We know that the careful handling of your personal information is important to you. That is why we appreciate your trust that bexio will handle this information in a conscientious manner. bexio is responsible for the collection, processing, transmission, storage, and protection of your personal information and ensures compliance with the Swiss Data Protection Act as far as data of Swiss customers is concerned as well as compliance with the General Data Protection Regulation of the EU as far as data of customers from the EU area is concerned.
Responsible for data processing:
Alte Jonastrasse 24
+41 (0)71 552 00 60
You can reach the data protection officer of bexio AG at: firstname.lastname@example.org
The data processing by bexio is subject to the following law:
Data of Swiss Customers and Swiss Visitors of Our Website
Data of Customers from the EU Area and Visitors of Our Website from the EU Area
In addition to Swiss law, Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data, on the free transmission of such data, and on the repeal of Directive 95/46/EC (General Data Protection Regulation, GDPR) applies to the processing of data of customers from the EU area. See also Section 12 (Additional Regulations for Customers from the EU Area).
When Visiting Our Website (Without Login)
If you visit our website outside the login-protected area, the web server technology we use automatically logs general technical visit information. This includes, among others, the IP address of the device used (anonymized), information about the browser type, the Internet service provider, and the operating system used.
When Using bexio’s Cloud Software (With Login)
During the free trial access and when using the software provided by bexio for a fee within the login- protected area, all data entered or submitted by the user during the registration process and when using the software is also stored. This applies, in particular, when you register, place orders, fill out online forms, take part in surveys or contests, correspond with us online or offline, or contact us via social media, blogs, or other interactive media.
As a rule, we collect your personal master data (name, address, and email address) and the settings required for the respective service. Additional information on which data we process for which purposes can be found in Appendix A to the Commissioned Processing Agreement.
Trustee Partner Program
Under bexio’s Trustee Partner Program, end customers can share their data with their personal trustees. By using the Trustee Partner Program, the user agrees that bexio may provide the trustee with or access to all data of the relevant user. The end customer retains full control over the trustee’s access rights to the end customer’s data at all times and can restrict or deny access at any time.
When using the optional banking functions of bexio or when linking your own account to a bank, data is exchanged between bexio and the respective bank. This also includes payment and bank-specific information such as IBAN, account information, etc.
Other Partner Functions
When using any other optional partner functions of bexio or when connecting your own account to a partner, data is exchanged between bexio and the relevant partner.
We use technical and organizational security measures in accordance with the recognized market standards to protect personal data stored with us against unintentional, illegal or unauthorized manipulation, deletion, modification, access, disclosure, or use, as well as against partial or complete loss. bexio servers are located at a secure data center in Switzerland with multiple certifications. The connection to our servers takes place via SSL encryption. We back up customer data on a regular basis. In order to prevent data loss even in extreme cases (e.g. destruction of the data center by an earthquake), the encrypted backups are stored at several data centers in Switzerland and abroad at the same time. Our security measures are continuously adapted and improved in line with technological developments. We assume no liability for the loss of data or for such data becoming known to and being used by third parties. Furthermore, we cannot guarantee the security of data transmission over the Internet. In particular, there is a risk of access by third parties when data is transmitted by email. However, access is protected by HTTPS. If explicitly requested by the customer, the customer can opt for two-factor authentication at any time.
We process the collected data in order to continuously improve the products and services requested by you; to manage your use of and access to our applications, products, and information; to maintain our business relationship with you; to monitor and improve the performance of our services; to detect, prevent, or clarify illegal activities; and to provide you with advertising, information, or marketing materials about products or services that we believe may be of interest to you based on the data. The data may also be disclosed to our partner companies and service providers, selected third-party companies, institutes and/or legally authorized state authorities in Switzerland and abroad for processing, storage, and use within the scope of the above-mentioned purposes. If the processing or storage of personal information takes place in countries that do not guarantee adequate data protection in comparison to Swiss data protection law, we require the commissioned processor to fully comply with the relevant provisions of the DPA or – as far as data of customers from the EU area is concerned – the GDPR under contractual obligation.
We make sure that each of the aforementioned processes and services is carried out by service providers that are commissioned in compliance with data protection regulations and are based within the EU or in Switzerland. These are companies from the categories of IT services, payment transactions, printing service providers, billing, collection, and consulting, as well as sales and marketing, and service providers that we use in the context of commissioned processing relationships.
Cookies help make your visit to our website easier, more enjoyable, and more efficient. Cookies are data files that your web browser automatically stores on your computer’s hard drive when you visit our website and use our services.
You can manage your security settings in your browser independently and thereby block or disable cookies used by us. However, it is possible that in this case you will not be able to use certain bexio services (to the full extent) any longer.
Tracking and Analytics / Social Media
The use of our digital offerings is measured and evaluated by means of various technical systems, mainly from third-party providers such as Google Analytics. These measurements can be carried out in an anonymous or personalized form. The collected data may be transmitted by us or the third-party providers of such technical systems to third parties in Switzerland and abroad for processing. The most frequently used and the most popular analysis tool is Google Analytics, a service provided by Google Inc. This means that the collected data is generally transmitted to a Google server in the United States.
Our website uses Google Analytics, a web analysis service of Google Inc. located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called cookies, which are text files stored on your computer to help analyze your use of the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored on a Google server in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us, and providing other services relating to website activity and Internet usage. Google may also transmit this information to third parties if this is required by law or if third parties process this data on behalf of Google. Google will never associate your
IP address with any other data held by Google.
If you do not want your website activity to be available to Google Analytics, you can install the browser add-on to disable Google Analytics [link: https://support.google.com/analytics/answer/181881?hl=en].
The analysis of data by other tools of the website owner is not disabled when you use the add-on. Data may still be sent to the website or other web analytics services.
Integration of Third-Party Offerings / Social Media
Our digital services are networked with third-party functions and systems in many ways, for example through the integration of plugins from third-party social networks such as Facebook, Twitter, etc. If you have a user account with these third parties, they may also be able to measure and evaluate your use of our digital offerings. Further personal data such as IP address, browser settings, and other parameters may be transmitted to and stored by these third parties. We have no control over the use of such personal data collected by third parties and assume no responsibility or liability for it. In all other respects, bexio does not have any detailed knowledge of which data is transmitted to third parties, where it is transmitted to, and whether it is made anonymous.
bexio does not use any profiling or automatic decision-making techniques. Should bexio use these procedures in individual cases, you will be informed of it separately insofar as this is required by law.
You can unsubscribe from electronic mailings at any time or adjust the type and scope of this marketing service. The electronic mailings each contain a corresponding link.
bexio processes and stores your personal data as long as you use the service. It should be noted that the contractual relationship is a continuing obligation that lasts for years.
Should the data no longer be required for the fulfillment of contractual or legal obligations, it is regularly deleted unless its – limited – further processing is necessary for the following purposes:
You have the following rights with regard to your personal data. bexio explicitly grants these rights contained in the GDPR also to the Swiss customers insofar as they are not already entitled to the analogous rights under the DPA:
The aforementioned rights are subject to any restrictions of the GDPR and the applicable national data protection laws or other national laws.
If you are asked to provide your consent in connection with bexio services, you can do it by clicking on the corresponding checkbox to confirm that bexio may collect, process, use, and transmit your personal data accordingly.
Of course, you may revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. The consent revocation request may be sent in writing to the aforementioned bexio’s address. Sending an email to email@example.com should also be sufficient. Please note that some of the services and features will no longer be available to you afterwards.
The website of bexio contains hyperlinks to third-party websites that are not operated or controlled by bexio. bexio is not responsible for their content or data protection practices.
The following provisions are only applicable to customers from the EU area; they do not apply to Swiss customers.
Legal Basis for the Processing
The processing of your data for the purposes mentioned in Section 5 takes place in accordance with Article 6(1)(b) of the GDPR for the fulfillment of the contract. The subject matter of the contract is the services mentioned above.
Likewise, your data will be processed as described above to protect the legitimate interests of bexio (Article 6(1)(f) of the GDPR). These are the improvement of products and services (including delivery of direct mail advertising) in order to monitor and improve the performance of the offering, and to recognize, prevent, or clear up any illegal activities.
In addition, the data is processed in accordance with Article 6(1)(c) of the GDPR for the fulfillment of legal obligations (e.g. retention and documentation requirements). This includes, in particular, your personal master data.
If you believe that one or more of the purposes mentioned in Section 5 is not covered by the legal bases mentioned above, you may request that we no longer process your personal data for certain individual purposes (opt out). Opting out does not prevent you from continuing to use bexio’s cloud software provided that such use does not necessarily require the corresponding data processing. You can send the opt-out request in writing to the bexio’s address mentioned above. Sending an email to firstname.lastname@example.org should also be sufficient.
Right of Appeal
If you believe that the processing of your personal data violates the GDPR, you have the right to appeal to a competent supervisory authority in accordance with Article 77 of the GDPR. Of course, bexio will be happy to answer your questions and address your requests in advance of a complaint. Please feel free to contact us by email at email@example.com.
Last update: July 2018