Version dated 01.05.18
In this privacy policy, we, NetElite GmbH (hereinafter referred to collectively as NetElite GmbH, we or us), explain how we collect and otherwise process personal data. This is not an exhaustive description; other privacy policies or general terms and conditions, participation conditions and similar documents may regulate specific circumstances. Personal data means all information that relates to a specific or identifiable person.
If you provide us with personal data of other persons (e.g. family members, data of work colleagues), please ensure that these persons are aware of this privacy policy and only share their personal data with us if you are permitted to do so and if this personal data is correct.
This privacy policy is aligned with the EU General Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union, it is relevant to us. The Swiss Data Protection Act (DPA) is strongly influenced by EU law, and companies outside the European Union or the EEA must comply with the GDPR under certain circumstances.
The controller does not have a data protection officer according to Art. 37 GDPR:
Responsible for the data processing that we describe here is NetElite GmbH (Altstetterstr. 253, CH-8048 Zürich), unless otherwise specified in individual cases. If you have data protection concerns, you can communicate these to us at the following contact address:
Our representative in the EEA according to Art. 27 GDPR (if required) is: - Not required -
We primarily process personal data that we receive from our customers and other business partners and other persons involved in the context of our business relationship, or that we collect from users when operating our websites, apps and other applications.
To the extent permitted, we also obtain certain data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, press, internet) or receive such data from other companies within NetElite GmbH, from authorities and other third parties.
In addition to the data you provide to us directly, the categories of personal data we receive from third parties about you include, in particular, information from public registers, information we learn in connection with official and judicial proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process business with your employer with your help), information about you in correspondence and meetings with third parties, credit reports (to the extent we conduct business with you personally), information about you that persons from your environment (family, advisors, legal representatives, etc.) provide to us so that we can conclude or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney, information for compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of ours for the use or provision of services by you (e.g. payments made, purchases made), information from media and internet about your person (to the extent this is indicated in the specific case, e.g. in the context of an application, press review, marketing/sales, etc.), your addresses and possibly interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location information).
We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners, particularly in the context of providing IT consulting, process automation and custom software development to our customers and purchasing products and services from our suppliers and subcontractors, as well as to comply with our legal obligations domestically and abroad. If you work for such a customer or business partner, you may naturally also be affected by this in your capacity with your personal data.
In addition, we process personal data of you and other persons, to the extent permitted and it appears appropriate to us, also for the following purposes in which we (and sometimes also third parties) have a legitimate interest corresponding to the purpose:
To the extent you have given us consent to process your personal data for certain purposes (for example, when you register to receive newsletters or conduct a background check), we process your personal data within the scope of and based on this consent, to the extent we have no other legal basis and we need one. A given consent can be revoked at any time, but this has no effect on data processing that has already taken place.
We typically use "cookies" and comparable techniques on our websites with which your browser or device can be identified. A cookie is a small file that is sent to your computer or automatically stored by the web browser used on your computer or mobile device when you visit our website. When you visit this website again, we can thus recognize you, even if we don't know who you are. In addition to cookies that are only used during a session and deleted after your website visit ("session cookies"), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) ("persistent cookies").
However, you can set your browser to reject cookies, store them only for one session or otherwise delete them prematurely.
Most browsers are preset to accept cookies. We use persistent cookies so that we can possibly show you tailored offers and advertising (which can also happen on websites of other companies; however, they do not learn from us who you are, if we even know that ourselves, because they only see that the same user is on their website who was also on a certain page with us). Some of the cookies are set by us, some also by contractual partners with whom we cooperate. If you block cookies, it may be that certain functionalities (such as language selection, shopping cart, ordering processes) no longer work.
By using our websites and consenting to receive newsletters and other marketing emails, you agree to the use of these techniques. If you do not want this, then you must set your browser or email program accordingly
We sometimes use Google Analytics or comparable services on our websites. This is a service from third parties who can be located in any country on earth (in the case of Google Analytics it is Google LLC in the USA, www.google.com), with which we can measure and evaluate the use of the website (not personally). For this purpose, also persistent cookies are used, which the service provider sets. The service provider receives no personal data from us (and also does not store IP addresses), but can track your use of the website, combine this information with data from other websites you have visited and which are also tracked by the service provider and use these insights for their own purposes (e.g. control of advertising). To the extent you have registered with the service provider yourself, the service provider also knows you. The processing of your personal data by the service provider is then carried out under the responsibility of the service provider according to its privacy policy. The service provider only tells us how our respective website is used (no information about you personally).
We also use so-called plug-ins from social networks such as Facebook, Twitter, Youtube, Google+, Pinterest or Instagram on our websites. This is visible to you (typically via corresponding symbols). We have configured these elements so that they are deactivated by default. If you activate them (by clicking), the operators of the respective social networks can register that you are on our website and where and can use this information for their purposes. The processing of your personal data is then carried out under the responsibility of this operator according to its privacy policy. We receive no information about you from them.
In the context of our business activities and the purposes according to section 3, to the extent permitted and it appears appropriate to us, we also disclose to third parties, either because they process them for us or because they want to use them for their own purposes. This concerns in particular the following entities:
These recipients are partly domestic, but can be anywhere on earth. You must in particular expect the transmission of your data to all countries in which NetElite GmbH is represented by group companies, branch offices or other offices as well as to other countries in Europe and the USA, where the service providers we use are located (such as Microsoft, Google, etc.). If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection as legally required by using appropriate contracts or so-called Binding Corporate Rules or rely on the legal exceptions of consent, contract processing, establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects.
You can at any time obtain a copy of the mentioned contractual guarantees from the contact person mentioned under section 1, to the extent not available under the link given above. However, we reserve the right to redact copies for data protection reasons or reasons of confidentiality or to deliver only excerpts.
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from initiation, processing to termination of a contract) as well as beyond according to the legal retention and documentation obligations. It is possible that personal data will be retained for the time in which claims can be asserted against our company and to the extent we are otherwise legally obligated to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will in principle be deleted or anonymized as far as possible. For operational data (e.g. system logs), generally shorter retention periods of twelve months or less apply.
We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse, such as the issuance of instructions, IT and network security solutions, encryption of data carriers and transmissions.
In the context of our business relationship, you must provide those personal data that are necessary for the establishment and conduct of a business relationship and the fulfillment of the associated contractual obligations (you generally do not have a legal obligation to provide us with data). Without this data, we will generally not be able to conclude a contract with you (or the entity or person you represent) or to process it. The website also cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.
We process your personal data partly automatically with the aim of evaluating certain personal aspects (profiling). We use profiling in particular to be able to inform and advise you in a targeted manner about products. We use evaluation tools that enable us to communicate and advertise according to needs, including market and opinion research.
For the establishment and conduct of the business relationship and otherwise we generally do not use fully automated automatic decision-making (as regulated in Art. 22 GDPR). Should we use such procedures in individual cases, we will inform you separately about this, provided this is legally required, and inform you about the associated rights.
You have within the framework of the data protection law applicable to you and to the extent provided therein (such as in the case of the GDPR) the right to information, correction, deletion, the right to restriction of data processing and otherwise to object to our data processing as well as to disclosure of certain personal data for the purpose of transfer to another entity (so-called data portability). Please note, however, that we reserve the right to assert the legally provided restrictions on our part, for example if we are obligated to retain or process certain data, have an overriding interest in it (to the extent we may rely on this) or need it for the assertion of claims. If costs arise for you, we will inform you in advance. We have already informed you about the possibility of revoking your consent in section 3. Note that the exercise of these rights may conflict with contractual agreements and this may have consequences such as early contract termination or cost consequences. We will inform you in advance in such cases, where this is not already contractually regulated.
The exercise of such rights generally requires that you clearly prove your identity (e.g. by a copy of an ID, where your identity is otherwise not clear or can be verified). To assert your rights, you can contact us at the address given in section 1.
Every data subject also has the right to enforce their claims in court or to file a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner
(http://www.edoeb.admin.ch).
We may adapt this privacy policy at any time without prior notice. The current version published on our website applies. To the extent the privacy policy is part of an agreement with you, we will inform you of the change by email or in another suitable manner in case of an update.