Privacy Policy
Zug Alfa AG
Industriestrasse 24, 6300 Zug
The policy outlines the terms and conditions governing the use of the Company’s services, including user responsibilities, liabilities, and procedures for handling complaints and disputes.
Creator:
JayBee AG
Place and Date:
Zug, 13th October 2024
Executive Committee Approval:
Jürgen Kob
1. Introduction
This Privacy Policy governs the protection of personal data for users of Zug Alfa AG, operating under the brand P8swiss (the “Company”).
Following the introduction of the EU General Data Protection Regulation (EU-GDPR), the Company has additional responsibilities to protect personal data. This includes the obligation to inform users transparently about the nature, scope, purpose, duration, and legal basis of data processing.
The policy is structured into a general section covering all data processing activities and a specific section detailing processing related to particular services, including website visits and related data processing operations.
2. General Terms and Conditions
2.1.Scope of application
This privacy policy outlines how the Company collects, uses, and handles personal data provided by users or collected during the use of our website. It explains the circumstances under which personal data may be disclosed to third parties and informs users about their rights regarding their personal data. This policy is to be read in conjunction with all other legal notices or terms of use available on our website or provided to users in other ways.
2.2.Definitions and abbreviations
The terms as listed beneath shall have the following meanings, based on the definitions provided in Art. 4 of the EU General Data Protection Regulation (EU-GDPR):
| Personal Data | Any information relating to an identified or identifiable natural person, including identifiers like name, ID number, or physical, genetic, or social identity. |
| Processing | Any operation performed on personal data, such as collection, storage, alteration, use, or destruction, whether automated or not. |
| Controller | The person or entity that determines the purposes and means of processing personal data, either alone or jointly with others. |
| Processor | The person or entity that processes personal data on behalf of the controller, following the controller’s instructions. |
| Third Party | Any person or entity other than the data subject, controller, processor, or authorized persons acting under their direct authority, including affiliated entities. |
| Consent | A freely given, specific, informed, and unambiguous indication of the data subject’s wishes to agree to the processing of personal data. |
2.3.Name and address of the data controller
The controller responsible for processing your personal data is the company:
Zug Alfa AG
Industriestrasse 24
6300 Zug
E-Mail address: info@p8swiss.com
You can find further information about the company in the imprint section on the website at www.p8swiss.com.
2.4.Contact details of the data protection officer
For all questions and as the contact person regarding data protection is the data protection officer:
Olivier Richard
Data Protection Officer
Industriestrasse 24, 6300 Zug
E-Mail address: olivier.richard@p8swiss.com
2.5.Legal bases for data processing
Under applicable law, the processing of personal data is generally prohibited unless it meets one of the legal justifications outlined below. These justifications ensure that personal data is processed responsibly and in compliance with data protection regulations:
- Consent: Processing is permitted if the data subject has given their explicit, informed, and voluntary consent for one or more specific purposes. This consent must be unambiguous and may be withdrawn at any time.
- Contractual Necessity: Processing is lawful if it is necessary for the performance of a contract to which the data subject is a party or to take steps requested by the data subject prior to entering into a contract.
- Legal Obligation: Processing is required if it is necessary for the controller to comply with a legal obligation, such as fulfilling statutory retention or reporting requirements.
- Protection of Vital Interests: Processing is justified if it is necessary to protect the vital interests of the data subject or another natural person, such as in emergency medical situations.
- Public Interest or Official Authority: Processing is lawful if it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Legitimate Interests: Processing is permissible if it is necessary to pursue the legitimate interests of the controller or a third party, provided these interests are not overridden by the fundamental rights and freedoms of the data subject, particularly when the data subject is a child.
For each processing activity undertaken by the Company, the applicable legal basis will be explicitly stated. Some processing activities may rely on multiple legal bases to ensure compliance with the requirements of data protection law.
2.6.Data deletion and storage period
The Company retains all processed personal data for the duration of the business relationship with the User and for an additional period of ten (10) years following the termination of such relationship. Processed personal data on website users that do not hold a business relationship with the company will be deleted as soon as the purpose for the storage ceases to apply.
This retention period ensures compliance with legal and regulatory obligations, including statutory retention requirements. After this period, the data will be securely deleted or anonymized, unless further retention is required by law or justified by a legitimate interest, such as ongoing legal proceedings. The Company takes all necessary measures to safeguard the data throughout its retention period in accordance with applicable data protection laws.
2.7.Technical and Organizational Security Measures
The Company employs robust technical and organizational security measures to safeguard personal data from unauthorized access, loss, destruction, or manipulation. These measures, including SSL/TSL encryption for the website, are designed to align with the latest technological advancements and are tailored to the scope, context, and risks associated with data processing. The measures are regularly reviewed and enhanced to ensure the highest level of protection against data breaches. Clients can request additional details about these measures by contacting the Company’s data protection officer.
2.8.Collaboration with processors
To streamline business operations, the Company collaborates with AWS Server as external service providers. These processors operate strictly under the Company’s instructions and are contractually obligated to comply with data protection laws. Any transfer of personal data between the Company and its partners is conducted under existing processing agreements, ensuring the confidentiality and lawful handling of data.
2.9.Data transfer to third countries
The Company may transfer personal data to third-party companies, including those outside the European Economic Area (EEA), to fulfill business obligations or maintain client relationships. Transfers to countries with adequacy decisions by the European Commission ensure equivalent data protection standards. For transfers to other third countries, the Company employs safeguards such as binding corporate rules or standard contractual clauses. Transfers occur only when justified by legal, contractual, or business needs, with detailed information available upon request.
2.10. No Automated Decision-Making
The Company does not utilize automated decision-making or profiling processes for personal data. All decisions involving client data are reviewed and made by authorized personnel, ensuring fairness and transparency.
2.11. Voluntary Provision of Personal Data
Users are not legally required to provide personal data for engaging with the Company’s services. However, certain services may be limited or unavailable if essential data is not provided. Where data provision is necessary for specific services, clients will be informed of such requirements beforehand.
2.12. Legal Obligations for Data Disclosure
In compliance with applicable regulations, the Company may be required to disclose personal data to public authorities or other third parties under specific legal or regulatory obligations. Such disclosures are limited to what is strictly necessary to meet these requirements.
2.13. User rights
Clients have several rights concerning their personal data, including the right to access, rectify, erase, restrict processing, and object to data handling. Additionally, clients can withdraw their consent at any time and lodge complaints with data protection authorities. Requests to exercise these rights must be accompanied by identity verification and are typically addressed within one month, with possible extensions for complex cases.
2.14. Policy Updates
The Privacy Policy is regularly reviewed to reflect changes in data protection laws and technological advancements. Updates will be communicated to clients, with the latest version available on the Company’s website.
3.Visiting the website, social media presence
3.1.Explanation of function
The Company provides information about its services through its website, accessible at www.p8swiss.com, including all associated subpages (collectively referred to as the “website”). Personal data may be collected and processed during your visit to enhance the functionality and user experience of the website.
3.2.Categories of personal data processed
Log data and contact form data may be collected, stored, and processed during the users interaction with the website.
Log data refers to automatically collected and temporarily stored in anonymized form on the web server. This includes the referrer URL (the webpage from which the request originated), the name and URL of the requested page, the date and time of the visit, a description of the browser type, language, and version, the operating system, the shortened IP address to prevent identification, the volume of data transmitted, the success status of the request (HTTP status codes), and the time zone difference from GMT. This data is primarily used for statistical purposes and to ensure the stability and security of the website connection.
Contact form data refers to data collected from personal data provided by the users through forms available on the website, such as name, surname, email address, company affiliation, address, and the time of submission. This information is processed to respond to inquiries, provide requested services, and deliver relevant information. The processing of contact form data ensures effective communication and enhances the user experience.
3.3.Purpose and legal basis of data processing
The Company processes personal data in compliance with applicable data protection laws and strictly within the scope of necessity. Key purposes for processing include facilitating client communication, executing business transactions, conducting statistical analyses, and ensuring the security and stability of systems. Additionally, data is processed to enhance user experiences, detect and prevent fraud or other criminal activities, and comply with legal and supervisory obligations. These activities are essential for maintaining high service standards and protecting the interests of both the Company and its clients.
3.4.Transmission of personal data to third parties; legal basis
The Company may grant access to user’s personal data to certain categories of recipients, primarily those acting as service providers or processors. These include providers responsible for operating the website and managing data stored or transmitted through the systems, such as data centre services, payment processors, and IT security services. Additionally, government agencies or authorities may access your personal data when required to fulfil legal obligations. Such disclosures are conducted with the utmost care to ensure that your information is handled securely and only for the necessary purposes.
Other recipients who may access personal data include professionals and organizations integral to the Company’s business operations. These may include auditors, banks, insurance companies, legal advisors, supervisory authorities, and entities involved in corporate transactions such as acquisitions or joint ventures. Furthermore, the Company ensures an adequate level of data protection when transferring data to third countries, as outlined in the relevant policies. Personal data will only be disclosed to third parties beyond these scenarios with your explicit consent.
3.5.Use of Cookies, Plugins, and other services on our website
1.1.1.Cookies:
Cookies are used on the website to enhance the user experience. These are small text files stored on the user’s device, which are assigned by the browser. They help in transmitting certain information to the company, without posing any risk, as they cannot run programs or transfer viruses. Cookies are typically used to make online browsing more user-friendly and effective. Some cookies allow recognition of the device used, while others may only contain non-personally identifiable settings. There are two main types of cookies: session cookies, which are deleted once the browser is closed, and persistent cookies, which remain on the user’s device beyond the current session.
Explicit consent is required for the use of non-essential cookies, such as advertising, targeting, or sharing cookies. In addition, personal data processed through cookies is disclosed to third parties only with the user’s consent. Persistent cookies can be stored for up to two years unless otherwise specified. Cookie can be adjusted through the browser settings, the limitation of cookies might limit some website functions.
1.1.2.Social Media Plugins:
The website does not use any social media plugins. However, it may include social media provider symbols (such as Twitter, LinkedIn, or XING) for passive linking, which do not establish a direct connection between the browser and the provider’s server. The responsibility for the data protection-compliant operation of the respective social media pages lies with the social media provider.
4.Contact by email
Users have the option to contact the company via email and are solely responsible for the information and/or content provided. Transmission of confidential data is not recommended. Personal data will only be collected if voluntarily provided. In such cases, the user is solely responsible for the data transmitted. The answer of inquiries posed by users, may require additional information, such as phone number or email address. The processing of personal data can be objected by the user at any time.