Adresta AG (Bahnhofplatz 2, 8001 Zurich, Switzerland, e-mail: firstname.lastname@example.org is controller ("Controller" and "Adresta") in the sense of article 4 para. 7 GDPR.
The terms “We”, “Us” and ”Our” mean Adresta. The terms “You” and “Your” refer to you, as a user or visitor of Our Platform provided services. The term Personal Data refers to all information relating to an identified or identifiable natural person (hereinafter referred to as "Data Subject"); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics ex-pressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, as set out in article 4 para. 1 GDPR. In addition, personal data subject to the Swiss Federal Act on Data Protection ("FADP") comprises data of le-gal persons. We treat all Personal Data confidentially.
The server, the App is communicating with, stores information in so-called log files au-tomatically. This applies to information automatically transmitted by the App, as follows: type of mobile device, operating system in use, technical information about the device in use, date and time of the request. This happens based on article 6 para. 1 lit. b GDPR, that regulates the lawfulness of processing when it is necessary for the performance of a contract or in order to take steps prior to entering into a contract.
Any processing of data requires a legal basis. If the processing is necessary for the per-formance of a contract to which the Data Subject is a party, or for the implementation of pre-contractual measures taken at the request of the Data Subject, the processing may be based on article 6 para. 1 lit. b GDPR. If the processing is necessary to safeguard the legitimate interests of the Controller or a third party, provided that the interests or fundamental rights and freedoms of the Data Subject, which require the protection of Personal Data, do not prevail, it can be based on article 6 para. 1 lit. f GDPR.
We process Your Personal Data for the following purposes:
We also process data that cannot be assigned to any person. These are data that do not personally identify You, including anonymous information and aggregated data. This in-formation helps Us to better understand how Our visitors use the services, to analyse demographics, interests and behaviours of Our visitors, to improve the services, to pro-vide customized services and information to visitors, and similar purposes.
If You contact Us to provide feedback, register a complaint, or ask a question, We will record any Personal Data and other content that You provide in Your communication so that We can effectively respond to Your communication. We reserve the right to use this information in any manner permitted by law, to respond to Your communication. The pro-cessing of Your Personal Data for feedback processing is based on article 6 para. 1 lit. f GDPR.
When You use the services, We receive and store certain information which may include Your Personal Data, regarding Your use of the services. Examples include IP addresses, browser types, domain names, and other statistical data regarding Your use of the ser-vices. We may use this data in a way that does not disclose any of Your personally identi-fiable information, including, but not limited to, for purposes of developing new product and service offerings.
We may disclose Your Personal Data for the following purposes:
a) Legal obligation We may disclose Your Personal Data in response to a request for information if We be-lieve such disclosure is in accordance with any applicable law, regulation or legal pro-cess, or as otherwise required by any applicable law, rule or regulation. The legal basis for processing to fulfil a legal obligation is article 6 para. 1 lit. c GDPR.
b) Violation of terms of services
c) Disclosure within the company
If necessary, We transmit Personal Data to other parts of the company, e.g. for billing purposes. In this case, the transfer is based on article 6 para. 1 lit. f GDPR.
We take commercially reasonable steps to protect Your Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We use up to date TLS-encryption that Your systems support when transmitting data via Our systems. However, a complete protection of data against access by third parties is not possible. We cannot guarantee that all Internet or e-mail transmission is fully secure or free of errors. We also use suitable technical and organisational security measures to protect Your Personal Da-ta against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments. Nevertheless, We cannot guarantee their abso-lute security and We therefore cannot be held liable for intercepted information sent via the Internet or for third parties using revoked, stolen, forged, or otherwise insecure cer-tificates. You should therefore take special care in deciding which information You send Us by e-mail and keep this in mind by disclosing any Personal Data to Us or to any other party via Internet.
We store Your Personal Data for as long as it is necessary for the respective purpose for which it was collected, in particular to fulfil contractual and legal obligations, such as statutory retention periods, or until You revoke Your consent in the processing of Per-sonal Data. We may in any event retain and use such Personal Data as necessary to maintain accurate accounting, financial and other operational records, resolve disputes, and enforce the rights connected to the use of the Platform. The Personal Data will be deleted at the latest within one month after the respective purpose no longer applies.
As a responsible company, We refrain from automatic decision-making or profiling.
Adresta AG, August 2020, Version 1.1