Privacy Policy of Werft22 AG


Werft22 AG (hereinafter referred to as Werft22) provides nanoo.tv (including nanoo.security) as a service to teachers, learners and administrators at schools as well as to the contracting party of the respective user agreement ("Authorised Users"). In addition, nanoo.security is also provided as a stand-alone service for other contractual partners. Werft22 AG takes the protection of personal data very seriously. We want you to know what data we collect, retain and process. By providing the information below, we are thus giving you an overview of the processing of your personal data by us. The specific data processed in a given case and the manner of its use is thus primarily governed by the respective agreed services. In doing so, we adhere to the requirements of the applicable data protection laws. Moreover, we also outline your rights below.

If you have any questions or concerns, please do not hesitate to contact us. We are pleased to help you.

1. Responsible body and data protection advisor

Werft22 is the data controller for the collection, processing, and use of your personal data:

Werft22 AG nanoo.tv | nanoo.security
Weite Gasse 21
CH-5400 Baden
+41 56 210 91 38

Data protection advisor Werft22 AG / nanoo.tv|nanoo.security is Dr Reto Fanger. Please direct any enquiries about this statement or concerns relating to data protection to the following address:

Werft22 AG nanoo.tv | nanoo.security
Dr. Reto Fanger
Data protection advisor
Weite Gasse 21
CH-5400 Baden
datenschutz@werft22.com

2. Scope and Data

This Privacy Policy relates to personal data of the following natural persons:
- customers and users of nanoo.tv, nanoo.security and Werft22
- all other natural persons in contact with nanoo.tv, nanoo.security and Werft22, e.g. representatives of educational institutions, schools and cantonal public authorities, service providers, representatives and employees of legal persons, visitors to our website, suppliers, craftspeople, etc.

The subject of data protection is personal data. This is all information that relates to an identified or identifiable person. Relevant personal data are, for example, personal details (including surname, first name, date of birth, address, e-mail address, telephone number, account number, etc.). In addition, order data, data from the fulfilment of our contractual obligations, documentation data as well as other data comparable to the categories mentioned may also be personal data. We only process personal data if there is a legal basis for doing so or if you have given us your consent in this regard.

3. Used Sources and Data

Werft22 also collects your personal data, i. a., if you contact us, e.g. as customer, user, prospect, service provider, craftsperson or perhaps as applicant. We further process personal data we receive within our services as well as data arising within the use of, or specified by you on, our website (e.g. in the context of contacting us via the e-mail address provided there or via the contact form or by calling our office).

4. Purpose of the data processing

We process personal data for the following processing purposes:

a) Fulfilling our contractual duties / provision of services 
Werft22 retains and processes your personal data for the purpose for which you voluntarily surrendered it to us, thus, in particular, to render our services in relation to the provision and utilisation of TV, film and video material for use in the school and education sector. Werft22 further retains and processes personal data to provide, administer and implement the user and customer communication by phone or via electronic means of communication. In addition, data is processed to take steps prior to entering into a contract (e.g. pre-order clarifications with customers or suppliers) upon an enquiry.

b) Within a balancing of interests
Where necessary and permissible, we process your data beyond the actual provision of our services to protect our legitimate interests or those of third parties. Examples for this are:
- establishment of legal claims and defence in case of legal disputes
- ensuring IT security and IT operation
- information events, advertising and marketing measures, unless the relevant data use has been objected to
- measures for business management and for informing about our services
- analysing the web traffic on our website to improve the functionality of our website
- prevention and solving of crimes

c) Based on your consent
Insofar as you have given us consent to process personal data for specific purposes, the lawfulness of these processing operations is given based on your consent. Any consent given may be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

d) Due to legal stipulations or public interest
Moreover, data may be processed or disseminated if this is necessary due to legal stipulations and a public interest.

5. Dissemination of Personal Data

At Werft22, your data may only be accessed by employees who require such data to fulfil the contractual and legal duties. Personal data is disseminated exclusively if a sufficient legal basis for this (e.g. the purpose of contract fulfilment, a legitimate interest or a consent on your part) exists. In addition, data may be transferred to other persons responsible to the extent that we are obliged to do so due to legal provisions or by an enforceable administrative or judicial order. Service providers deployed by us may likewise receive data in compliance with the legal stipulations for data dissemination if they observe relevant confidentiality. This includes, i. a., companies in the IT services, telecommunications as well as (legal) counselling, payroll accounting as well as distribution and marketing categories. We carefully selected these service providers and obligate them to carefully handle and back up the respective data. Personal data may also be disseminated within our business activity to recipients based outside Switzerland, the EU or the EEA, in ‘third states’, in compliance with the legal stipulations for data dissemination. We ensure in advance of such dissemination that either an adequate level of data protection exists at the recipient’s or you consented to such dissemination.

6. Safekeeping Personal Data

We process and retain your personal data as long as this is necessary to fulfil our contractual and legal duties or other purposes pursued with the processing and as long as we have a legitimate interest in safekeeping the respective personal data. In addition, we safekeep any personal data that is subject to the legal safekeeping periods or still required for legal prosecution or for the securing, establishment or enforcement of legal claims. (Limited) further processing is required, i. a., for the following purposes:
- fulfilment of safekeeping obligations under commercial and tax law, e.g. from the Code of Obligations (CoO) and the tax laws, with the safekeeping or documentation periods stipulated there being usually ten years
- obtaining evidence within the legal prescription regulations as per Art. 127 et seqq. Swiss Code of Obligations (CoO)

7. Confidentiality / Security

Any and all collected, processed and retained personal data is treated as confidential by Werft22 and its employees. We take appropriate technical and organisational measures (e.g. controlled access restrictions, IT security applications and measures, etc.) to reasonably protect such data from unauthorised accesses and misuse. In addition, the electronic data is safekept with all due are and exclusively stored on our servers. Please note that data sent by e-mail is disseminated unencrypted. It can thus not be ruled out that data gets lost on its way or can be consulted by third parties. Such an online transmission of personal data is hence at one’s own risk.

8. Your Rights

You enjoy different rights, depending on the applicable legal basis. You may assert your rights at the contact address indicated above (under clause 1). Where the Swiss Data Protection Act (DSG) is applicable, you are entitled to assert the right to information, the right to rectification, the right to erasure and the right to restriction of data processing. Furthermore, you are entitled to object to data processing by us. Moreover, you may withdraw any consent to the processing of your personal data given to us. Please note that the withdrawal will be effective only for the future. This does not affect data processing operations performed prior to the withdrawal. Where the EU General Data Protection Regulation (GDPR) is applicable, you may assert the right to information, the right to rectification, the right to erasure, the right to restriction of data processing, the right to object as well as the right to data portability. Furthermore, you are entitled to object to data processing by us. If you do raise any objection, we will no longer process your personal data, unless we demonstrate legitimate and overriding grounds for the processing or for the establishment, exercise or defence of legal claims. Moreover, you may withdraw any consent to the processing of your personal data given to us. Please note that the withdrawal will be effective only for the future. This does not affect data processing operations performed prior to the withdrawal. Without prejudice to any other administrative or judicial remedy, each data subject has the right to lodge a complaint with the competent data protection authority, in Switzerland with the Federal Data Protection and Information Commissioner, in the scope of the GDPR with a competent data protection supervisory authority under Art. 77 GDPR.

9. Obligation to Provide Personal Data

You must provide any personal data within our business, customer and user relationship that is necessary to enter into, implement and fulfil the business, customer and user relationship to ensure that we are able to both fulfil our contractual duties and collect or process any data we are legally required to collect. We will usually not be able to enter into a business, customer and user relationship with you or to execute an appropriate contract without such data.

10. Cookies and Social Media

As Werft22, we use web analysis technologies. In addition, we also use social media platforms (Twitter, LinkedIn).

a) Cookies
We use ‘cookies’ on our website. This is a technology which can be used to identify your browser or / and device. Cookies are small text files which are filed and retained on the computer system via a web browser. Where a user accesses a website, a cookie may be retained on the user’s operating system. A cookie contains a distinctive string that allows the unique identification of the browser the next time the website is accessed. As data subject, you can prevent the retention of cookies by our website at any time by setting the used web browser accordingly and thus permanently object to the placement of cookies. Furthermore, you can erase cookies already placed at any time using a web browser or other software programmes. The respective browser can be set such that information is provided about the placement of cookies, allowing to decide on a case-by-case basis whether the respective cookie is accepted, or its use is not accepted. The relevant cookie setting differs depending on the browser used. An explanation of how the respective cookie setting can be changed is usually available in the browser help menu. The help menu for the browsers below can be found at the following links:
Edge / Firefox / Chrome / Safari / Opera/ Vivaldi 
Where the user does not accept an application cookie, the presentation of a usability of our website may be limited for the relevant user.

b) Twitter
Werft22 has a Twitter account we use to present our company as well as our services. Moreover, the Twitter account serves to communicate with both customers and interested parties. Twitter is a service of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for the processing of data from persons living outside the United States. If you use Twitter, your personal data is processed, thus i. a. collected, transmitted, retained, disclosed and used, by Twitter Inc., with the data being processed, regardless of your place of residence, in the United States, Ireland and every other country in which Twitter Inc. operates. Please note that we, Werft22, do not have any access to such user data. Only Twitter is able to access the data specified above. The data voluntarily entered by you, such as name and username, e-mail address, phone number, contact details of your address book (where uploaded or synchronised) is collected or processed by Twitter. In addition, Twitter also evaluates the contents shared via the platform. This allows Twitter to establish the topics you are interested in. Moreover, the messages you send to other users via Twitter are retained and processed. Finally, it is possible to establish your location, i. a. by using GPS data, information of the wireless networks used as well as the IP address. This serves, i. a., to send advertising or other contents to you. Using Twitter buttons or widgets and cookies, Twitter is further able to ascertain your visits to our website and to assign these to your personal Twitter profile. This established data can be used to individualise advertising and to present contents. You can restrict the processing of your data by Twitter via the settings of your Twitter account under “Data Protection and Security”. Moreover, it is possible to limit the access to contact details, calendar, photos, location data, etc. by Twitter for mobile devices (smartphones, tablet computers) in the relevant system settings. The specific restriction possibilities depend on the respective operating system used by you. Further information on this is available at the following web addresses:
Twitter Support
Twitter Privacy Data
Please note that using the Twitter service and its functions, in particular the interactive functions (e.g. share, rate) is on your own responsibility. Information on data processing and on the respective purposes pursued with it can be found in the Twitter Privacy Policy:
Twitter Privacy Policy

c) LinkedIn
We use components of the LinkedIn network on our website. LinkedIn is a service of the LinkedIn Corporation, Mountain View, USA. With each individual call-up of our website with such a component, this component causes the browser you are using to download a specific representation of the component from LinkedIn. Through this process, LinkedIn receives information about which specific subpage of our website you have just visited. If you click the LinkedIn "Recommend Button" while you are logged into your LinkedIn account, you can link the content of our pages on your LinkedIn profile. This enables LinkedIn to associate your visit to our website with your LinkedIn user account. This information is usually transferred to a LinkedIn server in the USA and stored there. We have no influence on the data collected by LinkedIn nor on the scope of the data collected by LinkedIn. We also have no knowledge of the content of the data transmitted to LinkedIn. For details on data collection by LinkedIn and your rights and settings options, please refer to LinkedIn's privacy policy: LinkedIn Privacy Policy

11. IT System Logs

Any use of the Internet, e.g. calling up websites and sending e-mails, is accompanied by the automatic transfer of data, which might be classified as personal data to some extent and are retained by us in ‘system logs’. Werft22 retains the system logs to establish malfunctions as well as for security reasons. Once the data is no longer required to fulfil operational or legal duties, it will be erased.

12. Modifications to the Data Protection Notices

We reserve the right to modify these Data Protection Notices at any time. The respective current version published by us on our website applies. The date of the last update can be found at the end of these Data Protection Notices.


Effective: July 2023