Data Protection

Version 2.0 last checked in March 2024

We take the protection of your privacy very seriously and process your data in compliance with the applicable data protection regulations. We are committed to protecting the personal data of visitors to our website. Personal data within the meaning of this document is all information that relates to an identifiable person, such as name, address, e-mail addresses, Internet protocol addresses and user behavior.

When collecting your personal data, it is our utmost concern to offer you a secure, uncomplicated and efficient service that is tailored to your needs. In the following privacy policy, we inform you about the processing of your personal data by us. We also provide you with an overview of your rights in the area of data protection. Which data is processed in detail and how it is used essentially depends on the services used, requested or agreed.

1. Controller and data protection officer

(1) The controller pursuant to Art. 4 (7) of the General Data Protection Regulation (GDPR) or service provider pursuant to Section 13 of the German Telemedia Act (TMG) is

DSwiss AG
Data Protection Department
Badenerstrasse 329
CH-8003 Zurich
Switzerland

(2) You can contact the data protection officer at:

DSwiss AG
Antonio Mecci
Data Protection Department
Badenerstrasse 329
CH-8003 Zurich
Switzerland

E-mail: privacy@dswiss.com

2. Source of personal data

We process personal data that we receive from you when you create your SecureSafe account, when you visit our website, when you contact us by e-mail or via a contact form.

3. Categories of personal data that are processed

(1) If you visit or use our website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

  • Your Internet Protocol address,
  • Date, time and duration of your visit,
  • Content of the request (specific page),
  • Access status/http status code,
  • The amount of data transferred in each case,
  • Website from which the request originates,
  • Your browser,
  • Your operating system.

These data serve internal statistical purposes only.

(2) In addition to the above-mentioned data, transient and persistent cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in connection with the browser you are using and through which the party that sets the cookie receives certain information. Cookies cannot execute programs or transmit viruses to your computer. They are used to make the website more user-friendly and effective overall.

(3) Most browsers are set to accept cookies. However, you can deactivate the storage of cookies in your browser at any time or set your browser to notify you as soon as cookies are sent. Please note, however, that you may then no longer be able to use all the functions of this website.

(4) This stored information is stored separately from other data that you may have provided to us. In particular, the data from the cookies will not be merged with other data from you.

4. Further functions and offers of our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, it is usually necessary for you to provide further personal data that we require to provide the respective service.

(2) If you contact us by e-mail or via a contact form, the data you provide (your e-mail address and, if applicable, your first and last name and your telephone number) will be stored by us in order to answer your inquiry.

(3) If you contact us via our offer or sales contact form, we collect your first and last name, the name and address of the company you work for, your e-mail address and your telephone number.

(4) If you contact us via our support contact form, we collect your e-mail address and your SecureSafe user name.

(5) When customers purchase our service for a project group, we collect the following data as part of the order process: the Team Safe name, the nickname, the user name and an e-mail address. If customers also request a free quote for our services for their company, we collect the following personal data: Your name, your first name, the name of the company for which the quote is to be obtained, the address as well as the e-mail address and telephone number.

(6) If you are already a customer of ours, we will process your e-mail address in order to send you information about innovations to our products and services as well as special offers. For this purpose, we forward the above-mentioned data to our technical service provider Emarsys eMarketing Systems AG, Märzstraße 1, A-1150 Vienna.

(7) We delete the personal data arising in this context after storage is no longer necessary, or we restrict processing if there are statutory retention obligations.

5. Google Universal Analytics with IP anonymization

(1) This website uses Google Analytics 4 with IP anonymization, a web analysis service of Google Inc ("Google"). Google Analytics 4 uses "cookies". The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating IP anonymization on this website, your Internet protocol address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

(2) The Internet Protocol address transmitted by your browser as part of Google Analytics 4 will not be merged with other Google data.

(3) You can prevent the collection of data generated by the cookie and related to your use of the website (including your Internet protocol address) and the processing of this personal data by Google by using the cookie settings of your browser by downloading and installing the browser plug-in available at the following link: google.com.

(4) We would like to point out that on this website Google Analytics 4 has been extended by the code "ga('set', 'anonymizeIp',true);" in order to ensure anonymized collection of Internet protocol addresses (IP masking). This means that the internet protocol addresses are further processed in abbreviated form.

(5) We use Google Analytics 4 to analyze the use of our website and to improve it regularly. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield.

(6) This website uses Google Tag Manager. We use Google Tag Manager to implement and manage tags on this website. This means that the Tag Manager does not record any cookies or personal data. However, it can trigger tags that can record data. Google Tag Manager does not have access to such personal data. The deactivation at domain or cookie level still applies to all tracking tags implemented with Google Tag Manager.

(7) Information about the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353(1) 436 1001. Terms of use: google.com; overview of data protection: google.com and the privacy policy: google.com.

6. Integration of Google reCAPTCHA

(1) Our website uses Google's reCAPTCHA service to protect your requests via an online form. The query serves to distinguish whether the input is made by a person or abusively by automated machine processing (e.g. by bots). The query includes the transmission of the internet protocol address and other data required by Google for the service to Google. For this purpose, your entries are transmitted to Google and used there.

(2) By using reCAPTCHA, you agree that the recognition you provide will be used for the digitization of old works. Due to the activation of IP anonymization by us on this website, your Internet protocol address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will your full Internet Protocol address be transmitted to a Google server and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the service. The Internet Protocol address transmitted by your browser as part of reCAPTCHA will not be merged with other Google data. This data is subject to the differing data protection provisions of Google Inc. Further information on Google's data protection guidelines can be found at: google.com.

7. Integration of YouTube videos

(1) We have integrated YouTube videos into our online offering, which are stored on YouTube.com and can be played directly from our website. These are all integrated in "extended data protection mode", i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transmission.

(2) When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. The data mentioned in paragraph 3 will also be transmitted. This happens regardless of whether YouTube provides a user account through which you are logged in or whether you do not have a user account. If you are logged in to Google, your data will be linked directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube will record your data in user profiles and use them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to present needs-based marketing and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact YouTube.

(3) Further information on the purpose and scope of data collection and processing by YouTube can be found in their privacy policy. There you will also find further information about your rights and settings options to protect your privacy: google.com. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield.

8. Use of HubSpot for data processing

DSwiss uses HubSpot, an integrated customer relationship management, marketing and communication platform, to better serve our customers and efficiently manage interactions with our services. This section describes how we use HubSpot and what rights you have in relation to the personal data processed via HubSpot.

(1) How we use HubSpot:

- Communications: HubSpot allows us to send emails, newsletters and other communications to users who have opted in to receive them. It helps us customize our communications based on user preferences and interaction history.

- Customer service and engagement: We use HubSpot to manage and respond to customer inquiries and feedback and to provide support services.

- Marketing and analytics: HubSpot provides marketing campaign and analytics tools to help us understand how our services are used and how we can improve them.

(2) Your data protection rights with HubSpot:

Your personal data is processed in HubSpot on the basis of your consent. You have the right to access, rectify or erase your personal data, as well as the right to restrict processing and the right to data portability, as described in our Privacy Policy.

(3) Unsubscribing from notifications via HubSpot

If you wish to unsubscribe from receiving marketing communications processed through HubSpot, you can do so in the following ways:

- Directly from emails: Use the "Unsubscribe" link in the footer of every marketing email you receive from us via HubSpot.

- Contacting us: If you encounter any problems or would like to request to be removed from our communication lists directly, please contact our data protection department at privacy@dswiss.com.

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with best practice and legal requirements.

9. Use of the SecureSafe application

(1) The use of our internet data safe services ("SecureSafe Services") is in accordance with the SecureSafe T&Cs and at the user's own risk. You can access the SecureSafe Services via the internet from our website or download our SecureSafe apps for desktop or mobile devices.

(2) You can download our apps for mobile devices from various online platforms of other providers ("app stores"). The data protection notices of the respective providers apply to data processing in connection with your visit to the App Store and the download of the app for mobile devices. These can be viewed at apple.com for the Apple App Store and at google.com for the Google Play Store.

(3) In order to use our SecureSafe services, you must register and provide the following data:

- Your e-mail address,
- a user name of your choice,
- a password of your choice.

(4) The following data is processed when you use the SecureSafe application:

- The data listed in section 3 (Categories of personal data processed), subsection 1,
- performed,
- Actions performed within the app (visible e.g. in the "Activity Trail" of a TeamSafe) and their duration,
- The (SecureSafe) app version you are using.

(5) Your registration creates a user relationship in accordance with the provisions of the SecureSafe T&Cs. We store the personal data provided by you that is required to fulfill the contract. We also store the data you provide voluntarily for the period in which you use the SecureSafe services, unless you delete it. You can manage and edit all information in your reserved customer area. SecureSafe does not have access to your login data at any time.

(6) When you use our SecureSafe services, you generate usage data by uploading files, saving passwords or sending emails with personal content via the mail-in function. If the uploading of content is not exclusively related to personal or family matters, this may constitute a form of processing that is subject to the application of the GDPR. For this purpose, you are the "controller" for the respective processing activity within the meaning of Article 4 (7) GDPR. We merely provide our users with the technical framework for the storage of data. We have no control over the type of personal data uploaded by users when using the SecureSafe services. We do not have access to the uploaded data, we do not check it and we do not evaluate it. We therefore assume that you alone are the controller within the meaning of Article 4 (7) GDPR in the above-mentioned case. If you delete your account or request its deletion, the usage data generated by you will also be deleted.

(7) If you use our SecureSafe services for activities other than personal or family activities, you must conclude an order processing contract with us for the use of our services.

(8) If the usage fee is not paid by the customer himself, but by a third party, e.g. the customer's employer (hereinafter "third-party payer"), DSwiss reserves the right to send the third-party payer billing reports, which may contain the customer's e-mail address. The customer expressly agrees to this.

(9) Via our website or apps, you can choose between free use of our services and other fee-based services. We accept payment by credit card or via PayPal accounts.

(10) If you choose to use a voucher, we will record the voucher code and the context in which it was used.

(11) If you choose to pay by credit card, you will be redirected to the Datatrans payment interface. The following personal data is required for payment by credit card: your credit card information, consisting of card number, expiry date and CVV code. Further information can be found in the Datatrans data protection information at datatrans.ch.

(12) If you choose the online payment service provider PayPal for payment, you will be redirected to the PayPal interface for payment. The personal data transmitted to PayPal is usually first name, last name, address, telephone number, IP address, e-mail address or other data required for processing, as well as data related to the purchase. Depending on the payment method selected with PayPal, PayPal transmits the personal data transmitted to PayPal to rating agencies. The individual agencies and the data generally collected, processed, stored and forwarded by PayPal can be found in PayPal's privacy policy at paypal.com.

(13) The financial data used are encrypted with TLS.

10. Categories of recipients of the personal data

(1) We have some of the processes and services carried out by carefully selected service providers who are obliged to comply with data protection regulations. These external service providers are bound by our instructions and are subject to regular monitoring. They will not pass on your data to third parties.

(2) With regard to the disclosure of data to other recipients, we only disclose information about you if this is required by law, if you have given your consent or if we are authorized to disclose it. If these requirements are met, recipients of personal data may be, for example

- Public bodies and institutions (e.g. tax authorities, law enforcement authorities) if there is a legal or official obligation.

11. The purposes of the processing for which the personal data are intended and the legal basis for the processing

We process your personal data in accordance with the applicable legal provisions on data protection. Processing is lawful if the following condition is met:

- Consent (Article 6(1)(a) GDPR): The processing of personal data is lawful if you have consented to the processing for specific purposes (e.g. processing your request, use of the data for marketing purposes). You can withdraw your consent at any time with effect for the future. This also applies to the withdrawal of declarations of consent given to us prior to the application of the GDPR, i.e. before May 25, 2018.

- Due to contractual obligations (Article 6(1)(b) GDPR)We process personal data in order to fulfill our contractual obligations or to carry out pre-contractual measures that take place upon request. The purposes of the processing activities result primarily from your request.

- Due to legal requirements (Art. 6 para. 1 lit. c)GDPR), DSwiss AG is subject to various legal obligations. These include, among others:

- Commercial and tax retention obligations under the law of obligations and the Federal Direct Federal Tax Act,

- Compliance with tax control and reporting obligations.

- As part of the balancing of interests (Article 6(1)(f) GDPR): Where necessary, we process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. Examples:

- Assertion of legal claims and defense in legal disputes,

- Ensuring IT security and IT operations,

- Analyzing and improving the use of our website.

- Transmission of information about updates to our products and services and about special offers for our customer base.

12. Intention to transfer the personal data to a third country or to an international organization

In principle, the data is only processed in Switzerland. The EU Commission has established an adequate level of protection in Switzerland in accordance with Art. 25 (6) of the EU Data Protection Directive. Active transfer to other third countries only takes place if this has been expressly stated in the context of the aforementioned services.

13. Criteria for determining the duration of the storage of personal data

(1) Data is stored in accordance with the statutory provisions on data processing and in compliance with the statutory retention periods. We process and use your data exclusively for the purposes for which we are authorized and for as long as the data is required for these purposes.

(2) If the data are no longer required for the purpose or to fulfill legal obligations, they are generally deleted, unless their further processing - possibly limited in time and scope - is necessary for the following purposes:

- The fulfillment of retention obligations under commercial and tax law: The Swiss Code of Obligations (CO) and the Federal Direct Federal Tax Act (DBG) should be mentioned here. According to these, the retention and documentation periods are generally 10 years.

- Retention of evidence within the scope of the statute of limitations.

14. Your data protection rights

(1) Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG). To correct the data, you can log into your user account and make the desired changes via the "Settings" field (top right).

(2) You can withdraw the consent you have given us to process your personal data at any time with effect for the future. This also applies to the revocation of declarations of consent given to us before the application of the General Data Protection Regulation, i.e. before May 25, 2018.

(3) You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.

In individual cases, we also process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

The objection can be lodged informally and should be sent to:

DSwiss AG
The Data Protection Officer
Antonio Mecci
Data Protection Department
Badenerstrasse 329
CH-8003 Zurich
Switzerland

E-mail: privacy@dswiss.com

15. Obligation to provide and possible consequences of not providing personal data

When using our services, you must provide the personal data that is required to fulfill the purpose or that we are legally obliged to collect. Without this data, we are generally unable to provide the requested service.

16. Security of the data

Your personal data is stored and processed on our computers in Switzerland. We protect your personal data by complying with physical, electronic and procedural security measures in accordance with Article 32 GDPR in conjunction with applicable Swiss federal law. We protect our computers with firewalls and data encryption, among other things. In addition, we carry out personal checks before granting access to our buildings and files and only grant access to personal data to those employees who need it to perform their duties.

17. Use of automated decision-making, including profiling

We generally do not use fully automated decision-making within the meaning of Article 22 GDPR for the establishment and implementation of the business relationship. We will inform you separately if we use this procedure in exceptional cases, insofar as this is required by law. 

18. Changes to the privacy policy

This privacy policy may be updated from time to time, as we are constantly developing and optimizing our services. The latest version will be published on our website.