In this privacy policy, we, Gravitir AG (hereinafter referred to as we or us), explain how we collect and otherwise process personal data. This is not an exhaustive description; other data protection declarations and general terms and conditions may regulate specific matters. Personal data means any information relating to an identified or identifiable person.
If you provide us with the personal data of other parties (e.g. family members, data of work colleagues), please ensure that these persons are aware of this privacy policy and only provide us with their personal data if you are permitted to do so and if this personal data is correct.
This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ("DPA") and the revised Swiss Data Protection Act ("revDSG"). However, whether and to what extent these laws are applicable depends on the individual case.
We are responsible for the data processing described here. If you have any data protection concerns, you can send an inquiry to the following contact address:
Gravitir AG
Gewerbestrasse 6
6330 Cham
Switzerland
Tel: +41 (0)32 510 19 55
Email: info@gravitir.ch
We primarily process personal data from our customers and other business partners as part of our business relationship with them and other involved parties or which we collect from their users when operating our websites, apps and other applications. This includes the following information in so-called log files which the browser automatically transmits to us:
Browser type and browser version
Operating system
Referrer URL
Hostname of the accessing computer
Time of the server request
We collect personal data depending on the purpose, including, but not limited to:
Financial information (bank account information and payment processing data)
Contact information (surname, first name, address, telephone number, e-mail address)
Customer information (occupation, title, job title, social security number)
Hostname of the accessing computer
Network data (IP address, browser information, device information)
To the extent permitted, we also extract certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, internet) or receive such data from other companies within Gravitir AG, from authorities and other third parties. In addition to the data you provide to us directly, the categories of your personal data we receive from third parties include, in particular, information from public registers, information we acquire in connection with administrative and judicial proceedings, information in connection with your professional functions and activities (so that we can conclude and conduct business with your employer as an example), information about you in correspondence and meetings with third parties, credit reports (insofar as we do business with you personally), information about people from your environment (family, consultants, legal representatives, etc.) you provide us with, so that we can conclude or process contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney, information on compliance with legal requirements such as anti-money laundering, information from banks, insurance companies, sales and other contractual partners of ours regarding the use or provision of services by you (e.g. payments made, purchases made)), information about you from the media and the Internet (insofar as this is appropriate in the specific case, e.g. in the context of an application, press review, marketing/sales, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data related to the use of the website (e.g. IP address, MAC address of your smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location information).
We use the personal data collected by us primarily to conclude and settle our contracts with our customers and business partners, in the context of IT security and consulting including the purchase of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations at home and abroad. If you work for such a customer or business partner, you may also be affected in this function with your personal data.
In addition, we process your personal data and that of others, where permitted and deemed appropriate to us, also for the following purposes in which we (and sometimes also third parties) have a legitimate interest:
Offer and further developing our offers, services and websites, apps and other platforms on which we are present;
Communicating with third parties and processing their requests (e.g. job applications, media enquiries);
Review and optimisation of needs assessment procedures for the purpose of direct customer contact and collection of personal data from publicly available sources for the purpose of customer acquisition;
Advertising and marketing (including the organization of events), as long as you have not objected to the use of your data. In case we send you advertising as an existing customer, you can opt out at any time and we will put you on a blacklist to block further advertising mailings;
Market and opinion research, media monitoring;
Assertion of legal claims and defence in connection with legal disputes and official proceedings;
Prevention and investigation of criminal offenses and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud);
Ensuring our operations, in particular IT, our websites, apps and other platforms;
Other measures for IT, building and facility security and protection of our employees and other persons and assets belonging to or entrusted to us (e.g. access controls, visitor lists, network and mail scanners, telephone recordings);
The purchase and sale of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of personal data as well as measures for business management and compliance with legal and regulatory obligations and internal regulations of Gravitir AG
If you have granted us consent to process your personal data for specific purposes (for example, when you register to receive newsletters or perform a background check), we will process your personal data within the scope of and based on this consent, unless we have another legal basis and require one. Any consent given can be revoked at any time, but this has no effect on data processing that has already occurred.
When you visit or otherwise interact with our Services, we and partners may collect certain “Usage Information” by automated means, using technologies such as cookies, web server logs, image pixels, web beacons and JavaScript (collectively referred to as “Tracking Technologies”). Usage Information may include your device IP address or other unique device identifier, web browser characteristics, device characteristics, operating system, language preferences, referring URLs, clickstream data, and dates and times of website visits. In some cases, we may directly collect location information through your device. You may be able to turn off the collection of location information through the settings on your device.
We use the following types of Tracking Technologies to automatically collect information when you interact with us online:
Cookies and Pixels: A “cookie” is a text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. These technologies may be used for many purposes by us, our service providers, and our third-party business partners, such as automatically collecting Usage Information, enabling features, serving advertisements to you online, and remembering your preferences. Pixels are small pieces of code used to collect usage analytics. We may use cookies, pixels, and other similar technologies to help keep your use of the Services more secure, to study traffic patterns on the Services, to study the effectiveness of our customer communications, to maintain the integrity of the Services, to measure crash analytics and other maintenance related information, to manage and measure the performance of advertisements displayed on or delivered by or through the Services, and to personalize your experience through the Services, such as to recognize you when you return to the Services. Most browsers are preset to accept cookies. We use cookies to save user settings (e.g. language, autologin) so we can provide you with a better user experience. If you block cookies, certain functions may no longer work. If you do not want to accept cookies, you can block them by adjusting the settings on your Internet browser or via the Cookie Preferences on our website and App.
Software Development Kits (SDKs): An SDK is a software package that contains a set of tools that can be used to help build applications and implement new features in existing apps. These tools can be used to create and operate features that collect information from your device.
Analytics: We use analytics tools or similar services on our websites. This is a service provided by third parties that may be located in any country in the world. We can measure and analyse the use of the website. The processing of your personal data by the service provider is the responsibility of the service provider in accordance with its data protection regulations. The service provider informs us about how our respective website is used.
We use links to our social media on our websites. This is visible to you via the corresponding symbols. If you activate them (by clicking on them), you will be redirected to the operator of the respective social network. By doing so, the operator is responsible for processing your personal data in accordance with its data protection provisions.
As part of our business activities and for the purposes set out in Section 3, we also disclose data to third parties to the extent permitted and deemed appropriate, either because they process it for us or because they wish to use it for their own purposes. This applies to the following entities:
Third party service providers (within Gravitir AG and externally, e.g. banks, insurance companies), including contract processors (e.g. IT providers): We allow those third parties to collect information about you, to enable them to perform services on our behalf, such as website hosting, conducting website usage analytics, sending email, text, or other communications, fulfilling orders, providing marketing assistance and data analysis, processing payments, and other services.
Dealers, suppliers, subcontractors and other business partners: When you use the Services to interact with third parties who operate certain portions of the Services, those third parties may share certain information about you with us (as described above) and we may also share certain information with that third party. It also includes information regarding your use of the Services and the products you purchase.
Public, including visitors to websites and social media: We may share information when you direct us to do so. For example, you may choose to write a product review, send a message, or engage with a social media service or third party application or feature, through which information about you is shared. Please note that we are not responsible for the privacy practices of third parties. In addition, we or a third-party social networking or review platform may offer features, such as message boards and other public areas, where you can choose to interact with others and/or submit content or post publicly. Content that you post publicly may be viewed, collected, and used by others and the protection by this Privacy Policy will not apply.
Acquirers or parties interested in acquiring business units, companies or other parts of Gravitir AG: Third parties who may acquire your information as a result of a merger, acquisition or other ownership transition. We reserve the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); by providing your information, you understand and agree that we may transfer such information to the acquiring entity without your further consent.
Other parties in potential or actual legal proceedings: We also may disclose information about you (i) if we are required to do so by law, regulation or legal process (such as a court order or subpoena), (ii) in response to requests by government agencies, such as law enforcement authorities, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity; (iv) to protect and/or defend the Terms of Use, or other policies applicable to a Service; or (v) to respond to an emergency.
all joint recipients.
Some of these are domestic recipients, but they can be anywhere in the world. Generally, you must expect your data to be transferred to all countries in which Gravitir AG is represented as well as to other countries in Europe and the USA where the service providers we use are located.
We process and store your personal data for as long as necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, execution until the termination of a contract) and beyond that in accordance with the legal storage and documentation obligations. It is possible that personal data is retained by us for the period where claims are asserted against our company or where we otherwise are legally obliged to legitimate business interests. For example, for evidence and documentation purposes. As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as far as possible. In general, shorter retention periods of twelve months or less apply to operational data (e.g. system protocols, logs).
We take appropriate technical and organisational security precautions to protect your personal data from unauthorised access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation, general controls.
As part of our business relationship, you must provide the personal data that is necessary for the establishment and realisation of a business relationship and the fulfilment of the associated contractual obligations (you are not generally under a legal obligation to provide us with data). Without this data, we will generally not be able to initialise or fulfil a contract with you (or the entity or person you represent). The website can also not be used if certain information to secure data traffic (such as IP address) is not disclosed.
Within the scope of data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR), you have the right to information, correction and deletion. Furthermore, you have the right to restrict data processing and the disclosure of certain personal data for the purpose of data transfer to another organization (e.g. data portability).
Please note that we reserve the right to assert the restrictions provided by law. For example, if we are obliged to store or process certain data and thus have an interest in doing so or need the data to assert claims. We will inform you in advance if you may be liable to pay any cost in relation to that. We have already informed you about the possibility of withdrawing your consent in section 3. Please note that using these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract or cost consequences. In case this is not already contractually regulated, we will inform you in advance.
The enforcement of such rights generally requires you to clearly prove your identity (e.g. by means of a copy of your identity card). To assert your rights, you can contact us at the address stated in section 1.
Every concerned person has the right to enforce their claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (edoeb.admin.ch).
We may update this privacy policy at any time without prior notice. The current version published on our website shall apply. If the privacy policy is part of an agreement with you, we will inform you of the change by email or other suitable means in the event of an update.
If you have any questions or suggestions about this Privacy Policy, do not hesitate to contact us at hello@secretify.ch
This document is based on the German template ‘Vorlage Allgemeine Datenschutzerklärung’ published by DSAT.ch and has been edited to our needs.
Authors: David Rosenthal, Katrina Frame. All rights reserved.
Editorial Team: David Rosenthal (david.rosenthal@homburger.ch), David Vasella (david.vasella@walderwyss.com)