Last Updated: June 1, 2022
Swiss Infosec (Deutschland) GmbH
Unter den Linden 24
What Personal Data do we Process, for what Purpose and on what Basis?
When you visit our website, the server automatically logs general technical information. This data includes your IP address, browser type, internet service provider, referring pages, operating system, date/time stamp and/or clickstream data, information about the devices you use to access the site, location and web navigation data.
Cookies are pieces of information your web browser automatically stores on your device when you visit the Website. You can independently manage the security settings in your browser and block or delete the cookies we use. Please note that our website may no longer function to its full extent if you block cookies that are necessary for the functioning of the Website.
The website may include certain social media features, such as the Facebook "Like" button, and widgets, such as the "Share This" button or interactive mini-programs. These features may collect data from a user's log files. Your interactions with these features are subject to the privacy policies of the companies providing these features.
When you use our Services, we collect the following personal data from you:
- Registration/login data: When you register to use our Services, we collect your contact details (which may be pseudonymized in the case of students) and other relevant personal data that you provide us with on this occasion. If you authenticate yourself with an existing account (Microsoft, Google, etc.), Classtime will receive the necessary personal data (e.g. name, email address) from these services. Students can also use Classtime with a pseudonym.
- Communication data: We store communication between you and us, such as service-related emails regarding account management, notifications on technical issues or changes to the Services.
- Other personal data: We process other personal data you store on the learning platform of your own accord or that result from your use of the learning platform.
- Technical information: We log certain technical information in connection with your usage of our Services.
We process this personal data for the following purposes and based on the following grounds for processing:
- to enter into and perform the contract for the use of our Services and to provide you with our Services,
- ton the basis of your consent, if applicable,
- on the basis of our legitimate interests, for example to ensure IT security and data protection or to enforce or defend legal claims,
- to comply with legal obligations.
Based on our interest in informing people who are interested in our Services about our offers and about any new developments, we can send you newsletters and info mailings. You can opt out of receiving such information at any time.
When and how do we transfer your personal data to third parties?
It may be necessary for us to transfer your personal data to third parties in order to fulfil the contract, to protect our interests or to comply with legal regulations:
- We may engage third parties to perform certain business-related functions, including but not limited to IT (such as maintaining databases, sending e-mail messages, providing and developing certain service functions, maintenance and security), payment, billing, and collection, or marketing. If we engage a third party to perform such a function, we will only provide that third party with the data it needs to perform its specific function.
- We may share your personal data with universities from Switzerland, the EU or the EEA for scientific research purposes. Before we share your data, we will take reasonable steps to anonymize or otherwise de-identify it to the best of our ability.
- We may disclose collected data if and to the extent necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property or the rights or property of our users (including, without limitation, against liability claims), or (iii) protect the security or integrity of the Services.
- We may share your personal information with third parties to whom we transfer our business or parts thereof or with whom we merge.
If we transfer your personal data to third parties outside Switzerland or the EU and EEA, we comply with the provisions of the applicable data protection laws on international data transfers, e.g. by concluding standard contractual clauses (and implementing additional security measures, if necessary).
We do not rent or sell your personal data to third parties.
Our database is stored on certified servers in Switzerland, which are operated either by us or by an IT service provider commissioned by us.
We protect your personal data in particular by means of the following technical and organizational security measures against unintentional, illegal or unauthorized manipulation, deletion, modification, access, disclosure, use or loss:
- connections between app and server and to the database are encrypted (TLS),
- data is stored encrypted in the database ("encrypted at rest"),
- only selected employees have access to the database,
- 2-factor authentication is possible using Google Authenticator,
- daily backups.
How long do we keep your personal data?
We only store your personal data for as long and to the extent necessary for the purposes described above or for legal reasons.
Personal data stored in user accounts will be deleted 6 months after deletion of the corresponding account.
What are your rights in connection with your personal data?
Subject to applicable law, you have the following rights in connection with your personal data:
- Right to access your personal data,
- Right to have inaccurate personal data rectified,
- Right to erasure (“right to be forgotten”),
- Right to restrict the processing of your personal data,
- Right to data portability,
- Right to object to the processing of your personal data.
Please note that exceptions apply to these rights. In particular, we may be obliged to further process your personal data in order to fulfill a contract, to protect our own legitimate interests, such as the assertion, exercise, or defense of legal claims, or to comply with legal obligations. In these cases, we can or must reject certain requests or comply with them only to a limited extent.
To exercise your rights in connection with your personal data, please contact us by e-mail at firstname.lastname@example.org
If we act as a data processor, we will forward your request to the relevant data controller
Links to other websites
Our Website links to third-party websites that are not operated or controlled by us. We are not responsible for whether and how these third parties comply with data protection laws.
If you are not satisfied with the way in which we process your personal data, you have the right to complain to the Swiss Federal Data Protection and Information Commissioner FDPIC or, if the GDPR is applicable, to your competent supervisory authority.
Please contact us first before submitting a complaint. This will enable us to try to resolve it directly. The easiest way is to contact us by e-mail at email@example.com