In this privacy policy, we, Gravitir AG (hereinafter referred to as we or us), explain how we collect and otherwise process personal data. This is not an exhaustive description; other data protection declarations and general terms and conditions may regulate specific matters. Personal data means any information relating to an identified or identifiable person.
If you provide us with the personal data of other parties (e.g. family members, data of work colleagues), please ensure that these persons are aware of this privacy policy and only provide us with their personal data if you are permitted to do so and if this personal data is correct.
This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ("DPA") and the revised Swiss Data Protection Act ("revDSG"). However, whether and to what extent these laws are applicable depends on the individual case.
We are responsible for the data processing described here. If you have any data protection concerns, you can send an inquiry to the following contact address:
Gravitir AG
Gewerbestrasse 6
6330 Cham
Switzerland
Tel: +41 (0)32 510 19 55
Email: info@gravitir.ch
We primarily process personal data from our customers and other business partners as part of our business relationship with them and other involved parties or which we collect from their users when operating our websites, apps and other applications. This includes the following information in so-called log files which the browser automatically transmits to us:
Browser type and browser version
Operating system
Referrer URL
Hostname of the accessing computer
Time of the server request
We collect personal data depending on the purpose, including, but not limited to:
Financial information (bank account information and payment processing data)
Contact information (surname, first name, address, telephone number, e-mail address)
Customer information (occupation, title, job title, social security number)
Hostname of the accessing computer
Network data (IP address, browser information, device information)
To the extent permitted, we also extract certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, internet) or receive such data from other companies within Gravitir AG, from authorities and other third parties. In addition to the data you provide to us directly, the categories of your personal data we receive from third parties include, in particular, information from public registers, information we acquire in connection with administrative and judicial proceedings, information in connection with your professional functions and activities (so that we can conclude and conduct business with your employer as an example), information about you in correspondence and meetings with third parties, credit reports (insofar as we do business with you personally), information about people from your environment (family, consultants, legal representatives, etc.) you provide us with, so that we can conclude or process contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney, information on compliance with legal requirements such as anti-money laundering, information from banks, insurance companies, sales and other contractual partners of ours regarding the use or provision of services by you (e.g. payments made, purchases made)), information about you from the media and the Internet (insofar as this is appropriate in the specific case, e.g. in the context of an application, press review, marketing/sales, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data related to the use of the website (e.g. IP address, MAC address of your smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location information).
We use the personal data collected by us primarily to conclude and settle our contracts with our customers and business partners, in the context of IT security and consulting including the purchase of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations at home and abroad. If you work for such a customer or business partner, you may also be affected in this function with your personal data.
In addition, we process your personal data and that of others, where permitted and deemed appropriate to us, also for the following purposes in which we (and sometimes also third parties) have a legitimate interest:
Offer and further developing our offers, services and websites, apps and other platforms on which we are present;
Communicating with third parties and processing their requests (e.g. job applications, media enquiries);
Review and optimisation of needs assessment procedures for the purpose of direct customer contact and collection of personal data from publicly available sources for the purpose of customer acquisition;
Advertising and marketing (including the organization of events), as long as you have not objected to the use of your data. In case we send you advertising as an existing customer, you can opt out at any time and we will put you on a blacklist to block further advertising mailings;
Market and opinion research, media monitoring;
Assertion of legal claims and defence in connection with legal disputes and official proceedings;
Prevention and investigation of criminal offenses and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud);
Ensuring our operations, in particular IT, our websites, apps and other platforms;
Other measures for IT, building and facility security and protection of our employees and other persons and assets belonging to or entrusted to us (e.g. access controls, visitor lists, network and mail scanners, telephone recordings);
The purchase and sale of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of personal data as well as measures for business management and compliance with legal and regulatory obligations and internal regulations of Gravitir AG
If you have granted us consent to process your personal data for specific purposes (for example, when you register to receive newsletters or perform a background check), we will process your personal data within the scope of and based on this consent, unless we have another legal basis and require one. Any consent given can be revoked at any time, but this has no effect on data processing that has already occurred.
We typically use "cookies" and similar technologies on our websites and apps to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website or install an app.
If you visit this website again or use our app, we can recognise you, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after your website visit ("session cookies"), cookies can also be used to store user settings and other information for a certain period (e.g. two years) ("permanent cookies"). However, you can set your browser so that it rejects cookies, only saves them for one session or otherwise deletes them prematurely. Most browsers are preset to accept cookies. We use permanent cookies to save user settings (e.g. language, autologin) so we can provide you with a better user experience. If you block cookies, certain functions may no longer work.
We use analytics tools or similar services on our websites. This is a service provided by third parties that may be located in any country in the world. In the case of Plausible Analytics, it is www.plausible.io, with which we can measure and analyse the use of the website in a completely anonymised manner. The data collected is processed within the legal framework of the GDPR and does not leave the EU. No cookies are used by the service provider for this purpose. The processing of your personal data by the service provider is the responsibility of the service provider in accordance with its data protection regulations. The service provider only informs us about how our respective website is used (no information about you personally).
We use links to our social media on our websites. This is visible to you via the corresponding symbols. If you activate them (by clicking on them), you will be redirected to the operator of the respective social network. By doing so, the operator is responsible for processing your personal data in accordance with its data protection provisions. We do not receive any information about you from them.
As part of our business activities and for the purposes set out in Section 3, we also disclose data to third parties to the extent permitted and deemed appropriate, either because they process it for us or because they wish to use it for their own purposes. This applies to the following entities:
Our service providers (within Gravitir AG and externally, e.g. banks, insurance companies), including contract processors (e.g. IT providers);
Dealers, suppliers, subcontractors and other business partners;
Customers;
Domestic and foreign authorities, official entities or courts;
Media;
Public, including visitors to websites and social media;
Competitors, industry organisations, associations, organisations and other entities;
Acquirers or parties interested in acquiring business units, companies or other parts of Gravitir AG;
Other parties in potential or actual legal proceedings;
all joint recipients.
Some of these are domestic recipients, but they can be anywhere in the world. Generally, you must expect your data to be transferred to all countries in which Gravitir AG is represented as well as to other countries in Europe and the USA where the service providers we use are located (e.g. Microsoft, SAP, Amazon).
We process and store your personal data for as long as necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, execution until the termination of a contract) and beyond that in accordance with the legal storage and documentation obligations. It is possible that personal data is retained by us for the period where claims are asserted against our company or where we otherwise are legally obliged to legitimate business interests. For example, for evidence and documentation purposes. As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as far as possible. In general, shorter retention periods of twelve months or less apply to operational data (e.g. system protocols, logs).
We take appropriate technical and organisational security precautions to protect your personal data from unauthorised access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation, general controls.
As part of our business relationship, you must provide the personal data that is necessary for the establishment and realisation of a business relationship and the fulfilment of the associated contractual obligations (you are not generally under a legal obligation to provide us with data). Without this data, we will generally not be able to initialise or fulfil a contract with you (or the entity or person you represent). The website can also not be used if certain information to secure data traffic (such as IP address) is not disclosed.
Within the scope of data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR), you have the right to information, correction and deletion. Furthermore, you have the right to restrict data processing and the disclosure of certain personal data for the purpose of data transfer to another organization (e.g. data portability).
Please note that we reserve the right to assert the restrictions provided by law. For example, if we are obliged to store or process certain data and thus have an interest in doing so or need the data to assert claims. We will inform you in advance if you may be liable to pay any cost in relation to that. We have already informed you about the possibility of withdrawing your consent in section 3. Please note that using these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract or cost consequences. In case this is not already contractually regulated, we will inform you in advance.
The enforcement of such rights generally requires you to clearly prove your identity (e.g. by means of a copy of your identity card). To assert your rights, you can contact us at the address stated in section 1.
Every concerned person has the right to enforce their claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (edoeb.admin.ch).
We may update this privacy policy at any time without prior notice. The current version published on our website shall apply. If the privacy policy is part of an agreement with you, we will inform you of the change by email or other suitable means in the event of an update.
Our data protection policy is available in German and English language. In the event of any differences of the meaning or interpretation between the German and English version, the German text or interpretation thereof shall prevail.
If you have any questions or suggestions about this Privacy Policy, do not hesitate to contact us at hello@secretify.ch
This document is based on the German template ‘Vorlage Allgemeine Datenschutzerklärung’ published by DSAT.ch and has been edited to our needs.
Authors: David Rosenthal, Katrina Frame. All rights reserved.
Editorial Team: David Rosenthal (david.rosenthal@homburger.ch), David Vasella (david.vasella@walderwyss.com)