Partner Privacy policy

This Privacy Policy explains how UMushroom Ltd., Josefstrasse 206, 8005 Zurich, Switzerland (“UMushroom”, “we” or “us”) collects and processes personal data (hereinafter “data” or “personal data”) in the context of our B2B business transactions, in particular from business partners, applicants, suppliers, service providers etc. (hereinafter also referred to as “you”). The terms used in this Privacy Policy have the meaning given to them in the UMushroom Terms of Use and in this Privacy Policy.

Information on the processing of personal data in connection with visiting and using the website www.umushroom.com or the mobile application is provided on the Privacy Policy Website and App.

If you transmit or disclose data about other persons to us, you confirm that you are authorized to do so and that this data is correct. You are obliged to inform these persons about this Privacy Policy if there is a legal obligation to provide information.

UMushroom may update this Privacy Policy at any time. The version published on this website is the current version and was last updated on 18.01.2024.

This Privacy Policy is in accordance with the European General Data Protection Regulation (“GDPR”) and Swiss data protection law. However, the applicability of these laws depends on the individual case.

1. Who is responsible for processing the data?

UMushroom is responsible for data processing under this Privacy Policy, unless otherwise communicated in individual cases.

You may contact UMushroom in the event of data protection concerns and to exercise your rights in accordance with section 8 as follows:

UMushroom Ltd. Josefstrasse 206 8005 Zurich Switzerland [email protected]

You can also contact the following persons if you live in European Union or the UK: https://prighter.com/q/18996857572

2. What data is processed by UMushroom and for what purposes?

UMushroom mainly processes the following categories of personal data for the following purposes:

  • - Contract initiation and execution: When we conclude a contract with you, we process the data from the preparation of the conclusion of the contract (e.g., communication content) and information on the conclusion of the contract itself (e.g., date of conclusion, subject matter and content of the contract). During and after the term of the contract, we process information about the contract or the purchase of services, payments, contacts with customer service, claims, complaints, on the termination of the contract and - if any disputes in connection with the contract should arise - also on these and corresponding proceedings.
  • - Background information and checks: As part of our legal obligations and internal guidelines, we carry out sanction and comparable checks on our partners, and their management bodies and beneficial owners respectively, and obtain data from the relevant databases for this purpose, including identification data such as the date of birth of listed persons, information on economic and political connections and information on sanctions. This may also include sensitive personal data.
  • - Communication: If we are in contact with you (e.g., by telephone, e-mail or letter), we process information about the content of the communication and the type, time and place of the communication.
  • - Job applications: If you apply for a job with us, we will process the data we receive from you as part of the application process and, if applicable, other data from public sources such as job-related social media. We use this data as part of your application process and may also use it for non-personalized statistical purposes.
  • - Prevention: We process data to prevent criminal offenses and other violations, e.g., in the context of fraud prevention or an internal investigation.
  • - Legal proceedings: If we are involved in legal proceedings (e.g., before a court or administrative body), we process data, for example, about parties to the proceedings and other persons involved, such as witnesses or respondents, and disclose data to these parties as well as courts and authorities, possibly abroad.
  • - IT security: We also process data to monitor, control, analyse, secure and check our IT infrastructure, as well as for backups and archives of data.
  • - Competition: We process data about our competitors and the market environment in general (e.g., the political situation, the association landscape, etc.). We may also process data about key persons, in particular their name, contact details, role or function and public statements.
  • - Transactions: If we sell or acquire receivables, other assets, business units or companies, we process data to the extent necessary to prepare and execute such transactions, e.g., details about customers or their contact persons or employees, and disclose corresponding data to buyers or sellers.
  • - Business relationships and compliance: We collect and process data to comply with our contractual obligations towards business partners (e.g., providers of investment data or portfolio managers who manage an investment product channel) or for marketing and advertising purposes. We also collect and process data for compliance with laws, directives, recommendations from authorities and internal regulations and in certain situations, e.g., in connection with participation in administrative or legal proceedings or for risk assessment (e.g., in the case of acquisition or sale of receivables, businesses, parts of businesses or companies).
  • - Statistical analyses: We also process the data for statistical analyses that support the improvement and development of products and business strategies.
  • - Other purposes: We process data to the extent necessary for other purposes such as training and education, administration (e.g., contract management, accounting, enforcement of and defence against claims, evaluation and improvement of internal processes, preparation of anonymous statistics and analyses; acquisition or sale of receivables, businesses, parts of businesses or companies and protection of other legitimate interests.

3. On what basis does UMushroom process data?

If UMushroom does not obtain consent to the processing, the processing of the data is based on the necessity of the processing for the initiation or fulfilment of a contract with you (or the legal entity you represent) or on the legitimate interest of UMushroom or a third party in the respective processing for the purposes described in section 2. This also includes compliance with legal regulations, unless compliance is already recognized as a legal basis by the applicable data protection law (e.g., in the case of the GDPR, the laws in the EEA and in the case of the Federal Act on Data Protection, Swiss law).

Insofar as UMushroom obtains your consent for certain processing (e.g., for marketing emails and for advertising management), the legal basis for this processing by UMushroom is your consent. You can withdraw your consent at any time with effect for the future by sending an email to UMushroom at the address given in section 1. After receipt of the withdrawal of consent, UMushroom will no longer process the data for the purposes to which you have consented, unless UMushroom can invoke a different legal basis. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

4. To whom does UMushroom disclose the data?

We may disclose data to various bodies within the scope of our activities. These include, in particular, the following recipients:

  • - persons associated with you, e.g., authorized representatives and deputies, and in the case of contact persons of companies, employees and the company itself;
  • - credit reference agencies and providers of sanctions and other databases to which we may disclose the necessary information about you as part of an information request;
  • - offices, authorities and courts within the scope of our legal obligations and in connection with proceedings in which we are a party or third party;
  • - third parties, e.g., in connection with the acquisition or sale of assets by us;
  • - service providers, in particular providers of IT services (examples are providers of hosting or data analysis services), administration and consulting services, shipping services; furthermore also to audit firms, banks, post office, etc.

5. Is personal data transferred abroad?

As explained in section 4 UMushroom transmits data to other parties. These parties are not all located in Switzerland. Data is processed in Germany in particular, but also outside the European Economic Area (EEA), especially the UK, and potentially worldwide.

If a recipient is located in a country without an adequate level of data protection (as determined by the European data protection authorities or the Swiss Federal Council), we compensate for the lower level of protection through appropriate contracts, in particular through the Standard Contractual Clauses (SCC) issued by the European Commission on 4 June 2021. Further information and a copy of these clauses can be found here and here. An exception may apply, for example, in the case of legal proceedings abroad, but also in cases where there is an overriding public interest or if the fulfilment of a contract requires disclosure, if you have consented or if the data has been made generally accessible by you and you have not objected to the processing.

The European Commission's SCCs have also been recognized by the Federal Data Protection and Information Commissioner (FDPIC). You can find more information here.

6. How long will the data be processed?

UMushroom stores the user data for as long as it is necessary for the specific purpose for which UMushroom collected it; in the case of contracts, generally at least for the duration of the contractual relationship. UMushroom also stores personal data based on UMushroom’s legitimate interest, e.g., in the case of statutory retention obligations and for the protection and defence of legal claims. After expiry of the aforementioned periods, UMushroom will delete or anonymize the data.

7. How is the data protected?

UMushroom takes appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, unintentional modification, unwanted disclosure or unauthorized access. However, please note that security risks cannot be completely excluded; residual risks are unavoidable.

8. What are your rights?

You have certain rights in connection with our data processing. In accordance with applicable law, you may in particular request information about the processing of your data, have incorrect data corrected, request the deletion of data, object to data processing, request the disclosure of certain data in a commonly used electronic format or request its transfer to other controllers.

Please note that conditions, exceptions, or restrictions apply to these rights (e.g., to protect third parties or business secrets).

You can exercise the above-mentioned rights by contacting us at the address mentioned in section 1. To prevent misuse, UMushroom may request your identification by means of a copy of your identification document, unless identification is otherwise possible.

You are also free to file a complaint with the competent supervisory authority in your country of residence. A list of authorities in the European Economic Area can be found here. The UK supervisory authority can be contacted here. The Swiss supervisory authority can be contacted here.