Data Protection Notes of DSwiss AG

We take your privacy very seriously and process your personal data in accordance with the respective applicable statutory data protection requirements. We commit to protecting the personal data of the visitors of our website. Personal data within the meaning of this information is any information that may have a reference to your person, i.e. name, address, email and internet protocol addresses, user behavior.

When recording your personal data, it is our utmost desire to offer you safe, uncomplicated, efficient service wholly customized to your needs. In the following data protection notes, we inform you about processing of your personal data by us. Furthermore, we provide you with an overview of your data protection rights. Which data are processed in detail and how they are used is essentially according to the services used, requested or agreed.

1. Controller and Data Protection Officer

(1) The controller in accordance with Article 4(7) General Data Protection Regulation (GDPR) or service provider in accordance with § 13 Telemedia Act (Telemediengesetz; TMG) is:

DSwiss AG
Privacy Department
Badenerstrasse 329
CH-8003 Zurich
Switzerland

(2) You can contact the data protection officer at:

DSwiss AG
Dr. T. Christen
Privacy Department
Badenerstrasse 329
CH-8003 Zürich
Switzerland
E-Mail: privacy@dswiss.com

2. Source of personal data

We process personal data that we obtain from you in the scope of creation of your SecureSafe account, your visit to our website, within the context of your contact with us by email or via a contact form.

3. Categories of personal data that are processed

(1) If you visit or use our website for information only, i.e. if you do not register or otherwise transmit any information to us, we will only collect the personal data your browser transmits to our server. If you want to view our website, we will collect the following data that we require technically in order to show you our website and to ensure its stability and security:

  • Your internet protocol address,
  • Date, time and duration of your visit,
  • Content of the requirement (specific page),
  • Access status/http status code,
  • The respective data volume transferred,
  • Website sending the requirement,
  • Your browser,
  • Your operating system.

These data serve internal statistical purposes only.

(2) In addition to the above data, transient and persistent cookies will be stored on your computer when you use our website. Cookies are small text files that are stored on your hard disc associated with the browser you use and through which the party that sets the cookie will receive certain information. Cookies cannot execute any programs or transfer any viruses to your computer. They serve to make the internet offer as a whole more user-compatible and effective.

(3) Most browsers are set so that they accept cookies. You can, however, deactivate the recording of cookies in your browser at any time or set your browser so that you will be informed as soon as cookies are sent. However, please note that you may not be able to use all functions of this website then.

(4) This stored information will be stored separately from any other data that may have been indicated to us. In particular, the data from the cookies will not be combined with any other data from you.

4. Further functions and offers of our website

(1) In addition to the purely informational use of our website, we offer various services that you may use if you are interested. For this, you usually must indicate further personal data that we use for rendering the respective service and that are subject to the above principles of processing activities.

(2) When you contact us by email or through a contact form, the complete data disclosed by you (your first and last names, your email address, the company name and address of the company for which you work and your phone number) will be stored by us in order to answer your request. The same shall apply if you contact us by email within the context of application proceedings. We will erase the data arising in this context after storage is no longer necessary, or we shall restrict processing if there are any legal archiving obligations.

5. Google Universal Analytics with IP anonymization

(1) This website uses Google Universal Analytics with IP anonymization, a web analysis service of Google Inc. ("Google"). Google Universal Analytics uses "cookies". The information generated by the cookie regarding your use of this website is usually transferred to a server of Google in the USA and stored there. Due to activation of IP anonymization by us on this website, your internet protocol address will be abbreviated first by Google within member states of the European Union or in other contracting states of the convention on the European Economic Area. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, in order to compile reports on the website activities and to render further services connected to website use and internet use towards the website operator.

(2) The internet protocol address transmitted by your browser within the context of Google Universal Analytics will not be combined with any other data of Google.

(3) Beyond the cookie settings in your browser, you may prevent recording of the data generated by the cookie and referring to your use of the website (incl. your internet protocol address) and processing of these personal data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

(4) Note that Google Universal Analytics has been expanded by the code "ga('set', 'anonymizeIp', true);" on this website, in order to ensure anonymized recording of Internet Protocol addresses (IP masking). This means that internet protocol addresses will be processed further abbreviated.

(5) We use Google Analytics in order to analyze use of our website and regularly improve it. The statistics acquired enable us to improve our offer and to make it more interesting for you as the user. For exceptions in which personal data are transmitted to the USA, Google has subjected itself to the EU-US Privacy Shield.

(6) Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://google.com/analytics/terms/de.html; Overview of data protection: https://www.google.com/analytics/learn/privacy.html?hl=de. and the data protection statement: http://www.google.de/intl/de/policies/privacy.

6. Integration of YouTube videos

(1) We have integrated YouTube videos into our online offer that are stored on http://www.YouTube.com and that can be played directly from our website. All of these are integrated in the "expanded data protection mode", i.e. so that no data concerning you as user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data named in paragraph 2 be transmitted. We cannot influence this data transmission.

(2) By your visit to the website, YouTube will be informed that you have called up the corresponding sub-page of our website. The data named in item 3 of these data protection notes statement will be transmitted as well. This is done no matter if YouTube provides a user account through which you are logged in or whether you have no user account. If you are logged in to Google, your data will be associated with your account directly. If you do not wish assignment to your profile at YouTube, you need to log out before you activate the button. YouTube will record your data in usage profiles and use them for the purpose of advertising, market research and/or demand-oriented design of its website. Such evaluation shall in particular take place (even for users who are not logged in) in order to display demand-oriented marketing and in order to inform other users of the social network of your activities on our website. You have a right to object to the generation of these user profiles. In order to exercise this right, you must contact YouTube.

(3) Further information on the purpose and extent of data collection and processing by YouTube is available in the data protection statement. It also contains further information on your rights and setting options for protecting your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US-Privacy-Shield.

7. Integration of Google reCAPTCHA

(1) Our website uses the reCAPTCHA service by Google to protect your requests via an online form. The query serves to distinguish whether the input is made by a person or abusively by automated machine-based processing (e.g. by bots). The query includes sending of the internet protocol address and any further data needed by Google for the service to Google. For this purpose, your input will be transmitted to Google and used further there.

(2) By using reCAPTCHA, you agree that the recognition provided by you will be used for the digitalization of old works. Due to activation of IP anonymization by us on this website, your internet protocol address will be abbreviated first by Google within member states of the European Union or in other contracting states of the convention on the European Economic area. Only in exceptional circumstances will your full internet protocol address be transmitted to a server of Google and abbreviated there. On behalf of the operator of this website, Google shall use this information in order to evaluate your use of this service. The internet protocol address transmitted by your browser within the context of reCAPTCHA will not be combined with any other data of Google. These data are subject to the deviating provisions on data protection of Google Inc. For more information on the data protection directives of Google, see: https://www.google.com/intl/de/policies/privacy/.

8. Categories of recipients of the personal data

(1) We have some of the processes and services performed by carefully selected service providers mandated in compliance with data protection. These external service providers are bound to our instructions and subject to regular inspection. They will not pass your data on to any third parties.

(2) Regarding data forwarding to further recipients, we shall only pass on information concerning you if statutory provisions require this, if you have consented to it or if we are authorized to pass them on. If these conditions are met, recipients of the personal data may be, e.g.:

  • Public bodies and institutions (e.g. financial authorities, law-enforcement authorities) when there is a statutory or authority obligation.

9. Purposes of the processing for which the personal data are intended and legal basis for processing

We process your personal data in compliance with the respective applicable statutory provisions on data protection. Processing is lawful if the following condition is fulfilled:

  • Consent (point (a) of Article 6(1)) GDPR:
    Processing of personal data is lawful after consent to processing for specified purpos-es (e.g. processing of your request, use of the data for marketing purposes). You may withdraw consent given at any time, effective for the future. This shall also apply to withdrawal of declarations of consent that were given to us before the application of the GDPR, i.e. before 25 May 2018.
  • Sending you targeted update information, specific SecureSafe preferential offers. We will send you such offers in a brief email.
  • Due to contractual obligations (point (b) of Article 6(1)) GDPR
    We process personal data in order to meet our contractual obligations or to carry out pre-contractual measures that take place upon request. The purposes of the pro-cessing activities result primarily from your request.
  • Due to statutory specifications (point (c) of Article 6(1)) GDPR:
    DSwiss AG is subject to various legal obligations. These include, among others:
    • Storage requirements under commercial and tax law according to the law of obligations and the Federal act on direct Federal tax (Bundesgesetz über die direkte Bundessteuer),
    • Compliance with controlling and notification obligations under tax law.
  • Within the context of consideration of interests (point (f) of Article 6(1)) GDPR:
    As far as is necessary, we will process your data beyond the actual performance of the contract to protect legitimate interests of us or of third parties. Examples:
    • Establishment of legal claims and defenses in legal disputes,
    • Ensuring IT security and IT operation,
    • Analysis and improvement of use of our website.

10. Intention to transmit personal data to a third country or an international organization

The data are in principle only processed within Switzerland. The EU commission has established in accordance with Article 25(6) of the directive on privacy of the EU that Switzerland offers an appropriate level of protection. Active transfer to any further third countries will take place solely if this has been expressly indicated within the context of the services named above.

11. Criteria for determination of the duration for which the personal data are stored

(1) The data are generally stored in accordance with the statutory rules on processing activities and under observation of statutory storage periods. We process and use your data only for the purposes to which we are entitled and for as long as the data are needed for such purposes.

(2) If the data are no longer necessary for the purpose or to fulfill statutory obligations, they are usually erased unless their – temporarily or possibly restricted – further processing is required for the following purposes:

  • Meeting archiving obligations under commercial and tax law: These are the law of obligations (Obligationenrecht; OR) and the Federal law on the direct Federal tax (Bundesgesetz über die direkte Bundessteuer; DBG). The storage and documentation periods according to these usually are 10 years.
  • Preserving evidence within the context of the statutory expiration provisions.

12. Your data protection rights

(1) Every data subject has the right to access according to Article 15 GDPR, the right to rectification according to Article 16 GDPR, the right of erasure according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR, the right to objection from Article 21 GDPR and the right to data portability from Article 20 GDPR. Additionally, there is a right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG). For rectification of the data, you may log in to your user account and make the desired changes using the field "Preference" (upper right).

(2) You may withdraw your consent granted to us for processing of personal data at any time, effective for the future. This shall also apply to withdrawal of declarations of consent that were given to us before the application of the General Data Protection Regulation, i.e. before 25 May 2018.

(3) You have the right to object to processing of personal data concerning you that are processed based on point (e) of Article 6(1) GDPR (processing activities in the public interest) and point (f) of Article 6(1) GDPR (processing activities based on consideration of interests) based on grounds resulting from your particular situation at any time; this shall also apply to profiling based on this provision within the meaning of Article 4(4) GDPR.

In individual cases, we will process your personal data for direct marketing. You have the right to object to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing, at any time.

If you object to processing for direct marketing purposes, we shall no longer process your personal data for such purposes.

If you object, we shall no longer process your personal data, except if we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or if processing serves to establish, exercise or defend legal claims.

The objection can be filed informally and should be targeted at:

DSwiss AG
The data protection officer
Dr. T. Christen
Privacy Department
Badenerstrasse 329
CH-8003 Zürich
Switzerland
Email: privacy@dswiss.com

13. Obligation to provide and possible consequences of failure to provide personal data

Within the context of use of our offers, you must provide the personal data that are necessary to fulfill the purpose or that we are required to collect by law. Without these data, we will usually be unable to render the desired service.

14. Data security

Your personal data will be stored and processed on our computers in Switzerland. We protect your personal data by compliance with physical, electronic and process-technical security measures in accordance with the applicable Swiss Federal legislation. Among others, firewalls and data encryption are used to protect our computers. Beyond this, we perform person controls at access to our buildings and files, and grant access to personal data only to those employees who need them to perform their tasks.

15. Use of automated decision-making, including profiling

These data protection notes may be updated occasionally, since we continually develop and optimize our services. For this, the respective latest version will be published on our website.

16. Changes to the data protection notes

These data protection notes may be updated occasionally, since we continually develop and optimize our services. For this, the respective latest version will be published on our website.