LEGAL

With this data protection declaration, we would like to inform customers, suppliers, applicants, website visitors (vysion.agency), and other business partners about how we process personal data. Protecting your privacy is of utmost importance to us, which is why compliance with data protection regulations is a matter of course for us.

Name and contact details of the controller

MYTY Group AG

Dufourstrasse 49

8008 Zurich

MYTY Group Germany GmbH

Alte Jakobstrasse 85-86

10179 Berlin

Represented by David Rost, Fabian Moritz, Nico Gärtner

2. DATA PROTECTION OFFICER

Should you have any questions about our data protection measures, the processing of your data, or the exercise of your data subject rights, you can contact us and our data protection officer as follows:

External Data Protection Officer

ePrivacy GmbH

Represented by Prof. Dr. Christoph Bauer

Burchardstraße 14

20095 Hamburg

For all questions and concerns regarding your data, please contact compliance@myty.com.

Should you wish to communicate directly with our Data Protection Officer (for example, because you have a particularly sensitive matter), please contact them by mail, as email communication can always have security vulnerabilities. Please indicate in your inquiry that your request relates to MYTY Group AG or MYTY Group Germany GmbH.

Representatives of controllers or processors not established in the Union (Article 27 GDPR):

ePrivacy GmbH

Burchardstraße 14

20095 Hamburg

Germany

www.eprivacy.eu/en/legal

3. PERSONAL DATA

Personal data is any information relating to an identified or identifiable natural person. This includes the following categories of personal data that we process:

Contact details (such as first and last name, address, email address, telephone number, other contact details, information about the contact channel, date, reason and outcome, (electronic) copies of correspondence, and information about participation in direct marketing activities),
Your correspondence with us,
Log files with information about your visit to our website,
Identification numbers (such as social security number, tax number, tax ID, passport or identity card number, insurance numbers),
Payment details (such as account number, credit card number, financial institution, direct debit details, tax information),
Online identifiers (such as cookie IDs, IP addresses, advertising IDs),
Customer data (such as billing details, address, payment details),
Authentication data (e.g., signature sample),
Contract master data (order data, data from the fulfillment of our contractual obligations, information on any Third-party beneficiaries),
Documentation data (e.g., logs),
Product data (e.g., requested or booked services and products),
Business creditworthiness documents (income/expense statements, balance sheets, business analyses, type and duration of self-employment),
Application data (e.g., cover letter and resume, awards (e.g., certificates and diplomas), possibly a photo, and any voluntarily provided personal data).

4. USE OF COOKIES

General information about cookies

Cookies are data records that are stored in the browser's databases. For example, user identification numbers are stored here, which are transmitted to the user's computer when using the website and managed there. The data records are kept there for later access. Typical uses of cookies include language selection, documentation of consent, or user authentication.

Session cookies

Session cookies are stored for the duration of a website visit and then automatically deleted. when the browser is closed. They ensure, for example, that video and audio files can be played, that your user input is temporarily stored during the input period, and thus improve user-friendliness.

Persistent Cookies

Persistent cookies remain on your device even after the browser is closed. These cookies can, for example, store your user preferences, such as language settings, and analyze user behavior on our website. The storage duration of persistent cookies is set individually for each cookie. After the expiry date, they are automatically deleted.

Information about the individual cookies, including their lifespans, can be found within the cookie banner. You can also change or withdraw your consent for the setting of cookies there.

5. PURPOSES OF USE

We process your data for the following purposes:

to correspond with you,
to process contracts with you,
for advertising purposes, such as sending our newsletter,
for quality assurance and statistics,
for providing our service,
for your participation in any prize draws,
for your participation in our events,
for your participation in our surveys,
for considering your application,
for improving our service

6. LEGAL BASIS

We rely on the following legal bases for processing your data:

Your consent, if you have given us such consent (Art. 6 para. 1 lit. a) GDPR),
the initiation or performance of a contract with you (Art. 6 para. 1 lit. b) GDPR),
the fulfillment of legal obligations (Art. 6 para. 1 lit. c) GDPR),
the implementation of our legitimate interests (Art. 6 para. 1 lit. f) GDPR)

7. LEGITIMATE INTERESTS

The processing of your data is intended to safeguard the following legitimate interests:

the improvement of our services,
the protection of our systems against misuse,
the creation of statistics,
the storage of our Correspondence with you,
Review and optimization of procedures for needs analysis and direct customer contact,
Advertising or market and opinion research,
Assertion of legal claims, defense in legal disputes, defense against liability claims,
Consultation of and data exchange with credit agencies,
Prevention and investigation of criminal offenses,
Video surveillance to protect property rights and to collect evidence in criminal cases,
Measures for building and office security,
Measures to ensure property rights,
Measures for business management and further development of services and products,
Risk management within the corporate group,
Own statistical purposes with anonymized data,
Ensuring IT security and IT operations

8. REQUIREMENT OR OBLIGATION TO PROVIDE DATA

Unless expressly stated otherwise, providing your data is neither required nor obligatory.

9. DATA SOURCES

Unless we obtain the data directly from you or via the devices you use, it originates from the following sources:

Master data of companies and self-employed individuals from publicly accessible official sources,
B2B contact data from specialized service providers,
Social media profiles

10. . RETENTION PERIOD

We store your data:

If you have consented to the processing, for no longer than until you withdraw your consent;
If we need the data to perform a contract, for no longer than the duration of the contractual relationship with you;
If we use the data based on a legitimate interest, for no longer than until your interest in deletion or anonymization outweighs our legitimate interest;
If statutory retention obligations exist, until the end of the retention periods.

If statutory retention obligations exist,

11. DATA RECIPIENTS

When processing your data, we work with the following service providers who have access to your data:

Candis

We use the Candis service from Candis GmbH (Karl-Liebknecht-Str. 5, 10178 Berlin, Germany) to automate our incoming invoice management. The service processes invoice data (creditor, amounts, line items) that it extracts from documents using AI, as well as master data and data from the digital approval process. This serves the purpose of efficient, GoBD-compliant processing and archiving of incoming invoices. You can find further information on the provider's data protection policy here.

ChatGPT

We use the ChatGPT service from OpenAI, L.L.C. (3180 18th Street, San Francisco, CA 94110, USA) to generate, edit, and summarize texts using artificial intelligence. This primarily involves processing the user-entered prompts and the resulting responses. In addition, account information is collected for managing the user account, as well as technical usage data to ensure and improve the service. You can disable the use of conversations for training the models in the settings. Further information about the provider's privacy policy can be found here.

DocuSign

We use the DocuSign service from DocuSign Germany GmbH (c/o Bird & Bird LLP,
Maximiliansplatz 22, 80333 Munich, Germany) to centrally process documents, perform digital signature processes, and verify identities. This involves collecting the data contained in the documents, such as contract and ID data, as well as signatures. Further information about the provider can be found here.

Figma

We use the Figma service from Figma, Inc. (760 Market St, Floor 4, San Francisco, CA 94102, USA) as a collaborative platform for creating and editing designs, graphics, and prototypes. This involves processing user-created or uploaded content (e.g., design files, components, comments). In addition, profile data is used for team management.Member and usage data are collected to analyze platform usage. Further information on the provider's data protection policy can be found here.

Google Workspace

We use Google Workspace from Google Cloud EMEA Limited (70 Sir John Rogerson's Quay, Dublin 2, Ireland) as a business tool that includes collaboration tools such as Gmail, Google Calendar, Google Meet, Chat, Drive, Docs, etc. The following data is collected, among other things: contact information, communication content, project data, etc. Further information on the provider can be found here.

Hintbox

We use the Hintbox service from lawcode GmbH (Universitätsstraße 3, 56070 Koblenz, Germany) to provide our digital whistleblower system in accordance with legal requirements. The content of submitted reports and subsequent communication are processed. The system is designed for maximum confidentiality and to protect the anonymity of the whistleblower, including through end-to-end encryption. Further information on the provider's data protection policy can be found here.

HubSpot – CRM

We use the CRM platform from HubSpot Germany GmbH (Am Postbahnhof 17, 10243 Berlin, Germany) as our CRM platform, with its integrations and resources to connect and manage marketing, sales, content management, and customer service in one place. The following data may be collected: contact information (name, email address, phone number, and similar information). For more information about the provider, please see the HubSpot Privacy Policy.

Lucanet

We use the Lucanet service from Lucanet AG (Karl-Liebknecht-Str. 14, 10178 Berlin) for the purpose of providing consulting services, including planning, expert advice, guidance/training, data collection and validation, data migration, implementation, troubleshooting, and software development/provision of financial performance management software for the creation of consolidated financial statements, financial planning, analysis, and reporting within Lucanet. Cloud services, including the provision of the Lucanet server (Lucanet.Financial OLAP Server and Lucanet.Financial Warehouse) in the form licensed, configured, and used by the responsible party and its users; troubleshooting (prevention, detection, and resolution of technical problems); continuous product improvements, including the provision of updates; and ensuring the reliability, quality, and security of the licensed product/service agreed upon in the partner agreement or pre-contractual services. This involves collecting the data recorded in the documents, such as name, contact details (email address, telephone number, postal address), communication data, etc. Further information about the provider can be found here.

Mailchimp

We use the Mailchimp service provided by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, to send our newsletter and measure open and click-through rates. Mailchimp is a US-based service, and to ensure an adequate level of data protection when processing personal data, we have entered into standard contractual clauses with Mailchimp (Rocket Science Group, LLC) as part of our data processing agreement. If you have subscribed to our newsletter, we will forward your email address to Mailchimp (Rocket Science Group, LLC). You can find more information about the provider here.

Microsoft 365, Azure, Power BI

We use the services of Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) to operate our office applications, cloud infrastructure, and data analytics. These platforms are used for creating and editing documents, internal and external communication, and the provision and management of our IT systems. Different data is processed depending on the service. This includes, in particular, user-created or uploaded content (e.g., emails, documents, Teams messages, analytics datasets) that is stored and processed in the Microsoft Cloud. In addition, Microsoft processes account information, usage data, and diagnostic data to manage user accounts and ensure service availability. Further information on the provider's privacy policy and the EU data boundary can be found here and here.

Mistral Le Chat

We use the Le Chat service from Mistral AI (15 Rue des Halles, 75001 Paris, France) for tasks requiring artificial intelligence for text generation. Processing is limited to user-entered queries and the technical data necessary to process these queries. According to the provider, data submitted via the enterprise solutions is not used for training the models.Further information on the provider's data protection policy can be found here.

Notion

We use the services of Notion Labs, Inc. (685 Market Street, San Francisco, CA 94105 USA) as our CRM platform, with the integrations and resources to connect and manage marketing, sales, content management, and customer service in one place. The following data may be collected: contact information (name, email address, phone number, online username(s), and similar information). For more information about the provider, please visit: Notion Privacy Policy.

Personio

We use the Personio service from Personio SE & Co. KG (Seidlstraße 3, 80335 Munich, Germany) for personnel administration and development, time tracking, vacation management, payroll, and applicant management. The following data is collected: employee master data (in particular, name, address, date of birth, telephone number), contract master data (in particular, information on professional qualifications and education, information on professional development, other documents, employment contracts and certificates concluded or issued between the client and its employees), payroll and performance data (in particular, bank details, absences, vacation schedules, sick leave notifications, working hours, employee evaluations), payroll data, contract billing and payment data. Further information about the provider can be found here.

Sage GmbH

We use software from Sage GmbH (Franklinstrasse 61-63, 60486 Frankfurt am Main, Germany) for our business processes such as financial accounting, inventory management, and payroll. This involves processing central company data. Depending on the module, this includes financial accounting data (journal entries, accounts), inventory management data (customers, items, orders), and sensitive employee data for payroll processing. Further information about the provider's data protection policy can be found here.

SalesViewer

We use the "SalesViewer" service from SalesViewer GmbH (Universitätsstraße 60, 44789 Bochum, Germany) to analyze user behavior on our website and identify the companies that visit our site. Data is collected and stored for marketing, market research, and optimization purposes. This involves the use of JavaScript-based code to collect and utilize company-related data. The collected data includes, for example, the company name, its industry, address, and information about visitor behavior on the website (e.g., pages visited). According to the provider, the data is used exclusively to identify potential business customers and is not used to identify individual private website visitors. For more information about the provider, please see: SalesViewer Privacy Policy.

Slack

We use the Slack service from SFDC Ireland Limited (Salesforce Tower, 60 R801, North Dock, Dublin, Ireland) as a central platform for internal and external company communication. All user-shared content, such as messages and files, as well as account information (name, profile picture) and technical usage data, are processed. The purpose is to enable fast and transparent communication within teams and projects. Further information on data protection, particularly regarding data residency options, can be found here.

Travelperk

We use the Travelperk service provided by TravelPerk, S.L.U. (Carrer dels Almogàvers 160, 08018 Barcelona, ​​Spain) to centrally book and manage business trips. This involves processing travelers' personal data (e.g., name, contact details, identification information), the respective travel details (flights, hotels), and the payment information necessary for billing. Further information on the provider's data protection policy can be found here.

Yokoy

We use the Yokoy service provided by Yokoy Group AG (Förrlibuckstrasse 181, 8005 Zurich, Switzerland) for the automated management of employee expenses. Data from receipts and invoices, extracted using AI, as well as associated employee and travel data, are processed. The goal is to simplify and accelerate the entire expense process from submission to posting. Further information on the provider's data protection policy can be found here.

12. TRANSFER TO THIRD COUNTRIES

Data is transferred to countries outside the European Economic Area. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can ensure the careful handling of personal data through contractual agreements or other suitable safeguards, such as certifications or proven compliance with international security standards.

Schweiz (Adequacy finding by the European Commission of 15 January 2024)
USA USA (Standard contractual clauses and additional safeguards in conjunction with the adequacy decision on the EU-U.S. Data Privacy Framework of 28 February 2023)

13. YOUR RIGHTS

As a data subject, you have the following rights:

To request information about the processing of your data and to receive a copy of your personal data. You can request information about, among other things, the purposes of the processing, the categories of personal data being processed, the recipients of the data (if data is disclosed), the storage period, or the criteria used to determine that period;

To receive the personal data concerning you in a structured, commonly used, and machine-readable format or to transmit it to another controller;

To rectify your data. If your personal data is incomplete, you have the right to have it completed, taking into account the purposes of the processing;

to have your data deleted or blocked;
to restrict processing;
to object to the processing of your data;
to withdraw your consent to the processing of your data for the future;

and

to lodge a complaint with the competent supervisory authority regarding unlawful data processing.

14. SENSITIVE DATA

Security measures are in place to protect the confidentiality of your data.