Datamars Website Privacy Notice

Datamars SA, with legal head office in Via Industria 16, 6814 Lamone, Switzerland (“Datamars” or “Data Controller“), where acting as (or any local equivalent) Data Controller of the processing activity of users personal data (“Personal Data”), provides below the Datamars Website Privacy Notice (“Privacy Notice”) pursuant the Regulation (EU) 2016/679 ( “GDPR“) and the new Swiss Act on Federal Data Protection (“nFADP”), to inform the users (“Data Subjects”) about how Datamars and its operating divisions, subsidiaries, affiliates, branches (“Datamars”), protect, use and process Personal Data and to explain the Data Subject rights and choices with respect to Personal Data that Datamars holds about the Data Subject when the Data Subject visits websites.

If the Data Subject is located within the European Economic Area (“EEA”), United Kingdom (UK) or Switzerland, Datamars is the Data Controller of the Data Subject’s personal data. Datamars is responsible for determining how and why the Data Subject’s Personal Data is processed. If the Datamars entity acting as the controller of the Personal Data of the Data Subject is located outside the European Union and Switzerland, if applicable, Datamars SA will represent it in data privacy matters.

This Privacy Notice applies to Personal Data that Datamars collects and process on Datamars websites (“Websites”), and in connection with the services Datamars provides (together with the Websites, the “Services”). In this Privacy Notice the Data Subject’s Personal Data means any information which Datamars has or obtains about the Data Subject from which the Data Subject can be directly or indirectly personally identified.

Datamars, as the Data Controller, undertakes to protect the confidentiality and the rights of the Data Subject and, according to the principles established by aforementioned laws and regulation, where the processing activity of the data provided will be based on principles of correctness, lawfulness and transparency.

If the Datamars entity acting as the controller of the Personal Data of the Data Subject is located outside the European Union and Switzerland, if applicable, Datamars SA will represent it in data privacy matters.

1 WHAT PERSONAL DATA DOES DATAMARS COLLECT?

    • This Privacy Notice is provided only for the Websites and not for other websites that may be consulted by the Data Subject through links. The Data Subject may voluntarily provide his Personal Data that will be processed and used by Datamars for the purposes related to the requested service indicated by specific privacy notice reported or displayed on the pages of the website for particular services or requests. Datamars collects Personal Data automatically from users of Datamars’ Websites. The types of Personal Data Datamars collects depends on the nature of its relationship with the Data Subject. If the Data Subject fails to provide certain Personal Data, Datamars may not be able to perform the Services.
    • Datamars collects Personal Data from Data Subjects (including past, existing and prospective customers) and Website visitors.
    • What Personal Data Datamars collects and when:
      • Personal information such as the Data Subject’s name, email address, phone number, age, and a password. Datamars collects this when the Data Subject creates and registers an account with Datamars, or when the Data Subject subscribes to Datamars’ newsletter or mailing lists.
      • Payment information such as the Data Subject’s name, email address, billing address, and credit card information. Datamars collects this information when the Data Subject purchases a product from Datamars. Credit card information (if any) is only used in processing the Data Subject’s transaction and is not stored by Datamars. Datamars keeps order information (which does not include credit card information, which may be stored by Datamars payment processors) as so long as reasonably required to provide the Service and serve purchased products to the respective customers, or until the Data Subject asks Datamars to remove it.
      • Information from discussions on forums and comment threads: Any information that the Data Subject discloses in these locations becomes publicly available and may be recorded, archived, and republished by anyone. Datamars keeps this information as so long as the Data Subject continues to consent to keep this information published.
      • Information from third-party sources: Datamars may receive information about the Data Subject from publicly and commercially available sources (as permitted by law), which we may combine with other information Datamars receives from or about the Data Subject. Datamars also may receive information about the Data Subject from third-party social networking services when the Data Subject choose to connect with those services.
      • Other information: The Data Subject may choose to provide Datamars with information when the Data Subject contacts Datamars, respond to surveys, fill in forms, or use other features of the Services. Datamars may keep a record of that information and/or correspondence. Datamars keeps this information as so long as reasonably required.

Datamars may also collect the following types of anonymous and non-personally identifiable information from the Data Subject in order to better understand how the Services are used and how to improve them:

      • Online usage logs and analytics: When visiting the Websites or online applications, Datamars may collect information about the Data Subject’s interaction, including but not limited to the device type, browser version, date & time of the site visit, referring website, pages visited on the Websites, and visit duration. Please note that Datamars may use a third party’s analytics service to collect some usage information from the Websites and online applications. For more information about how Datamars uses cookies, please see the “Cookie Policy” here https://datamars.com/cookiepolicy/. Datamars shall keep this information as so long as reasonably required.
      • Error reports: When the Data Subject chooses to send an error report in Datamars software, it includes an anonymous unique identifier for the Data Subject’s computer. The unique identifier does not identify the Data Subject unless the Data Subject (or someone acting on the Data Subject’s behalf) discloses it separately.

2. HOW DATAMARS USES DATA SUBJECT’S PERSONAL DATA

Datamars will only collect, use and share the Data Subject’s Personal Data where Datamars has an appropriate legal basis to do this. This may be because:

    • Data Subject has provided with a consent to Datamars using the Personal Data;
    • use of the Data Subject’s Personal Data is in Datamars legitimate interest as a commercial organisation. In these cases, Datamars will look after the Data Subject’s information at all times in a way that is proportionate and respects the Data Subject’s privacy rights and the Data Subject has a right to object to processing as explained below;
    • use of the Data Subject’s Personal Data is necessary to perform a contract or take steps to enter into a contract with the Data Subject; and
    • use of the Data Subject’s Personal Data is necessary to comply with a relevant legal or regulatory obligation.

The purposes for which Datamars uses the Data Subject’s Personal Data, and their associated legal bases, are described below:

Purpose Legal Basis
Market Datamars products and services Legitimate interest in contacting customers and potential customers to promote products and services; or (where required by law), consent.
To register the Data Subject for, or to provide the Data Subject with a Service. Performance of a contract with the Data Subject; Legitimate business interests related to providing the Data Subject with a product or a Service.
Resolve customer queries and complaints. Legitimate interest in resolving queries and complaints; or compliance with a legal obligation.
To process payments on Services and deliver the Data Subject products Performance of a contract with the Data Subject; Legitimate interests as a business to process payments for services provided.
Provide the Data Subject with access to all parts of our websites, to authenticate and enable access to Services and features of the websites for the Data Subject, to personalize the Data Subject’s experience on Websites, to study how anonymous users interact with our Services; and ultimately improve the functionality of the websites for the benefit of all users. Performance of a contract with the Data Subject; Legitimate interest in providing an enhanced, customer friendly website by understanding how the Website is used.
To contact the Data Subject to provide notices regarding the Data Subject’s use of or the provision of the Services, or if the Data Subject’s actions violate the Data Subject’s agreement with Datamars (if any). Compliance with a legal obligation; Legitimate interests in protecting Datamars’ business.
To monitor business performance and for internal record keeping; to administer referral programs, rewards, surveys, sweepstakes, contests. Legitimate interest in providing an enhanced, customer friendly website by understanding how the Website is used.
To improve existing Services and to aid the development of new products & services and to find errors in and analyse performance of the Services. Legitimate interest in providing an enhanced, customer friendly website and in improving performance.
Protect our employees and guarantee the security and safety of the Websites. Legitimate interest in protecting our employees and preventing crime; or compliance with a legal obligation.

Important Notice: Where Datamars relies on a legitimate interest of Datamars or a third-party recipient of the Personal Data in order to use and disclose  such data  the Data Subject is entitled to object to such use or disclosure and if the Data Subject does, Datamars will stop processing the Data Subject’s Personal Data for that purpose unless Datamars can show there are compelling legitimate reasons for to continue to do so.

Datamars may also use the Data Subject’s Personal Data and other information to create aggregated information excluding information that makes the data personally identifiable to the Data Subject. Datamars may use and share such information to improve its products and services, develop new products and services, and for research, analytics, and any other lawful purposes.

3 WHO DO WE SHARE THE DATA SUBJECT’S PERSONAL INFORMATION WITH?

We share the Data Subject’s Personal Data with the following categories of recipients:

    • Within Datamars
      • Within Datamars, where such disclosure is necessary to provide the Data Subject with the Services or to manage the business.
    • Service Providers
      • Datamars may share Personal Data with subjects providing services for the management of the information system and communications networks (including E-mail boxes), newsletter services, freelancers, offices, or companies in the context of assistance and consultancy.NOTE: The legal basis of such sharing is Datamars legitimate interest in effectively operating and improving its business. Datamars has appropriate contracts in place with the service providers that prohibit them from using or sharing the Data Subject’s Personal Data except as authorized.
    • Competent Authorities
      • Datamars may disclose information about the Data Subject to other third parties, such governmental agencies and regulators (e.g. tax authorities), social insurance carriers, courts, law enforcement agencies, government authorities and to external advisors acting as controllers (e.g. lawyers, accountants, auditors etc.).NOTE: Such transfers are made in order to comply with legal obligations and for the legitimate interests pursued by Datamars or a third party to ensure the protection of the rights and property of Datamars and others, including:
        • if Datamars is required to do so by law, court order or legal process;
        • in response to lawful requests by public authorities, including to meet national security or law enforcement requirements;
        • to enforce Datamars policies or contracts;
        • to collect amounts owed to Datamars; or
        • when Datamars believes disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity.
    • Other Recipients
      Datamars may also disclose or transfer the Data Subject’s Personal Data in the event of a proposed or actual commercial acquisition or corporate event such as for reorganisation. The purpose of such processing is to allow for the sale or transfer of our business and the legal basis for doing so under the GDPR and nFADP, where applicable, is Datamars’ legitimate interest in being able to manage its business by conducting such a sale or transfer.

4 INTERNATIONAL DATA TRANSFERS 

    • Datamars operates on a global basis. Accordingly, the Data Subject’s Personal Data may be transferred and stored in countries outside the EEA. Datamars will always take steps to ensure that any international transfer of information is carefully managed to protect the Data Subject’s rights and interests, in particular either:
      • only transfer the Data Subject’s Personal Data to countries which are recognised as providing an adequate level of legal protection in accordance with Article 45 of the GDPR; or
      • ensure that transfers outside the Data Subject’s country are subject to additional safeguards required under local law – for example, the EU Model Clauses pursuant to Article 46(2) of the GDPR or by relying on certification schemes. In particular, we are a party to an Intra-Group Data Transfer Agreement which governs the transfer of Personal Data across all members of the Datamars group of companies, and which includes an appropriate mechanism to lawfully transfer personal data outside of the EEA, (namely the standard contractual clauses).

5 SECURITY 

    • Datamars has implemented and maintains appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and service providers; destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected.
    • Services may link to third-party websites and services that are outside Datamars’ control. Datamars is not responsible for the security or privacy of any information collected by such websites or other services. The Data Subject should exercise caution and review the privacy statements applicable to the third-party websites and services, as Datamars do not accept any responsibility or liability for these policies.
    • Unfortunately, the transmission of information via the internet is not completely secure. Although Datamars will do its best to protect the Data Subject’s Personal Data, Datamars cannot guarantee the security of the Data Subject’s Personal Data transmitted to the Website; any transmission is at the Data Subject’s own risk.

6 DATA RETENTION

    • Datamars only retains the Personal Data we receive as described in this Privacy Notice for as long as the Data Subjects use the Services or as necessary to fulfil the purpose(s) for which it was collected, including for the purposes of providing our products and services, to resolve disputes, to establish legal defenses, to conduct audits, to pursue legitimate business purposes, to enforce our agreements and to comply with applicable laws.
    • In some circumstances Datamars may store the Data Subject’s Personal Data for longer periods of time, for instance where Datamars is required to do so in accordance with legal, regulatory, tax, accounting requirements.
    • In specific circumstances Datamars may store the Data Subject’s Personal Data for longer periods of time so that we have an accurate record of the Data Subject’s dealings with Datamars in the event of any complaints or challenges, or if Datamars reasonably believes there is a prospect of litigation relating to the Data Subject’s Personal Data or dealings.

7 DATA SUBJECT’S CHOICES

    • Marketing CommunicationsThe Data Subject may receive periodic emails, newsletters, mailings or phone calls from Datamars with information on Datamars or our business partners’ products and services or upcoming special offers/events we believe may be of interest to the Data Subject, if the Data Subject has opted-in to receiving these communications. We will direct these communications to the Data Subject only with the Data Subject’s consent (where such consent is required by law). The Data Subject can opt-out of these communications at no cost at any time by clicking an “unsubscribe” button provided in marketing email communication sent by Datamars or, by writing to . However, Datamars may continue to send transaction-related emails regarding products or services the Data Subject has requested:  the Data Subject will not be able to opt-out of some of those communications (for example, communications regarding updates to the terms of use of this Privacy Notice). Datamars shall maintain telephone “do not call,’ lists and “do not mail’ lists as mandated by law and process requests in relation to those lists within such time periods as required by law.Datamars also uses customer relationship management (CRM) database technology to manage and track its marketing efforts. Datamars CRM databases include Personal Data belonging to individuals at Datamars’ customers and other companies with whom Datamars already has a business relationship or wants to develop one. The Personal Data used for these purposes includes relevant business information, such as: contact data, publicly available information (e.g. board membership, published articles, press releases, public posts on social media sites if relevant for business purposes), customers responses to targeted e-mail (including web activity following links from Datamars e-mails), website activity of registered users of Datamars Websites, and other business information included by Datamars professionals based on their personal interactions with customers.

8 DATA SUBJECT RIGHTS OF THOSE LOCATED IN EUROPE 

    • This section applies only to data subjects based in the EEA, UK or Switzerland, who have certain rights under the applicable data protection laws and regulations, as summarized below:
      • to request access to the Data Subject’s Personal Data;
      • to request rectification of inaccurate or incomplete Personal Data;
      • to request erasure of the Data Subject’s Personal Data;
      • to restrict the processing of the Data Subject’s Personal Data;
      • to object to our use of the Data Subject’s Personal Data;
      • where relevant, to request the portability of the Data Subject’s Personal Data;
      • where the Data Subject has given consent to the processing of Personal Data, to withdraw the Data Subject’s consent; and
      • to lodge a complaint with the competent supervisory authority.
    • The Data Subject can request to exercise the rights above by contacting Datamars using the details below. The Data Subject’s rights will in each case be subject to the restrictions set out in applicable data protection laws and regulations. Further information on these rights, and the circumstances in which they may arise in connection with Datamars processing of the Data Subject’s Personal Data, can be obtained by contacting Datamars at privacy@datamars.com.
    • If the Data Subject has any grievance or issue in respect of our handling or processing of the Data Subject’ s Personal Data, the Data Subject has the right to lodge a complaint with the Data Subject’s local data protection supervisory authority.

Update and effective data: March 06, 2024