General Privacy Policy

1. Data controller, applicable laws, and scope

We, EasyLife 365 AG (Schochenmühlestrasse 6, 6340 Baar, Switzerland), are the owner and operator of the software EasyLife 365 (hereinafter referred to as the "Software") and, unless otherwise stated, are the data controller for the data processing activities listed in this privacy policy.

Your trust is important to us. For us, it goes without saying that we comply with provisions of applicable data protection laws, including U.S. consumer data protection laws, the Swiss Federal Data Protection Act (FADP), the Ordinance to the Federal Data Protection Act, the Telecommunications Act (TCA) and other relevant provisions. We are also committed to complying with other regulations that may be applicable in individual cases, such as the EU General Data Protection Regulation (EU GDPR).

In order for you to know what personal data we collect from you in connection with our Software and for what purposes we use it, please read the information below. Our Software is used to govern and provision Microsoft 365 assets (e.g., Microsoft Teams, etc.).

For data processing connected with the provision of the Microsoft 365 assets as such, the respective Microsoft company or your company is the data controller. In this regard, please read the information provided by Microsoft.

Information on data processing when using our website can be found here: https://www.easylife365.cloud/legal/web/privacy/. Please note that the following information will be reviewed and amended from time to time. When we update this General Privacy Policy (the “Policy”) we will provide notice to you. We, recommend that you consult this Policy regularly.

2. Users and other data subjects

This Policy is intended for the Software users and persons receiving our Services in connection with the Software. Who is considered a user depends on your company's internal organization of responsibilities and functions. Our customers may determine who belongs to this group of users by customizing the respective permissions during the implementation of the Software (e.g., restrictions on certain employees of the IT department, etc.). Without customization, all users who are internally authorized to use our customers' Microsoft 365 tools are also authorized to use the Software and are therefore data subjects within the meaning of this Policy.

If the group of users is restricted in this sense, however, other persons may also be among the data subjects whose data we have to process to a limited extent when providing our Software and Services. Since our Software is used for the administration of Microsoft 365 assets (e.g., Microsoft Teams, etc.), data of the users of these Microsoft 365 services are also processed to a limited extent.

The users of our Software, in particular, the contact persons indicated to us, are responsible for informing these other data subjects that we may process their data within the scope of this Policy.

3. Data processing when using our Product

The Privacy Policies of the respective products contain detailed information regarding product-specific data processing practices. These Documents are available at: https://www.easylife365.cloud/legal/privacy.

4. Data processing when providing support

If we offer support services to you, such as fixing errors, further processing of personal data will be required.

In addition to the data already mentioned in section 3, the following data may be collected while addressing your support request, whereby the specific categories depend on numerous factors, in particular, the subject of your request:

• Communications received (incl. content, name of the sender/user, contact address, name of our employee in charge, time)
• Progress of the support process (incl. ticket number, employees and contact persons involved, time and date of opening the ticket, further processing (e.g., fixing the error, inclusion in software roadmap for new features, development of webhooks), the closing of the ticket (incl. date and time), time spent, and hourly rate of our employees involved in case of fee-based support)

If you have signed a partner services contract with one of our Gold Partners, we will forward your request to the responsible partner for the partner to take care of your request at the first level. Please note section 5 of this Policy and the privacy policy of your Gold Partner.

In the event that your request is subject to a fee, we will use the data mentioned in this section as well as the data provided to us within the ordering process (see section 5 of this Policy or section 7 of the Website Privacy Policy) for billing purposes.

If we conduct a video meeting to address your request, further data processing of the following categories of data will be carried out, whereby the specific categories depend on various factors, in particular on the communication content provided by you in the course of the video meeting:

• Basic data of the meeting and your person: e.g., name/profile name, profile picture, participation time, duration and subject of the meeting, etc.
• Communication content, i.e., information in audio, video, or text that you transmit yourself to the meeting participants by using the video meeting tool and interacting, e.g., statements in audio and video, chat content, or screen presentations.

The processing of this data consists, in any case, at least in use in the sense of taking notes and is carried out for interaction with you in the context of the respective meeting.

The legal basis for this data processing is our legitimate interest in performing the contract with your company (Article 6 (1) (f) EU GDPR).

We use tools such as Microsoft Teams to perform the video meetings. In this context, Microsoft or the other providers of the tools may have access to the transmitted data to the extent necessary for the provision and operation as well as support. The legal basis for this disclosure is our legitimate interest within the meaning of Article 6 (1) (f) EU GDPR in using third-party service providers. For more information, please refer to the provider's privacy policy.

5. Data processing with regard to activities of our distribution partners

We rely on selected companies as partners (https://www.easylife365.cloud/partners) to distribute our products. These distribution partners are authorized to enter into subscription contracts with customers on our behalf, and some of them ("Gold Partners") are also permitted to enter into support contracts with customers on their behalf. In this context, our partners, as processors, collect customer data on our behalf and forward this data to us. Depending on the products ordered and the contracts concluded, this may include the following data:

• Name of your company, number of licenses, license fees, your name, your function, your email address, your telephone number, date of the contract, and further information and requests.
• information on contract performance, information on contract changes or difficulties, complaints or potential cases of warranty, contacts, and results concerning contract renewal and request for adjustment of licenses, support services provided, details for the settlement of the commission of the distributors, customer care activities and marketing activities performed.

The legal basis for this data processing is our legitimate interest in performing the contract with your company (Article 6 (1) (f) EU GDPR), and the legal basis for the processing of the data mentioned under point 2 and for the forwarding of requests for 1st level support to our Gold Partners is our legitimate interest in the sense of Article 6 (1) (f) EU GDPR to collaborate with independent third parties in the distribution of our products.

In this context, please also note that the partners are considered controllers for certain data processing activities. Information in this regard can be found in the data privacy policies of the individual partners.

With regard to the data of the employees of the distribution partners, in particular, those who use the software for testing and demonstration purposes, this information applies mutatis mutandis, and our legitimate interest in fulfilling the distribution contract with our partners is the legal basis (Article 6 (1) (f) EU GDPR).

6. Transfer to and access by third parties

We are entitled to transfer your personal data will be provided to other companies if and to the extent that this is necessary for the fulfilment of the contract, or the pre-contractual measures requested by your company. Furthermore, data is shared with selected service providers and only to the extent necessary to provide their services. Some third parties have already been explicitly mentioned in this Policy, for example, Microsoft (cf. section 1), the providers of video meeting tools (cf. section 4), or our distribution partners (cf. section 5).

In addition, your data may be disclosed, in particular to public authorities, legal advisors, or debt collection agencies, if we are required to do so by law or if this is necessary to protect our rights, in particular, to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof, and such disclosure is necessary to conduct due diligence or complete the transaction. For these data transfers, our legitimate interest in using third-party services and protecting our interests within the meaning of Article 6 (1) (f) EU-DSGVO forms the legal basis.

7. Transfer of personal data to other countries

We are entitled to transfer your personal data to third parties in other countries for the purposes stated in this Policy. This may include, in particular, Switzerland, Germany, Belgium, Netherlands, Finland, Norway, Sweden, Spain, Italy, Portugal, France, Austria, the EU or EEA member states, Mexico, Canada, and the United States. Details can be found here https://www.easylife365.cloud/partners. Of course, the legal requirements for disclosing personal data to third parties will also be complied with. If the country in question does not have an adequate level of data protection, we ensure through contractual arrangements with these companies and, if necessary, additional technical measures that your data is adequately protected at these companies.

8. Global Resident rights

We are committed to respecting your data privacy in accordance with the applicable laws and regulations of your region. In the EU and the United States, the interpretation and implementation of these laws may vary at the national or state level. Regardless of these variations, we are committed to ensuring that your rights regarding personal data protection are respected in line with the privacy laws governing your location.

• Right to be Informed: You have the right to be informed about the collection and use of your personal data, including who is collecting it, why it's being collected, how it will be used, who it will be shared with, and other relevant details. Legal References: EU GDPR, Art. 13-14; FADP, Art. 19; CCPA, Cal. Civ. Code § 1798.100(b); LFPDPPP, Art. 15; PIPEDA, Sec. 4.8
• Right of access (Right to Know): You have the right to request at any time, free of charge, to access your personal data stored by us when we process them. This allows you to check what personal data we are processing about you and that we use it by applicable data protection provisions. Legal References: EU GDPR, Art. 15; FADP, Art. 25; CCPA, Cal. Civ. Code § 1798.100; LFPDPPP, Art. 27; PIPEDA, Sec. 4.9.
• Right to rectification (Correction): You have the right to rectify inaccurate or incomplete personal data and be informed about the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made unless this is impossible or would require a disproportionate effort. Legal References: EU GDPR, Art. 16; FADP, Art. 5; CCPA, Cal. Civ. Code § 1798.106; LFPDPPP, Art. 32; PIPEDA, Sec. 4.9.
• Right to erasure (Deletion): You have the right to have your personal data erased under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the erasure may be replaced by a restriction of the data if the conditions are met. Legal References: EU GDPR, Art. 17; FADP, Art. 15; CCPA, Cal. Civ. Code § 1798.105; LFPDPPP, Art. 29; PIPEDA, Sec. 4.9.
• Right to restriction of processing: under certain conditions, you have the right to request that the processing of your personal data be restricted. Legal References: EU GDPR, Art. 18; FADP, Art. 17; CCPA, Cal. Civ. Code § 1798.121; LFPDPPP, Art. 26; PIPEDA, Sec. 10.
• Right to data portability: If the legal requirements are met, you have the right to receive from us, free of charge, the personal data that you have provided to us in a readable format. Legal References: EU GDPR, Art. 20; FADP, Art. 19; CCPA, Cal. Civ. Code § 1798.100(d); LFPDPPP, Art. 28; PIPEDA, Sec. 4.9.
• Right of withdrawal Consent (Opt-Out): In principle, you have the right to withdraw your consent at any time. However, processing activities based on your support in the past will not become unlawful due to your revocation. Legal References: EU GDPR, Art. 7(3); FADP, Art. 12; CCPA, Cal. Civ. Code § 1798.120; LFPDPPP, Art. 8; PIPEDA, Sec. 4.3.8.
• Right to file a complaint: You have the right to file a complaint with the competent supervisory authority regarding processing your personal data. Legal References: EU GDPR, Art. 77; FADP, Art. 24; CCPA, Cal. Civ. Code § 1798.150; LFPDPPP, Art. 63; PIPEDA, Sec. 4.11.

To exercise your rights, please send us an email to the following address: support@easylife365.cloud.

9. Regional Resident rights

In some regions, specific rights related to the processing of your personal data are explicitly outlined due to their legal significance in those jurisdictions. Below, we detail the regional rights applicable to you based on your location and the data privacy laws that govern your region.

EEA, UK and Switzerland:

• Automated Individual Decision-Making (Including Profiling): You have the right not to be subject to decision based solely on automated processing, including profiling, which produces legal effect concerning you or similarly significantly affects you. You also have the right to obtain meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing. Legal References: EU GDPR, Art. 22; FADP, Art. 21.
• Right to Object to Data Processing: You may object to data processing, particularly in connection with direct advertising. Legal References: EU GDPR, Art. 21; FADP, Art. 15.

United States of America:

• Right to Limit Use of Information: You may opt-out of the use of your data for advertising and profiling purposes. Legal References: CCPA, Cal. Civ. Code § 1798.120; VCDPA.
• Right to Limit or Consent to Use of Sensitive Data: Depending on your state, you may limit or consent to sensitive data use. Legal References: VCDPA; Colorado Privacy Act.
• Right to Non-Discrimination: You are protected from discrimination for exercising these rights. Legal References: CCPA, Cal. Civ. Code § 1798.125.
• California "Shine the Light" Law: California residents may request information on our disclosure of personal data to third parties for marketing. Legal References: Cal. Civ. Code § 1798.83.
• Nevada Privacy Law: Nevada residents may opt out of certain data sales (we do not engage in such sales). Legal References: Nevada Revised Statutes (NRS) § 603A.340.
• Right to limit the use or opt in to the use of sensitive data: Depending on your state of residence, you may have the right to limit our use of sensitive data or consent to the use of sensitive data. Legal References: different State Law, such as VCPDA Virginia Code § 59.1-573.

Mexico:

• Right to Limit Use and Disclosure of Personal Data: You may request restrictions on how we use and disclose your personal data. Legal References: LFPDPPP, Art. 16.
• Right to Object: You may object to certain data processing activities. Legal References: LFPDPPP, Art. 27.

Canada:

• Right to Accountability: You have the right to expect that the organization is accountable for the personal information it collects and processes. We are responsible for ensuring that your personal data is handled in compliance with privacy laws and is protected appropriately. Legal References: PIPEDA, Section 5

10. Rights Requests

To exercise any of the rights to which you may be entitled to in sections 8-11, please send us an email to the following address: support@easylife365.cloud.

For all requests regardless of jurisdiction, please include your email address, full name, and your specific information about your request(s) and, if applicable, specifically what information you do not want to receive. If you would like to update or correct your email address, street address, or other personal information with us, please include specific details about the information you wish to have updated or corrected.

You must provide enough information that allows us to verify your identity. Only you or your authorized agent may make requests regarding your personal information. An authorized agent must have documentation that they are authorized to act on your behalf. We will fulfil or reject your request within the amount of time required by law.

11. Retention period

We retain personal data only for as long as is necessary to carry out the processing mentioned above activities within the scope of our legitimate interest for EEA residents. We retain contractual data for a longer period, as legal retention obligations require this. Retention obligations that require us to retain data are stipulated in accounting and tax law provisions. For example, according to these provisions, business communications concluded contracts and accounting vouchers must be kept for up to 10 years. As far as we no longer need this data to perform services for you, the data will be restricted. This means that the data may only be used for accounting and tax purposes.

12. Contact & Data Protection Officer

If you have any questions about our data protection policy or would like to exercise your rights, please get in touch with our data protection contact by sending an email to the following address: support@easylife365.cloud.

Our Data Protection Officer can be contacted at: Patrick Lamber (dataprotection@easylife365.cloud - +41 71 444 04 04)