Privacy Policy
The protection of your personal data and the protection of your privacy is important to us. You can expect us to handle your data sensitively and carefully and to ensure a high level of data security.
Naturally we comply with the provisions of the Swiss Federal Data Protection Act (FADP), the Ordinance on the Federal Data Protection Act (OFADP) and other applicable data protection provisions, in particular the EU General Data Protection Regulation (EU-GDPR).
In this Privacy Policy, we inform you about the most important aspects of data processing within the scope of our website and our SUNNYCLOCK app “SUNNYCLOCK” as well as about your rights under data protection law.
1 Contacts
1.1 Name and Address of the Controller
The data controller responsible within the meaning of data protection law is the:
SUNNYCLOCK AG
Wassergass 9
8810 Horgen
Switzerland
E-Mail: ask@sunnylock.com
Website: www.sunnyclock.com
If you have any questions in connection with the data protection that we live by and for information regarding your rights as well as for their assertion, you can contact us at the contact options listed in section 1 of this Privacy Policy. We reserve the right to request your identification for the processing of enquiries in an appropriate manner.
1.2 Name and Address of the Data Protection Officer
The data protection officer of SUNNYCLOCK AG is:
Swiss Infosec AG
Centralstrasse 8A
6210 Sursee
Switzerland
E-Mail: dpo@infosec.ch
Website: www.infosec.ch
1.3 Name and Address of the Representative within the European Union
The EU representative of SUNNYCLOCK AG is:
Swiss Infosec (Deutschland) GmbH
Friedrichstrasse 123
10117 Berlin
Germany
E-Mail: sunnyclock.dataprivacy@swissinfosec.de
2 Collection and Processing of Personal Data
2.1 Visiting the Website / Using the SUNNYCLOCK App
When you visit our website or call up our services on the SUNNYCLOCK app, our servers temporarily store the following data in a log file, the so-called server log files:
- IP address of the requesting computer
- Date and time of access/retrieval
- Name and URL of the retrieved data
- Operating system of your computer and the browser you are using
- Country from which you access our website
- Name of your Internet provider
- Time zone difference to Greenwich Mean Time (GMT)
- Contents of the request (concrete page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Last visited website
- Language and version of the browser software
These data are processed for the purpose of enabling the use of our website or the service of the SUNNYCLOCK app (connection setup), ensuring system security and stability over the long term, optimising our offer and for internal statistical purposes. The legal basis for this are our legitimate interests.
These data will not be passed on to third parties or otherwise evaluated.
2.2 Contacting us
If you contact us by E-Mail or telephone, the following data provided by you will be processed for the purpose of processing your enquiry and handling it:
- E-Mail address
- Telephone number
- Name
- Message
Basis for the processing of your personal data is our legitimate interest in the processing of your request. If the purpose of contacting us is to fulfil a contract of which you are a contracting party or to carry out pre-contractual measures, this is an additional basis for the processing of your personal data.
You can object to this data processing at any time. Please send your objection to the following E-Mail address: ask@sunnyclock.com. In such a case, your enquiry will not be processed further.
2.3 Provision of Contractual Services
We also process your data for the purpose of fulfilling our contractual and pre-contractual obligations, in particular in connection with the provision of our services related to the SUNNYCLOCK app. The personal data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual relationship.
The personal data processed include:
- Master data (.e.g. name, address)
- Contact data (e.g. E-Mail address, telephone number)
- Contract data (e.g. services used, subject matter of contract, contractual communication, names of contact persons) and
- Payment data (e.g. bank details, payment history).
We generally do not process special categories of personal data unless they are components of a contractual processing.
When using our services, we may also save the IP address and the time of the respective user action. The legal basis for such storage is our legitimate interests as well as the interests of the users in the protection against misuse and other unauthorized use.
2.4 Market Research and Opinion Surveys
We collect personal data as part of market researches and opinion survues.
Basis for the processing of your personal data in the context of market research and opinion survues is your consent.
You will find detailed information, in particular on the categories of the data collected and on the evaluation of your data, within the scope of the respective poll or where you enter your data.
Your answers to survues will not be passed on to third parties or published.
You can revoke your consent at any time. Please send your revocation to the following E-Mail address: ask@sunnyclock.com.
3 General Information on Cookies
We use cookies on our website and within our SUNNYCLOCK app based on our legitimate interests. Cookies are small text files that are stored on your mobile phone (or laptop, tablet, smartphone, etc.) using the browser. They help us make our services more user-friendly and effective and to make your visit to our website or the use of our SUNNYCLOCK app as pleasant as possible. Cookies do not damage your mobile phone. They cannot run programs or transmit viruses to your mobile phone.
Most of the cookies we use are so-called session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the web session. This allows your mobile phone to be recognised when you return to the website. Session cookies are automatically deleted when you log out or close your browser.
Other cookies we use are so-called persistent cookies and remain stored on your mobile phone beyond the respective usage process. They enable us or our partner companies (cookies from third parties, see chapter 4 (Analysis Tools) of this privacy policy) to recognize your browser the next time you visit.
Finally, we use performance cookies to collect information about how you use our services. Such cookies help us to improve our services. For example, we may use these cookies to determine whether you have visited a particular page.
Most browsers are regularly set to accept cookies. If you do not wish to accept cookies, you can set your browser so that it informs you when cookies are set and you can allow or generally exclude the acceptance of cookies in individual cases only. You can also activate the automatic deletion of cookies whenever you close your browser. You can also delete cookies that have already been set at any time via your browser or other software programs. However, the complete deactivation of cookies could result in individual functions of our website or SUNNYCLOCK app no longer functioning.
The following links will inform you about this possibility for the most used browsers:
- Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies#ie=ie-11
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Opera: https://www.opera.com/de/terms
- Safari: https://www.apple.com/legal/privacy/en-ww/cookies/
4 Analysis Tools
On the basis of our legitimate interests in the analysis, optimisation and economic operation of our services, we use the following services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), if you have your habitual residence in the European Economic Area (EEA) or Switzerland::
- Google Universal Analytics
- Google Firebase
- Google AdWords
- Google Maps
In addition, we process personal data to provide our services in connection with the use of the SUNNYCLOCK app. The legal basis for the processing is therefore, in addition to the legitimate interests, the contract between you and SUNNYCLOCK.
Google uses cookies. The cookies used by Google enable us to analyze the use of our website or our SUNNYCLOCK app. The information generated by cookies about your use of our website or the SUNNYCLOCK app (including your IP address) will be transmitted to and stored by Google on servers in Ireland or the USA.
Google is certified under the EU-US and Swiss-US Privacy Shield agreements and thus offers a guarantee of compliance with the CH-FADP and EU-GDPR. Further information in this context can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
For more information about Google’s terms of use and privacy policy, please visit https://policies.google.com/privacy
4.1 Google (Universal) Analytics
We use Google Analytics in the form of “Universal Analytics” On our website or in our SUNNYCLOCK app. Universal Analytics allows us to assign data, sessions and interactions across several devices to a pseudonymous user ID and thus to analyze the activities of a user across all devices.
Pseudonymised user profiles are created and cookies are used to evaluate the use of our website or the SUNNYCLOCK app, to compile reports on the activities done on the website or on the SUNNYCLOCK app and to provide other services related to the website or SUNNYCLOCK app and Internet use. Under no circumstances will your IP address be merged with any other data held by Google.
We only use Google Analytics with IP anonymization enabled. This means that your IP address will be shortened by Google within the EU/EEA or Switzerland. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
You can prevent cookies from being saved by making the appropriate settings in your browser software on the website or the SUNNYCLOCK app by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. This sets an opt-out cookie that prevents your data from being collected in the future when you visit the website or use the SUNNYCLOCK app. To prevent Universal Analytics from collecting your data across multiple devices, you need to opt-out on all systems you use. In this case, however, you cannot use the SUNNYCLOCK app any further. More information about Universal Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376. In this case, however, you cannot use the SUNNYCLOCK app.
4.2 Google AdWords
On our website we use the Google service “Google AdWords”. If you access our website via an ad placed by Google, Google AdWords places a cookie (a so-called “conversion cookie”) on your computer.
This cookie loses its validity after 30 days. If you visit certain pages on our website and the cookie has not expired yet, we and Google will know that you clicked on the ad and were directed to that page. Each Google AdWords customer receives a different cookie. As a result, cookies cannot be tracked through AdWords customer websites. The information collected through the Conversion cookie is used to compile conversion statistics for AdWords customers. The customers know the total number of users who clicked on their ad and were directed to a page tagged with a conversion tracking tag. However, they will not receive information that personally identifies users.
If you do not wish to participate in tracking, you can refuse to set a cookie and set your browser to block cookies from the “googleleadservices.com” domain.
Please note that you must not delete the opt-out cookies for as long as you do not wish to have measurement data recorded. If you deleted all your cookies in your browser, you will have to set the respective opt-out cookie again.
Further information on data processing and data protection within the framework of Google AdWords can be found at https://policies.google.com/technologies/ads?hl=en.
4.3 Google Maps
We use the Google service “Google Maps” to visually display geographical information. When Google Maps is used, Google also collects, processes and uses data on the use of the map functions by users. According to our state of knowledge, this is at least the following data:
- The date and time of the visit to the website concerned
- Internet address or URL of the website accessed
- IP address, the (start) address entered during route planning.
By using Google Maps, information about the use of our website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in Ireland or the USA. Google stores this data as user profiles for the purpose of designing services, advertising and market research to suit your needs.
Further information on data processing and data protection by Google Maps can be found at http://www.google.com/intl/de_en/help/terms_maps.html and https://policies.google.com/privacy.
4.4 Google Firebase
For our push messages, we use the Google service “Firebase”.
In most cases, the personal data is limited to so-called “instance IDs”, which have a time stamp. These IDs assigned by Firebase are unique and allow the linking of different events or processes. These data do not constitute personally identifiable information for us, nor do we make any efforts to subsequently personalize them. We process this aggregated data to analyze and optimize user behavior.
For more information about Google Firebase and privacy, please visit https://policies.google.com/privacy or https://firebase.google.com/support/privacy/.
5 Disclosure of Personal Data
We generally treat your personal data confidentially and only pass them on if you have expressively agreed to this, if we are obliged to do so by law or if it is necessary in order to enforce our rights, in particular to enforce claims arising from a contractual relationship.
In addition, certain tasks and services (e.g. hosting) are performed by trustworthy third parties that have been commissioned by us. However, this is only done to the extent necessary for the performance of the services and in accordance with the obligations arising from the present data protection declaration. These third-party providers are obliged to protect the data based on a data processing agreement according to the applicable data protection law. In addition, these service providers are carefully selected and regularly reviewed by us to ensure that the privacy of our users is protected.
If the level of data protection in a country in which the data is processed does not comply with the applicable data protection provisions, we will contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EEA at all times.
6 Stored Period
Unless expressly stated otherwise in this privacy policy, we will only process and store your personal data for as long as is necessary in order to fulfill our contractual and legal obligations or otherwise for the purposes for which it is processed, and in accordance with the statutory retention periods.
As soon as your personal data is no longer required for the above-mentioned purposes or a mandatory retention period expires, your personal data will be, where possible, deleted or blocked.
If we store your personal data on the basis of a contractual relationship, this data will be stored at least as long as the contractual relationship exists and as long as limitation periods for possible claims from us or legal or contractual storage obligations.
7 Data Security
We implement technical and organizational measures to protect your personal data against manipulation, loss, destruction or against access by unauthorized persons. This includes, among other things, the use of recognized encryption methods (e.g. TLS encryption).
Our security measures are continuously improved according to technological developments.
We also take our own internal data protection seriously. Our employees and the service companies commissioned by us are bound to secrecy and to compliance with data protection regulations. In addition, they will only be granted access to your personal data if necessary.
8 Use of the Website by Minors
The website and the SUNNYCLOCK app are aimed at an adult audience. It is forbidden for minors, especially children under the age of 16, to transmit their personal data to us or to register for a service without the consent of their parents or guardians. If we discover that such data has been transmitted to us, they will be deleted. The parent (or legal representative) of the child may contact us and request deletion or unsubscription. In order to comply with such a request, we need a copy of an official document that identifies you as a parent or guardian.
9 Links to Websites of other Providers
Our website may contain links to other websites which are not covered by this privacy statement. After clicking the link, we no longer have any influence on the processing of any data transmitted by third parties (such as the IP address or URL), since the behavior of third parties is naturally beyond our control. We therefore cannot assume any responsibility for the processing of your personal data by third parties. If the collection, processing or use of your personal data is associated with the use of the websites of other providers, please refer to the data protection information of the respective providers.
Illegal contents were not recognizable at the time of linking. A permanent control and examination of the contents of the linked pages without concrete evidence of a violation of the law is, however, not reasonable. As soon as we become aware of any violations of the law, such links will be removed immediately.
10 Provision and Services of the SUNNYCLOCK App
10.1 Download of the SUNNYCLOCK App
When downloading the SUNNYCLOCK app, the necessary information is transmitted to the respective App Store (e.g. Google Play or Apple App Store), that is according to the best of our knowledge:
- Username
- E-Mail address
We have no influence on this data collection by the App Store and are not responsible for it. We process the data only to the extent necessary to download the SUNNYCLOCK app on your mobile phone.
Further information can be found in the privacy statements of the App Store operators:
- For the iOS App Store: Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA, available at https://www.apple.com/legal/privacy/en-ww/, and
- For the Google Play Store: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, available at https://policies.google.com/privacy?hl=en&gl=en.
10.2 Registration, Access Permission and Use of the SUNNYCLOCK App
We process personal data so that we can operate, offer, improve, understand, individualize, support and market our services. This is based on our legitimate interest in doing business sustainably and improving the user experience of the SUNNYCLOCK app.
The types of information we receive and collect depend on how you use our service and can be divided into the following categories:
- Data related to registration and access privileges
- Data related to the current use of the SUNNYCLOCK app
10.2.1 Registration
In order to use our SUNNYCLOCK app and services, you must register by providing personal data. The following personal data is entered into an input mask of the SUNNYCLOCK app or service and transmitted to us, processed and stored:
- Profile name
- Device detections*
- Profile photos
- Mobile phone number of the user*
- Acceptance of the terms of use*
- Consent age*
The fields marked with * are mandatory fields and required to provide you with our services. If you do not enter this data, you will not be able to create a user account. You can enter all other information voluntarily.
The basis for the processing of your personal data is the existence of your consent. For the processing of your personal data, your consent will therefore be obtained during registration and reference will be made to this Privacy Policy. If the registration serves the fulfilment of a contract of which you are a contracting party or for the implementation of pre-contractual measures, this is an additional basis for the processing of your personal data.
10.3 Access Permissions
For full functionality, the SUNNYCLOCK app requires different access permissions on your mobile phone. When the SUNNYCLOCK app accesses the respective function, you will therefore be prompted to activate the access authorization if the access authorization has not yet been granted.
The SUNNYCLOCK app requires the following authorizations:
- Contact access: This is required to display your personal contacts in the SUNNYCLOCK app. The contact data are compared with the registered SUNNYCLOCK users. This is done pseudonymized and one-way encrypted. If no registered user can be identified for a contact, this contact is deleted immediately from the server and is only stored locally on your mobile phone until the next synchronization.
- Library/photo access: This is required so that you can share photos or content with other users. Photos are considered confidential and are end-to-end encrypted in the SUNNYCLOCK app within the group chat and event gallery. Please note, however, that profile, group and event photos are not end-to-end encrypted.
- Location access: This is required to enable location-related services, such as specifying an event location.
- Camera Access: This is needed to create photos and videos.
- Microphone access: This is required to create voice messages.
- Calendar Access: This is required to display existing calendar entries in the SUNNYCLOCK app and create new calendar entries based on the SUNNYCLOCK events. The existing calendar entries from users’ local calendars are not synchronized with the SUNNYCLOCK cloud, but only remain locally on your mobile phone.
- SMS/telephone access: This is needed to send predefined messages to friends when sending SMS invitations.
The basis for the processing of your personal data is the existence of your consent. For the processing of your personal data, your consent will therefore be obtained within the scope of access and reference will be made to this Privacy Policy. You can revoke access at any time in the settings of the SUNNYCLOCK app or your operating system.
10.3.1 Ongoing Use of SUNNYCLOCK App and Services
The following data may be collected, processed and stored for each subsequent access to or ongoing use of our SUNNYCLOCK app and services, provided you make them available to us:
- Date and time of registration
Text messages - Digital content (e.g. photos, videos, links, files, documents, voice messages, surveys, calendar entries (display only), group names, event names, event location, event dates, appointments and cancellations, task lists, pin contents, comments on pins and contents of event galleries)
- Location of the user
- Groups and distribution lists
- Mobile phone identity identification and version of operating system used
- Used version of SUNNYCLOCK apps and services
- Log files of service life, volume and intensity
- Log files about successful execution of commands or delivery/retrieval/storage of information
We also receive information about you from other users and companies. For example, when other users or companies you know use our services, they may provide your phone number, name and other information as well as you may provide theirs, or you may send a message to yourself or messages to groups to which you belong.
This data is processed to provide our services. This forms our legitimate interest in the data processing. If the processing serves the fulfilment of a contract to which you are a party, it is an additional basis for the processing of your personal data.
10.3.2 Group Invitations to Non-Users of the SUNNYCLOCK App
The SUNNYCLOCK app offers a function for sending invitations to the app for group setups by differentiating between contacts who are already using the SUNNYCLOCK app (with SUNNYCLOCK logo) and contacts who are not (with SMS logo) using the SUNNYCLOCK app when creating a group.
If you select non-users in the group setup, an additional display appears on your mobile phone with which you can invite the non-users to the SUNNYCLOCK app and the corresponding group. The personal data of these non-users (telephone number, names) will only be stored on your mobile phone and not by SUNNYCLOCK.
Only when the non-user has installed the SUNNYCLOCK app and your device recognizes it as a new user will he or she be granted access to the group.
For more information on creating groups, see the FAQ at www.sunnyclock.com
10.4 Push-Notifications
Our SUNNYCLOCK app offers you the possibility to receive current information about our offers, news and relevant advertising by means of so-called push messages. Push-messages are messages that appear on your mobile phone without opening the respective SUNNYCLOCK app.
We use Google Firebase technology to send push messages (see section 4.4). For this purpose, during the SUNNYCLOCK app installation for iOS devices and Android devices, individual codes are assigned for each mobile phone (so-called “Device token” or “Instance ID”). Further data will not be collected.
When a push message is sent, the message text and the respective code number are transmitted to the Google server, which then sends the message to the users’ devices.
You can activate or deactivate push messages at any time as follows:
- The SUNNYCLOCK app can be found after installation on your mobile phone under the menu item “Settings”. There you can set the receipt of messages at any time under “SUNNYCLOCK App Settings > Notifications”.
- You can also set the receipt of messages on your mobile phone under the menu item “Settings” of your mobile phone and there under “Notifications”.
You can find more information about Google Firebase and privacy in chapter 4 of this Privacy Policy and at https://policies.google.com/privacy or at https://firebase.google.com/support/privacy/.
10.5 End-to-End Encryption
All data sent directly from a chat text field are end-to-end encrypted, i.e. all texts, images, videos, audio messages, positions on maps and web links of the group chat and comments from pins are sent end-to-end encrypted.
10.6 Storage and Deletion of Data
In order to maintain a good balance between data use and privacy, we have established the following rules for the storage of data:
- Profiles of users who have uninstalled the SUNNYCLOCK app will remain on the servers for a maximum of 90 days, after which these accounts will be deactivated and deleted.
- All types of chat messages and media, pin comments and event gallery content will remain on the servers for a maximum of 30 days.
- The contents of task lists and surveys remain on the servers until they are actively deleted by the administrator, but for a maximum of 720 days after the last activation of the item.
- Groups remain on the servers until the last user of a group leaves.
- Events of groups remain on the servers until they are actively deleted by the administrator or until a group is deleted.
Via Settings/Data storage in the menu of the SUNNYCLOCK app, contents of the groups can be actively deleted. All your data will be deleted locally on your phone as well as all your created chat elements and comments which are still on the chat server. Items created by you such as task lists and survues can only be deleted from the item itself. The deletion of these items is not possible via Settings.
When you delete your account, the following data will be deleted from our servers:
- Profile name, profile photo, telephone number
- You will be removed from all groups and events.
- All calendar entries of your SUNNYCLOCK events will be deleted.
- All messages, media and comments remaining on the chat server will be deleted.
Messages and media sent by you may still exist on the group members’ phones despite deletion:
- Task lists and surveys are not automatically deleted when an account is deleted. As long as the poll or to-do list still belongs to an active group or an event of an active group, the survues or to-do lists remain. These items can only be actively deleted for the item itself. If an item remains inactive for more than 720 days, it will be deleted automatically.
- Existing groups administered by the account to be deleted are retained. The administration rights are automatically assigned to other members of the group.
11 Your Rights
11.1 Right of Access
You have the right to request information from us about whether and if so, which personal data concerning you we process.
11.2 Right to Rectification
You have the right to demand the rectification of your incorrect personal data and, if necessary, the completion of incomplete personal data in our systems.
11.3 Right to Erasure
You have the right to demand that your personal data be deleted, for example if the data is no longer needed for the purposes pursued. However, if we are obliged or entitled to keep your personal data due to legal or contractual obligations, we cannot restrict or block your personal data in these cases.
11.4 Right to Restriction of Processing
You have the right to demand that we restrict the processing of your personal data. In such a case, our SUNNYCLOCK apps and services can no longer be provided or used.
11.5 Right to Data Portability
You may have the right to receive your personal data, which we process automatically on the basis of your consent or to fulfil a contract, in a structured, common and machine-readable format or to request the transfer of this data to a third party. If you request the direct transfer of personal data to another controller, this will only take place as far as technically feasible.
11.6 Right to Object
You have the right to object to the processing of your personal data at any time in accordance with legal requirements. In such a case, our SUNNYCLOCK apps and services can no longer be provided and used.
11.7 Withdrawal of Consent
You have the right to withdraw your consent to the processing of your personal data at any time, in principle with effect for the future.
11.8 Right to Lodge a Complaint
If the GDPR is applicable, you have the right to lodge a complaint with a competent supervisory authority if you are of the opinion that the processing of your personal data violates data protection regulations.
12 Changes to the Privacy Policy
Due to the further development of our website and the SUNNYCLOCK app or due to changes in legal or official requirements, it may be necessary to amend this Privacy Policy. We expressly reserve the right to amend or change this Privacy Policy at any time. The current data protection declaration can be accessed at any time on the website at www.sunnyclock.com . We recommend that you re-read the current Privacy Policy from time to time.
The current status is 26.04.2019.