Privacy Policy

Version 3.0, published on 23.05.2025
‍

1.    General

1.1.      DSwiss AG, a Swiss corporation with its place of business in Zurich, Switzerland ("we", "our" or "us"), is the provider of the websites www.dswiss.com, www.securesafe.com and other websites and mobile applications with similar contents (together the "Website"). Through our Website, we provide SaaS solutions to our customers (the "Product"). Data protection is important to us.

1.2.     This privacy policy (the "Privacy Policy") describes particularly how we handle personal data, namely concerning the collection, storage and usage. Furthermore, it sets forth how collected personal data may be examined, corrected or deleted.

1.3.     If you ("you", "your", "yours" or “yourself”) provide us with personal data of other persons (such as family members, work colleagues, friends or persons you do not know yet), please make sure the respective persons are aware of this Privacy Policy and only provide us with their data if you are allowed to do so and such personal data is correct and appropriate. It is your responsibility to ensure compliance with this Privacy Policy regarding third-party data. You understand and agree that we cannot monitor compliance regarding such data.

1.4.     We do not intentionally collect personal information from anyone under the age of 13. If you are under the age of 13, please do not attempt to register with us or provide any personal information about yourself to us. If we learn that we have collected personal information from a child under the age of 13, we will promptly delete that information. If you believe that we might have any information from a child under the age of 13, please email us at privacy@dswiss.com.

1.5.     The terms “collect”, “controller”, “data subject”, “personal data”, “processor” and “process” in this Privacy Policy shall have the meaning set out in the applicable data protection laws. Depending on the data processing, in addition to the applicable Swiss law, particularly European data protection law may also or exclusively apply (the “applicable data protection law”).

1.6.     This Privacy Policy applies to all processing activities relating to personal data in the context of your visits or use of our Website, including but not limited to our Product

‍

2.   Controller and Data Protection Officer

2.1.     The controller of the data processing as described in this Privacy Policy (i.e. the responsible person) is DSwiss AG, CH-8003 Zurich, Switzerland unless we have informed you differently in certain cases. We do not act as a controller for data you have stored within our Products due to the zero knowledge architecture such data is being protected by.

2.2.     You can notify us of any data protection related concerns using the following contact details:

DSwiss AG
Data Protection Officer
Data Protection Department
Badenerstrasse 329
CH-8003 Zurich
Switzerland
Email: privacy@dswiss.com‍

‍

3.   Processing Activities

Depending on your relationship with us and your activities on our Website, we process different personal data about you for different purposes as described more in detail below.
‍

A.        Visiting our Website

3.1.      Data processing: When you access our Website, the browser used on your device automatically sends information to the server of our Website. This information is temporarily stored in a so-called log file. The data is processed by Webflow Inc. (“Web Provider”). Further details can be found in the Web Provider privacy policy.

3.2.     Personal data: The following information is collected without your intervention and stored until deletion:

• IP address of the requesting computer;
• Date and time of access, duration of visit;
• Name and URL of the accessed URL;
• Website or source from which the access is made (referrer URL, social media channel, email, etc.);
• Access status/status code;
• Amount of data transferred in each case; and
• Browser type and version as well as other information transmitted by the browser, such as the operating system of your computer, your device type, your geographical origin, language setting, etc.

‍

3.3.     Purpose: The personal data is processed for the following purposes:

• Ensuring a smooth connection of our Website;
• Ensuring a comfortable use of our Website; and
• Evaluation of system security and stability.

‍

3.4.     Retention period: After your session has expired, the session cookies are deleted.

B.      Visiting and Using our Product

3.5.     General: In addition to the purely informational use of our Website, you may want to use our Product. Such use requires you to provide further personal data to us in order to enable us to perform the obligations under the applicable customer agreement with you. Content you upload will never be known to us due to the zero-knowledge architecture our Product provides.

3.6.     Third-party providers: You can download parts of our Product as an app for different platforms from various online platforms operated by third-party providers (the "App Stores"). The data processing associated with your visit to the concerned App Store and the download of the app is subject to the privacy policies of the respective third-party provider. For more information on data protection practices, please refer to the privacy policies of the concerned third-party provider. You understand and agree that we do not collect any additional analytic data beyond what such App Stores themselves collect.

3.7.     Data processing: When you access our Product, you have as a customer access to our Product, and we process personal data as further described below.

3.8.     Personal data: The following data might be processed from you in case of a registration:

• Email address;
• Username; and
• Password.

‍

If a customer purchases our Product for multiple users, we might collect the following data as part of the ordering process:

• The Safe name;
• The nickname;
• The username;
• A password; and
• An email address.

‍

If a customer also requests a free quote for our services for its company, we might collect the following data:

• Your first name and family name;
• Your address and email-address; and
• The name and the address of the company for which the quote is to be obtained.

‍

If fees are due for the use of our Product, we process the personal data required to facilitate payment. Payments can be made via credit card or through the online payment service provider Mollie and/or PayPal.

• Credit Card Payments: If you choose to pay by credit card, you will be redirected to the payment interface provided by Datatrans AG, a Swiss corporation with its place of business in Zurich, Switzerland (“Datatrans”). The following personal data is required for credit card payments: Credit card information, including card number, expiry date, and CVV code. For further details on the processing of personal data by Datatrans, please refer to the privacy policy of Datatrans.
  
  You might be redirected to the payment interface provided by Mollie BV, a Dutch corporation with its place of business in Amsterdam, Netherlands (“Mollie”). The following personal data is required for credit card payments: Credit card information, including card number, expiry date, and CVV code. For further details on the processing of personal data by Mollie, please refer to the privacy policy of Mollie.
• PayPal Payments: If you choose PayPal as your payment method, you will be redirected to the payment interface operated by PayPal (Europe) S.à r.l. et Cie, a corporation with its place of business in Luxembourg (“PayPal”). The personal data transmitted to PayPal typically includes: First name and family name, address, telephone number, IP address, email address, other data required to process the payment, including purchase-related information. Depending on the selected payment method, PayPal may transmit personal data to credit rating agencies or other third parties to facilitate risk assessments or verify payment. For a detailed list of data collected, processed, stored, and shared by PayPal, please refer to the privacy policy of PayPal.
• Data Security: All financial data transmitted during the payment process is encrypted using Transport Layer Security (TLS) to ensure the security and confidentiality of your information.

‍

The following data will be processed from you in case you use our Product:

• Data as described in section 3.2 above; and
• any data related to the usage of the Product which are visible in the “Audit Trail” of the Product.

‍

You understand and accept that we don’t have access to any content-related data you might upload within our Products.

3.9.     Purpose: The data will be processed for the purpose of fulfilling the obligations under the concerned customer agreement or, in case of a quote, for the purpose of entering into a customer contract with the concerned company. If the fee is not paid by you, but by a third party, e.g. the customer's employer (the "third-party payer"), we reserve the right to send the third-party payer billing reports, which may contain your email address. You expressly agree to this.

3.10. Retention period: The data required for the purpose of portal access and use of the Product will be retained until the respective customer agreement expires or until you request deletion.
‍

C.      Cookies

3.11.  Data processing: We use cookies on our Website. Cookies are small text files that your browser automatically creates and You have the ability to manage your cookie preferences through your browser settings. Additionally, on the DSwiss website you have the possibility to change your cookie settings at any time. Please note, however, that disabling cookies - either partially or entirely - may limit the functionality of certain features on our Website.

3.12. Personal data: Any data collected through the use of cookies is stored separately and independently from other personally identifiable information you may provide. Cookies do not directly link your browsing behavior to your personal identity. We do not perform profiling or targeted behavioral tracking based on cookie data, nor do we merge cookie-derived information with any other personally identifiable information.

3.13.  Purpose: We use cookies to:

• Statistically analyze the usage of our Website;
• Optimize the Website’s performance and improve user experience; and
• Where applicable, cookies may also be used for marketing purposes or to deliver personalized content, provided you have given your explicit consent to such cookies.

‍

3.14. Retention Period: Cookies have varying retention periods depending on their type and purpose:

• Session Cookies: These are temporary cookies that are deleted once your browsing session ends.
• Persistent Cookies: These remain on your device for a defined period, even after your session ends. The retention period for third-party cookies is determined by the respective providers and is beyond our control. You can always delete and/or manage cookies in your browser settings. In addition, we also provide you with the option to manage your cookie settings for our Website directly in a dedicated area of our Website (i.e. the website footer).‍

‍

D.      Google Analytics

3.15.  General: Our Website uses functions of the web analysis service Google Analytics. The provider is Google LLC, a corporation with its place of business in Mountain View, California, USA (“Google”). Google may process this data on servers located in various countries. You can prevent the collection of data generated by the cookies and related to your use of the Website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available. For more information on how Google Analytics handles user data, please see Google's privacy policy.

3.16.  Data processing: We utilize Google Analytics 4 ("GA4") to understand how visitors engage with our Website. GA4 uses first-party cookies and other identifiers to collect data about user interactions. Notably, GA4 does not log or store IP addresses; it anonymizes IP addresses by default, enhancing user privacy. The internet protocol address transmitted by your browser as part of GA4 will not be merged with other Google data.

3.17.  Personal data: GA4 collects data such as:

• Page views;
• User interactions;
• Browser and device information;
• Approximate geolocation; and
• Referring URLs.

‍

3.18.  Purpose: This data helps us analyze traffic patterns and improve user experience.

3.19. IP anonymization: We have also added the code "anonymizeIP" to Google Analytics on this Website. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Google Analytics data is automatically deleted after 14 months.
‍

E.      Google Tag Manager

3.20.  Our Website utilizes the Google Tag Manager to efficiently implement and manage tags. The Google Tag Manager itself does not set cookies or record any personal data. However, it can trigger other tags that may collect data. Importantly, the Google Tag Manager does not have access to this personal data. Disabling tracking tags at the domain or cookie level will continue to apply to all tags implemented through the Google Tag Manager.
‍

F.      Google reCAPTCHA

3.21.  Data processing: We use Google reCAPTCHA on our Website to ensure the security of our online forms and to prevent automated bots from misusing our services. Google reCAPTCHA is a service provided by Google. When you use a form on our Website, Google reCAPTCHA analyzes your interaction with the site to determine whether the input is made by a human or an automated system. This analysis involves the automatic collection of data by Google. Google reCAPTCHA operates in the background and cannot be disabled directly through our Website. You can, however, manage your data privacy preferences by adjusting your browser settings or managing your Google account settings. Please note that disabling cookies or certain features in your browser may impact the functionality of reCAPTCHA.

3.22.  Personal data: The data collected by Google reCAPTCHA may include the following:

• Your IP address;
• Mouse movements and clicks;
• Keyboard inputs;
• The time spent on the Website; and
• Browser and device information.

‍

Google may also access cookies stored on your device that are associated with other Google services (e.g., Gmail or Google Search). This data is transmitted to Google and processed on their servers, and it is not combined with other data that we collect about you.

3.23.  Purpose: The purpose of using Google reCAPTCHA is to:

• Protect our Website from spam and automated abuse;
• Ensure the integrity of our online forms and services; and
• Safeguard user data by preventing unauthorized access through automated means.

‍

3.24.  Retention period: The data collected by Google reCAPTCHA is stored and processed by Google according to its policies. We do not have control over the retention period of this data. For further information about how Google processes and stores this data, please refer to Google’s Privacy Policy.
‍

G.     Contact Form

3.25.  General: We offer various contact forms for offers, partnerships, sales, support and other reasons. We use HubSpot in the context of the contact form. Further details can be found in section 3.50 ff. below and the privacy Policy of HubSpot.

3.26.  Personal data: The following minimum information must be provided in case of a submission of a contact form:

• Name;
• Email address;

‍

3.27.  Purpose: The personal data will be processed for the following purposes:

• Answering your enquiry; and
• Contacting you about general topics and service.

‍

3.28.  Retention period: The data stored for the purpose of contacting you will be saved by us until you unsubscribe from further email communication. Once you have unsubscribed, it will be deleted from our servers and from HubSpot's servers.
‍

H.      Email Contact

3.29.  Data processing: You have the option of contacting us at the email addresses provided on the sub-page regarding "Impressum".

3.30.  Personal data: The following information must be provided by you:

• Name
• Email address;

‍

Additionally, the following personal data is processed by us:

• IP-Address
• Email provider

‍

3.31.  Purpose: The personal data will be processed in order to respond to your request.
‍

I.       Marketing and Product Information

3.32.  General: You may have the possibility to subscribe to our newsletter. Moreover, if you are a customer of us, we may, if compliant with applicable laws, process your email address in order to send you information about new developments in our products and services as well as preferential offers. For this purpose, we forward the above-mentioned data to the service provider HubSpot Inc., a corporation with its place of business in Massachusetts, USA ("HubSpot"). Details on how your data is processed by HubSpot can be found in the privacy policy of HubSpot.

3.33.  DDouble Opt-In: We use the double opt-in procedure for marketing subscriptions. This means that we will only send you our marketing updates via email if you have explicitly confirmed your subscription. After signing up, you will receive a confirmation email containing a verification link. Your subscription will only be activated once you click this link to confirm your email address. You can unsubscribe from marketing email at any time by clicking the unsubscribe link at the end of each newsletter or by sending us a request at support@dswiss.com.

3.34.  Personal data: When registering for the marketing subscription, we collect the following data from you:

• Name
• Email address; and

‍

3.35.  Purpose: The data will be processed for the following purpose:

• Marketing information delivery; and
• Analysis of the marketing campaigns.

‍

In case of information about new developments in our products and services as well as preferential offers, the purpose is to provide you such information in order to be better informed about our Website, the Product and future products and services.

The analysis of the marketing campaign by HubSpot enables us to determine whether a marketing message was opened and which links were clicked on. This information is used exclusively for the statistical evaluation of marketing campaigns. If you do not want HubSpot to analyse your data, you must unsubscribe from the marketing subscription. For this purpose, we provide a corresponding link in every marketing message.

3.36.  Retention period: The data stored for the purpose of the marketing subscription will be saved by us until you unsubscribe from the marketing subscription. Once you have unsubscribed from the marketing subscription you will not receive further marketing information.
‍

K.      YouTube

3.37.  Data Processing: We may embed YouTube videos on our Website to provide engaging content and additional information to our users. YouTube is a video-sharing platform provided by Google. When you access a page on our Website that contains an embedded YouTube video, a connection is established with Google's servers. This may result in the automatic collection of data by Google. You can manage your data preferences by: Adjusting your Google account settings, changing your browser settings to limit or block cookies, or avoiding interaction with embedded videos if you do not wish to share data with Google. For more information about managing your Google account privacy settings.

3.38.  Personal Data: The data collected by Google when viewing embedded videos may include:

• Your IP address;
• Device and browser information;
• Date and time of your visit;
• The specific page on our site where the video is embedded;
• Interaction data (e.g., playback events such as pause or play); and
• If you are logged into your Google account, this data may be associated with your personal profile. We have no influence over this data processing.

‍

3.39.  Purpose: The embedding of YouTube videos serves the following purposes:

• To enhance the user experience on our Website by providing multimedia content; and
• To allow users to view and interact with video content directly on our site without leaving the page.

‍

We use YouTube’s privacy-enhanced mode whenever possible, which limits the collection of data until you actively play a video.

3.40.  Retention Period: Data collected by Google when you view embedded videos is processed and retained by Google in accordance with Google’s privacy policy. We do not have control over the retention period of this data. For details, please refer to Google’s privacy policy.
‍

L.      Other Social Media Platforms

3.41.  Data Processing: We may use iFrames from the following social media platforms on our Website:

• Xing, operated by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany;
• Facebook, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
• Twitter (X), operated by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; and
• LinkedIn, operated by LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA.

‍

This integration allows the display of certain functions from these platforms directly on our Website.

3.42.  Functionality: The functions of the above-mentioned social media platforms are integrated into our Website via iFrames. If you have an account with one of these platforms and are logged in, clicking on the corresponding icon allows you to:

• Visit our profile on the social media platform; and
• Share or link content from our Website to your profile on the platform.

‍

3.43.  Personal Data: When you interact with an iFrame, you are redirected to the provider's website. At this point, your personal data is processed by the respective social media provider. We do not control the collection, processing, or storage of your personal data by these platforms. For detailed information on the types of data collected and how it is processed, please refer to the privacy policies of the respective social media providers.

3.44.  Purpose: The use of iFrames serves the following purposes:

• To enhance the structure and content of our Website by embedding external content.
• To allow visitors to easily share or link our content on their social media profiles, facilitating engagement and outreach.

‍

3.45.  Retention Period: As the data processing is carried out by the providers of the social media platforms, we have no control over or knowledge of the retention periods. For more information, please consult the privacy policies of the respective social media provider.
‍

M.     HubSpot

3.46.  Data processing: We use HubSpot, an integrated customer relationship management, marketing, and communication platform, to optimize our services and manage customer interactions efficiently. HubSpot processes personal data to facilitate communication, enhance customer engagement, and support marketing activities. You can opt out of receiving marketing communications via HubSpot by using one of the following methods:

• Direct Unsubscription: Use the "unsubscribe" link provided in the footer of any marketing email sent via HubSpot; or
• Contacting Us: For any issues or additional requests to be removed from communication lists, please contact our Privacy Department at privacy@dswiss.com.

‍

3.47.  Personal Data: The personal data processed in HubSpot may include:

• Name, email address, and contact details;
• Communication preferences and history;
• Feedback, inquiries, and support requests;
• Interaction history with emails, newsletters, and other communications; and
• Analytics data related to marketing campaigns (e.g., open rates, click-through rates).

‍

3.48.   Purpose: The use of HubSpot serves the following purposes:

• Communication: To send emails, newsletters, and other communications to users who have opted in. Communications are tailored based on user preferences and interaction history;
• Customer Service and Engagement: To manage and respond to customer inquiries, collect feedback, and provide support services; and
• Marketing and Analytics: To analyze the effectiveness of marketing campaigns and improve services based on user behavior and preferences.

‍

N.      Chargebee

3.49.  Data processing: We use Chargebee, a subscription management and billing platform provided by Chargebee Inc. (“Chargebee”), to process payments and manage subscriptions for our services. Chargebee acts as a service provider (processor) under applicable data protection laws, processing personal data only on our instructions and for the purposes described in this Privacy Policy.

3.50.  Personal Data: The personal data processed in Chargebee may include:

• Name, email address, and billing address;
• Credit card details or other payment methods (processed securely via Chargebee’s PCI-DSS-compliant systems);
• Plan details, subscription history, and transaction records;
• technical logs (e.g. IP addresses, date/time stamps) for system security and auditing.

‍

3.51.  Purpose: The use of Chargebee serves the following purposes:

• Fulfillment of the Subscription Agreement: To manage payments, renewals, cancellations, and refunds;
• Account Administration: To generate and send invoices or payment confirmations;
• Compliance: To facilitate compliance with legal obligations (e.g. tax regulations, financial reporting).

‍

We rely on Chargebee due to the necessity to perform our contract with you, and/or our legitimate interest in ensuring accurate payment processing and subscription management.

3.52.  Data Security Measures: Chargebee employs industry-standard security measures, including encryption of payment information in transit and at rest. Access to your billing and payment data is restricted to authorized personnel who require such access to perform their duties. Chargebee may change their Data Security Measures at any times. For more information, please consult the Privacy Policy of Chargebee.

3.53.  Retention Period: As the data processing is carried out by the providers of Chargebee, we have no control over or knowledge of the retention periods. For more information, please consult the Privacy Policy of Chargebee.

3.54.  Further Information: For more details on how Chargebee processes personal data, please refer to the privacy policy of Chargebee.

‍

M.     No automated Decision-Making or Profiling

3.55.  We do not use automatic decision-making or profiling.

‍

4.   Legal Basis

4.1.     By processing personal data in accordance with this Privacy Policy, we aim to enhance the quality of our Website, products and services. Depending on the purpose of the processing, the legal basis for the processing of your data will be one of the following:

• Necessary for taking steps to enter into or execute a customer agreement or another contract with you for the requested services or products, or to fulfill our obligations under such a contract;
• Your consent; or
• Necessary for our legitimate interests in accordance with applicable laws.

‍

4.2.     Examples of our “legitimate interests” referred to above include:

• Achieving certain purposes in accordance with this Privacy Policy and applicable laws;
• Exercising our rights, including the freedom to conduct business and the right to property;
• Providing high-quality products and services, maintaining a consistently high service standard, and ensuring the satisfaction of our customers, employees, and other stakeholders; or
• Meeting accountability and regulatory requirements.

‍

4.3.     In each case, we ensure that such legitimate interests are balanced against and do not override your privacy interests.

‍

5.    Obligation to provide Personal Data to Us

5.1.     In the context of our business relationship you must provide us with any personal data that is necessary for the conclusion and performance of a business relationship and the performance of our contractual obligations in order to enable us to perform our contractual obligations.

5.2.    In addition, the Website cannot be used unless certain information is disclosed to enable data traffic (e.g. IP address).

‍

6.   Transfer of Data to Third Parties in Switzerland and Abroad

6.1.   In the context of our business activities and in line with the purposes of data processing outlined in this Privacy Policy, we may transfer personal data to third parties where such a transfer is permitted by law and deemed appropriate. Transfers may occur to enable third parties to process data on our behalf or, where applicable, for their own purposes. The following categories of recipients may be involved (collectively, the "Recipients"):

• Service providers, including but not limited to cloud hosting providers, data storage providers, and other service providers related to our Website, including but not limited to those specifically mentioned in this Privacy Policy;
• Domestic and foreign authorities or courts, including in cases of legally required or voluntary disclosures;
• Potential or actual acquirers or parties interested in acquiring our services as part of a business transaction; and
• Other third parties involved in actual or potential legal proceedings.

‍

6.2.    You can find a list with all Recipients and information about their processing of data here:

‍

6.3.    Certain Recipients may be within Switzerland, but they may also be located in any country worldwide. In particular, you must anticipate your data to be transmitted to the USA where some of our service providers may be located. Notwithstanding the foregoing sentence, data included in one or several of our Products which are anonymized to us and third parties will never be transferred to or accessed by any Recipient outside Europe and Switzerland.

6.4.    Personal data is only transferred to a country outside of Switzerland and the European Union if the data protection requirements of the applicable data protection laws are met. If we transfer data to a country without adequate legal data protection, we ensure an appropriate level of protection as legally required by way of using appropriate contracts (in particular on the basis of the standard contract clauses of the European Commission) or other ways required by applicable data protection laws.

‍

7.        Retention Periods for your Personal Data

7.1.     Unless provided otherwise in this Privacy Policy, we retain your data for the following period:

• We process and retain your data as long as required for the performance of our contractual obligation and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations;
• Data may be retained for the period during which claims can be asserted against us or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes); and
• We retain data that we process by law for the statutory retention period, for example if required by labour law, social security law, or tax law.

‍

7.2.     As soon as your personal data is no longer required for the above-mentioned purposes, they will be deleted or anonymized.

‍

8.   Data Security

8.1.     We have implemented appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse. These include internal data protection policies, regular employee training, IT and network security solutions, strict access controls, encryption of data carriers and transmissions, and pseudonymization where applicable. We conduct regular security audits and inspections to identify and mitigate risks. Our system is designed with a zero-knowledge architecture, ensuring that we have no access to user-stored content.

8.2.     You can be assured that your personal information and account information is reasonably secure on our Platform. We employ encryption technology (SSL) in all parts of our Platform that require you to provide your login credentials, financial or credit card information. The personally identifiable information we collect is stored in secure operating environments that are not available to the public. Credit card information is encrypted. All the information we collect and store is protected by our firewall. Also, any information we store at our business is kept physically secure, and only designated employees may obtain access to it.

8.3.    While we strive to protect your personally identifiable information, we cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk. Once we receive your transmission, we make reasonable efforts to ensure its security on our systems.

8.4.     In the event of a security incident leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data (“Data Breach”), we will promptly assess the risk to individual’s rights and freedoms. Where required by applicable law, we will notify the competent data protection authority (e.g. the Swiss Federal Data Protection and Information Commissioner or the relevant EU supervisory authority) without undue delay.

8.5.     If a Data Breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay and provide information about the nature of the breach and recommended steps you can take to protect yourself. This notification may be withheld if such disclosure is prohibited by law, could interfere with a criminal investigation, or is otherwise not required under applicable data protection law.

8.6.     We maintain an internal process for identifying, investigating, and resolving the es, which includes:

• Containing and mitigating any immediate risks;
• Conducting a thorough investigation to determine the scope and root cause;
• Applying remedial measures to prevent future incidents;
• Notifying authorities and/or affected individuals within timelines required by law.

‍

8.7.    If you suspect any unauthorized access to or misuse of personal data, please contact us immediately at privacy@dswiss.com.

8.8.    In the event of any conflict between sections 8.4 et seq. and specific mandatory provisions of applicable data protection laws, such mandatory provisions shall take precedence.

‍

9.   Your Rights

9.1.     As a potentially affected person, you can assert various claims against us in accordance with the applicable data protection laws. In order to fulfil these claims, we may process your personal data again.

9.2.     Depending on the applicable laws, data subjects may exercise the following rights:

• You may request information about your personal data processed by us. Such requests may include, to the extent applicable data protection laws provide so, information as follows:
• about the purposes of processing;
• the category of personal data;
• the categories of recipients to whom your data has been or will be disclosed;
• the planned storage period;
• the existence of a right to rectification, erasure, restriction of processing or objection;
• the existence of a right of appeal;
• the origin of your data, if it has not been collected by us; and
• the existence of automated decision-making, including profiling, and, if applicable, meaningful information on the details thereof.
• You may request the correction of inaccurate or incomplete personal data stored by us.
• You may request the restriction of the processing of your personal data in accordance with applicable data protection laws.
• You may request to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
• You may request the deletion of your personal data stored by us data in accordance with applicable data protection laws.
• You may revoke your consent to the processing of your personal data at any time. This means that we may no longer process the data based on this consent in the future.

‍

You understand and accept that we cannot access, modify or delete the stored encrypted content due to our zero-knowledge setup. Requests for deletions only apply to data that is personal data. You understand and agree that only you can access, modify or delete content you have uploaded to our Products.

9.3.     Note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims. Moreover, note that the exercise of these rights may be in conflict with your or our contractual obligations and this may result in consequences such as premature contract termination or involve costs.

9.4.     If exercising certain rights will incur costs on you, we will notify you thereof in advance.

9.5.    In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact in accordance with the contact information as provided in section 2.2 above.

9.6.    In addition, every data subject has the right to enforce their rights through legal proceedings or to file a complaint with the competent data protection authority. In Switzerland, the relevant authority is the Federal Data Protection and Information Commissioner (FDPIC).

‍

10. Access and Amendment of this Privacy Policy

10.1.  This Privacy Policy is accessible on our Website. You can access, download, save and print it out for your convenience.

10.2.  We reserve the right to modify this Privacy Policy at any time, in our free discretion, without giving reasons. The current Privacy Policy can be accessed at any time at our Website.

‍