hypt Report — Banking 2025
Download now

Privacy Policy hypt AG

hypt is a marketing solution that generates digital feedback on analog processes and products and allows satisfied users to send personal recommendations in a structured way.

For this purpose, numeric ratings and text-based feedback from users are collected anonymously via a web-based chatbot. Only negative feedback is personalized, or the customer/user is asked to provide their contact details for the purpose of subsequent contact.

In the event of any problems of interpretation, the German version takes precedence over the others.

Type of personal data

General personal data

We process general personal data about you.

financials

We process your financial information.

location data

We can edit your location data.

Source of personal data

Data provided

We process general personal data about you.

Collected data

We process personal data that we collect about you.

Data obtained

We process personal data about you that we receive from third parties.

Purpose of processing

Marketing

We use your personal data for marketing and advertising.

Product development

We use your personal data to develop and improve products and services.

Further purposes

We may use your personal data for other purposes that are not related to the core service.

Special edits

Proling

We analyse your behavior and make assumptions about your interests and preferences.

Automatic decisions

We make important decisions fully automatically.

Sharing with third parties

Data transfer

We may share your personal data with other companies.

Place of processing

worldwide

Personal data can also be processed outside Switzerland and the EU.

1. General information

We know that building a long-term business relationship with you depends on trust. That trust starts with protecting your data. Our website complies with the requirements of the European Data Protection Regulation GDPR and the DSG of Switzerland. Every user who is on the hypt website must give their consent (opt-in) that their behavior on the website is recorded for analysis purposes. All data is treated anonymously and cannot be traced. All IP addresses are also anonymized in accordance with the GDPR. In this privacy statement, we describe what we do with your information when you contact, communicate, or otherwise interact with us. If you provide us with information about other people, we assume that you have the authority to do so and that this information is accurate. By submitting data via third parties, you confirm this. As far as possible, your data will anonymized and pseudonymized.

2. Responsibility

For the data processing by hypt GmbH described in this data protection declaration, the following body is responsible for concerns and exercising its rights in connection with your data:

Name: hypt AG

Address: Worblaufenstraße 147

Zipcode/City: 3048 Worblaufen

email: hello@hypt.ch

3. Data collection, data processing and purpose

We process various categories of data about you. The most important categories are as follows:

Data for the structure of the website:

When you use our website or other electronic offers, we collect the IP address of your device and other technical data to ensure the functionality and security of these offers. This data also includes logs that record the use of our systems. We generally store technical data for one month. To ensure the functionality of these offers, we can also assign an individual code to you or your device.

Registration data:

Certain offers and services (e.g. online shop) can only be used with registration, which can be done directly with us or via our external login service providers. In doing so, you must provide us with certain information and we will collect data about the use of the offer or service. We generally keep registration data for 24 months after the end of using the service or the termination of the user account.

Communication data:

When you contact us via the contact form, by email, telephone, chat, or other means of communication, we collect the data exchanged between you and us. We generally keep this data for 12 months from the last exchange with you. This period may be longer if this is necessary for reasons of evidence or to comply with legal or contractual requirements or is due to technical reasons. E-mails in personal mailboxes and written correspondence are generally kept for at least 10 years.

Data upon conclusion of contract:

This is data that is generated in connection with the conclusion of a contract. We usually collect this data from you, from contract partners and from third parties involved in processing the contract. We generally store this data for 10 years from the last contract activity, but at least from the end of the contract. This period may be longer if this is necessary for reasons of evidence or to comply with legal or contractual requirements or is due to technical reasons.

Data that collects your behavior:

We obtain this data from your use of our products and services and from our own research. The data is used to better tailor our products and services to you. We anonymize or delete this data when it is no longer meaningful for the purposes pursued, which can be between 3 weeks and 24 months (for product and service preferences), depending on the type of data. This period may be longer if this is necessary for reasons of evidence or to comply with legal or contractual requirements or is due to technical reasons.

Other data that we collect:

In connection with official or court proceedings, for example, data is generated that may also relate to you. We may also collect data for health protection reasons. We may receive or produce photos, videos, and sound recordings in which you may be recognizable. We may also collect data about who enters certain buildings and when or has appropriate access rights (including access controls, based on registration data or visitor lists, etc.), who attends events or actions and when, or who uses our infrastructure and systems and when. The storage period for this data depends on the purpose and is limited to what is necessary. This ranges from a few days for many of the security cameras and usually a few weeks for data for contact tracing, to visitor data, which is usually kept for 3 months, to reports on events involving images that can be kept for a few years or longer.

The processing of data has the following purposes:

We process your data for purposes related to communication with you, in particular to answer inquiries and assert your rights and to contact you if you have any questions. In particular, we use communication data for this purpose. We keep this data to document our communication with you, for training purposes, quality assurance, and inquiries. We process data to establish, manage and process contractual relationships.

We process data for marketing purposes and to maintain relationships, e.g. to send our customers and other contract partners personalized advertising about products and services from us and from third parties. This can take place, for example, in the form of regular contacts, via other channels for which we have contact information from you, but also as part of individual marketing campaigns. You can reject such contacts at any time and refuse or withdraw consent to be contacted for advertising purposes.

We continue to process your data for market research, to improve our services and operations, and for product development. We may also process your information for security purposes and access control. We process personal data to comply with laws, instructions and recommendations from authorities and internal regulations.

We also process data for risk management purposes and as part of prudent corporate governance, including operational organization and corporate development.

We may process your data for other purposes.

4. Legal basis of processing

If we ask you for your consent for certain processing, we will inform you separately about the corresponding purposes of processing. You can withdraw your consent at any time with effect for the future by written notification or, unless otherwise stated or agreed, by e-mail to us. Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so.

Where we do not ask you for your consent to process, we base the processing of your personal data on the fact that the processing is necessary to initiate or execute a contract with you or that we or third parties have a legitimate interest in pursuing the purposes described above and related goals and being able to take appropriate measures. Our legitimate interests also include compliance with legal regulations, insofar as these are not already recognized as a legal basis by the applicable data protection law.

5. Profiling and automated individual decisions

We can automatically evaluate certain of your personal characteristics for the purposes mentioned above (“profiling”), if we want to determine preference data, but also to identify misuse and security risks, carry out statistical evaluations or for operational planning purposes. For the same purposes, we can also create profiles, i.e. we can combine behavioral and preference data, but also master and contract data and technical data associated with you, in order to better understand you as a person with your different interests and other characteristics.

In both cases, we ensure the proportionality and reliability of the results and take measures against misuse of these profiles or profiling. If these may have legal effects or significant disadvantages for you, we always provide for a manual review.

6. Transfer of data to third parties

In connection with our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes listed, we also transfer your personal data to third parties, in particular to the following categories of recipients:

Service provider:

We work with service providers in Germany and abroad who process data about you on our behalf or in joint responsibility with us or receive data about you from us on their own responsibility (e.g. IT providers, cloud services, shipping companies, advertising service providers, login service providers, cleaning companies, security companies, banks, insurance companies, debt collection agencies, credit agencies, or address checkers). This may include health data.

Contracting partner:

First of all, we mean customers and other contractual partners, because this data transfer results from these contracts. This may include health data. Recipients include other contractual partners with whom we cooperate or who advertise for us and to whom we therefore transfer data about you for analysis and marketing purposes.

Authorities:

We may transfer personal data to authorities, courts and other authorities in Germany and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests.

More people:

This refers to other cases where the involvement of third parties results from the purposes. All of these categories of recipients can in turn involve third parties so that your data can also be accessed by them. We can restrict processing by certain third parties (e.g. IT providers), but not that of other third parties (e.g. authorities, banks, etc.).

7. Data exchange abroad

As explained, we also share data with other parties. These are not only located in Switzerland. Your data can therefore be processed both in Europe and in the USA; in exceptional cases, however, in any country in the world.

If a recipient is in a country without adequate legal data protection, we contractually oblige the recipient to comply with applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless he is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception.

8. Retention period

We process your data for as long as our processing purposes, legal retention periods and our legitimate interests in processing for documentation and evidence purposes require or storage is technically necessary.

9. Database and data security

We take appropriate security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing, and to counteract the risks of loss, accidental alteration, unintentional disclosure or access. Hypt's chatbot solutions run on subpages of their own website https://join-hypt.com. The site is protected using TLS and uses an up-to-date server infrastructure.

In order to make it easier for you to control the processing of your personal data, you also have the following rights in connection with our data processing, depending on applicable data protection law:

  • The right to request information from us as to whether and which data we process from you;
  • the right to have us correct data if it is inaccurate;
  • the right to request the deletion of data;
  • the right to request that we provide certain personal data in a common electronic format or transfer it to another person responsible;
  • the right to withdraw consent insofar as our processing is based on your consent;
  • the right, upon request, to obtain further information necessary to exercise these rights;
  • the right to express your position on automated individual decisions and to request that the decision be reviewed by a natural person.

If you wish to exercise the rights set out above, please contact us in writing, at our location or, unless otherwise stated or agreed, by email.

If you do not agree with our handling of your rights or data protection, please let us know. In particular, if you are in the EEA, the UK or Switzerland, you also have the right to complain to your country's data protection supervisory authority.

10. Online tracking and online advertising tools

We use various techniques on our website with which we and third parties we use to recognize you when you use it and may also track you over several visits.

We do not want to infer your identity, even though we can, insofar as we or third parties engaged by us are able to identify you by combining registration data. Even without registration data, however, the technologies used are designed in such a way that you are recognized as an individual visitor each time you access the page, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (so-called “cookie”).

We use such techniques on our website and allow certain third parties to

to do this as well. However, depending on the purpose of these techniques, we ask for your consent before they are used. You can click on your current settings <a href="javascript:Cookiebot.renew()">here</a> access.

Necessary cookies:

A distinction is made between the following cookies:

Necessary cookies: Some cookies are necessary for the website to function as such or for certain functions. For example, they ensure that you can switch between pages without losing information entered in a form. They also make sure you stay logged in. These cookies only exist temporarily (“session cookies”). If you block them, the site might not work. Other cookies are necessary so that the server can save decisions or entries you have made beyond a session (i.e. a visit to the website) if you use this function (e.g. selected language, consent given, the function for automatic login, etc.). These cookies have an expiration date of up to 24 months.

Performance cookies: In order to optimize our website and corresponding offers and to better tailor them to the needs of users, we use cookies to record and analyze the use of our website, possibly even beyond the session. We do this by using third-party analysis services. We have listed them below. Before we use such cookies, we ask for your consent. You can revoke this at any time via the cookie settings. Performance cookies also have an expiration date of up to 24 months. Details can be found on the third-party websites.

We can also include other offers from third parties on our website, in particular from social media providers. These offers are deactivated by default. As soon as you activate them (e.g. by clicking on a button), the corresponding providers can determine that you are on our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of online offers. These social media providers process this data on their own responsibility.

Google Analytics:

hypt uses Google Analytics to track the behavior of anonymized website visitors. This gives us information about how Hypt is being used and how it can be optimized for an improved user experience. Page views, scrolling behavior, and clicks on links or forms are evaluated. Recording takes place only and exclusively after consent has been given via opt-in.

Google Ireland (based in Ireland) is the provider of the “Google Analytics” service and acts as our order processor. Google Ireland relies on Google LLC (based in the USA) as its processor (both “Google”) for this purpose. Google uses performance cookies (see above) and similar technologies to track the behavior of visitors to our website (e.g. page views, time spent, interactions with forms, device type, operating system and location data) and creates reports for us on the use of our website on this basis. We have configured the service so that the IP addresses of visitors to Google in Europe are abbreviated before being redirected to the USA and cannot therefore be traced. We also use Google Signals. This allows Google — if you have activated personalized advertising in your Google account — to collect additional information, such as location-based data, cross-device activity, and interactions with advertisements. This data can be linked to your Google account by Google and used to display personalized advertising. It is possible that Google also uses the collected information for its own purposes, such as to create personal profiles or to link to other data sources. If you agree to the use of Google Analytics, you expressly consent to such processing, which may also include the transfer of personal data (in particular website and app usage data, device information and individual IDs) to the USA and other countries. It is used exclusively on the basis of your express consent (opt-in). You can withdraw your consent at any time with effect for the future.

Information about Google Analytics' privacy policy can be found here:
https://support.google.com/analytics/answer/6004245

If you have a Google account, you can manage the personalized use of your data in your Google account settings:
https://myactivity.google.com

Facebook:

Our website uses so-called social plugins (“plugins”) from the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are marked with a Facebook logo or the addition “Facebook Social Plug-in” or “Facebook Social Plugin”. An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins. When you visit a page on our website that contains such a plugin, your browser creates a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can immediately associate your visit to our website with your Facebook profile. If you interact with the plugins, for example by pressing the “Like” button or making a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends. For the purpose and scope of data collection and further processing and use of data by Facebook, as well as your related rights and settings options to protect your privacy, please see Facebook's privacy policy: http://www.facebook.com/policy.php.

Instagram:

Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. Instagram has been a subsidiary of Facebook Inc. since 2012 and is one of the Facebook products. Embedding Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos or videos from Instagram directly on our website. When you visit websites on our website that have integrated an Instagram function, data is transmitted to Instagram, stored and processed. Instagram uses the same systems and technologies as Facebook. Your data can therefore also be processed across other Facebook companies. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram. For more information, please see Instagram's privacy policy: https://instagram.com/about/legal/privacy/.

LinkedIn:

We use the LinkedIn social network plug-in on our website. LinkedIn is an Internet service provided by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA, hereinafter referred to as “LinkedIn”. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection issues outside the USA. If the plug-in is stored on one of the pages of our website that you visit, your Internet browser downloads a representation of the plug-in from LinkedIn's servers in the USA. For technical reasons, it is necessary for LinkedIn to process your IP address. In addition, the date and time of your visit to our website are also recorded. If you are logged in to LinkedIn while you visit one of our websites equipped with the plug-in, the information collected by the plug-in about your specific visit will be recognized by LinkedIn. LinkedIn may assign the information collected in this way to your personal user account there. For example, if you use the LinkedIn “share” button, this information is stored in your LinkedIn user account and may be published via the LinkedIn platform. If you want to prevent this, you must either log out of LinkedIn before visiting our website or make the appropriate settings in your LinkedIn user account. LinkedIn provides further information about the collection and use of data as well as your rights and protection options in this regard in the privacy policy available at https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Maatoo:

We use maatoo.io as a marketing automation platform. By registering for an information session or consultation, you agree that BWZ may use your data to send emails in connection with the respective information event or consultation. By clicking “Sign Up” and thus submitting the form, you confirm that the information you provide will be shared with maatoo.io — in accordance with their privacy policy and terms — for processing. The following emails are sent in advance for informational purposes: confirmation of registration, reminders and a follow-up email. If you do not sign up for the newsletter, your data will not be used for any further informational purposes.

Facebook pixels:

We use the Facebook pixel from Facebook on our website. We have implemented a code for this on our website. The Facebook pixel is an excerpt of JavaScript code that loads a collection of functions with which Facebook can track your user actions if you came to our website via Facebook ads. For example, when you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies enable Facebook to compare your user data (customer data such as IP address, user ID) with the data from your Facebook account. Facebook then deletes this data again. The data collected is anonymous and cannot be viewed by us and can only be used as part of advertising. If you are a Facebook user yourself and are logged in, your visit to our website is automatically assigned to your Facebook user account.

We only want to show our services and products to people who are really interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. This allows Facebook users (if they have allowed personalized advertising) to see suitable advertising. Facebook also uses the collected data for analysis purposes and its own advertisements.

In the following, we show you the cookies that were set by embedding Facebook pixels on a test page. Please note that these are only sample cookies. Depending on how you interact with our website, different cookies are set.

If you are logged in to Facebook, you can change your ad settings yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Facebook user, you can generally manage your usage-based online advertising at http://www.youronlinechoices.com/de/praferenzmanagement/. There, you have the option to deactivate or activate providers.

Google Ads:

This website uses Google Ads. Ads is an online advertising program from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).

As part of Google Ads, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.

Each Google Ads customer receives a different cookie. The cookies cannot be tracked via the websites of Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not want to participate in tracking, you can object to this use by slightly deactivating the Google Conversion Tracking cookie via your Internet browser under user settings. They will then not be included in the conversion tracking statistics. You can find more information about Google Ads and Google conversion tracking in Google's privacy policy: https://www.google.de/policies/privacy/.

Microsoft Clarity:

We use Clarity, a web analysis tool from Microsoft https://clarity.microsoft.com/, to record individual visits (only with an anonymized IP address). Clarity uses cookies and a so-called tracking code, among other things. The information collected is transmitted to Clarity and stored there. See Microsoft Privacy Statements. For more information about Clarity, see Clarity's privacy policy.

Chatbot:

We use the service provided by the provider www.landbot.io. This is an offer from Hello Umi S.L, Calle Garrigues, 5, CP 46001, Valencia (Spain).

The chatbot is used without entering data about the user. However, during use, for technical reasons, the IP address and the other data mentioned in the “Collection of personal data when visiting my website” section are transferred to the provider in order to be able to provide the service. The same applies to the choices you make during use. If you do not want such data transmission, you should refrain from using the chatbot.

For more detailed information on data processing by the provider, please visit: https://landbot.io/terms-conditions/index.html

I have concluded an order processing contract with the provider, which ensures the protection of your data.

As part of the integration of the chatbot, fonts and other content are also downloaded from servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This involves access to the Google Fonts and Google Cloud services.

Even though this provider is based in the EU, data is transferred to group companies in the USA as part of the use. However, Google is Privacy Shield certified and is therefore committed to complying with the relevant principles:

https://www.privacyshield.gov/EU-US-Framework

Hotjar

We use Hotjar to better understand the needs of our users and to optimize the offer and experience on this website. Hotjar technology gives us a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, what they like and don't like, etc.) and this helps us to tailor our offer to feedback from our users. Hotjar works with cookies and other technologies to collect data about the behavior of our users and about their devices, in particular the IP address of the device (only collected and stored in anonymized form during your use of the website), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language to view our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

For more information, see the 'about Hotjar' section on Hotjars Help page.

11. Amendments

This privacy statement is not part of a contract with you. We can amend this privacy policy at any time. The version published on this website is the latest version.

July 2025