PRIVACY POLICY & DISCLAIMER

Privacy Policy of OKIDOOKI AG

General Information
We are committed to ensuring that you are fully informed about the collection and processing of your personal data. We treat your personal data confidentially and in accordance with legal data protection regulations. With the entry into force of the revised Data Protection Act on September 1, 2023, we are publishing our privacy policy for visitors and users of our website/application/services and for our customers, business partners, and suppliers. This privacy policy is designed to meet the requirements and provisions of the EU General Data Protection Regulation (GDPR) and the revised Swiss Data Protection Act (revDSG). Whether and to what extent these laws apply depends on the specific case. This is not an exhaustive description. Further provisions and specific circumstances are supplemented by our General Terms and Conditions. If you provide us with personal data of other or external persons, please ensure that these persons have read and understood this privacy policy, and only share their personal data with us if you are authorized to do so and if such data is accurate. This privacy policy applies to all our services as well as internal processes and policies of OKIDOOKI AG.

If you have any data protection concerns, please contact us at the following address: OKIDOOKI AG,
Wartenbergstrasse 41,
CH-4052 Basel
hello@diogenesai.com

Basis for Processing Personal Data "Personal data" refers to any information relating to an identified or identifiable individual (Art. 5 lit. a DSG), i.e., data that allows conclusions to be drawn about their identity. An "affected person" is a person whose personal data is processed (Art. 5 lit. b DSG). "Processing" includes any handling of personal data, regardless of the methods and procedures used, including the collection, storage, use, alteration, disclosure, archiving, or destruction of data (Art. 5 lit. d DSG). "Particularly sensitive personal data" are categories of data that are particularly sensitive and require particularly high security requirements during processing. Such data includes information about religion, political views, health, criminal and administrative sanctions, and social assistance (Art. 5 lit. c DSG). The processing of particularly sensitive personal data always requires explicit prior consent (Art. 6 para. 7 lit. a DSG). We collect personal data exclusively in a transparent manner and in consideration of the principles of proportionality and purpose limitation (Art. 6 para. 1-3 DSG). Data is processed only to the extent necessary and only for as long as required for our tasks and obligations (Art. 6 para. 3 and 4 DSG).

Collection and Processing of Personal Data We primarily process the personal data we receive in connection with our website on Framer and application on the App Store from customers and other business partners, as well as data we collect from users when operating our websites/application and other applications. Where permitted, we also obtain certain data from publicly accessible sources (e.g., press or the Internet) or receive such data from authorities and other third parties. In rare cases, this information may also include particularly sensitive personal data as per Art. 5 lit. c DSG.

Additionally, the categories of personal data we receive from third parties about you or request from you include information from distribution partners regarding your use of open services (e.g., payments made or purchases completed), information from media about you (where appropriate, such as in press reviews or applications), your addresses and interests, as well as sociodemographic data and data related to website usage (IP address, MAC address of smartphones and computers, device information, cookies, date and time of visit, accessed pages, used features, referring websites, and location information).

Purpose of Data Processing and Legal Basis We collect and process personal data to enter into and fulfill subscriptions with customers, business partners, and employees (including contract initiation and enforcement if necessary). This is particularly relevant in connection with assignments in the fields of marketing, advertising, and generative AI, as well as general consulting activities. When processing data entrusted to us in the context of an assignment, we act in accordance with the instructions of the principals and legal requirements. We process your data only for specific purposes that arise from contractual agreements with or in favor of an affected person, legal provisions, overriding interests, i.e., for legitimate reasons, or your explicit consent. We process personal data from you and other persons, where permitted and appropriate, for the further development of our offers and services. In addition, we process personal data from you and other persons, where permitted and deemed appropriate, for the further development of our offers, services, websites, and apps, for reviewing and optimizing procedures for needs analysis for direct customer contact, as well as collecting personal data from publicly accessible sources for customer acquisition, for advertising and marketing (unless you have objected to the use of your data), for asserting legal claims and defending against legal disputes and administrative procedures, for preventing and investigating criminal acts and other misconduct, for ensuring our operations, particularly IT, our websites, apps, and other platforms, for video surveillance to maintain house rules, for IT, building, and facility security measures to protect our employees and other persons, as well as assets belonging to or entrusted to us (e.g., access controls, visitor lists, network scanners, and email scanners, telephone recordings), for the purchase and sale of business units, entire companies, or parts of companies, and other corporate transactions involving the transfer of personal data, as well as for complying with legal and regulatory obligations.

Cookies, Tracking, and Other Technologies Related to Website Use Our websites typically use "cookies" and similar technologies to identify your browser or device. A cookie is a file that is sent to your computer or automatically stored by your web browser on your computer or mobile device when you visit our website. If you revisit our website, we can recognize you this way. In addition to session cookies, which are only used during a session and deleted after your visit, cookies can also be used to store user settings and other information for a certain period ("permanent cookies"). However, you can set your browser to reject cookies, store them only for one session, or delete them prematurely. Most browsers are preset to accept cookies. We use permanent cookies to store user settings (e.g., auto-login), to better understand how you consume our offerings and content, and to show you tailored offers and advertisements, which may also be published on external websites. Some cookies are set by us, and some by contracting partners with whom we work. If you block cookies, some functionalities (including language selection) may no longer work. We sometimes include both visible and invisible image elements in our newsletters and other marketing emails, which, when retrieved from our servers, allow us to determine if and when you opened the email. This helps us measure and better understand how you use our offerings and tailor them to you. You can block this in your email program, which is usually preset to do so. By using our websites and consenting to receive newsletters and other marketing emails, you agree to the use of these techniques.

We also sometimes use Google Analytics or similar services on our websites. This is a service provided by third parties located in any country in the world. In the case of Google Analytics, it is Google Ireland (based in Ireland). Google Ireland relies on Google LLC (based in the USA) as a processor (both "Google," www.google.com), with which we can measure and evaluate website usage (not personal data). Permanent cookies set by the service provider are also used for this purpose. We have configured the service so that visitors' IP addresses are shortened by Google in Europe before being forwarded to the USA, so they cannot be traced. The "Data Sharing" and "Signals" settings are disabled. On our website, we use Google Maps (API) from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Google Maps is a web service for displaying interactive maps to visually present geographic information. Using this service shows you our location and facilitates any travel arrangements. When you access pages with the embedded Google Maps map, information about your use of our website (such as your IP address) is transmitted to and stored on servers in the USA. We also use social network plugins on our websites, such as Facebook, Twitter, YouTube, or Instagram. This is typically recognizable as a symbol. We have configured these elements to be disabled. If you activate them (by clicking), the operators of the respective social networks can register that you are on our website and use this information for their purposes. Your data is then processed under the operator's responsibility and according to their privacy policies. We do not receive any information about you from them.

Our website uses TLS encryption with Let's Encrypt certificates for security reasons and to protect the transmission of confidential content ("Privacy by Design": Art. 7 para. 1 and 2 DSG). You can recognize an encrypted connection by the browser's address line changing from "http://" to "https://" and the lock icon appearing in your browser's address bar. By activating TLS encryption, data exchanged with our website cannot be intercepted or manipulated by third parties. The renewal of TLS certificates for encryption and hosting of our website is provided by an external service provider. Engaging an external host is done to fulfill contractual obligations to our existing and potential customers (cf. Art. 9 para. 1 DSG) and in the interest of secure, efficient, and professional provision of our website. Our host processes the data only to the extent necessary to fulfill its performance obligations and serves the processing purpose. It must comply with our guidelines and instructions regarding data processing. To use our website, no personal data needs to be disclosed. However, the server automatically collects several user information with each access, temporarily logs, and stores it in the server log files. When using this general information, there is no assignment to a specific person (anonymous data collection). This data will not be combined with other data sources.

Data Sharing and Transmission Abroad Your data is generally not shared with third parties. Therefore, we only share data with third parties if it is necessary to provide our service, if such third parties provide a service for us, if we are legally or administratively obliged to do so, or if we have an overriding interest in sharing the personal data. Furthermore, we will share personal data with third parties if you have given your consent or requested us to do so. If personal data is transferred to third parties (processors) for processing on our behalf, we conclude contracts (so-called ADVs) obliging them to ensure data protection (Art. 9 para. 1 and 2 DSG). The processors process this personal data under the condition that they only process it for the purpose specified by us and only in the way we could process it ourselves (Art. 9 para. 1 lit. a DSG). Your personal data is generally not transferred abroad. If your data is transferred abroad, and the recipient country does not meet the Swiss data protection regulations (DSV), we take contractual measures to compensate for the weaker legal protection and ensure an adequate level of protection at the recipient (Art. 16 para. 2 lit. d DSG). For this purpose, we use the standard contractual clauses (SCC) compiled by the European Commission and recognized by the Swiss Data Protection and Information Commissioner (EDÖB).

Profiling We process your personal data partly automatically to evaluate certain personal characteristics (profiling). We use profiling to inform you about products in a targeted manner. We use evaluation tools that enable us to provide tailored advertising and communication, including market and opinion research. We do not use fully automated decision-making to establish and conduct business relationships (as regulated in Art. 22 GDPR). If we use such procedures in individual cases, we will inform you as required by law and explain your associated rights.

Duration of Personal Data Storage We process and store your personal data as long as it is necessary to fulfill our contractual and legal obligations or the purposes pursued with the processing (principle of proportionality: Art. 6 para. 2 DSG), i.e., for example, for the duration of the entire business relationship (from initiation and execution to termination of a contract) and beyond according to legal retention and documentation obligations. Personal data may be stored for the period during which claims can be asserted against our company (i.e., particularly during the statutory limitation period) and where we are otherwise legally obliged or have legitimate business interests (e.g., for documentation purposes). Once your personal data is no longer required for the above purposes, it is generally deleted or anonymized as far as possible (cf. Art. 6 para. 4 DSG). Deleting electronic data is just as important as destroying physical files and confidential paper-based data that we no longer need for processing. Such data is treated securely and confidentially by us. Files containing personal data are disposed of in locked collection containers, which are exchanged and emptied by our service provider on-site. Transport is carried out using special vehicles, and document destruction is performed with high-performance shredders in a specially designed and strictly monitored security room. The path of your documents is fully documented from handover to destruction.

Data Security We take appropriate technical and organizational security measures (according to Art. 7 para. 1-3 DSG) to protect your personal data from unauthorized access or misuse. This includes instructions, internal policies, and staff training, access restrictions to our office premises, constant communication with our IT service provider, two-factor authentication, email encryption, regular checks of compliance with data protection law principles, data carrier encryption, and pseudonymization of data sets.

Children's Privacy Our service does not address anyone under the age of 17. We do not knowingly collect personally identifiable information from anyone under 17. If you are a parent or guardian and know your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under 13 without parental consent verification, we take steps to remove that information from our servers.

Rights of Affected Persons In connection with the processing of personal data, you have the right to access (Art. 25 para. 1 and 2 DSG) the personal data we process (lit. b), the purpose of processing (lit. c), the retention period (lit. d), the source (lit. e), as well as the recipients or categories of recipients (lit. g) to whom the personal data is disclosed. You also have the right to correct any inaccurate or incomplete data, the right to restrict processing, deletion, and data release (portability under Art. 28 DSG) of your personal data, the right to object to data processing or withdraw consent to data processing at any time without reason, the right to complain to the relevant data protection authority, and the right to restrict data processing and object to our data processing, particularly for direct marketing, profiling for direct marketing, and other legitimate interests in processing. To exercise these rights, please contact the specified address. We reserve the right to assert the legal restrictions (so-called justification reasons), such as when we are legally obliged to retain or process certain data, have an overriding interest, or need it to assert claims. If costs are incurred for you, we will inform you. Note that exercising these rights may conflict with contractual agreements, which could result in consequences such as early contract termination or costs. In such cases, we would inform you beforehand if not already contractually regulated. Exercising such rights usually requires clear proof of identity (e.g., a copy of an ID).

Changes We may update this privacy policy without notice. The current version applies. If the privacy policy is part of an agreement with you, we will inform you of any changes by email or other appropriate means.

Last Update: August 2024

Questions to the Internal Data Protection Officer If you have any questions about data protection, please email us or contact the responsible person for data protection in our company.