Privacy Policy for naoo AG

(August 2019)

naoo AG, Rigistrasse 3, 6300 Zug ("naoo" or "we") operates the naoo App ("App") and is responsible for collecting, processing and using your personal data through the App in compliance with the applicable data protection laws. In this Privacy Policy we inform you about possible rights you are entitled to. Such rights depend on the data protection laws applicable to us. Therefore, you may have more rights than set forth in this Privacy Policy or certain rights may not be accessible to you.

Please also read our General Terms and Conditions, which describes the terms under which you use the naoo App and the naoo platform.

When you use the App we may process personal data about you. If you decide to share your data with us, we can identify you and so will be processing personal data about you. Personal data in this sense refers to all information relating to an identified or identifiable person.

The App is currently in a testnet phase and not all features are enabled. Due to the nature of testing, personal data may be collected, processed or disclosed in unintended ways during this testnet phase.

We always take the protection of data seriously and use our best endeavours to ensure appropriate security. We observe the statutory provisions of the applicable data protection laws.

You can check our Privacy Policy on our App at any time by accessing [Profile->Settings->Privacy].

If you have any questions regarding data protection, please reach out to our person responsible for handling your personal data on legal@naoo.com.

Data processing in connection with our App

What data do we collect when you download and access our App?

When you download our App the following technical data is collected without your intervention and stored by us until automated deletion, as in principle with every download and access of an app:

The collection and processing of these data are carried out for the purpose of enabling the use of our App (establishing a connection), ensuring system security and stability over the long term, testing and reporting bugs and optimising our services as well as for internal statistical purposes. It is within our legitimate interest to process such data.

Is personal data automatically collected through the App?

When using our App, we automatically collect certain data required to ensure the usability of the App. In particular:

The collection and processing of this data is carried out for the purpose of enabling the use of the App (establishing a connection), ensuring system security and stability over the long term and ensuring a customer friendly use of our App as well as internal statistical purposes. The processing of this personal data is within our legitimate interest.

The internal ID of your device may also be evaluated together with other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of our website for the purpose of clarification and defence and, if necessary, used within the framework of criminal proceedings for identification and for civil and criminal action against the users concerned. The processing of this information is in our legitimate interest.

What data do we collect when you create an account with us?

In order to use the App in the testnet phase, you will be asked to provide the following data:

Additional or other information may be requested or required for use of the full-scope release of the App.

If a field is mandatory, it is marked with an asterisk when you register. If you do not enter this information, you will not be able to use the App. If you are not providing us with the non-mandatory information, you may not be able to benefit from the full functionality of the App.

If you register your business on the platform, we ask for further information such as a copy of your trade license or an excerpt from the commercial register to identify your business.

We use the mandatory information to authenticate you when you log in. The processing of this data is necessary for us to fulfil our pre-contractual and contractual obligations towards you and is also in our legitimate interest.

What personal data is collected when you are using the App?

You will have the opportunity to enter, manage and edit various data in the App, where it will be stored in secure form.

We use voluntary information in order to display it in the App offers from participating businesses. The processing of this personal data is therefore necessary for us to fulfil our pre-contractual and contractual obligations and is also in our legitimate interest.

What personal data do we collect when you allow us to send you push notifications?

You may be given the possibility to allow push notifications by us to be informed about news and current rewards and offers available via the App. For this we may need the following information:

We use this information to deliver our communications only if you have consented to receive them. You can unsubscribe from our news services at any time.

Do we use tracking tools and plugins?

We may use tracking tools for the purpose of designing and continuously optimising our App to meet your needs. In this context, pseudonymised user profiles are created and small text files stored on your device are used. The information thereby generated about your use of our App is transferred to the servers of the provider of these services, stored there and processed for us. In addition to the data listed in section 1, we may receive the following information:

The information is used to evaluate the use of the App, to compile reports on App activity and to provide other services related to the use of the App and the internet for purposes of market research and need-based design of this App. In addition, this information may be transferred to third parties if this is required by law or if third parties process this data on our behalf.

The processing of this data is in our legitimate interest to be able to offer the App in a customer-friendly and personalized manner and to develop further services according to the needs of the user.

Is this data stored or linked?

We store the data collected set out in this privacy policy with our server host. We link such data to provide you with an optimal App experience. The processing of this data is based on our legitimate interest in offering our App in a user friendly way.

How long will my data be kept?

We only store personal data for as long as you choose to keep installed and use the App and for further processing in the context of our legitimate interest. Contract data, including your contact details and the scan of the photograph page of your passport or your ID card, is stored by us for a longer period of time, as this is prescribed by statutory obligations. Obligations to store data arise out of accounting law, civil law and tax law. According to these laws, business communications, concluded contracts and accounting vouchers must be stored for up to 10 years. If we no longer need this data to carry out the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

Will my data be disclosed to other third parties?

We only disclose your personal data to other third parties if you have expressly consented, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we may disclose your data to third parties such as our affiliates, advisors, collaborators or partners insofar as this is necessary to fulfil our contractual obligations or for the development or the use of the App.

Do we transfer personal data outside the EU and Switzerland?

Your personal information will be processed outside of the EEA. For example, we are a data controller based in Switzerland (which has been granted an adequacy decision by the European Com-mission as ensuring an adequate level of protection of personal data) and we store data on our servers in the United States (and also access it from around the world), and in certain circumstances our third party service providers may store certain personal data in a country outside the EEA.

If we (or our service providers) process personal information outside of the EEA, we will take appropriate measures to ensure that your personal data is adequately protected in a manner which is consistent with this Privacy Policy, and in accordance with applicable laws. Those measures include:

Further details on the steps we take to protect your personal data in these cases are available from us on request by contacting us purposes via the e-mail address legal@naoo.com.

Is the same protection provided when data is transferred to the USA?

For the sake of completeness, for users residing or domiciled in Switzerland, the EU or the EEA, we would like to point out that in the USA there are surveillance measures by US authorities which generally allow them to get access to all personal data that has been transferred from Switzerland to the USA. This is done without differentiation, limitation or exception based on the objective pursued and without any objective criterion that would allow limiting the access to the data and subsequent use thereof by US authorities to very specific, strictly limited purposes that could justify the interference associated both with access to and use of such data. In addition, we would like to point out that in the USA there are no legal remedies available for the persons concerned from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities.

We would like to point out to users residing in Switzerland or an EU or EEA member state that the USA does not have an adequate level of data protection, partly due to the issues mentioned in this section. Insofar as we have explained in this Privacy Policy that recipients of data are based in the USA, we will ensure that your data is protected at an appropriate level by our service providers, either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield.

Anything else you need to know?

You have a right of access, rectification, deletion and limitation of the processing as well as of data transferability

You have a right to request information about the personal data that we store about you. In addition, you have a right to correct incorrect data and a right to request deletion of your personal data, insofar as there is no legal obligation to retain such data and no legal basis for further processing the data.

You also have a right to request the data that you have provided to us. Upon request, we will transfer your data to a third party of your choice (right to data portability). You have a right to receive the data in a common file format.

You can contact us for the above-mentioned purposes via legal@naoo.com. In order to process your requests, we may request proof of your identity.

In many countries, you also have the right to file a complaint with the relevant data protection authority if you have concerns about how we process your data.

These rights depend on the applicable data protection legislation and may be either more limited or more comprehensive.

Is your data safe with us?

We use suitable technical and organisational security measures such as e.g. https encryption to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

You must always treat your access data confidentially, especially if you share your device, tablet or smartphone with others. If you do not do so, we may have claims against you for damages caused by breach of your confidentiality obligations to us.

We also care about data protection internally. Our employees and service providers are contractually obliged to ensure confidentiality of personal data and compliance with applicable data protection laws. Only qualified and a limited number of personnel will be able to access your personal data.

Assignment, Change of Control, And Transfer

All of our rights and obligations under our Privacy Policy are freely assignable by us to any of our affiliates, in connection with a merger, acquisition, restructuring, or sale of assets, or by operation of law or otherwise, and we may transfer your information to any of our affiliates, successor entities, or new owner.

Which law do we apply? And where does the law apply?

This privacy policy and the contracts concluded based on or in connection with this policy are subject to Swiss law, unless the law of another country is mandatory. The place of jurisdiction shall be the city of Zurich, Switzerland, unless another place of jurisdiction is mandatory.

Can this policy be amended?

Due to the ongoing development of our App and possible future changes to the statutory requirements, it may become necessary to amend this privacy policy. The most current privacy policy is published on our App via the URL https://naoo.io/legal/en/privacy.html.

Should individual parts of this privacy policy be invalid, this shall not affect the validity of the rest of the privacy policy. The invalid part of this privacy policy shall be replaced in such a way that it comes as close as possible to the economically intended purpose of the invalid part.

Questions about data protection? Please, contact us!

This page was last modified on October 3. 2019. If you have any questions or comments about our legal notices or data protection, please contact us at legal@naoo.com.