Privacy Policy

This Privacy Policy (“Policy”) describes the manner in which PlantingSpace AG, Vorstadt 22, 6300 Zug, Switzerland (“PlantingSpace”, “we,” “our” or “us”), our website at and our Application (together the “services”) use and collect data from individuals. The Company is the controller for the data processing described below. “You” or “your” refers to the individual who uses our Website, features, and services, or accesses available information or engages with us directly by email.

  1. We process personal information in accordance with the Swiss Data Protection Act and, to the extent applicable, the EU General Data Protection Regulation. We will only process your personal data in accordance with this Privacy Notice unless otherwise required by applicable law.

  2. Which personal data do we collect?

    We may collect or receive personal information for a number of purposes connected with our business operations when you use our services. This includes the following:

    • Website visitor and usage details (e.g. IP address, logfiles, terminal ID);
    • Login details (e.g. password, username, session);
    • Request details (e.g. details and content of your request);
    • Applicant data (e.g. CV, certificates, work history, desired salary, references);
    • Contact details when provided (e.g. name, email address, address, phone number).

    If you use our Application, we also process the following:

    • In-app Identifiers (e.g. screen name, account ID and other user-, account- and device-level ID that are used to identify you, your account or your device);
    • Diagnostics data (e.g. crash logs, launch time, hang rate, energy use and other information related to the performance of the Application).

    When you use our services, we may collect personal data you provide to us through prompts. Please avoid entering sensitive personal data such as health data about you or other individuals. If you disclose data to us about other individuals, we assume that you are authorized to do so, and that the relevant data is accurate. When you share data about others with us, please make sure that these individuals have been informed about this Privacy Policy.

    There is no obligation to provide your personal data. However, please note that our services cannot be provided if you do not provide the required data strictly necessary for performing the contract between you and us.

  3. Why do we collect personal data and on what legal basis?

    Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific purposes for which we collect it.

    Contract: To perform our contractual obligations or take steps linked to a contract with you. In particular:

    • To provide our services;
    • To provide you with customer support;
    • To set up and manage your account, as well as to verify your credentials when logging in;
    • To recruit you.

    Consent: We may rely on your freely given consent at the time you provided your personal data.

    In particular:

    • To provide users with news, special offers, newsletters, and general information about services which we offer.

    Legitimate interests: We rely on legitimate interests based on our assessment that the processing is fair and reasonable and does not override your interests or fundamental rights and freedoms. In particular:

    • To maintain and improve our services, as well as to detect, prevent, and address security threats;
    • To develop new services.

    Necessity for compliance with legal obligations: To meet regulatory obligations. In particular:

    • To notify you about changes to our services and our Privacy Policy;
    • To comply with applicable regulations and legislation;
    • For the legal enforcement of claims and rights.

    Newsletter We send newsletters and other notifications by email and through other communication channels and may deliver them with the help of third parties.

    In principle, you must expressly consent to receive newsletters and other notifications from us, unless this is permitted for other legal reasons. We use “double opt-in” for any consent in the case of emails, i.e. you will receive an e-mail with a web link that you must click to confirm, so that no misuse by unauthorized third parties can take place. We may log such consents including Internet Protocol (IP) address, date and time.

    Newsletters and other notifications may contain web links or tracking pixels that record whether an individual newsletter or notification has been opened and which web links were clicked (performance measurement). Such web links and tracking pixels record the use of newsletters and other notifications. We use this statistical recording of usage, including success and reach measurement, in order to be able to offer newsletters and other notifications effectively and in a user-friendly manner, as well as permanently, securely and reliably, based on the reading habits of the recipients.

    You can unsubscribe from newsletters and other notifications at any time and thereby object in particular to the aforementioned collection of usage. You can do so by contacting us directly or following the link included in the footer of each newsletter we send you.

  4. How do we collect data?

    We collect information about our users when they use our services, including taking certain actions within it.


    • Via our website and electronic communication including social media pages;
    • When you use our services;
    • When you provide services to us;
    • When you correspond with us by electronic means using our services;
    • When you browse, complete a form or make a request while using our services.


    • Through public sources;
    • From public registers (such as commercial registers), news articles and internet searches;
    • From external service providers (see section 7).
  5. Data Retention

    We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for or to satisfy any legal requirements. To determine the appropriate retention period, we consider our statutory obligations, the amount and nature of the personal data, the potential risk of harm from disclosure of your personal data, the purposes we process your personal data for, and whether we can achieve those purposes through other means.

    We may anonymise your personal data so that it can no longer be associated with you for the purpose of analysing and improving our application and recruitment processes. If you are offered and accepted employment with PlantingSpace AG, the personal data we collected during the application and recruitment process will become part of your employment record, and we may use it in connection with your employment.

  6. Data Recipients

    We engage third-party companies (“service providers”) to facilitate the operation of our services, assist in analyzing the usage of the services, or perform necessary services, such as payment and the provision of IT infrastructure. These third parties have access to your personal data only to the extent necessary to perform these tasks.

    Types of service providers who might access your personal data:

    • Insurers;
    • Third parties who provide IT and software services including recruitment platform;
    • Third parties that are engaged in the course of your matter, such as counsels, banks and other payment providers;
    • Third parties who help us with client insights and marketing;
    • Professional advisers that we use, such as accountants and lawyers.
  7. Data transfers

    We may use service providers who are partly located in so-called third countries (outside the European Union or the European Economic Area or Switzerland) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the EU.

    We safeguard your personal data per our contractual obligations and applicable data protection legislation when transferring data abroad. Such safeguards may include:

    • the transfer to countries that have been deemed to provide an adequate level of protection according to lists of countries published by the Federal Data Protection and Information Commissioner, as well as to countries where there is an adequacy decision by the European Commission in place;
    • applying standard data protection model clauses, binding corporate rules or other standard contractual obligations that provide appropriate data protection.

    If a third country transfer takes place and there is no adequacy decision or appropriate safeguards, it is possible and there is a risk that authorities in the third country (e.g. intelligence services) can gain access to the transferred data and that the enforceability of your data subject’s rights cannot be guaranteed.

  8. Data disclosure

    We may disclose your personal data in the good faith belief that such action is necessary:

    • To comply with a legal obligation (i.e., if required by law or in response to valid requests by public authorities, such as a court or government agency);
    • To protect the security of the Website and defend our rights or property;
    • To prevent or investigate possible wrongdoing in connection with us;
    • To defend ourselves against legal liability.
  9. Your Rights

    You have the below data protection rights. To exercise these rights, you may contact the above address or send an email to: Please note that we may ask you to verify your identity before responding to such requests.

    • Right of access: You have a right to request a copy of your personal data, which we will provide to you in an electronic form.
    • Right to amendment: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.
    • Right to withdraw consent: If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent with effect for the future. This includes cases where you wish to opt-out from marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you initially consented unless there is another legal basis for processing. To stop receiving emails from us, please click on the ‘unsubscribe’ link in the email you received or contact us at
    • Right to erasure: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected or when it was unlawfully processed.
    • Right to restriction of processing: You have the right to request the restriction of our processing of your personal data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.
    • Right to portability: You have the right to request that we transmit your personal data to another data controller in a standard format such as Excel, where this is data which you have provided to us and where we are processing it on the legal basis of your consent or to perform our contractual obligations.
    • Right to object to processing: Where the legal basis for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have a compelling legal basis for the processing which overrides your interests or if we need to continue to process the personal data for the exercise or defence of a legal claim.
    • Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. You are entitled to contact the relevant Supervisory Authority—in Switzerland, the Federal Data Protection and Information Commissioner, Feldeggweg 1 CH - 3003 Bern, In the EU and EEA, you can exercise this right, for example, before a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement. You can find a list of the relevant authorities here:
  10. Links to third-party apps and sites

    Our website may contain links to websites or apps that are not operated by us. When you click on a third party link, you will be directed to that third party’s website or app. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party websites or services.

    We maintain online presences on social networks to, among other things, communicate with customers and prospective customers and to provide information about our products and services. If you have an account on the same network, it is possible that your information and media made available there may be seen by us, for example, when we access your profile. In addition, the social network may allow us to contact you. The content communication via the social network and the processing of the content data is thereby subject to the responsibility of the social network. As soon as we transfer personal data into our own system, we are responsible for this independently. This is then done in order to carry out pre-contractual measures and to fulfil a contract. For the legal basis of the data processing carried out by the social networks under their own responsibility, please refer to their data protection declarations. Below is a list of social networks on which we operate an online presence:

  11. Please revisit this Policy periodically to stay aware of any changes. We may update it periodically (last update: 29 November 2023). If we modify this Policy, we indicate the date of the latest revision. Changes to this Privacy Policy are effective when they are posted on this page.