Privacy Statement for Use of the Certification Service of Swisscom (sales name: "All-in Signing Service")

Similar documents
Privacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria

Online Ad-hoc Privacy Notice

1 About GfK and the Survey What are personal data? Use of personal data How we share personal data... 3

Privacy Policy Hafliger Films SpA

PRIVACY POLICY FOR WEB AND ONLINE TRADING PLATFORM

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

Part B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information

PRIVACY POLICY PRIVACY POLICY

Data Subject Access Request Form

PRIVACY POLICY FOR THE LIDC 2018 INTERNATIONAL CONGRESS

Contract Services Europe

Privacy Policy CARGOWAYS Logistik & Transport GmbH

INFORMATION NOTE ON DATA PROCESSING

DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018

the processing of personal data relating to him or her.

Privacy Policy. In this data protection declaration, we use, inter alia, the following terms:

Latest version, please translate and adapt accordingly!

PRIVACY NOTICE 1. Introduction

2. Which personal data is processed by SF Studios and from which source does the personal data originate?

GDPR Privacy Policy. The data protection policy of AlphaMed Press is based on the terms found in the GDPR.

Privacy Policy of

This Privacy Statement applies to data processing carried out by:

Integrity Notice. Fjärde AP-fonden (AP4)

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

Data Processing Policy

Data subject ( Customer or Data subject ): individual to whom personal data relates.

Data protection declaration

SCALA FUND ADVISORY PRIVACY POLICY

Element Finance Solutions Ltd Data Protection Policy

I. Name and Address of the Controller

VISTRA ZURICH AG - PRIVACY NOTICE

I. Name and Address of the Controller

Platform Privacy Policy (Tier 2)

Privacy Policy Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH 1. Definitions

PRIVACY NOTICE Olenex Sarl

1. Right of access. Last Approval Date: May 2018

Creative Funding Solutions Limited Data Protection Policy

Data Processing Agreement

SURGICAL REVIEW CORPORATION Privacy Policy

Data Protection Declaration of ProCredit Holding AG & Co. KGaA

Emergency Nurses Association Privacy Policy

SAFE-BioPharma RAS Privacy Policy

NEWSLETTER DATA PROTECTION NOTICE. AImotive Ltd.

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

RECRUITMENT DATA PROTECTION NOTICE. AImotive Ltd.

PRINCIPLES OF PROTECTION OF PERSONAL DATA (GDPR) WITH EFFICIENCY FROM

Information you give us when you sign up to the World Merit Hub. In addition, when you sign up to the World Merit Hub, we will usually ask for:

PRIVACY POLICY. What personal data we collect and why we collect it IN ORDER TO: (Date of last update: 1 st January 2019)

Privacy Policy Identity Games

Synchronoss Website Privacy Statement

Privacy Notice - Stora Enso s Supplier and Stakeholder Register. 1 Purpose

The legal basis for the data collection described above is user s consent in accordance with Article 6(1)(1)(a) of the GDPR.

In this data protection declaration, we use, inter alia, the following terms:

Depending on the Services or information you request from us, we may ask you to provide the following personal information:

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

What You Need to Know About Addressing GDPR Data Subject Rights in Pivot

Sketching for UX Designers Website & Newsletter Privacy Policy

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018

This privacy policy describes how Stockholm Design Lab Aktiebolag ( SDL ) processes personal data regarding our clients contact persons.

PRIVACY POLICY OF THE WEB SITE

Information leaflet about processing of personal data (

Vistra International Expansion Limited PRIVACY NOTICE

Rights of Individuals under the General Data Protection Regulation

CEM Benchmarking Privacy Policy

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR).

PRIVACY POLICY. 1. Introduction

EU Data Protection Agreement

Bend Mailing Services, LLC, dba BMS Technologies ( us, we, or our ) operates the website (the Service ).

CD STRENGTH LLC. A MASSACHUSETTS, USA BASED COMPANY

American Dental Hygienists Association Privacy Policy

Tampere University of Technology Privacy Policy 1 (5) 18/06/2018

In this data protection declaration, we use, inter alia, the following terms:

I domobile PRIVACY POLICY Version The privacy of all of our Users is very important to us. When you, as an App-user, use the Service

Name: Aho Terhi Title: ecommerce Manager. Phone: terhi.aho(at)finavia.fi Name: Närvänen Carita Title: Development Manager

Data Protection Policy

When this policy mentions WanderJaunt, we, us, or our, it refers to the WanderJaunt, Inc.

Throughout this Data Use Notice, we use plain English summaries which are intended to give you guidance about what each section is about.

Privacy Notice for Business Partners

You can find a brief summary of this Privacy Policy in the chart below.

Data Processing Agreement

Haaga-Helia University of Applied Sciences Privacy Notice for JUSTUS publication data storage service

Our Privacy Statement

Privacy Notice - Stora Enso s Customer and Sales Register. 1 Controller

Data Privacy Policy. of Eisenmann Übersetzungsteam - Suzanne Eisenmann - translation team

PRIVACY POLICY. Personal Information We Collect

Rowing Canada Aviron. Online Registration System - Protection of Personal Privacy. Policy Statement

GDPR Compliant. Privacy Policy. Updated 24/05/2018

Personal Data Privacy Policy Updatedt: December 2018

Haaga-Helia University of Applied Sciences Privacy Notice for Urkund Plagiarism Detection Software

GDPR effects on Gift Aid. Presented by Keren Caird Business Development Gift Aid Manager Sue Ryder

WE ARE COMMITTED TO PROTECTING YOUR PERSONAL DATA

About Us. Privacy Policy v1.3 Released 11/08/2017

INFORMATIVE NOTICE ON PERSONAL DATA PROCESSING

BIOEVENTS PRIVACY POLICY

Privacy Notice. 1. Name and contact details of the data controller

Website and Marketing Privacy Policy

NIPPON VALUE INVESTORS DATA PROTECTION POLICY

Privacy Policy. 1. Definitions

Privacy Policy Section A Section B Section C Section D

ŠKODA IRELAND Privacy Statement

Transcription:

Swisscom (sales name: "All-in Signing Service")

General Privacy is a matter of trust, and your trust is important to us. Handling personal data in a responsible and legally compliant manner is a top priority for AG, Alte Tiefenaustrasse 6, Worblaufen, Switzerland, company number CHE-101.654.423 ("we", "us" or "Swisscom"). This Privacy Statement ("Statement") describes how we process your personal data. Applicability This Statement applies to the processing of personal data in connection with the provision of the Swisscom Certification Service with advanced and qualified certificates for advanced and qualified electronic signatures ("Certification Service"). In addition to this Statement, the Terms and Conditions of Use for the Use of the Certification Service ("Terms and Conditions of Use") shall apply. Categories of personal data In connection with your use of our Certification Service, we process various categories of personal data concerning you as the identified person participating in the signature process. This is data such as: identification document data, mobile phone number, home address and technical information (e.g. IP address). Further information regarding the categories of personal data processed by us can be found in section 1 of the comprehensive Statement set forth below. Generally, there is no legal or contractual obligation to disclose personal data. However, we will have to collect and process personal data which is necessary for the initiation and processing of the Certification Service. Otherwise you will not be able to use our Certification Service. Purposes of processing We process your personal data for purposes such as: provision of the Certification Service and compliance with the applicable legal requirements in connection with the Certification Service. Further details regarding the processing purposes can be found in section 2 of the comprehensive Statement set forth below. Legal basis for processing The processing of personal data requires a legal basis. The processing of your personal data generally relies on one or more of the following legal bases: The processing is necessary for (a) performing a contract with you or processing your request for a contract, (b) complying with a legal obligation or (c) safeguarding an overriding legitimate interest. Further details regarding the legal bases for our processing can be found in section 3 of the comprehensive Statement set forth below. Categories of recipients and cross-border processing We can make your data available to the following recipients subject to compliance with applicable legal requirements: supervisory authorities, certification authorities, accredited conformity assessment bodies service providers and the business partner who made our Certification Service available to you. Further details regarding the transfer of personal data to third parties can be found in section 4 of the comprehensive Statement set forth below. AG 2/1

Storage period and data erasure Your personal data is stored at least until the purpose for processing has been achieved and is thereafter erased or anonymised. Further information regarding the storage period and the erasure of data can be found in section 5 of the comprehensive Statement set forth below. Your rights You have a number of rights in relation to the processing of your personal data subject to the conditions under applicable law, such as, for example, the rights to access, rectification or erasure. Further information regarding your rights can be found in section 6 of the comprehensive Statement set forth below. Amendments This Statement is not part of the Terms and Condition of Use. We reserve the right to amend and supplement all constituent parts of this Statement at any time and at our absolute discretion. We shall give you adequate notice of these changes in accordance with applicable law. Contact If you have any questions or concerns, you can contact us as follows: By using the contact form: https://www.swisscom.ch/de/business/enterprise/formulare/kontakt.html By telephone: 0800 724 724 or from outside Switzerland: +800 724 724 24 By post: AG, Contact Centre, 3050 Bern, Switzerland Please reference the keyword "All-in Signing Service" in all cases. You can contact the data protection officer of Swisscom AG and AG as follows: By email: datenschutz@swisscom.com By post: AG, Dr. Nicolas Passadelis, LL.M., Data Protection Officer Swisscom AG and AG, P.O. Box, 3050 Bern AG 3/1

COMPREHENSIVE STATEMENT 1 Categories of personal data We process the following personal data concerning you: A copy of the relevant pages of the official photo identity document submitted by you with the information contained therein (in particular, gender, first names, last name, date of birth, valid date of identity card, nationality) Mobile phone number Other information and documents provided by you in the identity verification process (such as residential address, email address, Commercial Register extracts, powers of attorney or other documentary evidence concerning specific attributes) Informal name for simplification purposes (e.g. first name) Two-digit ISO 3166 country code Registration authority responsible for verification of identity Time of issuance of certificate Log files for the signing process (specifically includes business partner number, process number, process-related data) Hash value of the signed document Information which you have provided to us in enquiries If the identity verification process is conducted by video chat, the following additional data is captured and stored: Photograph of you from the video chat Photographs of the photo identity document submitted by you Audio recording of the video chat Technical information (e.g. IP address) of the end device used by you 2 Purposes of processing We process your personal data for the following purposes: Provision of the Certification Service: This includes in particular the creation of advanced and qualified digital certificates as well as the handling of the signing process and operation of our technical infrastructure in connection with the Certification Service, including the assessment and verification towards third parties of the authenticity of a certificate or a signature. Support services: This includes in particular responding to questions and concerns, technical support and the provision of general customer service. Compliance with the applicable legal requirements in connection with the Certification Service: As a provider of certification services, we are legally obligated to process certain of your personal data when performing the Certification Service, in particular pursuant to the Swiss Federal Act concerning certification services in the area of electronic signature and other applications of digital certificates ("ZertES"). AG 4/1

3 Legal basis In processing your personal data, Swisscom relies on the following legal bases. Processing purpose Data categories Legal basis for processing Provision of the Certification Service Support services Compliance with the applicable legal requirements in connection with the Certification Service All abovementioned data categories Information which you have provided to us in enquiries All abovementioned data categories Performance of contract Performance of contract Overriding legitimate interest in ensuring customer satisfaction and remaining competitive Compliance with a legal obligation (Swiss Electronic Signature Act, ZertES) 4 Categories of data recipients and cross-border processing 4.1 Categories of data recipients Third parties in the context of compliance with legal obligations: We may transfer your personal data to third parties if this appears necessary or reasonable to comply with, or verify compliance with, applicable laws and regulations and to answer enquiries from competent authorities. This particularly concerns stateaccredited conformity assessment bodies and the accreditation agency for certification services (KPMG AG) for auditing compliance of the Certification Service. Service providers (within and outside the Swisscom Group): We use service providers to provide the Certification Service. We currently are under contract with the company Intarsys AG, Kriegsstrasse 100 in 76133 Karlsruhe (Germany) as service provider, which in rare instances may view your certificate's data during troubleshooting. Business partner who made our Certification Service available to you: In the course of performing the Certification Service some of your personal data will be transferred to the business partner who made the Certification Service available to you. Our legal relationship with this business partner is governed by a separate agreement. 4.2 Cross-border processing We only transfer your personal data to recipients within the European Economic Area and Switzerland. The EU Commission acknowledged in a decision that Switzerland offers an adequate level of data protection. 5 Storage period and data erasure We store and process your personal data for as long as it is required for the purpose for which it was collected or is legally required or permitted. In any event we store your data described in section 1 for as long as you use the Certification Service. We are further obligated to retain various data concerning the identity verification process, the digital certificate and the signing process. In the case of advanced certificates this retention period, which derives from the certificate policies and internationally accepted technical standards, is a maximum of 13 years, and in the case of qualified certificates the retention period, which derives from ZertES, is a maximum of 17 years from the completion of your identity verification process. We will retain those of your personal data which might be required for defending us against any damages claims for 10 years from the completion of your identity verification process. Thereafter your personal data will be erased from our systems or anonymised so that you can no longer be identified. AG 5/1

6 Your rights 6.1 Access Based on privacy law, you have the following rights in relation to your personal data: You have the right to receive confirmation from us as to whether we are processing personal data concerning you and, if so, to request access to your personal data. This includes, in particular, information about the purpose of the processing, the categories of personal data and the recipients or categories of recipients to whom the personal data has been or is being made available. 6.2 Rectification You have the right to have your personal data processed by us rectified and/or completed. 6.3 Erasure You have the right to have your personal data erased, to the extent we are not required based on applicable laws and regulations to store your personal data, if: the personal data is no longer necessary for the purposes pursued; you have validly objected to the processing (see below in this regard) or it has been unlawfully processed. 6.4 Restriction of processing You may ask us to restrict the processing in the following cases: If you dispute the accuracy of the data, for the duration of our examination and subsequent rectification or refusal to rectify. If in the case of unlawful processing, you refuse erasure and wish instead to have the processing restricted. If after the purpose has been achieved, you request that the data not be erased but instead be continued to be retained for the purpose of asserting legal rights. The affected personal data shall be kept separately or marked for the duration of the restriction. Aside from storage, any further processing of this personal data shall only occur with your consent or for the purpose of asserting, exercising or defending legal claims or to protect the rights of another natural person or legal entity. 6.5 Data portability Subject to certain conditions you have the right to receive the personal data provided by you in a structured, commonly used and machine-readable format. You are entitled to have this personal data transferred, unimpeded, to another company to the extent this is technically possible. 6.6 Right to object You have the right, for reasons concerning your particular situation, to object at any time to our processing of your personal data and we can be requested to stop processing your personal data. If you have a right to object and exercise it, we will no longer process your personal data for such purposes. A right to object does not exist in particular if we have compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or if the processing is for the purpose of asserting, exercising or defending legal claims or is necessary for concluding and performing a contract. 6.7 Contact points You may assert your rights in connection with the processing of your personal data at the following contact points: By using the contact form: https://www.swisscom.ch/de/business/enterprise/formulare/kontakt.html AG 6/1

By telephone: 0800 724 724 or from outside Switzerland: +800 724 724 24 By post: AG, Contact Centre, 3050 Bern, Switzerland You can contact the data protection officer of Swisscom AG and AG as follows: By email: datenschutz@swisscom.com By post: AG, Dr. Nicolas Passadelis, LL.M., Data Protection Officer Swisscom AG and AG, P.O. Box, 3050 Bern Please reference the keyword "All-in Signing Service" in all cases. You also have the right to file a complaint with the competent supervisory authority, in particular in the EU/EEA member state of your usual place of residence or the location of the alleged breach, if you believe that the processing of your personal data violates applicable data privacy law. AG 7/1

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback