The responsible party within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (DSGVO), is:
Kafi Kolibri GmbH
Telefon: +41 31 552 05 00
In cooperation with our hosting providers, we make every effort to protect the databases as well as possible against unauthorized access, loss, misuse or falsification.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
By using this website, you consent to the collection, processing and use of data in accordance with the following description. This website can generally be visited without registration. Data such as pages accessed or names of files accessed, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or e-mail address are collected as far as possible on a voluntary basis. Without your consent, the data will not be passed on to third parties.
Processing of personal data
Personal data is any information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection law. Furthermore, to the extent and insofar as the EU GDPR is applicable, we process personal data in accordance with the following legal bases in connection with Art. 6 (1) GDPR:
- lit. a) Processing of personal data with the consent of the data subject.
- lit. b) Processing of personal data for the fulfillment of a contract with the data subject as well as for the implementation of corresponding pre-contractual measures.
- lit. c) Processing of personal data for the fulfillment of a legal obligation to which we are subject under any applicable law of the EU or under any applicable law of a country in which the GDPR is applicable in whole or in part.
- lit. d) Processing of personal data in order to protect the vital interests of the data subject or another natural person.
- lit. f) Processing of personal data to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and rights and interests of the data subject are overridden. Legitimate interests include, in particular, our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.
We process personal data for the duration required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- browser type and browser version
- Operating system used
- referrer URL
- Host name of the accessing compute
- Time of the server request
This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.
Third party services
This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos.
These services of the American Google LLC use, among other things, cookies and, as a result, data is transferred to Google in the USA, although we assume that no personal tracking takes place in this context solely through the use of our website.
Google has undertaken to ensure adequate data protection in accordance with the US-European and the US-Swiss Privacy Shield.
If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
If you would like to receive the newsletter offered on this website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data will not be collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe link” in the newsletter.
Use of Google Maps
This website uses the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to comfortably use the map function. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. For more information on the purpose and scope of data collection and processing by Google, as well as further information on your rights in this regard and settings options for protecting your privacy, please visit: www.google.de/intl/de/policies/privacy.
This website uses Google conversion tracking. If you have reached our website via an ad placed by Google, Google Ads will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across Ads customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to participate in the tracking, you can refuse the setting of a cookie required for this – for example, by means of a browser setting that generally deactivates the automatic setting of cookies or by setting your browser so that cookies from the domain “googleleadservices.com” are blocked.
Please note that you may not delete the opt-out cookies as long as you do not want any measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.
Use of Google reCAPTCHA
This website uses the reCAPTCHA service of Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland “Google”). The query serves the purpose of distinguishing whether the input is made by a human or by automated, machine processing. The query includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and further used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCaptcha will not be merged with other data from Google. Your data may also be transmitted to the USA in the process. For data transfers to the USA, there is an adequacy decision of the European Commission, the “Privacy Shield”. Google participates in the “Privacy Shield” and has submitted to the requirements. By pressing the query, you consent to the processing of your data. The processing is based on Art. 6 (1) lit. a DSGVO with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the data controller on this website is located outside the European Economic Area or Switzerland, then the Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as “Google”.
The statistics obtained enable us to improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage in the settings there under “My data”, “Personal data”.
The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. We would like to point out that on this website Google Analytics has been extended by the code “_anonymizeIp();” to ensure anonymized collection of IP addresses. This means that IP addresses are processed in abbreviated form, which means that they cannot be linked to a specific person. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.
Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
In addition, you can also prevent the use of Google Analytics by clicking on this link: Disable Google Analytics. This will save a so-called opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your terminal device, these opt-out cookies will also be deleted, i.e. you will have to set the opt-out cookies again if you wish to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer/end device and must therefore be activated separately for each browser, computer or other end device.
This website uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font is used by your computer.
This website uses functions of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA . When you call up our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. In the process, data is already transmitted to Facebook. If you have a Facebook account, this data can be linked to it. If you do not want this data to be associated with your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or the clicking of a “Like” or “Share” button are also passed on to Facebook. You can learn more at https://de-de.facebook.com/about/privacy.
This website uses functions of Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When you call up our pages with Twitter plug-ins, a connection is established between your browser and the servers of Twitter. In the process, data is already transferred to Twitter. If you have a Twitter account, this data can be linked to it. If you do not want this data to be associated with your Twitter account, please log out of Twitter before visiting our site. Interactions, in particular clicking on a “re-tweet” button, are also passed on to Twitter. You can learn more at https://twitter.com/privacy.
Functions of the Instagram service are integrated on our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.
We use the marketing services of the social network LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”) within our online offer.
For example, information on the operating system, the browser, the website you previously visited (referrer URL), which websites the user visited, which offers the user clicked on, and the date and time of your visit to our website is collected.
The information generated by the cookie about your use of this website is transferred pseudonymously to a LinkedIn server in the USA and stored there. LinkedIn therefore does not store the name or email address of the respective user. Rather, the above-mentioned data is only assigned to the person for whom the cookie was generated. This does not apply if the user has allowed LinkedIn to process without pseudonymization or has a LinkedIn account.
We use LinkedIn Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. All LinkedIn companies have adopted the standard contractual clauses to ensure that the data traffic to the USA and Singapore necessary for the development, implementation and maintenance of the services takes place in a lawful manner. If we ask users for consent, the legal basis for processing is Art. 6 (1) lit. a DSGVO. Otherwise, the legal basis for the use of LinkedIn Analytics is Art. 6 para. 1 p. 1 lit. f DSGVO.
This website uses external payment service providers through whose platforms users and we can make payment transactions. For example via
- PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)
- Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
- Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
- American Express (https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)
- Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
- Bexio AG (https://www.bexio.com/de-CH/datenschutz)
- Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
- Apple Pay (https://support.apple.com/de-ch/ht203027)
- Stripe (https://stripe.com/ch/privacy)
- Klarna (https://www.klarna.com/de/datenschutz/)
- Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/)
- Giropay (https://www.giropay.de/rechtliches/datenschutzerklaerung) etc.
In the context of the performance of contracts, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. b. EU-DSGVO. Furthermore, we use external payment service providers on the basis of our legitimate interests pursuant to the Swiss Data Protection Ordinance as well as and to the extent necessary pursuant to Art. 6 para. 1 lit. f. EU-DSGVO in order to offer our users effective and secure payment options.
The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, among others, as well as the contract, totals and recipient-related information. The information is required in order to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. We as the operator do not receive any information about (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the data is transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection information of the payment service providers.
Newsletter per WhatsApp
You can also receive our free newsletter via the instant messaging service WhatsApp. WhatsApp is a service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, USA, both hereinafter referred to as “WhatsApp”. Partial processing of user data takes place on WhatsApp servers in the USA.
Through the certification according to the EU-US Privacy Shield, WhatsApp guarantees, however, that the data protection requirements of the EU are also complied with when processing data in the USA. In addition, WhatsApp offers further data protection information.
To receive our newsletter via WhatsApp, you need a WhatsApp user account. Details about which data WhatsApp collects during registration can be found in the aforementioned WhatsApp data protection information.
The legal basis for the sending of the newsletter and the analysis is Art. 6 para. 1 lit. a.) DSGVO.
In accordance with Art. 7 (3) DSGVO, you can revoke your consent to the sending of the newsletter at any time with immediate effect. For this purpose, you only need to inform us of your revocation. Likewise, you can block the receipt of the newsletter by a setting in the WhatsApp software on your end device.
Audio and video conferencing
We use audio and video conferencing services to communicate with our users and others. In particular, we can use them to conduct audio and video conferences, virtual meetings, and training sessions such as webinars.
In particular, we use Zoom, a service of the American Zoom Video Communications Inc. Zoom also grants the rights under the European General Data Protection Regulation (GDPR) to users in Switzerland. Further information about the type, scope and purpose of data processing can be found in the data protection guidelines and on the “Legal Provisions and Data Protection” page of Zoom in each case.
Functions of the “YouTube” service are integrated on this website. “YouTube” is owned by Google Ireland Limited, a company incorporated and operated under the laws of Ireland, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzerland.
If you have a Vimeo user account and do not want Vimeo to collect data about you via this website and link it to your membership data stored with Vimeo, you must log out of Vimeo before visiting this website.
In addition, Vimeo calls up the Google Analytics tracker via an iFrame in which the video is called up. This is Vimeo’s own tracking, to which we have no access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. You can also prevent the collection of data generated by Google Analytics and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:
Order processing in the online store with customer account
We process the data of our customers in accordance with the data protection provisions of the Federal (Data Protection Act, DSG) and the EU-DSGVO, in the context of the ordering processes in our online store to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.
The processed data includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, prospective customers and other business partners. The processing is carried out for the purpose of providing contractual services in the context of operating an online store, billing, delivery and customer services. In this context, we use session cookies, e.g. for storing the shopping cart content, and permanent cookies, e.g. for storing the login status.
The processing is carried out on the basis of Art. 6 para. 1 lit. b (execution of order transactions) and c (legally required archiving) DSGVO. In this context, the information marked as required is necessary for the justification and fulfillment of the contract. We disclose the data to third parties only in the context of delivery, payment or in the context of legal permissions and obligations. The data is only processed in third countries if this is necessary for the fulfillment of the contract (e.g. at the request of the customer for delivery or payment).
Users can optionally create a user account, in which they can view their orders in particular. As part of the registration process, the required mandatory information will be provided to users. User accounts are not public and cannot be indexed by search engines, e.g. Google. If users have terminated their user account, their data with regard to the user account will be deleted, subject to their retention is necessary for commercial or tax reasons entspr. Art. 6 para 1 lit. c DSGVO. Information in the customer account remains until its deletion with subsequent archiving in the event of a legal obligation. It is the responsibility of the users to save their data in the event of termination before the end of the contract.
Within the scope of registration and renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as those of users in protection against abuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.
The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of keeping the data is reviewed at irregular intervals. In the case of legal archiving obligations, deletion takes place after their expiry.
We process the data of our customers, clients and interested parties (uniformly referred to as “customers”) in accordance with the data protection provisions of the Federal (Data Protection Act, DSG) and the EU-DSGVO in accordance with Art. 6 para. 1 lit. b. DSGVO, in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose and the necessity of their processing are determined by the underlying order. In principle, this includes inventory and master data of customers (name, address, etc.), as well as contact data (e-mail address, telephone, etc.), contract data (content of the order, fees, terms, information on the mediated companies/insurers/services) and payment data (commissions, payment history, etc.). We may also process information on the characteristics and circumstances of persons or objects belonging to them if this is part of the subject matter of our order. This may be, for example, information on personal circumstances, mobile or immobile tangible property.
Within the scope of our assignment, it may also be necessary for us to process special categories of data pursuant to Art. 9 (1) DSGVO, in this case in particular information on the health of a person. For this purpose, we obtain, if necessary, according to Art. 6 para. 1 lit a., Art. 7, Art. 9 para. 2 lit a DSGVO an explicit consent of the customer.
If necessary for the fulfillment of the contract or required by law, we disclose or transmit the data of the customers in the context of coverage requests, conclusions and processing of contracts, data to providers of the mediated services / objects, insurers, reinsurers, broker pools, technical service providers, other service providers, such as cooperating associations. e.g. cooperating associations, as well as financial service providers, credit institutions and investment companies as well as social security institutions, tax authorities, tax advisors, legal advisors, auditors, insurance ombudsmen and the Swiss Financial Market Supervisory Authority (FINMA) or Federal Financial Supervisory Authority (BaFin). Furthermore, we may engage subcontractors, such as sub-brokers. We obtain consent from customers if this is required for the disclosure/transfer of customer consent (which may be the case, for example, in the case of special categories of data pursuant to Art. 9 DSGVO).
The deletion of the data takes place after the expiry of legal warranty and comparable obligations, whereby the necessity of the retention of the data is reviewed at irregular intervals. In all other respects, the statutory retention obligations apply. In the case of statutory archiving obligations, deletion takes place after their expiry.
We process the data of our contractual partners and interested parties as well as other clients, customers, clients or contractual partners (uniformly referred to as “contractual partners”) in accordance with the data protection provisions of the German Federal Data Protection Act (Datenschutzgesetz, DSG) and the EU-DSGVO pursuant to Art. 6 Para. 1 lit. b. DSGVO, in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose and the necessity of their processing, are determined by the underlying contractual relationship.
The data processed includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. e-mail addresses and telephone numbers) as well as contractual data (e.g. services used, contract content, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history).
As a matter of principle, we do not process special categories of personal data, unless these are components of a commissioned or contractual processing.
We process data that are required for the justification and fulfillment of contractual services and point out the necessity of their disclosure, unless this is evident to the contractual partners. Disclosure to external persons or companies is made only if it is necessary in the context of a contract. When processing data provided to us in the context of an order, we act in accordance with the instructions of the client as well as the legal requirements.
In the context of the use of our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the interests of users in protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims pursuant to Art. 6 para. 1 lit. f. DSGVO or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. DSGVO.
The deletion of the data takes place when the data is no longer required for the fulfillment of contractual or legal duties of care as well as for dealing with any warranty and comparable obligations, whereby the necessity of keeping the data is reviewed at irregular intervals. In all other respects, the statutory retention obligations shall apply.
Note on data transfer to the USA
Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
The copyright and all other rights to the content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named copyright holders. For the reproduction of all files, the written consent of the copyright holder must be obtained in advance.
Anyone who commits a copyright infringement without the consent of the respective copyright holder may be liable to prosecution and possibly to damages.
All information on our website has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, correct and complete. Nevertheless, the occurrence of errors can not be completely excluded, so we can not guarantee the completeness, accuracy and timeliness of information, including journalistic-editorial nature. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected.
The publisher may change or delete texts at his own discretion and without notice and is not obliged to update the contents of this website. The use of or access to this website is at the visitor’s own risk. The publisher, its clients or partners are not responsible for damages, such as direct, indirect, incidental, consequential or punitive damages, allegedly caused by the visit of this website and consequently assume no liability for such damages.
The publisher also accepts no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of the linked sites are solely responsible for their content. The publisher thus expressly distances itself from all third-party content that may be relevant under criminal or liability law or that may offend common decency.
Questions for the data protection officer