Privacy Policy – Alexander van der Berg

In this privacy policy ("Privacy Policy"), we, Alexander van der Berg (hereinafter "we" or "us"), explain how we collect and otherwise process personal data.

The term "personal data" or "data" refers to all information relating to a identified or identifiable natural person. If you provide us with personal data about other persons (e.g. family members or work colleagues), please ensure that those persons are aware of this Privacy Policy and only share their data with us if you are authorised to do so and if the data is accurate.

Please note that other privacy policies, general terms and conditions, participation terms and similar documents may separately govern certain data protection matters. This Privacy Policy is aligned with the EU General Data Protection Regulation ("GDPR") and the Swiss Federal Act on Data Protection ("FADP"). However, the application of these laws depends on the specific case.

The terms used in this Privacy Policy are gender-neutral.

1 Controller

Alexander van der Berg is responsible for the data processing described herein, unless otherwise stated in individual cases. For data protection enquiries, you may contact us at the following address:

Phone: +49 40 414 312 151
Email: alexander@vanderberg.de

2 Collection and Processing of Personal Data

We process personal data primarily in the context of our business relationships — received from our clients and other business partners as well as other persons involved — or collected from users when operating our website(s). Where permitted, we also obtain certain data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, press and the internet) or receive such data from authorities and other third parties (e.g. credit agencies or address providers).

In addition to data you provide to us directly, the categories of personal data we receive about you from third parties include in particular: information from public registers; information obtained in connection with administrative and legal proceedings; information about your professional activities and responsibilities (e.g. to complete and process transactions with your employer with your assistance); information about you from correspondence and conversations with third parties; credit information (where we conduct transactions with you personally); information about you provided by persons close to you (family, advisors, legal representatives, etc.) to enable us to conclude or process contracts or agreements with or about you (e.g. references); your delivery address; powers of attorney; information relating to compliance with legal requirements such as anti-money laundering and export restrictions; information from banks and insurers (e.g. payments made, purchases made); personal data from media and the internet (where appropriate in the individual case, e.g. in connection with job applications, press review, marketing/sales, etc.); your addresses and, where applicable, interests and other sociodemographic data (for marketing purposes); data relating to website usage (e.g. IP address, MAC address of smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, features used, referring website, location data).

3 Purpose of Data Processing and Legal Basis

We use the personal data we collect primarily for the initiation and performance of contracts with our clients and business partners, in particular in connection with the following activity: software quality assurance and testing. In this context, we collect personal data for transactions with our clients as well as for the procurement of products and services from our suppliers and subcontractors, and to fulfil our legal obligations domestically and abroad. If you act for such a client or business partner, your personal data may of course also be affected in that capacity.

In addition, we process your data and the data of other persons, where permitted and where we consider it appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest:

offering and developing our products, services and websites, apps and other platforms on which we are present;
communicating with third parties and handling their enquiries (e.g. job applications, media enquiries);
testing and optimising procedures for needs assessment for direct customer outreach, as well as collecting personal data from publicly accessible sources for customer acquisition;
advertising and marketing (including the organisation of events), provided you have not objected to the use of your data (where we send advertising to you as an existing client, you may object at any time; we will then place you on a suppression list for further marketing communications);
market and opinion research, media monitoring;
asserting legal claims and legal defence in connection with legal disputes and regulatory proceedings;
prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analysis for fraud prevention);
ensuring the proper operation of our systems, in particular IT, our websites, apps and other platforms;
video surveillance for the exercise of property rights and other measures for IT, building and facility security and for the protection of our employees and other persons as well as assets belonging to or entrusted to us (e.g. access controls, visitor logs, network and mail scanners, telephone recordings);
purchase and sale of business units, companies or parts of companies and other corporate transactions, as well as the associated transfer of personal data, and also measures for corporate governance and, where required, compliance with legal and regulatory requirements and our internal policies.

4 Cookies / Tracking and Other Technologies Used on Our Website

On our website(s) we generally use "cookies" and similar technologies that enable identification of your browser or device. A cookie is a small text file sent to your computer and automatically stored by your web browser on your computer or mobile device when you visit our website(s). When you revisit our website, we may be able to recognise you, even if we do not know your identity.

In addition to cookies used only for the duration of a session and deleted after your visit ("session cookies"), we may use cookies to store user preferences and other information for a specified period (e.g. two years) ("persistent cookies").

Notwithstanding the foregoing, you may configure your browser settings to reject cookies, store them only for the duration of a session, or delete them early. Most browsers are set by default to accept cookies. We use persistent cookies to store user preferences (e.g. language, automatic login), to understand how you use our services and content, and to display personalised offers and advertising to you (which may also occur on other companies' websites; if your identity is known to us, such companies will not learn your identity from us; they will only know that the same user who visits their website previously visited a particular website). Certain cookies are sent to you by us, others by business partners with whom we work.

If you block cookies, certain features (e.g. language settings, shopping cart and ordering processes) may no longer be available to you.

Under applicable law, we may embed visible and invisible image files in our newsletters and other marketing emails. When such image files are retrieved from our servers, we can determine whether and when you opened the email, allowing us to measure and better understand how you use our offerings and to tailor them accordingly. You can disable this in your email client, which is typically a default setting.

By using our website(s) and consenting to receive newsletters and other marketing emails, you agree to our use of such technologies. If you wish to object, you must configure your browser or email client accordingly.

This website is hosted on GitHub Pages (GitHub, Inc., a subsidiary of Microsoft Corporation, United States). GitHub Pages processes visitors' IP addresses and request metadata (e.g. browser type, referring URL, and date and time of visit) in server logs as part of normal hosting operations. GitHub acts as a data processor on our behalf. For transfers to the United States, we rely on the standard contractual clauses referred to in Section 6. GitHub's own privacy policy also applies to the processing of your data by GitHub.

We use Formspree (Formspree, Inc., United States) to process contact form submissions on our website. Data submitted via the contact form (e.g. your name, email address and message) is transmitted to and stored by Formspree. Formspree acts as a data processor on our behalf. For transfers to the United States, we rely on the standard contractual clauses referred to in Section 6. Formspree's own privacy policy also applies to the processing of your data by Formspree.

5 Disclosure of Data to Third Parties

In the course of our business activities and in accordance with the purposes of data processing set out in Section 3, we may disclose data to third parties where such disclosure is permitted and we consider it appropriate, so that they may process the data on our behalf or, where applicable, for their own purposes. The following categories of recipients may be involved in particular:

our service providers (e.g. banks or insurers) including data processors (e.g. IT service providers);
dealers, suppliers, subcontractors and other business partners;
clients;
domestic and foreign authorities or courts;
the media;
the public, including users of our websites and social media;
competitors, industry organisations, associations, organisations and other bodies;
acquirers or parties interested in acquiring business units;
other parties in potential or pending legal proceedings;

collectively "recipients".

When we disclose data to third parties, we comply with the relevant legal requirements and, in particular, conclude data processing agreements or similar arrangements with the respective recipients in order to protect your data.

6 Transfer of Data Abroad

We may disclose data to persons, authorities, organisations, companies or other entities abroad. In particular, we may transfer personal data to any country in which our service providers process personal data.

If a recipient is located in a country that does not have an adequate level of data protection under applicable law, we contractually require the recipient to comply with applicable data protection law (for this purpose we use the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), provided the recipient is not already subject to a legally recognised framework for ensuring data protection and we cannot rely on an exception provision. An exception may apply in particular in legal proceedings abroad, but also in cases of overriding public interests or where performance of a contract requires such disclosure, where you have given your consent, or where the data has been made generally accessible by you and you have not objected to its processing.

7 Retention Period for Personal Data

We process and store your data for as long as necessary to fulfil our contractual and legal obligations or otherwise to pursue the purposes for which processing takes place — for example, for the entire duration of the business relationship (from initiation through to the termination of a contract) and beyond, in accordance with statutory retention and documentation obligations. In this context, we may retain personal data for the period during which claims may be brought against our company, as well as where we are otherwise legally obliged to do so or where legitimate business interests require it (e.g. for evidentiary and documentation purposes). Once your data is no longer required for the above purposes, it will generally be deleted or anonymised to the extent possible. Shorter retention periods of twelve months or less generally apply to operational data (e.g. system logs).

8 Data Security

We implement appropriate technical and organisational security measures to protect your data against unauthorised access and misuse.

These measures include the following: we follow data processing best practices and make every effort to always comply with current standards for secure data processing and storage.

We take the protection of personal data into account from the outset when designing or selecting hardware, software or processes, by implementing appropriate technical and organisational measures (privacy by design).

We also ensure privacy-friendly default settings (privacy by default).

9 Obligation to Provide Personal Data

In the context of our business relationship, you must provide the personal data necessary for the initiation and conduct of a business relationship and the fulfilment of the associated contractual obligations (there is generally no statutory obligation to provide data to us). Without this data, we will generally be unable to conclude or perform a contract with you (or the legal entity or person you represent). Our websites also cannot be used if certain information required to secure data traffic (e.g. the IP address) is not disclosed.

10 Profiling and Automated Individual Decision-Making

We may process your data in a partially automated manner in order to evaluate certain personal aspects (profiling). In particular, profiling enables us to provide you with more targeted information and advice about products that may be relevant to you. For this purpose, we may use analytical tools that allow us to communicate with you in a needs-based manner and to place advertising, including market and opinion research. In the initiation and conduct of a business relationship, we do not as a rule make fully automated individual decision-making (as governed by Art. 21 FADP or Art. 22 GDPR). Should we employ such processes in individual cases, we will inform you separately and, where required by law, advise you of your rights in this regard.

11 Your Rights

Subject to and to the extent provided by applicable law (such as where the GDPR applies), you have the following rights:

the right to request information from us as to whether and what data we process about you;
the right to request that we correct inaccurate data;
the right to request the deletion of data;
the right to request the provision of certain personal data in a common electronic format or the transfer of such data to another controller;
the right to withdraw consent, where our processing is based on your consent;
the right to obtain, upon request, further information necessary for the exercise of these rights;
the right, in the case of automated individual decision-making (Section 10), to express your point of view and to request that the decision be reviewed by a natural person.

Please note, however, that we reserve the right to invoke the restrictions provided by law on our part, for example where we are obliged to retain or process certain data, have an overriding interest in doing so (to the extent we may rely on this) or need it to assert claims. If this results in costs to you, we will inform you in advance. We have already drawn your attention to the possibility of withdrawing your consent in Section 3. Please note that exercising these rights may conflict with contractual agreements and may have consequences, such as early termination of the contract or the incurrence of costs. We will inform you of this in advance, to the extent not already provided for in the contract.

Exercising these rights generally requires you to clearly prove your identity (e.g. by providing a copy of your identity document, unless your identity is otherwise clearly established or can be verified). To exercise your rights, please contact us at the address given in Section 1.

Every data subject also has the right to enforce their claims through the courts or to lodge a complaint with the competent data protection supervisory authority. The competent data protection supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).

12 Changes to this Privacy Policy

We may amend this Privacy Policy at any time without prior notice. The version currently published on our website shall apply. If this Privacy Policy forms part of an agreement with you, we will notify you of any changes by email or other appropriate means.