more
than time

Holistic, innovative software and hardware solutions
for time recording and access control.

Privacy Policy

1 Name and address of the data processor

The operator of the website (hereinafter referred to as the “operator”) and therefore the controller/data processor (hereinafter referred to as the “operator”) in terms of the European General Data Protection Regulation (GDPR) and the Swiss Federal Data Protection Act (DPA) is:

zeit ag
Glockenstrasse 1
6210 Sursee, Switzerland

Tel: +41 41 926 99 99
Email: info@zeitag.ch
Website: www.zeitag.ch

2 Name and address of the Data Protection Officer

The operator’s Data Protection Officer is:

Walter Boreatti
PEAX AG
Pilatusstrasse 28
6003 Lucerne, Switzerland

Tel: +41 41 541 59 61
Email: walter.boreatti@peax.ch

3 Definitions

Operator: The operator of the website, in this case zeit ag.
User: User of the website or its services, in this case you.
Personal data: Information which makes it possible for a person to be identified, i.e. information that can be traced back to a particular person. This includes the person's name, email address or telephone number. But data concerning preferences, hobbies, memberships or which websites a person has visited is also regarded as personal data.

4 General notes on data protection

The operator only processes the personal data of its users to the extent to which this is necessary in order to provide a functional website and the operator’s contents and services. Personal data are exclusively processed on the basis of a legitimate legal basis, usually the user’s consent. An exception applies in cases where obtaining prior consent is effectively not possible and processing is permitted under statutory provisions.

5 Access data / server log files
5.1 Description and scope of data processing

The operator collects data each time its website is accessed ("server log files"). The collected access data includes:

  • Name of the web page, file(s) accessed
  • Date and time of the access
  • Browser type and version
  • The user's operating system
  • The referrer URL (the page previously visited)
  • The user’s IP address and the requesting provider

5.2 Legal basis for the processing

The legal basis for the temporary storage of the data and log files is Art. 6 (1) (f) GDPR and Art. 13 (1) and (2) DPA.

5.3 Purpose of data processing

The operator will only use the log data in order to operate and optimise the website, to ensure its security and to carry out statistical evaluations. However, the operator reserves the right to examine the protocol data at a later date if there are specific indications which give rise to a justified suspicion of unlawful use. The data are stored for this purpose.

5.4 Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they are collected, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. This is usually the case after 24 hours. Data may be stored beyond this period for the purpose of website optimisation and statistical evaluation. In this case, users’ IP addresses will be deleted or altered so that they can no longer be allocated to the accessing client.

5.5 Objection and removal options

The collection of data and the storage of data in log files are essential prerequisites for providing and operating the website. Consequently, the user has no right to object.

Any storage for other purposes is conducted in anonymised form, which means that no personal data are processed and accordingly no option to object arises.

6 Use of cookies

6.1 Description and scope of data processing

The operator’s website uses cookies. Cookies are small files that make it possible to store information specific to the user's access device (PC, smartphone or similar) in order to enable the device to be recognised when the website is next accessed. On the one hand, they serve to make websites user friendly for their users (e.g. by storing login data). On the other hand, they serve to record statistical data concerning the use of the website. This data can then be analysed to improve the website.

The operator’s website uses the following cookies:

  • FluentLocale: Serves to record the language set by the user and transmits the system language of the user. This cookie is technically necessary.
  • Google Analytics: See paragraph 8. This cookie is not technically necessary.

When our website is accessed, users are informed of the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. This notification also contains a reference to this Privacy Policy.

Section 9 specifically provides information on the use of Google Analytics.

6.2 Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR and Art. 13 (1) and (2) DPA.

The legal basis for the processing of personal data using cookies for analysis purposes is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.


6.3 Purpose of data processing
Technically necessary cookies are used for the purpose of facilitating the use of websites for users. Some website functions cannot be offered without cookies. These require that the browser is recognised even after navigation to different pages.

The user data collected by technically necessary cookies are not used to create user profiles.

Analysis cookies are used to improve the quality and contents of the website. Analysis cookies give the operator information about how the website is used and thus enables it to continuously improve its service.

6.4 Duration of storage, Objection and removal options

Cookies are stored on the user’s access device and transmitted by the same to our website. Users can therefore influence the use of cookies. Most browsers have an option allowing the storage of cookies to be restricted or prevented entirely. However, please note that the use of the website, particularly user convenience, will be restricted if cookies are not enabled. Many online advertisement cookies of companies can be managed through the US website https://www.aboutads.info/choices/ or the EU website https://www.youronlinechoices.com/uk/your-ad-choices/.

7 Newsletter

7.1 Description and scope of data processing

The operator’s website offers the option to subscribe to a free newsletter. This option can be chosen either by ticking the newsletter check box in the contact form or by completing the newsletter form at the bottom of the website. When either of these forms are sent, the data contained in the entry form will be transmitted to the operator. This includes:

  • User’s first and last name
  • Email adress

In addition, the following data are collected when the newsletter is subscribed to:

  • IP address of the requesting user
  • Time of newsletter subscription
  • Set language on the website

During the subscription process, the users’ consent to data processing is obtained and reference is made to this Privacy Policy.

7.2 Success measurement via Campaign Monitor

The operator sends out the newsletters using the success measurement software Campaign Monitor. This software sets a cookie through the newsletter and, via this cookie, collects the following data to measure success rates:

  • Time the newsletter is opened
  • Place where the newsletter is opened
  • Number of clicks per user per newsletter
  • Number of shared contents per user per newsletter

In order to send the newsletter, the operator discloses the following data to Campaign Monitor Pty Limited:

  • The newsletter subscriber’s email address

Campaign Monitor Pty Limited is based in Sydney, Australia, and processes data in data centres in the USA, Australia and Germany. The operator has contractual agreements with Campaign Monitor Pty Limited which ensure that Campaign Monitor Pty Limited complies with the provisions of the applicable data protection legislation.

During the subscription process, the users’ consent to the processing of this data is also obtained and reference is made to this Privacy Policy.

7.3 Legal basis for data processing

The legal basis for data processing following the user’s subscription to the newsletter is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.

7.4 Purpose of data processing

The user’s email address is collected in order to send the newsletter. The user’s name is collected in order to personalise the newsletter.

The other data listed in Section 8.1 and 8.2 are collected on the one hand to improve the newsletter and analyse the time and manner in which the newsletter is read, and on the other to prevent the misuse of the service or the email address used.

7.5 Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they are collected, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. Subscribers’ email addresses and names are therefore only stored for as long as the newsletter subscription is active. The same applies to the other personal data collected in the course of the subscription process.

The data collected and stored in the context of success measurement are deleted within 14 months following their evaluation.

7.6 Objection and removal options

Users may cancel their subscription at any time. Every newsletter contains a link for this purpose.

This also enables users to revoke their consent to the storage of the personal data collected during the subscription process and success measurement.

8 Google Analytics

8.1 Description and scope of data processing

This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses cookies, text files that are stored on your computer, which make it possible to analyse your use of the website.

The following data are collected and stored using Google Analytics:

  • The user’s IP address and the requesting provider
  • Name of the web page, file(s) accessed
  • Browser type and version
  • The user's operating system
  • The referrer URL (the page previously visited)
  • The number of pages accessed
  • Leaving rate
  • Average duration of website visit

The information about the use of this website by the user generated by the cookie is generally sent to a Google server in the USA and stored there. However, users’ IP addresses are shorted and therefore anonymised by the operator prior to transmission to Google. The transmitted data can therefore not be traced to the user. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. The operator has contractual agreements with Google which ensure that Google complies with the provisions of the applicable data protection legislation. The data that the user’s browser sends in the context of Google Analytics will not be amalgamated with other data from Google.

When our website is accessed, users are informed of the use of Google Analytics and their consent to the processing of the personal data used in this context is obtained. This notification also contains a reference to this Privacy Policy.

8.2 Legal basis for data processing

The legal basis for the processing of user data using Google Analytics is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.

8.3 Purpose of data processing

Google will use this information on behalf of the operator in order to analyse users’ use of the website, compile reports on website activity, and provide further services related to website and internet use to the website operator. This enables the operator to continually improve the website and its user friendliness.

8.4 Duration of storage

The data are deleted as soon as they are no longer required for our recording purposes, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. For this website, this is the case after 14 months.

8.5 Objection and removal options

As with any other cookies, the Google Analytics cookie is stored on the user’s access device. Users may therefore prevent the storage of the cookie by editing the settings in their browser software accordingly. Furthermore, users can prevent the data generated by the cookie concerning their use of the website (including their IP address) from being recorded and sent to Google and also the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

9 Contacting the operator
9.1 Description and scope of data processing

When users contact the operator (through the contact form, chat or email, for example), all relevant information provided by the user is saved for the purpose of processing the enquiry and in case of subsequent questions.

This includes, in particular, the following information:

  • User’s first and last name
  • Email address
  • User’s current location (in the support chat)

During the process of sending the contact form, your consent to data processing is obtained and reference is made to this Privacy Policy.

Alternatively, the operator can be contacted via the email address provided. In this case, the user’s personal data which are submitted with the email are stored.

Finally, the operator can be contacted using the chat tool on the website. This is managed by the software Zendesk. The data collected from any other contact options are likewise managed by the operator using Zendesk.

The way in which Zendesk works requires the operator to transmit particular data to the provider of this cloud-based software solution, Zendesk Inc. However, the operator has contractual agreements in place which ensure that Zendesk Inc. complies with all data protection obligations imposed by the applicable laws.

Users are informed in advance of the data processing and this Privacy Policy and their consent is obtained in the course of contacting the operator via the contact form or the chat.

9.2 Legal basis for data processing

The legal basis for data processing is, provided the user’s consent has been obtained, Art. 6 (1) (a) GDPR and Art. 13 (1) in conjunction with Art. 4 (5) DPA.

The legal basis for the processing of data which are transmitted in the course of sending an email is Art. 6 (1) (f) GDPR and Art. 13 (1) and (2) DPA. If the email contact aims at the conclusion of a contract, an additional legal basis for the processing is Art. 6 (1) (b) GDPR and Art. 13 (2) (a) DPA.

9.3 Purpose of data processing

The processing of the personal data from the entry form exclusively serves the purpose of handling the enquiry. In the case of contact by email, this also constitutes the required legitimate interest in processing the data. Storing the data for a certain period of time enables us to refer back to it if further questions arise at a later date.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our IT systems.

9.4 Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they are collected, provided their continued storage is not justified by the overriding interests or statutory obligations of the controller. This is the case when the conversation with the user has finished. The conversation is finished when the circumstances make it apparent that the issue at hand has been conclusively resolved.

9.5 Objection and removal options

Users may revoke their consent to the processing of their personal data at any time. If users contact us by email or contact form, they may object to the storage of their personal data at any time by email. In this case, we will not be able to continue the conversation. Likewise, during the course of a chat, users may at any time revoke their consent.

All personal data which were saved in the course of contacting the operator will in this case be deleted.

10 User rights

If website users are located in a member state of the EU or an EEA state, the GDPR provides for the following user rights:

10.1 Right to information (Art. 15 GDPR)

Users have the right at any time to request that the controller confirm whether any personal data concerning their person is being processed. If this is the case, users have the right to demand that the controller provide information about the personal data stored, and a copy of these data, free of charge. Furthermore, users have the right to the following information:

1. the purposes of processing;
2. the categories of personal data which are processed;
3. the recipient or categories of recipients to whom the personal data have been or will be disclosed, particularly where recipients are based in third countries and in the case of international organisations;
4. where possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
5. the existence of the right to correction or deletion of the personal data concerning the user, or to a restriction of processing by the controller, or a right to object to such processing;
6. the existence of the right to lodge a complaint with a supervisory authority;
7. if the personal data are not collected from the user, all available information about the origin of the data;
8. the existence of an automated decision-making process, including profiling, pursuant to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the significance and intended effects of such processing on the user.

If personal data are transmitted to a third country or an international organisation, users have the right to be informed of appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

10.2 Right to correction (Art. 16 GDPR)

Users have the right to correction and/or completion against the controller if the processed personal data concerning their person are incorrect or incomplete. The operator will implement corrections without undue delay.

10.3 Right to restrict processing (Art. 18 GDPR)

Subject to the following conditions, users have the right to demand a restriction of the processing of the personal data concerning their person:

  • if the user contests the correctness of the personal data concerning his/her person for a duration which enables the controller to examine the correctness of the personal data;
  • if the processing is unlawful and the user rejects the deletion of the personal data and instead request a restriction to the use of the personal data;
  • if the controller no longer requires the personal data for the purposes of processing but the user requires the data for the purpose of asserting, exercising or defending legal rights, or
  • if the user has objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been established whether the legitimate reasons of the controller override the reasons of the user.
  • if the processing of the personal data concerned has been restricted, these data – except for their storage – may only be processed with the consent of the user or in order to assert, exercise or defend legal claims.
  • if the restriction of processing has been restricted according to the above conditions, the user will be informed by the controller before the restriction is lifted.

10.4 Right to erasure (Art. 17 GDPR)
10.4.1 Duty to erase

The user may demand that the controller erase the processed data if:

  • they are no longer required for the purposes for which they were collected or were otherwise processed;
  • the user revokes the consent which was based on processing pursuant to Art. 6 (1) (a) GDPR and there is no other legal basis for processing;
  • the user objects to processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for processing;
  • the personal data were processed unlawfully;
  • the deletion of the personal data concerned is required to fulfil a legal obligation under European Union law or the law of a member state to which the controller is subject.

10.4.2 Exceptions

The right to erasure does not apply where processing is required:

  • in order to exercise the right to freedom of speech and information;
  • in order to fulfil a legal obligation which requires the processing under European Union law or the law of a member state to which the controller is subject, or in order to perform a task which is in the public interest or is carried out in the exercise of public authority which has been bestowed on the controller;
  • in order to assert, exercise or defend a legal right.

10.5 Right to information (Art. 19 GDPR)

If the user has asserted a right to correction, erasure or restriction of processing against the controller, the controller is under obligation to inform all recipients to whom personal data concerning the respective user have been disclosed of this correction or erasure of data or the restriction of processing, unless this proves to be impossible or is associated with disproportionate effort or expense.

The user is entitled against the controller to be informed of these recipients.

10.6 Right to data portability (Art. 20 GDPR)

Users have the right to obtain the personal data concerning their person which they have provided to the controller in a structured, commonly used and machine-readable format. They furthermore have the right to transmit these data to another controller without interference by the controller to whom the personal data were provided, if:

  • processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR, and
  • processing takes place with the help of automated processes.

When exercising this right, users are also entitled to cause the personal data concerning their person to be transmitted directly from one controller to another controller, provided this is technically possible. This must not compromise the freedoms and rights of other persons.

The right to data portability does not apply to the processing of personal data which is required to perform a task which is in the public interest or is carried out in the exercise of public authority which has been bestowed on the controller.

10.7 Right to object (Art. 21 GDPR)

Users have the right at any time to object to the processing of personal data concerning their person which takes place on the basis of Article 6 (1) (e) or (f) GDPR for reasons resulting from their specific circumstances; this also applies to any profiling based on these provisions.

The controller will then cease to process the personal data concerning their person, unless the controller can prove mandatory reasons meriting protection which necessitate the processing and which outweigh the interests, rights and freedoms of the user, or the data processing is performed for the purpose of asserting, exercising or defending legal claims.

Where users’ personal data are processed in order to perform direct advertising, users have the right at any time to object to the processing of the personal data concerning their person for the purposes of such advertising; this also applies to profiling in connection with such direct advertising.

If a user objects to the processing for the purposes of direct advertising, the controller will cease to process the personal data concerning his/her person for these purposes.

10.8 Right to withdraw the data protection consent (Art. 7 (3) GDPR)

Users have the right to withdraw their data protection consent at any time. Revoking their consent does not affect the legality of the data processing which has taken place on the basis of consent before the time of withdrawal.

10.9 Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, users have the right to complain to a supervisory authority, particularly in the member state of their place of residence, if they believe that the processing of the personal data concerning their person breaches the GDPR.

The supervisory authority to which the complaint was submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a legal remedy, according to Art. 78 GDPR.