made, we will immediately publish the amended privacy policy on our website. The privacy policy published on our website is valid in each case.