Data protection information on the use of the "PARTNER NET" partner portal

I. INFORMATION ON THE COLLECTION OF PERSONAL DATA THROUGH THE PARTNER PORTAL "PARTNER NET" WEBSITE

In the following we inform about the collection of personal data when using the website of the web-based partner portal Partner Net. Personal data are all data that are personally identifiable to you, e.g. name, address, e-mail addresses, user behavior.

Responsible for the website according to art. 4 para. 7 EU Data Protection Ordinance (DS-GVO) is Swyx Solutions GmbH, Emil-Figge-Str. 86, 44227 Dortmund, office@swyx.com (see also our imprint). You can reach our data protection officer at datenschutz@swyx.com or our postal address with the addition "the data protection officer".

When you contact us by e-mail or via a contact form or by logging in, the data you provide (your e-mail address, if applicable your name and your telephone number) will be stored by us in order to answer your questions. We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.

If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.

1. YOUR RIGHTS

You have the following rights towards us with regard to personal data concerning you:

• Right to information,
• Right to correction or deletion,
• Right to limitation of processing,
• Right of opposition to the processing,
• Right to data transferability.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

2. COLLECTION OF PERSONAL DATA WHEN VISITING THE PARTNER PORTAL "PARTNER NET" WEBSITE

If you use the partner portal website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f DS-GVO):

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access Status/HTTP Status Code
• the amount of data transferred in each case
• Web page from which the request comes
• browser
• Operating system and its interface
• Language and version of the browser software.

In addition to the aforementioned data, cookies are stored on your computer when you use our partner portal website. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to the place that sets the cookie (here by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

Use of cookies: This website uses the following types of cookies, the scope and functioning of which are explained below:

• Transient cookies
• Persistent Cookies

Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.

You can configure your browser settings according to your wishes and refuse the acceptance of third party cookies or all cookies, for example. Please note that you may not be able to use all functions of this website.

We use cookies to identify you for subsequent visits, for example if you have an account with us. Otherwise you will have to log in again for each visit.

The flash cookies used are not recorded by your browser, but by your Flash plug-in. Furthermore, we use HTML5 Storage Objects, which are stored on your end device. These objects store the required data independently of your browser and do not have an automatic expiry date. If you do not want the Flash cookies to be processed, you must install an appropriate add-on for your browser. You can prevent the use of HTML5 Storage Objects by using private mode in your browser. We also recommend that you regularly delete your cookies and your browser history manually.

3. OPPOSE OR REVOKE THE PROCESSING OF YOUR DATA

If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have given it to us.

If we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case if processing is not necessary to fulfil a contract with you. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.

4. NEWSLETTER

We will automatically send our newsletter to the company email address contained in your company login. In the newsletter you will receive information about important aspects of our partner program and other important information for contract implementation.
In addition, you or your company's employees can subscribe to our newsletter by entering your or your employee's business email address for sending to these individual business email addresses.
The only mandatory information for sending the newsletter is your business e-mail address. The indication of further, separately marked data is voluntary and is used to be able to address you personally. The newsletter is sent on the basis of Art. 6 para. 1 f) GDPR.
You can cancel your registration for the newsletter at any time and cancel the newsletter. You can declare the revocation via Partner Net.

5. USE OF LINKS TO SOCIAL MEDIA WEBSITES

The website of the partner portal currently contains links to the following social media websites: Facebook, Google+, Twitter, Xing, LinkedIn. When you visit the partner portal page, no personal data is passed on to the operators of the social media websites. You can recognize the link to the social media website by the mark on the box above its initial letter or the logo. We offer you the opportunity to go directly to the corresponding social media website via this link. We recommend that you log out regularly after using a social network, especially before activating the link, as this way you can avoid being assigned to your profile on the social media website.
Should you visit one of the linked social media websites, we have neither influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the social media provider.
Further information on the purpose and scope of data collection and its processing by the social media provider can be found in the following data protection declarations of these providers. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.
Addresses of the respective social media providers and URL with their data protection information:
a) Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other and www.facebook.com/about/privacy/your-info. Facebook has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
b) Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA; www.google.com/policies/privacy/partners/. Google has submitted to the EU-US Privacy Shield, ww.privacyshield.gov/EU-US-Framework.
c) Twitter, Inc, 1355 Market St, Suite 900, San Francisco, California 94103, USA; twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
d) Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; www.xing.com/privacy.
e) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

6. INTEGRATION OF YOUTUBE VIDEOS

We have integrated YouTube videos into our online offer, which are stored on www.YouTube.com and can be played directly from our partner portal website. These are all integrated in the "extended data protection mode", i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence on this data transmission.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our partner portal website. In addition, the data mentioned under item I. 2. of this declaration will be transmitted. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

7. USE OF GOOGLE WEB FONTS

We use external fonts, so-called Google Fonts, provided by Google on the website of the partner portal for the purpose of uniform representation of fonts on your device. Google Fonts is a service provided by Google Inc. "("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you call up a page, your browser loads the required Web fonts into your browser cache to display texts and fonts correctly. If your browser does not support web fonts, a default font is used by your computer.
The integration of the web fonts takes place via an interface ("API") to the Google services. Google may collect and process information (including personal data) in the United States by incorporating the web fonts. Google has submitted to the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework.
We do not collect any data ourselves as part of the provision of Google Fonts.
The legal basis for the processing of personal data described here is Art. 6 para. 1 lit. f) GDPR. Our justified interest in this lies in the great benefit that a uniform representation of the fonts offers. Through the possibility of a uniform display, we keep the design effort lower than if we had to react to font standards of different operating systems or browsers with our own graphically adapted websites. Google also has a legitimate interest in the (personal) data collected in order to improve its own services.
The provision of personal data is neither required by law nor by contract and is not required for the conclusion of a contract. You are also not obliged to provide personal data. However, failure to make this information available may mean that you may not be able to use the partner portal's website or not be able to use it in full and that the presentation of the website may change.
You can set your browser not to load fonts from Google servers. If your browser does not support Google Fonts or if you block access to the Google servers, the text will be displayed in the system's default font.
Find more information at:

• www.google.com/fonts
• developers.google.com/terms/
• policies.google.com/privacy

8. USE OF MATOMO

Data is collected and stored on this website using the web analysis service software Matomo (www.matomo.org), a service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, ("Mataomo") on the basis of our legitimate interest in statistical analysis of user behavior for optimization and marketing purposes pursuant to Art. 6 Para. 1 letter f GDPR. Pseudonymised user profiles can be created and evaluated from this data for the same purpose. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the visitor's Internet browser. The cookies enable, among other things, the recognition of the Internet browser. The data collected with Matomo technology (including your pseudonymised IP address) is processed on our servers.
The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not combined with personal data about the bearer of the pseudonym.
If you do not agree to the storage and evaluation of this data from your visit, then you can object to the subsequent storage and use at any time by mouse click. In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie will also be deleted and may have to be activated again by you. Opt-out iFrame:
Opt-Out Matomo

II. FURTHER FUNCTIONS OF THE PARTNER PORTAL "PARTNER NET"

Besides the purely informational use the website of the partner portal offers various services and information in connection with the Swyx Partner Program after a successful login. As a rule, you must provide further personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.

1. INFORMATION ABOUT THE COLLECTION AND PROCESSING OF PERSONAL DATA THROUGH THE USE OF THE PARTNER PORTAL "PARTNER NET"

a.) Users of the partner portal

The partner portal is available for Swyx partners.
Swyx Partners are qualified Swyx Distributors who have signed a partnership agreement with Swyx and thus participate in the Swyx Partner Programme.

b.) Use of the partner portal

(1) If you wish to use our partner portal, you must log in with the log-in data (user name and password) transmitted to you. Initially you will receive a one-time password, which you must change the first time you log in. You will receive the data as a partner after signing a partner contract.
(2) If you use our partner portal, we store your necessary data until the final deletion. Furthermore, we store the voluntary data provided by you for the duration of your use of the partner portal, unless you delete it beforehand. You can manage and change all information in the protected area of the partner portal. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
(3) If you use the Partner Portal, your data may become accessible to other participants of the Partner Portal in accordance with the contractual performance, if you authorize this release in the Partner Portal.
(4) To prevent unauthorized access to your personal data by third parties, the connection is encrypted using TLS technology.

c.) Collection and storage of personal data as well as type and purpose of use

(1) When you use the Partner Portal as a Swyx Partner, we collect the following personal data:

• contact details
• Transaction data, if applicable
• If necessary, further information necessary for the customer or partner relationship
• Traffic data of end customers
• If applicable, further personal data entered or transmitted by the end customer or personal data of the end customer transmitted by the responsible person to the processor.

(2) We process this personal data in particular on the basis of:
1. art. 6 par. 1 lit. a) on the basis of your consent, whereby in principle no consent is required for the conclusion of a contract or the continuation of an existing contract
2. art. 6 par. 1 lit. b) for the establishment, execution and termination of a contractual relationship,
3. art. 6 par. 1 lit. c) for the fulfilment of a legal obligation,
4. art. 6 par. 1 lit. f) for the protection of a legitimate interest.

(3) This data is collected for the following purposes:

• For the execution of the contract
• To correspondence
• To customer service
• To quality management

(4) The legitimate interest of Swyx also lies in:

• the perception of our business interest
• Ensure compliance with security regulations, requirements, industry standards and contractual obligations,
• the assertion, exercise or defence of legal claims,
• the avoidance of damage and/or liability of the company through appropriate measures.

d.) Deletion of data

The personal data collected for the aforementioned purposes will be deleted from the partner portal after storage is no longer required, unless Swyx is obliged by law to store them for a longer period or you have consented to further storage in accordance with Art. 6 Para. 1 S. 1 a GDPR.

e.) Disclosure of data to third parties

For the aforementioned purposes, we transfer personal data to third parties with whom we cooperate, on the basis of processing contracts. The data passed on may be used by the third party exclusively for the purposes mentioned. If the registered office of a third party is outside the European Union or the European Economic Area, transfer to a third country takes place. A transfer to a third country only takes place if an adequate level of data protection is guaranteed or if one of the exceptions of Art. 49 GDPR exists. An appropriate level of data protection can be ensured by contractually agreeing with the third parties on a data protection agreement that meets the legal requirements to establish an appropriate level of data protection and by agreeing appropriate guarantees.