Privacy Policy of Mympact AG

Version 2.0 – November 4, 2022

About us

This privacy policy (“Privacy Policy“) explains how we process and protect your personal data when you use this Website or our services provided via www.mympact.io (together, the “Website“) as well as when you use our mympact app ( “App”).

The Website and App is operated by Mympact AG, c/o F10 (Switzerland) AG, Pfingstweidstrasse 110, 8005 Zurich (the “COMPANY“, “we“, “our“, or “us”).

We understand that your personal data belongs to you. Any kind of personal data that is collected, is processed compliant to the provisions of the General Data Protection Regulation (“GDPR”).

Unless otherwise defined in this Privacy Policy or our General Terms & Conditions, the definitions used in this Privacy Policy have the same meaning as in the Swiss Federal Act on Data Protection. 

 

1. Personal data we collect using the Website

We collect the following categories of personal data when you use the contact form on our Website:

  • Contact details: First and last name, email address, phone number (if you opt into giving it), language preference, city and country
 

2. Personal data we collect using the App

We collect the following categories of personal data when you use the contact form on our App:

  • Contact details: First and last name, email address, phone number (if you opt into giving it), language preference, city and country
  • Survey answers: Questions regarding diet, car or no car and what type of car, buyer preferences and household size 
  • User tracked activities: f.e. completing a challenge in the app 
  • Device data: Device ID
  • Bank details: Bank name, BIC 
  • Transactions: Amount, booking date, carbon footprint, label, currency, category of spending 
 

3. How we collect personal data

We collect information about our users when they use our Website or our App, including taking certain actions within it.

Directly

  • When users sign up to receive our newsletter and other marketing materials.
  • When users submit their data to us.
 

Indirectly

Through the services Tink and Greenly. Tink is an open-banking platform that allows us to collect information about your transactions, which we use to calculate your carbon footprint. Greenly is a carbon footprint calculator that uses the transaction data from Tink to calculate your carbon footprint.

 

4. Legal basis and purposes

Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific purposes for which we collect it. We do not collect any data where we do not have a legal basis described in Article 6 GDPR.

Contract (Article 6 para. 1 letter b GDPR): To perform our contractual obligations or take steps linked to a contract with you. In particular:

  • To provide our services. These include any in App features, user authentication, access control, enforcing regional copyright restrictions, Website, App and notification personalization and the delivery of push notifications.
  • To recruit.
 

Consent (Article 6 para. 1 letter a GDPR): We may rely on your freely given consent at the time you provided your personal data. In particular:

 

  • To provide users with news, special offers, newsletters, and general information about goods and services which we offer (requires explicit consent).
 

Legitimate interests (Article 6 para. 1 letter f GDPR): We may rely on legitimate and/or vital interests based on our evaluation that the processing is fair and reasonable. In particular:

  • To maintain and improve our Website, App and services.
  • To develop new services.
 

For the purposes of analytics, advertising services and app functionality, we may share some of your personal data with following third parties:

  • Firebase: Application and database hosting 
  • Bigquery: Database functionalities, data warehousing
  • Greenly: Carbon accounting 
  • Google Analytics: Web and mobile app analytics
  • Usercentric: Consent management tool
  • Mailerlite: E-mail marketing services
  • Typeform: Information collection through online forms
  • Google Ads: Search engine marketing
  • Google Tag Manager: Marketing analytics
  • Facebook Ads: Social media marketing
  • Linkedin Ads: Social media marketing

 

Legal obligation and public interest (Article 6 para. 1 letter c and e GDPR): To meet regulatory and public interest obligations. In particular:

  • To comply with applicable regulations and legislation.
 

5. Data retention

We retain personal data for so long as it is needed for the purposes for which it was collected or in line with legal and regulatory requirements or contractual arrangements. As long as the account is not verified, all personal data will be deleted after ten days. As soon as a user deletes an account, all personal data will be deleted (including data stored with third parties). As long as the account is still active, personal data will not be deleted. User back-up data is routinely deleted after three months.

All personal data is stored on Google servers in Frankfurt, Germany.

 

6. Data transfers

Your personal data that we and/or the Service Providers referred to in Section 6 hold, may be transferred and thus processed:

  • In Switzerland
  • In the EU & EEA
 

We safeguard your personal data per our contractual obligations and applicable data protection legislation when transferring data abroad. 

Such safeguards may include:

  • the transfer to countries that have been deemed to provide an adequate level of protection according to lists of countries published by the Federal Data Protection and Information Commissioner; 
  • applying standard data protection model clauses, binding corporate rules or other standard contractual obligations that provide appropriate data protection.
 

7. Data disclosure

We may disclose your personal data in the good faith belief that such action is necessary:

  • To comply with a legal obligation (i.e., if required by law or in response to valid requests by public authorities, such as a court or government agency);
  • To protect the security of the Website or App and defend our rights or property;
  • To prevent or investigate possible wrongdoing in connection with us;
  • To defend ourselves against legal liability.
 

8. Data security

We take reasonable technical and organisational security measures that we deem appropriate to protect your stored data against manipulation, loss, or unauthorised third-party access. Our security measures are continually adapted to technological developments.

We also take internal data privacy very seriously. Our employees and the Service Providers that we retain are required to maintain secrecy and comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate.

The security of your personal data is important to us but remember that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We recommend using antivirus software, a firewall, and other similar software to safeguard your system. 


9. Your rights

You have the below data protection rights. Please note that we may ask you to verify your identity before responding to such requests.

  • Right of access: You have a right to request a copy of your personal data, which we will provide to you in an electronic form.
  • Right to amendment: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.
  • Right to withdraw consent: If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent. This includes cases where you wish to opt-out from marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you initially consented unless there is another legal basis for processing. To stop receiving emails from us, please click on the ‘unsubscribe’ link in the email you received.
  • Right to erasure: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected or when it was unlawfully processed.
  • Right to restriction of processing: You have the right to request the restriction of our processing of your personal data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.
  • Right to portability: You have the right to request that we transmit your personal data to another data controller in a standard format such as Excel, where this is data which you have provided to us and where we are processing it on the legal basis of your consent or to perform our contractual obligations.
  • Right to object to processing: Where the legal basis for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have a compelling legal basis for the processing which overrides your interests or if we need to continue to process the personal data for the exercise or defence of a legal claim.
  • Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch/edoeb/en/home.html).
 

10. Links to third-party apps and sites

Our Website may contain links to websites or apps that we do not operate. If you click a third-party link, you will be directed to that third party’s site or app. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

 

11. Cookie policy

Cookies are files with a small amount of data that are commonly used as a unique anonymous identifier. These are sent to your browser from the website you visit and stored on your computer’s hard drive.

Our Website and App uses these cookies to collect information and to improve our Website and App. There are numerous different types of cookies, our website uses:

  • Functionality cookies: These are used to recognize you on our website and your previously selected preferences. A mix of first- and third-party cookies are used.
  • Advertising cookies: These are used to collect information about your website visit, what content you viewed, the links you followed and information about your browser, device and IP address. Limited aspects of this data may be shared with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, advertising based on your browsing patterns on our website may be shown.
 

You have the option to either accept or refuse these cookies and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Website or App.

 

12. Changes to this privacy policy

We may update our Privacy Policy from time to time. We, therefore, encourage you to review this Privacy Policy periodically for any changes. 

Changes to this Privacy Policy are effective when they are posted on this page. The dates of any changes to the Privacy Policy will be published and you can always review an older version of our Privacy Policy. We will explicitly inform you when making major changes to our Privacy Policy.

 

13. Contact us

If you have any questions about this Privacy Policy, do not hesitate to get in touch with us at: contact@mympact.io.