Privacy Policy

Protection of your personal data

We, Blue Code International AG (hereinafter also referred to as "BCI", "we" or "us"), appreciate your interest in Bluecode and want to ensure that you feel safe when using the Bluecode website. We take the protection of your personal data very seriously. Compliance with the applicable data protection regulations (GDPR, DSG, TKG) is a matter of course for us.

In the following, we would like to explain in detail how personal data from you is collected and processed when you use the Bluecode website.

We reserve the right to change the privacy policy at any time with effect for the future if necessary, in particular to adapt to a further development of Bluecode or the implementation of new technologies.

Person in charge

Responsible within the meaning of data protection law for the collection and processing in the context of this website is the

Blue Code International AG
CHE-281.323.867, Commercial Registry Office Schwyz
Schützenstrasse 7
8853 Lachen
Schweiz
E-Mail: office@bluecode.com

Data protection representatives in the EU within the meaning of Art. 27 GDPR as a point of contact for supervisory authorities and data subjects for all questions in connection with EU data protection law:

Secure Payment Technologies GmbH
FN 364923 b, Commercial Court Innsbruck
Müllerstraße 27
6020 Innsbruck
Austria
E-Mail: datenschutz@spt-payments.com

Data collection when using the website www.bluecode.com

a. Provision of the website

Every time a user accesses the Bluecode website, the following data is automatically logged:

• Date and time of access
• Name of the page accessed
• Amount of data transferred
• Access status (file transferred, file not found, etc.)
• Identification data of the operating system used and the user's terminal device
• Name of the provider of the user's Internet access
• Cookies

The collection, processing and use of this data is carried out for the purpose of enabling the use of the Bluecode website, system security and the technical administration of the network infrastructure. These purposes are our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR. A comparison with other databases or a transfer to third parties, even in excerpts, does not take place (with the exception of the third parties selected under point b. "Exchange of information"). It is not possible to identify a user individually.

The logs are deleted at regular intervals. Longer storage will only take place insofar as this is necessary to investigate detected attacks on our website or to pursue specific existing legal claims.

On the part of the user, there is no possibility of objecting to the collection of data for the provision of the website and the storage of the data in log files, as these are absolutely necessary for the operation of the website.

b. Exchange of information

We may also share your information with selected third parties. In this context, we always take appropriate legal, technical and organisational measures to ensure that your data is treated securely and that an appropriate level of protection is maintained when transferring your data to selected third parties. Specifically, these are the following categories of recipients:

• Bluecode Group Companies: We may share your personal data with other Bluecode Group companies. This is done if there is an administrative interest in exchanging the data (legal basis according to Art. 6 para. 1 lit. f GDPR).
• Subcontractors: We may transfer your personal data to subcontractors and other third parties involved in the provision of services for the performance of contractual obligations with you or for other purposes described in this Privacy Policy. This is always done on the basis of an agreement on order processing in accordance with the GDPR (legal basis according to Art. 6 para. 1 lit. a, b or f GDPR).
• Government agencies: In order to comply with legal obligations, information is passed on to the relevant government agencies (legal basis pursuant to Art. 6 para. 1 lit. c or e GDPR).

We would like to make it clear that we do not sell personal data to third parties for advertising purposes.

We would also like to point out that the European Commission has issued an adequacy decision for Switzerland.

c. Data processing when contacting us via the website

You can contact us via the following e-mail address or via a contact form:

office@bluecode.com / datenschutz@spt-payments.com

The data you provide voluntarily, e.g. via an e-mail (name and/or e-mail address) or via a contact form (first and last name, business e-mail address, position in the company) will be used exclusively for the processing of the conversation/contact with you. By providing your contact details in our contact form or by sending us an e-mail, you agree to the use of this data for contacting us. You can revoke your consent informally at any time without giving reasons (see "Your rights" below). Your data will be deleted immediately. It is then not or no longer possible for us to contact us. The legal basis for the processing of the data is your consent in accordance with Art. 6 (1) (a) and our legitimate interest in accordance with Art. 6 (1) (f) GDPR. The processing of personal data serves solely to process the contact.

d. Retention and deletion of personal data

We only store your personal data until the purpose for which it is processed no longer applies or has been fulfilled or if you assert a justified request for deletion (see "Your rights" below). Where we are subject to statutory retention periods for the storage of data (e.g. tax or corporate law), we are obliged to store your data for the period of time stipulated there (the legal basis is the fulfilment of a legal obligation pursuant to Art. 6 (1) (c) GDPR).

The data obtained through the contact form will initially be stored. Once your request has been processed, but no later than six months, the data will be deleted. If you are contacted by e-mail, the e-mail address will be stored until the end of our conversation. This will also be deleted no later than six months after the last correspondence. In the event of a justified request for deletion or a revocation of your consent to data processing, your data will be deleted immediately, unless there are legally permissible retention periods for storage to the contrary (legal basis for compliance with a legal obligation Art. 6 para. 1 lit. c GDPR).

e. Links to third-party websites via the Website

The Bluecode website and the Bluecode account may contain links to websites of other providers. This privacy policy applies exclusively to Bluecode. BCI has no influence on the data protection regulations of other providers and does not check whether other providers comply with the applicable data protection regulations.

Nevertheless, we try to protect the integrity of our website and welcome any feedback about these websites.

f. Cookie Statement

Our website also uses so-called cookies. These are small text files whose information is stored on the end device (e.g. smartphone) or in the browser when a website is accessed in the Internet browser. They can be read by the web server of such a website, among other things. Cookies are stored on the end device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your website visit. Persistent cookies (e.g. selected language version "German") remain stored on the end device until you delete them yourself, revoke your consent to the use of cookies or activate automatic deletion when you close the web browser on your device.

Some of our cookies are so-called functional cookies (hereinafter also referred to as "necessary cookies") for the technical provision of the website. These are necessary so that we can provide or enable the functions and the most unrestricted use of our website for you. The processing is based on the legal basis of the performance of the contract for the processing of cookies or on our legitimate interest in the technically error-free and optimised provision of our website and its services (performance of the contract in accordance with Art. 6 (1) (b) GDPR and our legitimate interest in accordance with (f) GDPR).

We also use the web analysis and tracking cookies described below. These can be divided into "preference cookies", "statistics cookies" and "marketing cookies". These are cookies that are not technically necessary for the actual operation of the website, but can record and evaluate user behaviour and help website operators to improve the website and offers. Their use and use requires your prior express consent. If consent to the storage of cookies has been requested and granted, their processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the use of these cookies at any time without giving reasons (see "Your rights" below).

Preference cookies allow a website to remember certain information and settings that affect the behaviour or settings of the website itself, such as your preferred language. Without your consent, the regular use of our website will not be affected, but it may make browsing the site less functional.

Statistics cookies help us understand how visitors interact with our website. They allow us, among other things, to count website visits, determine behaviour and determine traffic sources. This allows us to determine and improve the performance of our website. Without your consent, the regular use of our website will not be affected, but we will not be able to adapt it to the needs of our website visitors and detect any errors.

Marketing cookies are used to select the advertisements that are shown to you on our website. This allows us to record and evaluate your interests when you visit the website in order to target advertising to a website user.  

You can informally revoke your consent to the use of cookies at any time without giving reasons and delete the cookies using the "Empty cash" function. However, if you want to avoid the use of cookies in advance, you can, for example, deactivate/block the storage/storage of cookies in your browser (e.g. Restrict third-party cookies) or set your web browser to notify you when a cookie is being sent. Blocking cookies may result in the use of the website's functions to a limited extent.

Below you will find an overview of the cookies used on our website that require consent and a detailed description of their respective providers (third-party cookies). A third-party cookie is a cookie that is placed on our website, but does not originate from the actual domain that the website user is visiting, but from another address or an external provider whose services we use. Among other things, we use third-party providers who may process your data in the USA. This is done on the basis of the EU-U.S. Data Privacy Framework (DPF) and the EU Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

(i) Google Analytics

We use Google Analytics, a web analytics tracking service provided by Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland ("Google"). Google Analytics uses a tracking code to create a random, unique ID associated with your browser cookie. In this way, you will be recognized as a new user or, if you visit our website again, as a "returning" user. The collected data is stored together with this user ID. The interactions of a website user through the use of the Bluecode website (e.g. clicking on a link) are measured by cookies and app instance IDs on our website, stored and sent to the Google Analytics servers and stored there.  

After your data has been processed by Google, we receive reports on your user behaviour on our website (target groups, advertisements, etc.).

We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user (the legal basis is your consent to the use of third-party cookies in accordance with Art. 6 para. 1 lit. a as well as our legitimate interest in the evaluation of website visitor behaviour for the continuous optimisation and improvement of our website Art. 6 para. 1 lit. f GDPR).

You can disable the processing of your data in Google Analytics by downloading and installing a corresponding browser add-on: https://support.google.com/analytics/answer/181881?hl=en. However, the deactivation only applies to data collection by Google Analytics.

You can find more information about Google's terms of use, data protection, and the legal framework for data transfers (standard contractual clauses, adequacy decisions) here: https://policies.google.com/?hl=de&gl=de and under https://policies.google.com/privacy/frameworks?hl=de.

As part of Google Analytics, we use Google Tag Manager. This is a solution for organizing the individual tracking tools, which allows us to centrally integrate and manage code sections (tags) of tracking tools that we use on our website. The tags can include Track your activities on our website, collect browser data and embed buttons. The data collected in this way shows us what our website users are most interested in and where we can improve our services. Google Tag Manager itself does not collect any personal data and does not set cookies ("cookieless" domain). He acts as a mere "steward" of the implemented tags. The tool triggers other tags, which in turn may collect data that Google Tag Manager does not access. (The legal basis is your consent in accordance with Art. 6 para. 1 lit. a as well as our legitimate interest in technically and economically improving our offer or our website by analysing the behaviour of the website visitor, Art. 6 para. 1 lit. f GDPR).  

(ii) YouTube

Our website uses plugins from the YouTube site operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. With the help of our embedded YouTube videos, we provide you with other content in addition to texts and images. When you visit our website, which is equipped with a YouTube plugin, YouTube sets at least a cookie that stores your IP address and our URL as soon as you start playing a video. The YouTube server is informed which of our pages you have visited.

If you are logged in to your YouTube account, YouTube can use cookies to match your interactions on our website to your profile. This includes data such as session duration, technical information such as browser type, screen resolution, etc. Other data can include any reviews, sharing content on social media, or adding it to your favorites on YouTube. If you are not logged into your account, only unique identifier data associated with your device, browser or app (e.g. preferred language) will be retained, but much interaction data will not be stored as fewer cookies are set. (The legal basis is your consent to the use of third-party cookies in accordance with Art. 6 (1) (a) GDPR as well as our legitimate interest in optimizing our website in order to be able to offer you a positive user experience in accordance with Art. 6 (1) (f) GDPR).  Further information on the handling of user data can be found here: https://policies.google.com/privacy?hl=en

(iii) Facebook Pixel

Within our website, we use the "visitor action pixel" of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). With this help, we can track the actions of website users if they have seen or clicked on a Facebook advertisement and have reached our website. If the Facebook pixel is triggered, it stores your actions on our website in one or more cookies, which enable Facebook to compare data such as your IP address with the data of your Facebook account. Facebook then deletes this data again. This allows us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected is anonymous and cannot be viewed by us, which means that we do not know the personal data of individual website users. The data can only be used in the context of placed advertisements. If you are logged in to your Facebook account, your visit to our website will automatically be assigned to your Facebook account. (The legal basis is your consent to the use of third-party cookies in accordance with Art. 6 (1) (a) GDPR as well as our legitimate interest in better adapting our website advertising measures to your wishes and interests in accordance with Art. 6 (1) (f) GDPR). Facebook may connect the data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook's data protection guidelines and legal framework for data transfers (standard contractual clauses, adequacy decisions) https://www.facebook.com/about/privacy and https://www.facebook.com/business/gdpr.

(iv) OpenStreetMap

On our website we use map sections of the online map tool "OpenStreetMap", a service of the OpenStreetMap Foundation, St. John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, UK. It is a free world map, which was digitally created by users themselves. When using this feature, information about your interactions with the digital map, your IP address, browser data, device type, operating system, day and time of use of the service is collected and transmitted to OpenStreetMap and stored. Tracking software is used to record user interactions. The service provider specifies the analysis tool "Piwik" for this purpose. Personal data will not be passed on by the service provider to third parties, unless there is a legal necessity. The third-party provider "Piwik" does store your IP address, but only in an abbreviated form. With the help of this card service, we can show you those acceptance points that accept Bluecode as a payment method. (The legal basis is your consent in accordance with Art. 6 (1) (a) GDPR, as well as our legitimate interest in optimizing our online service in accordance with Art. 6 (1) (f) GDPR).

For more information, please refer to the OpenStreetMap Foundation's privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy

(v) Floodlight / DV360

We use DoubleClick Floodlight, a conversion tracking service provided by Google Ireland Limited (Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland). This service is designed to measure the effectiveness of online advertising campaigns and limit the number of times certain ads are displayed. The aim is to show users the most relevant advertising possible.

In the context of use, the time of the page visit, click behaviour and presumed user interests are recorded in particular. This information is used exclusively for the purposes of campaign optimization and internal market research.

The storage of cookies can be managed or revoked at any time in the consent management solution.

You can also find more information at:

• Google Privacy Policy: https://policies.google.com/technologies/ads‍
• Google Ads Settings: https://myadcenter.google.com/u/0/personalizationoff?sasb=true&ref=ad-settings

(vi) Reddit Pixel

We use the tracking pixel of the social network Reddit (Reddit Netherlands B.V., Keizersgracht 62, 1015 CS Amsterdam, The Netherlands) to measure and optimize the effectiveness of our advertising efforts.

After consent has been given, IP address, device information, usage behavior (e.g. pages visited, clicks, dwell time) are recorded and transmitted to Reddit. Reddit can link this data to an existing account.

The legal basis is Art. 6 (1) (a) GDPR (consent), which can be revoked at any time. There is a data processing agreement with Reddit Netherlands B.V.

A transfer of data to the USA cannot be ruled out. This is based on the EU-U.S. Data Privacy Framework (DPF) and the EU Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

For more information, please visit: https://www.reddit.com/policies/privacy-policy

Newsletter

We offer you a newsletter in which we would like to inform you regularly about current Bluecode events and Bluecode offers. In order to receive the newsletter, it is necessary for you to provide your e-mail address. By agreeing to receive the newsletter, you agree to receive it. (The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR).

You can revoke your consent to receive the newsletter at any time without giving reasons at the end of each newsletter or unsubscribe from it. After your revocation, your personal data will be deleted immediately.

Data processing for applications

If you apply to us in writing, by e-mail or via the contact form, your personal data will be processed by us for the purpose of initiating the employment relationship. If we want to process your data for other purposes, we will ask for your consent separately. This is done, for example, for record keeping in order to be able to use your data for future and similar job advertisements (the legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR)

In the case of job applications, your personal data will generally be deleted 6 months after the end of the application process, unless you have expressly stated that we may keep your documents on file. If you accept the position for which you have applied, we will process your personal data provided in the application process within the framework of the employment relationship and only for as long as legal provisions provide for retention.

Changes to this Privacy Policy

We reserve the right to change this Privacy Policy at any time in the course of implementing new technologies, using new or removing existing tools, changing the legal situation or the way in which data is collected, in compliance with legal requirements.

Automated decision-making

Automated decisions mean that a decision that affects you is made automatically based on a computer determination (using software algorithms) without our human review. There are no automated decision-making processes in connection with the Bluecode system .

Safety

We have implemented technical and organisational security measures to protect your personal data from loss, destruction, manipulation and unauthorised access. All our employees and all third parties involved in data processing are obliged to comply with the Data Protection Act and to handle personal data confidentially.

In the case of the collection and processing of personal data, the information is transmitted in encrypted form in order to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments.

Your rights

As a data subject, you have the right to assert your rights as a data subject against us. In particular, you have the following rights:

• Information: In accordance with Art. 15 GDPR, you have the right to request information as to whether and, if so, to what extent we process personal data about you or not.
• Rectification: You have the right to request that we correct your data in accordance with Art. 16 GDPR.
• Deletion: You have the right to request that we delete your personal data in accordance with Art. 17 GDPR.
• Restriction: You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
• Data portability: In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and to transmit this data to another controller.
• Revocation of consent: If you have given us separate consent to data processing, you can revoke this consent at any time in accordance with Art. 7 (3) GDPR. Such a revocation does not affect the lawfulness of the processing that took place on the basis of consent up to the revocation.
• Right to object: In accordance with Art. 21 GDPR, you have the right to object to any processing that is based on the legal basis of Art. 6 para. 1 sentence 1 e or f GDPR. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 (2) and (3) GDPR.

With regard to your rights as a data subject listed above, as well as if you have any questions about the collection, processing or use of personal data, please contact:

office@bluecode.com / datenschutz@spt-payments.com

We will provide you with the relevant information on the measures without undue delay and in any event within one month of receipt of your request. The deadline can be extended by a further 2 months if this is necessary due to the complexity and the number of applications. However, we will inform you within one month of receipt of your application about a possible extension of the deadline and the reasons for it.

You also have the option of making a complaint to the competent national data protection supervisory authority.