Pingen privacy policy

Version: 1.02
Status 01.09.2021


This data protection information applies to data processing by Pingen GmbH, Badenerstrasse 47, CH-8004 Zurich (Switzerland), phone: +41 44 508 09 09, e-mail: (Hereafter we or Pingen), represented by Sandro Kunz and Graem Lourens.

As a Swiss company with no branches abroad, we are committed to the applicable data protection regulations and laws of Switzerland. In order to enable clients from the European Union (EU) to use our services, we also comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC ("General Data Protection Regulation", hereinafter "GDPR"). In this context, we would like to point out that there is no obligation for Pingen to appoint a data protection officer pursuant to DSGVO Art. 37.

Responsible person according to Art. 4 para. 7 of the GDPR:
Pingen GmbH, Badenerstrasse 47, 8004 Zurich, Switzerland,

Data Protection Representative in the European Union pursuant to Art. 27(1) of the GDPR:
Graem Lourens, c/o Lourens Systems Polska Sp. z o.o., Wincentego Rzymowskiego 31, 02-697 Warszawa, Poland,

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. The use of our website is generally possible without providing personal data. Insofar as personal data (for example name, address or e-mail addresses) is collected on our pages, this is always done, as far as possible, on a voluntary basis. This data will only be passed on to third parties without your express consent if this is necessary to ensure the services agreed with you. We point out that data transmission over the Internet (eg communication by e-mail) security gaps. A complete protection of data against access by third parties is not possible.


The data protection declaration of Pingen is based on the terms used by the European Directive and Regulation Enactor in the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance. We use the following terms, among others, in this privacy statement:

  • Personal data
    Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • Data subject
    Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

  • Processing
    Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • Restriction of processing
    Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

  • Profiling
    Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or change of location.

  • Pseudonymization
    Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

  • Controller or person responsible for processing
    controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

  • Processor
    Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  • Recipient
    Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law are not considered recipients.

  • Third party
    Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.

  • Consent
    Consent is any expression of will given voluntarily by the data subject for the specific case in an informed manner and unambiguously in the form of a statement or other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

  • Service
    Service means the service offered via a website operated by Pingen. In connection with this, data is collected by the user of the service in order to be able to fulfill the described service offer of the service.

Server log files

When you visit our websites, we or our provider automatically process information in so-called server log files that your browser automatically transmits to us. These are:

  • Browser type/ browser version
  • Operating system used
  • Name of your access provider
  • Referring URL
  • Name and URL of the file accessed
  • Host name / IP address of the accessing computer
  • Date and time of the server request

The above data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website
  • Ensuring the comfortable use of the website
  • Evaluation of system security and stability
  • For other administrative purposes

The legal basis for data processing is Art. 6 para. 1 p.1 lit. F DSGVO. Our legitimate interest follows from the purposes for data collection listed above. The data cannot be assigned to specific persons. A combination of this data with other data sources is not made. We reserve the right to check the data retrospectively if we become aware of specific indications of unlawful use.


We use cookies on various pages. Cookies are used exclusively to make visiting our website more attractive and to enable the use of certain functions. We do not use cookies to create user profiles or to evaluate user behavior. Cookies are small text files that are stored on your computer. Most of the cookies we use are deleted from your hard drive at the end of the browser session (so-called session cookies). In addition, we offer the possibility to store certain cookies, optionally as well as on a voluntary basis, for a longer period of time to further enhance the user experience. Cookies can also be blocked in the browser. However, we would like to point out that if cookies are blocked, parts of our website may no longer function correctly or at all.

The legal basis for the use of cookies is Art. 6 para. 1 p.1 lit. F DSGVO. Our legitimate interest follows from the described purposes and interests for the achievement of which cookies are necessary. A combination of cookies or their contents with other data sources is not made.

Data sharing

We do not transfer your personal data to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:

  • you have given your express consent to this in accordance with Art. 6 (1) p. 1 lit. A DSGVO,
  • the disclosure is necessary for the assertion, exercise or defense of legal claims in accordance with Art. 6 (1) p. 1 lit. F DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • in case there is a legal obligation for the disclosure according to Art. 6 para. 1 p. 1 lit. C DSGVO, as well as
  • this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. B DSGVO for the processing of contractual relationships with you.

Contact forms and support forms

For questions of any kind as well as support requests, we offer you the possibility to contact us via forms provided on the website. In addition to the actual message, it is necessary to provide your name and a valid e-mail address so that we know what kind of information you want from us, from whom the request comes and to be able to answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is based on your voluntarily given consent according to Art. 6 para. 1 p. 1 lit. A DSGVO. The personal data collected by us for the use of the contact form will be used exclusively for processing your request. In order to process your request, it may be necessary to transmit data to third parties. Whether, to whom, under what circumstances and data is transmitted to third parties can be viewed under the following link:

If you do not agree with the processing and or the data protection provisions of one or more of these third party providers, we recommend that you do not, or no longer, use our contact form and have any data already transmitted via the contact form deleted. As long as the data is not explicitly revoked by you, it will remain stored for as long as we consider it useful for the provision of our services.


At we operate the service "mail-merge-letter". This enables participants to generate mail merge letters online. The detailed functions and the specific range of services can be viewed at . In order to be able to fulfill this, the collection and processing of data takes place in accordance with Art. 6 para. 1 p. 1 lit. A and b DSGVO. Personal data is collected at mail-merge-letter only to the extent contractually and technically necessary and used to fulfill the service offer of the service. Under no circumstances will this data be sold or passed on to third parties for reasons other than those mentioned.

Third-party supplier

Duration of storage and deletion of data

In order to be able to fulfill offers and contractually agreed services within the defined scope, data will be stored for as long as a business relationship exists between you and Pingen, unless otherwise stipulated by law for the storage of processed data. Unless otherwise defined, a business relationship begins with the use of a service; in particular, with the collection of data via a service or the order via a service of Pingen and ends with the termination by you or by Pingen or 18 months after completion of the order. In addition, certain Pingen services offer the possibility to determine the storage period of certain data. You may request the deletion of data within the scope of your business relationship with Pingen on the basis of data subject rights. For legal reasons, the right to delete data only applies to data that has been collected by Pingen, or at the request of Pingen, or data that you have collected. Data that is provided to us outside of a business relationship or outside of the use of one of our offers will be deleted within the scope of the rights of the data subject, provided that they do not contradict applicable law. Pingen reserves the right to charge you for expenses incurred for deletions requested by you on the basis of data protection rights and which exceed a reasonable and proportionate measure, at a rate customary in the industry.

Use of Google reCaptcha

To secure forms that can be used without registration, we use the service reCaptcha of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; "Google") against unwanted use and abuse. This service makes it possible to distinguish whether the input is made by a human or abusive and automated by a machine (spambot). For this purpose, your IP address and, if applicable, other data required by Google Inc. for the reCaptcha service are transmitted to Google Inc. The deviating data protection provisions of Google Inc. apply to this data, which can be found at:

Privacy policy for the use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; "Google"). The use includes the operating mode "Universal Analytics". This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices.

Google Analytics uses so-called "Cookies", text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is Art. 6 para. 1 lit. f DSGVO. Sessions and campaigns are terminated after a certain period of time. By default, sessions are terminated after 30 minutes without activity and campaigns after six months. The time limit for campaigns can be a maximum of two years. For more information on terms of use and privacy, please visit or

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by using the Browser-Add-on download and install. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Universal Analytics across different devices, you must perform the opt-out on all systems used.

Payment processing via Stripe

For individual services, we offer the option of processing the payment transaction via the payment service provider Stripe, ℅ Legal Process, 510,Townsend St., San Francisco, CA 94103 (Stripe). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). In this context, the following data in particular is collected by Stripe to the extent necessary for the performance of the contract (Art. 6 para. 1 lit b. DSGVO).

Name of the cardholder
E-mail address
Customer number
Order number
Credit card data
Credit card validity period
Credit card verification number (CVC)
Date and time of transaction
Transaction amount
Name of the provider

Processing of the data provided under this section is not required by law or contract. We cannot process a payment through Stripe without the submission of your personal data.

Stripe has a dual role as a data controller and processor in data processing activities. As a controller, Stripe uses your submitted data to comply with regulatory obligations. This is in accordance with Stripe's legitimate interest (pursuant to Art. 6(1)(f) DSGVO) and serves the performance of the contract (pursuant to Art. 6(1)(b) DSGVO). We have no influence on this process.

Stripe acts as a processor in order to be able to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively according to our instructions and has been contractually obligated within the meaning of Art. 28 DSGVO to comply with the provisions of data protection law.

Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

For more information about opting out and opting in with Stripe, please visit:

Data subject rights

Right of objection

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation.If you wish to exercise your right of withdrawal or objection, an e-mail to

Data security

Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Actuality and change of this privacy policy

This privacy policy is valid as of September 1, 2021. Should individual parts of this agreement be invalid, this shall not affect the validity of the remainder of the agreement. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at .