Data Protection Policy aXedras (04.12.2019)
This Data Protection Policy describes the collection and further processing of personal data by aXedras Holding AG and its affiliates (hereinafter "aXedras").
aXedras attaches great importance to the protection of personal data and collects, processes and uses personal data solely for providing and improving its services and in accordance with the principles described below and in compliance with the applicable data protection provisions. Personal data is all information relating to an identified or identifiable natural person, which includes, for example, your name as well as your postal and e-mail addresses.
In the event that the activities covered by this notice are governed by other data protection policies, are evident from the circumstances, or are governed by applicable laws outside of the European Union and the European Economic Area, then such applicable law and resulting policies shall control. The term personal data shall include all information relating to an identified or identifiable person.
This Data Protection Policy describes the general processing of personal data by aXedras in Section A. Section B describes specific provisions for specific applications (e.g. payment, newsletter and personalized advertisement).
If the user provides personal data of other persons to aXedras, he should only provide their personal data only if he is entitled to disclose such data in compliance with the applicable data protection regulations and only if the affected person agrees to said disclosure according to this data protection policy.
A General Provisions
1. Data Controller, Data Protection Officer
The Data Controller in accordance with the Swiss Data Protection Regulations and the EU General Data Protection Regulation (GDPR) of every website (including online-shops and mini sites for special offers), Smart device Application, presence on social media, multimedia portals, chatbots and any other consumer touchpoint of aXedras (hereinafter each "Website") shall be aXedras Holding AG, Bahnhofstrasse 29, 6300 Zug, Switzerland.
aXedras has not appointed a data protection officer according to article 37 GDPR.
2. Processing of personal data
aXedras collects and processes personal data of
users and registered users of an aXedras registered Website (i.e. visitors, account holders etc.);
legal entities purchasing and receiving/benefitting services of aXedras;
potential licensees or end-users of the aXedras services (hereinafter “aXedras Members”;
recipients of aXedras newsletters;
participants in research campaigns and opinion surveys conducted by aXedras;
In particular, the following categories of personal data are processed by aXedras:
Personal data including but not limited to first and last name, address, legal entity, VAT number, residence, telephone number, email address, date of birth, date of incorporation, Identification data (scans, ID Number, expiry date, trade register excerpt);
Data pertaining to orders and purchases including but not limited to billing address, services ordered and purchased, information and queries and complaints relating to services, User care and services, rescissions and disputes;
Data in connection with marketing and communication, including but not limited to information relating to newsletter and other communication channels, opt-ins and opt-outs, invitations to and participations at events and special activities, communication preferences, correspondence and communication with aXedras (including records of the communication); personal preferences and interests and User segmentation information;
Data concerning the use of the Website including but not limited to the IP address and other user identification (e.g. username of social media, MAC address of devices, cookies, beacons, etc.), date and time of Website visits, visited sites and contents, and referring websites;
Data in connection with communication including but not limited to preferred means of communication, correspondence and communication with aXedras (including records of the communication);
(together User Data).
In the course of business, Users will be required to provide User Data necessary regarding the services or if required by law. Without this data, aXedras will not be able to render its services to the User.
Any access to the Website is logged, therefore aXedras collects any data regarding the usage and User journey of and through the Website which cannot be deactivated by the user of the Website.
3. Purpose of processing and legal grounds
Purpose of data processing
In particular, but not limited to, and in accordance with the applicable law, aXedras may process personal Data for the following Purposes:
In connection with services offered, conclusions of contracts, executions of contracts, maintenance and development of User relations, communication, User service and support, promotions, advertisement and marketing (including newsletters and mailing of promotional materials), communication, invitation to events and participation in promotions, organization of joint activities with Partners;
Management of the Users of the Website and other activities, operation, maintaining and developing the Website (including the provision of functions which require identifiers or other personal data) and additional IT systems and identity verifications;
protection of Users, employees and other individuals and protection of data, secrets and assets of and entrusted to aXedras as well as the protection and security of systems and premises of aXedras;
compliance with legal and regulatory requirements, including the internal rules of aXedras, enforcement and exploitation of legal rights and claims, defense against legal claims, litigation, complaints, combating abusive conduct, engaging in legal investigations and proceedings and responding to inquiries of public authorities;
sale or acquisitions of business divisions, companies or parts of companies and other corporate transactions and the transfer of personal data associated therewith; and
for other lawful purposes where such processing was evident from the circumstances or indicated at the time of the collection.
(together the Purpose of Data Processing).
Legal grounds of Data processing
aXedras uses the personal data for the Purpose of Data Processing based on the following legal grounds:
performance of contracts;
compliance with legal obligations of aXedras;
consent of User (can be withdrawn at any time);
legitimate interests of aXedras, including but not limited to
purchase and rendering of services;
advertising and marketing activities;
efficient and effective User support, maintenance of contact and other communication with Users;
understanding User behavior, activities, concerns and needs, market studies;
efficient and effective improvement of existing services and development of new services;
efficient and effective protection of Users, employees and other individuals and protection of data, secrets and assets of and entrusted to aXedras as well as the protection and security of systems and premises of aXedras;
maintenance and security, efficiency of business and development, the Website and IT systems;
reasonable corporate governance and development;
compliance with legal and regulatory requirements and internal rules of aXedras;
prevention of fraud, offences and crimes as well as related investigations, handling of claims and actions against aXedras, legal proceedings, cooperation with public authorities, legal actions
4. Transfer and Disclosure of Data
In accordance with applicable data protection laws, aXedras may transfer personal data, to the following categories of commissioned data processors:
local, national and foreign authorities;
acquirers or parties interested in acquiring business units, companies or other parts of aXedras;
other parties in potential or actual legal proceedings;
other Group companies of aXedras.
(together Commissioned Data Processors).
aXedras may disclose personal data to Commissioned Data Processors and to any country worldwide, including namely all countries in which aXedras is represented by Group companies, affiliates or other offices and representatives as well as to countries in which service providers of aXedras process their data. If data is disclosed to countries without an adequate protection, aXedras shall ensure such (e.g. by EU standard clauses, binding corporate rules, EU-U.S. and/or the Swiss-U.S. Privacy Shield Framework).
5. Data Retention
In general, aXedras retains personal data for no longer than it is necessary for the purposes for which the personal data are processed. Notwithstanding the general principle, aXedras may process personal data for longer periods subject to the following rules and obligations: aXedras retains personal data as long as aXedras (i) is obligated to do so (by way of contract, law or other provisions) or (ii) has an overriding interest (e.g. an interest for reasons of proof in case of claims, documentation of compliance with certain legal or other requirements). Deviating rules are reserved with respect to anonymization or pseudonymization of personal data subject to applicable law.
aXedras retains contract related personal data (including business records and communication) as long as the contractual relation is in force and for ten years after termination of the contractual relationship unless (i) a shorter or longer statutory storage obligation is applicable, (ii) the retention is required for reasons of proof or another valid reason based on applicable law, or (iii) the deletion of the data is required earlier.
Log files are retained for 12 months.
6. Cookies, Tracking and Social Plug-Ins
aXedras uses session cookies that are automatically deleted when the Website is closed and that enable the server to establish a stable connection to the user (e.g. that the user doesn’t lose already entered date) while the user is using the Website. aXedras also uses permanent cookies that are only deleted after a per Website specified time.
Permanent cookies are used to remember the preferences of the user on the Website and remain on the user's device even after the browser is closed or the device is restarted. aXedras uses these cookies to analyze user behavior and to determine visit patterns so that the Website functionality can be improved for all users.
Cookies do not cause any damage and do not contain any viruses. If the user nevertheless does not wish cookies to be set, browser settings can be changed that cookies are only created or generally rejected with the consent of the user.
Please note, however, that if cookies are not allowed or rejected on the Website, some functionalities may be restricted or unavailable.
aXedras is entitled to install a code in transactional emails, newsletters and other marketing emails to determine whether the recipient has opened an email or downloaded images contained in the email. However, the recipient can block this application in his or her email program. In any case, the recipient agrees to the use of this technology by receiving newsletters and other marketing e-mails.
If aXedras places third-party advertising on the Website (e.g. banners) or intends to place its own ad on a third party's website, cookies may be used by companies specializing in the use of this advertising. aXedras does not pass on any personal data to such companies, i.e. third parties merely place a permanent cookie with the users of the Website to recognize users. This is in the sole interest of aXedras and enables aXedras to place targeted advertisements for these persons on the websites of third parties (e.g. in connection with products for which these persons have shown interest in the online shop). aXedras does not pass on any personal data to the operators of external websites.
6.2 Analytic Tools
6.2.1 LinkedIn Insight Tag
aXedras uses the LinkedIn Insight Tag of the social network LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland.
The LinkedIn Insight Tag enables the collection of data regarding members’ visits to the aXedras Website, including the URL, referrer, IP address, device and browser characteristics, timestamp, and page views. This data is encrypted, then de-identified within seven days, and the de-identified data is deleted within 90 days. LinkedIn does not share the personal data with aXedras, it only provides aggregated reports about the website audience and ad performance. LinkedIn also provides retargeting for website visitors, enabling aXedras to show personalized ads off its website by using this data, but without identifying the member. LinkedIn members can control the use of their personal data for advertising purposes through their account settings: (https://www.linkedin.com/psettings/advertising/actions-that-showed-interest).
6.2.2 Google Tag Manager and Google Analytics
6.2.3 Social Plug-ins and Social Sign-Ups
The Website uses social plugins, e.g. from Facebook, Twitter or Google+ and offers the possibility to sign up via Facebook or Google. The plugins are marked with the logo of the provider and can be e.g. "Like" buttons or a Twitter button or Google+ button.
If the User uses a Website that contains such a plugin, its browser establishes a direct connection with the computers of the provider. The content of the plugin is transmitted directly from the provider of the plug-in to the browser of the User and integrated into the Internet site of the latter. By integrating the plug-ins, the respective provider receives the information that the User has visited the Website. If the User is logged in to the Provider's site at the same time, the Provider can assign the visit to the profile of the User. If the User interacts with the plugins - for example, by clicking the "Like" button or commenting - the corresponding information is transmitted directly from the User's browser to the provider and stored there.
If the User does not want the provider to collect data about him via the Website, he must log off from the provider before visiting the Website. Even when logged out, the providers collect anonymous data via the social plugins and set a cookie for the User. This data can be assigned to the corresponding profile if the User logs on to the provider at a later point in time.
If a login (Social Sign-Up) is offered via a social login service - e.g. Facebook Connect or Google - data is exchanged between the provider and the Website. With Facebook Connect, for example, transferred data contains data from the public Facebook profile of the User. By using such login services, the User consents to such transfer of data.
The purpose and scope of the data collection and the further processing of the data by the provider as well as the relevant rights and setting options for the protection of privacy can be found in the privacy notices of the providers.
Facebook Ireland Ltd. or Facebook Inc.:
If the User does not want the providers to collect data via these cookies, the User can select the function "Block third-party cookies" in his browser settings. In this case, the browser will not send cookies to the server for embedded content from other providers. With this setting, other functions of the Website may no longer work.
7. Commissioned service providers and third parties
In order to ensure a convenient experience, aXedras may cooperate with service providers (or third parties) for programming, testing, User experience, payment, hosting etc. Using these service providers, aXedras may transfer User Data to provide its services to the Users.
8. Rights of the Users, visitors and partners
Any affected individual or legal entity may request information from aXedras if data concerning them is being processed. In addition, any affected individual or legal entity has the right to request the correction, deletion or restriction of its own personal data as well as to object to the processing of its own personal data per se. Should the processing of personal data be based on consent, the affected individual or legal entity may withdraw such consent at any time.
Request shall be submitted to:
aXedras Holding AG
aXedras reserves the right to restrict the rights of the affected individual or legal entity in accordance with applicable law and e.g. not to disclose comprehensive information or not to delete data.
In the event that aXedras makes an automated decision with respect to a certain individual or legal entity which may have a legal effect for the affected individual or legal entity or seriously affect him or her in a similar way, the affected individual or legal entity shall have, in accordance with applicable law, the right to communicate with aXedras and to request a reconsideration of the decision or to request the prior evaluation by aXedras. In such case, the affected individual or legal entity may no longer be able to use certain automated services. The individual or legal entity will be informed thereof subsequently or separately in advance.
Any affected individual or legal entity may also raise a complaint with the competent data protection authority, which in the case of aXedras is the Federal Data Protection and Information Commissioner in Switzerland (http://www.edoeb.admin.ch) or the respective data protection authority in the user's country of residence.
9. Changes to this Data Protection Policy
aXedras reserves the right to amend this Data Privacy Notice at any time and without prior notice or announcement. The latest version posted on the aXedras Website shall be applicable.
aXedras shall inform the affected person of any update or amendments by email or in another appropriate manner.
The amendments shall be deemed to have been accepted unless the affected individual objects within 30 days of notification. In case of objection aXedras shall be free to terminate any agreement with the affected individual with immediate effect.
B Specific Provisions
The provisions of section A hereinabove shall be supplemented by the following provisions for certain activities of aXedras. The provisions of this Section B shall take precedence.
Payments on the aXedras Website are not handled by aXedras but by a commissioned third party (Stripe Inc.). Payments can be made by Credit card by entering the User's credit card details on the Website or by any other payment method offered by Stripe Inc.
Payment by credit card is handled by a third-party company (Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA). The User expressly agrees that aXedras cannot assume any liability for third parties. Payment is subject to the general terms and conditions of the respective third-party company.
aXedras does not collect and/or store any payment data such as credit card or bank account information or any other financial data other than the payment amounts and date of the transaction itself.
2. Newsletter and personalized advertisement
If agreed upon by the User, aXedras may send newsletters or other commercial communications regarding its services to the User. Based on the information provided, aXedras may personalize the information provided to the User that the User only receives information that aXedras deems interesting and relevant to the User. For this purpose, aXedras analyses the data including but not limited to information about business purpose, interests and preferences as well as other information collected and data that can be derived from linking various data of the User and otherwise.
aXedras may send newsletters or other commercial communications in connection with its services to Users. In accordance with the applicable law, aXedras reserves the right to do so without the prior consent of existing Users.
The User may at any time unsubscribe from any newsletters or other commercial communications on the Website or via the link provided in each mailing. The termination of one newsletter may not entail the termination of other newsletters.
Personalized advertising may also be placed during the visit of the Website. Each such personalized advertisement displayed is generated by aXedras using cookies and other analytic tools (see section A. 6 above).