Privacy Policy

ScanDiags respects your privacy and takes great care to protect your data and its confidentiality. The collection and use of personal data is therefore exclusively within the framework of the legal provisions of the applicable data protection laws of the European Union and Switzerland. 

This Privacy Policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “Data”) within the ScanDiags Services, e.g. use within the ScanDiags solution and online offering (“Services”) as well as the websites, functions and content associated with them and external online presences, such as our social media profiles. With regard to the terms used, such as “processing” or “responsible body”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).


1. Responsible


Is the body responsible for the collection, processing and use of data in accordance with the EU General Data Protection Regulation (“GDPR”):

ScanDiags AG, Zwicky-Platz 3, 8304 Wallisellen, Switzerland

You can reach our data protection officer not only by post but also by e-mail at


2. Subject of data protection

The subject of data protection is personal data. According to Art. 4 No. 1 GDPR, this is all information relating to an identified or identifiable natural person; this includes, for example, names or identification numbers.


3. Collection and use of data

Personal data is collected when you use our website, insofar as this is necessary for technical reasons or if you use certain functions or services offered on our website or apply to become a partner or employee. In addition, we process data that we receive from you when you contact us.


3.1 Visiting our website

When you access our website, your end device automatically transmits data for technical reasons. This data is stored separately from other data that you may transmit to us: Date and time of access, browser type/version, operating system used, URL of the previously visited website, IP address (shortened by one octet).

The processing of this data is necessary in order to enable you to visit the website and to ensure the permanent operability, availability and security of our systems. The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.

The access data is temporarily stored in internal log files for the purposes described above in order to compile statistical data on the use of our website, to further develop our website with regard to the usage habits of our visitors and to maintain our website in general for administrative purposes. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in the proper optimisation of our website.

Further information on data collection and use during visits to our website can be found in sections 4.2.a (Google Analytics), 4.2.b (Hotjar) and 4.2.c (HubSpot).


3.2 Comment functions on the website

When you visit our blog, we offer the possibility to voluntarily post a comment. Name, email address and the comment text are mandatory fields, and optionally it is possible to specify a website. The comments will only be activated after manual review by the marketing team. Released comments are then publicly displayed under the corresponding blog post. If you would like to change or delete the comment, please contact us.

In this case, the collection and processing of your personal data is carried out in order to be able to publish your comment on the website, Art. 6 para. 1 lit. b GDPR.


3.3 Contact forms on the website

We also offer you the possibility to send us inquiries via our website about a partnership, inquiries about a company presentation, inquiries for a presentation of our product (“Demo”) within the scope of a direct contact form.

For the use of all contact forms provided by us, it is particularly necessary to provide your name, an e-mail address and, if necessary, a telephone number so that we can reach and address you. Other mandatory fields are marked as such. In order to enable us to make a quick initial assessment of your request, you may also provide further information.

We process the data you provide in the contact form in order to answer your enquiry, check your application, put together an individual offer, contact you for the purpose of further discussions or to be able to react to requests, questions and criticism. The legal basis of the data processing described is Art. 6 Par. 1 lit. b GDPR.


3.4 Application

further, we offer you the opportunity to contact us by email for the purpose of applying for an advertised position. The collection of your personal data during the application process and the associated data processing is necessary for the implementation of pre-contractual measures, which are carried out at your request, based on Art. 6 para. 1 lit. b GDPR.

The following personal application data may be processed as part of the application process, in particular, but not exclusively, all personal data that you provide us with about your application: Name, e-mail address, telephone number, picture, cover letter, resume, LinkedIn profile, and the position you applied for, status, notes and plans regarding your application and e-mail communication.

Once the application process has been completed, we delete the personal data we have received from you in the course of the application process, in principle within a period of 6 months. 

3.5 Communication with our customer service

If you contact our customer service or are contacted by them, depending on the contact channel, we will collect the personal data you have transmitted for the purpose of processing your request, such as Your email address, your telephone number and, if applicable, your name. In order to process your request properly, we may need further information (e.g. a customer number or address). 

We will use this information to process your request properly and, if necessary, to connect you with the responsible person. The legal basis for data processing when contacting our customer service is Art. 6 Para. 1 lit. b and lit. f GDPR.  The data will generally be deleted after the expiry of the limitation period for the underlying process, provided that it does not have to be saved due to the connection with another process. otherwise, the statutory retention requirements apply. 


3.7 Maintaining contacts

For the purpose of maintaining contacts, we use the Customer Relationship Management System [CRM] from HubSpot Inc., 25 First Street, Cambridge,  MA 02141 USA (“HubSpot). In CRM, we collect company contacts and information from business partners, customers and prospects.

The HubSpot servers that we use are generally located within the European Union. However, for technical reasons, parts of your data may e.g. processed within the scope of HubSpot support services in countries outside the European Economic Area, especially in the USA. In order to ensure the protection of your data in this case too, HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA takes on the EU-US Privacy Shield. The legal basis is Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in organizing our business contacts efficiently using an external service provider. 


4. Cookies and usage analysis

We save so-called “cookies” in order to be able to offer you all the functions of our website and the ScanDiags service and to make their use more convenient. Cookies are small files that are saved on your device using your internet browser. Cookies are only stored locally on your device and you can delete them at any time. If you do not want cookies to be used, you can prevent cookies from being stored on your device by configuring your Internet browser accordingly. Please note that the functionality and range of functions of our website and the ScanDiags service may be restricted. 

Specifically, we use the following cookies: 

  • ScanDiags cookie to ensure functionality and to ensure that certain information does not have to be provided multiple times (details under section 4.1); 
  • Cookies from Google Analytics for statistical analysis of the use of the website and for the improvement of our offer (details under 4.2a);
  • Hotjar cookie to evaluate the use of the website and to improve our offer (details in section 4.2b); 
  • HubSpot cookie, which among other things ensure that the service can recognize whether a communication has already taken place (details under section 4.2c).
4.1 Use of own cookies

When you visit our website or use the ScanDiags service, different cookies are used.

We use our own cookies on the website in particular to note that you have been shown information placed on our website so that it is not displayed again the next time you visit the website. The main purpose of our own cookies is to make the use of our services as time-saving and user-friendly as possible. We want to enable you to use our website more conveniently and individually. The processing of the respective cookies is based on our aforementioned legitimate interests, the legal basis is Art. 6 para. 1 lit. f GDPR.

4.2 Use of third-party cookies for usage analysis

We also use various approaches on our website to better understand the use of the website and to find out which content is particularly relevant for our users and what type of devices they were visited on. This enables us to optimize our content and adapt the page design to the browser types and devices actually used.

For this purpose we use the services of various external providers, which are listed below. The legal basis for the data processing described below is Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in the needs-based design and continuous optimization of our website.

4.2 a) Google Analytics

Our website, use the web analytics service Google Analytics, which is offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses 14-month cookies to collect your anonymous access data when you visit our website. The access data is summarized by Google on our behalf to pseudonymous usage profiles and transferred to a Google server in the USA.  Before hand, your IP address will be anonymized. Therefore, we cannot determine which usage profiles belong to a particular user. Based on the data collected by Google, we cannot identify you or determine how you use our website. In the event that, exceptionally, personal data is transferred to the United States, Google has also contacted the EU-US Privacy Shield subject to. Google is thus committed to ensuring the European data protection principles and the local data protection level also within the framework of data processing taking place in the USA. 

Google will use the information obtained through cookies on our behalf to evaluate the use of our website, to compile reports on website activity and to provide us with other services related to website and internet usage. For more information, see the  Google Privacy Policy. 

You can object to the web analysis by Google at any time. You have several options for this: (1) You can set your browser to block cookies from Google Analytics (Enable Do not Track Mode). (2) You can adjust your settings for advertising on Google (3) You can install the Google Analytics deactivation plug-in provided by Google at the following link in your Browsers Firefox, Edge, Safari, Opera or Chrome (this variant does not work on mobile devices): browser-plugin

For more information about Google Analytics, please refer to the Google Privacy Policy

The data stored by Google Analytics is stored for a period of 14 months. At the end of this period, Google Analytics only keeps aggregated statistics. 

The use of Google Analytics is based on our legitimate interest in a needs-based design, the statistical evaluation as well as the efficient promotion of our website and the fact that your legitimate interests do not prevail, Art. f GDPR. 

4.2b) Hotjar

Our website also uses the web analysis service Hotjar, which is offered by Hotjar Ltd, Level 2 St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 3155, Malta (“Hotjar”). This collects completely anonymized usage data that provides information about how the website is used. Hotjar saves a cookie with a validity of 14 months to collect your anonymous access data when you visit our website. At no time is it possible to draw conclusions about individual persons. The data is automatically deleted after 14 months. For more information, see also Hotjar’s privacy policy.

You can object to the web analysis by Hotjar at any time. You have several options for this: (1) You can set your browser so that cookies are blocked by Hotjar (activate Do not Track Mode). (2) You can change your settings according to the instructions from Hotjar to adjust.

4.2c) HubSpot

In addition to the purpose of maintaining contacts, we also use the CRM from HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA in the context of our website. On our behalf, HubSpot groups the access data into anonymous usage profiles and transfers it to a HubSpot server in the USA. Your IP address will be anonymized beforehand. We can therefore not determine which usage profiles belong to a particular user. Based on the data collected by Google, we can neither identify you nor determine how you use our website. In the event that personal data is exceptionally transferred to the USA, HubSpot has also adopted the EU-US Privacy Shield. HubSpot is committed to guaranteeing the European data protection principles and the local level of data protection also in the context of data processing taking place in the USA.

HubSpot will use the information obtained from the cookies on our behalf to evaluate the use of our website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. Further information can also be found in the data protection declaration of HubSpot

You can object to the web analysis by HubSpot at any time by setting your browser so that cookies are blocked by HubSpot (activate Do not Track Mode). 

The data stored at HubSpot is generally stored until it is requested to be deleted. After this time, the data will be deleted within 30 days. 

The use of HubSpot is based on our legitimate interest in a needs-based design, the statistical evaluation as well as the efficient advertising of our website and the fact that your legitimate interests do not prevail, Art. 6 para. 1 lit. f GDPR. 


5. Links to other websites 

Our website may link the websites and online offers of other providers not affiliated with us. If you use these links, we no longer have any influence on what data is collected by the respective providers and which data is collected by you. Detailed information on data collection and use can be found in the data protection declaration of the respective provider. As the collection and processing of data by third parties is beyond our control, we cannot assume any responsibility for this. 

We include videos from Google Ireland Limited’s YouTube platform, Gordon House, Barrow Street, Dublin 4, Ireland, on our website. By clicking on the YouTube videos, Google receives the information that you have viewed a corresponding video of our website. This is done regardless of whether you are logged in to Google or your YouTube account or not. When you are logged in, the information about the video being played will be directly associated with your Google account and your YouTube account. If you do not wish to do so, you must log out before playing the video. Google stores your data and uses it, if necessary, for advertising, market research and to design its own websites according to requirements. Such an evaluation is carried out even for unlogged users. For more information, please contact the Privacy Policy, you can also opt out of a Opt-Out.

ScanDiags also presents itself within social networks and other online platforms in order to communicate with current and future business partners, customers and prospects as well as potential applicants and to inform them about our services. The processing of personal data is carried out on the basis of our legitimate interests in effective information and communication in accordance with Art. f. GDPR. If the data subjects are asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis of the processing is Art. a., Art. 7 GDPR. A detailed description of the respective processing and the possibilities of opposition can be obtained from the linked information provided by the providers: Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland): Agreement on Joint Processing of Personal Data, Privacy PolicyPrivacy Shield. Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA): Privacy, Privacy Shield. LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland): Privacy Policy, Privacy Shield.


6. Disclosure of data

6.1 Request from law enforcement authorities

In principle, the data collected by us will only be passed on if you give your express consent in accordance with Art. 6 sec. 1 lit. a GDPR, the transfer in accordance with Article 6(1) of the lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to believe that there is an overriding interest worthy of protection in the absence of disclosure of the data, we are required under Article 6(1) lit. c GDPR are legally obliged to pass on or are permitted by law and are legally permissible in accordance with Art. b GDPR is required for the processing of contractual relationships with you or for the implementation of pre-contractual measures, which are taken at your request.

6.2 Order processing companies

We rely on contractually affiliated third-party companies and external service providers for the provision of our service (“processors”). If we pass on data to our service providers, they may only use the data for the performance of their tasks. The service providers have been carefully selected and commissioned by us. 

They are contractually bound by our instructions and confidentiality regulations, have appropriate technical and organisational measures in place to protect the rights of the data subjects, ensure an adequate level of data protection and are carefully monitored by us. 

In addition, disclosure may be made in connection with administrative requests, court orders and legal procedures where necessary for the prosecution or enforcement.

In particular, we use the following processors: 

  • Google LLC (Google Analytics), see 4.2.a) 
  • Hotjar (Website Analytics), see 4.2.b) 
  • Hubspot Inc (Sales), see 4.2c) and 3.8
6.3 Corporate structure

As part of the further development of our business, the structure of ScanDiags may change by changing the legal form, by setting up, buying or selling subsidiaries, parts of companies or components. In such transactions, the customer information is shared with the part of the company to be transferred. Any transfer of personal data to third parties to the required extent will ensure that this is done in accordance with this Privacy Policy and the relevant data protection laws. 

Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances if necessary and that your rights and interests in the protection of your personal data do not prevail, in accordance with Art. f GDPR.


7. Deletion of your data

We delete and anonymize your personal data as soon as it is no longer necessary for the purposes for which we collected or used it in accordance with the preceding paragraphs. As a rule, we store your personal data for the duration of the user or contract relationship. In particular, we will delete your data in the following cases according to the following deadlines: 

ScanDiags Services: 12 months (manual deletion by customer possible)

  • Google Analytics: 14 months
  • Hotjar: 12 months 
  • HubSpot: According to a manual request, within 30 days

After expiry of these deadlines, the data will be deleted, unless this data is needed for a longer period of time due to statutory retention periods, for criminal prosecution or for securing, asserting or enforcing legal claims. In this case, they are locked. The data will no longer be available for further use.

8. Automated case-by-case decisions or profiling measures


We do not use automated processing processes to make a decision, including profiling.


9. Your rights

9.1 Right of Access

You have the right at any time in accordance with Art. 15 GDPR to request information about the processing of your personal data by us. We will explain the data processing to you in the context of the provision of information and provide you with an overview of the data stored about you.

9.2 Right to correct incorrect data 

If data stored by us is incorrect or out of date, you have the right to have this data corrected based on Art. 16 GDPR.

9.3 Right to erasure

You can also request the deletion of your data in accordance with Art. 17 GDPR. If, exceptionally, deletion is not possible due to other legal provisions, the data will be blocked so that it is only available for this legal purpose. Furthermore, in accordance with Art. 18 GDPR, you have the right to request a restriction of the processing of the data.

9.4 Right to data portability

 You have the right to request that you receive your personal data that you have provided to us in accordance with Article 20 GDPR and to request their transmission to other controllers.

9.5 Right of Withdrawal and Opposition

In accordance with Art. 7 sec. 3 GDPR, you have the right to revoke your consent to us at any time. As a result, we will no longer continue to process data based on this consent for the future. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. Insofar as we provide your data on the basis of legitimate interests in accordance with Art. f GDPR, you have the right, in accordance with Article 21 GDPR, to object to the processing of your data and to give us reasons that arise from your particular situation and which, in your opinion, support the preponderance of your legitimate interests. If there is an objection to data processing for direct marketing purposes, you have a general right of objection, which is implemented by us even without giving reasons. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

9.6 Right of Appeal

They finally have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 GDPR. You may assert this right with a supervisory authority in the Member State of your place of residence, your place of work or the place of alleged infringement.

9.7 Use of your rights

If you wish to exercise your rights or your right of withdrawal or right of objection, an informal notification to the above in section 1.

Last updated: November 2020