Privacy Notice of xhost.ch GmbH

xhost.ch GmbH, c/o Unico Treuhand AG, Dammstrasse 58, 3400 Burgdorf, Switzerland (hereinafter «we», «us», or «our»), is responsible for the collection, processing, and use of your personal data and ensures that the personal data is handled in accordance with the applicable data protection laws.

In this privacy notice, we inform you about how we process your personal data when you use our website www.multicraft.org (hereinafter «Website»), access and use our software ‘Multicraft’ (the «Software»), and any related updates, supplements, and services (together the «Services»), communicate with us or otherwise interact with us.

If you have any data protection related queries or concerns, please feel free to contact us at the following address:

xhost.ch GmbH
c/o Unico Treuhand AG
Dammstrasse 58
CH-3400 Burgdorf

https://www.multicraft.org/site/contact

1. What personal data we process

We process the following categories of personal data about you:

Master data: Personal data that we process for the purpose of conducting our business relations, including name, postal address, telephone number, e-mail address, function, position, and consent forms.
Transactional data: Personal data that arises in connection with the purchase, access, and use of Services or the Software, including information about the purchase process, contract content, and about contract administration, and execution.
Financial data: Personal data that arises in the course of processing financial obligations arising from our contractual or other business relationships, including billing and payment information.
Technical data: Personal data collected when you use our Website, products (including Software), and Services, including IP address, operating system information, date, region and time of use, browser type, full URL, page response times and errors encountered, number of servers, and log-in information.
Note: Some products (including Software) and Services provide the option to provide ‘anonymous usage statistics’. If this option is enabled, technical data including application version, license number, IP address, OS type, and number of servers are collected.
Preference data: Personal data that is collected to tailor our products (including Software), Services, and Website to your preferences through relevant analysis and evaluation, including information about specific actions (e.g., response to electronic communications), location data, and interaction with social media profiles.

We obtain most of the aforementioned personal data directly from your use and access of our Website, Software, and Services. To the extent permitted, we also obtain personal data from publicly accessible sources or from public authorities and other third parties (e.g., contractual partners and internet analysis services).

2. How we process your personal data

We process your personal data for the following purposes:

Business relationships: Establishing, managing, and handling contractual relationships and handle support requests.
Compliance with our Terms of Services and further policies: Verifying the validity of licenses to access and use our Software and Services; informing you about important events related to the Software and Services.
Advertising and marketing: Conducting events; sending personalized advertising about our products (including Software) and Services via various contact information known to us (in the form of newsletters and other regular contacts as well as in the context of individual marketing campaigns such as contests, competitions, or similar events).
Market and opinion research: Analysis and evaluation of the use of our products (including Software), Services, and Website; further development of our offerings and Website; opinion surveys.
Security and access control: Monitoring, control, analysis, and testing of our networks and IT infrastructures; system and error checks; documentation; security copies; monitoring systems.
Compliance with laws, regulatory recommendations, and directives: KYC clarifications; fulfillment of disclosure, information, and reporting obligations; fulfillment of archiving obligations; prevention, detection, and clarification of criminal acts.
Safeguarding legal claims: Assertion, implementation, and defense of legal claims.
Transactional activities: facilitating due diligence by potential buyers, sellers, and other stakeholders involved in (M&A) transactions; verifying identities; assessing financial standing; evaluating transaction risks; complying with legal and regulatory requirements.
Guaranteeing our business operations and Website: Maintenance, provision, improvement, and monitoring of our products (including Software), Services, and Website. This includes sharing personal data to the extent necessary and permitted by applicable laws with third party analytics, search engine providers, and contractors or vendors who perform services on our behalf.

3. The basis we process your personal data on

We process your personal data on the following legal basis:

Consent: If we process your personal data based on your explicit consent, we will inform you separately of the corresponding purposes of the specific instances of processing. You can revoke your consent at any time, free of charge, and without providing reasons (see section 8).
Initiation or execution of a contract.
Safeguarding our legitimate interests or those of a third party.
Compliance with legal obligations.

4. Online tracking and online advertising techniques

We use cookies and similar techniques on our Website that identify your browser and terminal device. We also allow third parties to use cookies and similar techniques on our Website.

Cookies are small text files that are permanently or temporarily stored on your terminal device and saved by the browser used to visit our Website. We use cookies for the purpose of analyzing the use of the Website for statistical evaluation as well as identifying improvements to continuously adapt the user experience for greater efficiency. In the settings of your browser, cookies can be partially or entirely disabled at any time.

In accordance with the law, we may use technically necessary cookies that are required for the operation of our Website and to ensure its functionality. Depending on the purpose, necessary cookies are stored permanently or are deleted when the browser is closed. If you choose to block necessary cookies, certain functions of our Website may be limited or unavailable.

With your consent, we use further cookies to analyze your behavior on our Website and to optimize and personalize the content to your preferences. For this purpose, we use the following third-party analytics services:

Google Analytics: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, is the provider of Google Analytics and acts as our data processor. For its services, Google Ireland Ltd. relies on Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (both together, hereinafter «Google»).

Through the use of cookies, Google systematically records and evaluates your behavior on the Website. It creates reports for us using this data, giving us insight into how the Website is used. We have configured the service in such a way that your IP address is shortened by Google in Europe before being forwarded to Google in the USA. Thus, your IP address cannot be traced back to you or your device. Although the information we share with Google is not associated with the identity of a user of our Website, one cannot exclude the possibility that Google may draw conclusions about your identity given this data for its own purposes, creating personal profiles and linking this data to your Google account. If you agree to the use of Google Analytics, you explicitly consent to such processing, which also includes the transfer of your personal data to Google in the USA and other countries. Please find more information about the data protection of Google Analytics here. If you have a Google account, you can find more information about data processing by Google here. If you would like to deactivate Google Analytics, you can download and install the relevant browser add-on here.

With your consent, we use a device tracking add-on to protect transactions from fraud. For this purpose, we use the following third-party tracking service:

Maxmind: Maxmind, Inc., 51 Pleasant Street #1020, Maiden, MA 02148, USA, is the provider of Maxmind and acts as our data processor.

The Maxmind minFraud Service is a data return service that helps us prevent online fraud by providing risk scoring and risk data related to online transactions. minFraud collects data from our users in order to verify and complete online transactions. The device tracking add on is added to our Website (especially the product landing pages and all pages within the purchase flow) and runs on a visiting device so that it can assign a device ID and begin collecting information. This will enable to detect fraudsters if they change or enable proxies while browsing our Website. The device tracking add-on uses both a cookie and local storage as one method of distinguishing unique devices. The add-on sets a cookie with a two-year expiration for the effective second-level domain on our Website. Both the cookie and the local storage key are named «__mmapiwsid». MaxMind may use other browser storage techniques in the future to enhance the performance of the device tracking add-on. Please find more information about the data protection of Maxmind here.

5. Data disclosure to third parties and data transfer abroad

We may disclose your personal data to third parties if this serves the provision of efficient and high-quality products (including Software), Services, and Website or is necessary for the processing purposes mentioned above. These third parties are partly located in Switzerland but can in principle be located in any country in the world (in particular in Germany, but also in other countries in Europe and the USA).

The data recipients are obliged to protect your personal data in accordance with the agreed contractual obligations and the applicable data protection laws. If the level of data protection in a recipient country does not correspond to the Swiss or European level, we contractually ensure that the protection of your personal data corresponds at all times to that level in Switzerland or the EU. For this purpose, we agree with the third parties on the EU standard clauses and, if necessary, implement additional technical and organizational measures.

In particular, we may disclose your personal data to the following categories of recipients:

Group companies: Our group companies may process your personal data for the same purposes as we do.
Service providers: We work with trusted service providers (some of whom are explicitly mentioned in this privacy notice) who process personal data about you on our behalf or under joint responsibility (for example, providers of telecommunications systems, IT system support, advertising, marketing, payment, credit reference agencies, or other services). These service providers may also use your personal data for their own purposes. Service providers provide information about their own data processing in their respective privacy notices.
Buyers, acquirers, or merger partners: In connection with an actual or potential restructuring of part or all of our business or assets, or any rights or interests related thereto, we may disclose your personal data to potential buyers, acquirers, merger partners, or sellers and their advisors.
Government agencies: We may disclose your personal data to governmental agencies, courts, and other authorities, both domestic and foreign, if we are legally obliged or entitled to do so or if we deem it necessary to protect our interests.

6. Retention periods

We only retain your personal data for as long as is necessary for the purpose for which it was collected or for a period of time to which we are obligated by applicable laws and regulations or contractual agreements. If there are no legal or contractual obligations to the contrary, we will anonymize or delete your personal data after the storage or processing period has expired.

7. Data security

To protect your personal data from loss, misuse, alteration, or destruction, we have implemented appropriate technical and organizational security policies and procedures. Access to personal data is generally restricted. Our employees and the service providers commissioned by us are obliged to maintain confidentiality and to comply with the provisions of data protection law. To further protect your personal data, we make use of procedures such as pseudonymization or anonymization where appropriate.

Notwithstanding the measures taken, it is not possible to guarantee the absolute security of your personal data. In this context, please also note that data transmitted via an open network such as the Internet or an e-mail service is openly accessible. We cannot guarantee the confidentiality of messages or content shared over these networks. If you share personal data over an open network, you should be aware that third parties may access, collect, and use this data for their own purposes.

8. Your data protection rights

You have the following data protection rights:

Access: You have the right to access your personal data. This gives you the opportunity to check what personal data we process about you and that we process it in accordance with the applicable data protection regulations.
Correction: You have the right to request that we correct your personal data if it is incorrect or incomplete.
Deletion: You have the right to have your personal data deleted if you withdraw your consent to its processing or if we no longer need the personal data for the original purpose of its use and are not obliged to retain it.
Restriction of processing: You have the right to temporarily restrict the processing of your personal data by us if you doubt the accuracy of the personal data or wish to restrict the use of the data instead of having it deleted.
Data portability: You have the right, under certain circumstances, to obtain from us, free of charge, the personal data you have provided to us in a readable format.
Lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a competent supervisory authority about the way we process your personal data.
Withdrawal: You have the right to withdraw your consent to the processing of your personal data at any time, free of charge, and without giving any reason. Processing activities conducted with your consent in the past, prior to you revoking consent, do not become unlawful as a result of your revocation.

To exercise your data protection rights, we kindly ask you to contact us in writing or, unless otherwise specified or agreed, by e-mail to the contact address stated at the beginning of this document.

To prevent misuses, we may ask you for proof of identity. We will endeavor to respond to privacy requests within 30 days of receipt. No fee will be charged for processing your request unless the request is clearly unfounded or disproportionate. In certain circumstances, we may not be able to honor your request for other legal reasons.

9. Changes to this privacy notice

We may amend this privacy notice at any time without prior notice. The latest version published on our Website shall apply.