The protection of your personal data and the protection of your privacy is important to us. You can expect us to handle your data sensitively and carefully and to ensure a high level of data security.
Naturally we comply with the provisions of the Swiss Federal Data Protection Act (FADP), the Ordinance on the Federal Data Protection Act (OFADP) and other applicable data protection provisions, in particular the EU General Data Protection Regulation (EU-GDPR). References to the GDPR are to be understood as references to the FDPA insofar as the data transfers are subject to the FDPA.
1.1 Name and Address of the Controller
The data controller responsible within the meaning of data protection law is the:
2 Collection and Processing of Personal Data
2.1 Visiting the Website / Using the SUNNYCLOCK App
When you visit our website or call up our services on the SUNNYCLOCK app, our servers temporarily store the following data in a log file, the so-called server log files:
- IP address of the requesting computer
- Date and time of access/retrieval
- Name and URL of the retrieved data
- Operating system of your computer and the browser you are using
- Country from which you access our website
- Name of your Internet provider
- Time zone difference to Greenwich Mean Time (GMT)
- Contents of the request (concrete page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Last visited website
- Language and version of the browser software
These data are processed for the purpose of enabling the use of our website or the service of the SUNNYCLOCK app (connection setup), ensuring system security and stability over the long term, optimising our offer and for internal statistical purposes. The legal basis for this are our legitimate interests.
These data will not be passed on to third parties or otherwise evaluated.
2.2 Contacting us
If you contact us by E-Mail or telephone, the following data provided by you will be processed for the purpose of processing your enquiry and handling it:
- E-Mail address
- Telephone number
Basis for the processing of your personal data is our legitimate interest in the processing of your request. If the purpose of contacting us is to fulfil a contract of which you are a contracting party or to carry out pre-contractual measures, this is an additional basis for the processing of your personal data.
You can object to this data processing at any time. Please send your objection to the following E-Mail address: firstname.lastname@example.org. In such a case, your enquiry will not be processed further.
2.3 Provision of Contractual Services
We also process your data for the purpose of fulfilling our contractual and pre-contractual obligations, in particular in connection with the provision of our services related to the SUNNYCLOCK app. The personal data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual relationship.
The personal data processed include:
- Master data (.e.g. name, address)
- Contact data (e.g. E-Mail address, telephone number)
- Contract data (e.g. services used, subject matter of contract, contractual communication, names of contact persons) and
- Payment data (e.g. bank details, payment history).
We generally do not process special categories of personal data unless they are components of a contractual processing.
When using our services, we may also save the IP address and the time of the respective user action. The legal basis for such storage is our legitimate interests as well as the interests of the users in the protection against misuse and other unauthorized use.
2.4 Market Research and Opinion Surveys
We collect personal data as part of market researches and opinion survues.
Basis for the processing of your personal data in the context of market research and opinion survues is your consent.
You will find detailed information, in particular on the categories of the data collected and on the evaluation of your data, within the scope of the respective poll or where you enter your data.
Your answers to survues will not be passed on to third parties or published.
You can revoke your consent at any time. Please send your revocation to the following E-Mail address: email@example.com.
3 General Information on Cookies
Most of the cookies we use are so-called session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the web session. This allows your mobile phone to be recognised when you return to the website. Session cookies are automatically deleted when you log out or close your browser.
Finally, we use performance cookies to collect information about how you use our services. Such cookies help us to improve our services. For example, we may use these cookies to determine whether you have visited a particular page.
Most browsers are regularly set to accept cookies. If you do not wish to accept cookies, you can set your browser so that it informs you when cookies are set and you can allow or generally exclude the acceptance of cookies in individual cases only. You can also activate the automatic deletion of cookies whenever you close your browser. You can also delete cookies that have already been set at any time via your browser or other software programs. However, the complete deactivation of cookies could result in individual functions of our website or SUNNYCLOCK app no longer functioning.
The following links will inform you about this possibility for the most used browsers:
- Microsoft Edge: https://support.microsoft.com/en-gb/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Opera: https://www.opera.com/de/terms
- Safari: https://www.apple.com/legal/privacy/en-ww/cookies/
4 Google Services
On the basis of our legitimate interests in the analysis, optimisation and economic operation of our services, we use the following services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), if you have your habitual residence in the European Economic Area (EEA) or Switzerland::
- Google Universal Analytics
- Google Firebase
- Google Ads
- Google Maps
In addition, we process personal data to provide our services in connection with the use of the SUNNYCLOCK app. The legal basis for the processing is therefore, in addition to the legitimate interests, the contract between you and SUNNYCLOCK.
4.1 Google Analytics 4
On our website we use Google Analytics 4, a web analytics service provided by Google, which enables an analysis of your use of our website.
In Google Analytics 4, the anonymisation of IP addresses is activated by default. This means that your IP address is shortened by Google within Switzerland or the EU/EEA before it is transmitted. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there.
All data processing described above, including data transmission by pings and the possible setting of Google Analytics cookies, will only take place if you have given your express consent.
Without your consent, Google Analytics 4 will not be used during your visit to the website. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the “Cookie Consent Tool” provided on the website.[SA2]
Demographic characteristics: Google Analytics 4 uses the special “demographic characteristics” function and can use this to generate statistics that make statements about the age, gender and interests of site visitors. This is done by analysing advertising and information from third-party providers. This allows target groups to be identified for marketing activities. However, the collected data cannot be assigned to a specific person and is deleted after being stored for a period of two months.
Google Signals: As an extension to Google Analytics 4, Google Sig-nals can be used on the website to have cross-device reports generated. If you have activated personalised ads and linked your devices to your Google account, Google can analyse your usage behaviour across devices and create database models, including cross-device conversions, in order to use Google Analytics 4. We do not receive any personal data from Google, only statistics. If you would like to stop the cross-device analysis, you can deactivate the “Personalised advertising” function in the settings of your Google account. Follow the instructions here: [UA] Enable Google Signals – Google Analytics Help.
UserIDs: As an extension to Google Analytics 4, the “Use-rIDs” function can be used on the website. If you log in with this account on different devices, your activities, including conversions, can be ana-lyzed across devices.
Google uses this information to evaluate your pseudonymous use of our websites, to compile reports on website activities and to provide us with further services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data, according to Google. When you visit our websites, your user behaviour is recorded in the form of events (such as page impressions, purchase activities including sales, interaction with the website or your “click path”) as well as other data such as your approximate location (country and city), technical information about your browser and the end devices you use or the referrer URL, i.e. via which website / advertising material you came to our website.
You can prevent the collection and transmission of the data generated by the cookie and related to your use of our website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on to deactivate Google Analytics. If you wish to object to the interest-based advertising by Google, you can use the settings and opt-out options provided by Google.
If you enable the storage of cookies, Google Analytics will retain your data for two months. Data for which the end of this retention period has been reached will be automatically deleted. An overview of the use of data in Google Analytics and the measures taken by Google to protect your data can be found in the Google Analytics Help.
4.2 Google Ads
On our website we use the Google service “Google Ads”. If you access our website via an ad placed by Google, Google Ads places a cookie (a so-called “conversion cookie”) on your computer.
If you visit certain pages on our website and the cookie has not expired yet, we and Google will know that you clicked on the ad and were directed to that page. Each Google Ads customer receives a different cookie. As a result, cookies cannot be tracked through Ads customer websites. The information collected through the Conversion cookie is used to compile conversion statistics for Ads customers. We learn through these statistics the total number of users who clicked on our ads and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that personally identifies users.
Based on the information collected, your browser is assigned categories relevant to your interests. These categories are used to display interest-related advertising.
You can generally prevent the storage of cookies by deactivating the storage of cookies in your browser. You can also object to interest-based advertising by Google Ads by making the appropriate settings at: https://adssettings.google.com.
Please note that you must not delete the opt-out cookies for as long as you do not wish to have measurement data recorded. If you deleted all your cookies in your browser, you will have to set the respective opt-out cookie again.
Further information on data processing and data protection within the framework of Google Ads can be found at https://policies.google.com/technologies/ads?hl=en.
4.3 Google Maps
We use the Google service “Google Maps” to visually display geographical information.
By using Google Maps, information about your use of our website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to a Google server, possibly in the USA or other third countries, and stored there. Google may store this data as usage profiles for the purpose of tailoring its services to your needs, advertising and market research. If you are registered with Google, your data will be assigned directly to your account. If you do not wish this, you must log out beforehand. If you do not agree to the processing of your data, you have the option of deactivating the Google Maps service and thus preventing the transmission of data to Google. To do this, you must deactivate the Java Script function in your browser. However, we would like to point out that in this case you will not be able to use Google Maps or only to a limited extent.
Further information on data processing and data protection by Google Maps can be found at http://www.google.com/intl/de_en/help/terms_maps.html and https://policies.google.com/privacy.
4.4 Push Notifications
You can sign up to receive our push notifications. For this purpose, we use the Google Firebase Cloud Messaging (Android) and Apple Push Notifications Service (iOS).
In order to register for the push notifications, you must confirm the request of your browser or end device to receive the push notifications. This consent process is documented and stored. This data is used on the one hand to be able to send you the push messages and on the other hand as proof of your registration. You can change the consent for notification by push messages at any time in the settings of the SUNNYCLOCK app or the operating system of your device.
5 Disclosure of Personal Data
As a matter of principle, we treat your personal data confidentially and only pass it on if you have expressly consented to this, if we are obliged or entitled to do so by law or if this is necessary to enforce our rights, in particular to enforce claims arising from a contractual relationship.
In addition, certain tasks and services (e.g. hosting) are performed by trustworthy third parties that have been commissioned by us. However, this is only done to the extent necessary for the performance of the services and in accordance with the obligations arising from the present data protection declaration. These third-party providers are obliged to protect the data based on a data processing agreement according to the applicable data protection law. In addition, these service providers are carefully selected and regularly reviewed by us to ensure that the privacy of our users is protected.
If the level of data protection in a country in which the data is processed does not comply with the applicable data protection provisions, we will contractually ensure that the protection of your personal data corresponds to that in Switzerland or the European Economic Area (EEA) at all times.
6 Stored Period
As soon as your personal data is no longer required for the above-mentioned purposes or a mandatory retention period expires, your personal data will be, where possible, deleted or blocked.
If we store your personal data on the basis of a contractual relationship, this data will be stored at least as long as the contractual relationship exists and as long as limitation periods for possible claims from us or legal or contractual storage obligations.
7 Data Security
We implement technical and organizational measures to protect your personal data against manipulation, loss, destruction or against access by unauthorized persons. This includes, among other things, the use of recognized encryption methods (e.g. TLS encryption).
Our security measures are continuously improved according to technological developments.
We also take our own internal data protection seriously. Our employees and the service companies commissioned by us are bound to secrecy and to compliance with data protection regulations. In addition, they will only be granted access to your personal data if necessary.
8 Use of the Website by Minors
The website and the SUNNYCLOCK app are aimed at an adult audience. It is forbidden for minors, especially children under the age of 16, to transmit their personal data to us or to register for a service without the consent of their parents or guardians. If we discover that such data has been transmitted to us, they will be deleted. The parent (or legal representative) of the child may contact us and request deletion or unsubscription. In order to comply with such a request, we need a copy of an official document that identifies you as a parent or guardian.
9 Links to Websites of other Providers
Our website may contain links to other websites which are not covered by this privacy statement. After clicking the link, we no longer have any influence on the processing of any data transmitted by third parties (such as the IP address or URL), since the behavior of third parties is naturally beyond our control. We therefore cannot assume any responsibility for the processing of your personal data by third parties. If the collection, processing or use of your personal data is associated with the use of the websites of other providers, please refer to the data protection information of the respective providers.
Illegal contents were not recognizable at the time of linking. A permanent control and examination of the contents of the linked pages without concrete evidence of a violation of the law is, however, not reasonable. As soon as we become aware of any violations of the law, such links will be removed immediately.
10 Provision and Services of the SUNNYCLOCK App
10.1 Download of the SUNNYCLOCK App
When downloading the SUNNYCLOCK app, the necessary information is transmitted to the respective App Store (e.g. Google Play or Apple App Store), that is according to the best of our knowledge:
- E-Mail address
We have no influence on this data collection by the App Store and are not responsible for it. We process the data only to the extent necessary to download the SUNNYCLOCK app on your mobile phone.
Further information can be found in the privacy statements of the App Store operators:
- for the iOS App Store: Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA, available at https://www.apple.com/legal/privacy, as well as
- for the Google Play Store: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA or, if you have your habitual residence in the European Economic Area (EEA) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, available at https://policies.google.com/privacy
10.2 Web Events
The SUNNYCLOCK app allows you to share events and the following data with non-users via a web link in order to plan events with people outside the app. The following data will be shared via the weblink with anyone who receives the weblink:
- Name of the event
- Image of the event
- Invitation text
- Location of the event
- Date of the event
- User name and picture of the participants
Each web event is initially created by an administrator of the group and then the participants of a group can share the web link to the web event from the app. A web event and all its data will be deleted 2 weeks after the last date of the event (including guest list emails).
10.2.1 Guest List
An entry in the guest list of a web event can be completed with name and e-mail address. The guests’ e-mails are used for identification and communication. The guest list is deleted 2 weeks after the last date of the event or when the event is deleted by the administrator.
10.3 Registration, Access Permission and Use of the SUNNYCLOCK App
We process personal data so that we can operate, offer, improve, understand, individualize, support and market our services. This is based on our legitimate interest in doing business sustainably and improving the user experience of the SUNNYCLOCK app.
The types of information we receive and collect depend on how you use our service and can be divided into the following categories:
- Data related to registration and;
- Data related to access authorisation and;
- Data related to the current use of the SUNNYCLOCK app.
In order to use our SUNNYCLOCK app and services, you must register by providing personal data. The following personal data is entered into an input mask of the SUNNYCLOCK app or service and transmitted to us, processed and stored:
- Profile name*
- Device detections*
- Profile photos
- Mobile phone number of the user*
- Consent age*
The fields marked with * are mandatory fields and required to provide you with our services. If you do not enter this data, you will not be able to create a user account. You can enter all other information voluntarily.
10.3.2 Access Permissions
For full functionality, the SUNNYCLOCK app requires different access permissions on your mobile phone. When the SUNNYCLOCK app accesses the respective function, you will therefore be prompted to activate the access authorization if the access authorization has not yet been granted.
The SUNNYCLOCK app requires the following authorizations:
- Contact access: This is required to display your personal contacts in the SUNNYCLOCK app. The contact data are compared with the registered SUNNYCLOCK users. This is done by only using the phone numbers in an encrypted way. After identifying the users within the phone number list, the list gets immediately deleted from the server.
- Library/photo access: This is required so that you can share photos or content with other users.
- Location access: This is required to enable location-related services, such as specifying an event location.
- Camera Access: This is needed to create photos and videos.
- Microphone access: This is required to create voice messages.
- Calendar Access: This is required to display existing calendar entries in the SUNNYCLOCK app and create new calendar entries based on the SUNNYCLOCK events. The existing calendar entries from users’ local calendars are not synchronized with the SUNNYCLOCK cloud, but only remain locally on your mobile phone.
- SMS/telephone access: This is needed to send predefined messages to friends when sending SMS invitations.
10.3.3 Ongoing Use of SUNNYCLOCK App and Services
The following data may be collected, processed and stored for each subsequent access to or ongoing use of our SUNNYCLOCK app and services, provided you make them available to us:
- Date and time of registration
- Digital content (e.g. photos, videos, links, files, documents, voice messages, surveys, calendar entries (display only), group names, event names, event location, event dates, appointments and cancellations, task lists, pin contents, comments on pins and contents of event galleries)
- Location of the user
- Groups and distribution lists
- Mobile phone identity identification and version of operating system used
- Used version of SUNNYCLOCK apps and services
- Log files of service life, volume and intensity
- Log files about successful execution of commands or delivery/retrieval/storage of information
We also receive information about you from other users and companies. For example, when other users or companies you know use our services, they may provide your phone number, name and other information as well as you may provide theirs, or you may send a message to yourself or messages to groups to which you belong.
This data is processed to provide our services. This forms our legitimate interest in the data processing. If the processing serves the fulfilment of a contract to which you are a party, it is an additional basis for the processing of your personal data.
10.4 Loyalty Contest
By participating in the loyalty contest, the user gives SUNNYCLOCK permission to use his/her telephone number from the app registration to contact him/her in the event of a win. Every web event automatically participates in the loyalty contest.
10.5 Push Notifications
Our SUNNYCLOCK app offers you the possibility to receive current information about our offers, news and relevant advertising by means of so-called push-notifications. Push-notifications are messages that appear on your mobile phone without opening the respective SUNNYCLOCK app.
We use the Google Firebase Cloud Messaging (Android) and Apple Push Notifications Service (iOS) services to send push messages (see section 4.4). For this purpose, individual identification numbers are assigned for each mobile phone during the SUNNYCLOCK app installation for iOS devices and Android devices (so-called “device token” or “instance ID”). No further data is collected.
When a push-notification is sent, the message text and the respective identification number are transmitted to the Google or Apple servers, which then send the message to the users’ devices.
You can activate or deactivate push notifications at any time as follows:
- The SUNNYCLOCK app can be found after installation on your mobile phone under the menu item “Settings”. There you can set the receipt of push notifications at any time under “SUNNYCLOCK App Settings > Notifications”.
- You can also set the receipt of push notifications on your mobile phone under the menu item “Settings” of your mobile phone and there under “Notifications”.
10.6 Encryption and End-to-End Encryption
All data sent directly from a chat text field are end-to-end encrypted, i.e. all texts, links to images and videos, audio messages, positions on maps and web links of the group chat and all comments of proposals, tasks and gallery media are sent end-to-end encrypted. Additionally, all chat media and gallery media is encrypted and can only be viewed by group participants.
10.7 Storage and Deletion of Data
In order to maintain a good balance between data use and privacy, we have established the following rules for the storage of data:
- Profiles of users who have uninstalled the SUNNYCLOCK app will remain on the servers for a maximum of 90 days, after which these accounts will be deactivated and deleted.
- All types of chat messages and media, comments and event gallery media will remain on the servers for a maximum of 30 days.
- The media in tasklists and polls remain on the servers until they are actively deleted by the administrator, but for a maximum of 720 days after the last activation of the item.
- Groups remain on the servers until the last user of a group leaves.
- Events of groups remain on the servers until they are actively deleted by the administrator or until a group is deleted.
Via Settings/Data storage in the menu of the SUNNYCLOCK app, contents of the groups can be actively deleted. All your data will be deleted locally on your phone as well as all your created chat elements and comments which are still on the chat server. Items created by you such as task lists and survues can only be deleted from the item itself. The deletion of these items is not possible via Settings.
When you delete your account, the following data will be deleted from our servers:
- Profile name, profile photo, telephone number
- You will be removed from all groups and events
Messages and media sent by you may still exist on the group members’ phones despite deletion:
- Tasklists and polls are not automatically deleted when an account is deleted. As long as the poll or to-do list still belongs to an active group or an event of an active group, the tasklist and polls remain. These items can only be actively deleted from the item itself.
- Existing groups administered by the account to be deleted are retained. The administration rights are automatically assigned to other members of the group.
11 Your Rights
11.1 Right of Access
You have the right to request information from us about whether and if so, which personal data concerning you we process.
11.2 Right to Rectification
You have the right to demand the rectification of your incorrect personal data and, if necessary, the completion of incomplete personal data in our systems.
11.3 Right to Erasure
You have the right to demand that your personal data be deleted, for example if the data is no longer needed for the purposes pursued. However, if we are obliged or entitled to keep your personal data due to legal or contractual obligations, we cannot restrict or block your personal data in these cases.
11.4 Right to Restriction of Processing
You have the right to demand that we restrict the processing of your personal data. In such a case, our SUNNYCLOCK apps and services can no longer be provided or used.
11.5 Right to Data Portability
You may have the right to receive your personal data, which we process automatically on the basis of your consent or to fulfil a contract, in a structured, common and machine-readable format or to request the transfer of this data to a third party. If you request the direct transfer of personal data to another controller, this will only take place as far as technically feasible.
11.6 Right to Object
You have the right to object to the processing of your personal data at any time in accordance with legal requirements. In such a case, our SUNNYCLOCK apps and services can no longer be provided and used.
11.7 Withdrawal of Consent
You have the right to withdraw your consent to the processing of your personal data at any time, in principle with effect for the future.
11.8 Right to Lodge a Complaint
If the GDPR is applicable, you have the right to lodge a complaint with a competent supervisory authority if you are of the opinion that the processing of your personal data violates data protection regulations.
The current status is 21.09.2023