Privacy policy
This Privacy Policy is intended to provide information about the processing of personal data in connection with our fusedeck.com-website and our other online offering.
Special, complementary or further privacy policies as well as other documents, such as general terms & conditions (GTC), terms of use or terms of participation, may apply to individual or additional offerings and services.
Our online offering is subject to Swiss data protection legislation and to applicable foreign data protection legislation, including, without limitation, legislation of the European Union(EU) under the General Data Protection Regulation (GDPR). The EU acknowledges that Swiss data protection legislation guarantees an adequate level of data protection.
1. 1. Contact Addresses
Controller responsible for the online offering:
cptr AG
Löwenstrasse 3
8001 Zurich
Switzerland
info@cptr.com
The company data protection officer is the company’s first point of contact for both data subjects and supervisory authorities for any questions or comments relating to data protection:
cptr AG
Data protection office
8001 Zurich
Switzerland
As required under Art. 27 GDPR, we have the following data protection representation office in the European Economic Area (EEA), including the European Union (EU) and the Principality of Liechtenstein, which has the function of an additional contact center for both supervisory authorities and data subjects to submit enquiries in connection with the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
2. Processing of Personal Data
2.1 Definitions
Personal Data shall mean any and all information relating to an identified or an identifiable natural person. Data Subjects shall mean any person whose Personal Data is processed. Processing shall include any handling of Personal Data, regardless of the means and procedures applied, in particular the storage, disclosure, procurement, collection, erasure, storage, modification, destruction and use of Personal Data.
2.2 Legal Basis
We process any Personal Data in compliance with Swiss data protection law, such as, particularly, with the Swiss Federal Act on Data Protection (FADP) and the Swiss Ordinance to the Federal Act on Data Protection (OFADP).
If and to the extent to which the General Data Processing Regulation (GDPR) is applicable, we process any Personal Data at least in terms of one of the following legal bases:
- Art. 6(1) lit. b GDPR in the case where the Processing of Personal Data is required for the performance of a contract to which the Data Subject is a party and for taking steps prior to entering into a contract;
- Art. 6(1) lit. f GDPR in the case where the Processing of Personal Data is required for the safeguarding of our legitimate interests or those of third parties, except for cases where such interests are overridden by the fundamental rights, basic freedoms and interests of the Data Subject. Legitimate interests shall include, in particular, our interest to be able to provide our online offering in a permanent, user-friendly, secure and reliable way as well as to advertise this, where necessary, information security as well as protection against misuse and unauthorized use, the enforcement of own legal claims and compliance with Swiss legislation;
- Art. 6(1) lit. c GDPR in the case where the Processing of Personal Data is required for compliance with a legal obligation to which we are subject under any applicable legislation of the EU or that of contracting states in the European Economic Area (EEA);
- Art. 6(1) lit. e GDPR in the case where the Processing of Personal Data is required for the performance of a task carried out in the public interest;
- Art. 6(1) lit. a GDPR in the case where the Processing of Personal Data is based on the consent of the Data Subject;
- Art. 6(1) lit. d GDPR in the case where the Processing of Personal Data is required for protecting the vital interests of the Data Subject or those of another natural person.
2.3 Type, Scope and Purpose
We process any Personal Data which is required to provide our online offering in a permanent, user-friendly, secure and reliable way. Such Personal Data may fall into the categories of contact, content, meta, marginal, usage, location, contract and payment data.
We process Personal Data for such term as is required for the respective purpose(s) or by law. Any Personal Data whose Processing is no longer necessary will be permanently anonymized or it will be erased not later than after a 25-month period.
In principle, we process Personal Data only after the Data Subjects gave their consent, unless the Processing is permissible for any other legal grounds, for example for the performance of a contract to which the Data Subject is a party and for corresponding measures prior to entering into a contract, to safeguard our prevailing legitimate interests, if such Processing is apparent from the circumstances or after prior information.
Within this framework, we particularly process information transferred to us by a Data Subject on a voluntary basis and by themselves upon contacting, for example by letter, e-mail, contact form, social media or telephone, or upon registration for a user account. We may store such information, for example, in an address book, in a customer relationship management system (CRM system) or using comparable aids. Where you transfer to us any Personal Data relating to third parties, you are obliged to guarantee data protection towards such third parties and to ensure the accuracy of such Personal Data.
Moreover, we process Personal Data which we receive from third parties, procure from publicly accessible sources or collect upon provision of our online offering if and to the extent that such Processing is permitted on legal grounds.
We will process Personal Data from job applications only to the extent to which this is required for the purpose of assessing suitability of candidates for establishing employment relationships or for subsequently executing employment contracts. Any Personal Data which is required for performing the job application process result from information requested and/or provided, e.g. in the context of job descriptions. Applicants have the possibility of voluntarily providing additional information for the relevant application process.
2.4 Processing of Personal Data by Third Parties, also Abroad
We may have Personal Data processed by third parties, especially processors, or we may process Personal Data together with third parties as well as with the help of third parties or transfer Personal Data to third parties. Such third parties include, in particular, providers, whose services we use. We guarantee an adequate level of data protection also when commissioning such third parties.
Such third parties are located, in principle, in Switzerland and in the European Economic Area (EEA), including the European Union (EU) and the Principality of Liechtenstein. Nonetheless, such third parties may also be located in other countries in the world or elsewhere in the universe, on the condition that the data protection legislation in these countries guarantees a reasonable level of data protection according to the Assessment of the Swiss Federal Data Protection and Information Commissioner (FDPIC) and – if and to the extent to which the European Union General Data Protection Regulation (GDPR) applies – according to the Assessment of the European Commission or that reasonable data protection is guaranteed through other means, for example by adequate contractual agreements, especially based on standard contractual clauses, or by an adequate certification. Such a third party may be exceptionally located in a country without such adequate level of data protection on the condition that relevant preconditions under data privacy law, such as the explicit consent of the Data Subject, are met.
3. Data Subjects Rights
Data Subjects, whose Personal Data we process, have the rights provided for under Swiss data protection legislation. This includes the right of access as well as the right to rectification, erasure or blocking of the Personal Data processed.
If and to the extent that the General Data Protection Regulation (GDPR) is applicable, Data Subjects whose Personal Data we process may request a confirmation free of charge as to whether we process their Personal Data and, if we do so, may request information about data concerning the Processing of their Personal Data. They may also have the Processing of their Personal Data restricted, exercise their right to data portability and have their Personal Data rectified, erased (“right to be forgotten”), blocked or completed.
If and to the extent to which the GDPR is applicable, Data Subjects whose Personal Data we process may revoke a consent given at any time with effect for the future and they may object to the Processing of their Personal Data at any time.
Data Subjects whose Personal Data we process have the right to lodge a complaint with a competent supervisory authority. The supervisory authority in charge of data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
4. Data Security
We take reasonable and adequate technical and organizational measures to guarantee data protection and, in particular, data security. This includes, without limitation, order controls; input, separation and transfer controls; availability controls; and access and admission controls. Despite these measures and due to supervision by the security authorities in charge, the Processing of Personal Data on the internet may always be subject to security gaps. Therefore, we cannot ensure absolute data security.
Access to our online offering is made via transport encryption (SSL/TLS with HTTPS).
5. Use of the Website
5.1 Cookies
We may use cookies for our website. Cookies, including those from third parties whose services we use (third-party cookies), are data in text form, which are stored in your browser. Cookies cannot execute software programs or transfer malware, such as Trojans and viruses do.
When you visit our website, Cookies may be temporarily saved in your browser as „session cookies“ or for a specific period as „permanent cookies“. „Session cookies“ are erased automatically when you close your browser. „Permanent cookies” make it possible, in particular, to recognize your browser the next time you visit our website, allowing us, for example, to measure the outreach of our website. Nonetheless, „permanent cookies” may also be used, for example, for online marketing purposes.
You can disable and erase cookies in your browser settings in whole or in part at any time. Without cookies, however, the full functionality of our online offering might no longer be available. If and to the extent to which this is required, we ask you to consent to the use of cookies.
5.2 Server Log Files
We may collect the following information for any access to our website if your browser transfers this information to our server infrastructure or if our web server is able to identify this information: date and time including the time zone; internet protocol (IP) address; access status (HTTP status code); operating system, including the user interface and version; browser type, including the language and version; individual pages of our website accessed, including the amount of data transferred; last website accessed in the same browser window (referrer).
We save such information, which may also represent Personal Data, in server log files. This data is required in order to provide our online offering in a permanent, user-friendly and reliable way and to ensure data security and thus, in particular, the protection of Personal Data, also by or with the help of third parties.
5.3 Tracking Pixels
We may use tracking pixels on our website. Tracking pixels are also called web beacons. Tracking pixels, including those of third parties whose services we use, are small images which are retrieved when you visit our website. Tracking pixels can be used to gather the same information as that stored in server log files.
6. Success and Outreach Measurements Based on fusedeck
We make use of fusedeck, our internally created tracking solution, for the purpose of measuring both the success and the outreach of our website in the context of engagements and events. The tracking is anonymous so that it is impossible to attribute any information gained to any identified or identifiable persons.
Based on fusedeck, we also collect form data on our website, whereby the collection contains personal information. The relevant information on data protection is provided to the user in the respective form.
For more information on the type, scope and purpose of data processing, including the possibility of „opting out“ (possibility of objection) available to the users, please refer to the fusedeck Privacy Policy and Information on the Right to Object.
7. Notifications and Communications
We may send notifications and communications, such as newsletters, both by e-mail and via other communication channels, including, but not limited to, instant messaging services.
Notifications and communications may contain web links or tracking pixels gathering information as to whether an individual notification was opened and what web links were clicked on (success measurement). Such web links and tracking pixels may also gather personal information on the use of notifications and communications. We need such statistical recording of the use including success and outreach measurement in order to provide notifications and communications based on the reading habits of the recipients in an effective and user-friendly as well as permanent, secure and reliable way.
7.1 Consent and Objection
In principle, you must explicitly consent to the use of your e-mail address and your other contact addresses, unless such use is permitted on other legal grounds. We use the „double opt-in“ process for any consent to the reception of e-mails, that is, you will be sent an e-mail containing a web link on which you must click for confirmation to prevent any unauthorized third parties from misusing your e-mail address for this purpose. We may log such consents, including the internet protocol (IP) address, the date and the time for evidence and security reasons.
In principle, you can unsubscribe from notifications and communications, such as newsletters, at any time. However, we reserve the right to send notifications and communications which are absolutely necessary for our online offering. Such unsubscription allows you, in particular, to object to the statistical recording of your use, inter alia for success and outreach measurements.
7.2 Service Providers for Notifications and Communications
We may have notifications and communications sent by or with the help of service providers. We guarantee reasonable data protection also for such service providers.
8. Social Media
We are present on social media and other online platforms in order to communicate with interested persons and to provide information about our online offering. The relevant general terms and conditions (GTC), privacy policies and other provisions established by the individual operators of such online platforms shall additionally apply.
If and to the extent that the GDPR is applicable, we are, together with Facebook, responsible for our social media presence on Facebook with regard to any and all so-called Page Insights. These Page Insights provide information as to how website visitors interact with our Facebook presence. We use Page Insights in order to provide our social media presence on Facebook in an effective and user-friendly way. Facebook has published Information about Page Insights Data and a Page Insights Controller Addendum.
Users of social media platforms have the possibility of using their relevant social media user accounts to log on to and/or to register for our online offering („social login“). The terms and conditions established by the relevant social media platform operators apply, including, without limitation, their general terms and conditions (GTC), their privacy policies or their terms of use.
9. Third-Party Services
We may use third-party services to provide our online offering in a permanent, user-friendly, secure and reliable way. Such services also serve to allow us to embed contents in our online offering. Such services, for example hosting and data hosting and storage services, video services and payment services, require your internet protocol (IP) address since such services will not be able to transfer the relevant contents otherwise. Such services may be located outside Switzerland and the European Economic Area (EEA), including the European Union (EU), on the condition that adequate data protection is guaranteed.
Third parties whose services we use may also process data in connection with our online offering and from other data sources in an aggregated, anonymized or pseudonymized form, inter alia by making use of cookies, log files and tracking pixels, for their own security-relevant, statistical and technical purposes. Such data is not used to directly approach Data Subjects in connection with our online offering.
9.1. Infrastructure
We make use of third-party services for the purpose of operating the infrastructure which is required for our online offering on a permanent, safe and realible basis. We only use those infrastructure service providers who guarantee a reasonable level of data protection. These include in particular the services of AWS Amazon Web Services EMEA SARL in Luxembourg, which is subject to the General Data Protection Regulation (GDPR). The infrastructures we use are located in the European Union. The Federal Council recognizes that adequate data protection is ensured in the respective countries.
9.2 Fonts
We use Google Fonts in order to embed selected fonts in our website, whereby we make use of no cookies for this purpose. This is a service provided by Google LLC, a US-based company which offers this service independently of other Google services. Google Ireland Limited, the Irish subsidiary of Google LLC, is responsible for all the users located in the European Economic Area (EEA) and in Switzerland. For more information on the nature, scope and purpose of this data processing, please refer to the Google Privacy and Security Principles and the Google Privacy Policy.
9.3 Payments
We use payment service providers in order to securely and reliably process payments of our customers. We only use payment service providers guaranteeing a reasonable level of data protection. The terms and conditions of the relevant payment service providers shall apply to any such processing, including, without limitation, their general terms and conditions (GTC) or their privacy policies.
9.4 hCaptcha
We use hCaptcha (hereinafter “hCaptcha”) on this website. The provider is Intuition Machines, Inc, 2211 Selig Drive, Los Angeles, CA 90026, USA (hereinafter “IMI”).
The purpose of hCaptcha is to verify whether data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, hCaptcha analyzes the behavior of the website visitor based on various characteristics.
This analysis starts automatically as soon as the website visitor enters a website with activated hCaptcha. For the analysis, hCaptcha evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to IMI. If hCaptcha is used in “invisible mode”, the analyses run completely in the background. Website visitors are not made aware that an analysis is taking place.
The privacy guarantees are based on standard contractual clauses contained in the Data Processing Addendum to IMI’s Terms and Conditions or Data Processing Agreements.
For more information about hCaptcha, please see the Privacy Policy and Terms of Use at the following links: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.
10. Final Provisions
We have the right to amend and complement this Privacy Policy at any time. We will inform users about such amendments and complements in adequate form, especially by publishing the amended Privacy Policy on our website.