1. What is this about?
Your Privacy matters to us, which is why we comply with the applicable data protection laws, including the EU General Data Protection Regulation ("GDPR"), which has been in force since May 25, 2018 and regulates the processing of Personal data (hereinafter "Personal data") of (natural) persons. In this regard, Personal data is all information that relates to an identified or identifiable person.
2. How can I get in touch with you regarding privacy issues?
Agilentia Ltd. is a holding company to which several companies, including Sherpany Ltd., are affiliated to (all together hereinafter “Sherpany”). Agilentia Ltd. is responsible for the data processing as described in this declaration, unless otherwise stated in the individual case.
by Mail: Agilentia Ltd., Data Protection, Niederdorfstrasse 88, 8001 Zurich (Switzerland); or
by email: firstname.lastname@example.org
3. What legal grounds do you have to process my Personal data and which data is collected about me / processed for which purposes?
We collect and process Personal data that you provide to us when communicating with us (such as your name and contact information, language preference, job title, business affiliations, and other information you provide to us either directly or indirectly). The Personal data may relate to you as well as your employees and/or agents. In some cases, the Personal data is supplemented by data obtained from other public sources, such as company websites or online media, for the purpose of confirming your identity or position or obtaining further information to help us communicate with you.
If you are a potential recruit, we may e.g. process the following Personal data: Name and job title; contact information including email-address, physical address, and phone number; CV/Resume, including your age and/or gender (if you provide it to us), your education, job history and/or similar information that you provide to us. It can be necessary for us to use or process your Personal data for the following reasons:
- Contract: to perform our obligations under any contract or engagement that we may have with you or your organization (i.e. to register you as a (potential) client, to provide Services, to process billing etc.)
- Legitimate interests: Where it is in our legitimate interest (or a third party's legitimate interest) to use Personal data to ensure we are providing Services in the best way possible (e.g. to administer and manage our relationship with you, whether through accounting, auditing, or other steps linked to the performance of our business relationship; to analyze and improve our communications, Products and/or Services and remain compliant with our policies; and/or to deliver the work product or Products and/or Services you have engaged us to provide.
- Legal Obligations: It may be our legal obligation to use your Personal data in order to comply with certain legal obligations imposed upon us, including but not limited to anti-money laundering, fraud and crime prevention.
- Consent: We may rely on your freely given consent at the time you provided us with your Personal data.
When visiting the website:
- Principle: In general, you can visit our website (www.sherpany.com) without having to actively disclose your Personal data or any information. In certain areas of the website, we will draw your attention to additional contact options so that you can obtain further information about our product and/or services. When you call up our website, the server of our website temporarily stores information about the accesses. The information includes the IP address, date and time of access, name and URL of the accessed file, details of the website from which the access is made (referrer URL), device type and the operating system of the terminal device, the type of browser used and the name of the access provider. We use this data to ensure a smooth connection and the best possible use of our website, for evaluation purposes of system security as well as stability and for any other administrative purposes. The basis for this data processing is our legitimate interest (or a third party's legitimate interest) to use Personal data to ensure we are providing Services in the best way possible.
- Cookies: There are Cookies which are used on our website. "Cookies" are text files that are stored on your computer and enable us to analyse the use of our website. In addition to an optimised offer, cookies can also serve to make the use of our offer more pleasant for you (user-friendliness). You can prevent the installation of the cookies by using an appropriate deactivation add-on (http://tools.google.com/dlpage/gaoptout?hl=de). In addition to the option of preventing the installation of cookies by making the appropriate settings. You can set up your browser in a way that no cookies are stored on your computer. As a result, you will receive a message before a cookie is installed. A complete deactivation of the cookies can lead to the fact that our website is not fully functional for you. The basis for this data processing is our legitimate interest (or a third party's legitimate interest) to use Personal data to ensure we are providing Services in the best way possible.
- Web analysis tools (Google Analytics): For the purpose of designing our website to meet your needs and continuously optimizing it, we use Google Analytics, a web analytics service provided by Google Inc, (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). The use of this service enables us to statistically record and evaluate the use of our website. This information may also be transferred to third parties where required by law or where third parties process this data on our behalf. In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie includes the browser type and version, the size of the browser window, the language of the browser, installation of Java, installed Flash version, the resolution used, the operating system used, the name and URL of the file accessed, the title of the page, the previously visited page (referrer URL), the (anonymised) IP address of the accessing terminal device, the approximate location of the access and the time of the server request. The data is transferred to a Google server in the US and stored there. We only use Google Analytics with activated IP anonymisation. The basis for this data processing is our legitimate interest (or a third party's legitimate interest) to use Personal data to ensure we are providing Services in the best way possible.
- Newsletter registration: If you have subscribed to our newsletter, we use your email address and your name to send you the newsletter you sign up for. When you subscribe to the newsletter, we can identify the content type or the page from which you are subscribing to the newsletter. We use this information to provide you with content tailored to your interests. You can unsubscribe to the newsletter at any time using the link at the end of each newsletter or via email@example.com. The basis of this data processing is your consent.
- Contact form: For questions of any kind we offer you on our website the possibility to contact us via form. In order to use the contact form, it is necessary to enter your email address and your name. The provision of further data is voluntary. The basis of this data processing is your consent.
- Download from the website: We provide content on our website, some of which can be downloaded by visitors (e.g. whitepapers, factbooks, guides). Before downloading this content, you are required to provide certain Personal data and information, which can be used from us only for the purposes stated at the time of data collection. On a voluntary basis, the visitor can also register for the newsletter or other services that may result in the data processing mentioned there before downloading. The basis of this data processing is your consent.
- Other purposes: We reserve the right to process your Personal data for purposes other than those mentioned above. However, we will inform you of this at an appropriate point and, if necessary for any reasons, we will ask for your consent in advance.
4. Where are you transferring my Personal data?
We take data processing very seriously. We only disclose your Personal data within Sherpany and/or to third parties if you have given your express consent, if disclosure is permitted by law and necessary for the execution of (contractual) relationship with you and/or if there is a legal obligation to disclose the data or if disclosure is necessary for the assertion, exercise or defence of legal claims and/or there is no reason to assume that you have an overriding legitimate interest in not disclosing the data.
In the event of disclosure, your data will be processed solely in accordance with our instructions. If the commissioned data processing is carried out in countries which do not have an equivalent level of data protection in relation to Switzerland and/or the EU, we will ensure their equivalent protection by taking appropriate precautions during the entire processing of your Personal data.
5. What precautions do you take with regard to data security?
We have implemented technical and organizational measures in an attempt to safeguard the Personal data in our custody and control. While we always make a conscious effort to protect our systems, operations, sites and information against unauthorized access, use, modification, and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that information, during transfer or storage, will be absolutely safe from interception.
On our website, we use the widely used Transport Layer Security Procedure (TSL) in conjunction with the highest level of encryption supported by your browser. Usually this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. We also use suitable technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction and/or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments and are ISO/IEC 27001:2013 certified.
6. What rights do I have in connection with my Personal data?
You have the following rights regarding the Personal data we hold about you:
Right of access: You have the right to ask us to furnish you with a copy of the Personal data that we hold about you. Please note that if you need additional copies or if the request is excessive or abusive, we are entitled to charge a reasonable fee.
- Right of rectification: If Personal data we hold about you is inaccurate or incomplete, you are entitled to ask us to rectify it.
- Right of erasure: You can request for us to delete or remove your Personal data in certain circumstances (i.e. if consent is relevant under GDPR or applicable data protection laws, where you have withdrawn your consent).
- Right to restrict processing: You can ask us to block or suppress processing of your Personal data in certain circumstances (i.e. where you dispute the accuracy of the Personal data or object to us).
- Right to data portability: Under certain circumstances, you have the right to obtain Personal data you have provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to a third party.
- Right to object: You can request that we stop processing your Personal data.
- Right to withdraw consent: You have the right to fully or partly withdraw your consent at any time if you have provided your consent to the collection, processing and transfer of your Personal data. You can click on the ‘unsubscribe’ link in the email you received from us or use our contact form.
- Right to submit a complaint: You have the right to contact us as well as the relevant Supervisory Authority (in Switzerland, the Federal Data Protection and Information Commissioner) if you do not agree with our data processing.
If you wish to exercise one of the rights listed above, please contact us (for contact details see Section 2).
7. How long do you keep my Personal data?
Your Personal data is deleted as soon as the purpose for which it was collected is fulfilled. When you visit the website, this is a maximum of 2 years from the last interaction with you. If you are a (potential) contractual relationship with us (i.e. customer, employee), we retain your Personal data for a maximum of 10 years from the date of our last interaction with you and in compliance with our obligations under the GDPR, or for longer if required to do so according to regulatory obligations. After such time, we destroy the files without further notice or liability.
For recruiting purposes, we retain Personal data throughout the Sherpany recruiting process and delete the Personal data once the recruiting process is over, at the latest, however, as soon as we no longer have a legitimate interest in it.
8. pro memoria: Provisions on data protection when using Sherpany
If you, as an authorized user of a customer of ours, wish to access and use our software via one of the various interfaces (browser, iOS App, Windows App and the Sherpany Outlook add-ins "Send Documents" and "Create Meetings"), we will process your Personal data in connection with your access and use as a processor (and not as a responsible party) for the purposes of fulfilling our contractual obligations under the service contract between us and the customer in question. The latter is responsible for our processing of your Personal data in this context. If you have any questions, requests for information, etc. concerning the processing of your Personal data in connection with your access to and use of the software, please contact the customer for whom you are accessing the Sherpany software directly.