As an internationally operating software company, the EU General Data Protection Regulation (GDPR) is important to us in addition to the Swiss data protection regulations. We have aligned this data protection declaration with the stricter standard of the GDPR.
1. Name and address of the controller and general information
All contact addresses and our imprint can be found here. If you have any questions regarding data protection, please do not hesitate to contact us:
Cleondris GmbH Buckhauserstrasse 17 CH - 8048 Zürich Switzerland
Our data protection coordinator can also be reached vie the following contact details:
Phone Number: +41 445 155 440
E-mail address: [email protected]
Our representative in the EEA according to art. 27 GDPR can be contacted as follows:
VGS Datenschutzpartner UG, Am Kaiserkai 69, D-20457 Hamburg, Germany.
2. Protection of personal data
CLEONDRIS uses data networks protected by the standard firewalls and password systems, among other things, to ensure the security and confidentiality of any personal data recorded. When handling your personal data, we take appropriate technical and organizational measures to protect your data from loss, misuse, unauthorized access, disclosure, alteration or destruction.
For our CLEONDRIS websites, we use encryption techniques (SSL or TLS encryption) for security reasons to protect your personal data and other confidential content. The lock icon and "https://" in the browser address box show you that the data exchanged with this website is encrypted on the network level.
3. Type of personal data collected
3.1 Description and scope of data processing
"Personal data processing" means any form of handling of your personal data, such as recording, using, storing, disclosing, transmitting or deleting such data.
CLEONDRIS primarily process personal data that we receive directly from you within the scope of our client relationships. It is also possible that we receive or collect data from business partners or other persons involved. Insofar as this is permitted and necessary, we also obtain data from publicly accessible sources (e.g. public registers, media, Internet) or receive such data from our clients and their employees, from authorities, (arbitration) courts and other third parties (e.g. counterparties, business partners and contractual partners of our clients). In addition to the data that we receive directly from you, the categories of personal data that we receive from third parties include, but are not limited to, the following:
Information from public registers (debt collection registers, commercial registers, land registers);
Information we obtain in connection with official and court proceedings;
Information on compliance with legal requirements (e.g. combating money laundering and export restrictions);
Information about you that we receive from people around you (family, advisors, legal representatives, etc.) so that we can conclude contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney);
Information related to your professional functions and activities;
Information about you in correspondence and discussions with third parties;
Creditworthiness information (if we conduct business with you personally);
Information from banks, insurance companies, distributors and other contractual partners from us on the use or provision of services by you (e.g. payments made/purchases made);
Information from media and Internet about you (as far as this is indicated in the concrete case), as well as
References for applications.
However, in addition, CLEONDRIS automatically records personal data, when you use and interact with our websites. Moreover, the personal data that you supply is recorded automatically or manually (e.g., during sign-up and creation of your user profile or customer account, if any). The data entry forms show you what data items are collected.
3.2 Data that is recorded automatically
When you use our websites, CLEONDRIS records certain personal data even if you do not sign in or actively provide information.
When you open a CLEONDRIS website, your browser communicates data to us. The data is also stored in the log files of our system. Those data are not stored together with other personal data. The following data are recorded:
which CLEONDRIS websites are visited;
the number of visits, as well as the date, time and duration of the visit;
the source or reference of the site from which the user reached the website;
Hardware and browser information (operating system, browser type and version, etc.);
The data are stored in log files for functional purposes of the website. In addition, we use the data to optimize the website and protect the security of our IT systems. No data are analyzed for marketing purposes in this context.
Such data are deleted as soon as they are no longer needed for the purpose for which they were collected. Data recorded for presentation of the website are deleted at the end of each session. Data stored in log files are generally deleted within one month, at the latest. Storage for a longer period is possible only if the users' IP addresses are deleted or coded so that the requesting client can no longer be identified. Recording the data for broadcasting of the website and storage of the data in log files are absolutely necessary in order to operate the website. The user therefore has no right to object.
Most browsers accept such cookies automatically. You can also configure your browser to block cookies. For further details, see the user instructions or help system of your browser. If you disable cookies, you may not be able to make full use of all the features of this website.
In certain features of CLEONDRIS websites you can use location-specific services. In such cases, you will be informed in advance that your actual location will be tracked and processed. You can disable location determination in the hardware settings.
3.3 Data during interaction with CLEONDRIS, e.g. for contract processing
CLEONDRIS processes the personal data that you give us when you sign up with CLEONDRIS, for example by registering or actively providing information. Registration is required in order to store certain content and services on our website and for the performance of a contract with you or for the performance of precontractual measures.
For example, the following information may be requested and processed:
First and last names
Date of birth and age;
Information about purchasing power;
Customer and shopping preferences;
Credit card and account information;
Customer or member numbers;
Information on subscription newsletters or other advertising;
Consent to receive advertising;
Online customer account information (e.g., account-opening date, user name or profile picture).
Data on customer's activities
Contract data (including the date of signature, type, contents; parties, effective period and value of the contract, and any claims asserted thereunder);
Purchasing information (including the date, place and time of purchase; the nature, quantity and value of the purchased goods and services; shopping cart; discontinued purchase in shopping cart; payment method used; paying agent; shopping history);
Customer service information (including product returns, complaints, warranty claims, delivery information);
Session data concerning visits of our websites, mobile apps or offers on our Internet platforms, multimedia portals or social networks (including the duration and frequency of the visits, language and country settings, information and browsers and the computer operating system, Internet Protocol addresses, search words, and search results, evaluations given);
Location-specific data when using mobile devices.
4 Purpose of data processing by CLEONDRIS
Your personal data are used by CLEONDRIS for the purposes described below.
4.1 CLEONDRIS's provision of goods and services
CLEONDRIS uses your personal data to perform orders and contracts, including to send confirmations of orders and forwarding, delivery confirmations, and to make deliveries and invoicing.
In addition, your information is used to check your age to confirm that you have the minimum legal age, to ensure compliance with the minimum legal age requirements for online purchasing or other purposes related to the applicable data protection and/or distribution laws.
Moreover, your personal data may be used for organizing and carrying out customer service tasks, e.g., after you use the contact form to get in touch with CLEONDRIS.
4.2 Improving CLEONDRIS products and services
CLEONDRIS uses your personal data to create a profile that helps us understand how CLEONDRIS products and services are used so that we can develop more interesting and relevant products and services and tailor them to your needs.
4.3 Communication services and other requested products or services
CLEONDRIS uses your personal data to prepare, manage and carry out customer communications by post or by electronic communications media.
Moreover, we use your information to prepare the requested products or services (e.g., e-mail newsletter, advertising campaigns, raffles, contests, participation in events, etc.
4.4 Marketing activities and events
In addition, in line with applicable law and where appropriate, CLEONDRIS may process your personal data and personal data of third parties for the following purposes, which are in our (or, as the case may be, any third parties') legitimate interest, such as:
sending of advertising, newsletters or advertising mailings as well as organizing and holding contests and prize drawings, including for the notification and publication of the winners on CLEONDRIS websites, multimedia portals or social networks;
Organizing and holding special occasions such as events and advertising events;
To prevent unnecessary advertising thanks to the findings from the analysis of customer behaviour, for customized and individualized direct marketing;
individualized and personal and/or anonymous and group-related identification, classification and analysis of current and potential customer needs and interests;
individualized and personal and/or anonymous and group-related classification and analysis of customer behaviour and potential;
statistical analysis of customer behaviour based on anonymized customer data.
5 Transfer of personal data to third parties
For data processing and storage, CLEONDRIS works together with other companies and individuals or enters into subcontracting agreements with companies or individuals. When companies perform services for CLEONDRIS, we enter into written agreements with those companies to ensure that they cannot use your personal information for any purposes other than those that have been clearly specified or are required by law. CLEONDRIS will transfer your data to third parties in the cases defined below.
CLEONDRIS will transfer your data to third parties:
to ensure the protection and security of all CLEONDRIS customers and of third parties (e.g., technical support service related to the CLEONDRIS website);
to protect the rights and property of CLEONDRIS's and of CLEONDRIS's customers and of third parties;
to comply with legal obligations of disclosure imposed on CLEONDRIS by law or in legal proceedings (orders issued by a court or by a law enforcement authority, etc.).
5.2 Order processing and credit checks
Your data may be transferred by CLEONDRIS:
when companies perform services for CLEONDRIS, e.g., delivery, payment processing or customer service jobs, to the extent that the data transfer is necessary for the delivery of goods or services.
To the extent necessary for payment processing, your payment data may be forwarded to the credit institution engaged for payment processing. Such data shall be forwarded only to the extent necessary for payment processing.
In order to protect our legitimate interest in determining the solvency of our clients, and to prevent fraud and other abusive payment practices. In such cases, CLEONDRIS and the credit institutions involved reserve the right to perform verifications or check credit ratings before payment transactions, particularly if CLEONDRIS tenders performance in advance of payment (e.g., delivery with an invoice). To that purpose, internal and external sources of information may be used or forwarded to credit reporting agencies.
You may object to the processing of your data at any time by sending a message to the data controller or the credit institution, but CLEONDRIS or the credit institution, where applicable, shall retain the right to process your personal data, to the extent necessary to process your payment according to the contract.
5.3 Analysis and Marketing Activities
CLEONDRIS will transfer your data to third parties:
in order to be able to send direct marketing with your consent or in our legitimate interests (see item 6 below);
if you ask CLEONDRIS to forward your personal data to third-party websites or platforms, such as social networking websites. Please note that after the transmission of your personal data for marketing purposes to another company, the data received by the other company is subject to the data protection practices of that other company (see item 8 below).
6 Use of personal data for direct marketing
6.1 Signing up for the e-Mail Newsletter
When entering your e-mail-address, you have the option of signing up for various e-mail newsletters (e.g., about products, product news, job vacancies, etc.) of CLEONDRIS, in order to receive regular information about our offers or job vacancies. Providing further information, e.g., your first and last names, is optional and will be used so that we can address you personally.
The newsletters will not be sent to you until you have entered your e-mail address and clicked on the link in the confirmation e-mail that will be sent to you (Double Opt-in process). By clicking on the confirmation link, you inform CLEONDRIS of your authorization to use your personal data. To keep a record of your consent, CLEONDRIS stores your IP address and the date time of your consent.
Each e-mail Newsletter contains a link that lets you unsubscribe from the mailing list. Alternatively, you may contact the data protection officer (see item 1). Your personal data will then be deleted, unless further use of the data is permitted by law.
6.2 Mailing of the e-mail newsletter to existing customers
CLEONDRIS processes personal data of you and other persons, which may also come from publicly accessible sources, to the extent permitted and deemed appropriate to us, also for advertising and marketing purposes or for the purpose of customer acquisition in which we (and sometimes also third parties) have a justified interest corresponding to the purpose.
Hence, CLEONDRIS is permitted by law to send you by post or e-mail regular offers for products or services from our range similar to the items you purchased, even without your explicit consent, if you provided your e-mail address to CLEONDRIS when purchasing goods or services.
You are entitled, at any time with effect for the future, to prohibit your postal or e-mail address being used for the above-described marketing purpose by clicking on the link in the e-mail to remove yourself from the mailing list, or by sending a message to the data protection officer. Upon receipt of your objection, the use of your e-mail address for marketing purposes will be discontinued without delay.
6.3 Newsletter mailing via MailChimp
For the mailing of e-mail newsletter, CLEONDRIS works with the technical service "MailChimp" of the company The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http://www.mailchimp.com), to which CLEONDRIS forwards that data that you supplied to us when signing up for the newsletter. Please note that your data will generally be transmitted to a MailChimp server in the USA and stored there.
MailChimp uses that information for mailing and statistical analysis of newsletter by order of CLEONDRIS. For analysis, the e-mails sent contain so-called "web-beacons" or "tracking pixels" (single-pixel image files), which are stored on our website. They let us know, for example, whether you opened a newsletter message and which links you clicked on. Technical information is recorded, too (e.g., time of opening, IP address, browser type and operating system). Such data are collected exclusively in pseudonymized format and not linked with your other personal data, so that it is impossible to determine your identity on that basis. Such data are used exclusively for statistical analysis of newsletter campaigns. The findings from those analyses can be used to better adapt future newsletters to the interests of the recipients.
Moreover, MailChimp itself may use such data for its own legitimate interests in need-based design and optimization of the service for market research purposes, in order to determine the home countries of the recipients, for example. MailChimp does not use the data of our newsletter recipients, however, to write to them directly or to forward the data to third parties.
If you object to the data analysis for statistical purposes, you have to unsubscribe from the newsletter.
To protect your data in the USA, CLEONDRIS and MailChimp have entered into a data-processing agreement based on the standard contract clauses of the European Commission in order to enable the transmission of your personal data to MailChimp. Interested parties can view that data-processing agreement at the following address: http://mailchimp.com/legal/forms/data-processing-agreement/.
7 Online Marketing and Web Analytics Services
The anonymized data recorded in cookies when you open our website may be used for analytical purposes and to optimize our website in relation to third-party services. Such third parties themselves maybe thereby collect personal data about CLEONDRIS users to a limited extent insofar as they can recognize them based on their own cookies or logins, for example.
CLEONDRIS uses the following third-party services for Online Marketing and web analytics services:
reCAPTCHA from Google: https://www.google.com/recaptcha;
Google Analytics: https://support.google.com/analytics/answer/6004245
Web Analytics tools provide statistics and graphics that give insights into use of our websites and our users' browsing behaviour. In the process, the data about the use of a website is transmitted to the server used to that purpose. Such servers may be located abroad, depending on the provider of the online-marketing or web analytics Tools.
7.1 Google tools
In the case of the tool Google Analytics used for web analytics, the recorded data are transferred, including truncated IP addresses, which prevents the identification of individual devices.
Because of the Google tools used, your browser automatically sets up a direct connection with the Google server. CLEONDRIS has no control over the scope and further use of the data collected by Google using that tool
Google complies with Swiss and EU data protection provisions and has registered with the US Department of Commerce for the "Swiss-U.S. Privacy Shield" and "EU-U.S. Privacy Shield" (for information about Privacy Shield, see https://www.privacyshield.gov). Any transfer of such data by Google to third parties will be made only to the extent permitted by statutory provisions or for the purposes of order processing.
If you wish to be excluded from the tracking actions of analytical services, you must adjust your browser settings to block the relevant cookies (see item 3.1: Adjusting the cookie settings on your browser). You can permanently disable advertising cookies by selecting the appropriate setting in your browser software or by downloading and installing the Browser-Plug-in available at the following link: http://www.google.com/settings/ads/plugin?hl=de
8 Use of social media: Social Media plugins
8.1 "Single sign-on" process by means of a social media account
CLEONDRIS lets you use your sign-in data of your user account on a social network (e.g., Facebook) to sign in and/or create a customer account. When social media plugins are used, the user's personal data are shared with social network providers.
When you open a CLEONDRIS website that contains such a plugin, your browser sets up a direct connection with the relevant social network's servers. The content of the plugin will then be transmitted directly from the social network to your browser and integrated into the page you are viewing. Through integration of plugins, the social network will be informed that your browser has opened the corresponding page of our website, even if you do not have a profile with the social network in question or are not currently logged into it. Such information (including your IP address) is transmitted directly from your browser to one of the social network's servers, where it is stored.
8.1.1 Facebook Connect
If you want to use your Facebook profile to log into the CLEONDRIS website, the social plugin "Facebook Connect" lets you use the single sign-on process. The social plugin "Facebook Connect" is operated by the social network Facebook, of the company Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). You can recognize "Facebook Connect" social plugins by the blue button with the Facebook logo and the label "Log in with Facebook" or "Connect with Facebook" or "Sign in with Facebook".
You can also click the "Facebook Connect" button on our website to log in or register with our website using your Facebook Connect user data. . When you click the "Facebook Connect" button on our website, in order for us to receive the general information in your Facebook profile and the data that you have made generally available by selecting "Public" in your Facebook privacy settings, you must first expressly consent to data sharing with Facebook by selecting the appropriate option before the log-in process. Such information includes your User ID, name, profile picture, age and gender.
You may revoke your consent at any time by sending a message to our data protection officer (see item 1).
Facebook Inc., which is based in the USA, is certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, which ensures compliance with the data protection standards applicable in Switzerland and in the EU.
For more information about the purpose and scope of the data collected and the further processing and use of the data by Facebook, as well as your related rights and optional privacy settings, please see Facebook's data policy at: http://www.facebook.com/policy.php
If you do not want Facebook to assign the data collected on our website directly to your Facebook profile, you need to log out from Facebook before visiting our website. You can also completely block the downloading of Facebook plugins with add-ons for your browser, e.g., by using "Adblock Plus" (https://adblockplus.org/de/).
8.2 Using social media by means of "social media plugins"
CLEONDRIS may use social media plugins on the website, e.g., from social networks such as Facebook, Google+, Twitter or Instagram. Those platforms have their own privacy policies, which are beyond CLEONDRIS's control.
You can revoke your consent at any time by clicking the enabled plugin again to disable it, or by logging out of the social network and closing the website. Such revocation will not affect the data already transmitted to the social network, however.
The social networks listed below have signed the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, certifying compliance with the data protection standards applicable in Switzerland and in the EU.
Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA: http://www.facebook.com/policy.php
Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA: https://twitter.com/privacy
Instagram, Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA: https://help.instagram.com/155833707900388/
LinkedIn, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA: https://www.linkedin.com/legal/privacy-policy
8.3 Using YouTube Videos
CLEONDRIS uses the YouTube embed function for display and playback of the videos from "YouTube", which is owned by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
Regardless of playback of the embedded videos, every time you open the website a connection is established with the Google network "DoubleClick", which may trigger further data processing that is beyond our control.
Google LLC, which is based in the USA, is certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, which ensures compliance with the data protection standards applicable in Switzerland and in the EU.
9 Children as website users
The target audience of this website are employees of registered companies. However, we have no control over who accesses our website. This is why we must draw your attention to the following:
In general, we do not intentionally collect any personal data of children and teens under 16 years of age. If we learn that we unintentionally recorded private data of children and teens under the age of 16, we take steps to delete such information as soon as possible, unless we are required by the applicable laws to retain that information.
If we know that a child is over 16 years of age but is considered underage according to the applicable laws, then we seek to obtain the consent of the child's parent or guardian before using the child's personal data.
10 Storage period
CLEONDRIS retains personal data only so long as necessary in order to comply with the applicable laws and to safeguard our rights (statutory retention period, e.g., retention periods under commercial or tax law) or so long as necessary for the purposes for which the data were collected.
In particular, CLEONDRIS retains the personal data collected from customers in compliance with the periods indicated below and deletes such data thereafter, unless there are statutory retention duties or reasons not to delete the data related to operational record-keeping, or we have informed you in advance of different storage periods.
Data collected at the time of purchase in the online shop will generally be stored for a 10-year period after the last process operation for bookkeeping reasons;
Data for marketing measures and advertising purposes are to be derived from the principle of whether the storage is necessary for the advertising address. Normally, data is deleted at the latest two years after no longer being used for advertising purposes.
Data from correspondence, for example using the contact form, will be retained for six weeks after the last processing operation and then deleted;
Data from applicants will be deleted after six months in case of a rejection. If the applicant consents to further storage of his or her personal data, the data will be stored on our systems and deleted within two years at the latest. If the applicant is hired, the data are transferred to an employee information system.
Personal data collected by CLEONDRIS for web analytics are deleted as soon as they are no longer needed or in any case by the end of the statutory maximal retention period, at the latest. In general, such data are deleted one month after entry.
Data recorded for preparation of the website are deleted at the end of the relevant session. Data stored in log files are deleted within one month, at the latest.
11 Place of storage and international transfers of your personal data
CLEONDRIS stores and processes your personal data in Switzerland.
There may also be cases, however, in which CLEONDRIS must transfer your personal data within the European Union (EU), where there is an appropriate standard of data protection, or outside the European Economic Area ("EEA") to a country that does not ensure the same standard of data protection as the country in which our products and/or services are generally used. If the personal data that you provide during registration of a CLEONDRIS account or when interacting with the CLEONDRIS website is processed outside the European Union or EEA, we shall take reasonable steps to ensure adequate protection for your personal data.
If the standard of data protection in a country is not guaranteed by an adequacy resolution, we shall enter into a contract ensuring that the protection of your personal data will be equivalent to that in Switzerland at all times. To do so, we shall take one or more of the following measures:
by entering into EU Model Clauses with the service providers engaged, cf. https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
by ensuring that the service providers engaged are certified under the Swiss-US or EU-US Privacy Shield Frameworks (if the data recipient is based in the USA or stores the data there), cf. https://www.privacyshield.gov/
by ensuring that the service providers engaged have Binding Corporate Rules (BCR) acknowledged by European data protection authorities, cf. https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_en.
12 Right to inspection, modification and deletion of your personal data
CLEONDRIS has implemented mechanisms to ensure that you can exercise your legal rights concerning your personal data.
Once the data controller (see item 1 above) has received your request and sufficient information to confirm your identity, we shall provide you with a copy of your personal data available to us for which you have a legal right of access. Moreover, we shall inform you of the purposes for which your personal data are used, of the recipient of your personal data and the source of the information.
You may contact CLEONDRIS in writing at any time to request changes in certain personal data that you consider erroneous or insignificant, or ask us to block, delete or otherwise remove your personal data to the extent permitted by the applicable law. We shall update, block, delete or remove your personal data as required by law.
Moreover, you have the option of revoking your consent that you previously granted to CLEONDRIS for marketing activities and marketing communications. Marketing communications contain a simple mechanism of unsubscribing from future communications, such as a hyperlink that you can click to unsubscribe. You can unsubscribe by following the instructions in the relevant communication that you have received on a certain channel or by using the settings of your CLEONDRIS customer account. Alternatively, you can contact us directly using the contact information stated below.
Please note, that even after receiving your request to block or delete your personal data, we may be required to retain some of your personal data for the purposes of our statutory or contractual recordkeeping obligations (e.g., for invoicing purposes) in which case we shall only block your personal data to the extent necessary to that purpose. Moreover, deletion of your personal data may have the effect that you can no longer receive or use the services for which you have signed up. Under certain conditions, you may be entitled to require us to transfer your personal data in a commonly used format to you or to a designated third party.
If you have questions about this policy, please contact us by e-mail to [email protected].