Privacy Policy

1. GENERAL

Data protection and information security are part of our corporate policy. We respect the privacy and personal rights of our customers, partners, employees and human beings.

EXPERSOFT is committed to a high standard of data protection, and EXPERSOFT processes personal data in accordance with applicable data protection legislation. Our website is primarily subject to Swiss data protection law, the Federal Data Protection Act (SR 253.1, hereinafter referred to as “DSG”) and, where applicable, the Data Protection Regulation of the European Union (EU-GDPR, Regulation 2016/679; hereinafter referred to as “GDPR”).

We have implemented various technical and organizational measures to ensure the protection of personal data collected, stored and processed (hereinafter "processed") by our business activities and by this website(s). Personal data we keep strictly confidential.

In close cooperation with our hosting providers, we endeavour to protect the databases as best as possible from unauthorized access, loss, misuse or falsification.

Web-based data transfer always involves a certain risk and please be informed that absolute protection of your personal data cannot be guaranteed.

2. SCOPE

This privacy statement describes how we treat personal data in general, how we process and use this data, and what rights you have as a data subject.

We process personal data from our website(s) visitors as well as from interested parties, customers, suppliers and other business partners who have directly or indirectly been in contact with us.

Linked websites of other providers, or websites from which our website is linked, are not subject to this privacy policy. These websites are neither operated nor monitored by us, nor are we responsible for their content or handling of personal data. Personal data of our employees is also not subject to this declaration.

The content of our websites and our business activities is addressed to legal entities and their employees and customers. It is not addressed to children under the age of 18.

3. CONTACTS

RESPONSIBILITY

Responsible for data processing:

EXPERSOFT SYSTEMS AG,
Hinterbergstrasse 20, CH-6312 Steinhausen
infoline@expersoft.com

Any other responsible entities will be mentioned below in this data protection declaration.

COMPANY DATA PROTECTION OFFICER

Please contact the data protection officer as follows:

EXPERSOFT SYSTEMS AG
Data Protection Officer Hinterbergstrasse 20, CH-6312 Steinhausen privacy@expersoft.com

SUPERVISORY AUTHORITY

Eidgenössischer Öffentlichkeits- und Datenschutzbeauftragter (EDÖB)
Feldeggweg 1, CH 3003 Bern
Contact form under www.edoeb.admin.ch
Tel. 041 (0)58 462 43 95

4. WHICH DATA DO WE COLLECT

The following data categories are processed by us or by any third parties engaged by us:

General business activities:

  • Communication and identification data (e.g. name, address, e-mail, phone, IP-address, etc.)

  • Contract master data (business relationship, product, contractual interest, etc.)

  • Client history / customer database

  • Invoicing data and payment details

  • Job application data

  • Planning and controlling data

  • Financial and transactional data

  • Information request data (e.g. Contract-relevant information which we receive from third parties)

When you access and visit our website(s), the following data or website information will be automatically sent via your browser to the server of our website operator:

  • Operating system in use

  • Browser type and browser version

  • Name of the host of the accessing computer

  • IP-address

  • Time, date, place, country of the server request to access to our website

  • Referral URL of accessed pages

  • Time of the access and transmitted data volume

  • Http-status-code

5. DATA PROCESSING PURPOSE AND LEGAL BASIS

We process and use personal data only if there is a legal basis or we received your expressed consent. With the acceptance of this data declaration you allow us to process your data for general business activities and other reasons e.g. newsletter, events, etc.

5.1 DATA FROM BUSINESS ACTIVITY

We process personal data of our clients, partners, interested parties, job applicants as far as it is necessary, in particular for the purpose of:

  • Contract and order processing

  • Service delivery and performance

  • Client administration

  • Billing, debt collection

  • Client support, answering questions and requests, support for technical issues

  • Evaluation, enhancement and new and continuing development of products, services, quality and functions

  • Combating misuse and criminal activities

  • Compliance with legal requirements and claiming legal rights

  • Marketing purposes

  • Processing of received client data and information for own data analyses

  • Application process and job recruitments

The data processing of the above data is based either on our legitimate interest in accordance with Art. 13 para. 2 lit. (a) DSG and Art. 6 para. 1sentence 1 lit. (b) GDPR or on your consent in accordance with Art. 13 para. 1 DSG or Art. 6 para. 1 sentence 1 lit. (a) & (b) in conjunction with Art. 7 GDPR.

5.2 WEBSITE INFORMATION

5.2.1 Browsing on our website(s)

When you browse and visit our website(s), the aforementioned data in Section 4 is automatically collected and stored. It is used on the one hand for statistical purposes which are evaluated accordingly, and on the other hand, for the assessment, enhancement and optimisation of the content and quality of our websites. However, it also contributes to the security, to the analyses of the system security and stability in order to detect any possible misuse at an early stage in order to work against it. In this way we can guarantee a smooth connection setup of the web page, as well as ease of use.

5.2.2 Use of / access to client platform

The legal basis for data processing according to this clause is Art. 13 para. 1 and para. 2 lit. (a) DSG and Art. 6 para. 1sentence 1 lit. (a) and lit. (f) GDPR. Our legitimate interest results from the aforementioned purposes. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person. We also do not use automatic decision making and profiling technologies.

5.3 JOB APPLICATION

Your job application will be always treated confidentially. The data provided to us will be processed, and, if necessary, forwarded and used exclusively for the purpose of selecting applicants and filling vacancies within our company. In addition to Paragraph 4, the contact and identification data and also the personal data will be processed.

After receiving your job application, for security reasons we reserve the right to send you a confirmation e-mail. With registration of or submission of your application to us, you agree that your personal data will be processed and that you will may be contacted and informed in writing or by telephone as part of the application process. Please note that your data is accessible to Human Resources Department and those responsible for the advertised job in Switzerland and abroad.

Personal data will be deleted after completion of the application procedure, but no later than 6 months after any rejection. Only with your expressed consent we will store your application for future vacancies for up to 18 months. You have the right to request the deletion, withdrawal or modification of your application at any time. Please contact us at jobs@expersoft.com.

The legal basis for data processing is Art. 13 para. 1 DSG and as far as applicable Art. 6 para. 1 sentence 1 lit. 1 (f) GDPR in conjunction with Art. 7 GDPR and is also based on your consent to the aforementioned purpose.

5.4 E-MAIL CORRESPONDENCE

If you contact us by e-mail, your voluntarily submitted personal data will be collected or recorded for the purpose of answering your requests or for contacting you and/or due to technical administration.

After final processing of your request, without any legal storage obligation or other justified storage interest, the data or e-mails will be deleted if they are no longer required for contract fulfilment or for any other agreed or justified purpose(s). In particular, data exchange that takes place in the preliminary business activity which cannot be assigned to a customer, business partner, etc. will be routinely deleted (within a defined period) after it has been answered.

Please note that data exchange by e-mail is not secure. Especially for confidential information and sensitive personal data, we recommend an encrypted transmission path. Please inform us in advance if you wish an encrypted communication with us.

In addition to your consent, the legal basis for data processing is Art. 13 para. 1 DSG and Art. 6 para. 1 sentence 1 lit. (f) GDPR. Our legitimate interest results from processing and responding your request(s) to your satisfaction.

Does your contacting aim at the conclusion of a contract, the legal basis for the processing furthermore is covered by Art. 13 para. 2 lit. (a) and Art. 6 para. 1 lit. (b) GDPR.

6. USE OF COOKIES, TRACKING & ANALYSING TOOLS

6.1 COOKIES

Cookies are small text files that are used and stored on web pages to provide certain features, to make the user experience more efficient, or to enable certain evaluations.

Our website(s) use different types of cookies. Most cookies are session cookies, which are automatically deleted from your device at the end of the browser session. Depending on the type of cookie, permanent cookies remain stored on your terminal for several days for up to 10 years and are automatically deactivated after its period has expired. Some cookies set on our pages are placed by third parties.

A list with the cookies we use, their provider and their type can be found here.

You can prevent or adjust the storage or installation of cookies by making appropriate settings in your browser. In addition, cookies that have already been saved can be deleted at any time by your browser or other software programs. Please note that deactivating cookies can also negatively affect the functionality of our website(s).

The legal basis for data processing is Art. 13 DSG and Art. 6 para. 1 lit. (f) GDPR. Our legitimate interest results from the use of cookies to enable the operation of an individual, targeted website tailored to customer needs.

6.2 ANALYSING AND TRACKING TECHNOLOGIES

According to the legal basis of our legitimate interest pursuant to Art. 13 DSG and/or Art. 6 GDPR, we use analysis and tracking technologies in order to obtain information about the use of our website(s), to improve or optimise our offer and content or to be able to correct errors and security gaps. These tools are usually provided by a third party. By using cookies information will be transferred to the server of a third party. These servers may be located abroad, depending on the type of service. The transmission of the data takes place under the shortening of the IP address, whereby the identification of the appropriate terminals is prevented.

Which technologies are used for which purpose you can find here.

7. DATA TRANSFER

7.1 TRANSFER TO THIRD PARTIES

We will not pass on any personal data to third parties unless we have informed you of this and you gave us your expressed consent to do so.

In principle, our website(s) can be used without the provision of personal data and with no data transmission to third parties. However, some services may require the transmission of personal data to third parties. A possible transfer takes place only based on legal regulations or in the context of an order data processing.

We reserve the right to transmit, within the scope defined below, collected information to third parties:

(i) Transfer to affiliated or controlled entities and subcontractors for the purpose of fulfilling contractual or legal obligations who are either subject to this Privacy Policy or who follow policies that provide at least as much protection as this Privacy Policy;

(ii) Disclosure to service providers who administer the website(s) or provide other services, such as monitoring the use of the website or creating statistical reports, only disclosing generic information that does not identify you, such as search engine operators, etc.;

(iii) Collected data may be disclosed to third parties to ensure protection for us or third party, if required by law or where such disclosure is necessary to protect our rights or those of third parties, e.g. to combat misuse, fraud etc.

Within the framework of our legitimate interest we may transfer your personal data within the group only for internal group administration purposes.

In the above circumstances, your personal data may be transferred to countries outside Switzerland or outside the European Economic Area ("EEA"). Personal data will only be transmitted on the basis of declarations of adequacy or other appropriate safeguards, in particular the standard contractual clauses of the European Commission.

Please do not hesitate to contact us in case of any questions to the above (Article 13 para.1 lit. (f) GDPR).

7.2 CROSS-BORDER PROCESSING BY CONTRACTED THIRD PARTIES

There is no cross-border processing of data in third countries which do not provide an adequate level of data protection. Should we, in exceptional cases, nevertheless transfer your data to such a country, you will be informed in an appropriate way, and we will ensure the protection of your personal data in a proper manner, for example by concluding data transfer agreements on the basis of the agreements approved, issued or recognised by the European Commission, so-called standard contractual clauses (Art. 46 para. 2 GDPR).

8. DATA STORAGE DURATION AND DELETION

We store and process your personal data to achieve the purpose for which it was collected as long as it is necessary, permitted or legally required. For example, we have a legitimate interest in storing your personal data as long as it is subject to a retention obligation or storage is necessary for evidence or security reasons. Your personal data will then be deleted from our systems or made anonymous so that you can no longer be identified. An irrevocable deletion is subject to the reservation of technical possibilities at the time of deletion or destruction.

9. DATA SECURITY

We protect our website(s) and data with technical and organizational measures against unauthorized physical and electronical access. Your personal data will be transmitted SSL-encrypted from this website to us.

10. YOUR RIGHTS

Within the framework of the DSG and also taking the GDPR into account, we grant you the following rights:

10.1 Right of access according to Art. 8 DSG and Art. 15 GDPR

You have the right to obtain our confirmation as to whether we process your personal data and, if so, to request information and access to about the processing of your personal data. This information includes, in particular, information regarding the purpose of the processing, the categories of personal data concerned and the recipients or categories of recipients to whom the personal data has been or will be disclosed.

We reserve the right to ask for your identity card before answering your request and, in the event of disproportionately high expenditure, to demand payment of the costs in advance.

10.2 Right to rectification according to Art. 5, Art. 2 DSG, and Art. 16 GDPR

You have the right to have your personal data processed by us completed and/or rectified.

10.3 Right to erasure according to Art. 15 DSG and Art. 17 GDPR

Furthermore, if we are not obliged to keep your personal data due to the applicable laws and regulations and there is no reason against it (according to Art. 17 para. 3) you have the right to have your personal data deleted to the extent that

- your personal data is no longer required for the purposes pursued;

- you have withdrawn your consent and there is no other legal basis for the processing;

- you have effectively objected to the processing;

- the processing has been unlawful.

10.4 Right to restriction of processing according to Art. 15 and Art. 18 GDPR

You may request us to restrict processing in the following cases:

- if you dispute the accuracy of the data for the duration of our verification and the subsequent rectification or refusal of rectification;

- if, in the event of unlawful processing, you refuse to delete the data and wish instead to limit the processing.

- if you request that the data shall not be deleted after fulfilling of the purpose but kept for the purpose of asserting rights.

The personal data concerned will be separated or marked for the duration of the limitation. Apart from the storage, any further processing of this personal data will only take place if you have given us your consent.

10.5 Right to data portability according to Art. 20 GDPR

Under certain conditions, you have the right to receive the personal data you provided us in a structured, generally used and machine-readable format. Upon request you are also entitled to have this personal data transmitted to another company to the extent that this is technically possible.

10.6 Right to object according to Art. 21 GDPR

Due to personal reasons, you have the right at any time to object to the processing of your personal data. Should you exercise this right of objection, your personal data will no longer be processed by us. Please note that there is no right of objection if we have compelling grounds for processing your data which outweigh your interests, rights and freedoms, or if the processing serves to enforce, exercise or defend legal claims, or if it is necessary for the conclusion and execution of a contract. If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time (newsletter, client events, etc.). After your objection, your personal data will no longer be processed for these purposes.

10.7 Right to withdraw its consent according to art.7 Abs. 3 GDPR

You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. You can demand your rights in connection with the processing of your personal data from the data protection officer.

10.8 Right to lodge a complaint according to art. 77 GDPR

You also have the right to lodge a complaint with the responsible supervisory authority if you believe that the processing of your personal data violates DSG and, as far as applicable, GDPR. In this situation, please do not hesitate to contact our data protection officer for any clarification or help.

11. MODIFICATIONS

We reserve the right to change or amend this Privacy Policy at any time. We recommend you consult this Privacy Policy periodically so that you are always aware of our current policy and any changes to the policy for the protection of your personal information. Any change to your disadvantage, will be appropriately announced in advance. Your consent is voluntary. If you do not agree with it, you can reject it within a set period of time. After this period has expired, this declaration is deemed to have been accepted (consent). Amendments or additions to this declaration, do not provide a right to extraordinary termination of any service contracts or other relationships.

12. APPLICABLE LAW AND PLACE OF JURISDICTION

All disputes arising out of or in connection with the use of this website or out of this data protection declaration shall be governed by Swiss Law and shall be settled exclusively by the courts having jurisdiction at the headquarters of EXPERSOFT in Steinhausen, excluding any conflict of law provisions. Mandatory courts of jurisdiction remain reserved.

Expersoft Systems AG, April 2019, V02