Raptor Compliance GmbH constantly strives to guarantee you the highest level of confidentiality and security. In this context, you will find below details on the processing of your personal data. Unless otherwise provided, the provision of your personal information is not required by law or contract. You are not required to provide the data. The exact amount of processing of your data may vary due to the services you use, ie. not all of the processing listed in this statement applies.
The responsible company for this website is:
Raptor Compliance GmbH
Fon: +41 44 586 97 90
Dr. Dominic N. Staiger
Philipp A. Staiger
Handelsregisteramt des Kantons Zürich
Company Number: CHE‑211.830.805
Tax ID Number
Categories of affected persons
- Visitors to our websites
- Corporate customers and their employees
In the following, the persons concerned will be collectively referred to as "users".
Purpose of the processing
The purposes of the processing of personal data on our websites include:
- Providing the online offer, its functions and contents
- Answering contact requests and communicating with users
- Safety measures
- Audience measurement / Marketing
The consent is obtained in accordance with Art. 6 para. 1 lit. a GDPR for sending newsletters In the context of the performance of the contract and its initiation, Art. 6 para. 1 lit. b GDPR is the legal basis. When contacting us (e.g., by contact form, e-mail, telephone or via social media), information of the user is processed to answer the contact request in accordance with. Art. 6 para. 1 lit. b GDPR. In rarer cases, we process personal data to fulfill our legal obligations in accordance with Art. 6 para. 1 lit. c GDPR.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is the legal basis. In the case of a purely Swiss reference, the regulations of the DSG apply in accordance with Art. 12 and Art. 13.
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage has expired or a storage is no longer required. Personal data is also kept for the time in which claims against our company can be asserted.
In addition, storage may take place if regulations, laws or other regulations require longer storage. Corresponding proof and retention obligations arise, among other things, from the Commercial Code. The storage periods are thereafter normally ten years. The storage of personal usage data and cookies incl. IP addresses are limited to the period of time necessary for the fulfillment of the purpose.
Transfer to 3rd countries
In most cases, your personal data will only be processed within Switzerland and the EU. If, however, in individual applications processing takes place in non-EU countries, a transfer takes place in accordance with the requirements in Art. 44 ff. GDPR or Art. 6 DSG. The processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
With every access to our website, user data is transmitted through your internet browser and stored in log data (server log files). This stored data includes e.g. Name of page accessed, date and time of retrieval, amount of data transferred and the requesting provider as well as IP addresses. These data are processed under the legal basis of our legitimate interests and serve exclusively to ensure the trouble-free operation of our website.
Webhosting Amazon Web Services
Amazon Web Services (AWS) is designed to host data and files in order to manage and use this site. In addition, these offers may provide a ready-made infrastructure that handles specific functions or entire components of this website.
Collection and processing using the contact form
When using the contact form, we collect your personal data (name, e-mail address, message text) only in the scope provided by you. The data processing serves the purpose of establishing contact and initiating a contractual relationship. Processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interests lies in efficient communication and if contractually relevant under Art. 6 para. 1 lit. b GDPR. We use your e-mail address to process your inquiry or the later processing of contractual services.
When opening a customer account, we collect your personal data in the scope indicated there. The purpose of data processing is to improve your shopping experience and simplify order processing. Processing is based on Art. 6 para. 1 lit. b GDPR for performance of the contract. Further provision of the user account takes place after completion of the transaction under our legitimate interests in accordance with Art. 6 (1) lit. f GDPR to simplify future purchasing processes and to enable you to view old orders. These legitimate interests only apply if we process your data outside of the fulfillment of the contract.
Collection, processing and use of personal data for orders
When placing an order, we collect and use your personal data only insofar as this is necessary for the fulfillment and processing of your order and for the processing of your requests. The provision of the mandatory data in the fields is required for the conclusion of the contract. Non-provisioning means that no contract can be concluded. Processing is based on Art. 6 para. 1 lit. b GDPR.
- Payment service
- ERP/CRM service
- Service provider for order processing
- Web host, IT service provider
- Marketing service provider
In all cases we strictly observe the legal requirements. Appropriate data processing contracts have been concluded with the processors to ensure privacy.
Newsletter & Tracking
Regardless of the contract, we use your e-mail address solely for our own advertising purposes to send out our newsletter, if you have expressly consented to this. Processing is based on Art. 6 para. 1 lit. a GDPR with your consent. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until your revocation. You can unsubscribe from the newsletter at any time using the corresponding link in the newsletter or by notifying us. Your e-mail address will then be removed from the mailing list.
If you register for an e-mail newsletter, we will electronically record and store the personal data and information you provide us with. The purpose of this processing is initially the implementation of the so-called double-opt-in procedure, with which you can agree to the regular receiving of the e-mail newsletter. This means that after submitting your data and information, we will send you an e-mail to the e-mail address you have provided and ask you in this e-mail for confirmation that you wish to receive the newsletter. If there is no confirmation of your registration, your data will be deleted.
After your confirmation we will store your IP address and the time of the confirmation. The purpose of this procedure is to prove your registration for the e-mail newsletter and, if necessary, to detect and prevent possible misuse of your personal data. The legal basis for this is the aforementioned legitimate interests as well as a legal obligation (UWG).
Our newsletter is sent using Mailjet, an e-mail marketing software provided by Mailjet SAS, Rue de l'Aubrac 75012 Paris, France. The e-mail addresses of the recipients of our newsletters, as well as the data described in these notes, are located on the servers of Mailjet in data centers in France and possibly in Belgium, Germany and Great Britain. Mailjet uses this information to send and evaluate the newsletters on our behalf. Furthermore, Mailjet may use this data to optimize or improve its own services, e.g. for the technical optimization of shipping and the presentation of the newsletter. Mailjet's e-mail marketing cloud security concept is ISO 27001 certified. Further information can be found directly under https://www.mailjet.de/dsgvo/mailjet-iso-27001-zertifiziert-und-dsgvo-konform/.
We point out that we evaluate the behavior of the readers of our e-mail newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels. These web beacons or tracking pixels are one-pixel image files stored on our website. For the evaluation, we link the web beacons or tracking pixels with your e-mail address and an individual ID.
With the data obtained in this way, we create a user profile to tailor the newsletter to your interests. In doing so, when you read the newsletter, we record which links you click on in the newsletter and deduce your interests from it. We link this data to the actions you take on our websites. The purpose of this processing is to improve the quality of the newsletter, to optimize our offers and to delete recipients who do not read our newsletters. The legal basis for processing is Art. 6 (1) lit. f GDPR.
This tracking will not occur if you have disabled the display of images by default in your e-mail program. In this case the newsletter will not be displayed completely and you may not be able to use all the features. As soon as you have the pictures displayed, the just described tracking is activated.
Processing is based on Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interest in the above-mentioned purposes. The data collected by you in this way will be pseudonymised by technical means. An assignment of the data to your person is therefore not directly possible. The data will not be stored together with other personal data of you.
You have the right for reasons that arise from your particular situation, at any time based on Art. 6 Abs.1 lit. f GDPR to object to the processing of your personal data.
The links below will tell you how to manage (and disable) cookies on major browsers:
- Chrome Browser: https://support.google.com/accounts/answer/61416?hl=de
- Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Google Ireland Limited
On our website, we use the Google Analytics tool from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
For this purpose, a data processing contract with Google was signed.
The locations of Google's data centers can be viewed here: https://www.google.com/about/datacenters/inside/locations/index.html
A transfer of data to third countries outside the EU or Switzerland takes place i.a. under the Privacy Shield. Google Ireland Limited is certified under the Swiss-U.S. Privacy Shield Framework and the EU-US. Privacy Shield Framework. The active certification can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
With Google Analytics we collect information about the visitors of our website to present relevant offers.
The legal basis for this is the legitimate interest in providing the customer with targeted offers that meet their needs and minimize the amount of irrelevant and unwanted advertising.
Google Analytics captures website cookies, device or browser data, IP addresses, and website or app activity. This is to measure user interactions on websites and apps that use Google Analytics, as well as report on them.
Our user analysis also uses Universal Analytics. This allows us to obtain information about the use of our offers on different devices ("Cross Device"). We use a pseudonymised user ID with the help of the cookie technology, which contains no personal data and does not transmit this to Google. The data collection and storage can be rejected at any time with effect for the future through a browser plugin from Google (https://tools.google.com/dlpage/gaoptout?hl=de). This opt-out must be performed on all systems that you use, for example, in another browser or on your mobile device.
By linking different Google functions within the Google Analytics service with the Google Ads (formerly Google AdWords) service, we are additionally able to operate retargeting (also known as remarketing) using pseudonymized identification numbers. Hereby we can provide you advertising after leaving our site on different pages of our Publishing Partners.
Opt-Out: You can opt-out with one click on this Link and prevent Google Analytics from collecting information about you from this site. By clicking on the link above you download an "opt-out cookie". Your browser must allow the storage of cookies in principle. If you delete your cookies on a regular basis, you will need to click on the link each time you visit this website.
You can also deactivate Google Analytics permanently via plugin. Here you will find the plugin: https://support.google.com/analytics/answer/181881
Terms and Conditions: https://www.google.com/analytics/terms/de.html
In addition, we have activated the function IP Anonymization, which ensures that your IP address is anonymized. For this Google uses so-called IP masks. Before the anonymization, Google uses the IP to record the land and city data. At no time do we have access to your IP address via Google Analytics.
Google Ads (previously Google AdWords)
On our website we use Google Ads from Google (see above). This service allows us to show ads in Google's search results as well as Google AdSense and Publishing Partner's display networks. The aim is to use our advertising materials (so-called Google Ads) to draw attention to our offers on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. We are interested in showing you advertisements that are of interest to you, to make our site more interesting to you and to allow you to calculate advertising costs.
The legal basis for this is the legitimate interest (Article 6 (1) (f) GDPR) in the efficient marketing of our services.
Our websites use the features of Google Analytics in conjunction with the cross-device capabilities of Google Ads.
This feature allows the Google Analytics generated ad groups to be linked to the cross-device capabilities of Google Ads. In this way, interest-based, personalized advertising messages adapted to you based on your past usage and browsing behavior on one end device (e.g., cell phone) may also be displayed on another of your end devices (e.g., tablet or PC).
For this purpose, a cookie is set by means of a remarketing tag, which includes every visitor to the website (pseudonymised) in a list.
If you access our website through a Google ad, Google Ads will store a cookie on your computer. The unique cookie ID, the number of ad impressions per placement (Frequency), the last impression (relevant to post-view conversions), and opt-out information (marking that) are usually considered as analysis values the user does not want to be addressed) stored
These cookies allow Google to recognize your internet browser. If a user visits certain pages on a Google Ads customer's site and the cookie stored on their computer has not expired, Google and the customer will be able to detect that the user clicked on the ad and was redirected to that page.
You can prevent participation in this tracking process in several ways:
- by setting your browser software accordingly - the suppression of third-party cookies will result in you not receiving any third-party ads.
- By disabling the cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com (https://www.google.de/settings/ads) this setting will be deleted when you delete your cookies.
- by disabling the interest-based ads of the providers that are part of the "About Ads" self-regulatory campaign through the link https://www.aboutads.info/choices this setting will be deleted when you delete your cookies
- by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. We point out that in this case you may not be able to use all features of this offer in full.
We also use Google Tag Manager to manage the usage-based advertising services. The Tag Manager tool itself is a cookie-free domain and does not collect personal information. Rather, the tool provides for the resolution of other tags, which in turn may capture data.
Zendesk is a certified participant of the so-called "Privacy Shield Framework" and thus meets the requirements for legally compliant data processing. A data processing contract with Zendesk is in place.
We delete the requests, if they are no longer required. We check the necessity regularly; Inquiries from customers who have a customer account, we store permanently and refer to the deletion on the details of the customer account.
Chargebee, Chargebee Inc.'s service (340 S Lemon Avenue, # 1537, Walnut, California 91789, USA, "Chargebee"), uses some personal information for billing purposes.
Our portals allow you to initiate booking transactions. As far as this is necessary for the fulfillment of the contract, data will also be handed over to our payment service providers or the credit institution commissioned with the payment processing. The scope of the data is limited to the minimum required for the purpose of contract execution.
We process this data for the purpose of processing your order or to answer your request. The legal basis for the data processing is Art. 6 para. 1 p. 1 b. GDPR.
A data processing contract with Chargebee has been signed. Chargebee is certified under the Privacy Shield Agreement, providing a guarantee to ensure the level of protection afforded by European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TN6jAAG&status=Active).
Within our online offer will use the marketing functions (so-called "LinkedIn Insight Tag") of the network LinkedIn. Providers is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States. Each time you visit one of our pages that includes LinkedIn features, it will connect to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. In particular, the LinkedIn Insight Tag will allow us to analyze the success of our campaigns within LinkedIn, or target audiences based on how users interact with our online offering. Our legal basis here is our legitimate interest (Article 6 (1) sent. 1 f. GDPR) in optimal alignment and measurement of our campaigns.
If you are a registered LinkedIn User, LinkedIn is able to associate your interaction with our online offering with your user account. LinkedIn is certified under the Privacy Shield Agreement, which provides a adequate
Rights of the data subject
As the data subject, you are entitled to the following rights in accordance with the GDPR.
You may ask the person responsible for a confirmation as to whether personal data concerning you is being processed. If such processing is available, you may request information from the person responsible in accordance with Article 15 of the GDPR regarding information about the data stored about you. This includes:
- the processing purposes;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations;
- if possible, the planned duration for which the personal data are stored or, if this is not possible, the criteria for determining that duration;
- the existence of a right to rectification or erasure of the personal data relating to him or to a restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data are not collected from the data subject, all available information on the source of the data;
- the existence of automated decision-making including profiling according to Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.
If personal data are transmitted to a third country or to an international organization, you have the right to be informed about the appropriate guarantees under Article 46 of the GDPR in connection with the transfer.
Right to revoke the declaration of consent
You have the right to revoke your data protection consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Right to rectification
According to Art. 16 GDPR, they have a right of correction and / or completion to the person responsible, if the processed personal data concerning you are incorrect or incomplete. The person in charge must make the correction without delay.
Right to delete
You may demand that the personal data concerning you be deleted immediately in accordance with Art. 17 GDPR if one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- They revoke their consent, to which the processing according to Article 6 paragraph 1 lit. a or Article 9 paragraph 2 lit. a GDPR and there is no other legal basis for the processing.
- In accordance with Article 21 (1) GDPR, you object to the processing and there are no legitimate reasons for the processing, or you object to the processing according to Article 21 (2) GDPR.
- The personal data was processed unlawfully.
- The deletion of your personal data is necessary to fulfill a legal obligation under EU or national law
- The personal data were collected in relation to information society services offered pursuant to Article 8 (1) of the GDPR.
Right to restriction of processing
According to Art. 18 GDPR, you may demand the restriction of the processing of your personal data under the following conditions. If:
- the accuracy of your personal information is disputed by you. The restriction applies to the period during which the person responsible can verify the accuracy of the personal data.
- the processing is unlawful and you refuse the deletion of personal data and instead demand the restriction of the use of personal data;
- the controller no longer needs the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims, or
- You have objected to the processing in accordance with Article 21 paragraph 1 GDPR, as long as it is not certain whether the legitimate reasons of the person responsible over you prevail.
- If the processing of personal data concerning you has been restricted, this data may be (with the exception of its storage) only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.
Right to data portability
According to Art. 20 GDPR, you have the right to receive the personal data that you have provided us in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person responsible, provided that
- the processing is based on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 12 lit. a GDPR or on a contract acc. Art. 6 para. 1 lit. b GDPR and
- the processing is done by automated methods.
Right to object
You have the right according to Art. 21 GDPR, for reasons that arise from your particular situation, at any time to object against the processing of your personal data, which, is based on Art. e or lit. f GDPR.
We no longer process your personal information about you unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
You have the option, in connection with the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
Automated decision in individual cases
You have the right not to be subjected to a decision based solely on automated processing (including profiling), which has legal effect on you or, in a similar manner, significantly affects you. This does not apply if the decision
- is required for the conclusion or fulfillment of a contract between you and us,
- is permissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
- with your express consent.