Contact address

BI Netzwerk GmbH
oberer Giebel 8
3323 Bäriswil
Switzerland

Authorized representatives

Robert Schlaefli
Owner
robert@baubob.com

Commercial register entry

Registered company name: BI Netzwerk GmbH
Number: CHE-400.702.067
Commercial register office: Berne

VAT number

CHE-400.702.067MWST

Privacy policy

We respect your privacy and are committed to protecting it through our compliance with this Privacy Policy ("Policy"). This Policy describes the types of information we collect from you or that you provide on the baubob.com website ("Website"), the "bauBob" mobile application ("Mobile Application") and any related products and services (collectively, "Services") ("Personal Information"), and our practices for collecting, using, maintaining, protecting and disclosing that Personal Information. It also describes the choices you have regarding the use of your Personal Information and how you can access and update it.

This Policy is a legally binding agreement between you ("User", "you" or "your") and BI Netzwerk GmbH ("BI Netzwerk GmbH", "we", "us" or "our"). If you are entering into this Policy on behalf of a company or other legal entity, you represent that you have the authority to bind that entity to this Policy, in which case the terms "User", "you" or "your" will refer to that entity. If you do not have such authority or do not agree to the terms of this Policy, you do not have to accept this Policy and may not access and use the Services. By accessing and using the Services, you acknowledge that you have read, understood and agree to be bound by the terms of this Policy. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

Table of contents

1. Automatic collection of information
2. Collection of personal data
3. Use and processing of the information collected
4. Payment processing
5. Manage information
6. Disclosure of information
7. Storage of information
8. Transmission of information
9. Regional announcements
10. How you can exercise your rights
11. Cookies
12. Data analytics
13. Children's privacy
14. Do Not Track signals
15. Advertisements
16. E-mail marketing
17. Push notifications
18. Links to other resources
19. Information security
20. Data protection breach
21. Changes and additions
22. Acceptance of this policy
23. Contact us

Automatic collection of information

When you open the website or use the mobile application, our servers automatically record information that your browser or device sends. This data may include information such as your device's IP address and location, browser and device name and version, operating system type and version, language settings, the web page you visited before coming to the Services, the pages of the Services you visited, the time spent on those pages, the information you searched for on the Services, access times and dates, and other statistics.

Automatically collected information is only used to identify potential cases of abuse and to compile statistical information on the use and traffic of the services. This statistical information is not aggregated in a way that would allow the identification of a specific user of the system.

Collection of personal data

You can access and use the Services without telling us who you are or revealing any information that could identify you as a specific, identifiable individual. However, if you wish to use some of the features offered on the Services, you may be asked to provide certain personally identifiable information (e.g., your name and e-mail address).

We receive and store any information you knowingly provide to us when you create an account, post content, make a purchase or fill out forms on the Services. If necessary, this information may include the following:

• Account data (such as user name, unique user ID, password, etc.)
• Contact information (such as e-mail address, telephone number, etc.)
• Basic personal information (such as name, country of residence, etc.)
• Payment information (e.g. credit card details, bank details, etc.)
• Geolocation data of your device (e.g. latitude and longitude)
• Certain functions on the mobile device (e.g. contacts, calendar, gallery, etc.)
• Any other materials that you willingly provide to us (such as articles, images, feedback, etc.)

Some of the information we collect comes directly from you through the Services. However, we may also collect personal information about you from other sources such as social media platforms and our joint partners. The personal data we collect from other sources may include demographic data such as age and gender, device information such as IP addresses, location data such as city and state, and online behavioral data such as information about your use of social media sites, page view information, search results and links.

You can choose not to provide us with your personal information, but then you may not be able to use some of the features of the Services. Users who are unsure about what information is mandatory are welcome to contact us.

Use and processing of the information collected

We act as a data controller and a data processor when processing personal data, unless we have entered into a data processing agreement with you, in which case you would be the data controller and we would be the data processor.

Our role may also vary depending on the specific situation in which personal data is involved. We act as a data controller when we ask you to provide your personal data necessary to ensure your access to and use of the Services. In such cases, we are the data controller as we determine the purposes and means of the processing of the personal data.

We act in the capacity of a data processor in situations where you submit personal data through the Services. We do not own, control or make decisions about the personal information submitted, and such personal information will only be processed in accordance with your instructions. In such cases, the user providing personal information acts as a data controller.

In order to provide you with the Services or to comply with a legal obligation, we may need to collect and use certain personal information. If you do not provide the information we request, we may not be able to provide you with the products or services you have requested. Any information we collect from you may be used for the following purposes:

• Create and manage user accounts
• Completion and management of orders
• Deliver products or services
• Improvement of products and services
• Sending management information
• Sending marketing and advertising messages
• Send product and service updates
• Answering queries and providing support
• Request user feedback
• Improving user-friendliness
• Protection against misuse and malicious users
• Responding to legal requests and averting damage
• operate and use the services

The processing of your personal data will depend on how you interact with the Services, where you are in the world and whether any of the following apply: (a) you have given your consent for one or more specific purposes; (b) the provision of information is necessary for the performance of this Policy with you and/or for pre-contractual obligations; (c) the processing is necessary for compliance with a legal obligation to which you are subject; (d) the processing is related to a task carried out in the public interest or in the exercise of official authority vested in us; (e) the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. We may also combine or aggregate some of your personal data in order to provide you with a better service and to improve and update our services.

We rely on the user's consent as the legal basis on which we collect and process your personal data.

Please note that under some legislation we may be entitled to process data until you object to such processing without having to rely on consent or any other of the above legal bases. In any case, we will be happy to clarify the specific legal basis that applies to the processing and, in particular, whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract.

Payment processing

In the case of Services that require payment, you may be required to provide your credit card or other payment account information, which will be used solely for payment processing. We use third party payment processors ("Payment Processors") to assist us in the secure processing of your payment information.

The payment processors adhere to the latest security standards managed by the PCI Security Standards Council, a joint initiative of brands such as Visa, MasterCard, American Express and Discover. Sensitive and private data is exchanged via an SSL-secured communication channel that is encrypted and protected with digital signatures, and the services also adhere to strict security standards to create the safest possible environment for users. We only share payment data with payment processors to the extent necessary to process your payments, refund such payments and deal with complaints and queries relating to such payments and refunds.

Please note that the payment processors may collect some personal data from you that will enable them to process your payments (e.g. your email address, address, credit card details and bank account number) and handle all steps of the payment process through their systems, including data collection and data processing. If required for the processing of future or recurring payments and if you have given your prior consent, your financial information will be stored in encrypted form on secure servers of our payment processors. The payment processors' use of your personal information is governed by their respective privacy policies, which may not provide the same level of protection as this Policy. We recommend that you read their respective privacy policies.

Manage information

You have the option to delete certain personal data that we have about you. The Personal Data that you can delete may change as the Services change. However, if you delete Personal Data, we may retain a copy of the unrevised Personal Data in our records for as long as necessary to fulfill our obligations to our affiliates and partners and for the purposes described below. If you wish to delete your personal data or permanently delete your account, you can do so on the settings page of your account on the Services or simply contact us.

Disclosure of information

Depending on the services requested or as necessary to complete a transaction or provide a service you have requested, we may share your information with our trusted affiliates and joint venture partners, contractors and service providers (collectively, "Service Providers") that we rely on to support the operation of the services available to you and whose privacy policies are consistent with ours or who agree to comply with our policies with respect to personal information. We do not share information with unaffiliated third parties.

Service providers are not authorized to use or disclose your information except as necessary to perform services on our behalf or to comply with legal requirements. The service providers receive the information they need only to perform the tasks assigned to them, and we do not authorize them to use or disclose the information provided for their own marketing or other purposes. We will only share and disclose your information to the following categories of service providers:

• Advertising networks
• Cloud computing services
• Communication and collaboration services
• Data analysis services
• Financial services
• Payment processor
• Sales and marketing services
• Social networks

We may also disclose personal information we collect, use or receive when required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a governmental request.

In the event of a business transfer, such as a merger or acquisition by another company, or the sale of all or a portion of its assets, your user account and personal information will likely be among the assets transferred.

Storage of information

We will retain and use your personal information for as long as necessary to comply with our legal obligations, as long as your account is active, to enforce our policy, to resolve disputes and, unless a longer retention period is required or permitted by law, up to a maximum of 36 months.

We may use aggregated data derived from or containing your personal data after you have updated or deleted it, but not in a way that would identify you personally. Once the retention period has expired, the personal data will be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability can no longer be enforced after the retention period has expired.

Transmission of information

Depending on your location, data transfers may involve the transfer and storage of your information in a country other than your home country. However, this does not apply to countries outside the European Union and the European Economic Area. If such a transfer takes place, you can find out more by reading the relevant sections of this Policy or by contacting us using the information provided in the "Contact Us" section. Please note that we are committed to ensuring the security of your personal data by strictly adhering to the policies set out in our Privacy Notice and complying with applicable legal requirements.

Regional announcements

Out of respect for your privacy, we have taken additional measures to comply with the obligations and rights associated with the collection of personal data as required by the laws applicable to our users' regions.

Disclosures for residents of the EU/EEA

If you are a resident of the European Union ("EU") or the European Economic Area ("EEA"), you have certain rights in relation to your personal data which are based on the GDPR and which we comply with as part of our commitment to protect your privacy. Unless expressly stated otherwise, all terms in this section have the same meaning as defined in the GDPR.

(a) Right to withdraw consent: You have the right to withdraw your consent if you have previously given your consent to the processing of your personal data. If the legal basis for the processing of your personal data by us is consent, you have the right to withdraw this consent at any time. The revocation has no influence on the legality of the processing prior to the revocation.

(b) Right of access: You have the right to know whether your personal data is being processed by us, to receive information about certain aspects of the processing and to receive a copy of your personal data that is being processed.

(c) Right to rectification: You have the right to verify the accuracy of your data and to request that it be updated or corrected. You also have the right to ask us to complete the personal data that you consider incomplete.

(d) Right to object to processing: You have the right to object to the processing of your data if the processing is carried out on a legal basis other than consent. Where personal data are processed in the public interest, in the exercise of official authority vested in us or for the purposes of our legitimate interests, you may object to such processing by providing a ground relating to your particular situation to justify the objection. However, if your personal data is processed for direct marketing purposes, you can object to this processing at any time without giving reasons. To find out whether we process personal data for direct marketing purposes, you can refer to the relevant sections of this policy.

(e) Right to restriction of processing: You have the right to restrict the processing of your personal data in certain circumstances. These circumstances include: the accuracy of your personal data is contested by you and we need to verify its accuracy; the processing is unlawful but you oppose the erasure of your personal data and request the restriction of its use instead; we no longer need your personal data for the purposes of the processing, but you require it for the establishment, exercise or defense of legal claims; you have objected to processing pending the verification whether our legitimate grounds override your legitimate grounds. Where processing has been restricted, such personal data shall be marked accordingly and, with the exception of storage, shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

(f) Right to erasure: You have the right to request that we erase your personal data in certain circumstances. These circumstances include: The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you withdraw your consent to consent-based processing; you object to processing under certain provisions of applicable data protection law; the processing is for direct marketing purposes; and the personal data has been unlawfully processed. However, there are exceptions to the right to erasure, e.g. if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, or for the establishment, exercise or defense of legal claims.

(g) Right to data portability: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and, where technically feasible, to transmit those data to another controller without hindrance from us, provided that such transmission does not adversely affect the rights and freedoms of others.

(h) Right to complain: You have the right to complain to a data protection authority about our collection and use of your personal data. If you are not satisfied with the outcome of your complaint directly to us, you have the right to lodge a complaint with your local data protection authority. For more information, please contact your local data protection authority in the EU or EEA. This provision applies provided that your personal data is processed by automated means and that the processing is based on your consent, on a contract to which you are a party or on pre-contractual obligations.

How you can exercise your rights

Any requests to exercise your rights can be directed to us using the contact details provided in this document. Please note that we may ask you to verify your identity before responding to such requests. Your request must contain sufficient information to allow us to verify that you are the person you claim to be or that you are the authorized representative of such person. If we receive your request from an authorized representative, we may require proof that you have given the authorized representative a power of attorney or that the authorized representative otherwise has valid written authority to make requests on your behalf.

You must provide sufficient information for us to properly understand and respond to the request. We will not be able to respond to your request or provide you with personal data unless we first verify your identity or your authority to make such a request and confirm that the personal data relates to you.

Cookies

Our services use "cookies" to personalize your online experience. A cookie is a text file that is stored on your hard disk by a web server. Cookies cannot be used to run programs or transfer viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. If you decide to refuse cookies, you may not be able to use the full functionality of the services.

We may use cookies to collect, store and track information for security and personalization, to operate the Services and for statistical purposes. For more information about the cookies we collect and their purpose, please see our Cookie Policy. Please note that you have the option to accept or decline cookies. Most web browsers accept cookies by default, but you can modify your browser setting to decline cookies if you prefer.

Data analytics

Our Services may use third-party analytics tools that utilize cookies, web beacons or other similar technologies to collect standard Internet activity and usage data. The information collected is used to compile statistical reports on user activity, such as how often users visit our Services, which pages they visit and for how long, etc. We use the information obtained from these analytics tools to monitor performance and improve our services. We do not use third-party analytics tools to track or collect personally identifiable information from our users, and we will not associate any information obtained from the statistical reports with individual users.

Children's privacy

We do not knowingly collect personal information from children under the age of 18. If you are under the age of 18, please do not submit any Personal Data through the Services. If you have reason to believe that a child under the age of 18 has provided us with Personal Data through the Services, please contact us and request that we delete that child's Personal Data from our Services.

We encourage parents and guardians to monitor their children's use of the Internet and to help enforce this Policy by instructing their children never to submit personal information through the Services without their permission. We also ask all parents and guardians who have custody of their children to take the necessary precautions to ensure that their children are instructed never to disclose personal information on the Internet without their permission.

Do Not Track signals

Some browsers have a "Do Not Track" function that signals to the websites you visit that you do not want your online activities to be tracked. Tracking is not the same as using or collecting information in connection with a website. In this context, tracking refers to the collection of personally identifiable information from users who use or visit a website or online service as they move through different websites over time. The way in which browsers transmit the "Do Not Track" signal is not yet standardized. Therefore, the services are not yet set up to interpret or respond to the Do Not Track signals transmitted by your browser. Nevertheless, as described in more detail in this policy, we restrict the use and collection of your personal information. For a description of Do Not Track protocols for browsers and mobile devices, or for more information about the choices available to you, please visit internetcookies.com

Advertisements

We may allow certain third-party companies to help us serve advertisements that we believe may be of interest to users and to collect and use other data about user activity on the Services. These companies may serve ads that may place cookies and otherwise track user behavior.

If you would like to learn more about your options to opt-in or opt-out of this data collection, please visit the Digital Advertising Alliance website and the Network Advertising Initiative website for more information about interest-based advertising.

You can also download the AppChoices app at Digital Advertising Alliance's AppChoices app to opt out in conjunction with mobile applications, or use the platform controls on your mobile device to opt out.

E-mail marketing

We offer electronic newsletters to which you can subscribe voluntarily at any time. We undertake to keep your e-mail address confidential and will not disclose it to any third party, except as permitted in the section on the use and processing of information or for the purposes of using a third party provider to send such e-mails. We will retain information sent by email in accordance with applicable laws and regulations.

In compliance with the CAN-SPAM Act, all emails we send will clearly state who the email is from and provide clear information on how to contact the sender. You may opt out of receiving our newsletter or marketing emails by following the unsubscribe instructions contained in these emails or by contacting us. However, you will continue to receive important transactional emails.

Push notifications

We offer push notifications, which you can also voluntarily subscribe to at any time. To ensure that the push notifications reach the correct devices, we use a third-party push notification provider that relies on a device token unique to your device that is issued by your device's operating system. While it is possible to access a list of device tokens, these do not reveal your identity, unique device ID or contact information to us or our third-party push notification provider. The information sent by email will be retained by us in accordance with applicable laws and regulations. If at any time you no longer wish to receive push notifications, simply adjust your device settings accordingly.

Links to other resources

The Services contain links to other resources that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other resources or third parties. We encourage you to be aware when you leave the Services and to read the privacy statements of each and every resource that may collect personal information.

Information security

We secure the information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. We maintain reasonable administrative, technical and physical safeguards to prevent unauthorized access, use, alteration and disclosure of the personal information under our control and custody. However, data transmission over the Internet or a wireless network cannot be guaranteed.

Therefore, while we strive to protect your personal information, you acknowledge that (a) there are security and privacy limitations of the Internet that are beyond our control; (b) the security, integrity and confidentiality of all information and data exchanged between you and the Services cannot be guaranteed; and (c) such information and data may be viewed or tampered with by a third party during transmission despite our best efforts.

Because the security of personal information depends in part on the security of the device you use to communicate with us and the security you use to protect your login credentials, please take appropriate steps to protect that information.

Data protection breach

In the event that we become aware that the security of the Services has been compromised or users' personal information has been disclosed to uninvolved third parties as a result of external activity, including but not limited to security attacks or fraud, we reserve the right to take appropriate action, including but not limited to investigation and reporting and notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe there is a reasonable risk of harm to the user as a result of the breach or if notification is otherwise required by law. If this is the case, we will post a notice on the Services or send you an email.

Changes and additions

We reserve the right to change this Policy or its terms relating to the Services at any time at our discretion. If we do so, we will change the updated date at the bottom of this page and send you an email to let you know. We may also notify you by other means at our discretion, such as through the contact information you provide to us.

An updated version of this Policy will be effective immediately upon posting of the revised Policy, unless otherwise specified. Your continued use of the Services after the effective date of the revised Policy (or other action specified at that time) will constitute your consent to those changes. However, without your consent, we will not use your personal information in a manner materially different from that stated at the time your personal information was collected.

Acceptance of this policy

You acknowledge that you have read this Policy and agree to all of the terms and conditions contained herein. By accessing and using the Services and submitting your information, you agree to be bound by this Policy. If you do not agree to the terms of this Policy, you are not authorized to access or use the Services.

Contact us

If you have any questions about the information we hold about you, or if you wish to exercise your rights, you can use the following data subject request form to submit your request:

Submit a request for data access

If you have any further questions, concerns or complaints regarding this policy, please contact us using the details below:

https://baubob.com
contact@baubob.com

Data Protection Officer: Bogdan Ciric
bogdan.ciric@baubob.com

We will attempt to resolve complaints and disputes and will make every reasonable effort to comply with your request to exercise your rights as soon as possible and in any event within the time limits provided for in applicable data protection laws.

This document was last updated on March 11, 2024.