Data privacy policy for CARLAVIA Digital Signature and Transaction Platform

Version from: 03. 02. 2021​

This privacy policy (“Privacy Policy”) explains who we are, how we process (i.e. collect, record, organize, structure, store, adapt or alter, retrieve, consult, use, disclose by transmission, disseminate or otherwise make available, align or combinate, restrict, erase or destruct) Personal Data about Users, and how Users can exercise User’s privacy rights. We are CARLAVIA AG,  with its registered seat at Schindellegistrasse 73, 8808 Pfaffikon, Switzerland, ID. No.: CHE-402.814.412, registered in the Commercial Register of the Canton Schwyz (“we”, “our” or “us”),  the provider of digital document and transaction platform operated by us on the website/portal www.carlavia.com (“Website”), whereas any information provided on the Website is of informative and/or indicative nature only and should under no circumstances be considered as legal advice. This Privacy Policy applies to Personal Data that we collect and process through the Website.

By accessing and using the Website or otherwise providing us with User’s Personal Data, for example when contacting our customer service, Users confirm that Users have read and that Users understand the way we collect, process, use and disclose User’s Personal Data as described in this Privacy Policy. By accessing and using the Website, Users agree to be bound by this Privacy Policy and consent to our processing of information as specified therein.

This Privacy Policy applies to all visitors, users, and others who access the Website (“Users“).

For information collected under this Privacy Policy, we are the Data Controller. Our data protection officer may be contacted at [email protected].

With respect to the Users from Switzerland, we collect and process their Personal Data in accordance with Federal Act on Data Protection (“FDPA”).

With respect to the Users from European Economic Area (“EEA”), we collect and process their Personal Data in accordance with all applicable EU data protection laws and regulations, including, without limitation, the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 applicable as of 25 May 2018.

 

1. General

User’s Personal Data privacy and security is important to us and we always pay special attention to ensure that we process User’s information lawfully in accordance with one of the legal bases set out under the EU data protection laws and regulations that apply to the Users. We store User’s information for as long as needed in order to fulfill the purposes outlined in this Privacy Policy. We may store information longer, but only in a way that it cannot be tracked back to Users. In order to provide the Users with the best possible services through the Website, we may share some Personal Data of the Users with the companies directly or indirectly affiliated with us. We do not share the Personal Data and/or any other information about the Users with any other third parties. We may transfer the Personal Data of Users outside of the EEA. Please check regularly for changes to this Privacy Policy.

The Website may, from time to time, contain links to and from third party websites, including those of other users, our partner networks, advertisers, partner merchants, news publications, retailers and affiliates. If Users follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their privacy policies. Please check the individual privacy policies before Users submit any information to those websites and/or applications.

 

2. Definitions

Personal Data: Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

Usage Data: Information collected automatically through the Website (or third-party services employed in the Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use the Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Website) and the details about the path followed within the Website with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.

Data Subject: The natural person to whom the Personal Data refers.

Data Processor: The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of the Website.

Service: The service provided by the Website as described in the relative terms (if available) and on the Website.

Cookies: Small sets of data stored in the User’s device.

 

3. Data we collect about the users

Among the types of Personal Data that the Website collects, by itself or through third parties (e.g. from Twitter and/or hive.one), there are: email address; Cookies; Usage Data; username; country; first name; various types of Personal Data; profession; picture; city.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this Privacy Policy or by specific explanation texts displayed prior to the Personal Data collection.

We do not request or intend to collect any “special categories of Personal Data” such as Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Users should be cautious when sharing this information about themselves (or others).

Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using the Website.

Unless specified otherwise, all Personal Data requested by the Website is mandatory and failure to provide this Personal Data may make it impossible for the Website to provide its services. In cases where the Website specifically states that some Personal Data is not mandatory, Users are free not to communicate this Personal Data without consequences to the availability or the functioning of the Service.

Users who are uncertain about which Personal Data is mandatory are welcome to contact us.

Any use of Cookies – or of other tracking tools – by the Website or by the owners of third-party services used by the Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy.

Users are responsible for any third-party Personal Data obtained, published or shared through the Website and confirm that they have the third party’s consent to provide the Personal Data to us.

Certain features of the Website may ask the User to provide Personal Data voluntarily.

In this respect we collect and process:

  • Personal Data that Users provide when Users interact with the Website functionalities, for example, when the User subscribes to the Website. This Personal Data may include:

    • User’s name, email address;

    • any data and information Users submit through the Website;

    • any information Users submit to our support team via e-mail;

 

4. Cookies

The Website uses Cookies. Cookies are text files that are stored in the Internet browser or on the Internet browser on the computer system. When the Website is called, a cookie can be stored on the operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the Website is reopened. However, this does not mean that we are immediately aware of User’s identity.

The use of Cookies serves to make the use of our offer more pleasant for the Users. For example, we use so-called session Cookies to recognize that Users have already visited individual pages on the Website. These are automatically deleted after leaving the Website.

Cookies are stored on the computer of the User and transmitted by this computer on our side. Therefore, the Users have full control over the use of Cookies. By changing the settings in User’s internet browser, the User can disable or restrict the transmission of Cookies. Already saved Cookies can be deleted at any time. This can also be done automatically. If Cookies are disabled for the Website, it may not be possible to use all the features of the Website to the full extent.

To learn more and for a detailed Cookies notice, the User may review our Cookies Policy.

 

5. Recipients of personal data

Personal Data collected through our Website, and as part of our customer service are stored on the secured servers.

In general only the Website administrator may access User’s Personal Data stored on the secured servers.

For purposes of providing the Users with high quality services through our Website, we may transmit the necessary data to the companies that are directly or indirectly affiliated with us and who may process the Personal Data of the Users on our behalf. These affiliated companies are contractually obligated to treat User’s Personal Data confidentially and to use them exclusively for purposes of improving the services provided through the Website, as applicable. We do not disclose the Personal Data of the Users to any other third parties. However, in the case of the disclosure of User’s Personal Data to any such third parties, the scope of the Personal Data transmitted is limited to the minimum required.

Furthermore, unless this Privacy Policy specifies otherwise, we will only disclose User’s Personal Data to third parties if we are authorized or obligated to do this based on legal provisions or official or court orders or if Users have given us User’s express consent to do so.

 

6. Methods of processing the personal data

We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Personal Data.

The Personal Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to us, in some cases, the Personal Data may be accessible to certain types of persons in charge, involved with the operation of the Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by us. The updated list of these parties may be requested from us at any time.

 

7. Purposes of personal data processing

We use the information we collect about the Users to deliver our services to the Users through the Website and to operate our business. We use it also for improving our services, for enhancing security and for analytics and research purposes to make sure we provide the Users with the best experience. In addition, we use the information about the Users to promote our services, as well as for tracking and fraud prevention and for complying with our legal obligations.

We collect and process User’s Personal Data for the following purposes:

  1. Delivering and improving our Service. We use User’s information for developing, delivering and improving our services through the Website, other content, tailoring our Service, understanding and analyzing trends in connection with usage of our Service through the Website, and administering the Website.

  2. Analytics and research. We use User’s Personal Data for understanding and analyzing trends in connection with the usage of our services through the Website, gathering demographic information about our Users base. We may also create reports and analysis for the purposes of research or business intelligence, for example to track potential problems or trends with the Website, or to test the Website features and content.

  3. We use User’s Personal Data for enhancing the safety and security of our services through the Website.

  4. Customer Support. We use User’s Personal Data for providing customer support to Users and to respond to User’s inquiries.

  5. Our legal obligations. We use User’s Personal Data when we are required to do so by law, for example, we use User’s country or region for tax reporting purposes.

 

8. Elements controlled by third parties and who is responsible and liable for such elements?

The Website may contain links to other websites, as well as objects or elements controlled by third parties.

An example are plug-ins that may connect our Website to social networks like Twitter or hive.one (“Social Plug-ins”) and that are usually identified by the relevant social network’s/ other portal’s logo. If Users interact with a Social Plug-ins on our Website, User’s browser may send such social network certain data relating to Users, such as User’s user ID, information on the Website, date and time, and other browser-related information. Such information will be processed by the social networks, owned and operated by third parties, according to their privacy policies.

We do not have access nor control over elements, objects, plug-ins, Cookies, web beacon and other items or tracking technologies owned and operated by third parties, available on our Website or on the relevant third party websites, which users may access on or from the Website, and over the relevant methods of processing of Personal Data through such elements or sites.  We disclaim any responsibility for such websites. Users should check the privacy policy of third party websites and elements accessed from the Website to learn about the conditions applicable to the processing of Personal Data since this Privacy Policy applies only to the Website.

 

9. Website analysis

The Website uses Google Analytics, a web analysis service of Google Inc. (“Google”).

Google Analytics uses “Cookies”, text files that are stored on User’s computer and make it possible to analyze User’s use of the Website. The information generated by the cookie regarding User’s use of this Website is normally transferred to one of Google’s servers in the USA and stored there. IP anonymization has been activated on the Website, so the IP address of users will be abbreviated beforehand by Google within Member States of the European Union or in other States party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to one of Google’s servers in the USA and abbreviated there. Google will utilize this information on behalf of the operator of the Website to analyze the use of the Website, compile reports on the Website activity and to provide its operator with additional services related to the use of the Website and of the Internet. The IP address transmitted by User’s browser in connection with Google Analytics will not be combined with other Google data. Users can find additional information about data protection at Google here. Users can prevent the storage of Cookies by configuring User’s browser software appropriately; however, please note that, if Users do this, Users may not be able to use all of the Website’s features to the fullest extent.

Users can also prevent the data generated by the cookie regarding User’s use of the Website (including User’s IP address) from being recorded and transferred to Google and from being processed by Google by downloading and installing the designated browser plugin.

 

10. User’s rights

As an individual whose Personal Data is processed as described in this Privacy Policy, Users have a number of rights which are summarized below. Please note that exercising these rights is subject to certain requirements and conditions as set forth in applicable laws and regulations.

Users can exercise these rights at any time by following the instructions below or sending us relevant  requests to [email protected].

User’s rights include:

Right of access

Users have the right to obtain confirmation from us as to whether or not Personal Data that concerns Users is processed, and, if so, to request access to such Personal Data including, without limitation, the categories of Personal Data concerned, the purposes of the processing and the recipients or categories of recipients. However, we do have to take into account the rights and freedoms of others, so this is not an absolute right. If Users request more than one copy of the Personal Data undergoing processing, we may charge a reasonable fee based on administrative costs.

Right to rectification

Users have the right to request from us the rectification of inaccurate Personal Data concerning Users. Depending on the purposes of the processing, Users also have the right to request that incomplete Personal Data be completed, including by means of providing a supplementary statement.

Right to erasure (‘right to be forgotten’)

Users have the right to request from us the erasure of Personal Data concerning Users in certain circumstances as defined under applicable law. When User’s request falls within one of those circumstances, we will erase User’s Personal Data without undue delay. If, for technical and organizational reasons, we were not able to erase User’s Personal Data, we will ensure that it is fully and irreversibly anonymized so that we will not longer be holding such Personal Data about Users.

Right to restriction of processing

In certain circumstances as defined under applicable law, Users have the right to request the restriction of processing of User’s Personal Data. In such case, User’s Personal Data shall, with the exception of storage, only be processed with User’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

Right to data portability

In certain circumstances as defined under applicable law, Users have the right to receive the Personal Data concerning Users, which Users have provided to us, in a structured, commonly used and machine-readable format and Users may have the right to transmit that data to another controller or to have such Personal Data transmitted directly from us to another controller, where technically feasible.

Right to object

In certain circumstances as defined under applicable law, Users have the right to object, on grounds relating to User’s particular situation, at any time to the processing of User’s Personal Data by us and we can be required to no longer process User’s Personal Data unless we demonstrate compelling legitimate grounds for the processing which override User’s interests, rights and freedoms or for the establishment, exercise or defense of legal claims.  This notably applies in case of processing of User’s Personal Data based on our legitimate interests or for statistical purposes.

Right to object to direct marketing

Where User’s Personal Data are processed for direct marketing purposes, Users have the right to object at any time to processing for such direct marketing (including profiling related to such direct marketing).

Right not to be subject to a decision based solely on automated processing,

Subject to certain restrictions, Users have the right not to be subject to a decision based solely on automated processed, including profiling, which produces legal effects on Users similarly significantly affects Users.

Right to withdraw consent

If Users have declared User’s consent for any Personal Data processing activities as described in this Privacy Policy, Users can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to withdrawal of the consent.

If Users wish to access such Personal Data or exercise any of the rights listed above, Users should apply in writing, providing evidence of User’s identity to [email protected].

Any communication from us in relation to User’s rights as detailed above will be provided free of charge. However, in case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request.

In case Users have a complaint about the processing of User’s Personal Data, Users have the right to lodge a complaint with a competent supervisory authority.

Details about the right to object to processing of Personal Data

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether we are processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this Privacy Policy.

 

11. Legal basis

We will collect and process User’s Personal Data for the purposes described in the Section “Purposes of Personal Data processing” of this Privacy Policy on one of the following legal basis:

  • Contractual Necessity. This covers information that is processed by us in order to provide the User with the Service that the User has requested – and that we have agreed – to provide to the User, that is to deliver and improve the Service, to provide customer support, to deliver special features on the Website, to deliver content of the on-Website purchases the User may make.

  • Legitimate Interests. This covers information that is processed by us for the purposes that can be reasonably expected within the context of User’s use of our services through the Website to pursue our legitimate interests in order to ensure Users have the best experience when using the Website, to make sure User’s information is secure and to provide to Users the features of the Website. We pay special attention to User’s data protection rights making sure that User’s data protection rights are not overridden by our legitimate interests. We rely on our legitimate interests and/or the legitimate interests of our affiliates for data processing for analytics, tracking and fraud prevention, push-notifications, cross-promotion, and contextual advertising purposes.

  • Consent. Where we ask for User’s consent to use User’s data for a particular purpose, we will make this clear at the point of collection and we will also make clear how Users can withdraw User’s consent. We will ask for Users consent before sharing any information with our advertising partners for the purposes of personalized advertising and before conducting any surveys.

  • Legal Obligation. This covers information that is processed by us to comply with a legal obligation, for instance, is to maintain records for tax purposes.

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

 

12. Direct marketing

We may from time to time process User’s Personal Data to send Users marketing emails about our services that we provide through the Website. In this case User’s prior consent is required. These emails may contain features that help us make sure Users received and were able to open the message. Furthermore, these emails may contain features to identify Users when Users click through a marketing email to visit the Website.

Users may opt out of receiving marketing emails at any time, free of charge, by following the instructions in any marketing communication. Furthermore, Users may select the frequency at which Users receive marketing emails or unsubscribe if Users no longer wish to receive marketing emails by visiting the unsubscribe page, or via e-mail sent to our contact service e-mail address [email protected].

 

13. Security

We have implemented appropriate technical and organizational measures to protect the confidentiality, security and integrity of the collected information, and to prevent unauthorized access and the use of information contrary to this Privacy Policy. We use commercially reasonable efforts to assure that User’s information remains secure when maintained by us.

 

14. Place of processing and international transfer of the personal data

The Personal Data is processed at our operating offices and in any other places where the parties involved in the Personal Data processing are located.

User’s Personal Data may be transferred to and processed in countries other than the country in which Users are resident. These countries may have data protection laws that are different to the laws of User’s country.

This means that when we collect User’s Personal Data, we may process it in other countries. However, we ensure appropriate safeguards are in place so that User’s Personal Data will remain protected in accordance with this Privacy Policy. These include implementing the European Commission’s Standard Contractual Clauses for transfers of Personal Data between us and third party service providers and partners, which require us to protect Personal Data they process from the European Economic Area in accordance with the applicable EU data protection laws and regulations. It also includes transferring Personal Data to third party service providers and partners which are certified under the EU-US Privacy Shield.

 

15. Retention

User’s Personal Data are not kept by us for longer than the time necessary to achieve the specific data processing purposes described herein, unless shorter or longer retention periods apply under the applicable EU data protection laws and regulations.

We may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, we may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

 

16. Children’s privacy

Our Service does not intentionally address the persons under the age of 18 (“Children”). When we collect Personal Data, we do not know the age of the Users. We do not knowingly collect personally identifiable Personal Data from Children. If the Users are a parent or guarding of Children and they become aware that their Children have provided us with his or her Personal Data, without their consent, we kindly ask such Users to contact us immediately. If we become aware that we have collected Personal Data from Children without verification of parental consent, we will take steps to remove any such Personal Data about such (Children)Users from our servers and terminate any account that any Children has created within the Website.

 

17. Further information and changes to this privacy policy

In addition to the information contained in this Privacy Policy, the Website may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

For operation and maintenance purposes, the Website and any third-party services may collect files that record interaction with the Website (System logs) use other Personal Data (such as the IP Address) for this purpose.

We will occasionally update this Privacy Policy as necessary to protect our users, furnish current information, and respond to legal and technical changes. The most current version of the Privacy Policy will govern our use of User’s information and will be available at www.carlavia.com/privacy-policy.

For previous versions of this Privacy Policy, please contact us at [email protected].

 

18. Contact us

If Users have questions or concerns about this Privacy Policy, please contact us through one of the following ways:

  1. for privacy questions and exercising User’s rights at [email protected].

  2. if Users are the User from EEA and Users have a concern or compliance regarding our treatment of User’s Personal Data Users can contact the relevant data protection authority. Users can find contact details of data protection authority at https://edpb.europa.eu/about-edpb/board/members_en.  For more information on which authority to contact, please email us at [email protected].

  3. for general information, please feel free to contact us via e-mail sent to our contact service e-mail address [email protected].