The following General Terms and Conditions (GTC) apply to all services offered by Kuvvu GmbH, zappzy by Kuvvu (hereinafter referred to as "zappzy"). By using our services, you accept these terms unconditionally and without modification.
1.1
These General Terms and Conditions (GTC) govern the use of the services and products that zappzy provides or offers to its customers (hereinafter referred to as the "Customer").
1.2
Acceptance of these General Terms and Conditions (GTC) is given by using the respective services and products.
zappzy offers paid services. The Customer selects the services to be provided by zappzy from the available service offerings at the time of use. The prices and conditions for all services are those published on the zappzy website or in the zappzy billing management system. zappzy reserves the right to modify its service offerings at any time and to limit or discontinue individual services.
2.2.1
zappzy provides the Customer with a cloud-based social media management and planning software (hereinafter referred to as the "Social Media Management Service"), which enables the Customer to plan, publish, manage, and analyze posts on their social media accounts (hereinafter referred to as "Accounts").
2.2.2
The calculation of the Social Media Management Service is based on the average usage of zappzy's resources. The resources provided may only be used for the proper management and planning of posts. Subleasing the Social Media Management Service to third parties is not permitted without prior written consent from zappzy. The Social Media Management Service is designed for use by private individuals, small to medium-sized businesses, and agencies. zappzy reserves the right to establish limits or other usage restrictions at any time. For larger companies whose usage exceeds normal levels, customized offers can be provided upon request.
2.2.3
zappzy reserves the right to set limits on resource consumption or other usage restrictions for specific customers or customer groups if they use the Social Media Management Service in a resource-intensive manner. This is done at zappzy's sole discretion and serves the purpose of a fair use policy. In such cases, the provision of the Social Media Management Service may be limited to the Customer.
2.2.4
zappzy reserves the right to suspend the Customer's account or the Social Media Management Service if the Customer's actions interfere with the proper functioning of the Social Media Management Service. zappzy will inform the Customer of the suspension either in advance or as soon as possible afterward, provided that this is feasible within operational resources and the specific circumstances.
2.2.5
zappzy aims to provide the Social Media Management Service continuously and without interruptions. However, temporary service interruptions may be necessary for maintenance, troubleshooting, service expansion, and measures to protect zappzy's infrastructure. When possible, the Customer will be informed in advance of such interruptions.
2.3.1
zappzy provides the Customer with additional services from third-party providers, including various social media platforms listed on the zappzy website. By using these additional services, the Customer automatically accepts the applicable license terms, general terms and conditions, terms of use, and/or policies described by the third-party provider on their service page.
2.3.2
zappzy reserves the right to restrict the use of additional services from third-party providers at any time and without prior notice, to remove individual third-party services from the offering, or to add new ones. The Customer also acknowledges that zappzy does not provide support for third-party services and that the Customer is solely responsible for backing up their data when using these additional third-party services (see Section 4.1).
3.1
The Customer has the right to use the Social Media Management Service properly and in accordance with the law and agrees to comply with these General Terms and Conditions (GTC) and any instructions from zappzy.
3.2
When ordering, registering for, and using the Social Media Management Service, the Customer must provide accurate and verifiable information. zappzy may, at any time and without giving reasons, request that the Customer provide additional documents or information to verify the accuracy of the details provided. zappzy reserves the right to delay the order or registration, suspend the provision of the Social Media Management Service, or terminate the contract with immediate effect if the Customer fails to provide the requested documents or information within the timeframe specified by zappzy.
3.3
It is the Customer's responsibility to choose secure passwords, store them safely, and protect them from unauthorized access. The Customer is solely responsible for the use of their passwords. If the Customer detects any misuse of their account, they must notify zappzy immediately in writing (via email only, with acknowledgment of receipt from zappzy).
3.4
The Customer is not permitted to transfer the purchased Social Media Management Service to third parties, whether for free or for a fee. If zappzy determines that the purchased Social Media Management Service is being used by a third party instead of the Customer, zappzy has the right to suspend the provision of the relevant Social Media Management Service until this issue is resolved. In such cases, the Customer remains obligated to pay the full fee for the Social Media Management Service.
3.5
The Customer is obligated to immediately inform zappzy of any disruptions or interruptions in the Social Media Management Service they are using and to assist zappzy, as far as possible, in resolving the issue. The Customer is responsible for any costs incurred by zappzy in identifying and resolving disruptions if the Customer has requested an investigation and the cause of the disruption is attributable to the Customer's actions, their equipment, or the actions of users of the Social Media Management Service.
4.1
It is the sole responsibility of the Customer to take appropriate security measures to be able to restore their information and data in the event of loss or unauthorized or accidental modification. The specific measures the Customer should take depend on the sensitivity of the data as well as the likelihood and severity of the risk. Generally, zappzy recommends that Customers regularly create backup copies of their data.
4.2
zappzy is responsible for backing up all data within its infrastructure. The frequency of these backups is determined by zappzy. Customers do not have access to these backups.
4.3
zappzy assumes no responsibility for the completeness or accuracy of backup copies created by the Customer (see Section 4.1).
5.1
The obligation to pay for paid Social Media Management Services begins upon the conclusion of the contract.
5.2
The payment process is handled by our payment provider, Paddle. Paddle manages all customer inquiries regarding payments and invoices. All fees already include any country-specific taxes, charges, and duties imposed by tax authorities. Paddle collects these taxes on behalf of the tax authority and remits them accordingly. For more information, please refer to Paddle Master Services Agreement.
5.3
The Customer will be automatically charged in advance via their credit card or PayPal for the respective amount.
5.4
It is the Customer's responsibility to ensure that their payment method is up-to-date.
5.5
If, for any reason, it is not possible to charge the Customer's selected payment method, Paddle will notify the Customer. If the Customer fails to make the payment within a reasonable period, the Social Media Management Service will be deactivated. During the deactivation period, no posts can be created or published until full payment is received. If the Social Media Management Service remains deactivated for a period of 30 days, it will be deleted without notice to the Customer.
5.6
No refunds of paid subscription fees will be issued unless required by law.
5.7
It is not possible to offset the mutual claims of the contracting parties against each other.
6.1
zappzy strives to provide the Social Media Management Service carefully and professionally. However, no warranty is given that the Customer's posts will be published accurately or on time. zappzy also cannot guarantee that the Social Media Management Service provided, or any services provided by third parties, will help the Customer achieve their intended economic or other goals.
6.2
Service disruption reports of the Social Media Management Service by the Customer must include a written notice of defect (via email only, with acknowledgment of receipt from zappzy) with a clear and understandable description of the claimed defects. The Customer must also allow zappzy a reasonable period of at least 30 days to rectify the reported defects. If zappzy does not meet this deadline, the Customer has the right to terminate the contract immediately. In such cases, zappzy will refund the Customer a prorated fee for the period during which the Customer can no longer use the Social Media Management Service due to the termination. Any further compensation is excluded, subject to the provisions in Section 7 of these General Terms and Conditions (GTC).
7.1
zappzy is liable to the Customer for direct and proven damages caused by intentional misconduct or gross negligence on the part of zappzy.
7.2
zappzy's liability for average or normal negligence is limited to an amount ranging from CHF 90 to a maximum of CHF 990 per calendar year.
7.3
Liability for slight negligence as well as for indirect or consequential damages is expressly excluded. Consequential damages include, but are not limited to, lost profits, production downtime, reputational damage, and damages due to data loss.
7.4
Any liability for damages arising from misuse or unauthorized access by third parties to zappzy's Social Media Management Service or to posts on various social media platforms is also excluded. This may occur, for example, but not exclusively, through computer viruses, DDoS attacks, or hacking. The exclusion of liability also applies to damages incurred by the Customer as a result of measures taken to protect zappzy's infrastructure, such as blocking access to the Social Media Management Service and/or deactivating the Social Media Management Service.
7.5
The aforementioned exclusions and limitations of zappzy's liability do not apply in cases of injury to life, body, or health, or in cases where mandatory legal provisions apply, including the regulations of the Product Liability Act.
The Customer is fully liable to zappzy for damages caused by unlawful intent or gross negligence. Liability of the Customer for slight negligence is expressly excluded.
9.1
zappzy and the Customer are obligated to treat all non-public information and data provided to them during the preparation and execution of the contract as confidential. This obligation remains in effect even after the termination of the contract, as long as a legitimate interest exists.
9.2
zappzy and the Customer are responsible for data protection and data security within their respective areas of influence. zappzy also has the right to inform Customers about current developments and new services from zappzy and its partners. If the Customer does not wish to receive such information, they can opt out at any time via the link provided in the received email. zappzy retains personal data only for as long and to the extent necessary to provide the Social Media Management Service, or as required by law.
9.3
In connection with providing the Social Media Management Service, zappzy processes the Customer's data solely to fulfill the contract. To the extent that zappzy acts as a data processor for the Customer within the meaning of applicable data protection law, it will process personal data only in the manner specified in the Data Processing Agreement (hereinafter "DPA Agreement") attached to these General Terms and Conditions (GTC) and solely for the purposes of the Customer. In this case, the Customer is solely responsible for determining the purpose and means of the processing or use of personal data by zappzy under the contract and for ensuring that such processing does not violate applicable data protection laws.
10.1
For the duration of the contract, the Customer has a non-transferable, non-exclusive right to use the Social Media Management Service.
10.2
All rights to existing or contractually developed intellectual property related to zappzy's Social Media Management Service remain with zappzy or with third parties engaged by zappzy.
These General Terms and Conditions (GTC) are valid for the entire duration of the Customer's use of the Social Media Management Service.
11.2.1
The contract for the Social Media Management Service (see Section 2.2) between zappzy and the Customer takes effect upon completion of the order and is valid for the duration chosen by the Customer (either 1 or 12 months). Each party has the right to terminate the contract at any time at the end of the agreed term. Termination must be carried out exclusively online through the zappzy billing management. zappzy is also entitled to terminate the contract via email to the email address provided by the Customer. If no timely termination occurs, the contract is automatically extended by the agreed term.
11.2.2
Right of Withdrawal: The Customer has the option to withdraw their order for the Social Media Management Service within 14 days without providing any reason, in writing (e.g., a letter sent by mail or email). The period begins as soon as the contract takes effect. To meet the deadline, it is sufficient to send the withdrawal notice in a timely manner. The withdrawal should be directed to Paddle.com Market Ltd, Judd House, 18-29 Mora Street, London, EC1V 8BT, United Kingdom, help@paddle.com (see Paddle Checkout Buyer Terms and Conditions). The Customer must use the email address registered with Paddle. The right of withdrawal only applies to orders placed through the zappzy website that are billed via Paddle and only for Social Media Management Services without customer specification.
11.2.3
If the Customer violates the contractual provisions, misuses the Social Media Management Service or third-party services for illegal purposes, or if zappzy faces reputational damage, zappzy has the right, at its sole discretion, to immediately deactivate the Social Media Management Service and/or terminate the contract without notice. The Customer is obligated to reimburse zappzy for fees due up to the regular termination of the contract, as well as any additional costs incurred as a result of the immediate termination.
11.3
If bankruptcy or insolvency proceedings are initiated against the Customer, or it otherwise becomes apparent that they can no longer meet their payment obligations, zappzy reserves the right to terminate the contract with the Customer without notice. The contract may also be terminated before the end of the contractual term if the Customer fails to pay for the next contract term in advance or provide reasonable security.
11.4
After the contract expires, zappzy is entitled to delete the Customer's data. The Customer is responsible for securing their data in a timely manner. The DPA Agreement remains in effect until all personal data affected by the data processing has been deleted by zappzy.
12.1
zappzy places great importance on keeping its infrastructure up to date with the latest technology, thereby meeting industry security requirements and technical standards. The Customer agrees that new developments in technology or security, as well as changes in service offerings from contractual partners or open-source software, may impact the services and prices.
12.2
zappzy expressly reserves the right to modify the contract terms, including these General Terms and Conditions (GTC), at any time. Changes to the GTC will be published on zappzy's website and take effect upon publication. In the event of price increases or service restrictions during the current contract, the Customer will be notified in writing via email. If the Customer disagrees with the changes, they may terminate the contract at the end of its term. Without timely termination, the contract is automatically renewed for the agreed duration, and the change is considered accepted by the Customer.
13.1
Any form of abuse—whether verbal, physical, or written—toward any employee or executive of zappzy will not be tolerated. If any zappzy team member is threatened with abuse or retaliation by a Customer, this may result in the immediate termination of the Customer's account and Social Media Management Service.
13.2
To inform the Customer about contract-relevant notices, such as price changes, an email will be sent to the email address provided by the Customer in the profile management and with Paddle. The Customer is responsible for ensuring that this email address remains current and accurate throughout the contract term. zappzy and Paddle will not consider any email addresses other than those stored in these systems or independently search for updates. However, zappzy and Paddle reserve the right to correct or delete entries that contain obvious errors or infringe upon third-party rights.
13.3
To transfer rights and obligations from the Social Media Management Service to third parties, written consent from the other party is required, unless zappzy transfers the contract to a legal successor or affiliated company.
13.4
These General Terms and Conditions (GTC) and any disputes arising out of or in connection with the contractual relationship between zappzy and the Customer are governed exclusively by Swiss law, excluding conflict-of-law provisions and the United Nations Convention on Contracts for the International Sale of Goods (CISG).
13.5
The exclusive place of jurisdiction is the ordinary courts at zappzy's registered office. Alternatively, zappzy is entitled to take legal action against the Customer at their domicile.
Rapperswil-Jona, November 2024
Kuvvu GmbH, zappzy by Kuvvu (hereinafter referred to as "zappzy") provides Social Media Management Services to the Customer (hereinafter referred to as "Customer"). These services include planning, publishing, managing, and analyzing posts on the Customer's social media accounts (hereinafter referred to as "Accounts"). In providing Social Media Management Services, zappzy stores personal data on behalf of and for the purposes of the Customer (hereinafter referred to as "Data Processing" and "Data Processing Agreement").
This Data Processing Agreement (hereinafter referred to as the "DPA") governs the duties, roles, and responsibilities of zappzy and the Customer (hereinafter referred to as the "Parties") with respect to data processing.
The DPA supplements the General Terms and Conditions (GTC) (hereinafter referred to as "Social Media Management Service Agreement") without limiting the rights and obligations of the Parties regarding the provision or use of services. Unless expressly stated otherwise in the Social Media Management Service Agreement, the provisions of this DPA shall take precedence over those of the Social Media Management Service Agreement.
3.1
The DPA covers data processing activities related to the Social Media Management Services provided by zappzy under the Social Media Management Service Agreement.
3.2
The DPA of zappzy does not apply to the processing of personal data, where zappzy itself determines the purposes and means of processing. In such cases, zappzy is responsible for data security under the Swiss Federal Act on Data Protection or other applicable data protection laws (notably the EU GDPR). Any processing of personal data for which zappzy acts as the controller (e.g., processing personal data for billing or customer communication purposes) is carried out in accordance with zappzy's own privacy policy and all applicable personal data protection laws.
4.1
The subject and purpose of the data processing are the provision of social media management services by zappzy for the Customer. The data processing includes the storage, provision, transmission, and deletion of personal post data in accordance with the provisions of the Social Media Management Service Agreement.
4.2
The data processing includes data from individuals to whom the Customer grants access to their accounts. This data consists of personal information typically collected during the use of social media platforms, such as profile information, interactions (likes, comments, shares), user-entered content, location data, and analyzed user-related information (hereinafter referred to as "personal account data").
5.1
The Customer confirms, and zappzy acknowledges, that the Customer is responsible for the processing of personal account data under applicable data protection laws and remains the controller. The Customer thus assumes the role of the controller unless acting as a processor for personal account data (see Section 5.4).
5.2
zappzy acknowledges that, in the role of the controller, the Customer is obligated to contractually transfer certain responsibilities under the Swiss Federal Data Protection Act or other applicable data protection laws (particularly the EU GDPR) to zappzy when using Social Media Management Services.
5.3
zappzy assumes the role of a processor concerning the processing of personal data affected. If zappzy is not independently subject to the EU GDPR (or other applicable data protection laws) for this processing, it assumes this role solely based on zappzy's contractual obligations under this DPA and is not bound by the EU GDPR (or other applicable data protection laws) solely due to this role.
5.4
If the Customer is acting as a processor (i.e., if the Customer is permitted, under the Social Media Management Service Agreement, to provide Social Media Management Services to their own clients), the Customer confirms that their client (i.e., the controller) has authorized them through a separate agreement to engage subprocessors and to issue any instructions to zappzy as needed.
6.1
zappzy is committed to processing personal account data solely for the purpose of providing Social Media Management Services as described in the Social Media Management Service Agreement and contractual obligations, as well as in accordance with this DPA .
6.2
zappzy is entitled to process the customer's personal account data as required to fulfill its service obligations under the Social Media Management Service Agreement and this DPA. At the customer's request, zappzy may receive and implement additional instructions regarding data processing. The customer must immediately confirm oral instructions in writing (via email only). If zappzy believes such an instruction contravenes data protection regulations, it will promptly inform the customer and suspend or refuse execution until it is confirmed or modified by the customer. zappzy may also refuse to execute any instruction that is unfeasible, objectively unreasonable, or leads to additional costs or altered service scope under the agreed Social Media Management Services, or if executing the instruction would prevent zappzy from fulfilling its legal or regulatory obligations.
6.3
zappzy ensures that employees and other individuals with access to personal account data act in accordance with the DPA. Additionally, zappzy commits to requiring all such individuals to maintain confidentiality, extending beyond their tenure with zappzy.
6.4
zappzy commits to taking appropriate technical and organizational measures in the interest of confidentiality, integrity, and contractual availability of personal account data. Specifically, zappzy implements access controls, admission controls, and procedures for regular review, assessment, and evaluation of the effectiveness of these measures. In doing so, zappzy considers the current state of technology, implementation costs, as well as the nature, scope, and purpose of data processing, and the varying likelihood and severity of risk to data subjects. The applicable measures are listed in Appendix 1a of this DPA.
6.5
zappzy commits to promptly inform the Customer in writing if a data security breach occurs and affects personal account data. In such cases, zappzy must communicate the nature and extent of the breach, as well as potential solutions. The Parties shall cooperate to ensure the protection of personal account data and mitigate any adverse effects for affected individuals. Upon written request, zappzy will provide the Customer with sufficient information to enable the Customer to fulfill its obligations under applicable data protection laws concerning the reporting, investigation, and documentation of data security breaches.
6.6
Upon the Customer's written request and for a reasonable fee, as well as within the operational resources and capabilities available, zappzy agrees to assist the Customer in fulfilling data subject rights (including rights to access, rectification, and deletion) related to personal account data in accordance with applicable data protection laws. This includes Chapter III of the EU GDPR, as well as relevant provisions under the Swiss Federal Act on Data Protection.
6.7
If a data subject submits claims regarding their rights and contacts zappzy directly, zappzy will refer the data subject to the Customer. Should zappzy receive any requests from a data subject concerning personal account data (such as requests for access or deletion), zappzy must promptly notify the Customer in writing. However, this applies only if the Customer can be identified based on the information provided by the data subject.
6.8
Upon written request and for a fee, zappzy offers support for data protection impact assessments and consultations with supervisory authorities. The specific compensation will be agreed upon separately, taking into account zappzy's operational resources and capacities.
6.9
Upon termination of the Social Media Management Service Agreement, zappzy will delete the personal account data from its infrastructure in accordance with the terms of the Social Media Management Service Agreement. Personal account data on the respective social media platforms will remain unaffected and will continue to exist unless deleted by the Customer directly on the platforms.
7.1
If a zappzy Customer uses services involving personal account data provided by third parties, zappzy remains the Customer's data processor and fulfills the obligations related to this under the DPA. The provider of the third-party service integrated within zappzy's Social Media Management Services then acts as a subprocessor for zappzy. This differs from cases where zappzy facilitates a direct contract or service between the Customer and the third-party provider, making the third party the direct data processor for the Customer. This specifically applies to all social media platforms. In such cases, the Customer is responsible for establishing any necessary agreements with the third-party provider under applicable data protection laws.
7.2
zappzy maintains a list of subprocessors (Appendix 1b) and may engage additional subprocessors in the context of its Social Media Management Services. If zappzy intends to engage additional subprocessors or replace existing ones, zappzy will notify the Customer at least 60 days in advance in writing (email only). The Customer may object to the update or modification of the list within 30 days in writing (email only), but solely for legitimate and data protection reasons. If the Parties cannot reach an agreement within 30 days, the Customer may terminate the DPA and the affected service within the Social Media Management Service Agreement if the Customer demonstrates that the objection is necessary for data protection reasons. Any stricter provisions regarding the involvement of subprocessors in the Social Media Management Service Agreement that favor the Customer remain unaffected.
7.3
zappzy will only delegate the processing of personal account data to subprocessors who have committed to data processing requirements in accordance with Article 28(3) of the GDPR.
8.1
zappzy shall not disclose or transfer personal account data outside Switzerland and the EU except in the following cases:
to the Customer directly, affiliated companies, or third parties in compliance with a Customer's instruction, or as stipulated in the Social Media Management Service Agreement. (This does not apply to transfers to subprocessors engaged by zappzy or other third parties it utilizes, including all social media platforms).
to recipients in countries with adequate data protection levels, if no stricter provisions are outlined in the Social Media Management Service Agreement.
to recipients in countries without adequate data protection, provided that the requirements under the Swiss Federal Act on Data Protection and the EU GDPR for the lawful disclosure or transfer of personal data have been met, unless stricter terms are outlined in the Social Media Management Service Agreement.
as expressly agreed upon with the Customer in the Social Media Management Service Agreement or another agreement.
9.1
The Customer is responsible for the legality of the processing of personal account data, including the permissibility of processing by processors or subprocessors.
9.2
It is the Customer's responsibility to implement appropriate technical and organizational measures to protect personal account data on their own systems and applications.
9.3
The Customer agrees to promptly inform zappzy if they identify any violations of applicable data protection laws in zappzy's service provision.
10.1
zappzy is obligated, upon written request (email only), to provide the Customer with all information required to demonstrate compliance with this DPA to data subjects, data protection authorities, or other regulatory bodies.
10.2
zappzy allows the Customer, or an auditor appointed by the Customer who is bound to confidentiality, to verify zappzy's compliance with this DPA. If, after providing relevant evidence, breaches of the DPA by zappzy are identified, zappzy shall promptly implement appropriate corrective actions at no additional cost.
10.3
The aforementioned information and audit rights of the Customer only apply to the extent that the Social Media Management Service Agreement does not grant the Customer other information and audit rights that meet the applicable data protection requirements. Additionally, these information and audit rights are subject to the principle of proportionality and the protection of zappzy's legitimate interests (in particular, security, or confidentiality interests). Unless otherwise agreed between the Parties, the Customer shall bear all costs associated with information and audits, including documented internal costs incurred by zappzy.
The data protection terms used in this context have the same meanings as those attributed to them by the EU GDPR or the Swiss Federal Act on Data Protection.
Rapperswil-Jona, November 2024
The following outlines the measures zappzy takes to ensure an adequate level of security. These measures consider the nature and scope of processing as well as the risks to the rights and freedoms of the data subjects. They include both technical and organizational steps to maintain a high level of data protection:
Aspects of data protection are key components of zappzy's risk management.
Employees are qualified and are bound by confidentiality obligations.
Employees receive guidance on the potential consequences of violating security policies and procedures.
Employees are provided with clear instructions on access control, communication security, and operational security.
In the event of a failure of critical system components, they can be promptly replaced, e.g., through backup components, redundant systems, or data mirroring.
Where possible, the algorithms and key lengths used to encrypt personal data are adapted to the sensitivity level of the data.
Encryption key security is ensured by limiting access to a restricted number of individuals and storing keys securely.
A backup strategy is established based on the type of data and frequency of updates.
Backup systems are subject to the same security measures as production systems.
Employees responsible for data recovery receive specialized training and are qualified for this task.
Access to systems is protected by industry-standard identification and authentication methods.
User accounts and permissions are managed by designated responsible staff.
The restrictive, need-based permissions concept is administered by a minimal number of responsible employees.
Access to personal data is limited to employees with a legitimate need based on their specific function or role.
Where possible, multifactor authentication is implemented for system access.
Remote access takes place exclusively via encrypted connections.
The electronic transmission and transfer of personal data are carried out using industry-standard encryption methods.
Access to personal data is restricted to individuals who need to process this data.
Data stored in the data center is protected from physical access (see Section 7) and is encrypted whenever possible.
The rights to enter, modify, and delete data are restricted to those who need to process this data.
For systems hosted and maintained by external service providers, agreements regarding appropriate measures to be implemented and ensured by these providers apply. These include, but are not limited to:
Electronic access control system with logging.
High-security fencing around the entire data center park.
Documented key issuance to employees.
Policies for escorting and identifying guests within the building.
24/7 staffing at data centers.
Video surveillance at entrances, exits, security gates, and server rooms.
Access for non-operational personnel (e.g., suppliers) to restricted areas is limited to escorted entry by an employee.
All systems and software are regularly updated.
Security updates are installed promptly.
Security advisories and vulnerabilities are monitored, assessed, and addressed.
Remote access by third parties is not permitted.
Stored personal data is regularly reviewed and deleted when it is no longer needed, provided there are no legal, contractual, or technical restrictions that prevent the deletion of this personal data.
Requests for data portability are promptly forwarded to the appropriate departments and processed in a timely manner to ensure that legal deadlines are consistently met.
All subprocessors engaged by zappzy have implemented similar adequate technical and organizational measures (TOM) as zappzy itself.
Rapperswil-Jona, November 2024
Paddle.com Market Limited, United Kingdom, Payment Processing
Hetzner Online GmbH, Germany, Data Center Services
DigitalOcean LLC, USA, Digital infrastructure
Rapperswil-Jona, November 2024