In this policy, we tell you how we treat and protect your personal data.
We explain here:
- who processes personal data,
- what personal data we process,
- the purposes for which we process personal data,
- the legal bases on which we process personal data,
- to whom we disclose personal data,
- how long we store personal data,
- whether you must provide us with personal data, and
- what your rights as a data subject in the European Union are.
The Swiss Data Protection Act applies to our data processing. Under certain circumstances, the General Data Protection Regulation of the European Union may also apply, which below we will abbreviate to GDPR.
Last update: 13.05.2019
1 Who processes personal data?
The controller of personal data is:
If you have any questions or concerns regarding data protection, please contact:
Polariton Technologies Ltd
c/o Claudia Hössbacher
2 What personal data do we process?
When you visit our website (www.polariton.ch), our server stores a logfile. In the logfile, we collect and process the following data:
- The IP address from which our website was accessed. This is a number used on the Internet to communicate on the network.
- The date and time of access to our website.
- HTTP protocol information, such as protocol type, protocol version, http requests, status codes, information on the transferred data. This is technical data that is generated when network traffic on the Internet occurs.
- Error messages that occurred during access.
- The type and version of the browser utilized by the user, the operating system and the model of the computer or mobile device.
- The website from which the user accesses our website.
3 For what purposes do we process your personal data?
We use this information to track and resolve technical issues, troubleshoot problems, prevent attacks on our infrastructure, support analysis in the event of hacker attacks, and compile visitor statistics for our website. We do not use this data for direct marketing, profiling or automated individual decision making.
4 What are the legal bases on which we process your personal data?
If the GDPR is applicable to the processing of your personal data, we must at this point inform you about the so-called legal basis for data processing:
We may process the data as we have a legitimate interest according to Article 6(1)(f) GDPR. This consists of understanding and solving technical problems, finding errors, averting attacks on our infrastructure, carrying out analyses in the event of a hacker attack and producing visitor statistics.
5 To whom do we disclose your personal data?
We disclose personal data to data processors who process personal data on our behalf, in particular IT service providers.
6 Do we transfer your personal data to third countries?
All our data processors (e.g. IT service providers) process personal data in Switzerland. The Swiss Data Protection Act offers an appropriate level of data protection. The European Commission’s adequacy decision can be found here.
Finally, the transfer to third countries in the context of the use of social plugins is reserved (see Section 2.1). Both Google and LinkedIn are covered by the so-called Privacy Shield and thus offer an appropriate level of data protection in accordance with the GDPR and Article 6(1) of the Swiss Data Protection Act. You can find the European Commission’s adequacy decision here, the guide to the Privacy Shield of the Federal Data Protection and Information Commissioner here (in German only).
7 How long do we store your personal data?
The data will remain on our systems until the operational necessity ceases and the statutory or contractual deadlines expire and will then be deleted automatically.
8 Do I have to provide my personal data?
9 What are your rights as a data subject in the European Union?
If your personal data is processed and the GDPR is applicable, you have the following rights towards us:
- Right of access. You have the right to obtain a confirmation as to whether personal data concerning you is being processed.
If this is the case, you can request access to the personal data and the following information:
(1) the purposes of the processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
(4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from you, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may be required to be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with the transmission.
- Right to rectification. You have the right to obtain the rectification of inaccurate personal data. We must effect the rectification without delay.
- Right to restriction of processing. You have the right to obtain restriction of processing where one of the following applies:
(1) you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
(2) the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; or
(4) you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override those of you.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
We will inform you if we lift any restriction on data processing you have obtained according to the above conditions.
- Right to erasure. You have the right to obtain the erasure of personal data without undue delay and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) the data subject objects to the processing and there are no overriding legitimate grounds for the processing; or
(3) the personal data have been unlawfully processed.
The right to erasure does not apply to the extent processing is necessary for the establishment, exercise or defense of legal claims.
- Right to notification. If you have exercised your right of rectification, erasure or restriction, we shall communicate such rectification, erasure of data or restriction of processing to each recipient to whom personal data have been disclosed, unless this proves impossible or involves disproportionate efforts.
- Right to object. You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on the legal basis of legitimate interest.
We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
- Right to lodge a complaint with the supervisory authority. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. A list of supervisory authorities can be found here.