Login

KYC WEBSITE

POLICY

KYC WEBSITE POLICY

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws and regulations that determine the purposes and means of processing personal data is:

KYC Spider AG
Gubelstrasse 11
6300 Zug

The data protection officer / data protection coordinator of the controller can be contacted at:

Telephone Number: 041 726 99 69 
E-Mail-Address: contact@kyc.ch

II. General Information regarding the Processing of Personal Data

1.Scope of processing of personal data

We only process personal data if this is necessary to provide a functional website as well as our contents and services. The processing of our users' personal data is normally only carried out with your prior consent, except those cases where prior consent cannot be obtained for factual reasons and the processing of personal data is permitted by law.

2. Legal basis for processing of personal data

If the data subject has given his/her consent to the processing of personal data, art. 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing.

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, art. 6 (1) (b) GDPR serves as the legal basis for the processing. This also applies to processing operations that are necessary to carry out precontractual measures.

If the processing of personal data is necessary for compliance with legal obligation to which our company is subject, art. 6 (1) (c) GDPR serves as the legal basis for the processing.

If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, article 6 (1) (d) GDPR serves as the legal basis for the processing.

If the processing of personal data is necessary for the purposes of the legitimate interests pursued by our company or a third party and where such interests are not overridden by the interests, fundamental rights and freedoms of the data subject which require protection of personal data, art. 6 (1) (f) GDPR serves as the legal basis for the processing. 

The erasure and storage of personal data

The personal data of the data subject will be erased or blocked as soon as it is no longer necessary in relation of the purpose of storage. Furthermore, personal data may be stored if this has been required by regulations, laws or other provisions to which our company is subject. The personal data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

III. Provision of the website and creation of log files

1. Description and scope of processing of personal data

Every time you visit our website, our system automatically collects following data and information from the computer system of the calling computer:

  1. The user’s IP address
  2. Information relating to the browser type and version used
  3. The user's operating system
  4. Date and time of access
  5. Websites from which the user's system reaches our website

The data is also stored in the log files of our system but is not stored together with other personal data of the user.

If you do not agree to the storage and data processing, the IP address will be stored anonymized only and therefore a person is not identifiable.

2. Legal basis for processing

The legal basis for the temporary storage of personal data and log files is art. 6 (1) (f) GDPR.

3. Purposes of processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this, the IP address must remain stored for the duration of the session.

The personal data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. The data collected is used for statistical purposes and to improve the website only. However, the website operator reserves the right to subsequently check the server log files if there are concrete indications of illegal use.

These purposes represent also our legitimate interest in data processing within the meaning of art. 6 (1) (f) GDPR.

4. Period of storage

The personal data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected.

If the personal data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or anonymized so that the calling client can no longer be assigned.

5. Possibility of objection and erasure

The collection of personal data for the provision of our website and the storage of personal data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection.

IV. Use of Cookies

1. Description and scope of processing of personal data

Our website uses cookies. Cookies are information files which your web browser automatically saves on the hard disk of your computer when you visit our webpages. If you visit a website, a cookie may be stored on your operating system. This cookie contains a characteristic sequence of characters that enables a unique identification of the browser when the website is visited again.

We use cookies to make our website more user friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data, among others, is stored and transmitted in the cookies:

  1. Language settings
  2. Domain
  3. Log-in information
  4. All data entered on our contact forms

We also use cookies on our website which enable an analysis of the user's surfing behaviour.

In this context the following data, among others, can be transmitted:

  1. Entered search terms
  2. Frequency of page views
  3. Use of website functions

We also use cookies for «Social Networking». These cookies are used to share pages and content from our website, which are interesting for you, with third parties or other websites via social networks.

When accessing our website for the first time, a disclaimer will be showed to accept or reject the use of cookies and the related usage of personal data. In the event of rejection, no personal data will be collected or stored. In this case the technically necessary cookies will be executed only. In this regard, reference is also made to this privacy policy.

Our website is hosted by Hubspot (Hubspot, (Headquarters) 25 First Street, 2nd Floor, Cambridge, MA 02141, United States). The stored cookies are therefore passed on to third parties (see VIII below for further information on third parties). For more information regarding Hubspot/Cookies, please see for example: https://legal.hubspot.com/cookie-policy and https://know-ledge.hubspot.com/articles/kcs_article/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser.

2. Legal basis for processing

The legal basis for the processing of personal data using technically necessary cookies is art. 6 (1) (f) GDPR.

The legal basis for the processing of personal data using cookies for analytical purposes and using cookies for «Social Networking» is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

3. Purpose of processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these functions concerned it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

  1. Shopping basket
  2. Accepting language and website settings
  3. Remembering search terms
  4. Contact forms

The user data collected by technically necessary cookies are not used to create user profiles.

The analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer.

These purposes represent also our legitimate interest to process personal data within the meaning of art. 6 (1) (f) GDPR.

In addition, the cookies for «Social Networking» are used for advertising purposes.

4. Period of storage, possibility of objection and erasure

Cookies are stored on the user's computer and transmitted to our site. Therefore, your internet browser should allow you to control the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

A possible storage and transmission of Flash cookies cannot be prevented by the browser settings, but by changes to the Flash Player settings.

V. Newsletter / Blog

1. Description and scope of processing of personal data

You can subscribe to a free newsletter as well as a blog on our website. When registering, the data from the input mask is transmitted to us.

Among others, the following data is collected upon registration:

  1. Salutation
  2. Family name and first name
  3. E-Mail address
  4. Organisation
  5. All data indicated in the registration form

During the registration process, your consent is obtained for the processing of the data and reference is made to this privacy policy. The data will be used exclusively for sending the newsletter/blog-messages.

To ensure that the registered person has requested the newsletter/blog, a verification e-mail (double opt-in) will be sent. With this received link in the e-mail the registration has to be confirmed

2. Legal basis for processing

The legal basis for the processing of personal data after registration for the newsletter/blog, in the presence of the user’s consent, is art. 6 (1) (a) GDPR.

3. Purpose of processing

The collection of the user's e-mail address serves to send the newsletter/blog-messages. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address.

4. Period of storage

The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected. The user's data will therefore be stored for as long as the subscription to the newsletter/blog is active. Accordingly, all data will be deleted from our system for all types of communication after unsubscribing.

5. Possibility of objection and erasure

The subscription to the newsletter/blog can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter/blog-message. This also makes it possible to withdraw the consent to the storage of personal data collected during the registration process.

VI. Registration (Test Account / Abonnement)

1. Description and scope of processing of personal data

On our website, we offer users the opportunity to register for a test account or completing a subscription by providing personal data. These options are via our platform and not the website. As soon as you select one these options on our website, you will be redirected directly to our platform. The processing of all personal data in connection with the registration / usage of a test account or subscription is based on the principles of our privacy policy for the platform, which is available under the following link: [Platform Policy].

VII. Contact form and e-mail contact

1. Description and scope of processing of personal data

There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this possibility, the following data entered in the contact form will be transmitted to us and will be stored:

  1. Salutation
  2. Family name and first name
  3. E-Mail address
  4. Phone number
  5. Message-box
  6. Selection regarding contact
  7. Other data inquired in the form

At the time the message is sent, the date and time of the transmission will be stored as well.

Your consent is obtained for the processing of the personal data within the scope of the sending process and reference is made to this privacy policy. Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.

In this context, the personal data will not be transmitted to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for processing

The legal basis for the processing of data is art. 6 (1) (a) GDPR if the user has given his consent.

The legal basis for the processing of personal data transmitted in the course of sending an e-mail is art. 6 (1) (f) GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is art. 6 (1) (b) GDPR.

3. Purpose of processing

The processing of personal data from the contact form serves us only for the treatment of the establishment of contact. The personal data collected in the course of sending an e-mail represent also our legitimate interest in processing of personal data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Period of storage

The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected. Consequently, the personal data from the contact form or the personal data that is sent by e-mail will be erased as soon as the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Possibility of objection and erasure

You have the possibility to withdraw your consent to the processing of personal data concerning you at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In this case, the conversation cannot be continued.

If you wish to withdraw your consent, please inform us in writing (by post or e-mail).

All personal data stored in the course of contacting us will be deleted in this case.

VIII. Cooperation with Third Parties

For the operation of our website we use, among others, the following third-party providers:

HubSpot

1. Scope of processing of personal data

All data and cookies mentioned above are shared with Hubspot. Hubspot is our website hoster. In addition, we use Hubspot as our customer relationship management system (CRM) and inbound marketing system.

2. Legal basis of processing

The legal basis for processing users' personal data is art. 6 (1) (a) resp. (f) GDPR (please see items III and IV above).

3. Purpose of processing

The processing of users' personal data enables us to analyze the surfing behavior of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user friendliness. For these purposes, it is also in our legitimate interest to process the personal data within the meaning of art. 6 (1) (f) GDPR. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.

4. Period of storage

The data will be deleted as soon as it is no longer needed for our recording purposes.

5. Possibility ob objection and erasure

Cookies are saved on the user's computer and transmitted to us. Therefore, your Internet browsers should allow you to control the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated, it may no longer be possible to use all functions of our website in full.

For the usage and storage of the remaining data we obtain your consent (descriptions above).

Information about the third-party Hubspot:

Address:
Hubspot (Headquarters) 25 First Street, 2nd Floor, Cambridge, MA 02141, United States

Description regarding Cookies and Privacy Policy:

https://legal.hubspot.com/privacy-policy?_ga=2.24711800.313185516.1545026838-191162758.1544774747

https://knowledge.hubspot.com/articles/kcs_article/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser

Google AdWords 

1. Scope of processing of personal data

We are using Google AdWords on our website, a web analysis service of Google Inc. ("Google"). Google AdWords is used to measure the success of our advertising, i.e. we register whether the products displayed with advertising were purchased or not. These analyses are made with stored keywords, your search requests and cookies.

Please find here more information about Google AdWords:
https://support.google.com/google-ads/answer/7521212?hl=de

If you reach our website via advertising, the following data, among other, will be stored (anonym):

  1. The searched words
  2. Information about the advertisement with which the user reached our website
  3. The frequency of choosing our website
  4. The above mentioned data regarding cookies

2. Legal basis of processing

The legal basis for processing users' personal data is art. 6 (1) (a) GDPR.

3. Purpose of processing

The data will be deleted as soon as it is no longer needed for our recording purposes.

4. Period of storage

The data will be deleted as soon as it is no longer needed for our recording purposes.

5. Possibility ob objection and erasure

Cookies are saved on the user's computer and transmitted to us. Therefore, your Internet browsers should allow you to control the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated, it may no longer be possible to use all functions of our website in full.

Information about the third-party Google:

Address:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Terms and Conditions:

https://policies.google.com/terms?hl=de&gl=de

Privacy Policy:

https://policies.google.com/privacy?hl=de&gl=de

Mailgun


1. Scope of processing of personal data

For the sending of our newsletter we use the services of Mailgun Technologies, Inc. which helps us to ensure efficient processing of efficient processing and mailing. For this purpose, the above mentioned data (item V) will be stored.

Please see more information about Mailgun under the following link:
https://www.mailgun.com/sending-email

2. Legal basis of processing, Purpose of processing, Period of storage and Possibility of objection and erasure

Reference is made to the above mentioned item V.

Information about the third-party Mailgun Technologies, Inc.:

Adress:
Mailgun Technologies, Inc., 548 Market St. #43099, San Francisco, CA 94104
Mailgun Technologies, Inc., 112 E. Pecan St. #1135, San Antonio, TX 78205
Mailgun Technologies, Inc., 701 Brazos St, Austin, TX 78701

Website:
www.mailgun.com

Terms and Conditions:

https://www.mailgun.com/terms

Information about data protection and Privacy Policy:

https://www.mailgun.com/gdpr  
https://www.mailgun.com/privacy-policy

 

IX. Rights of the data subject

If personal data concerning you are processed, you are a data subject within the meaning of the GDPR and you have the following rights:

1. Right of access

You can ask the controller to confirm whether personal data concerning you is being processed by us.

Is that the case, you can request the following information from the controller:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data has been or will be disclosed;
  4. the envisaged period for which the personal data will be stored, or, if specific information on this is not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning you or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data is not collected from you, any available information as to their source;
  8. the existence of automated decision-making, including profiling, in accordance with art. 22 (1) and (4) GDPR and - at least in those cases - meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to art. 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to obtain from the controller the rectification and/or completion of incorrect or incomplete personal data concerning you. The controller shall make the correction/completion without delay.

3. Right to restriction of processing

Under the following conditions, you have the right to request the restriction of processing of personal data concerning you:

  1. the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful, and you refuse the erasure of the personal data and request the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
  4. you have objected to processing pursuant to art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override those of you.

Where processing of personal data concerning you has been restricted, such personal data may only be processed – with the exception of storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

If the processing restriction has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

4.1 Obligation to erase

You have the right to obtain from the controller the erasure of personal data concerning you and the controller is obliged to erase personal data without undue delay where one of the following grounds applies:

  1. the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
  2. you withdraw consent on which the processing is based pursuant to art. 6 (1) (a) or art. 9 (2) (a) GDPR, and where there is no other legal basis for the processing;
  3. you file an objection to the processing pursuant to art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you file an objection to the processing pursuant to art. 21 (2) GDPR;
  4. the personal data concerning you has been unlawfully processed ;
  5. the deletion of personal data concerning you is necessary to fulfil a legal obligation in Union or Member State law to which the data controller is subject ;
  6. the personal data concerning you was collected in relation to the offer of information society services referred to in art. 8 (1) GDPR.

4.2 Information to third parties

Where the controller has made the personal data public and is obliged pursuant to art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, the personal data.

4.3 Exceptions

The right to erasure shall not apply to the extent that processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller ;
  3. for reasons of public interest in the area of public health in accordance with art. 9 (2) (h) and (i) and art. 9 (3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with art. 89 (1) GDPR, insofar as the right referred to in a) is likely to render it impossible or seriously impair the achievement of the objectives of that processing ; or
  5. for the establishment, exercise or defence of legal claims.

5. Right to information

If you have exercised your right of rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to obtain from the controller the information about those recipients.

6. Right to data portability

You have the right to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit the data to another controller without hindrance from the controller to which the personal data have been provided, where:

  1. the processing is based on consent pursuant to art. 6 (1) (a) GDPR or art. 9 (2) (a) GDPR or on a contract pursuant to art. 6 (1) (b) GDPR ; and
  2. the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others shall not be affected by this.

The right to data portability shall not apply to processing necessary for the performance of a task carried out of a public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.

The data controller no longer processes the personal data concerning you, unless he demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related with such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

You have the possibility to exercise your right of object in the context with the use of information society services, and notwithstanding Directive 2002/58/EC, by automated means using technical specifications.

8. Right to withdraw the consent to process personal data

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

  1. is necessary for the conclusion or performance of a contract between you and the controller,
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to art. 9 para. 1 GDPR, unless art. 9 para. 2 let. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in points a) and c), the controller implements suitable measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to art. 78 GDPR.

X. Amendment of this Privacy Policy

We reserve the right to change this privacy policy at any time without prior notice. We will inform you of any changes by publishing the updated privacy policy on our website. Any changes we make will be effective from the date of publishing on our website.

XI. Validity of Language Version

This agreement is issued and made available to the Parties an English and a German language version. In case of conflict between the English and the German language version of this agreement, the provisions of the German language version shall prevail.

 

ALWAYS UP-TO-DATE!

You receive information on the latest developments on KYC and Compliance in our Newsletter that is emailed every week.

Subscribe

Address

KYC Spider AG
Gubelstrasse 11
CH-6300 Zug