Data protection is a high priority for Digital Republic. We aim to create added value for our customers through the use of data. Transparency and the responsible handling of your personal data are key concerns for us.

With the following privacy policy, we inform you about which personal data is collected and processed when you use our website and in the context of a contractual relationship.

In order to ensure a high level of protection of the personal data processed by us, Digital Republic has implemented numerous organizational and technical measures.

The mobilezone Group’s Code of Conduct sets out further guidelines on how our employees should behave in connection with confidential data.

Digital Republic AG
Suurstoffi 22
CH-6343 Rotkreuz

Table of Contents

Introduction

The privacy policy describes how and why Digtal Republic collects, processes and uses personal data via the platforms digitalrebublic.ch, esim.ch and connect.digitalrepublic.ch (collectively referred to as “Digital Republic”). Digital Republic takes the issue of data protection seriously. The responsible handling of customer data is important to us and their trust in us and our business activities is important to us. We are constantly making adjustments to protect our customers’ personal data even better.

Personal data refers to all information relating to an identified or identifiable person. The purpose of this information is:

  • Comprehensive information about the processing of your personal data by us;
  • The presentation of your rights in connection with the processing of your personal data; and
  • The provision of the contact details of the controller responsible for the processing of personal data and the data protection officer of Digital Republic.

We comply with the provisions of the Federal Act on Data Protection (DSG), the Ordinance to the Federal Act on Data Protection (DSV), the Telecommunications Act (FMG) and, where applicable, other provisions of data protection law, such as the European General Data Protection Regulation (DSGVO). Where the DSVGO is applicable, we have described the legal basis for processing.

What personal data do we process and for what purpose?

Depending on your activity or interaction with us, we process different personal data:

Visit to the website

When you visit our websites, our servers temporarily store every access in a log file. The following data is recorded without any action on the part of the user and stored by us until it is automatically deleted after 6 months at the latest:

  • The IP address of the requesting computer (shortened)
  • The name of the Internet access provider used (usually the Internet service provider used)
  • The date and time of access
  • The name and URL of the retrieved file
  • The page and address of the website from which you were redirected to our websites and, if applicable, the search term used
  • The country from which our websites are accessed
  • The operating system of the computer used and the browser used (provider, version and language)
  • The transfer protocol used

This data is collected and processed for the purpose of enabling the use of our websites (establishing a connection), ensuring system security and stability in the long term and enabling the optimization of our website as well as for internal statistical purposes.

In the event of an attack on the network infrastructure or suspicion of other unauthorized or abusive website use, the IP address is evaluated for clarification and defense and, if necessary, used in the context of criminal proceedings for identification and civil or criminal proceedings.

The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO to ensure the above-mentioned purposes.

We use cookies and other applications that are based on cookies. Further information on this can be found in the sections “Cookies” and “Tracking tools”.

Customer registration

When creating a customer account in connection with a purchase online or in a store (e.g. conclusion of a contract), we collect the following personal data:

  • Title / Gender
  • Surname, first name
  • Address
  • E-mail address
  • Date of birth
  • Phone number

The legal basis is the necessity to fulfill the contract within the meaning of Art. 6 para. 1 lit. b DSGVO.

Online shop

Purchase of devices and accessories

When you shop in the Digital Republic online store, we process the following personal data:

  • Surname, first name
  • Address
  • E-mail address
  • Phone number

The purpose of this data processing is to enable postal delivery of the orders placed. Certain data must be provided. If the mandatory information is not provided to us, it will not be possible to make purchases in our online store, or only to a limited extent.

The legal basis is the necessity to fulfill the contract within the meaning of Art. 6 para. 1 lit. b DSGVO.

Certain data may be used for marketing purposes, for example to draw attention to new products. Customers can unsubscribe at any time so that their data is no longer processed for marketing purposes. In addition, our customer service may process the data in order to maintain the business relationship (e.g. in the event of a complaint, etc.).

The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO for the performance of marketing activities.

Conclusion of contracts

When concluding mobile and/or Internet contracts, we process the following personal data:

  • Title / Gender
  • Surname, first name
  • Address
  • Date of birth
  • Phone number
  • SIM card reference
  • Identity document

The purpose of this data processing is to ensure that we can issue invoices. By providing the date of birth, we verify whether the customer has reached the age of majority to be able to conclude a contract independently in the legal sense. Certain data is mandatory. If the mandatory information is not provided to us, it is not possible or only possible to a limited extent to make purchases in our online store or to conclude contracts.

The legal basis is the necessity to fulfill the contract within the meaning of Art. 6 para. 1 lit. b DSGVO.

In addition, this processing is based on the legal basis of legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO for compliance with mandatory Swiss law.

Certain data may be used for marketing purposes, for example to draw attention to new products. Customers can unsubscribe at any time so that their data is no longer processed for marketing purposes. In addition, customer service may process the data for the purpose of maintaining the business relationship (e.g. in the event of a complaint, etc.).

The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO for the performance of marketing activities.

Repair services online

When you order repair services from Digital Republic, we process the following personal data:

  • Title / Gender
  • Surname, first name
  • Address
  • Phone number
  • E-mail address
  • Information on the product and the damage pattern (model, serial numbers, etc.)

The purpose of this data processing is to enable us to process the repair order, contact you in the event of queries and deliver the repaired products to you again.

The legal basis is the necessity to fulfill the contract within the meaning of Art. 6 para. 1 lit. b DSGVO.

Customer service

We process the following personal data in order to maintain the business relationship with our customers:

  • Company name
  • Title / Gender
  • Surname, first name
  • Address
  • Phone number
  • E-mail address
  • Identity document

This personal data is used by us to inform our customers about important business transactions, in particular about the availability of our services and about invoicing.

When contacting Customer Service, this personal data is collected in order to identify our customers in our systems and to document the respective customer service case and to be able to process it ourselves with further transaction data.

Job application

When interested parties apply for a position, the following personal data is collected:

  • Title / Gender
  • Surname, first name
  • Address
  • Phone number
  • E-mail address
  • Date of birth
  • CV and certificates
  • Extract from the criminal record
  • Extract from the debt enforcement register

The purpose of this data processing is to enable Digital Republic to check the application and ensure that the applicant is suitable for the advertised position. Furthermore, in the event of an employment relationship, the information is used to maintain the employment relationship.

Marketing

We process the following data as part of our marketing activities: newsletters, satisfaction surveys, outbound calls and transaction information, which we carry out via e-mail, SMS and telephone:

  • Company name
  • Surname, first name
  • Address
  • Phone number
  • E-mail address

Our newsletter or other email communication contains a so-called web beacon (tracking pixel) or similar technical means. A web beacon is a 1×1 pixel, invisible graphic that is associated with the user ID of the respective newsletter subscriber or email recipient and is stored on our website. To carry out this analysis, we link personal data and the web beacons with the email address and an individually generated ID. This ID is also contained in the links provided in the newsletter. We use this data to create a user profile and adapt the newsletter to the individual interests of the recipients. We track when our newsletters are read and which links are clicked on, and derive interests from this.

The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO for the performance of marketing activities.

For each newsletter or other marketing communication sent, there is information on the address file used, the subject and the number of emails sent. It is also possible to see which email addresses the newsletter or other communication has not yet been sent to, which email addresses it has been sent to and which email addresses have failed to receive it. It is also possible to see which email addresses have opened the newsletter or other communication and which email addresses have unsubscribed. We use this data for statistical purposes and to optimize the newsletter or our other communication in terms of content and structure. This enables us to better tailor the information and offers in our newsletter and our marketing communication in general to the individual interests of the recipients. The tracking pixel is deleted when the newsletter or email is deleted.

In order to prevent the use of web beacons in our newsletter or in other communication, if this is not already the case by default, the e-mail client can be set so that no HTML is displayed in messages.

We use the services of Twilio Sendgrid for our e-mail marketing.

Marketing activities can be canceled at any time by contacting us or via the unsubscribe link at the end of each newsletter.

Customer surveys

Digital Republic may contact customers by email to invite them to rate any services and/or products they have received from us. This is done with the aim of obtaining feedback and improving our services and products.

Affiliate Marketing

We place ads via the affiliate platform Adtraction. In order to provide its service, Adtraction processes the IP address and technical data about the browser used by users when they interact with the ads. The data collected is used exclusively for the processing of sales generated via advertisements and is not passed on to third parties. Adtraction is committed to taking technical and organizational measures to protect all collected data against unauthorized access. Further information on data protection by Adtraction can be found under the following link:

Sources of personal data

In principle, we collect personal data directly from our customers (e.g. via forms, as part of communication with us, in connection with purchases and the conclusion of contracts and when using the website.

Insofar as this is not inadmissible, we also obtain data from publicly accessible sources (such as the media or the internet, including social media) or receive data from other companies within our group, from authorities and from other third parties (such as credit agencies, associations, contractual partners, internet analysis services, etc.).

The categories of personal data that we receive from third parties include, in particular, information from public registers, information that we learn in connection with official and legal proceedings, information in connection with professional functions and activities (so that we can, for example, conclude and process transactions with our clients’ employers), information about correspondence and meetings with third parties, creditworthiness information, information that people from the environment (family, advisors, legal representatives, etc.) provide to us so that we can conclude or process contracts with them or involve them (e.g. references, the address for deliveries, authorizations, information for compliance with legal requirements such as fraud, legal advice, etc.). (e.g. references, the address for deliveries, powers of attorney, information on compliance with legal requirements such as combating fraud, money laundering and terrorism and export restrictions, information from banks, insurance companies and sales and other contractual partners of ours on the use or provision of services by our customers (e.g. payments, purchases, etc.), information from the media and the Internet on the use or provision of services by our customers (e.g. payments, purchases, etc.). ), personal data from the media and the Internet (insofar as this is appropriate in the specific case, for example in the context of an application, marketing/sales, press review, etc.), addresses and, if applicable, other socio-demographic data (in particular for marketing and research) and data in connection with the use of third-party websites and online offers, where this use can be attributed.

Social Media

Links to social media networks can be found on our platforms. These are not plugins provided by the social media network, which already transmit data to the provider when our platforms are loaded, without the user having any influence. The buttons for the social media networks merely contain a link to our presence on the social media network. No user data is transmitted from our platforms to the social media network.

The links lead to our presence on the following networks:

  • Facebook, of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;Facebook, von Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
  • Instagram Inc., 1601 Willow Road, Meno Park, CA 94025, USA;
  • Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND
  • LinkedIn of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; and
  • YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  • TikTok, by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

When a link to one of our social media profiles is accessed, a direct connection is established between the user’s device and the server of the social network in question. This informs the network that our platforms have been used and that the link has been accessed. If a link to a network is accessed while you are logged into your account on the relevant network, the content from our platforms can be linked to your profile on the network, which means that the network can assign the use of our platforms directly to your user account. This can be prevented by logging out before clicking on the corresponding link. An assignment takes place in any case if you log in to the relevant network after clicking on the link.

Tracking-Tools

We use web analysis tools to adapt our websites to requirements. The web analysis tools we use generate user profiles based on pseudonyms. For this purpose, permanent cookies are stored on the user’s end device and read by us. This enables us to identify returning visitors and determine their number.

Google Analytics

On our platforms, we use Google Analytics (including Google Analytics for Firebase), an analysis tool from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). Google Analytics uses methods that make it possible to analyze the use of our platforms, such as cookies. The information generated by the cookie about your use of our platforms

like

  • App updates,
  • Browser information,
  • Click path,
  • Date and time of the visit,
  • Device information,
  • Downloads,
  • Flash-Version,
  • Location information,
  • IP address,
  • JavaScript-Support,
  • visited sites,
  • Purchase activity,
  • Referrer URL,
  • Usage data,
  • Widget interactions,
  • Navigation path that a visitor follows on the websites,
  • Time spent on the websites and subpages,
  • The subpage on which the websites are left,
  • The country, region or city from which access is made,
  • End device (type, version, color depth, resolution, width and height of the browser window),
  • Returning or new visitor,
  • Browser provider/version,
  • The operating system used,
  • The referrer URL (previously visited website),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are usually transmitted to a server of our service provider Stape.io in Belgium, stored anonymously and transmitted to a Google server in the USA. The IP address is shortened by activating IP anonymization (“anonymizeIP”) before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area or Switzerland. According to Google, the masked IP address transmitted by Google Analytics will not be merged with other Google data. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. In these cases, we ensure through contractual guarantees that Google complies with an adequate level of data protection.

The information is used to evaluate the use of our platforms, to compile reports on the activities on our platforms and to provide other services associated with the use of our platforms for the purposes of market research and the needs-based design of our platforms. This information may be transferred to third parties if this is required by law or if third parties process this data on our behalf.

The legal basis for processing the data for this purpose is the user’s consent. Consent can be revoked at any time with effect for the future.

Users can prevent Google from collecting the data generated by the cookie and relating to the use of our platforms by the user concerned (including the IP address) and from processing this data by Google by preventing cookies or by making the appropriate settings on our platforms.

Further information about Google and how Google processes data can be found here.

Cookies

We use cookies on our websites. These cookies help in many ways to make visiting and using our platforms easier, more pleasant and more useful.

Cookies are individual codes (e.g. a serial number) that our server or a server of our service provider or advertising contract partner transmits to the user’s system when connecting to our website and that your system (browser, mobile) receives and stores until the programmed expiry date. With each subsequent access, the user’s system transmits these codes to our server or the server of the third party. In this way, users are recognized, even if their identity is unknown.

Whenever a server is accessed (for example, when using a website or an app or because an image is visibly or invisibly integrated in an email), visits can be “tracked”. If we integrate offers from a contractual advertising partner or provider of an analysis tool on our website, this partner can track the user in the same way, even if the user cannot be identified in individual cases.

Most end devices/Internet browsers accept cookies automatically. However, the device/Internet browser can be configured so that no cookies are stored or a message always appears when a new cookie arrives.

Deactivating cookies may mean that not all functions of our websites/apps/services can be used. Necessary cookies cannot be deactivated as they are essential for the provision of the full functionality of our systems.

Profiling

We can evaluate certain personal characteristics automatically (“profiling”) if we want to determine data about preferences, but also to determine abuse and security risks, to carry out statistical evaluations or for operational planning purposes. No automated decision-making takes place.

Disclosure of personal data to third parties

In connection with the use of our offers on our platforms and when visiting our stores, we pass on personal data to the following categories of recipients:

Subsidiaries

For the purpose of providing administrative services, IT services and marketing activities, we also provide the necessary data to our Group subsidiaries

mobilezone holding ag, mobilezone reload ag, mobilezone ag, IT Business Services GmbH, TalkTalk AG

.

Service providers

We work with service providers in Switzerland and abroad who process data on our behalf or under joint responsibility with us or who receive data from us under their own responsibility (e.g. IT providers, shipping companies, advertising service providers, login service providers, cleaning companies, security companies, banks, insurance companies, debt collection companies, credit agencies, address verifiers, network operators).

We provide these service providers with the data required for their services. These service providers may also use such data for their own purposes, for example information on outstanding debts and payment history in the case of credit agencies or anonymized information to improve services. We also conclude contracts with these service providers that contain provisions for the protection of personal data. Our service providers may also process data on how their services are used and other data generated in the course of using their services as independent controllers for their own legitimate interests (e.g. for statistical analysis or billing).

Authorities

We may pass on personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities process the data they receive from us under their own responsibility.

Acquirers or interested parties

Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to carry out a due diligence review or to complete the transaction.

Other parties

in potential or actual legal proceedings.

All of these categories of recipients may in turn involve third parties, so that data may also be made accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

We also allow certain third parties to collect personal data on our website and at our events (e.g. media photographers, providers of tools that we have integrated on our website, etc.). Insofar as we are not decisively involved in this data collection, these third parties are solely responsible for it. These third parties must be contacted directly to assert these data protection rights.

Transfer of personal data to other countries

As explained above, we also disclose data to other bodies. These are not only located in Switzerland. Data can therefore be processed both in Europe and in countries outside Europe.

Transfers to foreign countries

  • European Union (EU)
  • European Economic Area (EEA)
  • United States of America (USA)
  • United Kingdom (UK)

Compliance with the applicable data protection

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (we use the revised Standard contractual clauses of the European Commission), unless it is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract requires such disclosure, if consent has been given or if the data in question has been made generally accessible and its processing has not been objected to.

We have taken the measures described above with our service providers in the USA.

Data that is exchanged via the internet is often routed via third countries. This means that data can be sent abroad even if the sender and recipient are located in the same country.

Information on data transfers to the USA

Some of the third-party service providers mentioned in this privacy policy are based in the USA. For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland that surveillance measures are in place in the USA by US authorities, which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without differentiation, restriction or exception on the basis of the objective pursued and without an objective criterion that makes it possible to restrict the US authorities’ access to the data and its subsequent use to very specific, strictly limited purposes that justify the interference associated with both access to this data and its use. We would also like to point out that there are no legal remedies available in the USA for data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw the attention of data subjects to this legal and factual situation so that they can make an appropriately informed decision to consent to the use of their data.

We would like to point out to users residing in Switzerland that the USA does not have an adequate level of data protection from a Swiss perspective – partly due to the issues mentioned in this section. Insofar as we have explained in this privacy policy that recipients of data (such as Google) are based in the USA, we will ensure that data is protected at an appropriate level by our partners through contractual arrangements with these companies and any additional appropriate safeguards that may be required to protect the rights of persons whose personal data is transferred to a third country.

Data security

We use suitable technical and organizational security measures to protect personal data stored by us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

We take data protection within the company seriously. Our employees and the service companies commissioned by us have been sworn to secrecy and to comply with data protection regulations.

Storage of data

Storage location

Personal data is stored in the following countries:

  • Switzerland
  • European Union (EU)
  • European Economic Area (EEA)

Duration of storage

We only store personal data for as long as necessary to provide services that have been requested or for purposes for which consent has been given. Data is only stored for as long as it is required for these purposes.

  • Consequently, data will be deleted by Digital Republic if:
  • The corresponding legal basis for processing the data no longer exists,
  • The purpose of processing the data no longer exists,
  • The consent to the processing of the data is revoked,
  • A legal obligation makes the deletion necessary, or
  • The processing of personal data is objected to,

In all other cases, the storage period is generally 10 years – unless there are deviating statutory retention periods.

Personal data when applying for a job

Personal data processed during the application process will be deleted within 90 days of completion of the application process.

Your rights

You can object to data processing at any time. You also have the following rights:

Right to Information
You have the right to request access to your personal data stored by us at any time free of charge if we are processing it. This gives you the opportunity to check what personal data we process about you and that we use it in accordance with the applicable data protection regulations.

Right to rectification
You have the right to have incorrect or incomplete personal data corrected and to be informed of the correction. In this case, we will inform the recipients of the data concerned about the adjustments made, unless this is impossible or involves disproportionate effort.

Right to erasure
You have the right to have your personal data deleted under certain circumstances. In individual cases, the right to erasure may be excluded.

Right to restriction of processing
Under certain conditions, you have the right to request that the processing of your personal data be restricted.

Right to object
You have the right to object to data processing, in particular to the processing of your personal data. against direct advertising.

Right to data transfer
Under certain circumstances, you have the right to receive from us, free of charge, the personal data that you have provided to us in a machine-readable format.

Right of withdrawal
In principle, you have the right to withdraw your consent at any time with effect for the future. Processing activities based on your consent in the past are not rendered unlawful by your revocation.

Right of appeal
You have the right to file a complaint with a competent supervisory authority, for example against the way in which your personal data is processed.

Contact

If you have any questions about data protection at Digital Republic, would like information or would like to have your data deleted, please contact us by sending an e-mail to [email protected].

Please send your request by post to the following address:

mobilezone ag
Datenschutz
6343 Rotkreuz
Switzerland

Representative of Digital Republic AG in the EU/EEA

mobilezone gmbh
Datenschutz
Richmodstraße 10
50667 Köln
[email protected]

Adjustment

This privacy policy is not part of any contract with you. We may amend this Privacy Policy at any time. The version published on our platforms is the current version.

Last update: November 1, 2023