Contovista AG privacy policy

At Contovista (“Contovista” or “we”), we are committed to protecting and respecting your privacy. Like most companies, we store personal data about our customers and people who are interested in our services. We comply with the applicable data protection laws, in particular the Federal Act on Data Protection (FADP) and the General Data Protection Regulation of the European Union (GDPR).

This privacy policy explains the type of information we process as well as how this processing may affect you and your rights.

For various reasons, e.g. as a result of the development of our services or the use of new technologies, it may be necessary to adapt the current privacy policy. We recommend that you check our privacy policy regularly to find out about significant changes and the data we store for this purpose.


Contovista processes your personal data when you are in direct or indirect contact with us. We use the term “data” interchangeably with the term “personal data”. By data, we mean information that relates directly to you or can be directly attributed to you. In section 1.2, Contovista provides information on the categories of data that are processed in accordance with the information in this privacy policy. By processing, we mean any handling of data, e.g. obtaining, storing, using, disclosing or deleting data.

This privacy policy describes how we process data when you use our services, connect and communicate with us, or visit our website. As such, this privacy policy applies to the processing of data that we have already collected or will collect in the future. 

Who is responsible for processing the data?

We are responsible for data processing pursuant to this privacy policy and are the primary legal entity, unless otherwise communicated in specific individual cases. You may contact us regarding exercising your rights or specific data protection concerns in writing (Contovista AG, Wiesenstrasse 5, CH-8952 Schlieren) or by email (

Which data is processed?

We process different data from various sources depending on the situation and purpose. We primarily collect and receive this data directly from you when you use our services or as part of general customer communication. Contovista processes different categories of data in this regard. The most important categories of data are described below: 

  • Applicant data: Applicant data refers to data relating to identity and personal characteristics and circumstances, e.g. name, address or date of birth.
  • Contract data: When a contract is concluded, we process master data as well as other data, such as information about obtaining and using services. Such data includes information on the performance and enforcement of contracts as well as feedback on our services.
  • Behavioural and preference data: Behavioural data refers to data about certain actions and interactions you may have with us. We may use such data to infer information about the statistical likelihood of you being interested in certain services or of behaving in a certain manner. We generate this data based on existing information, combining it with other data to enhance the quality of our analysis. Behavioural data informs us about certain actions, such as logins, obtaining and using services, and contacting us.

Preference data tells us what your needs are, what services you are interested in, or when and how you respond to our messages. We obtain this information by analysing existing data in order to get to know you better, target offers more precisely and improve them.

Behavioural and preference data can be evaluated either on a personal level to help us make tailored offers or display advertising, or on a non-personal level for the purpose of market research or development of our services.

  • Communication data: This data relates to communication with you in writing, by telephone or via electronic channels (e.g. email, SMS and push messages). We also collect data when establishing your identity.
  • Technical data: This is data that we collect when you use electronic services. Among other things, it includes a device’s IP address and logs. To ensure these offers work, we may assign an individual code to devices (see section 2 of this privacy policy). Technical data does not allow any conclusions to be drawn about the identity of a person. Together with the data from registrations or, for example, the processing of contracts, we may be able to link other data to specific individuals.

In addition to the IP address and information about the device being used, technical data also includes the date and time, geographic region, and the type of browser or device with which customers access electronic offers from us. This information helps us display content in a browser or on a device. The IP address provides us with information about a telecommunications provider, although we usually cannot determine an individual’s identity unless they are logged into a user account. Technical data also includes log files that are generated in our systems.

  • Registration data: This is personal data that is transmitted during registration or activation enabling you to use or participate in certain offers and services (such as newsletters and competitions).

What is the data used for and how is it processed?

We collect and collate data either directly from you or as part of an automated collection process. We process data for the following purposes:

  • Establishment, settlement and termination of business relationships

We process data for the purpose of establishing, registering, processing and terminating business relationships. The type of data processed varies according to the type and scope of the business relationships and includes master data, order data, registration data and communication data.

  • Compliance with laws, recommendations of authorities and internal regulations

We process data to comply with laws, directives and recommendations from authorities as well as internal regulations (compliance). We are obliged to make certain inquiries or, under certain circumstances, to submit reports. In addition, data processing requires the fulfilment of disclosure, information and reporting obligations, the fulfilment of retention obligations as well as the prevention, detection and clarification of criminal offences and other violations. 

This includes receiving and processing complaints and other reports, monitoring communication, internal investigations, or disclosing records to a government agency if we are required to do so or have legitimate interests in disclosure. Data may also be used in both external investigations (e.g., by a regulatory or law enforcement agency or an appointed private entity) and internal investigations.

  • Risk management, prevention and corporate governance

We also process data for risk management purposes, to prevent fraud and other unauthorised activities, and as part of prudent business management, including business organisation and business development. With respect to business development, we may sell or acquire businesses or parts of businesses and enter into partnerships, which may also lead to exchanging and processing data.

  • Improvement of services

Data is also processed for market research purposes and to improve our services. For these purposes, we use master data, behavioural and preference data, as well as information derived from surveys. We continuously develop our services, adapt them to the needs of our customers and find out how satisfied they are. We analyse which services are utilised and how new services could be designed and used, which gives us an indication of how well existing services are accepted in the market as well as revealing the market potential of new services.

  • Security purposes and access controls

We may also process data for security and access control purposes. We continuously review and enhance the security of our IT and infrastructure. However, data security breaches cannot be ruled out with utter certainty. Contovista counters this risk with appropriate technical and organisational measures using state-of-the-art technology. Access controls include both controlling access to electronic systems and controlling physical access.

  • Communication

We process data in order to communicate with you, provide you with information or send you messages. We use master data and communication data for this purpose. We usually retain this data in order to document the communication as well as for quality assurance and to deal with later inquiries. If you contact us by email, we shall be expressly authorised to reply via the same channel to the sender’s address or to the address provided. Emails are transmitted in an unencrypted manner via the Open Internet and as such, we cannot ensure that they will not be accessed, viewed or manipulated by third parties. Consequently, email communication is not suitable for transmitting confidential information.

  • Newsletter

If you would like to receive a newsletter offered on our website, we require your email address and confirmation that you are the owner of the email address provided and that you agree to receive the newsletter. If you want to subscribe to a newsletter as a customer, you can grant us your consent to do so at the time of registration.

The newsletter will provide you with regular recommendations and offers that may be of interest to you. For this purpose, we collect and process data regarding your usage behaviour on our website, your orders and how you use the newsletter. We evaluate this data for statistical purposes in order to better tailor the content of the newsletter to your interests. The processing of the data entered in the newsletter registration form is based on your consent, which you can revoke at any time in the future. We store the data you provide for the purpose of receiving the newsletter until you unsubscribe from the newsletter.

  • Information from other sources

We may receive publicly available professional information about you from third parties or online publications. This information is used to ensure that the information we hold about you is accurate and up to date, that we have all the information we need to provide or offer you a product or service, and to help us provide the best possible service in the most efficient way.

  • Automatic collection during visit to our website

Our website automatically logs weblog server information. We collect data through cookies, which are small pieces of information issued to your computer or device that you use to access the internet when visiting a website. This includes smartphones, tablets, or other mobile devices that store and sometimes track information about your use of the website. Please refer to our cookie policy for more information.

Why do we process your data?

This section describes the data we collect and the legal basis for such processing.

  • Our legitimate interest

To respond to your communication and keep a record for quality and training purposes, we process your first and last name, job title, company name, email address, phone number and country. 

To ensure network and information security, we process your IP address, browser type and operating system, the pages visited during your visit and the source of your access to our website (e.g. the website or URL (link) that referred you to our website.

To monitor the performance of our website and improve the user experience, we process your weblog server information (as described above).

To send you more information about our service, we process your first name, last name, company name and email address.   

To personalise our service strategy and thereby enhance the customer experience and to explain our offerings and market strategy to ensure that our communication is relevant, we process your first name, last name, job title, organisation, email address, phone number, country, and responses to questions about our services and industries.

To determine your interest in our services, we process your first name, last name, job title, company name, email address, phone number, authorised user credentials (email address and password) and your interaction with our website, content and services.

  • Your declaration of consent

In order to contact you or keep in touch with you, we process your first name, last name, company name, email address, phone number and country. 

To respond to your communication and keep a record for quality and training purposes, we process your first and last name, job title, company name, email address, phone number and country. 

To send you confirmation and more information about our services, we process your first name, last name, company name and email address.   

What about special categories of data?

We do not knowingly or intentionally collect specific categories of data from individuals and ask that you do not provide us with any special categories of personal data.

How do we share your personal data?

We are bound to confidentiality by the Data Protection Act and other regulatory requirements. Services are often developed, provided and processed with shared responsibilities, which means that data is processed by different bodies. The agencies involved may each process your data, but may only do so within the framework of legal and/or contractual requirements.

  • Internal persons at Contovista

Within Contovista, individuals and their business units have access to data to the extent necessary for the purposes set forth in this privacy policy.

  • Service provider

We cooperate with service providers both in Germany and abroad. To enable us to provide services in an efficient, secure and cost-effective manner, we rely on third-party services in certain areas. Among other things, these services include IT support, information dispatch, marketing, sales, communication, market research, printing services, customer relationship management services, marketing automation, analytics services, as well as services from consulting companies and law firms. In each case, we only disclose to service providers the data necessary and required to provide such services. Our service providers have agreed to confidentiality constraints and use all the data that we provide to them or that they collect on our behalf exclusively for the purpose of rendering the contractually agreed services for us.

  • Electronic data transmission

Data can also reach third parties in Germany and abroad during electronic data transmission without any action on our part. In particular, when using the app and/or mobile devices, manufacturers of devices or software (such as Apple or Google) may receive data. These third parties may process and also pass on this data in accordance with their own terms of use or privacy policies. This may result in these third parties being able to determine that there is a relationship between you and us. 

Do we share data abroad?

As explained in section 1.6., we are not the only ones who process data about you; other bodies also do so where necessary. Since they are not exclusively located in Switzerland, data may be processed worldwide, including outside the EU or European Economic Area (third countries). If recipients are located in a country without adequate legal data protection, we shall undertake to contractually oblige them to comply with data protection, usually by concluding recognised standard contractual clauses. We can waive this if recipients are already subject to a set of rules recognised in Europe to ensure data protection or if we can rely on an exceptional provision. The latter may be the case, in particular, during legal proceedings abroad, in cases of overriding public interest or where the performance of the contract requires such disclosure, provided we have obtained consent or the data has been made generally accessible. It should be noted that data exchanged online is often routed via third countries. Consequently, data may end up abroad even if the sender and recipient are located in the same country.

For how long do we store data and when do we delete it?

We store data for as long as required to do so by the applicable legal requirements or the purpose of the processing. The duration of retention is therefore based on legal and internal regulations. Contovista also takes into account retention obligations and processing purposes as well as the need to protect its own interests (e.g. to enforce or defend against claims and to ensure IT security). Should these purposes be achieved or no longer apply and there be no obligation to retain the data, we delete or anonymise the data as part of the usual processes. This may be more than ten years, depending on the respective legal basis.

Examples of documentation and evidence purposes include Contovista’s interest in documenting operations, interactions and other facts in the event of legal claims, discrepancies, for IT and infrastructure security purposes, to demonstrate good corporate governance and compliance, to develop our services, to manage your relationship with us and to meet the reasonable expectations of our customers and previous customers. From a technical perspective, retention may be necessary because certain data cannot be separated from other data and must continue to be retained with that data (e.g. in the case of backup or document management systems).

How do we protect data?

Contovista shall take appropriate security measures of a technical and organisational nature to maintain the security of data, to protect it against unauthorised or unlawful processing and to counteract the risk of loss, accidental alteration, unintentional disclosure or unauthorised access. These security measures include the encryption and pseudonymisation of data, access restrictions, the storage of backup copies, instructions to employees and confidentiality agreements. We also require third parties to adopt appropriate security measures. However, it should be noted that security risks cannot be ruled out entirely.

What rights do you have?

To the extent that the requirements of applicable law are met, you shall have the following rights in relation to your data:

  • Information about your own data;
  • Correction of incorrect or incomplete data;
  • Deletion of your data;
  • Restriction of data processing of your data;
  • Filing a complaint against the way the data is processed.

Do you have a right of revocation?

You shall have the right to revoke your consent at any time with future effect. In certain cases, you can also object to data processing (e.g. data processing connected to advertising). However, processing activities carried out in the past based on consent shall not be rendered unlawful as a result of  revocation.

Revocation shall not be possible in cases where data processing is absolutely necessary for the provision of the service or fulfilment of contractual obligations. In such cases, a waiver of such data processing is only possible by terminating the contractual relationship.

What applies to direct marketing and profiling?

We may use data to inform you about Contovista’s services that we believe could be of interest to you. We may contact you via email or other communication channels that we believe may be helpful to you. In either case, we shall respect your preferences as to how you would like us to send marketing.

To protect your privacy rights and to ensure that you have control over how we market to you, we shall take steps to limit direct marketing to an appropriate and proportionate level and only send you communications that we believe may be of interest or relevant to you.

You can ask us to stop direct marketing at any time by following the “unsubscribe” link that you will find on all email marketing messages we send you. Alternatively, you can request this by contacting us at Please indicate whether you would like us to stop all forms of marketing or only a specific type (e.g., email).


This cookie policy describes the purpose and use of the information that is processed in the context of using or visiting our websites via the use of cookies, similar technologies or social media platforms. In addition, we provide information about security measures that are useful for the confidentiality of the transmitted data and protection of privacy. By website, we mean all pages and subpages of Contovista as well as the services and offers provided, such as information offers, advertisements, competitions, prize draws, surveys and communication channels. By contrast, this cookie policy shall not apply to the websites of third parties.

Why do we use cookies or similar technologies?

Contovista uses cookies and similar technologies to make your visit to our website easy, personalised and meaningful. Cookies are small pieces of information that are issued to the computer or device that you use to access the internet when visiting a website, such as smartphones, tablets or other mobile devices, which store and sometimes track information about your use of the website. A number of cookies that Contovista uses for the duration of your web session expire when you close your browser (“session cookies”). Other cookies remember you when you return to the website and last for a longer period (“persistent cookies”).

Contovista uses cookies to: (a) create a specific login session for a visitor to our website so that page requests from the visit are transmitted in an effective, secure and consistent manner; (b) to recognise when our website has been visited previously, enabling us to identify the number of unique visitors we receive on the website and ensure that we have sufficient capacity for the number of users we receive; (c) customise elements of the website’s advertising layout and/or content; (d) improve the website and discover which parts are most popular with visitors. To this end, we collect statistical information about our visitors’ use of the website, including device-specific information such as the device’s IP address (collected and stored in an anonymised format), device screen size, device type and browser information, country of location, and preferred language for viewing the website. Our servers also automatically record information, including the referring domain, the pages visited, and the date and time that the pages of the website were accessed; (f) to collect information about our advertising partners, about the pages of the Contovista website that you visit, and also further information about other websites that you visit in order to classify you into an “interest segment”. This information is then used to deliver interest-based advertising that is believed to be targeted to your interests. 

For more information about this type of interest-based advertising and how to opt-out of this feature, please visit or follow the link to the website of our advertising partners listed below. Without these cookies, ads you may come across will be less relevant to you and your interests.

What applies to third-party cookies?

Some of our websites use cookies set by third parties who provide services on our behalf. Most web browsers automatically accept cookies, however if you wish you can change your browser to prevent this or to notify you each time a cookie is set. For more information about cookies, please visit, where you will find useful information about cookies and how to block cookies with different browsers. Please note, however, that you may not be able to take full advantage of Contovista’s website if you block or delete cookies used on the website. Certain cookies are either set by third parties on the website or by us using the cookie code of third parties. For more information about cookies set by third parties and how you can restrict or block them, please see the link to their website.

Which online technologies are used?

We currently work with the following providers for the above-mentioned purposes:

  • WordPress

Our website is hosted on WordPress. Your data can be stored via WordPress data storage, databases and the general WordPress applications. WordPress stores your data on secure servers behind a firewall. Further information about WordPress privacy can be found at (

  • HubSpot

We operate parts of our website based on HubSpot, a service provided by HubSpot Inc, 25 First Street, Cambridge, MA 02141, USA. HubSpot is certified under the EU-US Privacy Shield and applies standard contractual clauses (SCCs) to ensure that data is processed securely outside the EU. This entails the use of “web beacons” and the setting of “cookies”, which are stored on your computer and enable us to analyse how our website is used. HubSpot analyses the collected information (e.g. IP address, geographical location, browser type, duration of the visit and pages viewed) on our behalf to generate reports about the visit and the pages visited.

If you subscribe to our newsletter and download studies and other documents, we can also use HubSpot to record visits to our website on a personal level using additional information (especially name and email address) and, if necessary, provide you with targeted information on topics you are interested in. If you do not want HubSpot to collect your personal data, you can prevent the storage of cookies at any time by changing your browser settings accordingly.

For further information about how HubSpot works, please read HubSpot’s privacy policy:

  • Google services

We use the remarketing function of Google Inc. on our website. With this function, together with Google, we present our visitors with tailored and interest-based ads. Cookies are set on your computer during this process. These are text files that recognize the user when accessing pages and enable interest-based advertising across the Google network. In this context, Google objects to the collection of personal data and claims that it does not connect to other Google services. You can stop Google’s remarketing feature by adjusting the settings under In addition, the use of cookies can be disabled by changing the settings in your browser. You can use the help feature if necessary. For more information about Google remarketing and Google’s general privacy policy, please visit:

On our website we use the web analytics service Google Analytics, owned by Google Inc. The cookies generate information that is transmitted to a Google server. These servers are usually located in the United States, but are based on agreements for use of the European Economic Area and the reduction of your IP address before it is sent to the United States. It is only in exceptional cases that the IP address is shortened after transmission to the United States. Google evaluates the information supplied and provides further services for us website operators in this context. The identified IP addresses are not merged with other Google services. By changing your browser settings, you can prevent cookies from being stored on your computer. However, this may be followed by display and functional restrictions when using our website. A browser plug-in also prevents the collection and use of data generated by the cookies. Learn more about Google’s privacy policy and Google Analytics: terms and

  • Google reCAPTCHA

We use Google reCAPTCHA (hereinafter “reCAPTCHA”) on our website, provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The purpose of reCAPTCHA is to check whether data entered on our websites (e.g. in a contact form) was done by a human or by an automated programme. To this end, reCAPTCHA analyses the behaviour of website visitors based on various characteristics. This analysis starts automatically as soon as a website visitor enters the website, evaluating various information such as IP address, time spent by the website visitor on the website or mouse movements made by the user. The data collected during the analysis is forwarded to Google. By using reCAPTCHA, your data is transmitted to American and European Google servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged.  The reCAPTCHA analyses run entirely in the background, which means website visitors are not aware that any analysis is actually taking place. For more information on Google reCAPTCHA and the privacy policy, please refer to and If you wish to be excluded from such analysis, you can change this setting at

  • Hotjar

We use Hotjar provided by Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) (“Hotjar”) on our websites to statistically analyse visitor data. Hotjar is a service that analyses your behaviour and feedback on websites through a combination of analytics and feedback tools. Hotjar-based websites have a tracking code embedded on websites, which contacts Hotjar’s servers and sends a script to your computer or device when you access Hotjar-based websites. The script collects certain data related to the way you interact with the respective website. This data is then sent to Hotjar’s servers for processing purposes. For further information about the privacy policy as well as what data is collected by Hotjar and how, please visit

How do we use social media sites?

We may operate our own pages on social networks or similar third-party platforms. If you communicate with us via such pages or comment on or redistribute content, we shall collect corresponding information and process it primarily for communication and marketing purposes. We have the right, but not the obligation, to check content before or after it is published and to delete content without notification (e.g. in the case of unacceptable behaviour), insofar as this is technically possible, or to report it to the provider of the relevant platform. In the event of a breach of decency and conduct rules, we may also report the relevant user account to the provider of the platform which could result in their account being blocked or deleted.

When visiting social media sites, data (e.g. visitor behaviour) may also be transmitted directly to or collected by the provider in question and processed together with other data already known to it (e.g. for marketing and market research purposes). For more information on data processing by social network providers, please refer to the privacy policies of the relevant social networks. We currently use the following social media plugins:

  • Facebook plugin

Facebook plugins are integrated on our website. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our website. You can find an overview of the Facebook plugins at

When you visit our website, a direct connection between your browser and the Facebook server is established via the plugin. This gives Facebook the knowledge that you have visited our website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of our pages on your Facebook profile, allowing Facebook to assign your visits to our pages to your account. Coop has no knowledge of the content of the transmitted data or how it is used by Facebook. For more information, see Facebook’s privacy policy If you do not want Facebook to be able to assign your visit to our website to your Facebook account, you should log out of your Facebook account.

  • Twitter plugin

Twitter plugins are integrated on our website. The provider is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Retweet” feature, your visit to our website will be linked to your Twitter account and made known to other users. This also involves the transfer of your data to Twitter. Coop has no knowledge of the content of the transmitted data or how it is used by Twitter. You can change your privacy settings on Twitter in the account settings at For more information, please refer to Twitter’s privacy policy at

  • LinkedIn plugin

Our website uses certain features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. A connection to LinkedIn servers is established each time one of our pages containing a LinkedIn feature is accessed. LinkedIn is informed that you have visited our web pages using your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account, it will be possible for LinkedIn to assign your visit to our website to you and your user account. We should point out that we as the provider of the pages have no knowledge of the content of the transmitted data or how it is used by LinkedIn.

For further information, please see LinkedIn’s privacy policy at


Please note that Contovista has no control over, and is not responsible for, any websites linked to from its own website and that the use of your information on those websites is not governed by this privacy policy.

Which definitions apply when visiting our websites?

  • Compliance with a legal obligation: Processing is necessary to ensure that we can meet our legal and regulatory obligations.
  • Consent: You have expressly consented to the processing of your personal data.
  • Data controller: The entity that determines the purpose and manner of the processing of personal data.
  • European Economic Area: Comprising the countries belonging to the European Union as well as Norway, Iceland and Liechtenstein.
  • Identifiable natural person: A person who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Legitimate interests: Processing is necessary for our or a third party’s legitimate interests relating to effective and proper conduct as well as the management of our respective businesses (unless our or the third party’s interests are overridden by your own interests, rights and freedoms).
  • Performance of a contract: Processing is necessary to perform our contractual obligations, exercise our contractual rights or otherwise perform our contract with you, or to take steps to conclude a contract at your request.

Which aspects of the disclaimer should be noted?

Our offering contains links to external third-party websites, over whose content we have no influence at all. For this reason, we cannot assume any liability for such external content. The respective provider or operator of the pages shall always be responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time they were linked and no illegal content was identified. Permanent monitoring of the content of the linked pages is not reasonable without concrete evidence of the law being violated. If we become aware of any such infringements, we shall remove such links immediately.

Which aspects of copyright should be noted?

The content and works created by the site operators of these pages are subject to copyright laws. Duplication, processing, distribution, or any form of commercialisation of such material beyond the scope of the copyright law shall require the prior written consent of its respective author or creator. Downloads and copies of this page shall only be permitted for private, non-commercial use. The copyrights of third parties are respected to the extent that the content on this page was not created by the operator. In particular, third-party content is identified as such. Nevertheless, should you become aware of a copyright infringement, please inform us. If we become aware of any such infringements, we shall remove such content immediately.