Home

Jobs

Media

Contact

Our website uses cookies to provide you with personalized content and for site analysis. If you continue to use the site without choosing your preference, we'll assume that you're fine with cookies.

Privacy Policy

Version August 2023

of

Inacta AG

Gotthardstrasse 26, 6300 Zug 

 

1 Introduction

This privacy policy provides information about the processing of your personal data (hereinafter also referred to as "DATA") by Inacta AG (hereinafter also referred to as "Inacta", "RESPONSIBLE", "us" or "we").

The protection of your DATA is of great importance to us, which is why the processing of DATA is carried out in accordance with the applicable data protection laws such as the EU General Data Protection Regulation (hereinafter abbreviated to "GDPR") and the revised Federal Data Protection Act of 19 June 1992 (hereinafter abbreviated to "FDPA"). This privacy policy is based on the terminology used in the GDPR and the FDPA (hereinafter also "APPLICABLE DATA PROTECTION LAW") and is guided by their provisions.

Inacta is also responsible for requests and concerns from persons residing outside of Switzerland regarding the processing of your DATA.

 

2 Who is responsible for data protection and whom can you contact? 

DATA CONTROLLER is responsible for the processing of personal data:

For Switzerland and outside Switzerland:

Inacta AG

Data Protection Officer

AlpinumLaw AG 

 

3 For what purposes do we use your data? 

3.1 Use when visiting the website  

When accessing our website, your internet browser automatically transmits DATA for technical reasons, even during purely informative use or viewing of the website, in order to ensure correct display as well as stability and security.

The following DATA are stored separately from other data that you may transmit to us:

  • IP address
  • Date and time of access
  • Access status/HTTP status code
  • Browser type/version/language
  • Operating system used
  • URL of the previously visited website
  • Amount of data transferred
  • Website from which the request came
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

Those DATA are stored in particular for technically necessary reasons. In addition, we store these DATA for a limited period of time in order to initiate a derivation to personal DATA in the event of unauthorised access or attempted access to our cloud solution. The processing of your DATA described in this paragraph takes place in compliance with the principle of legality, the principle of accuracy, the principle of proportionality, the principle of transparency, the principle of purpose limitation and the consent of the DATA subject, taking into account the APPLICABLE DATA PROTECTION LAW.

3.2 Use for newsletter registration 

When you register for the newsletter, your data are also transmitted.

If you send us your details accordingly, we collect, store and use, where indicated:

  • Name
  • Complete address data
  • Landline and/or mobile phone number
  • E-mail address

We will only process your data to the extent necessary to process your registration. The DATA collected serve the sole purpose of being able to process your request. The processing of your DATA, which is described in this paragraph, takes place in compliance with the principle of legality, the principle of accuracy, the principle of proportionality, the principle of transparency, the principle of purpose limitation and the consent of the data subject, taking into account the APPLICABLE DATA PROTECTION LAW.

3.3 Use for e-mail enquiries  

You can contact us via the e-mail address (info@inacta.ch) provided on our website. If you send us an email, we will collect, store and use your email address where provided:

  • Name
  • Full address details
  • Landline and/or mobile phone number
  • Email address
  • Content of your message

The data will only be processed to the extent necessary to process your enquiry and for correspondence with you. The DATA collected serve the sole purpose of being able to process your request. The processing of your DATA, which is described in this paragraph, takes place in compliance with the principle of legality, the principle of accuracy, the principle of proportionality, the principle of transparency, the principle of purpose limitation and the consent of the data subject, taking into account the APPLICABLE DATA PROTECTION LAW.

3.4 Use in applications 

You can apply to us via the job portal on our website (jobs.inacta.ch/datenschutz). 

If you send us your application, we collect, store and use your corresponding DATA.

The DATA will only be processed to the extent necessary to process your application and for correspondence with you. The DATA collected serve the sole purpose of being able to process your request. Your DATA will be processed in compliance with the APPLICABLE DATA PROTECTION LAW.

In addition, the separate privacy policy for the job portal ("Datenschutzerklärung Jobportal") covers data protection in connection with the employment process. In detail, we refer you to the corresponding Data Privacy Policy of the job portal.

3.5 Use to conduct a contract or other agreements

If you conclude a contract or other agreements with us, only the DATA you disclose or the DATA disclosed by third parties with your consent will be used. The conclusion and implementation of a contract or other agreements would not be possible without the processing of your DATA. If the contract or other agreements are concluded, these DATA will be used to implement the contractual relationship. In particular, these are:

  • Names
  • Complete address data
  • Landline telephone number and/or mobile phone number
  • E-mail address
  • Professional position
  • Bank details (if required)

All DATA provided by you will be processed exclusively for the purpose of concluding and fulfiling a contract or other agreements with us and for contract administration.

The legal basis for this data processing is, in particular, compliance with the principle of legality, the principle of accuracy, the principle of proportionality, the principle of transparency, the principle of purpose limitation and the consent of the person concerned, taking into account the APPLICABLE DATA PROTECTION LAW.

In the course of your contractual relationship, all types of information relevant to the service may also be used. Insofar as the use of special types of personal DATA are required, these DATA will only be collected and used if or insofar as you have consented to it. We obtain your consent in accordance with the APPLICABLE DATA PROTECTION LAW.

If we compile statistics with the data categories mentioned in Art. 9 Para. 2 lit. a GDPR, this is only done for the purposes mentioned in Art. 31 Para. 2 lit. e FDPA or Art. 9 Para. 2 lit. j GDPR. A lack of consent depending on the category of DATA may lead to the service contract or other contract not being concluded or terminated.

3.6 Use for the usage of our software

When using our software (such as Inadox), your internet browser automatically transmits DATA for technical reasons, even during purely informative use or viewing of the software, in order to ensure stability and security. The following DATA are stored separately from other data that you may transmit to us:

  • IP address
  • Date and time of access
  • Access status/HTTP status code
  • Operating system used
  • Amount of data transferred
  • Operating system and its interface
  • Language and version of the browser software

These DATA are stored in particular for technically necessary reasons. In addition, we store these DATA for a limited period of time in order to initiate a derivation to personal DATA in the event of unauthorised access or attempted access to our cloud solution. The processing of your DATA described in this paragraph takes place in compliance with the principle of legality, the principle of accuracy, the principle of proportionality, the principle of transparency, the principle of purpose limitation and the consent of the data subject, taking into account the APPLICABLE DATA PROTECTION LAW.

3.7 Use due to legal requirements

We process your DATA to fulfil legal obligations such as regulatory requirements and/or commercial and tax retention obligations. The APPLICABLE DATA PROTECTION LAW is taken into account as the basis for this processing.

Should we wish to process your DATA for a purpose not mentioned above, we will inform you in advance within the framework of the legal provisions and/or obtain your consent.

 

4 Cookies 

The tools that we use to optimise products and customer interaction on our website are listed below.

The listed tools store so-called cookies. Cookies are files that are stored on your terminal device and enable the user to be recognised and serve to present the digital offer in a more user-friendly and effective manner.

You can also visit our website without cookies. You can also decide which categories of cookies you would like to accept via the settings in our cookie banner.

To completely prevent the use of cookies by your internet browser, you can deactivate the use of cookies via the settings of your internet browser. Furthermore, cookies that have already been set can be deleted at any time using an internet browser or other software programmes. This is possible in all common internet browsers. The help functions of your internet browser will tell you how to deactivate and/or delete cookies. Please note that deactivating/deleting cookies may result in individual functions of our website no longer working to their full extent. Cookies that may be necessary for certain functions of our website are shown below. In addition, the deactivation/deletion of cookies only has an effect on the Internet browser used. If you use other Internet browsers, the deactivation/deletion of cookies must therefore be repeated accordingly.

The DATA stored by a cookie will be saved until the end of the term of the respective cookie or until you delete such cookie.

For further information, please refer to the privacy policy of the respective providers.

We use your information within the scope of website analyses in order to make the website more user-friendly and to conduct market research. We use web analysis tools for this purpose. These tools use your IP addresses either in shortened form or not at all. The setting of such analysis cookies is carried out in compliance with the APPLICABLE DATA PROTECTION LAW. As the operator of the website, we have a legitimate interest in analysing user behaviour in order to optimise our website.

 

5 Links to social media networks

Our website links to third-party websites that are not operated or controlled by us. We are not responsible for whether and how these third parties comply with data protection regulations.

These are therefore not social plugins provided by the social media provider, which already transmit DATA to the provider when the page is loaded, without users being able to influence this. Behind the buttons to the social media networks, there is only a link to the social media network including the transfer of the web page to be shared.

Below you will find information on the data processing of the respective providers.

5.1 Meta 

Meta Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland;

https://about.fb.com/news/2022/05/metas-updated-privacy-policy/ 

5.2 Instagram 

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, provided products; 

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect 

5.3 LinkedIn 

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; 

https://www.linkedin.com/legal/privacy-policy

5.4 Twitter 

Twitter Inc., Market Square, 1355 Market St #900, San Francisco, California, United States of America; 

https://www.twitter.com/en/privacy

5.5 YouTube 

YouTube LLC , 901 Cherry Ave, 94066 San Bruno, California, United States of America; 

https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/ 

5.6 Medium 

Medium Corporation, San Francisco, California, United States of America; 

https://policy.medium.com/medium-privacy-policy-f03bf92035c9 

 

6 Who gets your data? 

Depending on the type of DATA processed by us as "Data Controller", only specific and relevant organisational units have access to your DATA in accordance with the applicable Information Security Framework (hereinafter referred to as "ISF") and Information Security Policy (hereinafter referred to as "ISP"). These are the specialist departments involved in the provision of our services. By means of a role and authorisation concept in accordance with the Information Security Management System (hereinafter referred to as "ISMS"), access within our company is limited to those functions and to that extent which is necessary for the respective purpose of data processing.

In order to fulfil the above-mentioned purposes, we also transfer your DATA to third parties (e.g., IT service providers as "Data Processor") with your written consent in accordance with our Data Protection and Privacy Standard (hereinafter referred to as "DPP-S") process. The categories of these recipients are divided as follows:

6.1 External service providers in the EU and/or Switzerland

We sometimes use external service providers in the EU and/or Switzerland to fulfil our contractual and legal obligations. These service providers may therefore also receive DATA for these purposes if they comply with confidentiality and our data protection instructions.

Inacta uses the services of the following external service providers:

  • Hubspot Germany GmbH, am Postbahnhof 1, 10243 Berlin, Germany.
  • Abacus, operated by Fineac Treuhand AG, Poststrasse 30, 6300 Zug, Switzerland
    • incl. their subcontractors:
    • ALL CONSULTING AG, Schuppisstrasse 10,9016 St. Gallen.
    • Mythen Informatik GmbH, Bahnhofstrasse 32, 6422 Steinen.
  • Exoscale, operated by Akenes AG, Boulevard de Grancy 19a, 1006 Lausanne, Switzerland.
  • colozueri, operated by NTS Colocation AG, Badenerstrasse 569, 8048 Zurich, Switzerland.

This list may be amended and supplemented at our sole discretion.

6.2 External service providers established in a third country (outside the EU and Switzerland) 

Some of our service providers, including some of the cookie providers, tools, services and web services mentioned above, are wholly or partially established in so-called third countries, i.e. outside the EU and Switzerland. For some of these third countries, a positive adequacy assessment or decision pursuant to Art. 16 para. 1 FDPA or Art. 45 para. 3 GDPR is not available. The same applies with regard to suitable guarantees within the meaning of Art. 16 Para. 2 FDPA or Art. 46 GDPR. The transfer of your DATA to these service providers is based on Art. 16 Para. 2 lit. b FDPA and Art. 49 Para. 1 lit. a and b GDPR.

Below you will find a list of our service providers concerned:

  • Greenvelope LLC, 2131 2nd Ave, Seattle, WA 98121, United States of America.
  • Microsoft/O365/Azure, One Microsoft Way, Redmond, WA 98052, United States of America.
  • Cloudflare, 101 Townsend St, San Francisco, CA 94107, United States of America.
  • Atlassian, Level 6, 341 George Street, Sydney, NSW 2000, Australia.

This list is subject to change and addition at our sole discretion.

6.3 Other recipients

In addition, we may transfer your personal DATA to other recipients, such as authorities for the fulfilment of legal notification obligations (e.g., law enforcement agencies or social welfare authorities).

 

7 Where and how long is your data stored? 

The PERSONAL DATA are stored on a server of colozueri and/or on a Swiss cloud solution of Exoscale in Switzerland. We regularly perform backups of our server and so does Exoscale. Furthermore, we and Exoscale restrict access to the PERSONAL DATA concerned by means of organisational and security measures. In the case of data processed as part of a job application, these data are stored in Abacus on the servers of Fineac Treuhand AG. In this context, we refer you to the privacy policy of the job portal.

If the DATA are no longer required for the aforementioned purposes, they will be deleted after expiry of the statutory retention period and blocked for further processing for the remaining duration of the statutory retention period in accordance with the procedure introduced in the DPP-S.

Your DATA will be processed for as long as our processing purposes, the statutory retention periods and our legitimate interests for documentation and evidence purposes require.

 

8 The security of your personal data according to the principle of Privacy by Default and by Design 

Inacta will take appropriate technical and organisational measures (in particular, pseudonymisation of data, data minimisation and restriction of access to the data concerned to persons who process it for the purposes of the data processing) both at the time of determining the means for the processing and at the time of the processing itself, in accordance with the ISF, designed to implement data protection principles effectively and to incorporate the necessary safeguards into the data processing in order to comply with the requirements of the APPLICABLE DATA PROTECTION LAW and the applicable DPP-Ss and to protect your rights. 

This commitment relates to the type and amount of your PERSONAL DATA we collect, the extent of its processing and the duration of its storage and accessibility. These measures ensure that, by default, your PERSONAL DATA are not made available to an indefinite number of third parties without your intervention.

In the event of a personal data breach, Inacta will notify the competent supervisory authority (Federal Data Protection and Information Commissioner (FDPIC)) without undue delay after becoming aware of such breach, in accordance with the applicable ISMS procedure, unless the breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, Inacta will notify you of the breach without undue delay, where possible, in accordance with the applicable ISMS procedure.

 

9 What are your rights? 

In order to inform you of all the options available to you in the context of the collection and use of your information and DATA, we would like to inform you of your rights in this regard on the basis of the APPLICABLE DATA PROTECTION LAW and the applicable DPP-Ss.

For this purpose, the data protection officer is at your disposal if necessary.

9.1 Right to information

You can request information about how, by whom, for what purposes and under what conditions your DATA are collected and used.

9.2 Right of rectification

Of course, we do not want to pass on incorrect or outdated information when using your personal information, in order to prevent misunderstandings or possible damage, for example. Therefore, you have the possibility to update or correct the information we have collected about you at any time.

9.3 Right to restrict processing

You can still request that we only use your DATA in a restricted manner. This means that your DATA will still be stored, but may only be used under limited conditions (e.g., to assert legal claims).

9.4 Right of objection

If we collect and use your information and DATA on the basis of legitimate interests, you naturally have the right to object to the use of your information.

9.5 Right to deletion

Last but not least, we will also delete your DATA if it is no longer required for the purposes stated herein and if we are not obliged to retain it. However, if you are of the opinion that there is no legal reason for further storage, you can assert your right to have your DATA deleted. We have a statutory period of 30 days to delete the DATA.

9.6 Right to data portability

You also have the right to data portability with regard to all DATA that you have provided to us. This means that we will provide you with this DATA in a structured, common and machine-readable format.

 

10 Consent and revocation of consent

If you have given us consent to process your personal DATA, you can revoke this consent at any time without giving reasons. The revocation of consent is effective for the future. The lawfulness of the processing of your DATA up to the time of the revocation remains unaffected.

 

11 Changes and adjustments to the privacy policy 

We reserve the right to change this privacy policy. The current version of this privacy policy is always available at www.inacta.ch/en/privacy-policy. If this privacy policy may be changed in the future, we will inform you of the changes.