Privacy Policy
pdf-Download of Privacy Policy
Table of contents
1 Preamble
2 Scope
3 Categories of data subjects and categories of Personal Data
3.1 General
3.2 Visiting the Lenotra website
3.3 Order process
3.4 Payment details
3.5 Native applications
3.6 Social media
4 Purposes of processing
5 Legal basis of processing
6 Transfer of Personal Data and categories of data recipients
6.1 General
6.2 Service providers engaged (sub-processors)
7 Network traffic routed through third parties
7.1 VPN
7.2 IP logging
8 Activities on the Services
8.1 Encryption of transmitted and stored data
8.2 Sharing of URLs
8.3 Data storing
9 Disclosure of data
10 Customer's rights
11 Duration of storage and deletion
12 Technical and organisational measures
13 Responsibility and contact
14 Modifications
1 Preamble
Your privacy and personality sphere is our greatest concern. We have aligned all our services and products in this respect. Lenotra AG, Bahnhofstrasse 6, 9100 Herisau, Switzerland ("Lenotra", "we", "us" and the like) strives to collect and process as little information about you (hereinafter "Customer", "you", "your" and the like) as possible, including personal data (hereinafter "Personal Data") in order to ensure the best possible private use of the Lenotra services and products.
The Personal Data and other data of the Customer will be processed at all times in compliance with applicable law, in particular the Swiss Data Protection Act.
If there are any discrepancies between the German version of this Privacy Policy and any translated version, the German version shall prevail.
2 Scope
This Privacy Policy describes how Lenotra processes your Personal Data when you use a Lenotra product ("Product") and its associated features ("Services") or when you visit our website.
3 Categories of data subjects and categories of Personal Data
3.1 General
Personal Data is all data and information relating to an identified or identifiable individual. Anonymized personal information does not constitute Personal Data.
In the context of the provision and use of our Products and Services, we process Personal Data of the following categories of data subjects:
• Users of our Services and Products
• Visitors to our website
We thereby process different categories of Personal Data, such as:
• Contact and identification data such as first name, last name, shipping address, e-mail address, country
• Personal details such as language
• User account information such as username and password
• Contractual and financial data such as contract type, contractual content, type of Products, Services and related services, applicable terms and conditions and terms of use, start of contract, contract duration, compensation entitlements, billing and payment data as well as financial data
• Interaction and usage data such as the data stored in encrypted form in our Services, in particular NesCHt (see Section 8.1 for further information) as well as the data transmitted via our Services (see Section 7 and 8.1 for further information), correspondence, type and scope of use of Products, Services and related services, customer service information such as complaints and information related to the exercise of rights as well as feedback
• Information in contact and feedback forms
We generally process Personal Data that is disclosed to us (e.g. when placing an order and in the context of using our Products and Services, via e-mail or post, in the context of using a contact or feedback form or via social media). As a general rule, there is no legal or contractual obligation to disclose Personal Data to us. However, we will have to collect and process Personal Data that is necessary for the establishment and management of a contractual relationship. Otherwise, we will not be able to conclude or continue the relevant contract. The processing of certain Personal Data is also unavoidable when you use our Products and Services. The logging of certain data when using our Services and visiting our website (but usually no Personal Data, see Section 3.2) cannot be prevented for technical reasons.
3.2 Visiting the Lenotra website
When visiting the Lenotra website, the following applies:
• Lenotra does not use any analysis tools
• During the visit to the Lenotra website, the following functions are provided by means of cookies:
- Language selection
- Currency selection
• During the visit to the Lenotra website, the following temporary data are stored:
- Choice of the colour mode of the display (system, light, dark)
- Evaluation of the responses in the support area/FAQ (thumbs up / thumbs down)
- Limitation of the frequency of queries in the support area/FAQ (one-way hashed version of the string "ip:userAgent" over 24 hours)
• Data necessary for the functioning of the website (cache, etc.) as well as chat content are deleted immediately after leaving the relevant page
3.3 Order process
When ordering a Service/Product, the following Customer data is collected in the Lenotra webshop:
First order of "myLeny" (= "LenyMobile" + "NesCHt"):
• E-mail address
• First name and last name
• Shipping address
Follow-up order of "LenyMobile":
• NesCHt-ID
• Shipping address
• E-mail address
Follow-up order of "NesCHt-Storage quota extension" / "Subscription Renewal NesCHt":
• NesCHt-ID
• E-mail address
Follow-up order of "Subscription extension LenyMobile":
• Mobile-ID
• E-mail address
All data collected during the order process will be transmitted in encrypted form to the Lenotra administration immediately after confirmation of payment (in case of payment via the connected payment service provider, in case of possible other payment methods immediately after completion of the order) and will be irrevocably deleted in the webshop system. The Personal Data collected during the order process will be stored exclusively in Lenotra’s internal systems. If the order process is cancelled, all data in the webshop system will be irrevocably deleted.
3.4 Payment details
Lenotra engages service providers for the processing of credit card transactions, cryptocurrency transactions, etc. and passes on the necessary payment data to them.
3.5 Native applications
Some platforms, such as the Google Play Store®, may collect aggregated, anonymous statistics that are subject to the privacy policies and the terms and conditions of the respective provider. Such statistics may include, for example, the most commonly used devices and operating systems, the total number of installs and uninstalls, and the total number of active users.
Lenotra does not use any analysis tools on the Products (LenyMobile) and Services (e.g. NesCHt, LenyMobile Store, etc.).
3.6 Social media
Lenotra is active on social media. If the Customer provides Lenotra with data, correspondence or other content via social media, this is done at his/her/its own risk. The processing of Personal Data by the respective providers of the social networks is subject to their privacy policies and statements.
4 Purposes of processing
We process the Customer’s Personal Data for the following purposes:
• Processing of orders and contracts:
This includes, in particular, the provision and performance of our Services and related services, the maintenance of customer databases (including the management of customer accounts), the administration and maintenance of the customer relationship, invoicing, customer communication, the operation and maintenance of our premises and physical infrastructure as well as the operation of our technical infrastructure.
• Customer support:
This includes, in particular, responding to questions and requests, assisting with administrative, technical or other matters, providing information (e.g. about new Services) and providing general customer services (e.g. via e-mail or other forms of electronic communication).
• Marketing:
This includes the delivery of general and tailored advertising and offers about our Products, Services and related services.
• Service quality:
This includes, in particular, measures to ensure the quality and security of our Products, Services and related services as well as technical troubleshooting and bug-fixing.
• Further development of our Services and related Services:
This includes, in particular, the evaluation, improvement, further and new development of Services, Products, functions and customer interfaces, the quality control and the improvement of customer support, the analysis and evaluation of the use of our Services and related services (including the website) to improve the user experience as well as the statistical evaluation of user behaviour on the basis of anonymized data.
• Combating abuse:
This includes, in particular, the detection, prevention and elimination of abuses of our Services or infrastructure.
• Compliance with legal requirements:
This includes, in particular, compliance with applicable laws and regulations or responding to requests from competent courts and authorities and asserting, exercising or defending legal claims.
5 Legal basis of processing
The processing of Personal Data requires a legal basis. When processing the Customer’s Personal Data, Lenotra relies on the legal basis of contract performance, legal obligation and/or the exercise of a legitimate interest. In detail, this presents as follows:
6 Transfer of Personal Data and categories of data recipients
6.1 General
In principle, Lenotra does not pass on Personal Data to third parties. The following are exceptions to this principle:
• Service provider:
We may transfer Personal Data to service providers that we engage to perform customer-related, IT-related or administrative tasks in the course of our business activities, such as IT service providers, fiduciaries, audit firms, tax and legal advisors and payment service providers. Such transfer of Personal Data or the granting of access thereto is generally limited to the Personal Data that is necessary for the provision of the services by these service providers. Some of the service providers involved are listed in Section 6.2.
• Third parties in the context of compliance with legal/regulatory obligations:
We may transfer Personal Data to third parties if necessary or appropriate to comply with or verify compliance with applicable laws and regulations and to respond to requests from competent authorities to whom we are required to provide information about customers and their Personal Data in accordance with applicable laws and regulations. The transfer of Personal Data to authorities is further described in Section 9.
• Third parties in the context of combating misuse:
We may transfer Personal Data to third parties or obtain Personal Data from third parties in connection with indications of unlawful use of Services, provided that this is appropriate for the detection, prevention or elimination of fraudulent use or misuse of the Services of Lenotra or those of third parties.
6.2 Service providers engaged (sub-processors)
7 Network traffic routed through third parties
7.1 VPN
The alternative routing technologies provided by Lenotra (such as the VPN service provided on the LenyMobile) allow the Customer to bypass many censorship blocks. Thereby, the Customer’s network traffic may be routed through third-party networks that Lenotra cannot control. This could allow third parties to see the Customer’s IP address or to see that applications are being used on a LenyMobile/Service (the same information that the communication/internet service provider can see). However, these third parties cannot view the actual content data as it remains encrypted. By default, a VPN connection is used on the Customer’s LenyMobile (at the Customer’s choice). The VPN connection can be disabled by the Customer in the settings of the LenyMobile.
7.2 IP logging
By default, Lenotra does not store permanent IP logs related to the use of Lenotra’s Products/Services. Service providers engaged by Lenotra (see Section 6.2) may store IP addresses, which are required, for example, in the webshop for the payment process, temporarily or permanently.
IP logs may be temporarily stored by Lenotra to prevent or address abusive, fraudulent or otherwise unlawful use of the Services or use of the Services that is contrary to contract. The Customer’s IP address may be permanently stored if he/she/it is involved in activities that violate Lenotra’s general terms and conditions or terms of use (e.g. spamming, DDoS attacks against infrastructure, brute force attacks, etc.) or if there are reasonable indications of participation in such activities.
8 Activities on the Services
8.1 Encryption of transmitted and stored data
All data transmitted in connection with the use of the Services are protected by end-to-end encryption during their transmission. It is not possible for Lenotra to decrypt end-to-end encrypted data.
Furthermore, the data stored by the Customer on the Services are stored in encrypted form. Lenotra and its employees cannot access the data stored by the Customer or, in the case of synchronized backup data of the LenyMobile, the data stored in the Customer's NesCHt in undecrypted form. An inspection of the actual content data is therefore not possible.
8.2 Sharing of URLs
When sharing URLs (for temporary, password-protected access to a NesCHt file/directory for a third party authorized by the Customer), Lenotra has access to the time of creation and time of last access, the number of accesses to the URL and its creator. However, Lenotra has no access to file contents, file and folder names and thumbnail previews.
8.3 Data storing
All servers used in connection with the provision of the Services and in particular the storage of Customer data are wholly owned and operated by Lenotra’s hosting provider (see Section 6.2). The Services themselves are operated exclusively by Lenotra employees or by employees of service providers engaged and controlled by Lenotra. Only employees of the aforementioned service providers have physical or other access to the servers, which are exclusively located in Switzerland. Offline backups made at regular intervals are also encrypted.
The Customer must note that when he/she/it puts a file in the recycle bin of the NesCHt, it is not actually deleted until permanently deleted from the recycle bin. In addition, file versioning within NesCHt does not delete the previous version by overwriting a file. It remains available until the Customer permanently deletes the relevant file.
The VPN service that can be used through the LenyMobile is a VPN service without logging. When the Customer uses this service, Lenotra and its engaged service provider will not perform any of the following actions:
• Logging user traffic or storing the content of any communication
• Throttling the Customer’s internet connection
• Discriminating against protocols or applications
9 Disclosure of data
If, in accordance with Swiss law, Lenotra is required by law enforcement authorities or other competent authorities to hand over data stored in the Customer’s NesCHt or other Customer data, Lenotra will comply with such request. Lenotra can only hand over the Customer’s NesCHt data in encrypted form. Lenotra will only pass on the (few) data in its possession if it is legally obliged to do so by a binding, legally valid request from the competent Swiss authorities. Under no circumstances can Lenotra decrypt encrypted data and disclose decrypted copies.
In accordance with article 271 of the Swiss Criminal Code, Lenotra may not transfer data directly to foreign authorities. We therefore generally reject all requests from foreign authorities. The competent Swiss authorities may from time to time assist foreign authorities in processing requests, provided that these requests are valid within the framework of international legal assistance procedures and that they comply with Swiss law.
10 Customer's rights
If and to the extent provided for in the scope of applicable law and subject to the conditions set forth therein, the Customer has the following rights with regard to the processing of his/her/its Personal Data:
• Right to information:
The Customer has the right to obtain from us confirmation as to whether we are processing Personal Data about him/her/it and, if applicable, to request information on the processing of his/her/its Personal Data. This information includes in particular information on the purpose of the processing, the categories of Personal Data and the recipients or categories of recipients to whom the Personal Data has been or will be made available.
• Right to rectification:
The Customer has the right to have his/her/its Personal Data processed by us rectified and/or completed.
• Right to deletion:
The Customer has the right to have his/her/its Personal Data deleted, provided that we are not obliged by applicable laws and regulations to continue to retain his/her/its Personal Data (in whole or in part) or have an overriding interest in further retention, if:
• the Personal Data is no longer required for the purposes pursued;
• the Customer has revoked his/her/its consent (if such consent has been given) and there is no other legal basis for the processing;
• the Customer has effectively objected to the processing;
• the Personal Data has been processed unlawfully.
• Right to restrict processing:
The Customer may request us to restrict the processing in the following cases:
• if he/she/it disputes the accuracy of the Personal Data, for the duration of our review and the subsequent rectification or rejection of the rectification;
• if, in the case of an unlawful processing, he/she/it objects to the deletion and instead wishes to restrict the processing;
• if, after the purpose has been fulfilled, he/she/it requests that the Personal Data shall not be deleted but be retained for the purpose of asserting rights.
The Personal Data concerned will be segregated or marked for the duration of the restriction. In addition to the storage, any further processing of the relevant Personal Data will only take place with the Customer’s consent.
• Right to data portability:
Under certain conditions, the Customer has the right to receive the Personal Data he/she/it has provided in a structured, commonly used and machine-readable format. The Customer can request the Personal Data via the respective support form on the Lenotra website. The Customer is entitled to have this Personal Data transferred to another company without hindrance, insofar as this is technically possible.
• Right to object:
The Customer has the right, for reasons relating to his/her/its particular situation, to object to our processing of his/her/its Personal Data at any time and to request us to stop processing his/her/its Personal Data. If the Customer has a right to object and exercises this right, his/her/its Personal Data will no longer be processed by us for the relevant purposes.
There is no right to object if we have compelling legitimate grounds for processing which override the interests, rights and freedoms of the Customer, or if the processing serves to assert, exercise or defend legal claims or is necessary for the conclusion and performance of a contract.
• Right to revoke consent:
Where the Customer has given us consent to the processing of his/her/its Personal Data for one or more specific purposes, he/she/it has the right to revoke such consent for one or more of these purposes. The revocation of consent does not affect the lawfulness of the processing carried out up to the revocation.
The Customer may exercise his/her/its rights related to the processing of Personal Data via the contact options listed in Section 13 by sending his/her/its request by post or e-mail. The Customer must enclose his/her/its valid Support-ID as well as his/her/its valid NesCHt ID, unless the Customer can be clearly identified otherwise.
For our part, we reserve the right to assert the restrictions provided by law, for example if we are legally obliged to retain or process certain Personal Data or have an overriding interest in this because we need the Personal Data, for example, for the assertion, exercise or defence of legal claims. The Customer must note that the exercise of the aforementioned rights may conflict with contractual agreements between him/her/it and us (e.g. on the provision of Services) and this may lead to consequences such as premature termination of the relevant contract or costs. In these cases, we will inform the Customer in advance.
The Customer also has the right to file a complaint with the competent supervisory authority, in particular in the member state of his/her/its habitual residence or the place of the alleged infringement, if he/she/it believes that the processing of his/her/its Personal Data violates applicable data protection law. The competent supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
11 Duration of storage and deletion
In principle, Lenotra stores and processes the Customer’s Personal Data for as long as this is necessary to achieve the purpose for which it was collected or as required by law/authority.
Upon termination of the contract with Lenotra, all Personal Data stored at Lenotra and other data of the Customer will be deleted after expiry of the corresponding notice period. Lenotra informs the Customer about the upcoming deletion of the data and makes the data available to the Customer during a grace period for the purpose of downloading in a "read-only" mode. This excludes that data which is subject to a commercial, tax or other legal retention obligation and which will be kept correspondingly for the period provided by law. Also excluded is data in which we have a legitimate interest in further retention. This includes in particular the further retention of data for reasons of evidence (e.g. in connection with the assertion, exercise or defence of legal claims). After that, the relevant data will also be deleted from our systems.
Data initially communicated to the Customer for the use of the Services (initial passwords, recovery codes, etc.) will be completely removed from Lenotra’s administration systems 30 days after they are sent to the Customer.
12 Technical and organisational measures
We have taken appropriate technical and organisational measures to protect Personal Data (in particular against access and misuse by unauthorised third parties) and to ensure data security that is appropriate to the risk and we have also agreed on such measures with the engaged third parties (see Section 6.2). The measures taken are continuously reviewed and adapted to technological developments.
13 Responsibility and contact
Lenotra is responsible for the data processing described in this Privacy Policy.
The person responsible for data protection at Lenotra can be contacted as follows:
• By e-mail: datenschutz@lenotra.com
• By post: Lenotra AG
Datenschutz
Bahnhofstrasse 6
9100 Herisau
Switzerland
14 Modifications
Within the framework of applicable law, Lenotra reserves the right to regularly review and amend this Privacy Policy at any time. The version published on our website (lenotra.com/privacy) shall apply in each case. We recommend that you check the Privacy Policy regularly for any new version. If provided in accordance with the requirements of applicable law, we will inform you in an appropriate manner about any changes or draw your attention to them (e.g. via the LenyMobile).