1. Data Protection Controller

The Data Protection Controller in the legal sense is:

Monzoon Networks AG

Address:
Monzoon Networks AG
Spinnerei-Lettenstrasse 2
8192 Zweidlen/ZH
Switzerland

Tel. +41 (0)43 500 04 70
Email: info@monzoon.net

Top of page

2. Data Protection Officer

We have appointed a Data Protection Officer for all data protection matters at Monzoon.
If you have any questions about the protection and management of personal data you are welcome to contact:

byte legal AG (contact person: E. Roesle)

Address:
byte legal AG
Baumgasse 10
8005 Zürich
Switzerland

Tel. +41 (0)44 552 07 60
Email: info@bytelegal.ch

Representative in the UE:
Monzoon Networks (Deutschland) GmbH
Stiglerstraße 10a
79801 Hohentengen
Germany

Tel. +49 (0)7742 927 8170
Email: datenschutz@monzoon.net

Top of page

3. What personal data do we collect, for what purpose and according to which legal basis?

We process personal data that we receive, collect from or create for clients, interested persons, websites visitors, employees, job applicants, service providers, suppliers and others.

This concerns, inter alia, personal data of the following types:

• Metadata/usage data and other technical data (e.g. IP address, MAC address of smartphone or computer, data concerning your device and settings, cookies)
• Contact and identification data (including for example name and surname, postal address, telephone number, email address, or user account information)
• Contact data (including, for example, data about provided or requested services and payment)
• Communication data (including for example electronic or written correspondence with Monzoon, telephone or video conversations)
• Marketing data

To the extent allowed by law, we also collect certain data from publicly available sources (such as debt collection registry, registry of commerce, media, the internet) or receive such data from authorities and other third parties such as contractual partners. Apart from the data which you give us directly, the categories of personal data about you which we receive from third parties include the use or provision of services (e.g. payments made, credit cards debits after online purchases), your status as a client, data related to your professional functions and activities or data exchanged about you with third parties in correspondence and verbally.

Monzoon uses the collected data for its commercial activity as an internet service provider, in order to prepare the services for you. We use the following identifiers to enable our clients to access the internet:

• Log-in
• Password
• Hardware MAC address
• IP addresses
• Session ID
• Location address
• Reference of ordering process: depending on the process, this can be for example an order number, a transaction code, a call number or an email address
• Ticket number in order to process support requests

We also use this data to communicate with you, for example by sending you information about the services provided (login, password etc.) and security information. These details are also essential for our support organization, which helps you in case of problems arising while using services.

We also use this data so that we can automatically connect you to the internet in wifi hotspots to improve your user experience.

In some wifi hotspots you may be asked to pass contact information to the location owner (e.g. hotel or airport), so that it can give you more information about the services offered at the location. In this case the location owner will post explicit information on the hotspot welcome page about how the information it collects will be used. This will include detailed information on who is responsible for storing these data (usually this is not Monzoon).

Furthermore, Monzoon collects data for the following purposes:

• to offer and maintain the internet connection (cf. the details right above)
• to comply with legal requirements to identify internet users, more specifically with article 22, para. 1 of the Federal Act on the Surveillance of Post and Telecommunications (SPTA) in regard to our internet service operations
• to optimize technical processes in order to provide high-quality services: this includes the use of technology such as cookies to allow partial automation of hotspot logins
• to manage contractual relationships: for example, to be able to produce invoices or communicate with customers about existing contracts
• to manage the processes of purchase, delivery and invoicing in our online stores (see section 8 below for more details)
• to deal with support requests and be able to analyze problems effectively and communicate with the customer
• for advertising and marketing purposes, unless you have objected to such use of your data (as an existing client, you can do so at any time and at no cost when we send you advertisements; we will then put you on a list so that further advertisements are blocked)
• to inform users of our services about new developments and offers from our hotspot partners
• concerning our product range and to improve our offers, services and websites (see section 7 below for more details)
• to deal with job applications (see section 9 below for more details)
• market and opinion research, media monitoring
• to assert legal claims and defence in connection with litigations and regulatory proceedings
• video surveillance to protect property rights and other actions related to IT, building and equipment security and the protection of our employees, other individuals and the assets belonging or entrusted to us (e.g. access controls, visitor lists, network and e-mail scanners, recording telephone conversations)
• to assure our company'operations, in particular the IT, our website and other platforms

The legal basis allowing us to process your personal data is generally:

• your consent or the consent of an authorized person; you may revoke your consent at any time, at no cost (by email, ordinary mail (to the [email] address given under section 2); however, this will have no effect on data processing that has already taken place
• the conclusion or execution of a contract with you, or your request to this end
• a balancing of interests, to which you may object in given circumstances (by email or ordinary mail to the [email] address given under section 2)
• a legal obligation which can also arise in connection with a balancing of interests

Top of page

4. To whom are personal data transmitted?

The personal data which we process for services provided by us in Switzerland in our capacity as an internet service provider are exclusively recorded in Switzerland and exclusively transmitted to the law enforcement authorities for case-by-case examination within the limits of legally regulated processes.

We do communicate some other personal data to third parties, within the limits of our activities and for the abovementioned purposes, as far as it is authorized and judicious, either because these third parties process this data for us (data processing by mandate) or because they want and are allowed to use them for their own purposes, within the limits permitted by law (data communication). We do not transmit to such third parties the usage data which we collect in our capacity as an internet service provider unless we are obliged to do so by the federal laws and regulations concerning surveillance of post and telecommunications.

The recipients of personal data – also beyond our business as a service provider, but not relevant for the whole data processing –, are in particular:

• service providers, suppliers, including those who process orders
• hotspot partners such as location owners
• roaming partners
• IT service providers (e.g. webhosting providers, operators of our CRM and online marketing tools)
• payments service providers
• media, the public, including the visitors of websites and social media
• public authorities
• other parties in potential or actual legal proceedings

Top of page

5. Where do we process personal data?

For the services provided in Switzerland based on our activity as internet service provider, we process data exclusively in Switzerland.

Other data are whenever possible processed in Switzerland, the European Union or the European Economic Area. Should data be transferred to a country where there is no suitable statutory level of data protection (like the USA), we shall require the recipient to take appropriate steps to protect personal data, e.g. through complying with the EU-US/Swiss-US Data privacy Framework or contracting the so-called «EU standard contractual clauses». You will find more details on that subject and a copy of the EU standard contractual clauses under www.edoeb.admin.ch/edoeb/en/home/deredoeb/infothek/infothek-ds.html. In some cases, we may also transfer data without such agreements, as provided for by the law, for example by relying on your consent to the relevant communication or when such communication is necessary for the processing of contracts, the determination, exercise or assertion of legal claims, or for the sake of overriding public interest. Data may in particular be transferred to countries without appropriate data protection for the purpose of website tracking (cf. section 7 below).

In its role as an internet service provider, Monzoon stores personal data in protected data centres and server rooms. Access to these sites is monitored and they are protected with cameras and alarm systems.

• Services delivered in Switzerland are supported by two data centres and a server room in the Greater Zurich Area
• Services delivered in Germany or elsewhere in the European Union are supported by two data centres in Germany

Personal data relating to these services are stored mainly in the data centres in the respective country. The data may also be stored temporarily in the other country – in particular if the processing is technically complex. Once this processing is complete the data are immediately deleted.

If our customers use roaming services (i.e. their work cuts across countries and services) the roaming partners may process their data in different countries. The roaming partner is the controller, as Monzoon's client: Monzoon is acting in this case as order processor.

We use payment service providers such as credit card companies or PayPal® to process payments for our services. If you have any questions about storage of the data related to this, please contact your payment service provider. For credit cards, this is usually your bank.

Top of page

6. How long is personal data processed?

As an internet service provider in Switzerland, Monzoon is obliged to be able to identify internet users. To comply with legal requirements we store identifiers such as mobile phone numbers and – if technically unavoidable – connection information for six months, as prescribed by law, and then immediately delete them automatically. These data are stored in Switzerland and only passed to the law enforcement authorities on the basis of court orders.

As a wifi hotspot provider in Germany, Monzoon is not obliged to be able to identify internet users. We store connection information (connection start and end times and relevant identifiers) for 7 calendar days to be able to analyze and solve technical problems quickly. Then we immediately delete the information automatically.

Moreover, we store personal data for as long as is necessary to meet our contractual duties or the intended purposes of the data processing, for example for the whole duration of the business relationship (from the initiation, processing and through to the termination of a contract) and beyond in accordance with statutory retention and documentation requirements. Thus, it is possible that personal data is stored for the period in which clams can be asserted against us and in the event that we are otherwise legally obligated to do so, or legitimate business interests require it (such as for evidence and documentation purposes). For example, Monzoon generally keeps accounting receipts or vouchers for 10 years. As soon as your personal data is not required anymore for the above purposes, they are basically deleted or anonymized.

Top of page

7. How else do we use personal data within the limits of our websites?

Some Monzoon websites include cookies: small files that can later be read by a web server in the domain that stored the cookie on your computer.

As a rule, we only use cookies to technically optimize the use of our pages. Another use is described in more detail in the chapter «Google Analytics».

We use cookies on hotspot landing pages to store your preferences and settings (such as your preferred language for the site). We help you when you are logging in by auto-filling input fields, with your permission, if you return to a hotspot you have already used.

We use cookies on our web pages to make the product range user-friendly and improve functionality. For example, these files allow us to display information that caters to individual interests. Using cookies also enables security features that protect your privacy. The sole objective is thus to match our service as closely as possible to your requirements and to make using the site as easy as possible.

Your web browser provides functions under Settings (usually in the «Security» section) that enable you as user to block cookies or view existing cookies and delete them.

7.1 Google Services

At www.monzoon.net, shop.monzoon.net and www.prepaid-internet.ch we use various services from Google LLC, based in the USA, or, if you are a resident of the European Economic Area (EEA) or Switzerland, from Google Ireland Ltd., based in Ireland («Google»). We use the following services from Google on our websites:

• Google Tag Manager
• Google Analytics
• Google Marketing Platform
• Google Ads

You will find more details on these services below.

Google uses technology like cookies, web storage in the browser and tracking pixels, which enable an analysis of your use of our web pages. The information thus generated about your use of our website may be transmitted to a Google server in the USA or other countries and stored there. Information on the locations of the Google computing centres can be found here.

We use tools provided by Google which according to Google can process personal data in countries where Google or its subprocessors maintain facilities. Google promises in particular in its «Data Processing Addendum for Products where Google is a Data Processor» to ensure an adequate level of data protection by relying on the EU standard contractual clauses (cf. section 6 above).

You can find more detailed information regarding processing by Google and the privacy settings in the Privacy Policy and the Privacy Settings of Google.

Google Tag Manager

On the abovementioned web pages we use the Google Tag Manager. It helps to manage website tags efficiently. Website tags are placeholders that are stored in the source code of the respective website in order to record, for example, the integration of frequently used website elements, such as code for web analytics services. The Google Tag Manager comes without cookies and ensures the triggering of other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains valid for all tracking tags implemented with Google Tag Manager. In order to implement the Google Tag Manager, we use a so-called «server-side tagging». A tag enables to collect your IP address and send it to our own hosting place within the EU, where the Google Tag Manager is implemented and receives the IP address. Here, still on our own server, the IP address is anonymized, and only then transferred to other services related to the Tag Manager. This means that we process your personal data only on our own server and that a connection to Google servers is technically excluded.

You can find more information in the Google Tag Manager Terms of Service.

Google Analytics

In order to analyze our websites and their visitors and also for marketing and advertising purposes, we use the web analytics service Google Analytics 4.

Google Analytics uses cookies that are saved on your terminal device (laptop, tablet, smartphone etc.) and allow the use of our website to be analyzed. This way, we can assess the behaviour of users on our web pages and make our offers more interesting thanks to the statistics/reports generated.

To ensure that Google Analytics does not receive personal data, the tracking ID created by us is separated from the personal and device data and thus becomes an anonymized data set. As soon as this is ascertained, we transmit solely your anonymized ID to Google.

Google uses this information to evaluate your pseudomized use of our pages, to compile reports on the activities on the website and to provide us with other services related to website and internet usage. According to Google, the IP address transmitted from your browser by way of Google Analytics is not merged with other data from Google. When you visit our web pages, your user behaviour is recorded in the form of events (such as page retrievals, interaction with the website or your «clicking path»), as well as other data such as your approximate location (country and town), technical information related to your browser and the terminals you use or the referrer URL, which means the website or advertising medium that led you to our web pages.

You can prevent the collection of the data generated by the cookie and the transmission to Google of data about your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the Google Analytics Opt-out Browser Add-on. If you wish to object to Google displaying interest-based advertising, you can use the preferences and opting-out possibilities provided by Google.

You can find an overview of the Google Analytics data usage and the actions taken by Google in order to safeguard your data in the Google Analytics Help.

Other information relating to the Google Analytics Terms of Service and the Google Privacy Policy are to be found in these latter documents.

Google Marketing Platform

The online marketing tool Google Marketing Platform («GMP») uses cookies to serve ads that are relevant to users or to improve campaign performance reports or prevent a user from seeing repeatedly the same ads. Using a cookie ID, Google records which ads are served in which browser and can prevent this from occurring several times.

In addition, the GMP can record through cookie-IDs so-called conversions, that is to say whether a user sees a GMP ad and later calls up the advertiser's website and buys something there. According to Google, GMP cookies do not contain any personal information.

Your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this service. According to Google, the integration of GMP allows Google to be informed that you have called up the relevant part of our web pages or clicked on one of our advertisements. If you are registered with a Google service, Google can associate your visit with your user account. Even if you are not registered with Google or have not logged in, there is a possibility that the marketer will obtain and store your IP address.

Other information about GMP can be found on the Google Marketing Platform website.

Google Ads

Through Google Ads, a cookie («conversion cookie») is set on your computer if you have reached our website via a Google ad. Cookies of this type have a limited validity, do not contain personal data according to Google and are therefore not used for personal identification. If you visit certain pages of ours and the cookie has not yet expired, we and Google can recognize that you have clicked on the ad and been redirected in this way to our website. Each Google Ads client receives a different cookie. It is therefore not possible to trace cookies through the websites of Ads clients. The information collected through conversion cookies is used by Google to create conversion statistics for Ads clients who have opted for conversion tracking. Through these statistics, we learn the total number or users who have clicked on our ads, and also which of our websites have been called up by the respective users afterwards. We do not receive any information allowing to identify you personally.

By use of the collected information, interest-based categories can be assigned to your browser. These categories are used to activate interest-related advertising.

We use the data acquired via the abovementioned cookie (so-called conversion tracking) for the following purposes:

• remarketing
• target groups with common interests
• customized target groups with common interests
• ready-to-buy target groups
• similar target groups
• demographic and geographic targeting
• dynamic remarketing
• user lists

By using Google Ads, we reach users who have already visited our websites. Thus, we can display our advertisements to target groups that are already interested in our products and services.

On Google's website, you will find more information about Google's advertising technology and the way Google uses cookies.

Top of page

8. How do we use personal data in the operation of our online store?

In our online store, we present our services and hardware products, organize the ordering and payment processes, and prepare the necessary data for shipping and service. This data is reproduced in the purchasing software that we use.

Monzoon uses the following data as part of the ordering and purchasing processes of its online store:

• Pages visited
• Orders, including sales volumes and ordered products
• Implementation of «website objectives» (e.g. contact requests and newsletter subscriptions)
• Your behaviour patterns on our pages (e.g. clicks and consultation times)
• Your approximate location (country and town)
• Your IP address (in truncated form so that it is not possible to assign it unequivocally)
• Technical information such as browser, internet service provider, terminal and screen resolution
• Origin of your visit (website or advertising medium that led you to us)

We use this data:

• to optimize our sales processes (save the contents of the basket, display the correct language, establish hit lists of products, etc.)
• to process purchases, payments and delivery
• and for anti-fraud protection purposes

If you wish to obtain services from our web store, you must provide the personal data required to process the order and open a client account. This will grant you a simpler order processing and the access to your order status. If you wish to open a client account with us, we need several contact data such as title address, name and surname, a valid email address as well as a password of your own choice. We need this information to provide you with a direct, password-protected access to your data stored by us, and to process your order.

Top of page

9. Job applications

Our company processes only personal data that are necessary to assess your aptitude for the job you apply for. These are in particular the following personal data:

• Contact data, such as name, surname, address, email address, telephone number, date of birth and place of birth, gender, marital status, citizenship or nationality
• This also includes information which you attach to your application, e.g. in the motivation letter, CV, education or training certificates and other information you provide (e. g. vocational training, academic education and professional qualifications, previous employments, personal abilities, photos)
• Information provided by third parties, such as official registries, references as well as information from public and professional networks
• Information that you have disclosed to us during the selection process or that proceeds for example from an application interview or assessment
• If you are already employed by our company, we may use information available to us from your former position

We process your personal data mainly in order to assess whether you are qualified for the job you apply for.

Basically, only the people who deal with the recruitment procedure relating to the job you apply for (HR persons and potential supervisors) will have access to your personal data.

If you also submit particular categories of personal data with your application, we may process these (e.g. health related data). If you consent to the seeking of references, we speak with the referees.

This data is stored, assessed, processed or internally forwarded exclusively as part of your application. In addition, it may be processed for statistical purposes (e.g. reporting). In this case no reference to individual persons will be possible.

Your application data is stored apart from the other user data and not merged with these.

If we enter into an employment contract with you, the disclosed data will be stored for the purpose of managing the work relationship according to statutory requirements. If the application procedure ends without an engagement, your personal data will still be stored for 6 months for documentation purposes, then will be deleted, unless you have consented to our keeping them in store for subsequent applications.

Top of page

10. Security

To protect your personal data that we are storing from unauthorized access and misuse we have taken significant technical and operational precautions. We regularly review our security procedures and keep them technologically up to date. You must protect your access code and password from unauthorized third parties; otherwise these could generate usage costs in your name or commit other crimes. To prevent data being read or tampered with during wireless transmission you need to take special security measures. You as customer are responsible for this. Always use connections with additional security, such as VPN or https-protected websites, to send sensitive data.

Top of page

11. Your rights

In principle, you are entitled to the rights of access, rectification, deletion, restriction, data portability, objection to processing and revocation of consent with regard to your personal data.

Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke this) or require it for the assertion of claims.

Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as the early termination of the contract or costs. We will inform you in advance if this is not already contractually regulated.

If you believe that the processing of your personal data violates data protection law, or that your data protection rights have been violated in any other way, you can also complain to the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC; www.edoeb.admin.ch), in Germany the respective data protection officer, i.e. for the federal province of Baden-Württemberg the Data Protection and Information Security Officer for that federal province (www.baden-wuerttemberg.datenschutz.de).

The exercise of your data protection rights generally implies that you prove your identity (e.g. through a copy of an identity document if your identity is not evident or cannot be verified otherwise). To exercise your rights, please contact us by email using the contact possibility mentioned under section 2.

Top of page