Data protection is a particularly high priority for us. In the following, we inform you about the collection of personal data when using our website and our apps. Personal data refers to all data with which it is possible to draw conclusions about you personally, for example, name, address, email addresses, user behavior. The processing of a data subject's personal data shall always be in line with the General Data Protection Regulation (GDPR) and in accordance with the Swiss Data Protection Act (DSG) applicable to ZATTOO AG.
The Data Controller within the meaning of the EU General Data Protection Regulation (GDPR) or within the meaning of the Swiss Data Protection Act (DSG) is Zattoo AG, Baslerstrasse 60, CH-8048 Zurich, telephone: +41 43 500 21 00, fax: +41 43 500 21 11, email: email@example.com (see our Legal Notice).
You can reach our data protection officer at firstname.lastname@example.org or either one of our postal addresses with the addition of “Data Protection Officer”.
We would like to inform you that you have the right to request information about which of your data is processed by us at any time in accordance with Art. 15 GDPR and Art. 25 DSG. The right of access also includes the right to receive a copy of the data, provided that this does not adversely affect the rights and freedoms of other persons (Art. 15 GDPR). You have the right to request the correction or completion of incorrect or incomplete data concerning you (Art. 16 GDPR, Art. 6 para. 5 DSG).
You have the right to know, in case of transfer abroad, to which state the personal data will be disclosed and, if applicable, the guarantees according to Art. 16 para. 2 DSG or the application of an exception according to Art. 17 DSG.
You have the right to data disclosure if your data is processed automatically and the data is processed with your consent or in direct connection with the conclusion or processing of a contract (Art. 20 para. 1 GDPR, Art. 28 para. 1 DSG). You also have the right to data portability (Art. 28 (2) DSG) if the requirements of Art. 28 para. 1 DSG are met, and according to Art. 20 para. 2 of the GDPR when exercising the right to data portability pursuant to Art. 20 para. 1 of the GDPR.
In principle, you have the right to delete your data (Art. 17 GDPR). However, the right to deletion does not exist, for example, if the processing is necessary for the fulfilment of a legal or contractual obligation.
You have the right to request the restriction of the processing of your data if certain conditions are fulfilled (Art. 18 GDPR). In principle, you also have the right to receive the transmission of the data provided by you in a structured, common and machine-readable format.
If you wish to exercise any of your rights and/or want more information about them, please contact us in accordance with point 2.
If you have given us consent for processing your data, you can withdraw this at any time. Withdrawal of this kind affects the admissibility of processing your personal data after you have expressed this to Zattoo.If we base the processing of your personal data on a weighing of interests, in particular on Art. 6 paragraph 1 sentence 1 (f) GDPR, you can object to the processing. This is the case if, in particular, the processing is not required in order to fulfill a contract, which we describe in the following description for each function. If you express such an objection, which you can send to the contact details referred to in point 2 above, please explain the reasons why we should not process your personal data as we have done. We will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate reasons for continuing our processing.Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. Please direct your objection to processing for advertising to the contact details mentioned under point 2 above.
You also have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
In the case you are using the website purely for information purposes, i.e. if you do not register or provide us with information otherwise, we only collect the personal data that your browser transfers to our server. If you wish to view our website, we collect the following information that is technically necessary for us in order to display our website and to ensure its stability and security. The legal basis for this is Article 6 paragraph 1 sentence 1 (f) GDPR:IP address, date and time of the request, time zone difference to Greenwich mean time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website/app that the request comes from, browser, operating system, and its interface, language and version of the browser software.
If you wish to use our apps, we collect the following personal data that is technically necessary for us to offer you the features of our products (legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR) and to ensure stability and security (legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR):
Date and time of the request
time zone difference to Greenwich mean time (GMT)
content of the request (concrete page)
access status/HTTP status code
amount of data transferred in each case
web site/app that the request comes from, if applicable
Browser, if applicable
Operating system, and its interface
Language and version of the browser software, if applicable
If you contact us by email or via a contact form, the information you provide (your email address, possibly your name and your telephone number) will be stored by us in order to be able to answer your questions. If fields on our contact form are marked as not required to contact you, they will always be marked as optional. This information is used to substantiate your request and to improve the processing of your request. This information is expressly shared on a voluntary basis and with your consent, Art. 6 para.1 (a) of the GDPR or Art. 6 para. 6 DSG.
If this information corresponds to your communication channels (e.g. email address, telephone number), you also agree that we can also contact you via this communication channel in order to respond to your request.
Of course, you can revoke this consent at any time in the future. We delete the data arising in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations (Art. 5 para. 1 e) of the GDPR or Art. 6 para. 4 DSG).
You have the opportunity to register with us and create a customer account. For the registration we collect and store the following data:
Email address (username)
Date of birth
After registration, you will receive personal, password-protected access and can view and manage the data you have provided. Registration is voluntary but may be required to use our services.If you use our service, we store your data and possibly also details of the payment method required to fulfill the contract, until you finally delete your account. Furthermore, we will store the voluntary data you provide for the time of your use of the app, unless you delete it before. All information can be managed and changed in your account. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR.
Furthermore, for technical and contractual reasons, we log when which show was watched for how long in a pseudonymized form. This data is only collected during active use. TV shows are recommended to the user based on this data. Additional data will not be purchased. You can object to this kind of recommendation at any time. Please refer to the contact details provided in point 2 for this purpose. The legal basis is Article 6 paragraph 1 sentence (f) GDPR.
When you place an order online on our website or apps, we collect various data required for the conclusion of the contract. The legal basis is the conclusion and execution of a contract in accordance with Article 6 paragraph 1 sentence 1 (b) GDPR. The data is stored for the duration of the contract and according to legal obligations. The legal basis for storing the data due to statutory retention requirements is Art. 6 Para. 1 lit. c GDPR. For payment, we use various payment service providers, which are always identified and accept your input directly and are therefore recipients of your personal data collected in connection with the payment process. The legal basis for the engagement of payment service providers is the contract execution according to Article 6 paragraph 1 sentence 1 (b) GDPR. Data for the purpose of payment is stored for the duration of the payment.
If you participate in competitions, we collect the information necessary for the execution of the competition. This is usually an individual competition entry (for example, a comment or a photo) as well as names and contact details. We may share your information with our competitors, for example to give you your prize.
The data processing and transmission may vary depending on the competition and is therefore described in detail in the respective conditions of participation. Participation in the competition and the associated data collection is, of course, voluntary. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 a) of the GDPR or Art. 6 para. 6 DSG. Your data will be deleted after the end of the competition.
When you sign up with us via Facebook, your account will automatically be linked to your Facebook account, and information about your activity on our websites and applications may be shared on Facebook and posted on your timeline and displayed in the news feeds of your friends.
You can also register and sign in through your Amazon account. The provider is Amazon.com LLC, 410 Terry Ave. North, Seattle, WA, USA. If you sign up through Amazon, Amazon will ask for your permission to share certain details of your Amazon Account with us. This may include your first name, last name, gender, and your email address to verify your identity, as well as a link to your Amazon account. This data is collected from Amazon and sent to us in compliance with the provision of the Amazon Privacy Notice. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR.
You can also register and sign in through your Apple account. The provider is Apple Inc., 1 Apple Parkway, Cupertino, CA, USA. If you sign in with Apple, Apple will ask you for a confirmation to use your apple account to sign in to Zattoo. Sign in with Apple protects your privacy by allowing you to sign in to our website and apps without having to provide us with information that personally identifies you except information used by your browser for normal web functions.
We may ask for your name and email address when you use Sign in with Apple. Your name will default to the name associated with your Apple ID and for the email address, you can choose to provide us with any of the email addresses associated with your Apple ID, or to hide your email address. If you choose to hide your email address from us and also disable email forwarding from the Apple generated email address to your personal email address, please understand that we will not be able to reach out to you with our communication messages. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR.
For advertising purposes, we use what is known as “advertising identifiers” (e.g., “AAID” or“IDFA”). These are unique but non-permanent valid identification IDs for a particular device provided by device operating systems. With your consent the data collected through advertising identifiers may be linked to your login. We use advertising identifiers to provide you with personalized advertising and to evaluate your usage of our apps. The advertising identifier of your device can be reset at any time in the device settings. The new advertising identifier cannot be associated with the previous one. In addition, the transfer and use of the advertising identifier can be disabled in the device settings. Please be aware that you may not be able to use all the features of our service if you restrict the use of advertising identifiers. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR.
In addition, we may use other technologies such as web beacons or pixel tags, which can be embedded in web pages, videos, or emails, to collect certain types of information from your browser or device, check whether you have viewed a particular web page, ad, or email message, and determine, among other things, the time and date on which you viewed the content, the IP address of your device, and the URL of the web page from which the content was viewed. We may also use or work with third parties including our business partners and service providers who use Software Development Kits (“SDKs”) to collect information, such as advertising identifiers (e.g., “AAID” or “IDFA”), user IDs and information related to how mobile devices, or other devices such as Smart TVs and streaming devices, interact with our services.
For analysis purposes and to optimize our websites and apps, we use various services, which we describe below. For example, we can analyze how many people visit our website, which information is most in demand and how people find our services.
Among other things, we collect information about the website from which a data subject accessed another website (known as the "referrer"), which subpages of our website or apps were accessed or how often a subpage was viewed and how long the person stayed on the subpage. This helps us to design and improve our services in a user-friendly manner.
The data collected is not used for the personal identification of individual users. Anonymous or at most pseudonymous data is collected. The legal basis for this is Art. 6 para. 1 a) of the GDPR or Art. 6 para. 6 DSG.
Data is collected about your interaction with the application/platform, including the pages you visit, programs you stream, recordings requested, channels favorited, search terms, along with the time, frequency, and duration of sessions on the application. This information is used to improve the services and features in the application in terms of security, availability, and user experience and deliver a better service to you as per our contractual promise. This event data is retained for 12 months before it is aggregated into standardized analysis reports without personal reference. For the exceptional cases in which personal data is transferred to countries outside the European Economic Area (EEA), i.e. to third countries, this is done under the conditions of Art. 44 et seq. GDPR. We will inform you about the respective details of the transfer in the relevant points below.
If you have given your consent, our products use Google Analytics, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Our services also use Google Optimize. Google Optimize analyzes the use of different variations of our website and helps us to improve the usability according to the behavior of our users on the website. Google Optimize is a tool associated with Google Analytics.
We use the function User-ID. The User ID allows us to assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and to analyze user behavior across devices.
We use Google Signals. This allows Google Analytics and Google Optimize to collect additional information about users who have activated personalized ads (interests and demographic data). Also ads can be delivered to these users in cross-device remarketing campaigns.
We use the function 'anonymizeIP' (so-called IP-Masking): Due to the activation of IP-anonymization on our website or apps , your IP-address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser / Device Operating System within the framework of Google Analytics is not merged with other data from Google.
During your app use the following data will be collected:
The pages you call up, your "click behaviour“
Achievement of "website / apps goals" (conversions, e.g. newsletter registrations, downloads, purchases)
Your user behavior (for example clicks, dwell time, bounce rates)
Your approximate location (region)
Your IP address (in abbreviated form)
Technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
Your internet provider
The referrer URL (via which website/advertising medium you came to this website/apps)
On behalf of the operator of this app, Google will use this information to evaluate your (pseudonymous [NOT USER ID]) use of the app and to compile reports on the app activity. The reports provided by Google Analytics serve to analyse the performance of our apps and the success of our marketing campaigns.
The data recipient may be:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94045, USA
Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94045, USA
For this purpose we have concluded a contract with Google. Google LLC, headquartered in California, USA, and, if applicable, US authorities can access the data stored at Google.
A transfer of data to the USA cannot be excluded. However, we pay attention to ensure their compliance to GDPR guidelines. Google is certified in accordance with the EU-US Data Privacy Framework and an adequate level of data protection can be assumed.
The data sent by us and linked to cookies is automatically deleted after 14 months. Data is automatically deleted once a month as soon as the storage period is reached.
You can also prevent the collection of data generated by the cookie and related to your use of the app (including your IP address) to Google and the processing of this data by Google by
not giving your consent to the cookie settings, revoke any consent you have given, or
downloading and installing the browser add-on to disable Google Analytics HERE.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 a) of the GDPR or Art. 6 para. 6 DSG. You can revoke your consent at any time with future effect by changing your selection in the cookie preference in the account settings or by opening our apps to the cookie preference center.
It cannot be ruled out that your data will be transferred to one of Adjust's subsidiaries in third countries. In the case of Adjust Inc. in the USA, an adequate level of data protection can be assumed, as Adjust Inc. is certified in accordance with the EU-US Data Privacy Framework. If data is transferred to subsidiaries in Brazil or China, we would like to point out that a secure level of data protection cannot be guaranteed.
We use the analysis service “Exactag” which is operated by Exactag GmbH, Philosophenweg 17, 47051 Duisburg, Germany. Cookies are used to store data on your usage of zattoo.com. The cookie set by Exactag expires in twelve months. The legal basis for this is article 6 section 1 letter (f) of the GDPR. If you want to opt out, click on the link to install Exactag's opt-out cookie in your browser. For more information about Exactag, please visit this page.
To analyze the use of the app, Zattoo uses the web analysis service Braze, a program of Braze, Inc., 265 W. 37th Street, Suite 1212, New York, NY 10018, USA. Braze uses a pseudonymous ID, which allows us to analyze the use of our services. This determines the version of the operating system you use, information about your network operator, a country code, the usage behavior and the usage pattern of our services.
Braze will use this information on behalf of Zattoo to evaluate the use of the app by the user. If this is activated by you, you can use Zattoo to transmit targeted information (known as push notifications and emails) via Zattoo services or for specific advertising. The legal basis is Art. 6, para. 1 a) of the GDPR or Art. 6 para. 6 DSG.
Braze is based in the USA and is certified in accordance with the EU-US Data Privacy Framework. An adequate level of data protection can therefore be assumed for the data transfer.
Zattoo uses the web analytics service Hotjar to analyze usage. Hotjar Ltd. (St Julian's Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) complies with the Data Protection Act, Chapter 440 of the Laws of Malta (“Applicable Law”), which implements all relevant European Union directives on data protection. Hotjar is a service that analyzes users’ behavior and feedback on web pages using a combination of analysis and feedback tools. Hotjar gives Zattoo a “complete picture” of how to improve the website performance and end-user experience. For this purpose, the following information is collected: The IP address of the device (collected and stored in an anonymized format), screen/display resolution, type of device, operating system, browser type, geographic location (country only), preferred language, and mouse events (movements, position and clicks). The collected data is transferred and stored using an encrypted connection to servers located in Ireland (EU). The sole purpose of this data collection is to improve the user experience on the Hotjar-based websites. No personal data is collected or stored. For more information on how Hotjar complies with data protection regulations, please click here: www.hotjar.com/privacy. You can refuse permission for Hotjar to collect your data when you visit Zattoo at any time on Hotjar's opt-out page and click on “Disable Hotjar”. The legal basis is Art. 6, para. 1 a) of the GDPR or Art. 6 para. 6 DSG.
We have integrated forms from HeyFlow on this website. The provider is Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg (hereinafter referred to as HeyFlow). HeyFlow provides a technology for the creation of online interaction tools (click-funnel), with the help of which (potential) customers or other third parties (hereinafter "inquirers") can contact us. For this purpose, inquirers interact with the click-funnel in order to receive suitable information and product suggestions. If applicable, Inquirers have the option to provide their email address to receive further information by email, for which the following statements also apply.
The integration of HeyFlow on our website is based on our legitimate interest in a most interactive and user-friendly communication with inquirers (Art. 6 para. 1 lit. f DSGVO).
The processing of personal data (e.g. e-mail addresses for the purpose of sending additional information by mail) is based on the consent of the inquirer (Art. 6 para. 1 lit. a DSGVO). Email addresses are only processed for sending information via email and deleted directly afterwards.
In the area of affiliate marketing, we work with the Service providers AWIN AG, Landsberger Allee 104 BC, 10249 Berlin, Germany and CommunicationAds GmbH & Co. KG, Kaiserstraße 23, 90403 Nürnberg, Germany.
Provided that you interact with corresponding forms of advertising, a cookie with a validity of 30 days is set. This cookie contains a pseudonymous ID that provides information about the partner website, the advertising material and the time of contact and is only used to track the success of advertising on the partner website. In the event of corresponding advertising success, the website operator transmits a pseudonymous payment ID and potential further campaign data relevant to the payment without reference to a person. The legal basis for data processing is Art. 6 paragraph 1(a), (b) and (f) of the General Data Protection Regulation (GDPR).
Affiliate tracking will only be enabled on our website if you have provided your consent to the use of marketing cookies via the Zattoo Cookie banner. You can withdraw your consent at any time via our cookie banner.
We use the pixel of Facebook Ireland Limited for targeting (Facebook Website Custom Audiences) and conversion tracking purposes. Through the pixel, information about the use of our products is collected and shared with Facebook. This information can be assigned to you with the help of further information that Facebook Ireland Limited has stored about you, e.g. due to your ownership of an account on the social network Facebook. Based on this information interest-related advertisements can be displayed to you in your Facebook account.
We have not enabled “automatic advanced matching” as part of Facebook’s pixel feature. Therefore, we do not share hashed information such as email, name, gender, city, state, zip code, and date of birth or phone number with Facebook. The pixel of Facebook gets only activated in your browser if you have agreed to marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.
As Facebook has its headquarters in the USA, it cannot be ruled out that your data will be processed in the USA. Meta Platforms, Inc., Willow Road 1601 94025 Menlo Park, USA (Facebook) is certified in accordance with the EU-US Data Privacy Framework and an adequate level of data protection can be assumed.
Our products use “Google Ads Remarketing” to advertise Zattoo on Google’s search results as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google"). For this purpose, Google sets a cookie in your device's browser that automatically enables interest-based advertising based on a pseudonymous cookie ID and on the pages you visit.
Additional data processing only takes place if you have consented to Google, linking your Internet and app browsing history to your Google account and using information from your Google account to personalize ads that you see on the web.
Data processing from our apps will only be enabled if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.
We use conversion tracking as part of the “Google Ads” service. When you click on an ad placed by Google, a cookie for conversion tracking is stored on your device. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted in for conversion tracking. Google Ads conversion tracking will only be enabled if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.
Native advertising is a type of advertising that matches the form and function of the platform where it appears. In many cases it functions like an advertorial, and manifests as a video, article or editorial. The word "native" refers to this coherence of the content with the other media that appear on the platform.
Outbrain is headquartered in the USA (Outbrain Inc., 111 West 19th Street, 3rd Floor, New York, 10011, USA) and it cannot be ruled out that your personal data will be transferred to the USA. We would like to point out that in the case of Outbrain Inc. no adequate level of data protection can be guaranteed.
For more information about Outbrain, please visit this page.
In order to select a voucher offer that is currently of interest to you, we will send the encrypted hash value of your email address and your IP address in pseudonymous form to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe, Germany (Sovendus) (Art. 6 paragraph 1f GDPR). The activation of the Sovendus Iframes on our thank you page only takes place if you have previously given your consent for marketing purposes via our consent banner. The pseudonymous hash value of the e-mail address is used to take into account a possible objection to advertising by Sovendus (Art. 21 paragraph 3, Article 6 paragraph 1(c) GDPR). The IP address is used by Sovendus exclusively for data security purposes and, as a rule, made anonymous after seven days (Art.6 paragraph 1(f) of the GDPR).
In addition, for billing purposes, we communicate the order number, order value with currency, session ID, coupon code and timestamp to Sovendus (Art. 6 paragraph 1(f) GDPR). If there is no advertising objection associated to your e-mail address and you are interested in a voucher offer from Sovendus, by clicking on the voucher banner displayed if the former condition is met, you will leave the website zattoo.com and will be redirected to the websites of Sovendus GmbH.
Your data will not be passed on to third parties, unless we are legally obliged to do so, or the data transfer is necessary for the execution of the contractual relationship or you have previously expressly consented to the transfer of your data.
External service providers and partner companies, such as online payment providers, only receive your data if this is necessary to process your order. In these cases, however, the amount of data transferred is limited to the required minimum.
We attach great importance to the processing of your data within the EU/EEA. However, we may use providers who process data outside the EU/EEA. In these cases, we ensure that the recipient ensures an adequate level of data protection before transferring your personal data. This means that a level of data protection comparable to standards within the EU is achieved through EU standard contracts or an adequacy decision.
We have taken extensive technical and operational security precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological developments (Art. 32 GDPR, Articles 7, 8 DSG).
You can apply for a job with us online via our application portal. We process your personal data exclusively for the purpose of your application for an employment relationship, insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for this is Article 6 para.1 b) of the GDPR and § 26 para. 1 in conjunction with para. 8 p. 2 BDSG (job advertisement and implementation of pre-contractual measures) and Art. 6 para. 1 f) of the GDPR for unsolicited applications. Your personal data will be treated confidentially.
The following data can be processed by us in the application process:
Master data (title, first name, surname, if necessary date of birth)
Contact data (address, telephone or mobile phone number, private email address)
Application data (e.g., profile picture as well as other documents such as CV, cover letter, overall application, certificates).
If we are unable to offer you a position, you reject an offer of a position or withdraw your application, we reserve the right to store the data you have transmitted based on our legitimate interests (Art. 6 para. 1 f) of the GDPR) for up to 6 months as of the end of the application process (rejection or withdrawal of the application). The data is then deleted and the physical application documents destroyed. In particular, data is stored for evidence purposes in the event of a legal dispute. If the data will be foreseeably required after the 6-month period has expired (e.g., due to an impending or pending legal dispute), deletion will only take place if the purpose of further storage is no longer applicable.
Data can also be stored for a longer period of time if you consent to this in accordance with (Art. 6 para. 1 (a) of the GDPR or Art. 6 para. 6 DSG) or if statutory storage obligations preclude the deletion.
If we do not make you a job offer, you may be able to join our applicant pool. In case of admission, all documents and information from the application will be transferred to the applicant pool in order to contact you in case of suitable vacancies.
Admission to the applicant pool is based exclusively on your express consent (Art. 6 para. 1 (a) of the GDPR or Art. 6 para. 6 DSG). The submission agreement is voluntary and has no relation to the ongoing application procedure. You can revoke your consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, provided there are no legal reasons for storage. The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.