Privacy Policy
HOW WE PROTECT YOUR DATA
At BrainE4, your privacy is our top priority. Your privacy is at the centre of the way we design and build our services and products.
We appreciate the trust you place in us by providing us with your data. And believe us, we do not take this lightly.
We do not compromise on your privacy. We design all our products and services with your privacy in mind. We incorporate legal, compliance, IT engineering and product design to ensure that no decision is made without consideration for your privacy.
We endeavour to be transparent in the way we process your data. As we use many of the same online services as you, we know that insufficient data and overly complicated language are common problems with privacy policies. We have therefore taken exactly the opposite approach: we have written our privacy policy and related documents in the most understandable language possible and want you to be able to read our policies and understand our privacy practices!
We go to great lengths to protect your data. We make sure that your data is safe and secure. We are constantly updating our security practices and investing in our security efforts to increase the protection of your data.
OUR PRIVACY POLICY
Welcome to the BrainE4 privacy policy. Thank you for taking the time to read it.
We greatly appreciate the fact that you entrust us with your data and always endeavour to do justice to your trust. This certainly starts with ensuring that you understand what data we collect about you, why we collect the data, how we use the data and what choices are available to you regarding that data. This policy describes our data protection practices in plain language, with legal language and jargon deliberately kept to a minimum.
This privacy policy applies from 16 June 2024.
DATE OF ENTRY INTO FORCE: 16 June 2024
1. WHO WE ARE
The controller of your data is, in accordance with this Privacy Policy (the "Data Controller"):
BrainE4 International AG
Alte Steinhausersstrasse 1
6330 Cham
Schweiz
Representative in the EU:
Prof. Dr. Lin Himmelmann
Strandweg 27
78476 Allensbach
Germany
Contact details of the Swiss supervisory authority:
Federal Data Protection and Information Commissioner
Feldeggweg 1
3003 Berne
Switzerland
2. SCOPE OF THE PRIVACY POLICY
This Privacy Policy applies to all processing activities relating to personal data:
- Visit our website,
- Use of our apps,
- Participation in events and
- other services from BrainE4
For the sake of simplicity, we refer to all of these in this Privacy Policy as our "Services". To make this clear, we have added links to this Privacy Policy on all applicable Services.
Depending on the data processing, in addition to the applicable Swiss law (Federal Act on Data Protection (FADP) of 19 June 1992, SR 235.1), European data protection law (Regulation (EU) 2016/679 (General Data Protection Regulation)) may also or exclusively apply.
3. RECORDED DATA
We need some data about you, such as basic information about your user profile, your questions, answers and voting behaviour for better answers. We also collect data that is generated when you use our services, for example access logs, as well as data from third parties, for example if you access our services via a social media account. Further information can be found below.
Data that you make available to us
When using our services, you decide to provide us with certain data. These include:
- When you visit our website, the IP address of the requesting computer, the date and time of access, the name and URL of the retrieved file, the website from which access is made and the browser type and version are recorded without any action on your part and stored until they are automatically deleted.
- When you create an account, you provide us with at least your login details and some basic information required for the service to function, such as your gender and age.
- If you are only taking part in a Insight Hub, please give us at least your e-mail address.
- When you create your profile, you can provide us with additional data, such as your area or other personal details, as well as photos. To add certain content such as photos, you can authorise us to access your camera and photo album. Some of the information you voluntarily provide may be considered "special" or "confidential" in some jurisdictions, such as information about your race or ethnicity. By choosing to provide this information, you consent to the processing of this information by us.
- When you subscribe to a paid service or make a purchase directly from us (and not via a platform such as iOS or Android), you provide us or our payment service provider with data such as your debit or credit card number or other financial information.
- When you take part in a Insight Hub, you inform us about your opinion of our products and services, answer our questions and create testimonials.
- If you decide to take part in our promotions, events or competitions, we collect the data you use to register or take part, usually your surname, first name, email address and date of birth.
- If you contact us or book an appointment, we collect the data that you provide to us during the interaction. If you book your appointment online, we collect your email address, your name and your enquiry. Sometimes we monitor or record these interactions. This is done for training purposes and to ensure our high quality services.
- If you ask us to communicate with other people or otherwise process other people's data, we will collect the data to fulfil your request that you provide to us about other people.
- As part of our services, we naturally also process the e-mails and enquiries you send to and from other users as well as the content you publish.
Data we receive from others
In addition to the data that you provide to us directly, we also receive data about you from others:
-
Other users
Other users may provide us with data about you while using our services. For example, we may collect information about you from other users when they contact us about you.
-
Social media
You may be able to use your social media credentials (such as Facebook) to create and log in to your BrainE4 account. This means you do not have to remember additional usernames and passwords and can share some of the data from your social media user profile with us.
-
Other partners
We may also receive data about you from our partners, for example when BrainE4 adverts are published on partner websites and platforms (in which case the partner may pass on data about the success of the campaign to us).
Data that is collected when you use our services
When you use our services, we collect data about which functions you have used, how you have used them and which devices you use to access our services. Further details on this can be found below:
-
Application information
We collect data about your activity on our services, for example, how you use them (e.g. IP address, date and time you logged in, features you used, search queries, clicks and pages you viewed, referring website addresses you clicked on) and how you interact with other users (e.g. users you contact and interact with, time and date of your interactions, number of messages you send and receive).
We may collect your photos (e.g. if you wish to publish a photo in the services).
4. COOKIES AND SIMILAR DATA COLLECTION TECHNOLOGIES
We use cookies and similar technologies (e.g. web beacons, pixels) to recognise you and/or your device(s) and may also allow third parties to do so. Please read our Cookies Policy for more information about why we use these technologies (for example, to verify you and remember your preferences and settings, to analyse website traffic and trends, to run advertising campaigns and assess their effectiveness, and to enable you to use social features) and how you can better control their use through your browser settings and other tools.
Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) have a "Do Not Track" ("DNT") feature that lets a website know when a user does not want his/her online activity to be tracked. If a website that responds to a DNT signal receives a DNT signal, the browser can prevent that website from collecting certain data about the browser user. Not all browsers have a DNT option and DNT signals are not yet standardised. For this reason, many companies, including BrainE4, do not currently respond to DNT signals.
5. USE OF THE DATA
The main reason for using your data is to provide and improve our services. In addition, we use your data to protect you and to provide you with the type of information that may be of interest to you. If you would like a more detailed explanation of the many reasons we use your data and are interested in some practical examples, please read on.
To manage your account and provide you with our services
- To create and manage your account.
- To look after you as a customer and respond to your enquiries.
- To execute your transactions.
- To talk to you about our services, including order management and invoicing.
To help you get the best ideas
- We analyse your user profile, your activities on the service and your preferences to gather the best ideas.
- To ensure a consistent experience across your devices.
- To link the different devices you use so that you can use our Services in the same way on all of them. We do this by linking devices and browser data, for example, if you access our services from different devices or by using, in whole or in part, IP addresses, browser version and similar data about your devices to identify and link them.
To be able to offer you new services from BrainE4
- Register and display your user profile on new BrainE4 functions and applications.
- Manage your account on these new features and applications.
To improve our services and develop new ones
- To manage stakeholders and Feedback Dialogues.
- To conduct research and analysis on user behaviour to improve our services and content (for example, we may decide to change the design of a feature or the feature itself based on user behaviour).
- To develop new features and services (for example, we may decide to develop a new web-based feature in response to user requests).
To prevent, detect and combat fraud or other illegal or unauthorised activities
- To respond to actual or suspected misconduct on and off the platform.
- To conduct data analyses so that we can better understand such activities and develop measures against them.
- To store data in relation to fraudulent activities so that repetitions can be avoided.
To comply with legal regulations
- In order to fulfil legal requirements.
- To support criminal prosecutions.
- To enforce or exercise our rights, for example in relation to our terms of use.
In order to process your data as described above, we rely on the following legal bases:
- Contract fulfilment or pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b GDPR): Most of the time, the reason why we process your data is to fulfil the contract you have with us. For example, if you use our service to better understand the stakeholders, we use your information to maintain your account and user profile and to make your questions and ideas visible to other users.
- Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR): We may use your data wherever we have a legitimate interest in doing so. For example, we analyse the behaviour of users of our services in order to continuously improve our offers, we suggest offers that we believe may be of interest to you and we process information for administrative, fraud and other legal purposes.
- Consent (Art. 6 para. 1 sentence 1 lit. a GDPR): From time to time, we may ask for your consent to use your data for certain specific purposes. You can withdraw your consent at any time by contacting us at the address provided at the end of this Privacy Policy.
6. PASSING ON THE DATA
Since our goal is to know what your stakeholders think, the main part of sharing user information is, of course, sharing it with other users. We also share some user information with service providers and partners who help us operate the services, and in some cases with law enforcement agencies. Read on to learn more about how your information is shared with others.
To other users
You share data with other users when you voluntarily disclose data about the Service (including your public profile, questions and ideas). Please be careful with your information and make sure that the content you share is designed in a way that you feel comfortable sharing publicly, as neither you nor we can control what others do with your information once you have shared it.
To our service providers and partners
We work with third parties to help us operate and improve our services. These third parties assist us with various tasks, including data hosting and maintenance, analytics, customer support, payment processing and security operations.\
We follow a strict vetting process before engaging a service provider or working with a partner. All our service providers and partners must agree to strict confidentiality obligations.
For corporate transactions
If we are involved in whole or in part in a merger, sale, acquisition, disposal, restructuring, reorganisation, dissolution, insolvency or other change of ownership or control, we may also disclose your data.
If required by law
We may disclose your information if reasonably necessary: (i) to comply with legal process, such as a court order, subpoena or search warrant, government/criminal investigation or other legal process; (ii) to assist in the prevention or detection of crime (in each case, as required by applicable law); or (iii) to protect the safety of another person.
To enforce legal rights
We may also share information: (i) when disclosure would reduce our liability in an actual or threatened legal proceeding; (ii) when necessary to protect our legal rights and the rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent or take other action regarding illegal activities, suspected fraud or other wrongdoing.
With your consent or at your request
We may ask you for your consent to pass on your data to third parties. In such a case, we will make it clear why we wish to pass on the data.
We may use and disclose non-personal data (i.e. data that does not in itself identify who you are, such as general demographic data, general behavioural data, geolocation in anonymised form) and personal data in "hashed", non-human readable form in all of the above circumstances. For more information about our use of cookies and similar technologies, please see our Cookie Policy.
7. CROSS-BORDER DATA TRAFFIC
The data exchanges described in Section 6 sometimes involve cross-border data transfers, e.g. to the United States of America and other jurisdictions. For example, if the Service allows users to be located in the European Union ("EU"), their personal data will be transferred to countries outside the EU. We use European Commission-approved Standard Contractual Clauses or other appropriate safeguards to enable data transfers from the EU to other countries. Standard Contractual Clauses are commitments between organisations that transfer personal data that require them to protect the privacy and security of your data.
8. YOUR RIGHTS
As a data subject, you may assert various claims against us in accordance with the applicable national and international law.
We may process your personal data again to fulfil these claims.
Depending on the applicable law, data subjects may be able to assert the following rights:
- to request information about your personal data processed by us. In particular, information in accordance with Art. 15 GDPR may contain information:
- on the purposes of processing
- the category of personal data
- the categories of recipients to whom your data has been or will be disclosed
- the planned storage period
- the existence of a right to rectification, erasure, restriction of processing or objection
- the existence of a right of appeal
- the origin of your data if it was not collected by us
- the existence of automated decision-making, including profiling and, where applicable, meaningful information about its details
- to immediately request the correction of incorrect or incomplete personal data stored by us (Art. 16 GDPR)
- to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR (Art. 18 GDPR).
- to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request the transmission to another controller (Art. 20 GDPR)
- to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims (Art. 17 GDPR)
- to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future (Art. 7 para. 3 GDPR)
- object to the processing if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR (Art. 21 GDPR) and if there are reasons for this arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
- to lodge a complaint with a supervisory authority (Art. 77 GDPR).
9. RESIDENTS OF CALIFORNIA
If you are a California resident, you may request a notice disclosing the categories of personal information about you that we have shared with third parties for their direct marketing purposes during the preceding calendar year. To request this notice, please send your request to contact@braine4.com. Please allow 30 days for a response. For your protection and the protection of all our users, we may ask you to provide proof of identity before we can respond to such a request.
10. PROTECTION OF YOUR DATA
We work hard to protect you from unauthorised access, alteration, disclosure or destruction of your personal information. As with all technology companies, we take steps to protect your information, but we do not promise, and you should not expect, that your personal information will always remain secure.
We regularly monitor our systems for potential vulnerabilities and attacks and regularly review our data collection, storage and processing practices to update our physical, technical and organisational security measures.
We may suspend your use of all or part of the Services without notice if we suspect or detect a breach of security. If you believe that your account or information is no longer secure, please notify us immediately by emailing contact@braine4.com.
11. STORAGE DURATION OF YOUR DATA
We will only retain your personal data for as long as we need it for legitimate business purposes (as set out in section 5) and as permitted by applicable law. To ensure the protection and security of our users within and outside of our Services, we will retain your data for three months after the account is cancelled for security purposes. During this time, the account data will remain stored, although the account will of course no longer be visible to anyone.
In practice, this means that once your account has been deleted (and the security retention period has expired) or after two years of continuous inactivity, we will delete or anonymise all your data unless:
- we are obliged to retain data due to applicable laws (for example, some "traffic data" is stored for one year to fulfil legal retention requirements);
- we are required to retain evidence of our compliance with applicable laws (for example, evidence of consent to our Terms of Use and Privacy Policy and similar consents will be retained for five years);
- there is an outstanding issue, claim or dispute that requires us to retain material data until the issue is resolved; or
- the data must be retained for legitimate business interests such as fraud prevention and enhancing user security. For example, data is retained to prevent a user who has been blocked due to unsafe behaviour or security incidents from opening a new account. Please note that due to technical limitations, we cannot promise that all data will be deleted within a certain period of time, even if our systems are designed to perform data deletion procedures in accordance with the above guidelines.
12. THE PRIVACY OF CHILDREN
Our services are restricted to users who are at least 16 years old. We do not allow users under the age of 16 on our platform and we do not knowingly collect any data from anyone under the age of 16. If you suspect that a user is under the age of 16, please report this using the reporting mechanism available on our service.
13. ADJUSTMENTS TO THE DATA PROTECTION PROVISIONS
Because we are always looking for new and innovative ways to help you establish meaningful connections, there may be changes to this Privacy Policy over time. We will notify you before any material changes take effect so that you have time to review the changes.
14. HOW YOU CAN CONTACT US
If you have any questions about this privacy policy, please contact us by email at contact@braine4.com or by post:
Privacy Officer
BrainE4 International AG
Alte Steinhauserstrasse 1
6330 Cham
Switzerland