As of 09/2022
Background
The protection of your personal data and your privacy is important to us. You can expect us to handle your data sensitively and conscientiously so as to ensure a high level of data security. This privacy statement informs you about the personal data we process in connection with eAccess, what we need this data for and what rights you have in connection with the processing of your personal data.
Please note that this particular data protection declaration does not represent the general data protection declaration of our website – this can be found here.
The processing of your personal data will at all times be in accordance with applicable data protection law.
For individual or additional offers and services, special, supplementary or further data protection declarations as well as other legal documents such as general terms and conditions (GTC) or terms of use may apply.
Responsible data controller
Responsible for the processing of data is:
Glutz AG
Segetzstrasse 13,
4502 Solothurn,
SWITZERLAND
For any questions relating to data protection, please contact datenschutz@glutz.com.
Scope of the processing of personal data, personal data collected
The following personal data may be collected, stored and subsequently processed as part of the registration process and the use of eAccess:
- master data (e.g. name, contact details and information, e.g. about your role and function)
- product, service and contract data
- registration / access data
- product, service and contract data
- technical data (e.g. device information, IP address, operating systems used by end devices, date, usage data etc.)
- mobility data (recording of accesses / access attempts)
- system access / usage / authorisation data
- payment data (e.g. bank details, invoices)
- other data (e.g. in order to comply with legal and regulatory requirements).
This data is used for authentication purposes in connection with eAccess and for the use of services subject to licensing or registration.
Legal basis of data processing
The legal basis of the data processing in connection with the use of eAccess is the performance of the contract concluded with you by us or by one of our partners for the use of eAccess.
Purpose of data processing
The purpose of data processing is to establish, structure, amend or terminate the contractual relationship regarding the use of eAccess, to fulfil the contractual obligations, to enable the client or user to log in to eAccess and to enable the client or user to be contacted, if requested by him/her or insofar as required within the framework of the contractual relationship or as permitted by law.
Collection of personal data when using eAccess Mobile
When downloading eAccess Mobile
When downloading the mobile app, the required information is transmitted to the app store used. This includes in particular the user name, time of download, payment information and the individual device identification number. We have no influence on this data collection and processing and are not responsible for it. Information on this can be found in the privacy policy of the store used.
When using eAccess Mobile
When you use the mobile app, in addition to the data already mentioned, we collect the personal data described below to enable the convenient use of the functions and where such data are necessary to offer you the functions of the app and to ensure stability and security:
- log-in data
- the browser
- the operating system
- IP address
- data and time of access
- location
- use of the app (user history)
- identifying number of the device.
Cookies
In certain cases we use cookies. These are small text files that are stored on your computer, smartphone and/or browser. These are used by us to provide a more user-friendly, effective and secure service.
You can independently manage your security settings in the browser and thereby block or deactivate cookies, though certain services may then no longer be usable to the full extent.
Duration of data storage
The personal data collected will be stored for the duration of the period of use of eAccess.
If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted.
Disclosure / communication of personal data
If, in the course of our processing, we disclose personal data to other persons and companies (contract data processors or third parties, including other companies belonging to the Glutz Group), transfer it to them or otherwise grant them access to the personal data, this will only be done either on the basis of a legal permission (e.g. if a transfer of the personal data to third parties is necessary for the performance of the contract), if you have consented, if a legal obligation dictates it or on the basis of our legitimate interests. Recipients of this data may include, for example, service providers commissioned with IT tasks or other service providers such as payment processors and banks in order to make payments, installation companies for the installation / removal of your contractual products, marketing partners, suppliers, authorities and/or associated companies and divisions within the Glutz Group or other business partners and customers with whom we work. In such a case we observe the legal requirements and, in particular, conclude appropriate contracts or agreements, which serve to protect your data, with the data recipients.
All these categories of recipients may in turn involve third parties so that your data may become accessible to them as well.
Transmission of data to third countries
As explained above, we also disclose data to other entities. These may be in Switzerland or abroad (anywhere in the world). In particular, you should expect your personal data to be transferred to all countries where the Glutz Group is represented by Group companies, branches or other offices, as well as to other countries in Europe and the USA where the service providers we use are located (such as Microsoft, Google LLC). This includes Austria, Germany, Switzerland, the United Kingdom and the United States.
If we process data in a third country (i.e. outside Switzerland, the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this is only done in accordance with legal requirements. These third parties are bound to the same extent as we are to data protection. If the level of data protection in the country concerned is less than adequate, we will ensure that the protection of your data has such a level.
Subject to reservation in cases of express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognised level of data protection, contractual obligation through so-called standard data protection clauses (accessible at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?) of the EU Commission, or in the presence of certifications or binding internal data protection regulations.
Data security
The security of your personal data is important to us. We have implemented appropriate and suitable technical and organisational security measures to maintain the security of your personal data and to protect it against unauthorised or unlawful processing and/or accidental loss, alteration, disclosure or access. To this end, we regularly review our security measures and adapt them to the current state of the art.
Despite appropriate and suitable organisational and technical measures, the processing of personal data on the internet can always have security gaps. We therefore cannot guarantee absolute data security.
Your rights
You have the following rights in relation to personal data concerning you:
- right to information,
- right to correction or deletion,
- right to restrict the processing,
- right to the revocation of your consent if granted,
- right to object to the data processing,
- right to data portability;
- you also have the right to complain to a data protection supervisory authority about our processing of your personal data.
With regard to the rights mentioned above, any restrictions of the applicable data protection laws or other laws apply.
For all questions in connection with the data protection practised by us and for information regarding your rights, as well as for the assertion of such rights, please send an e-mail to datenschutz@glutz.com. If necessary, we reserve the right to request that you identify yourself in an appropriate manner for the processing of requests.
Changes to this Data Protection Declaration
We expressly reserve the right to supplement or modify this Data Protection Declaration at any time. The version published on our website at any given time shall be definitive.