hypt Report — Banking 2025
Download now

Privacy Policy hypt AG

hypt is a marketing solution that generates digital feedback for analog processes and products, and allows satisfied users to send structured personal recommendations.
For this purpose, numerical ratings and text-based feedback from users are collected anonymously via a web-based chatbot. Only negative feedback is personalized, i.e., the customer/user is asked to provide their contact details for the purpose of subsequent follow-up.

In case of discrepancies in interpretation, the German version of this privacy policy is authoritative.

Types of Personal Data

General Personal Data
We process general personal data about you.

Financial Data
We process your financial data.

Location Data
We may process your location data.

Source of Personal Data

Provided Data
We process personal data provided by you.

Collected Data
We process personal data collected from you.

Received Data
We process personal data about you received from third parties.

Purpose of Processing

Marketing
We use your personal data for marketing and advertising purposes.

Product Development
We use your personal data for the development and improvement of products and services.

Other Purposes
We may also use your personal data for other purposes not related to the core service.

Special Processing

Profiling
We analyze your behavior and make assumptions about your interests and preferences.

Automated Decisions
We make significant decisions fully automatically.

Disclosure to Third Parties

Data Sharing
We may share your personal data with other companies.

Location of Processing

Worldwide
Personal data may also be processed outside Switzerland and the EU.

1. GENERAL INFORMATION

We understand that building a long-term business relationship with you depends on trust and this trust begins with the protection of your personal data. Our website complies with, and processes personal data in accordance with, the provisions of the European General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (DSG). 

Every user visiting the hypt website must provide explicit consent (Opt-In) before their behavior on the website is recorded for analytical purposes. All collected data is processed  anonymously and cannot be traced back to individuals. IP addresses are anonymized in accordance with the GDPR requirements. 

This Privacy Policy explains how we handle your data when you contact us, communicate with us, or otherwise interact with us. If you provide us with data about other individuals, we assume that you are authorized to do so and that this data is accurate. By transmitting such data, you confirm this authorization. Wherever possible, we anonymizd and/or pseudonymize your data to protect your privacy.

2. RESPONSIBILITY

For the data processing activities described in this Privacy Policy, the following entity is responsible under applicable data protection laws for handling concerns and for facilitating the exercise of your rights regarding your personal data:

Name: hypt AG
Address: Worblaufenstrasse 147
ZIP/City: 3048 Worblaufen
Email: hello@hypt.ch

For users in the European Economic Area (EEA) and Austria, we have additionally appointed a representative pursuant to Article 27 GDPR. This representative acts as a point of contact for supervisory authorities and data subjects in relation to all issues concerning the processing of personal data. Contact details are available upon request.

3. DATA COLLECTION, DATA PROCESSING, AND PURPOSE

We process various categories of data about you. The main categories are as follows:

Data for website setup:
When you use our website or other electronic services, we collect the IP address of your device and other technical data to ensure the functionality and security of these services. This data also includes logs documenting usage activity. Technical data is retained for a maximum of one month. To maintain functionality, we may also assign an individual code to your device.

Registration data:
Certain offers and services (e.g., online shop) require registration, either directly with us or through external login service providers. During registration, you may have to provide certain personal information, and we also collect data about your use of the offer and/or service. Registration data is stored for a maximum of 24 months after the conclusion of use or the deletion of the user account.

Communication data:
If you contact us via the contact form, email, phone, chat, or other communication channels, we record the data exchanged between you and us. This data is typically retained for 12 months from the last interaction. Retention may be extended if required for evidentiary purposes, to comply with legal or contractual obligations, or due to technical requirements. Emails in personal mailboxes and written correspondence are generally kept for at least 10 years.

Contract Data:
This includes all data collected in connection with the conclusion or execution of a contract. We generally collect this data from you, contracting parties, or other involved third parties. Contract data is typically retained for 10 years from the last contractual activity, but at least from the end of the contract. Longer retention may occur if required for legal, evidentiary, or technical reasons.

Behavioral data:
We collect behavioral data through your use of our products and services as well as from our own research. This information helps us better tailor our offerings to your needs. We anonymize or pseudonymize, or delete these data once they are no longer required for their intended purpose. Depending on the type of data, retention ranges from 3 weeks up to 24 months (e.g., for product and service preferences). Retention periods may be extended for evidentiary or legal reasons.

Other data:
We may collect data about you in connection with official or judicial proceedings or for health and safety purposes. We may also create or receive photos, videos, or audio recordings in which you may be identifiable. Additionally, we may collect data about building access (e.g., via registration data or visitor lists), event participation, or the use of our infrastructure and systems. Retention periods depend on the purpose and are limited to what is necessary: 

  • A few days for most security camera footage
  • A few weeks for contact tracing data
  • Approximately three months for visitor data
  • Several years or longer for event reports or media.

Purposes of data processing:
We process your data for purposes related to communication with you, in particular to respond to inquiries, assert your rights, and contact you if follow-up is required. For this, we primarily use communication data. We retain this data to document our communication with you, for training purposes, quality assurance, and follow-ups. We process data for the establishment, management, and execution of contractual relationships.

We process data for marketing purposes and relationship management, e.g., to send personalized advertising about products and services from us and third parties to our customers and other contracting parties. This may take place through regular contact, via other channels for which we have your contact information, as well as in the context of individual marketing campaigns. You can reject such contacts at any time or refuse or withdraw consent for marketing communications.

We also process your data for market research, to improve our services and operations, and for product development. We may also process your data for security purposes and access control. We process personal data to comply with laws, instructions, and recommendations from authorities, as well as internal regulations.

We also process data for our risk management purposes and as part of prudent corporate governance, including operational organization and business development.

We may also process personal data for other purposes compatible with those noted above or as required by law.

4. LEGAL BASIS FOR PROCESSING

To the extent that we ask for your consent for certain processing activities, we will inform you separately about the specific purposes of the processing. You may withdraw your consent at any time by written notice or, unless otherwise stated or agreed, by email. Withdrawal takes effect for the future. Once we have received your withdrawal, we will no longer process your data for the purposes covered by that consent, unless another legal basis applies.

Where we do not request your consent,  the processing of your personal data is based on other legal grounds. In particular, processing may be necessary for the initiation or performance of a contract with you, or it may be carried out on the basis of our legitimate interests or those of third parties. Legitimate interests include, in particular, pursuing the purposes described in this Privacy Policy, achieving the associated objectives, and implementing appropriate measures. Our legitimate interests also include compliance with legal obligations, insofar as this is not already recognized as an independent legal basis under applicable data protection laws.

5. PROFILING AND AUTOMATED INDIVIDUAL DECISIONS


We may automatically evaluate certain personal characteristics of yours (“profiling”) based on your personal data for the purposes described in this Privacy Policy. This may include analyzing preferences, preventing misuse or security risks, performing statistical analyses, or supporting operational planning.

For these same purposes, we may also create user profiles. This means we may combine behavioral and preference data with master data, contract data, and technical data associated with you to better understand your interests and characteristics.

In both cases, we ensure the proportionality and reliability of the results and implement appropriate measures to prevent the misuse of profiling or profile data. Where profiling or automated decision-making produces legal effects concerning you or significantly affects you in a similar way, we carry out a manual review and provide appropriate safeguards in accordance with applicable data protection laws.

6. DISCLOSURE OF DATA TO THIRD PARTIES


In connection with our contracts, the website, our services and products, our legal obligations, or otherwise to protect our legitimate interests and for the other purposes outlined in this Privacy Policy, we may transmit your personal data to third parties. In particular to the following categories of recipients:

Service providers:
We work with service providers in Switzerland and abroad who process data on our behalf (as processors), jointly with us, or under their own responsibility. These include, for example, IT service providers, cloud services, shipping companies, advertising service providers, login service providers, cleaning and security companies, banks, insurance companies, collection agencies, credit agencies, and address verification providers. Depending on the context, this may also include health data.

Contractual partners:
This category includes our customers and other business partners to whom data is transferred as part of fulfilling contractual obligations. It may also include health data where necessary. Recipients may also include business partners with whom we cooperate or who advertise on our behalf, and to whom we transfer data for analysis and marketing purposes.

Authorities:
We may disclose personal data to public authorities, courts, or other governmental bodies in Switzerland and abroad if we are legally obliged or entitled to do so, or where such disclosure is necessary to protect our legitimate interests.

Other individuals:
In certain cases, involving other third parties is necessary to achieve the purposes described in this Privacy Policy. These recipients may in turn involve their own subcontractors or partners, making your data accessible to additional parties. While processing by certain third parties (e.g., IT providers) may be restricted by contract, processing by others (e.g., authorities, banks) may not be subject to such limitations.

7. DATA TRANSFER ABROAD

As explained, we may also disclose data to other parties. These parties are not located solely in Switzerland. Your data may therefore be processed in Europe as well as in the USA; in exceptional cases, it may be processed in any country in the world.

If a recipient is located in a country that does not provide an adequate level of data protection as defined by applicable law, we ensure appropriate safeguards are in place. In particular, we require such recipients to comply with applicable data protection standards by entering into the revised Standard Contractual Clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), unless they are already subject to a legally recognized data protection framework or an applicable legal exception applies.

These safeguards are designed to ensure an adequate level of protection for your personal data even when it is processed outside Switzerland or the European Economic Area (EEA).

8. DATA RETENTION PERIOD

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with statutory retention obligations, or to pursue our legitimate interests in maintaining documentation and evidence. Data may also be retained for as long as required by technical storage needs. Once these periods expire, personal data is securely deleted or anonymized, unless further retention is legally required.

9. DATABASE AND DATA SECURITY

We implement appropriate technical and organizational security measures to ensure the confidentiality, integrity, and availability of your personal data. These measures are designed to protect your data against unauthorized or unlawful processing, accidental loss, alteration, disclosure, or access.

Hypt’s chatbot solutions operate on subpages of our own website, https://join-hypt.com, which is secured using TLS encryption and hosted on modern, secure server infrastructure.

YOUR RIGHTS

Depending on applicable data protection law, including the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (revDSG), you have the following rights:

  • The right to request from us whether and which data we process about you;
  • The right to have data corrected if it is inaccurate;
  • The right to request the deletion of data;
  • The right to request the provision of certain personal data in a common electronic format or its transfer to another controller;
  • The right to withdraw consent where our processing is based on your consent;
  • The right to request additional information necessary to exercise these rights;
  • The right to present your viewpoint in automated individual decisions and to request that the decision be reviewed by a natural person.

If you wish to exercise any of the above rights, please contact us in writing, in person, or, where not otherwise specified or agreed to, via e-mail.

If you are dissatisfied with how we handle your rights or our data protection practices, please let us know. In addition, if you are located in the EEA, the United Kingdom, or Switzerland, you have the right to lodge a complaint with the competent data protection supervisory authority in your country.

10. ONLINE TRACKING AND ONLINE ADVERTISING TOOLS

On our website, we use various techniques that enable us. and certain third parties we engage, to recognize you during your use of the site and, in some cases, to track your behavior across multiple visits..

We do not intend to personally identify you. owever, personal identification may become possible if we or third parties combine technical data with registration information. Even without such data, these technologies are designed to recognize you as an individual visitor on each page visit—for example, by assigning a specific identifier to your device or browser (a so-called “cookie”).

We use these technologies ourselves and allow selected third parties to use them as well. Depending on their purpose, we may ask for your consent before they are deployed. You can review or update your current cookie settings <a href="javascript:Cookiebot.renew()">here</a>.

Necessary Cookies:
Some cookies are essential to ensure the proper functioning of the website or specific features. For example, they allow you to navigate between pages without losing form inputs and maintain login sessions. These are temporary “session cookies.” Blocking them may impair website functionality. Other necessary cookies enable the server to store your decisions or inputs beyond a single session (e.g., selected language, consent settings, or automatic login). These cookies may remain active for up to 24 months.

Performance Cookies:
To optimize our website and tailor it to user needs, we use cookies to record and analyze website usage, sometimes beyond a single session. We use third-party analytics services for this purpose. Your consent is requested before deploying these cookies. Consent can be withdrawn at any time via cookie settings. Performance cookies typically expire after up to 24 months. Further details are available on the third-party providers’ websites.

Embedded third-party content:
We may also embed other third-party offerings on our website, especially from social media providers. These are deactivated by default. When you activate them (e.g., by clicking a switch), the respective provider can detect that you are visiting our website. If you have an account with the social media provider, it may link this information to your account and track your online activity. These social media providers process this data under their own responsibility.

Google Analytics:
hypt uses Google Analytics to analyze anonymized user behavior and optimize our website. This includes page views, scrolling behavior, and link or form clicks. Tracking occurs only after your explicit opt-in consent.

Google Ireland Limited (Ireland) provides the service and acts as our data processor, relying on Google LLC (USA) as sub-processor (together “Google”). Google uses performance cookies and similar technologies to track visitor behavior (e.g., page views, session duration, form interactions, device type, OS, and location) and generates reports for us.

We configured the service to anonymize IP addresses in Europe before data transfer to the USA. We also use Google Signals, which—if you have enabled personalized advertising in your Google account—may collect additional information such as location, cross-device activity, and ad interactions. Google may use this data for its own purposes, including creating profiles or linking it with other data sources.

By consenting to Google Analytics, you explicitly agree to the processing and transfer of personal data (usage data, device information, unique IDs) to the USA and other countries. You can withdraw your consent at any time with future effect.

More information on Google Analytics privacy: https://support.google.com/analytics/answer/6004245
Manage personalized use in your Google account: https://myactivity.google.com

Facebook:
Our website uses social plugins (“plugins”) from Facebook, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. These are marked with a Facebook logo or “Facebook Social Plugin.” For details: https://developers.facebook.com/docs/plugins. When you access a page containing a plugin, your browser connects directly to Facebook servers, which transmit the plugin content to your browser and embed it on the page. This informs Facebook that your browser visited that page, even if you do not have a Facebook profile or are not logged in. This information, including IP address, is transmitted directly to Facebook servers in the USA and stored there. If logged in, Facebook can link the visit to your profile. Interactions with plugins (like, comment) are also sent and stored. Data may be published on your Facebook profile. For more details on data collection and your rights, see Facebook’s privacy policy: http://www.facebook.com/policy.php.

Instagram:
Our pages embed Instagram functions provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, a subsidiary of Facebook Inc. since 2012. Embedded content (buttons, photos, videos) is transmitted, stored, and processed by Instagram when you visit pages with embedded functions. Data may also be processed across other Facebook companies. If logged into Instagram, you can link our page content to your profile by clicking Instagram buttons. We, as the site provider, do not have access to the content or its use by Instagram. More info: https://instagram.com/about/legal/privacy/.

LinkedIn:
We use LinkedIn social plugins on our website. LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For privacy matters outside the USA: LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Dublin 2, Ireland. If a plugin is embedded on a page you visit, your browser downloads it from LinkedIn servers in the USA, processing your IP and recording date/time. If logged in, LinkedIn may link this to your account. More info: https://www.linkedin.com/legal/privacy-policy. LinkedIn is Privacy-Shield certified: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active. Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Maatoo:
We use maatoo.io for marketing automation. By registering for an info session or consultation, you consent to BWZ using your data to send emails related to the session or consultation. By submitting the form, you confirm the data is shared with maatoo.io in accordance with their privacy policy. Emails may include confirmation, reminders, and follow-ups. If you do not subscribe to the newsletter, your data will not be used for further informational purposes.

Facebook Pixel:
Our website uses Facebook Pixel, implemented via JavaScript code. The Pixel tracks user actions if you came via Facebook Ads. Actions (e.g., product purchases) are stored in cookies, allowing Facebook to match your actions with your Facebook account. Data collected is anonymized for us and only used for advertising purposes. Logged-in Facebook users will have website visits linked to their accounts. The Pixel allows ads to be better targeted based on user interests. Cookie examples are provided, but actual cookies vary based on interaction. Adjust Facebook ad settings: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. Non-Facebook users: http://www.youronlinechoices.com/de/praferenzmanagement/.

Google Ads:
Our site uses Google Ads, an online advertising program by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA, USA. Conversion tracking is used; clicking an ad sets a cookie valid for 30 days, recording ad clicks without personally identifying users. Conversion data is aggregated; individuals are not identified. Opt-out via browser settings. More info: https://www.google.de/policies/privacy/.

Microsoft Clarity:
We use Clarity (https://clarity.microsoft.com/) to record individual visits with anonymized IP addresses. Clarity uses cookies and tracking code; data is stored at Clarity. See Microsoft Privacy Statements for details.

Chatbot:
We use www.landbot.io, offered by Hello Umi S.L., Valencia, Spain. No personal data input is required, but IP and other technical data are transferred to provide the service. Decisions you make during usage are also transmitted. If you do not wish data transfer, avoid chatbot use. More info: https://landbot.io/terms-conditions/index.html. We have a data processing agreement with the provider. Fonts and other content are loaded from Google Ireland servers (Google Fonts, Google Cloud), transferring data to US-based Google entities under Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Hotjar:
We use Hotjar to better understand user needs and optimize the website experience. Hotjar collects anonymized device data (IP, screen size, device type, browser info, country, preferred language) to create pseudonymized user profiles. Hotjar is contractually prohibited from selling data. More info: ‘about Hotjar’ on Hotjar’s help page.

11. CHANGES

This Privacy Policy does not form part of any contract with you. We may update this Privacy Policy at any time. The version published on this website is always the most current version.

October 2025