Attenda die Vermittlerlösung für Microsoft Teams

Menu
Login

VistaSys AG (hereinafter “VistaSys AG,” “we,” or “us”) is committed to processing all personal data (hereinafter “Personal Data”) collected via the portal in accordance with applicable data protection law and to implementing appropriate security measures to protect it against unauthorized access. In this Privacy Policy, we inform you in particular about which Personal Data is collected and processed in connection with the use of the portal, for what purposes it is used, to whom it may be disclosed, and what your rights are in relation to VistaSys AG’s use of your Personal Data. Personal Data means any information relating to an identified or identifiable natural or legal person, e.g., name, first name, address, email, date of birth, or telephone number. By accessing the online portal (hereinafter the “Portal” or “Website”) and using our services and products (e.g., Attenda), you confirm that you have read this Privacy Policy carefully and agree to the data processing described herein. Any questions related to this Privacy Policy may be addressed to info@vistasys.ch at any time. If you do not agree with this Policy, you must refrain from accessing the Portal and from using our services and products.

1. Controller

VistaSys AG, Rohrerstrasse 64, 5001 Aarau, +41 56 55601 23, info@vistasys.ch.

VistaSys AG determines the purposes and means of processing as set out in this Policy. Inquiries to info@vistasys.ch

2. Scope and Legal Bases

This Policy applies to:

  • Part A: Use of our Website (incl. portals/online forms)

  • Part B: Use of our Attenda product (web app and Microsoft Teams app)

We process Personal Data in accordance with Swiss data protection law (revFADP) and—where applicable—the GDPR. Where we rely on consent or legitimate interests, the rights to object/withdraw as described in this Policy apply.

Part A – Data Protection on the Website

3. Collection of Personal Data and Purposes of Processing
3.1 Personal Data automatically transmitted through use of the Portal

VistaSys AG collects and stores information that your browser automatically transmits to us when you visit our Website in server log files. This Personal Data is collected automatically and includes, for example:

IP address used (possibly anonymized/shortened), date and time stamp, browser and operating system used, language and version of the browser software, pages visited, and the respective amount of data transferred.

This Personal Data is not combined with other Personal Data and is stored separately from any other Personal Data provided by the user. It is deleted by us no later than three months after collection. VistaSys AG uses the automatically collected Personal Data to:

enable the display, operation, and functionality of the Portal;

ensure system stability and security;

improve and protect our services;

compile statistics in the event of attacks on the network infrastructure on which the Website is provided.

3.2 Personal Data provided by the user

VistaSys AG collects and processes Personal Data that the user voluntarily transmits to VistaSys AG via online form directly on the Portal, via our contact email address, via any other applications connected to the Portal, by telephone, or in any other way. This information includes, for example, the following Personal Data:

Names, first names, postal addresses, email address, telephone number, date of birth, gender.

Providing this Personal Data is expressly voluntary. However, without this Personal Data, we will not be able to provide the services requested by the user. VistaSys AG uses the Personal Data provided by the user in order to:

  • provide, maintain, protect, and optimize the services and information offered;
  • communicate with you and provide you with the best possible and personalized information you require from us (e.g., about our products and services);
  • offer you new services and information and—based on your profile—propose tailored services and information that may be of interest to you;
  • comply with legal or other regulatory requirements and internal policies;
  • establish, exercise, and/or defend actual or potential legal claims, investigations, or similar proceedings;
  • pursue other lawful purposes where such processing follows from the circumstances or was indicated at the time of collection.

3.3 Legal bases for processing

Processing of this Personal Data is based on the following legal bases:

  • your consent, provided it can be withdrawn at any time (e.g., when you subscribe to our newsletter or other marketing communications);
  • performance of a contract with you or steps prior to entering into a contract with you (e.g., when purchasing a product);
  • compliance with a legal obligation (e.g., for tax reasons or for the purposes of legal investigations or proceedings); or
  • our legitimate interests (e.g., protection and security of our services, systems, and assets; compliance with legal, regulatory, and contractual obligations; establishment, exercise, or defense of legal claims; maintaining and efficiently organizing business operations; improving and developing our services as well as promoting and marketing our services).

Where processing is based on your consent or on our legitimate interests, you may withdraw your consent or object to such processing at any time by contacting us at info@vistasys.ch
Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4. Recipients of Personal Data

VistaSys AG takes the necessary measures to ensure that only our authorized staff and auxiliaries with the necessary expertise have access to your Personal Data to fulfill the purposes for which it was collected. We may disclose your Personal Data, in accordance with the purposes and legal bases described above and to the extent necessary for the intended processing, to the following categories of recipients:

  • experts and other service providers of VistaSys AG in the context of a request;
  • service providers processing Personal Data on behalf of and under the instructions of VistaSys AG (so-called processors, e.g., in IT, hosting, and support);
  • other service providers, business partners, and auxiliaries (e.g., lawyers);
  • authorities, government agencies, courts, or other public institutions;
  • social media;
  • other parties in potential or actual legal proceedings.

We carefully select our partners and processors only where there is sufficient assurance that they have appropriate technical and organizational measures in place in accordance with legal requirements. Our processors may process Personal Data only on our documented instructions. All of them are subject to confidentiality obligations and may use your Personal Data only to the extent necessary to fulfill the purpose for which your Personal Data was collected, unless otherwise required by law.

5. Transfers of Personal Data outside the EU/EEA

Personal Data collected via our Website is stored in Switzerland. In addition, we may transfer, store, and process your Personal Data at data locations around the world, e.g., where our third-party providers or partners are located. We may therefore transfer your Personal Data outside the European Economic Area (EEA) if necessary for the processing described in this Privacy Policy and in accordance with applicable law. Where data is transferred to countries that do not ensure an adequate level of protection, we ensure appropriate protection by implementing suitable safeguards (e.g., contractual guarantees such as EU Standard Contractual Clauses), binding corporate rules, transfers based on your explicit consent, for the conclusion or performance of a contract with you, or in connection with the establishment, exercise, or defense of legal claims. For further information about our safeguards, please contact us at info@vistasys.ch

6. Retention period for Personal Data

As a rule, Personal Data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected, unless longer retention is required to fulfill legal obligations (e.g., retention and documentation duties), contractual or precontractual obligations, or our legitimate business interests (e.g., to establish, exercise, or defend legal claims). On this basis, we generally process Personal Data in compliance with the following rules and obligations:

Personal Data automatically transmitted through your use of our Portal (see Section 3.1) for the purpose of display, operation, and ensuring the functionality of the Portal is deleted within three to six months.

Personal Data you transmit to us in connection with the use of our services and products offered on our Portal, or that you otherwise provide to us via the contact email address (see Section 3.2), is generally retained by us until you request deletion, withdraw your consent to storage, or the purpose for storage no longer applies (e.g., after your inquiry has been fully handled).

For contract-related Personal Data (including business records and communications), we retain Personal Data for the duration of the contractual relationship and for a further ten years after the end of the contractual relationship, unless (i) a shorter or longer statutory retention period applies in the individual case, (ii) retention is required for evidentiary purposes or for another compelling reason under applicable law, or (iii) earlier deletion is required (e.g., because the data is no longer needed or must be deleted).

7. Cookies

When you access or use the Website, we may place so-called cookies—small text files—or similar tools on your computer. We use these cookies to recognize you as a user of the Website, to customize content, to improve the performance of the Website, and to enhance its user-friendliness.

a) Categories of cookies we use

Depending on function and purpose, the cookies we use can be divided into the following categories: functional cookies, performance cookies, and advertising cookies.

Functional cookies: serve a variety of purposes for the display, functionality, and performance of a website and, in particular, to improve visitors’ experience. They enable a website to store information already provided (e.g., username, location, or language selection) and offer improved, more personalized functions. Functional cookies are used, for example, to remember your login details. These cookies cannot track your movements on other websites.

Performance cookies: used to collect information about how a website is used—e.g., how visitors arrived at our Website, which pages are visited most often, how you navigated during your visit, and whether you receive error messages. We may also use these cookies to obtain statistical and analytical information, e.g., how many visitors have come to our Website. These cookies monitor activity levels and help improve Website performance.

Advertising cookies: enable us or a third party to display ads on our Website or on third-party websites for products that users may like, making the ads more relevant to users’ preferences or interests (sometimes called “targeting cookies”). They can also be used to assess the effectiveness of advertising and promotions.

These cookies may be placed by us or by a third party on our behalf. For more information about cookies and their use, see http://www.allaboutcookies.org/
The legal basis is your consent (Art. 6(1)(a) GDPR) or our legitimate interest (Art. 6(1)(f) GDPR). You can configure your browser so that no cookies are stored on your computer. Full deactivation of cookies may result in not being able to use all functions of our Website. By continuing to use our Website and/or by agreeing to this Privacy Policy, you consent to cookies being set by us and to the collection, storage, and use of personal usage data, including beyond the end of the browser session. You can withdraw this consent at any time by activating your browser’s setting to refuse third-party cookies.

b) Google Analytics

VistaSys AG uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The cookies used by Google Analytics are stored on your computer and enable analysis of your use of the Website. We use Google Analytics based on our legitimate interests in analyzing and regularly improving our Website and, through the resulting statistics, in improving our offering and making it more interesting for you. We also use Google Analytics based on your consent to tracking your browsing behavior on our websites and its analytical evaluation. The information generated by the cookie about your use of this Website is generally transferred to a Google server in the USA and stored there. These cookies may include, for example: IP address, number, date and time of visits, duration of visit, your referring page (referrer URL), pages visited on our Website, browser type/version, and operating system used. Google will use this information on our behalf because we have a legitimate interest in analyzing user behavior to optimize our Website and our advertising. Google uses this information to evaluate the use of our Website, to compile reports on Website activities, and to provide other services related to Website and internet usage for us. Pseudonymized user profiles may also be created from the processed Personal Data. We have enabled IP anonymization (IP masking) on this Website. As a result, your IP address is shortened by Google within member states of the European Union, in other contracting states of the Agreement on the European Economic Area, and in Switzerland before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. You can prevent the storage of cookies by adjusting your browser software accordingly. However, please note that in this case you may not be able to use all functions of this Website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the Website (incl. your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at:
https://tools.google.com/dlpage/gaoptout?hl=en

Alternatively, or within browsers on mobile devices, you can prevent collection of your Personal Data by Google Analytics by clicking the following link: Disable Google Analytics data collection for this Website. In this case, a special opt-out cookie will be set on your device that prevents future collection of your usage data when visiting this Website. If you delete your stored cookies, you must click this link again. Further information on Google Analytics’ handling of user data is available in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en
. It may also be possible that Google reviews a user’s Website usage and possibly combines collected Personal Data with other information about the user that Google has independently collected from other websites visited by the user, and uses this for its own purposes (e.g., to control advertising) under its own responsibility based on its own privacy policy. For more information on how Google processes Personal Data, see: https://policies.google.com/?hl=en
; https://policies.google.com/technologies/partner-sites

c) Google Maps

This Website uses Google Maps API, a mapping service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This enables us to display interactive maps directly on the Website and allows you to conveniently use the map function. The legal basis derives from your consent based on your voluntary input to create a route plan and from our legitimate interests in presenting our location and making it easy to find the place indicated on the Website. By using Google Maps, information about your use of our Website, including your IP address, may be transmitted to a Google server in the USA and stored there. Google may transfer information obtained through Google Maps to third parties where required by law or where such third parties process the data on Google’s behalf. Google will not combine your IP address with other data held by Google. Nevertheless, it is technically possible that Google could identify at least individual users based on the received data. It is possible that Personal Data and personality profiles of Website users could be processed by Google for other purposes over which we have no control. You can disable Google Maps and prevent data transfers to Google by deactivating JavaScript in your browser. However, this will mean you cannot use the map display. For information about the purpose and scope of data collection and processing by Google, as well as your rights and settings options to protect your privacy, see: http://www.google.de/intl/en/policies/privacy

8. Social Media Plug-ins

We use the social plug-ins listed below on our Website to increase our company’s visibility. The underlying promotional purpose is a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Responsibility for data-protection-compliant operation lies with the respective providers. Processing in connection with these plug-ins occurs when you use them and is based on your consent. If you use the services of these social networks independently or in connection with our Website, the social networks will evaluate your use of the plug-in. In this case, information about the plug-in is forwarded to the social networks.

a) Google+
Our Website uses plug-ins of the social network Google Plus, offered by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The plug-ins are identifiable, e.g., by buttons with the “+1” sign on a white or colored background. An overview of Google plug-ins and their appearance can be found here: https://developers.google.com/+/plugins
. When you access a page of our Website that contains such a plug-in, your browser establishes a direct connection to Google’s servers. The content of the plug-in is transmitted by Google directly to your browser and integrated into the page. Through this integration, Google receives the information that your browser has accessed the corresponding page of our Website, even if you do not have a Google Plus profile or are not logged in. This information (including your IP address) is transmitted by your browser directly to a Google server in the USA and stored there. If you are logged into Google Plus, Google can directly associate the visit to our Website with your Google Plus profile. If you interact with the plug-ins, e.g., by pressing the “+1” button, the corresponding information is also transmitted directly to a Google server and stored there. The information is also published on Google Plus and shown to your contacts. For information on the purpose and scope of data collection and further processing and use by Google, as well as your rights and settings to protect your privacy, please see Google’s privacy notices.

b) LinkedIn
Our Website includes plug-ins of the social network LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA. The LinkedIn plug-in (“LinkedIn Recommended” button) is recognizable by the LinkedIn logo. When you access a page of our Website that contains such a plug-in, a direct connection between your browser and the LinkedIn server is established. LinkedIn thereby receives the information that you have visited our page with your IP address. If you click the LinkedIn button while logged into your LinkedIn account, you can link the content of our pages on your LinkedIn profile. LinkedIn can thus associate the visit to our pages with your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn. Further information can be found at: https://www.linkedin.com/legal/privacy-policy

9. Email and Newsletters for Marketing Purposes

If you subscribe to our newsletter, we use your email address to send you information about our products and services as well as other commercial communications (e.g., announcements of events, competitions, and surveys) that may be of interest to you, provided you are added to the mailing list. You can unsubscribe at any time by clicking the “Unsubscribe from this list” link at the end of each email or by contacting us directly at info@vistasys.ch

10. Security

VistaSys AG has implemented organizational and technical measures to maintain the security of Personal Data and protect it against unauthorized or unlawful processing, accidental loss, alteration, disclosure, or access. VistaSys AG may engage third parties as data processors to collect and process your Personal Data. The processors we engage will process your Personal Data only in accordance with our instructions and are legally obliged to implement strict security measures when handling Personal Data. Unfortunately, transmission of information over the internet is not entirely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of data transmitted to our Website; any transmission is at your own risk. For this reason, you are always free to transmit your Personal Data to us by other means, e.g., by telephone. Once we have received your data, we apply strict procedures and security measures to prevent unauthorized access.

11. Third-Party Privacy Policies

Please note that if you click a link to a third-party website (e.g., Google, social media, or other websites), you are redirected to a site we do not control, and our Privacy Policy no longer applies. Your browsing and interaction on another website are subject to that website’s terms of use and privacy policies/notices. Moreover, we cannot guarantee the accuracy and timeliness of such links. We recommend that you carefully read the terms of use and privacy policies/notices of other websites before submitting Personal Data via such websites. We are not responsible or liable for the content and data processing of such third-party websites.

12. Children

Our Website is not intended for children, and we do not knowingly collect Personal Data from children under the age of 16 unless we have the express consent of the parents. If we are notified or otherwise become aware that Personal Data of a child under 16 has been collected improperly, we will take all reasonable steps to delete such Personal Data.

Part B – Data Protection in the Attenda Product


B1. Roles and Responsibilities

When using Attenda, we process Personal Data on behalf of our customers. The customer is the Controller within the meaning of the revFADP/GDPR; we act as Processor in accordance with the DPA/AVV. For our own administrative/billing data, we act as Controller.

B2. Product and Identity

Attenda is a web app and can be used as a Microsoft Teams app. Authentication is mandatory via Microsoft Entra ID (business identity of users).

B3. Purposes of Processing

  • Provision & operation: authentication (Entra ID), authorization/roles, tenant/configuration settings
  • Security & stability: abuse/incident prevention, monitoring, audit/logging
  • Support & troubleshooting: ticket handling, temporary diagnostic data
  • Billing/administration (B2B)
  • Product improvement: aggregated/anonymous usage data (no profiling producing legal effects)

B4. Categories of Personal Data

  • Master/identity data: name, business email/UPN, roles/groups
  • Usage/operational data: log events, telemetry, performance/status data, timestamps
  • Configuration/content data: tenant-specific settings; only to the extent functionally required
  • Support/diagnostics: ticket content, error messages, selective log excerpts (time-limited)

B5. Legal Bases (Attenda)

Performance of contract (B2B subscription), legitimate interests (security, service quality, abuse prevention), and consent where legally required.

B6. Locations & International Transfers

Primary processing in Azure region Switzerland North. If, exceptionally, data is transferred to third countries, we implement appropriate safeguards (e.g., EU Standard Contractual Clauses) and—where necessary—conduct transfer impact assessments.

B7. Sub-processors / Recipients

We use selected sub-processors. Currently:

  • Microsoft (Azure): infrastructure/platform services (compute/storage/network), region Switzerland North.

Changes are published with versioning; customers are notified in advance per the DPA (right to object).

B8. Retention & Deletion (Attenda)

  • Log files & telemetry: 30 days, then deletion or aggregation
  • Backups: 30-day rolling window, then automatic deletion
  • Customer data after contract end: deletion or return in accordance with the DPA; deletion is documented
  • Support/ticket data: until resolution plus statutory retention
  • Website retention periods remain unaffected; differences are intentional due to operational requirements of the product.

B9. Security (TOMs)

Encryption in transit (TLS) and at rest, tenant isolation, role-based access control (least privilege), hardening/patch management, monitoring/alerting, regular audits, vulnerability management, secured admin access (JIT/JEA), incident response including notification processes.

B10. Data Subject Rights & Request Flow

Data subject rights (access, rectification, deletion, restriction, objection, data portability) are in principle to be addressed to the Controller (our customers). We support Controllers in fulfilling these rights in accordance with the DPA. Requests to us directly: info@vistasys.ch

B11. Microsoft Entra ID & Microsoft Teams

Depending on tenant configuration, identity/token information is processed between your Microsoft tenant and Attenda. Microsoft’s processing is subject to your organization’s Microsoft agreements and privacy notices.

13. Your Rights

You may exercise your data protection rights at any time and, upon proof of identity, obtain information about your stored Personal Data, have it corrected, supplemented, object to its processing, or request its deletion. Please contact info@vistasys.ch
. Please note that even after a deletion request, we may have to retain your Personal Data in whole or in part within the framework of statutory and contractual retention obligations. Deletion of your Personal Data may mean that you can no longer use our services.

14. Changes to this Privacy Policy

VistaSys AG reserves the right to amend, supplement, or otherwise modify this Privacy Policy at any time without stating reasons. The version published on the Portal at any given time is the applicable Privacy Policy.

Aarau, 24. September 2025 / Version September 2025

Scroll to Top