Privacy Policy

Version 2.0 last checked in March 2024

We take your privacy very seriously and process your data in compliance with the respective applicable statutory data privacy requirements. We commit to protecting the personal data of the visitors of our website. Personal data, within the meaning of this document, refers to any information related to an identifiable person, such as name, address, email addresses, internet protocol addresses, and user behavior.

When recording your personal data, it is our utmost desire to offer you safe, uncomplicated, efficient service wholly customized to your needs. In the following privacy policy, we inform you about processing of your personal data by us. Furthermore, we provide you with an overview of your data protection rights. Which data are processed in detail and how they are used is essentially according to the services used, requested or agreed.

1. Controller and Data Protection Officer

(1) The controller in accordance with Article 4(7) General Data Protection Regulation (GDPR) or service provider in accordance with § 13 Telemedia Act (Telemediengesetz; TMG) is:

DSwiss AG
Privacy Department
Badenerstrasse 329
CH-8003 Zurich
Switzerland

(2) You can contact the data protection officer at:

DSwiss AG
Antonio Mecci
Privacy Department
Badenerstrasse 329
CH-8003 Zurich
Switzerland

E-mail: privacy@dswiss.com

2. Source of Personal Data

We process personal data that we obtain from you in the scope of creation of your SecureSafe account, your visit to our website, within the context of your contact with us by email or via a contact form.

3. Categories of Personal Data That Are Processed

(1) If you visit or use our website purely for information purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

  • Your Internet Protocol address,
  • Date, time and duration of your visit,
  • Content of the request (specific page),
  • Access status/http status code,
  • The amount of data transferred in each case,
  • Website from which the request originates,
  • Your browser,
  • Your operating system.

These data serve internal statistical purposes only.

(2) In addition to the above data, transient and persistent cookies will be stored on your computer when you use our website. Cookies are small text files that are stored on your hard disc associated with the browser you use and through which the party that sets the cookie will receive certain information. Cookies cannot execute any programs or transfer any viruses to your computer. They serve to make the internet offer as a whole more user-compatible and effective.

(3) Most browsers are set so that they accept cookies. You can, however, deactivate the recording of cookies in your browser at any time or set your browser so that you will be informed as soon as cookies are sent. However, please note that you may not be able to use all functions of this website then.

(4) This stored information will be stored separately from any other data that may have been indicated to us. In particular, the data from the cookies will not be combined with any other data from you.

4. Further Functions and Offers of our Website

(1) In addition to the purely informational use of our website, we offer various services that you may use if you are interested in them. For this, you usually need to indicate further personal data that we need to render the respective service.

(2) If you contact us by email or via a contact form, the data provided by you (your email address and, where applicable, your first and last name and your phone number) shall be stored by us in order to respond to your query.

(3) If you contact us via our offer or sales contact form, we will collect your first and last name, the name and address of the company you work for, your email address and your phone number.

(4) When you contact us via our support contact form, we will collect your email address and your SecureSafe user name.

(5) If clients acquire our service for a project group, we will collect the following data within the context of the ordering process: the Team-Safe name, the nickname, the user name and an email address. If clients additionally request a free offer for our services for their company, we will collect the following personal data: Your name, your first name, the name of the company for which the offer is to be collected, the address as well as the email address and phone number.

(6) If you are an existing customer of ours, we will process your email address in order to send you information regarding updates for our products and services, along with preferential offers. In order to do so, we will pass the above data on to our technical service provider Emarsys eMarketing Systems AG, Märzstrasse 1, A-1150 Vienna.

(7) We will erase these personal data arising in this context after storage is no longer necessary, or we shall restrict processing if there are any legal archiving obligations.

5 Google Analytics 4 with IP Anonymization

(1) This website uses Google Analytics 4 with IP anonymization, a web analysis service of Google Inc ("Google"). Google Analytics 4 uses "cookies". The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating IP anonymization on this website, your Internet protocol address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

(2) The Internet Protocol address transmitted by your browser as part of Google Analytics 4 will not be merged with other Google data.

(3) You can prevent the collection of data generated by the cookie and related to your use of the website (including your Internet protocol address) and the processing of this personal data by Google by using the cookie settings of your browser by downloading and installing the browser plug-in available at the following link: google.com.

(4) We would like to point out that on this website Google Analytics 4 has been extended by the code "ga('set', 'anonymizeIp',true);" in order to ensure anonymized collection of Internet protocol addresses (IP masking). This means that the internet protocol addresses are further processed in abbreviated form.

(5) We use Google Analytics 4 to analyze the use of our website and to improve it regularly. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield.

(6) This website uses Google Tag Manager. We use Google Tag Manager to implement and manage tags on this website. This means that the Tag Manager does not record any cookies or personal data. However, it can trigger tags that can record data. Google Tag Manager does not have access to such personal data. The deactivation at domain or cookie level still applies to all tracking tags implemented with Google Tag Manager.

(7) Information about the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353(1) 436 1001. Terms of use: google.com; overview of data protection: google.com and the privacy policy: google.com.

6. Integration of Google reCAPTCHA

(1) Our website uses the reCAPTCHA service by Google to protect your requests via an online form. The query serves to distinguish whether the input is made by a person or abusively by automated machine-based processing (e.g. by bots). The query includes sending of the internet protocol address and any further data needed by Google for the service to Google. For this purpose, your input will be transmitted to Google and used further there.

(2) By using reCAPTCHA, you agree that the recognition provided by you will be used for the digitalization of old works. Due to activation of IP anonymization by us on this website, your internet protocol address will be abbreviated first by Google within member states of the European Union or in other contracting states of the convention on the European Economic area. Only in exceptional circumstances will your full internet protocol address be transmitted to a server of Google and abbreviated there. On behalf of the operator of this website, Google shall use this information in order to evaluate your use of this service. The internet protocol address transmitted by your browser within the context of reCAPTCHA will not be combined with any other data of Google. These data are subject to the deviating provisions on data protection of Google Inc. For more information on the data protection directives of Google, see: google.com.

7. Integration of YouTube videos

(1) We have integrated YouTube videos into our online offer that are stored on YouTube.com and that can be played directly from our website. All of these are integrated in the "expanded data protection mode", i.e. so that no data concerning you as user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data named in paragraph 2 be transmitted. We cannot influence this data transmission.

(2) By your visit to the website, YouTube will be informed that you have called up the corresponding sub-page of our website. The data described in section 3 will also be transmitted. This is done no matter if YouTube provides a user account through which you are logged in or whether you have no user account. If you are logged in to Google, your data will be associated with your account directly. If you do not wish assignment to your profile at YouTube, you need to log out before you activate the button. YouTube will record your data in usage profiles and use them for the purpose of advertising, market research and/or demand-oriented design of its website. Such evaluation shall in particular take place (even for users who are not logged in) in order to display demand-oriented marketing and in order to inform other users of the social network of your activities on our website. You have a right to object to the generation of these user profiles. In order to exercise this right, you must contact YouTube.

(3) Further information on the purpose and extent of data collection and processing by YouTube is available in the data protection statement. It also contains further information on your rights and setting options for protecting your privacy: google.de. Google also processes your personal data in the USA and has subjected itself to the EU-US-Privacy-Shield.

8. Use of HubSpot for Data Processing

DSwiss utilizes HubSpot, an integrated platform for customer relationship management, marketing, and communications, to better serve our customers and manage interactions with our services efficiently. This section outlines how we use HubSpot and your rights regarding the personal data processed through HubSpot.

(1) How we use HubSpot:

- Communication: HubSpot allows us to send emails, newsletters, and other communications to users who have opted in to receive them. It helps us tailor our communication based on user preferences and interaction history.

- Customer Service and Engagement: We use HubSpot to manage and respond to customer inquiries, feedback, and provide support services.

- Marketing and Analytics: HubSpot provides tools for marketing campaigns and analytics, enabling us to understand how our services are used and how we can improve them.

(2) Your Data Protection Rights with HubSpot:

Your personal data is processed in HubSpot based on your consent. You have the right to access, rectify, or erase your personal data, as well as the right to restrict processing and the right to data portability as detailed in our Data Protection Notes.

(3) Unsubscribing from Communications via HubSpot

If you wish to opt-out of receiving marketing communications processed through HubSpot, you may do so in the following ways:

- Directly from Emails: Use the 'Unsubscribe' link found in the footer of any marketing email you receive from us via HubSpot.

- Contacting Us: If you encounter any issues or wish to directly request removal from our communications lists, please contact our Privacy Department at privacy@dswiss.com.

We are dedicated to protecting your privacy and ensuring that your personal data is handled in compliance with the best practices and regulatory requirements.

9. Use of the SecureSafe application

(1) Our internet Datensafe services (“SecureSafe Services”) shall be used in accordance with the SecureSafe GTC and subject to the user’s own responsibility. You may access the SecureSafe Services via the web from our website or download our SecureSafe apps designed for desktop or mobile devices.

(2) You may download our apps for mobile devices from various online platforms operated by other providers (“App Stores”). The data protection notices of the respective providers shall apply to data processing in connection with your visit to the App store and download of the app for mobile devices. They can be viewed at apple.com for the Apple App Store and at google.com for the Google Play Store.

(3) In order to use our SecureSafe Services, you must register and provide the following data:

- Your e-mail address,
- a user name of your choice,
- a password of your choice.

(4) The following data will be processed when you use the SecureSafe application:

- The data listed in section 3 (categories of processed personal data), subsection 1
- implemented
- Actions executed within the app (visible, for example, in the “Activity Trail” of a TeamSafe) and their duration
- The (SecureSafe) app version you are using

(5) Your registration establishes a usage relationship in accordance with the provisions of the SecureSafe GTC. We will save the personal data provided by you necessary to fulfill the contract. We will also save the data freely provided by you for the period of time during which you use the SecureSafe Services, provided you do not delete it. You can manage and edit any information in your reserved customer area. SecureSafe will never have any access to your login details.

(6) If you are using our SecureSafe Services, you will generate usage data by uploading files, storing passwords or sending emails with personal content via the mail-in function. In the event content uploads are not executed strictly in relation to personal or family matters, this may constitute a form of processing subject to the application of the GDPR. For this purpose, you shall be the “data controller” for the respective processing activity as defined by Article 4 (7), GDPR. We provide our users only with the technical framework conditions for saving data. We have no control over the type, if any, of personal data uploaded by users when using the SecureSafe Services. We have no access to any uploaded data; we do not review it, and we do not assess it. We therefore assume that you alone will be the controller as defined by Article 4 (7), GDPR, in the aforementioned case. If you delete your account or request its deletion, the usage data generated by you will also be erased.

(7) If you use our SecureSafe services for anything other than personal or family activities, you will need to stipulate an order processing contract with us for the use of our services.

(8) If the usage fee is not paid by the customer themselves, but by a third party such as the customer's employer (hereinafter, "third-party payer"), DSwiss reserves the right to provide the third-party payer with billing reports, which may contain the customer's email address. The client explicitly agrees to this.

(9) Via our website or apps, you can choose between free use of our services and other paid services. We accept payment via credit card or PayPal accounts.

(10) If you choose to use a voucher, we will record the voucher code and the context in which it was used.

(11) If you choose to pay by credit card at the time of payment, you will be forwarded to the Datatrans interface for payment. Payment by credit card requires the indication of the following personal data: your credit card information, comprising your card number, date of validity, and CVV code. For further information, see the data privacy notices of Datatrans under datatrans.ch.

(12) If you choose to pay using the online payment service provider PayPal at the time of payment, you will be forwarded to the PayPal interface for payment. Personal data submitted to PayPal usually are first name, last name, address, phone number, IP address, email address, or other data that are required for processing, as well as data that are connected to the purchase. Depending on the payment type chosen at PayPal, PayPal will submit the personal data provided to PayPal to rating agencies. The specific agencies and the data generally collected, processed, saved, and passed on by PayPal can be taken from PayPal’s data privacy notice under paypal.com.

(13) The financial data used are encrypted with TLS.

10. Categories of Recipients of the Personal Data

(1) We have some of the processes and services performed by carefully selected service providers mandated in compliance with data protection. These external service providers are bound to our instructions and subject to regular inspection. They will not pass your data on to any third parties.

(2) Regarding data forwarding to further recipients, we shall only pass on information concerning you if statutory provisions require this, if you have consented to it or if we are authorized to pass them on. If these conditions are met, recipients of the personal data may be, e.g.:

- Public bodies and institutions (e.g. financial authorities, law-enforcement authorities) when there is a statutory or authority obligation.

11. The Purposes of the Processing for which the Personal Data are intended and the Legal Basis for the Processing

We process your personal data in compliance with the respective applicable statutory provisions on data protection. Processing is lawful if the following condition is fulfilled:

- Consent (point (a) of Article 6(1)) GDPR: Processing of personal data is lawful after consent to processing for specified purpos-es (e.g. processing of your request, use of the data for marketing purposes). You may withdraw consent given at any time, effective for the future. This shall also apply to withdrawal of declarations of consent that were given to us before the application of the GDPR, i.e. before 25 May 2018.

- Due to contractual obligations (point (b) of Article 6(1)) GDPRWe process personal data in order to meet our contractual obligations or to carry out pre-contractual measures that take place upon request. The purposes of the pro-cessing activities result primarily from your request.

- Due to statutory specifications (point (c) of Article 6(1)) GDPR:DSwiss AG is subject to various legal obligations. These include, among others:

- Storage requirements under commercial and tax law according to the law of obligations and the Federal act on direct Federal tax (Bundesgesetz über die direkte Bundessteuer),

- Compliance with controlling and notification obligations under tax law.

- Within the context of consideration of interests (point (f) of Article 6(1)) GDPR:As far as is necessary, we will process your data beyond the actual performance of the contract to protect legitimate interests of us or of third parties. Examples:

- Establishment of legal claims and defenses in legal disputes,

- Ensuring IT security and IT operation,

- Analysis and improvement of use of our website.

- Submission of information regarding updates for our products and services, and regarding preferential offers to the customer base.

12. Intention to transfer the Personal Data to a Third Country or to an International Organization

In principle, data is only processed in Switzerland. The EU Commission has determined an adequate level of protection in Switzerland in accordance with Art. 25 (6) of the EU Data Protection Directive. An active transfer to other third countries only takes place if this has been expressly indicated within the scope of the aforementioned services.

13. Criteria for determining the Duration for which the Personal Data are stored

(1) The data is stored in accordance with statutory data processing regulations and in compliance with statutory retention periods. We process and use your data exclusively for the purposes for which we are authorized and for as long as the data is required for these purposes.

(2) If the data are no longer required for the purpose or for the fulfillment of legal obligations, they are generally deleted, unless their further processing - limited in time and scope if necessary - is required for the following purposes:

- The fulfillment of retention obligations under commercial and tax law: The Swiss Code of Obligations (OR) and the Federal Law on Direct Federal Tax (DBG) are worth mentioning. According to these, the retention or documentation periods are generally 10 years.

- Preservation of evidence under the statutory limitation provisions.

14. Your Data Protection Rights

(1) Every data subject has the right to access according to Article 15 GDPR, the right to rectification according to Article 16 GDPR, the right of erasure according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR, the right to objection from Article 21 GDPR and the right to data portability from Article 20 GDPR. Additionally, there is a right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG). For rectification of the data, you may log in to your user account and make the desired changes using the field "Preference" (upper right).

(2) You may withdraw your consent granted to us for processing of personal data at any time, effective for the future. This shall also apply to withdrawal of declarations of consent that were given to us before the application of the General Data Protection Regulation, i.e. before 25 May 2018.

(3) You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.

In individual cases, we will process your personal data for direct marketing. You have the right to object to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing, at any time.

If you object to processing for direct marketing purposes, we shall no longer process your personal data for such purposes.

If you object, we shall no longer process your personal data, except if we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or if processing serves to establish, exercise or defend legal claims.

The objection can be lodged informally and should be sent to:

DSwiss AG
Antonio Mecci
Privacy Department
Badenerstrasse 329
CH-8003 Zurich
Switzerland

E-mail: privacy@dswiss.com

15. Obligation to provide and Possible Consequences of not providing Personal Data

Within the context of use of our offers, you must provide the personal data that are necessary to fulfill the purpose or that we are required to collect by law. Without these data, we will usually be unable to render the desired service.

16. Data Security

Your personal data will be stored and processed on our computers in Switzerland. We protect your personal data by way of compliance with physical, electronic and process-technical safety measures in accordance with article 32, GDPR, in conjunction with the applicable Swiss Federal law. We protect our computers, among other things, using firewalls and data encryption. Moreover, we conduct personal checks before granting access to our buildings and files, and access to personal data is granted only to employees requiring said data to fulfill their tasks.

17. Application of automated decision-making, including profiling

We generally do not use any fully automated decision-making in accordance with Article 22 GDPR for establishing and execution of the business relationship. We will inform you separately if we use this procedure in exceptional cases, as far as this is required by law. 

18. Changes to the Privacy Policy

This privacy policy may be updated occasionally, since we continually develop and optimize our services. For this, the respective latest version will be published on our website.