Data protection regulations

We take the privacy and security of visitors to our website extremely seriously. On this website, we point out which data protection regulations apply for mdd.ch.

We may amend and supplement this Privacy Policy at any time. We will provide information about such adjustments and additions in a suitable form, in particular by publishing the respective current Privacy Policy on our website.

We process personal data in accordance with the provisions of the Swiss Data Protection Act (DSG) and the European General Data Protection Regulation (GDPR).


1. Name and address of the controller
The controller, within the meaning of the GDPR and other national data protection laws and provisions, who decides on the purposes and means of the processing of personal data, is:

Management Digital Data AG
Gotthardstrasse 62
8002 Zürich

The data protection officer/data protection coordinator for the controller can be reached using the following contact details:

Telephone number: +41 (0) 58 810 12 12
E-mail: info@mdd.ch

2. Scope and purpose of the processing personal data
We only process your personal data insofar as this is necessary for the provision of a functional website as well as our content and services. In particular, such personal data may fall into the categories of inventory and contact data, browser and device data, content data, meta or edge data and usage data, location data, sales, contract and payment data.

The periodic processing of your personal data is only carried out once we have obtained your prior consent. An exception is made in such cases where prior consent cannot be obtained for factual reasons and statutory provisions permit the processing of the data.


3. Legal basis for processing of personal data
We process personal data in accordance with Swiss data protection law.

If and to the extent that GDPR is applicable, we shall process personal data in accordance with at least one of the following legal bases:

Provided that we have obtained the data subject's consent to process their personal data, Article 6(1a) GDPR shall serve as the legal basis.

When processing personal data that is required to fulfil a contract with the data subject, Article 6(1b) GDPR shall serve as the legal basis. This shall also apply to processing operations that are required in order to take steps prior to entering into a contract.

Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1c) GDPR shall serve as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Article 6(1d) GDPR shall serve as the legal basis.

If the purpose of processing personal data is to perform a task that is in the public interest, Article 6(1e) GDPR shall serve as the legal basis.
If processing is necessary in order to protect a legitimate interest of our company or a third party, except where such interests are outweighed by the interests, fundamental rights and freedoms of the data subject, Article 6(1f) GDPR shall serve as the legal basis for processing.

4. Description and scope of the data processing

4.1 Server log files 
Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected here:

  • Information about the browser type and version used
  • The user's operating system;
  • The user's Internet service provider
  • The user's IP address
  • Date and time of the access
  • Websites from which the user's system accesses our website
  • Websites that the user accesses via our website

We store such information, which may also constitute personal data, in server log files. The information is necessary to continuously provide our online service in a way that is user-friendly and reliable, as well as to ensure data security and therefore, in particular, the protection of personal data – also by third parties or with the help of third parties (Article 13(2a) Swiss Data Protection Act and Article 6(1f) GDPR).

The data shall be stored for a maximum of 744 days and then erased. Additionally, the IP Addresses are stored "partially anonymized".  The Data which needs to be stored for longer for evidence purposes shall be excluded from erasure until final clarification of the corresponding incident.

4.2 Cookies
Our website uses cookies. Cookies are small files that are stored on your hard drive in order to understand the information about the interactions and use of our website. We use cookies to make our website more user-friendly and to provide you with a tailored and personalised experience.

The following data is stored and transmitted in the cookies:

  • Language settings
  • Login information


If you do not want to use cookies, you can change the settings in your web browser to block cookies from our website. Cookies that have already been saved can be deleted at any time. If cookies are deactivated for our website, it may no longer be possible to use all of the functions of the website to their full extent. We actively ask you – if and to the extent necessary – for your express consent to the use of cookies (Article 13(1) Swiss Data Protection Act and Article 6(1a) GDPR).

4.3 When contacting via e-mail, forms, phone or social media
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Article 13(1a) Swiss Data Protection Act or Article 6(1b) GDPR. User information may be stored in a customer relationship management system ("CRM System") or similar inquiry organisation.

We store the personal data you provide for the duration of the business relationship and for a maximum of ten years thereafter.

4.4 Newsletter
Our website offers the option to subscribe to a free newsletter (MDD Report). When registering for the newsletter, the data from the input screen is transmitted to us. To process the data, your consent is obtained during the registration process and reference is made to this Privacy Policy. The data shall be used exclusively for sending the newsletter.

This data will be erased as soon as it is no longer required to achieve the purpose of its collection. Accordingly, the user's e-mail address is stored for as long as the subscription to the newsletter is active. The subscription to the newsletter can be cancelled by the user concerned at any time. The relevant link for this purpose is included in each newsletter. This can also be used to withdraw consent to the storage of personal data collected during the registration process.
The newsletter is sent via third-party services or with the help of service providers. Cookies may also be used in the process.

In particular, we use:

  • HubSpot: Customer Relationship Management (CRM); Providers: HubSpot Inc. (USA)/HubSpot Ireland Limited (Ireland) for users in the European Economic Area (EEA); information about data protection: Privacy Policy 

4.5 MDD Platform

To work with MDD, the user uses the services of the MDD platform. Functions such as editing content in Word, Excel and InDesign are only accessible via a login with 2-factor authentication to ensure the security of your report creation.

MDD requires the following information for this purpose: Last name, first name, e-mail address and, under certain circumstances, cell phone number.

This data remains stored at MDD as long as a user is active. The audit trail - changes made to documents by the user - remain in the MDD platform for the duration of the customer's use. This data is deleted when the collaboration ends.

MDD stores log data centrally for at least three months. The user name and IP address of the user may be visible in the log data. This data is not anonymized, as it must be available for troubleshooting and/or forensic analysis.

The data (system and logs) are hosted exclusively in Switzerland and can only be viewed by authorized MDD employees. The data will not be passed on to third parties.


5. Third-party services
We use the following tools with respective linked data protection provisions on our website on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online service within the meaning of Article 13(2) Data Protection or Article 6(1f) GDPR) or based on your consent (Article 13(1) Data Protection or Article 6(1a) GDPR):

5.1 Matomo
We use Matomo to determine how our online service is used. In this context, we can measure, for example, the success and reach of our activities and operations, as well as the impact of third-party links to our website. Based on the results of the performance and reach measurement, we can in particular correct errors, strengthen particularly popular content or make improvements to our online service.
You can find further information about Matomo here:

  • Matomo: Performance and reach measurement; Provider: Matomo (free open-source software); information about data protection: Use on own server infrastructure as well as with pseudonymised Internet Protocol (IP): Privacy Agreement

When using services and programs for performance and reach measurement, cookies may be used and user profiles may be created. User profiles include, for example, the pages visited or content viewed on our website, information about the size of the screen or browser window, and the – at least approximate – location. As a matter of principle, user profiles are created exclusively on a pseudonymous basis. We do not use user profiles to identify individual visitors to our website. Individual services with which you are registered as a user may assign the use of our online service to your profile with the respective service, whereby you usually had to give your consent to this assignment in advance.
You can prevent the collection of data generated by the cookie and related to your use of the website to Matomo as well as the processing of this data by Matomo by removing the opt-out option. Here:
 

5.2 Hubspot
We use HubSpot as a customer relationship management system ("CRM system") and for newsletter distribution.

You can find further information here:

  • HubSpot: Customer Relationship Management (CRM); Providers: HubSpot Inc. (USA)/HubSpot Ireland Limited (Ireland) for users in the European Economic Area (EEA); information about data protection: Privacy Policy.


5.3 LinkedIn
We use services and plugins from LinkedIn to embed functions and content from the social media platform and to enable the sharing of content on LinkedIn and other ways.
You can find further information here:

 

5.4 YouTube
We use services from YouTube to enable the direct playback of audiovisual media such as music or videos on our website.
You can find further information here:

6. Disclosure of personal data
We may disclose your data to third parties (in particular IT service providers) for the aforementioned purposes.

Such third parties are generally located in Switzerland as well as in the European Economic Area (EEA), but may also be located in other states and territories, provided that their data protection laws ensure adequate data protection according to the assessment of the Swiss Federal Data Protection and Information Commissioner (FDPIC) and – if and to the extent that the GDPR is applicable – according to the assessment of the European Commission, or if adequate data protection is guaranteed for other reasons, such as through a corresponding contractual agreement, in particular on the basis of standard contractual clauses, or through a corresponding certification. As an exception, such a third party may be located in a country without adequate data protection, provided that the requirements under data protection law, such as the explicit consent of the data subject, are met.

6. Data security
We take technical and organizational measures to protect your data against manipulation, loss, destruction or unauthorized access by third parties. When you visit our website, the SSL encryption method is used.  


10. Rights of the data subject
If personal data is processed by you, you shall be entitled to all rights in accordance with the Swiss Data Protection Act and GDPR (Article 15–22 GDPR). In particular, you have the right to request information free of charge about whether and what personal data we store about you. Furthermore, you can request that we correct or erase incorrect personal data (subject to legal retention obligations) and you can request that we restrict the processing of your personal data.

All requests relating to your data and data protection must be addressed (in writing) to the controller in accordance with point 1 of these provisions.