Ur-Store Systems AG (hereinafter also "we", "us") with its registered office in Bern, obtains and processes personal data within the scope of its business activities. In this Privacy Policy, we inform you about this data processing.

We have aligned this Privacy Policy with both the Swiss Data Protection Act and the European General Data Protection Regulation - GDPR for short. The GDPR has established itself worldwide as a benchmark for strong data protection. However, whether and to what extent the GDPR is applicable depends on the individual case.

The company that determines whether this processing should take place, for what purposes it takes place, and how it is structured is responsible for a specific data processing operation under data protection law. In principle, the following is responsible for data processing under this Privacy Policy:

Ur-Store Systems AG
Strandweg 35
CH-3004 Bern
privacy@yourstore.ch

When you use our services, use yourstore.ch (hereinafter "website"), use our apps and cloud services, or otherwise have dealings with us, we obtain and process various categories of your personal data. In principle, we may obtain and otherwise process this data in particular for the following purposes:

We process personal data so that we can communicate with you and with third parties via email, telephone, letter, or otherwise. This also includes that we can send our customers, contractual partners, and other interested persons information about events, news about YourStore, or similar. This can take place, for example, in the form of newsletters and other regular contacts (electronically, by post, by telephone). You can decline such communication at any time or refuse or revoke your consent to such communication. For this purpose, we process in particular the content of the communication, your contact details, and the marginal data of the communication, but also image and audio recordings of (video) telephone calls. In the case of an audio or video recording, we will inform you separately and you are free to tell us if you do not wish to be recorded or to end the communication. If we need or want to establish your identity, we collect additional data (e.g., a copy of an ID).

To be able to fulfill our contractual obligations to you, the processing of personal data is essential. This begins with the first contact and extends through the entire process of contract initiation, contract conclusion, as well as contract administration and execution. When you contact us, we collect data such as your name, your contact details, information about your company, and your request. This serves to understand your request and to submit a suitable offer to you. Once a contract has been concluded, we need further data to provide our services. This includes, for example, information about your IT infrastructure, your business processes, and your employees. We use this data to offer you tailored advice. Within the framework of contract execution, we collect and process in particular the following data: master data (name, address, contact details, company name), contract data (subject matter of the contract, term, remuneration), communication data (emails, letters, telephone logs), and project-related data (documentation, analyses, reports, presentations). The processing of this data serves the fulfillment of our contractual obligations, invoicing and payment processing, communication with you, and quality assurance. The processing of your personal data within the framework of contract execution takes place primarily to fulfill our contractual obligations. In some cases, we also rely on our legitimate interests, for example, to improve our services. You have the right to obtain information about the personal data processed by us, to request the correction or deletion of your data, and to request the restriction of processing.

To operate our website securely and stably, we collect technical data, such as IP address, information about the operating system and settings of your device, the region, the time, and the type of use. We also use cookies and similar technologies. For more information, see Section 7.

When you use our cloud platform, we process personal data to provide these services to you securely, stably, and in accordance with the contract.

To continuously improve our website and other electronic offers, we collect data about your behavior and your preferences, for example by analyzing how you navigate through our website and how you interact with our social media profiles.

The security of your data and the protection of our IT systems and infrastructure is our top priority. To ensure this and to prevent abuse, we process personal data for security purposes. This includes, among other things, ensuring IT security, preventing theft, fraud, and abuse, as well as preserving evidence.

Specifically, we take the following measures:

The processing of your personal data within the framework of security measures takes place primarily to safeguard our legitimate interests, in particular the protection of our IT systems and the prevention of criminal offenses.

As a Swiss service company, we are subject to various legal requirements that make the processing of personal data necessary. This includes, among other things:

The processing of your personal data within the framework of compliance with legal requirements takes place primarily to fulfill our legal obligations.

Efficient administration and corporate management require the processing of certain personal data. This covers various areas:

The processing of your personal data within the framework of administration and corporate management takes place primarily to safeguard our legitimate interests, for example, to optimize our business processes and to improve our services. The processing of your data within the framework of the application process takes place primarily for the initiation of an employment relationship.

Within the scope of our services, we install and maintain systems at our customers' premises (e.g., network components, camera surveillance systems).

The most personal data we process is provided to us directly by you. This happens, for example, when you:

The provision of your data is generally voluntary. However, to use certain services, such as concluding a contract or using our website, providing certain data is necessary.

In addition to the data provided by you, we also independently collect certain data. This happens, for example, through:

We also receive personal data from third parties. This includes:

In connection with the purposes listed in Section 3, we transmit your personal data in particular to the categories of recipients listed below. If necessary, we obtain your consent for this or have our supervisory authority release us from our professional confidentiality obligation. All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g., IT providers), but not that of other third parties (e.g., authorities, banks, etc.).

We work with service providers in Switzerland and abroad who (i) process data on our behalf, (ii) in joint responsibility with us, or (iii) on their own responsibility, which they have received from us or collected for us (these service providers include, e.g., IT providers, banks, insurance companies, debt collection agencies, credit agencies, address verifiers, other consulting companies). We generally conclude contracts with these third parties regarding the use and protection of personal data.

This refers to other cases where the involvement of third parties results from the purposes according to Section 3. This concerns, for example, delivery addresses or payment recipients specified by you, third parties within the framework of representative relationships (e.g., your bank). If we work with media and transmit material to them (e.g., photos), you may also be affected. Within the framework of corporate development, we may sell or acquire businesses, parts of operations, assets, or companies or enter into partnerships, which may also result in the disclosure of data (also of you, e.g., as a customer or supplier or as their representative) to the persons involved in these transactions. In the context of communication with our competitors, industry organizations, associations, and other bodies, data concerning you may also be exchanged.

We also allow certain third parties to collect personal data from you on our website and at events organized by us on their own responsibility (e.g., media photographers, providers of tools that we have integrated on our website, etc.). Insofar as we are not decisively involved in these data collections, these third parties are solely responsible for them. For concerns and to assert your data protection rights, please contact these third parties directly. We have listed your rights in Section 9. Information on activities on our website can be found in Section 7.

We process and store personal data mostly in Switzerland and in the European Economic Area (EEA). In certain cases, however, we may also disclose personal data to service providers and other recipients (see Section 5) who are located outside this area or who process personal data outside this area, in principle in any country in the world. The countries concerned may not have laws that protect your personal data to the same extent as in Switzerland or the EEA. If we transfer your personal data to such a country, we ensure the protection of your personal data in an appropriate manner.

One means of ensuring adequate data protection is, for example, the conclusion of data transfer agreements with the recipients of your personal data in third countries that ensure the required data protection. These include contracts that have been approved, issued, or recognized by the European Commission and the Federal Data Protection and Information Commissioner, so-called Standard Contractual Clauses. An example of the data transfer agreements we typically use can be found at https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en. Please note that such contractual arrangements can partially compensate for weaker or missing legal protection, but cannot completely exclude all risks (e.g., from government access abroad). In exceptional cases, the transfer to countries without adequate protection may also be permissible in other cases, e.g., based on consent, in connection with legal proceedings abroad, or if the transfer is necessary for the performance of a contract.

When using our website (incl. newsletter and other digital offers), data is generated that is stored in logs (in particular technical data). In addition, we may use cookies and similar technologies (e.g., pixel tags or fingerprints) to recognize website visitors, evaluate their behavior, and recognize preferences. A cookie is a small file that is transmitted between the server and your system and enables the recognition of a specific device or browser.

You can set your browser to automatically reject, accept, or delete cookies. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in the help menu of your browser.

Both the technical data collected by us and cookies generally do not contain any personal data. However, personal data that we or third-party providers commissioned by us store about you (e.g., if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.

We also use social media plug-ins, which are small software modules that establish a connection between your visit to our website and a third-party provider. The social media plug-in tells the third-party provider that you have visited our website and may transmit cookies to the third-party provider that they have previously placed on your web browser. Further information on how these third-party providers use your personal data collected via their social media plug-ins can be found in their respective privacy policies.

In addition, we use our own tools as well as services from third-party providers (which may in turn use cookies) on our website, in particular to improve the functionality or content of our website (e.g., integration of videos or maps), to create statistics, and to display advertising.

A detailed list of the cookies we currently use appears by clicking on "Cookies" in the footer of our website.

Some of the third-party providers we use may be located outside of Switzerland. Information on data disclosure abroad can be found in Section 6. In terms of data protection law, they are partly "only" processors for us and partly responsible bodies. Further information on this can be found in the privacy policies.

We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. In doing so, we receive data from you (e.g., when you communicate with us or comment on our content) and from the platforms (e.g., statistics). The providers of the platforms may analyze your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g., marketing and market research purposes and to manage their platforms), and act as their own controllers for this purpose. Further information on processing by the platform operators can be found in the privacy policies of the respective platforms.

We currently use the following platforms, whereby the identity and contact details of the platform operator are available in the privacy policy:

We are entitled, but not obliged, to check third-party content before or after its publication on our online presences, to delete content without notice, and, if necessary, to report it to the provider of the relevant platform.

Some of the platform operators may be located outside of Switzerland. Information on data disclosure abroad can be found in Section 6.

You have certain rights in connection with our data processing. Depending on the applicable law, you may in particular request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the surrender of certain personal data in a common electronic format, or request its transfer to other controllers.

If you wish to exercise your rights against us, please contact us; our contact details can be found in Section 2. So that we can exclude abuse, we must identify you (e.g., with a copy of an ID).

Please note that conditions, exceptions, or restrictions apply to these rights (e.g., to protect third parties or trade secrets or due to our professional confidentiality obligation). We reserve the right to black out copies for data protection reasons or reasons of confidentiality or to supply them only in extracts.

We do not assume that the EU General Data Protection Regulation ("GDPR") applies in our case. However, should this exceptionally be the case for certain data processing operations, this Section 10 additionally applies exclusively for the purposes of the GDPR and the data processing operations subject to it.

We base the processing of your personal data in particular on the fact that

We point out that we generally process your data for as long as our processing purposes (cf. Section 3), the legal retention periods, and our legitimate interests, in particular for documentation and evidence purposes, require it or storage is technically necessary (e.g., in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we generally delete or anonymize your data after the storage or processing period has expired as part of our usual processes and in accordance with our retention policy.

If you do not provide certain personal data, this may mean that the provision of the related services or the conclusion of a contract is not possible. We generally indicate where personal data requested by us is mandatory.

The right to object to the processing of your data set out in Section 9 applies in particular to data processing for the purpose of direct marketing. If you do not agree with our handling of your rights or data protection, please let us know (cf. contact details in Section 2). If you are in the EEA, you also have the right to complain to the data protection supervisory authority of your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en.

This Privacy Policy may be adapted over time, in particular if we change our data processing or if new legal regulations become applicable. We actively inform persons whose contact details are registered with us of significant changes if this is possible without disproportionate effort. In general, the Privacy Policy in the version current at the start of the relevant processing applies to data processing.

Last update: January 2026