Privacy Policy

1. Data Controller

Formanova GmbH
Steinenvorstadt 33
4051 Basel, Switzerland
Email: info@joblistx.com
Phone: +41 43 588 33 32

EU Representative (Art. 27 GDPR):
To be appointed and listed here shortly.

2. Overview of Processing Activities

We process the following categories of personal data:

• Name, business email address and phone number of our customers' contact persons (B2B)
• Usage data (page views, feature usage within the software)
• IP addresses and technical device data when visiting the website
• Payment data (processed by Stripe, not stored by us)

Data subjects: Business customer contacts, website visitors, trial users (Free/Trial).

3. Legal Basis

Processing of personal data is based on the following legal grounds (Art. 6(1) GDPR):

• Consent (lit. a): Marketing cookies (Google Ads, Tapfiliate) — only after explicit consent via cookie banner.
• Performance of contract (lit. b): SaaS usage, account management, support, billing.
• Legitimate interests (lit. f): Website security, abuse prevention, service optimization, server logging.

4. Cookies and Tracking

Necessary Cookies

We use technically necessary cookies for website and software operation (session management, language settings, consent storage, authentication). These cookies are exempt from the consent requirement under § 25(2) TDDDG as they are strictly necessary for providing the service.

Marketing Cookies

The following marketing cookies are set only after your explicit consent(legal basis: Art. 6(1)(a) GDPR):

• Google Ads Conversion Tracking (ID: AW-17121442679) — measures whether a click on a Google ad led to a registration.
• Tapfiliate Affiliate Tracking (ID: 63192-58a728) — attributes registrations to an affiliate partner.

You can withdraw your consent at any time via the "Cookie Settings" link in the website footer. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

5. Recipients and Third Parties

• Google LLC (USA) — Purpose: Conversion tracking as part of Google Ads. Legal basis: Consent. Active only after consent.
• Tapfiliate BV (Netherlands) — Purpose: Affiliate tracking for commission attribution. Legal basis: Consent. Active only after consent.
• Stripe Inc. (USA) — Purpose: Payment processing for subscriptions. Legal basis: Performance of contract (Art. 6(1)(b) GDPR).
• Hosting Provider — EU server location. Processing based on a data processing agreement (Art. 28 GDPR).

6. Third Country Transfers

Some of our service providers are based in the USA. Data transfers are carried out on the basis of the EU-US Data Privacy Framework (Adequacy Decision of the EU Commission dated 10 July 2023). Additionally, Standard Contractual Clauses (Art. 46(2)(c) GDPR) are in place as supplementary safeguards.

• Google LLC: DPF-certified + SCCs
• Stripe Inc.: DPF-certified + SCCs

7. Retention Periods

• Consent cookie: 1 year (cookie lifetime).
• Consent log: 3 years (accountability obligation under Art. 7(1) GDPR).
• Contract data: Duration of the business relationship plus statutory retention periods (typically 10 years).
• Server logs: 30 days.

8. Your Rights

You have the following rights regarding your personal data:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)

Right to withdraw consent: You may withdraw any given consent at any time with effect for the future (Art. 7(3) GDPR). Withdrawal does not affect the lawfulness of processing carried out on the basis of the consent before its withdrawal.

Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. For Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). For EU data subjects, the competent supervisory authority of your member state applies.

To exercise your rights, please contact info@joblistx.com.

9. Data Security and Hosting

All data transmissions are SSL/TLS encrypted. Hosting takes place on servers within the EU. Sensitive data (e.g. integration API keys) is stored using AES-256-GCM encryption.

10. Automated Decision-Making

We do not use automated decision-making including profiling within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.

11. Data Processing Agreements

Where we process personal data on behalf of our customers, we enter into data processing agreements in accordance with Art. 28 GDPR. Please contact us at info@joblistx.com to conclude a DPA.

12. Provision of Data

The provision of personal data is partly required by law or contract. To use our SaaS software, providing your name and email address is required (performance of contract). Without this information, no account can be created and the service cannot be provided. Consent to marketing cookies is voluntary and does not affect the use of the software.