00:00

/

00:00

viboo AG Privacy Policy

1. Introduction

viboo AG is committed to protecting and respecting the privacy of its users. We comply with the European Union's General Data Protection Regulation (GDPR) and Switzerland's New Data Protection Act (RevDSG). This statement provides insight into our data processing practices.

2. Collected data and its purpose

a. Smart thermostat software:

  • Data collected: Automatic: Device-related information such as room temperature, humidity, valve positions, temperature setpoints, temperature plans, etc. Manually entered by the user: Building-related information such as building type, address, type of heating system, etc.
  • purpose: To optimize energy consumption, optimize comfort, monitor measurements, calculate CO2 certificates, provide other personalized services, etc.

b. (Potential) interactions with customers, suppliers and business partners:

  • Data collected: Communications records, such as phone calls, letters, and emails; contact information.
  • purpose: Maintaining a smooth business relationship and processing inquiries.

c. Sales and marketing:

  • Data collected: Names, addresses, e-mail addresses, contact information, preferences; building data from public authorities.
  • purpose: Carrying out targeted advertising campaigns and updating customers about our products.

d. Online presence:

  • Data collected: Browser details, IP addresses, activity logs through cookies. Contact information via contact forms.
  • purpose: Improving user experience, analyzing website performance, and processing requests.

e. Vacancies and applications:

  • Data collected: CVs, letters of motivation, references, contact information.
  • purpose: Evaluation of potential candidates and support the hiring process.

f. Project implementation:

  • Data collected: Relevant personal data about project participants, such as addresses and contact details; technical and location data on buildings and heating/cooling systems.
  • purpose: Ensuring proper project implementation and coordination with third-party providers.

3. Legal basis for data processing and consent management

Our processing of personal data is based on various legal bases in accordance with RevDSG and GDPR:

  • Consent: We will obtain your explicit consent for certain types of data processing. You have the right to withdraw this consent at any time and this withdrawal does not affect the lawfulness of the processing that took place before the withdrawal.
  • Legitimate interest: We may process personal data if this is necessary for the legitimate interests of viboo AG or a third party, provided that these interests are not overridden by your interests in data protection or fundamental rights and freedoms. Examples include optimizing user experience, conducting business analytics, and ensuring network and information security. We ensure a careful balance between our interests and your privacy.
  • Contractual requirement: We may process personal data if this is necessary to fulfill a contract to which you are a party or to take steps prior to entering into a contract at your request.
  • Statutory obligation: In cases where we are subject to a legal obligation and need to process your personal data to comply with those obligations, we will do so in accordance with the law.

4. Your rights with regard to your data

You remain the owner of your data and have the following rights in accordance with nfADP and GDPR.

  • Information: Get a copy of your personal information
  • Correction: Correct inaccurate or incomplete data.
  • Deletion: Request that your data be deleted.
  • Limitation: Limit how we use your information
  • Objection: Withdraw our right to process your data.
  • Data portability: Get and reuse your data.

You have the right to withdraw your consent to the processing and storage of your data at any time. If you would like to exercise any of the above rights, please contact our data protection officer at DPO [at] viboo.io.

5. Data security, location and protective measures

We invest in cutting-edge security infrastructure and training. While data that comes from our smart thermostat software is stored on servers in the user's country, all other data is primarily stored on local computers and on Microsoft 365 servers. We ensure that every third-party storage solution, such as Microsoft 365, complies with strict data protection standards in accordance with GDPR and RevDSG.

While we strive to provide maximum protection, please note that no system can be 100% secure.

6. Privacy Policy

Data is stored for periods of time that comply with its use or legal requirements. Data is then either deleted or anonymized. Specific retention periods are available upon request.

7. Transfer to third parties and international transfers

Data may occasionally be shared with selected third parties that are essential to our services. All of these providers comply with the requirements of the GDPR and RevDSG. International data transfers are subject to strict checks to ensure appropriate protective measures. viboo employees working outside Switzerland are connected to Swiss servers via VPN.

8. Data from children

We are committed to protecting children. Our services are not intended for anyone under 16 years of age. Data collected unintentionally from children is immediately deleted.

9. Updates and Notification Policy

If changes are made to this policy, we will inform users via our website.

10. Contact, feedback and remedy

Our dedicated data protection officer can be reached at DPO [at] viboo.io. If you believe that your rights under the NFADP have been violated, you can contact the Federal Data Protection and Information Commissioner (FDPÖB).

11. Cookie Policy

Our website uses cookies to improve navigation and provide personalized content. You can manage your cookie preferences via our portal.

12. Notification of data breaches and data leaks

In the event of a personal data breach, viboo AG undertakes the following steps:

  • Notification to authorities: If the infringement jeopardizes individual privacy rights, we will notify the relevant data protection authority within 72 hours of becoming aware of it.
  • Notification of affected persons: If individuals are at high risk, we will notify them directly and tell them about the breach and any protective measures they can take.
  • Internal records: All breaches and leaks are documented, including facts, effects, and corrective actions taken to ensure continuous safety improvements.
  • Response and prevention: We will act immediately to mitigate the impact of the breach and work to prevent future incidents.
  • Third party incidents: If a breach involves a third party partner, we will work with them to ensure rapid communication and resolution.

13. Automated Decision-Making and Profiling

For the purpose of improving user experience and meeting our contractual obligations:

  • Smart thermostat software: Let's use automated decision-making to optimize energy consumption and ensure user comfort. This includes analysis of indoor air conditions, user preferences, and historical data.
  • Sales and marketing: We use profiling to customize our marketing campaigns and offer targeted promotions, including strategies such as “similar app targeting.” This helps us predict potential customer interests based on app preferences and behavior.

If you have any concerns about our automated processes or would like to opt out, please contact our data protection officer.

14. Links to external websites

Our website and software may contain links to external websites operated by third parties. Please note that we are not responsible for the content or privacy practices of these external websites. We recommend that users be careful and read the privacy statements of all external websites they visit. This privacy policy applies exclusively to information collected by viboo AG.