1 PREAMBULE
We attach great importance to the protection of privacy, including personal data. This document explains our policy regarding how we process personal data, the data we collect, the purposes of processing and the legal basis for such processing. This Privacy Policy applies to, and forms an integral part of, our contracts.
2 GENERAL
We are committed to complying with the Swiss Data Protection Act (nLPD) or, where applicable, the standards of the European Union General Data Protection Regulation (GDPR – EU 2016/679).
We also recognize the importance of cooperating with our clients to fulfil all legal obligations, including responding to data subject requests, providing access to personal data, cooperating with regulatory inspection and audit requests, and establishing additional agreements for international data transfers in order to protect personal data.
3 ACTING AS DATA CONTROLLER
When we act as data controller, we collect and manage certain personal data, generally referred to as “business information”.
This includes data shared with us by our clients, such as name, telephone number, address, email address and role within the organization. It may also include technical information, such as the relevant IP address, as well as bank details for payment purposes.
We process this personal data only to fulfil our contractual obligations, manage business relationships, process orders and contracts, provide products and services, issue invoices and provide support.
Our data processing activities include the implementation of technical and security measures to protect personal data. We also process analytical and statistical data related to contractual obligations, quality, security, reporting and billing.
4 ACTING AS DATA PROCESSOR FOR OUR CLIENTS
As part of a managed services agreement, we process client data as a processor of certain client data, including client content, while the client remains the data controller and owner of its client content.
As a processor, we process personal data exclusively on behalf of the client and in accordance with the contractual provisions, or to the extent necessary to fulfil our contractual obligations.
The client content data entrusted to us is not read, modified or assessed by us without the client being informed.
Technical and organizational security measures are implemented to protect such data against unlawful access by third parties, although we have no influence over the security of client content data when it is transferred through public networks.
Where technically possible and upon the client’s request, specific security measures may be added to the standard services, such as data encryption. These measures are chosen by the client and require the prior agreement of both parties.
Upon expiry or termination of the services, we return the client content, upon the client’s request, in a standard format and destroy the client content data no later than 90 days after expiry or termination of the services.
We only disclose client data to public authorities when legally required to do so.
Unless otherwise stated in the contract, when acting as a processor hosting your personal data, our data centre is located in Switzerland.
5 TOWARDS THIRD PARTIES
In certain cases, we may need to involve third parties in the performance of the services, which may involve access to client data. In such cases:
• Third parties are granted limited and controlled access to the personal data necessary for business processes, for example to maintain the operation of information technology,
• We require third parties to handle data protection in accordance with applicable legislation,
• We disclose only the information necessary, where applicable, for the provision of the services.
When we engage a new third party that may access a client’s personal data, we inform the client in advance in writing.
If a client does not agree with such an arrangement, both parties will explore alternative options, including a potential right of termination for the client if no satisfactory alternative is found.
For any questions relating to personal data, you may contact us at the following email address: accounts@awsmtech.ch.
You may also contact us by post at our company address.