18. July 2023
Privacy is a matter of trust, and your trust is important to us. We have therefore published this privacy notice (Privacy Notice)
While Benetics AG is based in Switzerland, the new Federal Act on Data Protection (FADP) and the European Union's General Data Protection Regulation (GDPR) are important to us. We wish to provide the FADP's and GDPR's high level of protection to all individuals whose personal data we process, whether or not the FADP and GDPR apply to us (though some exceptions may apply). This Privacy Notice is therefore based on the FADP and GDPR. It is important to us that you are fully informed about how we process your personal data. It is important to us that you understand:
which personal data we collect about you;
when we collect your personal data;
the purpose for which we use your personal data;
how long we retain your personal data;
who has access to your personal data; and
what rights you have with regard to your personal data.
You will find corresponding notes and explanations below. If you have any questions, please do not hesitate to contact us. You can find our contact details below.
For every data processing operation there is a responsible entity (called the "controller"). The following entity (also "Benetics", "we" or "us") is the controller for the data processing explained in this Privacy Notice:
Benetics AG, Heinrichstrasse 25, 8005 Zurich, Switzerland
Phone: +41 762226856
Benetics Privacy & Compliance Representative: firstname.lastname@example.org
This privacy notice applies to all processing of personal data in connection with our business activities, including processing of personal data that we have received earlier or will receive in the future. Additional Privacy Policies may apply for certain services. We will inform you of these provisions in an appropriate manner where such is the case.
Personal data is all information that relates to a particular individual (provided that under Swiss law, information relating to a legal entity is also considered to be personal data). Personal data includes the following information, for example:
contact information such as names, addresses, e-mail addresses and telephone numbers;
other personal information such as profile photos, affiliation with Organisations and professions.
We process personal data of
users of our services and apps;
visitors of our own and our customers' websites and portals;
individuals using or interested in our products and services;
employees and contacts of our suppliers and other business partners;
persons who apply for a job with us;
persons who otherwise communicate with us.
Generally, you need to be 12 years or older to use our products and services. If you are younger than 12 years and wish to use our products and services, please send us an e-mail to email@example.com in order for us to obtain parental consent.
Personal data is generally collected from you directly when you use our services and apps, register with us and/or visit our or our customers' websites. However, personal data might also be collected from other sources. For example, we may obtain information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our services from a mobile device, that device may send us data about your location based on your phone settings.
We process personal data in the following situations and for the following purposes:
Authorize access: We process personal data to authorize access to our services;
Visiting websites and using apps: We process your personal data when you visit our websites and/or use an app as explained below;
Communication: We process personal data when you contact us or when we contact you, e.g. when you contact our customer service as well as when you write or call us. We use this data in order to provide you with information, process your request and to communicate with you.
Business partners: We work together with various companies and business partners, for example suppliers, service recipients, cooperation partners and service providers. We process personal data about the contact persons in these organisations, for example names, functions and titles, in order to enter into and process contracts and business relationships, but also for customer relationship management.
Applicants: We process personal data about you when you apply for a job with us, in order to process and evaluate your application and to prepare for an employment should your application be successful. As a general rule, we require the usual information and documents as well as information mentioned specifically in a job advertisement.
Other purposes: We process personal data for other purposes including, for example, to comply with legal requirements, such as disclosing information to an authority if we have good reason or are legally obliged to do so; to protect our rights, e.g. to assert claims in and out of court and before local and foreign authorities or to defend ourselves against claims; to prepare and consummate company transactions such as sales and purchases of assets; and for other purposes whenever legal obligation require processing.
Log data: When you visit our website or a third-party website where our services are integrated, or when you install or use an app from us, we process a set of basic information such as information about the time the website, app or service was accessed, the duration of the visit and the pages and services accessed. We use this personal data to ensure and improve IT security, but also to improve the user-friendliness of our websites and services.
AWS Cognito: Our mobile app uses AWS Cognito for login and registration purposes.
We only process the minimum amount of personal data on Firebase that is necessary to provide authentication. This includes only the following personal information:
Data provided by SSO provider (if SSO used)
Under the following link you can find the AWS Cognito privacy notice: https://aws.amazon.com/privacy/
Branch.io Our mobile app uses branch.io to provide deep links for a seamless handover between web applications and our mobile app. The following link provides the branch.io privacy notice: https://branch.io/policies/#privacy
Our employees access personal data as necessary for their tasks for the purposes set out above. They act in accordance with our instructions and are bound to confidentiality when processing your personal data. We may also transfer your personal data to service providers who perform business operations on our behalf ("processors"), for example IT services such as hosting, cloud services, newsletter processing, data analysis etc. All processors are under an obligation to process personal data only on our behalf and according to our instructions.
There are other cases where we may disclose your personal data to third parties, for instance:
in the context of corporate transactions. In such cases, it may not be possible to inform you in advance if your personal data is affected for reasons of confidentiality;
if required by law, for example to comply with a court order;
to assert or defend legal claims or if we consider it necessary for other legal reasons.
For Swiss and EU residents, your personal data is kept on servers in Switzerland and/or in the EU. However, we may transfer personal data to other countries, for example to service providers we use, even outside of the EEA and/or Switzerland. The recipients' countries may not protect your personal data to the same extent as the laws in Switzerland or in the EEA. If we disclose personal data to such a third country, we will take appropriate measures to ensure the protection of your personal data, for example by concluding appropriate data transfer agreements such as contracts issued or approved by the European Commission and the Federal Data Protection and Information Commissioner. Please contact us if you would like to obtain a copy of our data transfer contracts.
For users outside Switzerland and the EU, your personal data is stored in geographically close positions (e.g. US for North American users).
We apply appropriate technical and organisational measures to ensure a level of security appropriate to the risk and protect it your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. However, no system or network can ever be guaranteed to be 100% secure.
We retain personal data for as long as necessary for the purposes for which it is collected and processed, and as long as we have a legitimate interest in keeping it for example for the enforcement of or the defence against claims, for archiving purposes or for ensuring IT security. We also retain your personal data as long as it is subject to a legal retention obligation. For example, some documents have a ten-year retention period. Other documents will be retained for a short period only.
You can delete your account with us at any time by sending a message to firstname.lastname@example.org from the account you have registered with. We will delete your account but may keep certain personal data as explained above.
You may at any time object to the processing of your personal data, in particular against data processing for direct marketing purposes.
In addition, you have the following rights:
Access right: You have the right to request, at any time and free of charge, access to your personal data stored and processed by us.
Right to rectification: You have the right to have incorrect or incomplete personal data corrected or updated.
Right to erasure: You have the right to have your personal data erased if it is no longer necessary for the purposes pursued, if you have withdrawn your consent (provided there are no other grounds for processing) or have objected to the processing, or if your personal data is being processed unlawfully.
Right to restrict processing: Under certain circumstances, you have the right to request that the processing of your personal data be restricted.
Right to data portability: Under certain circumstances, you have the right to receive the personal data concerning you, which you have provided to us, free of charge, in a commonly used and machine-readable format.
Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority about the way we handle or process your personal data.
Right to withdraw consent: You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
Applicable law permits our data processing activities, in particular, if they are based on valid consent, if they are necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, if they are necessary to fulfill a legal obligation or and if they are necessary for legitimate interests. Our legitimate interests include, for example, monitoring, ensuring and improving the security of our infrastructure and services; measuring and improving our services; developing additional services; and enforcing or defending claims.
You may wish or need to provide us with third party personal data. In this case you are obliged to inform the relevant persons accordingly and ensure that this data is accurate.
We may modify this Privacy Notice from time to time if we change our data processing activities or if new legislation becomes applicable. We actively inform people registered with us of such modifications if this is possible without disproportionate effort. In general, however, a data processing activity is subject to the version of the Privacy Notice which is the latest version at the beginning of the relevant processing.