1. Data controller, applicable laws and scope

We, EasyLife 365 AG (Schochenmühlestrasse 6, 6340 Baar, Switzerland), are the owner and operator of the software EasyMeet 365 (hereinafter referred to as the "Software") and, unless otherwise stated, are the data controller for the data processing activities listed in this privacy policy.

Your trust is important to us. That is why we take data protection seriously and implement the necessary technical and organizational measures to ensure data security. For us, it goes without saying that we comply with provisions of the Swiss Federal Data Protection Act (FADP), the Ordinance to the Federal Data Protection Act, the Telecommunications Act (TCA), and other provisions of Swiss data protection law. We are also committed to complying with other regulations that may be applicable in individual cases, such as the EU General Data Protection Regulation (EU GDPR).

In order for you to know what personal data we collect from you in connection with our software and for what purposes we use it, please read the information below. EasyMeet is a software that enables users to create meeting polls and schedule meetings using Microsoft Graph and Microsoft Exchange. For data processing connected with the scheduling of meetings as such, the respective Microsoft company or your company is the data controller. In this regard, please read the information provided by Microsoft.

Information on data processing when using our website can be found here:
https://www.easylife365.cloud/web/privacy/. Please note that the following information will be reviewed and amended from time to time. We, therefore, recommend that you consult this privacy policy regularly.

2. Users and other data subjects

This information is intended for the Software users and persons receiving our Services in connection with the Software. Who is considered a user depends on your company's internal organization of responsibilities and functions. Our customers may determine who belongs to this group of users by customizing the respective permissions during the implementation of the Software (e.g., restrictions on certain employees of the IT department, etc.). Without customization, all users who are internally authorized to use our customers' Microsoft 365 tools are also authorized to use the Software and are therefore data subjects within the meaning of this PrivacyPolicy.

If the group of users is restricted in this sense, however, other persons may also be among the data subjects whose data we have to process to a limited extent when providing our Software and Services. Since our Software is create meeting polls and schedule meetings, data of the users of these Microsoft 365 services are also processed to a limited extent.

The users of our Software, in particular, the contact persons indicated to us, are responsible for informing these other data subjects that we may process their data within the scope of this PrivacyPolicy.

3. Data processing when using our Product

The proper use of our Software requires processing the data subjects’ data listed in section 2. The data processed in this context includes the following categories. When processing this data, we act as a processor on behalf of our customers, the controllers.

3.1 Data directly related to our Software

• data related to the implementation of the software, e.g.:
• Granting / restriction of permissions
• Update of the Software
• data related to the use of the Software, e.g.:
• a) Configuration data, e.g.:
• Settings, any options that the customer configures in the software’s admin center
• b) User profile and contact data, e.g.:
• Email address
• Preferred language
• Display Name
• c) Backup of configuration data under section 3. a

This data is generated automatically when you use the Software and is technically necessary for the operation. Any further processing is carried out to provide the desired functionalities of the Software. The types of processing of this data (e.g., sending notifications, deletion of calendar items, etc.) are determined by the functionalities of the Software as described in the respective documentation, in particular, available at https://docs.easymeet365.cloud/.

The data under point 3. a will be stored in our Microsoft 365 tenant for as long as the customer does not delete the configuration, and the data under points 3. b for 90 days in the application Logs to provide support, in particular, to fix errors. The data under point 3.c will be stored in our Microsoft 365 tenant for 180 days.

The legal basis for this data processing is our legitimate interest in performing the contract with your company (article 6 (1) (f) EU GDPR).

3.2 Data related to your Microsoft 365 environment and tools

In order for our Software to fulfill its purpose and assist you in creating meeting polls and schedule meetings, access and further processing of data contained in your Microsoft environment and Microsoft 365 tools is required. The data in question are related to the following areas:

• directory data (e.g., user profile data (e.g., name, address, phone number, job title))
• access to the user mailbox to schedule a meeting and create meeting blockers

We only access and process this data to perform the actions you request and ultimately to provide the functionalities of our Software. The legal basis for this data processing is our legitimate interest in performing the contract with your company (Article 6 (1) (f) EU GDPR).

4. Data processing when providing support

If we offer support services to you, such as fixing errors, further processing of personal data will be required.

In addition to the data already mentioned in section 3, the following data may be collected while addressing your support request, whereby the specific categories depend on numerous factors, in particular, the subject of your request:

• Communications received (incl. content, name of the sender/user, contact address, name of our employee in charge, time)
• Progress of the support process (incl. ticket number, employees and contact persons involved, time and date of opening the ticket, further processing (e.g., fixing the error, inclusion in software roadmap for new features, development of webhooks), the closing of the ticket (incl. date and time), time spent and hourly rate of our employees involved in case of fee-based support)

If you have signed a partner services contract with one of our Gold Partners, we will forward your request to the responsible partner for the partner to take care of your request at the first level. Please note section 5 of this PrivacyPolicy and the privacy policy of your Gold Partner.

In the event that your request is subject to a fee, we will use the data mentioned in this section as well as the data provided to us within the ordering process (see section 5 of this PrivacyPolicy or section 7 of the Website PrivacyPolicy) for billing purposes.

If we conduct a video meeting to address your request, further data processing of the following categories of data will be carried out, whereby the specific categories depend on various factors, in particular on the communication content provided by you in the course of the video meeting:

• Basic data of the meeting and your person: e.g., name/profile name, profile picture, participation time, duration and subject of the meeting, etc.
• Communication content, i.e., information in audio, video, or text that you transmit yourself to the meeting participants by using the video meeting tool and interacting, e.g., statements in audio and video, chat content, or screen presentations.

The processing of this data consists, in any case, at least in use in the sense of taking notes and is carried out for interaction with you in the context of the respective meeting.

The legal basis for this data processing is our legitimate interest in performing the contract with your company (Article 6 (1) (f) EU GDPR).

We use tools such as Microsoft Teams to perform the video meetings. In this context, Microsoft or the other providers of the tools may have access to the transmitted data to the extent necessary for the provision and operation as well as support. The legal basis for this disclosure is our legitimate interest within the meaning of Article 6 (1) (f) EU GDPR in using third-party service providers. For more information, please refer to the provider's privacy policy.

4. Data processing with regard to activities of our distribution partners

We rely on selected companies as partners (https://www.easylife365.cloud/partners) to distribute our products. These distribution partners are authorized to enter into subscription contracts with customers on our behalf, and some of them ("Gold Partners") are also permitted to enter into support contracts with customers on their behalf. In this context, our partners, as processors, collect customer data on our behalf and forward this data to us. Depending on the products ordered and the contracts concluded, this may include the following data:

1. Name of your company, number of licenses, license fees, your name, your function, your email address, your telephone number, date of the contract, and further information and requests.
2. information on contract performance, information on contract changes or difficulties, complaints or potential cases of warranty, contacts, and results concerning contract renewal and request for adjustment of licenses, support services provided, details for the settlement of the commission of the distributors, customer care activities and marketing activities performed.

The legal basis for this data processing is our legitimate interest in performing the contract with your company (Article 6 (1) (f) EU GDPR), and the legal basis for the processing of the data mentioned under point 2 and for the forwarding of requests for 1st level support to our Gold Partners is our legitimate interest in the sense of Article 6 (1) (f) EU GDPR to collaborate with independent third parties in the distribution of our products.

In this context, please also note that the partners are considered controllers for certain data processing activities. Information in this regard can be found in the data privacy policies of the individual partners.

With regard to the data of the employees of the distribution partners, in particular, those who use the software for testing and demonstration purposes, this information applies mutatis mutandis, and our legitimate interest in fulfilling the distribution contract with our partners is the legal basis (Article 6 (1) (f) EU GDPR).

6. Transfer to and access by third parties

We are entitled to transfer your personal data will be provided to other companies if and to the extent that this is necessary for the fulfillment of the contract or the pre-contractual measures requested by your company. Furthermore, data is shared with selected service providers and only to the extent necessary to provide their services. Some third parties have already been explicitly mentioned in this privacy policy, for example, Microsoft (cf. section 1), the providers of video meeting tools (cf. section 4), or our distribution partners (cf. section 5).

In addition, your data may be disclosed, in particular to public authorities, legal advisors, or debt collection agencies, if we are required to do so by law or if this is necessary to protect our rights, in particular, to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof, and such disclosure is necessary to conduct due diligence or complete the transaction.

For these data transfers, our legitimate interest in using third-party services and protecting our interests within the meaning of Article 6 (1) (f) EU-DSGVO forms the legal basis.

7. Transfer of personal data to other countries

We are entitled to transfer your personal data to third parties in other countries for the purposes stated in this privacy policy (cf. in particular sections 4 and 9). This may include, in particular, Switzerland, Germany, Belgium, Netherlands, Finland, Norway, Sweden, Spain, Italy, Portugal, France, Austria, the EU or EEA member states, and the USA. Details can be found here https://www.easylife365.cloud/partners. Of course, the legal requirements for disclosing personal data to third parties will also be complied with. If the country in question does not have an adequate level of data protection, we ensure through contractual arrangements with these companies and, if necessary, additional technical measures that your data is adequately protected at these companies.

8. Your rights

You can object to data processing at any time, especially data processing in connection with direct advertising (e.g., against advertising emails). You also have the following rights:

• Right to be Informed: You have the right to be informed about the collection and use of your personal data, including who is collecting it, why it's being collected, how it will be used, who it will be shared with, and other relevant details.
• Right to Access: You have the right to request, at any time and free of charge, access to your personal data stored by us when we process them. This allows you to verify what personal data we are processing about you and that we use it by applicable data protection provisions.
• Right to Rectification: You have the right to rectify inaccurate or incomplete personal data and be informed about the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made unless this is impossible or would require a disproportionate effort.
• Right to Erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the erasure may be replaced by a restriction of the data if the conditions are met.
• Right to Restriction of Processing: Under certain conditions, you have the right to request that the processing of your personal data be restricted.
• Right to Data Portability: If the legal requirements are met, you have the right to receive from us, free of charge, the personal data that you have provided to us in a readable format.
• Right of Withdrawal: In principle, you have the right to withdraw your consent at any time. However, processing activities based on your support in the past will not become unlawful due to your revocation.
• Right to File a Complaint: You have the right to file a complaint with the competent supervisory authority regarding the processing of your personal data.
• Automated Individual Decision-Making (Including Profiling): You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You also have the right to obtain meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing.

To exercise your rights, please send us an email to the following address: support@easylife365.cloud

9. Retention period

We retain personal data only for as long as is necessary to carry out the processing mentioned above activities within the scope of our legitimate interest. We retain contractual data for a longer period, as legal retention obligations require this. Retention obligations that require us to retain data are stipulated in accounting and tax law provisions. According to these provisions, business communications concluded contracts and accounting vouchers must be kept for up to 10 years. As far as we no longer need this data to perform services for you, the data will be restricted. This means that the data may only be used for accounting and tax purposes.

10. Contact

If you have any questions about our data protection policy or would like to exercise your rights, please get in touch with our data protection contact by sending an email to the following address:
support@easylife365.cloud