Privacy Policy ImageWare AG
This privacy statement informs you in the context of the EU General Data Protection Regulation (GDPR) about how we at ImageWare AG handle your personal data and explains the handling of personal data on the website www.imageware.ch. In addition, you will see important information about your rights in connection with your personal data.
1
Name and address of controller
1.1
For the purpose of the GDPR, controllers are:
ImageWare AG
Papiermühlestrasse 159
3063 Ittigen
Telefon: +41 31 925 30 31
Email:
info@imageware.ch
1.2
Point of contact for privacy issues
We are happy to help you with privacy concerns via the following address:
Email: privacy@imageware.ch
2
General information about data processing
2.1
Scope of personal data processing
Our approach is essentially to process personal data only to the extent that is necessary for the provision of our services. Personal data are generally processed only with the consent of the user. An exception applies in cases in which there are practical reasons why prior consent cannot be obtained, and the law permits processing of the data.
3
Regulations governing the processing of personal data
3.1
Legal regulations
The legal regulation which governs obtaining a data subject’s consent for the processing of their
personal data is Art. 6 (1) a of the EU General Data Protection Regulation (GDPR). The legal regulation that governs the processing of personal data necessary for the fulfilment of a
contract to which the data subject is a party is Art. 6 (1) b of the GDPR. This also applies to
processing operations that are required for pre-contractual formalities. In cases where personal data must be processed to fulfil a legal obligation to which our company
is subject, the applicable legal regulation is Art. 6 (1) c of the GDPR. In the event that vital interests of the data subject or another natural person require personal
data to be processed, the applicable legal regulation is Art. 6 (1) d of the GDPR.If processing is necessary to safeguard the legitimate interests of our company or of a third party, and where the data subject’s own interests, fundamental rights and freedoms do not prevail over the aforementioned interests, the applicable legal regulation is Art. 6 (1) f of the
GDPR.
3.2
Data deletion and storage duration
Data subjects’ personal data will be deleted or locked as soon as the purpose of the storage is
satisfied. In addition, such storage may be provided for by the European or national legislator in
EU regulations, laws or other regulations to which the controller is subject. Data are also deleted
or locked when a storage period prescribed by the specified standards expires, unless there is a
need for further storage of the data in order to complete or fulfil a contract.
3.3
Disclosure to third parties
We transfer your personal data to third parties only where necessary for the fulfilment of contracts with your company. The legal regulation governing the data transmission is Art. 6 (1) b of the GDPR.
An exception to this is the use of Google Maps. Data is transmitted to Google Inc. See section 8.
4
Provision of the website www.imageware.ch
4.1
Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from
the remote computer system in question.
The following data are collected:
- The user’s IP address
- Date and time of access
- Pages visited on our website
The data are stored in log files on our system independently from other personal data belonging
to the user.
4.2
Legal regulations of data processing
The legal regulation governing the temporary storage of data and log files is Art. 6 (1) f of the GDPR.
4.3
Purpose of data processing
Data is stored in log files for purposes of website functionality. In addition, these data are used to optimize the website and to ensure the security of our information technology systems. Data collected in this way are not used for marketing purposes.
4.4
Storage duration
In the case of storing the data in log files, this is the case after no more than seven days. A
longer storage duration is possible. In this case, the IP addresses of the users are deleted or
anonymized, so that an assignment of the calling client is no longer possible.
4.5
Objection and right to delete
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
5
Use of Cookies on www.imageware.ch
5.1
Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in and read from the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is visited again.
We use cookies to make our website more user-friendly. Some aspects of our website require the visiting browser to be re-identified following a page change.
In addition, we use cookies on our website that allow us to analyze users’ browsing behavior.
To this end, the following data may be transmitted:
- Language settings
- Security token
- Visited pages
When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to this privacy policy.
Our website also uses cookies from Google Analytics, a web analytics service provided by Google Inc. (“Google”). The information generated by these cookies about your use of this website is usually transmitted to a Google server in the United States and stored there. However, in the event of activation of IP anonymization on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator.
In this context, we refer to the privacy policy of Google: https://policies.google.com/privacy
5.2
Legal regulations governing data processing
The legal regulation which governs the processing of personal data via cookies is Art. 6 (1) f of the GDPR.
The data collected with the analytics cookies on our website may be stored by Google Inc. in the United States. Google is certified under the “EU-US Privacy Shield policy”: http://www.privacyshield.gov/welcome
5.3
Purpose of data processing
The purpose of using cookies, which are essential from a technical point of view, is to make
websites easier for users to use. Some features of our website cannot be offered without the use
of cookies. Such features require the browser to be re-identified after changing pages.
User data collected through technically required cookies will not be used to create user profiles.
Cookies are also used for analysis purposes in order to improve the quality of our website and its contents. We use analysis cookies to discover how the website is used, enabling us to keep improving our service.
5.4
Storage duration, objection and deletion options
Cookies are stored on the user’s computer, and sent to us from there. This means that as a user,
you have full control over the use of cookies. By changing the settings in your internet browser,
you can disable or restrict the sending of cookies. Cookies that have already been saved can be
deleted at any time. This action can also be performed automatically. If cookies are disabled for
our website, it may not be possible to use all the functions of the website to their full extent.
You also have the option of opting out of the use of Google Inc. analysis cookies by installing the browser add-on available via the following link: https://tools.google.com/dlpage/gaoptout
6
Registration on www.imageware.ch
6.1
Description and scope of data processing
Our website offers users the opportunity to register by providing personal information. The data are entered via an input screen, and are then sent to us and stored. No data are transferred to third parties. The following data may be provided by you during the registration process:
- First name and surname
- Address
- Postcode
- City
- Country
- Email address
- Company name
- Telephone
- Nationality
6.2
Legal regulations governing data processing
The legal regulations which govern the temporary storage of data are Art. 6 (1) f of the GDPR
and, in cases where registration establishes a business relationship between your company and
ImageWare AG, Art. 6 (1) b of the GDPR.
6.3
Purpose of data processing
User registration is required to fulfil a contract with the user or to carry out pre-contractual measures.
6.4
Storage duration
The data will be deleted as soon as they are no longer required to achieve the purpose of their collection.
6.5
Objection and right to delete
As a user, you have the option of cancelling the registration at any time. You can change the data stored about you at any time
Please contact privacy@imageware.ch
If the data are required to fulfil a contract or complete pre-contractual formalities, those data may only be deleted ahead of schedule if not prevented by contractual or legal obligations.
7
Newsletter
7.1
Description and scope of data processing
If you subscribe to a newsletter from us, we analyze your interactions with the content provided. We will ask for your consent beforehand. The following data are recorded:
- Has the newsletter been delivered
- Time of opening
- Which hyperlinks were clicked
7.2
Legal regulations governing data processing
The legal regulation which governs the processing of personal data is Article 6 (1) f of the GDPR.
7.3
Purpose of data processing
Your interactions are recorded for the purpose of improving the quality of our newsletters and their content. Through the analysis, we learn how our newsletters are used, enabling us to keep improving our service.
7.4
Storage duration
The data will be deleted as soon as they are no longer required to achieve the purpose of their collection.
7.5
Objection and right to delete
You can unsubscribe from our newsletter at any time by clicking on the corresponding link. Your personal data will then be deleted from our directory without delay, if these data are not required to fulfill a contract or to carry out pre-contractual measures, in which case the data may only be deleted ahead of schedule if not prevented by contractual or legal obligations.
8
Integration of Google Maps
8.1
Description and scope of data processing
We use the plugin of Google Maps on this website. This allows us to show you interactive maps directly within our website, allowing you to conveniently use the map feature.
Google receives the information that you have accessed the corresponding sub-page of our website and the following data is transmitted to Google:
- IP address
- Date and time of the request
- Requested content (concrete page)
- Access status / HTTP status code
- Transmitted amount of data
- Requesting website
- Browser
- Operating system
- Language and version of the browser
This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log from your account. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or tailor-made website design. Such an analysis is done in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of this user profile. To exercise your right, you must contact google directly.
8.2
Legal regulations governing data processing
The legal regulation which governs the processing of personal data is Article 6 (1) f of the GDPR.
8.3
Purpose of data processing
To offer you this interactive feature, we use the functionality provided by Google.
8.4
Storage duration, objection and right to delete
For more information on the purpose and scope of the data collection and its processing by the
plug-in provider, please refer to the provider's privacy policy. There you will also find further
information about your rights and settings options for the protection of your privacy:
https://policies.google.com/privacy
9
Rights of the person concerned
In cases where personal data relating to you are being processed, you are the data subject within the meaning of the GDPR and you have the following rights in respect of the controller:
9.1
Right of information
You may ask the controller to confirm whether we are processing personal data concerning you.
If such processing is taking place, you can request that the controller supply the following information:
- The purposes for which the personal data are being processed;
- The categories of personal data being processed;
- The recipients, or categories of recipients, to whom the personal data relating to you have been disclosed or are still being disclosed;
- The planned duration of storage of your personal data or, if specific information is not available, the criteria for determining the duration of storage;
- The applicability of the following rights: the right to correct or delete any personal data relating to you, the right of restriction of processing by the controller, or the right of appeal against such processing;
- The applicability of a right of appeal to a supervisory authority;
- All available information on the source of the data if the personal data has not been collected from the data subject;
- The use of automated decision-making processes, including profiling under the meaning of Art. 22 (1) and (4) of the GSGVO (GDPR) and - in these cases at least - meaningful information about the decision-making logic involved, as well as the scope and intended impact of such processing on the data subject.
- You have the right to request information about whether your personal information is being transferred to a third-party country or an international organization. In this respect, you can request the appropriate guarantees in accordance with. Art. 46 of the GDPR in connection with the transfer.
9.2
Right to rectification
You have a right to require the controller to correct and/or add to your data if the personal data relating to you are incorrect or incomplete. The controller must make the correction without delay.
9.3
Right of restriction of processing
You may request a restriction of processing of your personal data under the following circumstances:
- Should you contest the accuracy of your personal information, for a period of time that enables the controller to verify the accuracy of your personal data;
- The use being made of the data is unlawful and you decline the option of the deletion of your personal data, demanding instead that the use of that personal data be restricted;
- The controller no longer requires the personal data for processing purposes, but you require those data in order to assert, exercise or defend legal claims, or
- If you objected to the processing of the data under the terms of Art. 21 (1) of the GDPR, and it has not yet been established whether the controller is legitimate reasons for use outweigh your own reasons.
In the event that the processing of personal data concerning you has been restricted, such data may be used only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been applied in accordance with the above conditions, the controller will inform you before the restriction is lifted.
9.4
Right of deletion
a) Deletion responsibilities
You may require the controller to delete your personal information immediately, and the controller is required to delete that information immediately if any of the following reasons apply:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent to the processing in accordance with Art. 6 (1) a or Art. 9 (2) a of the GDPR, and there is no other legal justification for the processing.
- You raise an objection to the processing in accordance with Art. 21 (1) of the GDPR, and there are no prior justifiable reasons for the processing, or you raise an objection to processing in accordance with Art. 21 (2) of the GDPR.
- Your personal data have been processed unlawfully.
- The personal data concerning you are required to be deleted in order to fulfil a legal obligation under Union law, or the law of the Member States to which the controller is subject.
- The personal data relating to you were collected in relation to information society services offered pursuant to Art. 8 (1) of the GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and is required to delete those data in accordance with Article 17 (1) of the GDPR, it must, with due regard to available technology and implementation costs, take appropriate measures, including those of a technical nature, to inform controllers who process the personal data that you, as a data subject, have requested the deletion of all links to such personal data or of copies or replications of such personal data.
c) Exceptions
The right to deletion does not apply if processing is necessary
- In the interests of the right to freedom of expression and information;
- To fulfil a legal obligation required by the law of the Union of Member States, or of Switzerland, to which the controller is subject, or to carry out a task in the public interest or in the exercise of public authority which has been delegated to the controller;
- For reasons of public interest in the field of public health pursuant to Art. 9 (2) h and i and Art. 9 (3) of the GDPR;
- For archival purposes of public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) of the GDPR, to the extent that the law referred to in subparagraph (a) is likely to prevent or seriously impair the achievement of the objectives of that processing operation, or
- To assert, exercise or defend legal claims.
9.5
Right of information
If you have approached the controller to exercise your right of data rectification, deletion or restriction, that controller is obliged to notify all recipients to whom your personal data have been disclosed of this data rectification, deletion or restriction, unless this task proves to be impossible or involves a disproportionate effort.
You have a right to require the controller to inform you about such recipients.
9.6
Right of data transferability
You have the right to receive personally identifiable information you have provided to the controller in a structured, standard and machine-readable format. You also have the right to transfer these data to another person without hindrance by the controller to whom the personal data was supplied, provided that
- The processing is based on consent in accordance with Art. 6 (1) a of the GDPR or Art. 9 (2) of the GDPR or on a contract in accordance with Art. 6 (1) b of the GDPR, and
- The processing is performed using automated procedures.
In exercising this right, you also have the right to ensure that the personal data relating to you are transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected through this action.
The right of data portability does not apply in the case of processing personal data necessary to carry out a task in the public interest or in the exercise of public authority which has been delegated to the controller.
9.7
Objection rights
You have the right at any time, for reasons relating to your own particular situation, to raise an objection against any processing of your personal data in accordance with Art. 6 (1) e or f of the GDPR; this also applies to profiling based on such provisions.
The controller will no longer be entitled to process the personal data concerning you unless it can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or where the purpose of the processing is to enforce, exercise or defend legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling to the extent that it is associated with such direct mail.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, you have the option, within the context of the use of information society services, of exercising your right to object by means of automated procedures that use technical specifications.
9.8
Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. Revocation of this consent does not affect the legality of any processing carried out subject to that consent until your revocation.
9.9
Automated decision in individual cases, including profiling
You have the right not to have any decision made against you which is based solely on automated processing, including profiling, where that decision will have legal consequences for you, or affect you in a similar manner. This does not apply if the decision:
- Is required for the purposes of concluding or fulfilling a contract between you and the controller,
- Is permitted under Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
- Is taken with your express consent.
However, these decisions must not be based on special categories of personal data as defined in
Art. 9 (1) of the GDPR, unless Art. 9 (2) a or g of the GDPR applies and appropriate measures
have been taken to protect the relevant rights and freedoms and your own legitimate interests.
With regard to the cases mentioned in (1) and (3), the controller must take appropriate measures
to uphold these rights and freedoms and their legitimate interests, including, at a minimum, the
controller's right to secure the intervention of a person, the right to express his/her own position
and the right to challenge the decision.
9.10
Right of complaint to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your place of residence or employment, or the place of the alleged infringement, if you believe that the processing of the personal data concerning you is in violation of the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the appeal's status and outcome, including the option of a judicial remedy pursuant to Article 78 of the GDPR.