Privacy Policy (oneclick-cloud.com)

of oneclick AG, CH-8008 Zurich (hereinafter called “oneclick”); Version 7

oneclick AG is Controller in terms of the EU General Data Protection Regulation (hereinafter “GDPR”), who determines the purpose and means of the processing of Personal Data.

1. Handling of Data

The trust in correct handling of data is an important requirement for oneclick. Therefore, data protection has a great importance for oneclick. Customer data is only collected, processed and used whilst complying with the applicable data protection regulation and only for the purposes described as follows.

oneclick processes Personal Data collected as follows:

• Storage, modification, transmission, blocking and deletion.

With regard to your data, we are not the Controller: You retain all rights and obligations with regard to your data and content that you create, store, transfer or manage via the oneclick platform. Thus, you are also responsible for all contractual and legal obligations with regard to this data. oneclick will only access or process this data if this is necessary for the provision of the services or if you instruct us to do so (e. g. for support). In this regard, please refer to Art. 10 of our General Business and License Terms.

2. Personal Data

Personal Data means any information relating to a specific (identified) or identifiable natural person.

3. Collection and use of Personal Data (without a business relationship)

When you contact oneclick or an associated organisation, you may be asked to provide Personal Data. By providing such data you give us your consent to exchange this data within our organisation and to use it in accordance with this Data Privacy Statement. We can also combine such Personal Data with other information in order to optimize our contact with you and to offer or improve our products, services, content and advertisements. In case of your mere contact, you are free to decide whether you want to submit your Personal Data. However, in case you won’t submit your Personal Data we may not be able to inform you about our products or services or respond to or process your enquiries.

4. What Personal Data is Being Collected (with a business relationship)

When you create a user account, use a product or service, register on our website, get in contact with us or participate in an online survey, then the collection of Personal Data becomes necessary for the conclusion of a contract and the following data is being collected by us or is to be provided by you (whereas we only collect data to the necessary extent):

• Your name, address, telephone number, email address, information about your preferred contact channel, bank and credit card information.

When you share content with business partners or friends and thereby use products of oneclick, invite others to participate in services of a forum of oneclick, then oneclick can collect the data that you have provided about these persons, such as name, address, email address and telephone number. oneclick uses this data to process your enquiries, provide products or services as well as tackling fraud.

We collect Personal Data only to the necessary extent and only for the duration as necessary for the purposes of processing such data or as long as a business relationship exists (data minimization). Longer data storage obligations might exist according to existing data protection legislation.

5. How we process Personal Data

The processing of your Personal Data takes place on the basis of our contractual relationship and is necessary for its fulfilment. Your data will be stored and used internally as follows:

• The collection of Personal Data is necessary for the provision and performance of our services, as well as for their billing and invoicing. Furthermore, Personal Data also supports us with the creation, development, provision, delivery and improvement of our products, services, content and advertising; and it also makes it easier to tackle fraud.
• The collated Personal Data enables us to inform you about the latest product announcements, software updates and future events. If you do not wish to be included in our distribution list, you can opt out any time by changing your settings.
• Sometimes we can use Personal Data to send important messages, for example about purchases or amendments of our business terms and regulations. As this information is important and necessary for the relationship with oneclick, customers cannot refuse the receipt of such information.
• We can also use Personal Data for internal purposes, such as accounting, data analysis and research to improve the products and services of oneclick and the communication with customers.
• If you participate in competitions or similar activities, then we can use the data made available to us for the administration of these activities.

oneclick may share certain personal information with partners who work with oneclick to provide products and services, or who assist oneclick with their marketing (e.g. to our distributors and sales partners). In this case, Personal Data will only be disclosed in order to provide or improve products, services or our advertising. Personal Data will not be passed on to third parties for their marketing purposes.

6. Collection and Use of Non-Personally Identifiable Data

We also collect data in a form that, without more information, does not allow a direct association to a specific person. We can collect, use, transfer and disclose non-personally identifiable data for any purpose.

We collect data such as profession, language, postcode, area code, individual unique device identifier, forwarding URL as well as location and time zone, where the products of oneclick are used so that we can better understand the behaviour of our customers and improve our products, services and marketing activities.

We may also collect information regarding customer activities on our oneclick websites, in addition to our other products and services. This data is merged and serves as a tool to provide our customers with more useful information and to understand, which parts of our websites, products and services are most interesting for our customers. The merged data is considered non-personally identifiable data for the purpose of this Data Privacy Statement.

If necessary, we also collect and save more information about how you use our services, for example search requests. This information enables us to improve the significance of the results provided by our services. Such information is generally not associated with your IP address, except on a limited scale to ensure the quality of our services provided via the internet.

We collect data about how devices and applications are used, whereas this information may be used by the developers to help improve your software applications (“Apps”). In this case, only anonymized data will be used which cannot be assigned to Personal Data.

In the case that we link non-personally identifiable data with Personal Data, then this linked data will be treated as Personal Data.

7. Cookies and Other Technologies

The websites of oneclick, online services, interactive applications, email messages and advertisements can use “cookies” and other technologies such as pixel tags and web beacons. These technologies allow us to better understand user behaviour, it informs us which parts of our website were visited and simplifies and measures the efficiency of advertising and web search. We treat all data collected by cookies and other technologies as non-personally identifiable data. However, if internet protocol (IP) addresses or similar identifiers are classed as Personal Data by the applicable regulation, then we will also treat these identifiers as Personal Data. Accordingly, we will also treat linked data as Personal Data, for the purpose of this Data Privacy Statement, as long as non-personally identifiable data is linked with Personal Data.

The websites of oneclick, their online services and interactive applications all use cookies for the improved usage and security of the connection. For this purpose, a unique session ID can be saved in a cookie by the server to accurately recognise this client again when visiting again.

As with most internet services, we will also capture certain data automatically and save it in log files. This information includes IP addresses, browser types, browser language, internet service providers (ISP), referring and exit pages and programmes, operating system, date/time stamp and clickstream data.

We use this information to evaluate and analyse trends, to administer the website, to gain information about user behaviour on the website, to improve our products and services as well to capture demographic data regarding the overall user base. oneclick can use the captured data in their marketing and advertising services.

In some of our email messages we use a so-called “click-through-URL”, that leads directly to content of an oneclick website. If customers click onto these URLs, they are directed via a separate web server before they reach the target page on our website. We track this “click-through“ data to determine for which specific topics there is an interest and to measure the efficiency of our customer communication. If you do not wish that such data is captured and tracked, do not click onto text or graphic links in emails or use the unsubscribe function in our newsletter so that you do not receive any further e-mails with “click-through-URL”.

“Pixel tags“ allow us to send email messages in a format readable by the customer. They also enable us to check if emails have been opened. This information can be used to reduce or to stop sending messages to a customer.

Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA; “Google”), to analyze the usage behavior of our website. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

With your consent, Google sends user and usage-related information, such as your IP address, the location, time or frequency of your visit to our website to a server in the USA and stores the data there. However, we have activated the IP anonymization function in Google Analytics. This means that your IP address is shortened by Google within member states of the EU or in other contracting states of the Agreement on the EEA before being transmitted to the USA. Only in exceptional cases will the entire IP address be transmitted to a Google server in the USA and shortened there. We would like to point out that our website uses Google Analytics only after prior consent has been granted and with a shortened version of the IP addresses in order to exclude direct personal reference.

Google uses this information to provide us with an evaluation of your visit to our website and your activities. In addition, this information can be used to provide other services associated with the use of our website and the Internet. The IP address transmitted by your browser is not connected with other data from Google.

We have also concluded an order data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics. The personal data of visitors to the website is retained for 38 months. After this period, the information is deleted or anonymized. Via the settings in your browser, you are able to delete the previously set cookies again.

If you do not want your data to be processed, Google offers a deactivation add-on. This add-on can be installed in current browsers and offers a control option over the data that Google collects when you visit our website. The add-on prevents data about visits to our website from being sent to Google Analytics. However, this add-on does not prevent the transmission of data to us or to other services. You can find the add-on under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

Google uses standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis of data processing for recipients located in third countries or a data transfer there. Standard Contractual Clauses (SCC) are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. You can find the EU Commission’s implementing decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

For more information on how Google Analytics handles user data, please see Google’s privacy policy: https://www.google.com/intl/de/policies/privacy/partners

You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR using our opt-out function.

Google Ads Conversion Tracking with Conversion Tracking
We use Google AdWords and in this context the conversion tracking (visit action evaluation) of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA; “Google”) to advertise our offer. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

When you click on an ad placed by Google, a cookie for conversion tracking is stored on your computer. These cookies have a limited validity of 30 days, do not contain any personal data and can therefore not be used for personal identification. If you visit our website and the cookie has not yet expired, Google and we can recognize that you have clicked on the ad and that you have been redirected to this website.

Each Google Ads customer receives a different cookie. Thus, there is no possibility that cookies can be tracked across Ads customers’ websites. The information obtained with the help of the conversion cookie serves the purpose of creating conversion statistics. Here, we learn the total number of users who clicked on one of our ads and were redirected to a page tagged with a conversion tracking tag. Neither we nor third parties receive information that can be used to personally identify users. If you wish to prevent tracking, you can object to this use by deactivating the Google conversion tracking cookie via your browser in the settings. You will then not be included in the conversion tracking statistics.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases. You can also exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Google uses standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis of data processing for recipients located in third countries or a data transfer there. Standard Contractual Clauses (SCC) are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. You can find the EU Commission’s implementing decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

More information on the handling of user data can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.

You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR using our opt-out function.

Google Remarketing
On our website, we use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA; “Google”). We use this function to display interest-based and personalized advertising on third-party websites that also participate in Google’s advertising network. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

Google stores a cookie with a sequence of numbers about the browser on your end device during your visit to our website. This cookie anonymously records both your visit and the use of our website. Personal data is not passed on in the process. If you subsequently visit the website of third parties who also use Google’s advertising network, it is possible that advertisements will appear that are related to our website or our offers there.

Google Analytics also collects google-authenticated IDs of users, which are temporarily linked to our data in Google Analytics to define and create target groups for cross-device ad advertising.

You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/.

The summary of the collected data in your Google account is based exclusively on your consent, which you can give or revoke at Google. The legal basis here is Art. 6 para. 1 lit. a GDPR. In the case of data collection processes that are not aggregated in your Google Account because you do not have a Google Account or have objected to the aggregation, the collection of the data is based on Art. 6 para. 1 lit. f GDPR.

With the help of cross-device marketing, Google can also track your usage behavior across multiple end devices, so that you are also shown interest-based and personalized advertising when you switch end devices. The condition for this is that you have agreed to the linking of your browsing history with your existing Google account.

Google uses standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis of data processing for recipients located in third countries or a data transfer there. Standard Contractual Clauses (SCC) are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. You can find the EU Commission’s implementing decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

You can find more information about Google Remarketing at http://www.google.com/privacy/ads/.

You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR using our opt-out function.

Google Maps
On our website, we use the Google Maps service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA; “Google”) to display the location of our company and our partners as well as route descriptions. Art. 6 para. 1 lit. f GDPR serves as the legal basis. Our legitimate interest is to optimize the functionality of our website.

As soon as you call up Google Maps on our website, Google stores a cookie on your end device via your browser. In order to display our location or the location of our partners, your user settings and data are processed. In doing so, we cannot exclude that Google uses servers in the USA. Through the connection to Google, Google can record from which website your request has been sent and to which IP address the route description is to be sent. The data is determined exclusively for aggregated statistics by Google and then deleted.

If you do not want your data to be processed, you have the option of preventing the installation of cookies by making the appropriate settings in your browser.

Google uses standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis of data processing for recipients located in third countries or a data transfer there. Standard Contractual Clauses (SCC) are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. You can find the EU Commission’s implementing decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The use of Google Maps and the information obtained via Google Maps are subject to the Google Terms of Use (https://policies.google.com/terms?gl=EN&hl=en) and the Google Maps Terms and Conditions (https://www.google.com/intl/en_en/help/terms_maps/).

More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en&gl=en.

Google reCaptcha
We use on our website and on the registration page of our portal “https://oneclick.services” the service reCaptcha of the company Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA; “Google”) to detect and prevent automated accesses (e.g. bots) interacting with our website. Art. 6 para. 1 lit. f GDPR serves as the legal basis. There is a legitimate interest in ensuring the security of our website and protection against automated entries (attacks).

With the help of this service, Google can recognize from which website a request is sent as well as from which IP address the reCAPTCHA box is used. In addition to the IP address, other information may also be collected by Google, which is necessary for the offer and guarantee of this service. The data is collected exclusively for aggregated statistics by Google and then deleted.

Google uses standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis of data processing for recipients located in third countries or a data transfer there. Standard Contractual Clauses (SCC) are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. You can find the EU Commission’s implementing decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en&gl=en.

Hotjar
We use Hotjar, an analytics service provided by Hotjar Ltd (Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe; “Hotjar”), to better understand the usage behavior of our website and to optimize the offer on this website. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

With the help of Hotjar’s technology, we get a better understanding of our users’ experiences. Hotjar records and analyzes your mouse movements or mouse clicks, for example. Your visit to our website is anonymized. In addition, Hotjar collects information about your operating system, your browser, incoming or outgoing links, your location and the device you are using and analyzes this data for statistical purposes. In addition, Hotjar is able to collect direct feedback from you. The data at Hotjar is stored for 365 days and then automatically deleted.

For more information, please see Hotjar’s privacy policy: https://www.hotjar.com/legal/policies/privacy

If you do not want Hotjar to process your data, you can prevent the analysis of your usage behavior by means of an opt-out: https://www.hotjar.com/opt-out

You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR using our opt-out function.

LinkedIn Conversion Tracking
On our website, we use the analytics and conversion tracking technology of the LinkedIn platform of LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland; “LinkedIn”). With the aforementioned technology of LinkedIn, you can be shown more relevant advertising based on your interests. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

We also receive aggregated and anonymous reports from LinkedIn of ad activity and information about how you interact with our website. You can find more information about privacy at LinkedIn here: https://www.linkedin.com/legal/privacy-policy#choices-oblig.

You can object to LinkedIn analyzing your usage behavior and displaying interest-based recommendations (“opt-out”); to do so, click on the “Opt-out on LinkedIn” box (for LinkedIn members) or “Opt-out” (for other users) at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR using our opt-out function.

Microsoft Advertising (UET tag)
On our website, we use the Microsoft Advertising service provided by Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin, Ireland 18, D18 P521). This is an online marketing service that uses the Universal Event Tracking (UET) tool to help us display targeted and optimised advertisements via the Microsoft Bing search engine. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

Microsoft Advertising uses cookies for this purpose. Personal data is processed in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about device and browser settings.

For Microsoft services, the transfer of data to Microsoft Corp. in the USA cannot be ruled out. Further information on data protection at Microsoft can be found in Microsoft’s privacy policy at https://privacy.microsoft.com/en-us/privacystatement.

You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR using our opt-out function.

Online job applications / publication of job advertisements
We offer you the opportunity to apply to us via our website. For these digital applications, your data will be electronically recorded and processed by us for the purpose of handling the application process. The legal basis for this is § 26 para. 1 (1) BDSG in conjunction with. Art. 88 para. 1 GDPR.

Should an employment contract be concluded after the application process, we will store the data you have provided in your personnel file for the purposes of the usual organizational and administrative process. This is done in compliance with further legal obligations. The legal basis is also § 26 para. 1 (1) BDSG in conjunction with. Art. 88 para. 1 GDPR.
If an application is rejected, we automatically delete the data provided to us after notification of the rejection. If the data requires longer storage of up to four months due to legal provisions or until the conclusion of legal proceedings, it will not be deleted. The legal basis for this is Art. 6 para. 1 lit. f GDPR and § 24 para. 1 (2) BDSG. Our legitimate interest is the defense and enforcement of applicable law.

If you explicitly wish your data to be stored for a longer period of time, the data will be further processed based on your consent. The legal basis is Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR by declaration to us.

Newsletter
When you register for our free newsletter, your data, i.e. your email address, title and last name and – optionally – your first name, are sent to us. We also store the date and time of your registration. In addition, we will ask for your consent to send you the newsletter, describe the content specifically and refer to this privacy policy. We use the collected data exclusively for sending the newsletter – in particular, they are therefore not passed on to third parties. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can revoke this consent at any time in accordance with Art. 7 para. 3 GDPR. To do so, you simply need to inform us of your revocation or use the unsubscribe link included at the end of each newsletter. After you have unsubscribed from the recipient list, your personal data will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

YouTube
On our website, we use YouTube of YouTube LLC. (901 Cherry Ave., 94066 San Bruno, CA, USA; “YouTube”), a subsidiary of Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA; “Google”), in order to display videos to you. The legal basis for this is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the quality improvement and appealing presentation of our website.

YouTube videos are embedded on our website exclusively in “privacy-enhanced mode” in order to prevent data from being transmitted to YouTube when our website is called up. YouTube establishes a connection to the server in the USA as soon as you visit one of our websites on which a YouTube video is embedded. This connection is necessary in order to display the respective video on our website. In the course of this, YouTube will record and process your IP address, the date and time, and the website you visited. In addition, a connection to Google DoubleClick is established.

If you are logged into YouTube at the same time, YouTube assigns the connection information to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

For this functionality and for the analysis of user behavior, YouTube permanently stores cookies on your end device via your browser. If you do not agree with this processing, you can prevent the storage of cookies by a setting in your browser.

Google uses standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis of data processing for recipients located in third countries or a data transfer there. Standard Contractual Clauses (SCC) are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. You can find the EU Commission’s implementing decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=en&gl=en.

Meta Pixel
On our website, we use the “Meta pixel” of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “Meta”) for conversion measurement. This function can be used to track the behavior of website visitors after they have been redirected to the provider’s website by clicking on a Facebook ad. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

This procedure is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimize future advertising measures for you. The data collected is anonymous for us and accordingly does not offer us any conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible. Meta may use the data for its own advertising purposes, in accordance with Facebook’s data usage policy (https://www.facebook.com/about/privacy/). This data may enable Meta and its partners to place advertisements on and outside of Facebook. The use of the data cannot be influenced by us as the provider of the site. For these purposes, a cookie may be stored on your computer.

You also have the option of deactivating the “Custom Audiences” remarketing function in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR using our opt-out function.

Smallchat
On our website and on our portal https://oneclick.services/, we use Smallchat, a service of Nicer LCC (201 Rocky Slope Rd, Greenville, SC 29607, USA), to enable visitors to our site to have a conversation in the form of a real-time chat with our employees. Art. 6 para. 1 lit. a GDPR serves as the legal basis. Our legitimate interest is to improve the user experience and optimize our website.

Smallchat, for its part, uses technologies and services provided by Slack Technologies Limited (One Park Place, Hatch Street Upper, Dublin 2, Ireland).

By clicking on the chat button on the website, the chat is started and the user transmits personal data only with this click. Smallchat uses cookies and stores information about the user (IP address, browser, operating system as well as the dial-in location), the conducted conversation and the use of Smallchat in them. This information is usually transferred to a server in the USA and stored there. Smallchat uses this data to enable real-time chat with us.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data transmitted via chat, this is the case when the respective conversation with the user has ended. The conversation is ended when the issue concerned have been conclusively clarified. The user has the possibility to revoke his consent to the processing of personal data at any time. In such a case, the conversation cannot be continued.

Smallchat’s privacy policy is available at https://small.chat/terms/#gdpr. Slack Technologies is committed to complying with EU data protection requirements. Slack’s privacy policy and GDPR commitment are available at https://slack.com/intl/en-gb/trust/privacy/privacy-policy and https://slack.com/intl/en-gb/trust/compliance/gdpr, respectively.

You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR using our opt-out function.

8. Processor

oneclick can transfer Personal Data to companies that provide services indirectly to you, such as:

• the processing of information, fulfilling customer orders and delivery of products to you;
• the administration and maintenance of customer data;
• the delivery of customer services, the appraisal of your interest on our products and services as well as conducting customer research or customer satisfaction surveys.

Any Processors we employ will process the Personal Data in accordance with this Data Privacy Statement (and according to the contractual obligations of oneclick) as well as according to the legal provisions, thereby guaranteeing the protection of your data and/or your rights. Upon your request we will inform you about Processors which process Personal Data on our behalf and which are given your Personal Data.

9. Disclosure of Personal Data to other third parties

Due to the following reasons it can sometimes become necessary for oneclick to disclose Personal Data to third parties:

• for the enforcement of our terms and conditions (e. g. when collecting outstanding debts and in the event of legal disputes);
• in case the processing is necessary for a legal obligation to which we are subject;
• in case the processing is necessary in order to protect the vital interests (of yours or another natural person);
• in case the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
• in case the processing is necessary for the purposes of our legitimate interests (or such interest of a third party), except where such interests are overridden by your interests or fundamental rights and freedoms.

In addition, if applicable, we will also transfer all collected Personal Data to the relevant third party in the case of a reorganisation, a merger or a sale of our company. In case of possible disclosure of Personal Data, oneclick will as far as possible inform you, whereas there is no legal entitlement for such information.

10. Protection of Personal Data

The security of your Personal Data is important to oneclick. Our online services protect your Personal Data during the transmission using encryption processes such as transport layer security (TLS). When your Personal Data is saved by oneclick, it is used by computer systems in facilities that limit access through physical security measures.

If you use certain products, services or applications of oneclick or enter Personal Data in a forum, chat room or social media network of oneclick, then this Personal Data and content is visible to other users and can be read, captured or used by them. You alone have responsibility for the Personal Data that you share or provide. For example, if you provide your name and email address in a forum, then this information is public. Use this function with caution.

11. Integrity and Storage of Personal Data

oneclick makes it easier for you to keep your Personal Data correct, complete and up to date. We store Personal Data as long as necessary to fulfil the purposes described in this Data Privacy Statement, as long as there is no longer a storage period demanded or permitted by law.

12. Your rights with regard to your Personal Data

With regard to your Personal Data you have the following rights:

• Right to information and disclosure: You may at any time obtain information about the Personal Data we collected about you, as well as about their processing and processing purposes.
• Right of rectification: You can obtain from us without undue delay the rectification of inaccurate Personal Data. You can help us to ensure that your contact data and settings are correct, complete and up to date by logging into your account via https://oneclick.services/. We enable you to access for any purpose other Personal Data that we save about you.
• Right to erasure: You can obtain from us the erasure of your Personal Data without undue delay, unless oneclick is obliged to store such data by law or for legitimate business purposes (e. g. in case processing the Personal Data is necessary in order to end our business relations).
• Right to restriction of processing: You can obtain from us the restriction of processing your Personal Data in case the accuracy of such data is contested by you; the processing is unlawful (and we oppose the erasure of such data); we no longer need your Personal Data for the purposes of the processing; you have objected to the processing of your Personal Data.
• Right to data portability: You have the right to receive your Personal Data in a structured, commonly used and machine-readable format.
• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Data concerning to you.
• Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular at your habitual residence, your place of work or at the place of the alleged infringement of your rights.

We can reject requests if these are offensive or harassing, endanger the privacy rights of others, are extremely impractical, or if otherwise disclosure according to the respective legal system is not provided for.

You can assert your rights by contacting support@oneclick-cloud.com or via any other contact to our company (e. g. by post or telephone).

13. Location-based Services

In order to provide location based services, oneclick, their partners and licence holders can collect, use and share precise location data, including the geographic location of your computer or device in real time. As long as location based services are available, these can determine the approximate location of your devices. Apart from GPS, Bluetooth and your IP address, the data of public WLAN hotspots and mobile phone masts as well as other technologies are used. If you have not provided agreement for their use, these location based data are used in an anonymous way that means that you cannot personally be identified. The data is used by oneclick, their partners and licence holders to offer location based products and services to you and to improve those services. Your device can for example pass on its geographic location to programme or app providers, if you select their location services.

14. Website and Services of Third Party Providers

The website, products, applications and services of oneclick include links to websites, products and services of other organisations. Our products and services can also use or offer the products and services of third party providers – for example a software application (“App”) of a third party provider. The data protection methods of the third party provider regulate the collection of data that may include location based or contact data. We therefore recommend that you find out more about the data protection methods at these organisations.

15. International Users

Within the requirements of this Data Privacy Statement, all data provided by you can be subject to transmission or access by organisations in different locations in the world. oneclick adheres to the basic principles set up by the European Union according to the GDPR.

Personal data, including data provided by persons with a residence in a member state of the European Economic Area (EEA) are monitored and processed by oneclick in Zurich, Switzerland. oneclick adheres to the requirements of the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules-Systems.

16. Obligation of the Employees

All our employees are made familiar with this Data Privacy Statement and security measures to protect privacy are strictly implemented within our organisation in order to ensure the safety of Personal Data.

17. Amendments to the Data Privacy Statement

oneclick reserves the right, at its own discretion, to amend this Data Privacy Statement at any time. We will inform you in time about such amendments and will announce the date from which these amendments will be effective. Amendments are deemed as accepted by you, when you continue to use the website after the amendments have come into force. In case of substantial amendments of this Data Privacy Statement you will be informed at least 30 days prior to enactment of such amendments. In case you don’t contradict to the new Terms of Use within 30 days, this will be considered your explicit approval to the amendments made. Relevant messages will be sent by oneclick to the email address provided in each account.

18. Questions Regarding Data Protection

If you have questions or concerns in relation to this data privacy statement or our data processing, or if you would like to inform us about a possible violation of local data protection laws, we would ask you to contact us via telephone number + 49 861 8812812888 or via email support@oneclick-cloud.com.