Privacy Policy

1. Scope

Guuru has issued below Privacy Statement in the light of the enactment of GDPR, the new data protection and privacy regulation of the European Union (EU), and the upcoming revision of the Swiss Data Protection Act.

2. Data Protection Information

With the following information, we would like to give you an overview of how we will process your data and of your rights according to data privacy laws. The details on what data will be processed and which method will be used depend significantly on the services applied for or agreed upon.

3. Who is responsible for data processing and how can I contact them?

The unit responsible is and you can reach us at:

Guuru

Bösch 67

6331 Hünenberg

Switzerland

Phone (+41) 41 530 04 64

E-Mail: dataprotection@guuru.com

Web: www.guuru.com

4. What sources and data do we use?

We process personal data that we obtain from USERS, EXPERTS and CLIENTS in the context of our service offering. We also process – insofar as necessary to provide our services and organize our procurement of services – personal data that we obtain from publicly accessible sources, (e.g. debt registers, commercial and association registers, press, internet) or that is legitimately transferred from other third parties.

Further, certain data may be received from Google Analytics integrations in websites of CLIENTS. See below Section 12 for more information on Google Analytics.

Relevant data is personal information of contact persons from our CLIENTS and EXPERTS (e.g. name, address and other contact details, date and place of birth, and nationality) as well as USERS of our services. Furthermore, this can also be order data (e.g. payment order), data from the fulfillment of our contractual obligations, marketing and sales data, documentation data, and other data similar to the categories mentioned.

5. What do we process your data for (Purpose of Processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP):

a) For fulfillment of contractual obligations (Art. 6 para. 1b of the GDPR)

Data is processed in order to provide and receive services in the context of carrying out our contracts with our CLIENTS and EXPERTS or to carry out pre-contractual measures that occur as part of a request. The purposes of data processing are primarily in compliance with the specific services provided or received. You can find more specific details about the purposes of data processing in the relevant contract documents and terms and conditions.

b) In the context of balancing interests (Art. 6 para. 1f of the GDPR)

Where required, we process your data beyond the actual fulfillment of the contract for the purposes of the legitimate interests pursued by us or a third party. Examples:

  • Consulting and exchanging data with third parties (e.g. debt register to investigate creditworthiness and credit risks)
  • Marketing or market and opinion research, unless you have objected to the use of your data
  • Asserting legal claims and defense in legal disputes
  • Guarantee of our company's IT security and IT operation
  • Prevention and clarification of crimes
  • Measures for business management and further development of services and products
  • Risk control in Guuru.

In addition, we obtain personal data from publicly available sources for client acquisition purposes.

c) As a result of your consent (Art. 6 para. 1a of the GDPR)

As long as you have granted us consent to process your personal data for certain purposes (e.g. analysis of certain activities for marketing purposes), this processing is legal on the basis of your consent. Consent given can be withdrawn at any time. This also applies to withdrawing declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Withdrawal of consent does not affect the legality of data processed prior to withdrawal.

6. Who receives my data?

Within Guuru, every unit that requires your data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents appointed by us can also receive access to data for the purposes given, if they maintain confidentiality. These are companies in the categories of banking services, IT services, logistics, printing services, telecommunications, collection, advice and consulting, and sales and marketing.

7. Will Data Be Transferred to a Third Country or an International Organization?

Your data may be shared with EXPERTS and/or specialized IT service providers. As such, your data may be transferred to countries outside Switzerland or the European Economic Area (EEA). Personal data is transferred outside the EEA on the basis of declarations of adequacy or other appropriate safeguards, in particular standard data protection clauses adopted by the European Commission.

8. Security of Processing

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we make reasonable efforts to protect personal data against accidental and illegal destruction and loss. We strive to ensure that personal data is used properly and protected from unauthorized access, use or disclosure. We use a combination of process, technology and physical security controls to protect personal data from unauthorized access, use or disclosure.

In addition, access to personal data is restricted to employees, contractors, and agents who need such information to perform their assigned functions and to develop or improve our services.

9. For how long will my data be stored?

We will process and store your personal data for as long as it is necessary in order to fulfill our contractual and statutory obligations.

If the data is no longer required in order to fulfill contractual or statutory obligations, it is deleted, unless its further processing is required – for a limited time – for the following purposes:

  • Fulfilling obligations to preserve records according to commercial and tax law.

10. What data privacy rights do I have?

Every data subject has the right to access according to Article 15 GDPR (Article 8 FADP), the right to rectification according to Article 16 GDPR (Article 5 FADP), the right to erasure according to Article 17 GDPR (Article 5 FADP), the right to restrict processing according to Article 18 GDPR (Articles 12, 13, 15 FADP), the right of object according to Article 21 GDPR (Article 4 FADP), and if applicable – the right to data portability according to Article 20 GDPR. Furthermore, if applicable on you, there is also a right to lodge a complaint with an appropriate data privacy regulatory authority (Article 77 GDPR).

On grounds relating to your particular situation, you shall have the right of objection, at any time to processing of your personal data which is based on Article 6 para1 f of the GDPR (data processing based on balancing interests). If you submit an objection, we will no longer process your personal data unless we can give evidence of mandatory, legitimate reasons for processing, which outweigh your interests, rights, and freedoms, or processing serves the enforcement, exercise, or defense of interests. Please note, that in such cases we may not be able to continue to provide services and maintain a business relation.

You can withdraw consent granted to us for the processing of personal data at any time. This also applies to withdrawing declarations of consent that were made to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the withdrawal only applies to the future. Processing that was carried out before the withdrawal is not affected by it.

The objection or withdrawal does not need to be made in a particular form and should ideally be addressed to the contact details given above.

11. To what extent is there automated decision-making or profiling?

In establishing and carrying out a business relationship, we generally do not use any automated decision-making nor any Profiling pursuant to Article 22 GDPR. If we use this procedure in individual cases, we will inform you of this separately, as long as this is a legal requirement.

12. Data protection provisions about the application and use of Google Analytics (with anonymization function)

For our service offering, we receive data from our CLIENTS' integration of components of Google Analytics (with the anonymizer function) on their websites. We receive such data via Google. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

For the web analytics through Google Analytics the controller uses the application "_gat. _anonymizeIp". By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.

Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.

The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics through a JavaScript, that any data and information about the visits of Internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence, or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html . Google Analytics is further explained under the following Link https://www.google.com/analytics/ .