Privacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria

Similar documents
Privacy Statement for Use of the Certification Service of Swisscom (sales name: "All-in Signing Service")

Privacy Policy Hafliger Films SpA

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

Online Ad-hoc Privacy Notice

Data Subject Access Request Form

Privacy Policy CARGOWAYS Logistik & Transport GmbH

1 About GfK and the Survey What are personal data? Use of personal data How we share personal data... 3

Contract Services Europe

PRIVACY POLICY FOR THE LIDC 2018 INTERNATIONAL CONGRESS

INFORMATION NOTE ON DATA PROCESSING

PRIVACY POLICY FOR WEB AND ONLINE TRADING PLATFORM

PRIVACY POLICY PRIVACY POLICY

the processing of personal data relating to him or her.

Privacy Policy. In this data protection declaration, we use, inter alia, the following terms:

DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018

1. Right of access. Last Approval Date: May 2018

Part B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information

Latest version, please translate and adapt accordingly!

Data protection declaration

Element Finance Solutions Ltd Data Protection Policy

GDPR Privacy Policy. The data protection policy of AlphaMed Press is based on the terms found in the GDPR.

Privacy Policy Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH 1. Definitions

Privacy Policy of

I. Name and Address of the Controller

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

Data Processing Policy

SCALA FUND ADVISORY PRIVACY POLICY

Data subject ( Customer or Data subject ): individual to whom personal data relates.

This Privacy Statement applies to data processing carried out by:

The legal basis for the data collection described above is user s consent in accordance with Article 6(1)(1)(a) of the GDPR.

Privacy Policy Identity Games

Data Protection Declaration of ProCredit Holding AG & Co. KGaA

Creative Funding Solutions Limited Data Protection Policy

Sketching for UX Designers Website & Newsletter Privacy Policy

I. Name and Address of the Controller

CEM Benchmarking Privacy Policy

Haaga-Helia University of Applied Sciences Privacy Notice for JUSTUS publication data storage service

Integrity Notice. Fjärde AP-fonden (AP4)

PRIVACY POLICY. 1. Introduction

Haaga-Helia University of Applied Sciences Privacy Notice for Urkund Plagiarism Detection Software

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Our Privacy Statement

PRIVACY POLICY. What personal data we collect and why we collect it IN ORDER TO: (Date of last update: 1 st January 2019)

In this data protection declaration, we use, inter alia, the following terms:

VISTRA ZURICH AG - PRIVACY NOTICE

PRIVACY NOTICE 1. Introduction

Platform Privacy Policy (Tier 2)

Tampere University of Technology Privacy Policy 1 (5) 18/06/2018

Depending on the Services or information you request from us, we may ask you to provide the following personal information:

2. Which personal data is processed by SF Studios and from which source does the personal data originate?

Bend Mailing Services, LLC, dba BMS Technologies ( us, we, or our ) operates the website (the Service ).

PRINCIPLES OF PROTECTION OF PERSONAL DATA (GDPR) WITH EFFICIENCY FROM

PRIVACY NOTICE Olenex Sarl

Haaga-Helia University of Applied Sciences Privacy Notice for the Laura Recruitment Service

SAFE-BioPharma RAS Privacy Policy

NEWSLETTER DATA PROTECTION NOTICE. AImotive Ltd.

PRIVACY POLICY OF THE WEB SITE

Rights of Individuals under the General Data Protection Regulation

Synchronoss Website Privacy Statement

Data Protection Policy

Privacy Notice. 1. Name and contact details of the data controller

SURGICAL REVIEW CORPORATION Privacy Policy

In this data protection declaration, we use, inter alia, the following terms:

Identity of the controller: CHARVAT CTS a.s., ID No.: , with the registered office at Okrinek 53, Podebrady, Czech Republic, Postcode

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR).

GDPR effects on Gift Aid. Presented by Keren Caird Business Development Gift Aid Manager Sue Ryder

What You Need to Know About Addressing GDPR Data Subject Rights in Pivot

This privacy policy describes how Stockholm Design Lab Aktiebolag ( SDL ) processes personal data regarding our clients contact persons.

RECRUITMENT DATA PROTECTION NOTICE. AImotive Ltd.

NIPPON VALUE INVESTORS DATA PROTECTION POLICY

Information leaflet about processing of personal data (

Privacy Policy Section A Section B Section C Section D

Vistra International Expansion Limited PRIVACY NOTICE

Privacy Policy November 30th, 2017

UWTSD Group Data Protection Policy

GDPR Compliant. Privacy Policy. Updated 24/05/2018

I domobile PRIVACY POLICY Version The privacy of all of our Users is very important to us. When you, as an App-user, use the Service

More detailed information, including the information about your rights is available below.

CD STRENGTH LLC. A MASSACHUSETTS, USA BASED COMPANY

INFORMATIVE NOTICE ON PERSONAL DATA PROCESSING

Privacy Notice - Stora Enso s Supplier and Stakeholder Register. 1 Purpose

Privacy Policy. 1. Definitions

Haaga-Helia University of Applied Sciences Privacy Notice for Student Administration

Data Privacy Policy. of Eisenmann Übersetzungsteam - Suzanne Eisenmann - translation team

PRIVACY POLICY. Personal Information We Collect

Privacy Notice for Business Partners

You can find a brief summary of this Privacy Policy in the chart below.

Emergency Nurses Association Privacy Policy

Haaga-Helia University of Applied Sciences Privacy Notice for Student Welfare Services

Website Privacy Policy

In compliance with the requirements of the EU General Data Protection Regulation (GDPR, Articles 13, 14 and 30)

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Islam21c.com Data Protection and Privacy Policy

Request for information according to article 15 GDPR about personal data processed by Volkswagen AG

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018

WEBSITE PRIVACY POLICY

A. Sample Data Protection Statement in Accordance with the GDPR

Information you give us when you sign up to the World Merit Hub. In addition, when you sign up to the World Merit Hub, we will usually ask for:

BIOEVENTS PRIVACY POLICY

Data Subject Requests Procedure

Transcription:

Privacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria

General Privacy is a matter of trust, and your trust is important to us. Handling personal data in a responsible and legally compliant manner is a top priority for Swisscom IT Services Finance S.E., Modecenterstrasse 17/Unit 2, 1110 Vienna, Austria ("we", "us" or "Swisscom ITSF"). This Privacy Statement ("Statement") describes how we process your personal data. Applicability This Statement applies to the processing of personal data in connection with the provision of the Trust Service of Swisscom ITSF with advanced and qualified certificates for advanced and qualified electronic signatures ("Trust Service"). In addition to this Statement, the Terms and Conditions of Use for the Use of the Trust Service ("Terms and Conditions of Use") shall apply. Categories of personal data In connection with your use of our Trust Service, we process various categories of personal data concerning you as the identified person participating in the signature process. This is data such as: identification document data, mobile phone number, home address and technical information (e.g. IP address), Further information regarding the categories of personal data processed by us can be found in section 1 of the comprehensive Statement set forth below. Generally, there is no legal or contractual obligation to disclose personal data. However, we will have to collect and process personal data which is necessary for the initiation and processing of the Trust Service. Otherwise you will not be able to use our Trust Service. Purposes of processing We process your personal data for purposes such as: provision of the Trust Service and compliance with the applicable legal requirements in connection with the Trust Service. Further details regarding the processing purposes can be found in section 2 of the comprehensive Statement set forth below. Legal basis for processing The processing of personal data requires a legal basis under the General Data Protection Regulation ("GDPR"). The processing of your personal data generally relies on one or more of the following legal bases: The processing is necessary for (a) performing a contract with you or processing your request for a contract (Art. 6 (1) (b) GDPR; "performance of contract"), (b) complying with a legal obligation (Art. 6 (1) (c) GDPR; "legal obligation") or (c) safeguarding an overriding legitimate interest (Art. 6 (1) (f) GDPR; "overriding legitimate interest"). Further details regarding the legal bases for our processing can be found in section 3 of the comprehensive Statement set forth below. Categories of recipients and cross-border processing We can make your data available to the following recipients subject to compliance with applicable legal requirements: supervisory authorities, accredited conformity assessment bodies service providers and the business partner who made our Trust Service available to you. 2/1

Further details regarding the transfer of personal data to third parties can be found in section 4 of the comprehensive Statement set forth below. Storage period and data erasure Your personal data is stored at least until the purpose for processing has been achieved and is thereafter erased or anonymised. Further information regarding the storage period and the erasure of data can be found in section 5 of comprehensive Statement set forth below. Your rights You have a number of rights in relation to the processing of your personal data subject to the conditions under applicable law, such as, for example, the rights to access, rectification or erasure. Further information regarding your rights can be found in section 6 of the comprehensive Statement set forth below. Amendments This Statement is not part of the Terms and Condition of Use. We reserve the right to amend and supplement all constituent parts of this Statement at any time at our absolute discretion. We shall give you adequate notice of these changes in accordance with applicable law. Contact If you have any questions or concerns, you can contact us as follows By telephone: +43 720 82 89 89 By post: Swisscom IT Services Finance S.E., PKI Dienstleistungen [Services], Modecenterstrasse 17/Unit 2, 1110 Vienna, Austria By email: eidas.vertrauensdienste@swisscom.com You can contact the data protection officer of Swisscom AG, Swisscom IT Services Finance S.E. and as follows: By email: datenschutz@swisscom.com By post:, Dr. Nicolas Passadelis, LL.M., Data Protection Officer Swisscom AG and, P.O. Box, 3050 Bern Please reference the keyword "All-in Signing Service" in all cases. 3/1

COMPREHENSIVE STATEMENT 1 Categories of personal data We process the following personal data concerning you: A copy of the relevant pages of the official photo identity document submitted by you with the information contained therein (in particular, gender, first names, last name, date of birth, valid date of identity card, nationality) Mobile phone number Other information and documents provided by you in the identity verification process (such as residential address, email address, Commercial Register extracts, powers of attorney or other documentary evidence concerning specific attributes) Informal name for simplification purposes (e.g. first name) Two-digit ISO 3166 country code Registration authority responsible for verification of identity Time of issuance of certificate Log files for the signing process (specifically includes business partner number, process number, process-related data) Hash value of the signed document Information which you have provided to us in enquiries 2 Purposes of processing We process your personal data for the following purposes: Provision of the Trust Service: This includes in particular the creation of advanced and qualified digital certificates as well as the handling of the signing process and operation of our technical infrastructure in connection with the Trust Service, including the assessment and verification towards third parties of the authenticity of a certificate or a signature. Support services: This includes in particular responding to questions and concerns, technical support and the provision of general customer service. Compliance with the applicable legal requirements in connection with the Trust Service: As a provider of trust services, we are legally obligated to process certain of your personal data when performing the Trust Service, in particular according to the EU Regulation on electronic identification and trust services for electronic transactions ("eidas Regulation") as well as the Austrian Signature and Trust Services Act (Signatur- und Vertrauensdienstegesetz, "SVG"). 4/1

3 Legal basis In processing your personal data, Swisscom ITSF relies on the following legal bases. Processing purpose Data categories Legal basis for processing Provision of Trust Service Support services Compliance with the applicable legal requirements in connection with the Trust Service All abovementioned data categories Information which you have provided to us in enquiries All abovementioned data categories Performance of contract Performance of contract Overriding legitimate interest in ensuring customer satisfaction and remaining competitive Compliance with a legal obligation (eidas Regulation and SVG) 4 Categories of data recipients and cross-border processing 4.1 Categories of data recipients Third parties in the context of compliance with legal obligations: We may transfer your personal data to third parties if this appears necessary or reasonable to comply with, or verify compliance with, applicable laws and regulations and to answer enquiries from competent authorities This particularly concerns stateaccredited conformity assessment bodies and the supervisory body for trust services (the Telecom Control Commission, which uses RTR-GmbH to perform this task) for auditing compliance of the Trust Service. Service providers (within and outside the Swisscom Group): We use service providers to provide the Trust Service, such as in particular, Alte Tiefenaustrasse 6, CH-3050 Bern, which operates the IT systems to provide the Trust Service. Further, we currently are under contract with the company Intarsys AG, Kriegsstrasse 100 in 76133 Karlsruhe (Germany) as service provider, which in rare instances may view your certificate's data during troubleshooting. Business partner who made our Trust Service available to you: In the course of performing the Trust Service some of your personal data will be transferred to the business partner who made the Trust Service available to you. Our legal relationship with this business partner is governed by a separate agreement. 4.2 Cross-border processing in countries outside the EEA (third countries) We only transfer your personal data to recipients within the European Economic Area and Switzerland. The EU Commission acknowledged in a decision that Switzerland offers an adequate level of data protection. 5 Storage period and data erasure We store and process your personal data for as long as it is required for the purpose for which it was collected or is legally required or permitted. In any event we store your data described in section 1 for as long as you use the Trust Service. We are further obligated by law to retain various data concerning the identity verification process, the digital certificate and the signing process. In the case of advanced certificates this retention period is a maximum of 13 years and in the case of qualified certificates a maximum of 36 years from the completion of your identity verification process. We will retain those of your personal data which might be required for defending us against any damages claims for 30 years from the completion of your identity verification process. Thereafter your personal data will be erased from our systems or anonymised so that you can no longer be identified. 5/1

6 Your rights 6.1 Access Based on the GDPR, you have the following rights in relation to your personal data: You have the right to receive confirmation from us as to whether we are processing personal data concerning you and, if so, to request access to your personal data. This includes, in particular, information about about the purpose of the processing, the categories of personal data and the recipients or categories of recipients to whom the personal data has been or is being made available. 6.2 Rectification You have the right to have your personal data processed by us rectified and/or completed. 6.3 Erasure You have the right to have your personal data erased, to the extent we are not required based on applicable laws and regulations to store your personal data, if: the personal data is no longer necessary for the purposes pursued; you have validly objected to the processing (see below in this regard) or it has been unlawfully processed. 6.4 Restriction of processing You may ask us to restrict the processing in the following cases: If you dispute the accuracy of the data, for the duration of our examination and subsequent rectification or refusal to rectify. If in the case of unlawful processing, you refuse erasure and wish instead to have the processing restricted. If after the purpose has been achieved, you request that the data not be erased but instead be continued to be retained for the purpose of asserting legal rights. The affected personal data shall be kept separately or marked for the duration of the restriction. Aside from storage, any further processing of this personal data shall only occur with your consent or for the purpose of asserting, exercising or defending legal claims or to protect the rights of another natural person or legal entity. 6.5 Data portability Subject to certain conditions you have the right to receive the personal data provided by you in a structured, commonly used and machine-readable format. You are entitled to have this personal data transferred, unimpeded, to another company to the extent this is technically possible. 6.6 Right to object You have the right, for reasons concerning your particular situation, to object at any time to our processing of your personal data and we can be requested to stop processing your personal data. If you have a right to object and exercise it, we will no longer process your personal data for such purposes. A right to object does not exist in particular if we have compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or if the processing is for the purpose of asserting, exercising or defending legal claims or is necessary for concluding and performing a contract. 6/1

6.7 Contact points You may assert your rights in connection with the processing of your personal data at the following contact points: By telephone: +43 720 82 89 89 By post: Swisscom IT Services Finance S.E., PKI Dienstleistungen [Services], Modecenterstrasse 17/Unit 2, 1110 Vienna, Austria By email: eidas.vertrauensdienste@swisscom.com You can contact the data protection officer of Swisscom AG, Swisscom IT Services Finance S.E. and as follows: By email: datenschutz@swisscom.com By post:, Dr. Nicolas Passadelis, LL.M., Data Protection Officer Swisscom AG and, P.O. Box, 3050 Bern Please reference the keyword "All-in Signing Service" in all cases. You also have the right to file a complaint with the competent supervisory authority, in particular in the member state of your usual place of residence or the location of the alleged breach, if you believe that the processing of your personal data violates the GDPR. 7/1

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback