V1.0 – [4 July 2019]
KSquared GmbH, c/o Nicolo Angerer, Konradstrasse 71, 8005 Zurich, Switzerland (“KSquared“, “we“, “our” or “us“) is strongly committed to the protection of the privacy of its website visitors and customers (“you” or “your“). We comply with the applicable data protection regulations including in particular the Swiss Federal Act on Data Protection (FADP) and, to the extent applicable, the EU General Data Protection Regulation (GDPR).
2. PERSONAL DATA WE PROCESS
When you access the Website or use any of our Services, we may collect and process all or a part of the following types of personally identifiable information about you or your business (the “Personal Data“):
- Identity and contact data (e.g. name, date of birth, passport number, work and mobile telephone numbers, work and personal email and postal address);
- Professional details (e.g. company name, job title, job and career history, educational background and professional memberships);
- Financial and payment data (e.g. bank details);
- Profile, usage and website interaction, including password to our Website, your preferences in receiving marketing information from us, your communication preferences and information about how you use our Website, including the Services that you viewed or searched for, page response times, download errors, length of visits and page interaction information (such as scrolling, clicks, and mouse-overs);
- Technical data, including information collected during your visits to our Website, login data, browser type and version, device type, time zone setting, browser plug–in types and versions, operating system and platform.
3. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our Services:
- Contract – We may process personal data in order to perform our contractual obligations or take steps linked to a contract with you or your organisation. This includes:
- To register you as a client of KSquared;
- To provide and administer Services as instructed by you or your organisation;
- To process payments, billing and collection; and
- To process applications for employment.
- Consent – We may rely on your freely given consent at the time you provided your personal data to us.
- To provide you with information about our company and Services.
- Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These include:
- To administer and manage our relationship with you, including accounting, auditing, and taking other steps linked to the performance of our business relationship including identifying persons authorised to represent our clients, suppliers or service providers;
- To carry out background checks, where permitted;
- To analyse and improve our Services and communications and other systems and communications and to monitor compliance with our policies and standards;
- To protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
- To collect information about your preferences to personalise and improve the quality of our communications with you; and
- To seek for qualified candidates.
- Legal obligations and public interest – We may process personal data in order to meet regulatory and public interest obligations, including maintaining records, compliance checks or screening and recording (e.g. anti–money laundering, financial and credit checks, fraud and crime prevention and detection, trade sanctions and embargo laws). This can include automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity or making records of our communications with you for compliance purposes.
4. HOW WE COLLECT PERSONAL DATA
We obtain personal data directly from individuals in a variety of ways, including:
- When you or your organization seek advice from us or use any of our online Services;
- When you or your organization offer to provide, or provides, services to us;
- When you correspond with us by using our Website;
- When you or your organization browse, complete a form or make enquiry or otherwise interact on our Website.
We obtain personal data indirectly about individuals from a variety of sources, including recruitment services and our clients. We may attach Personal Data to our customer relationship management records to better understand and serve our business clients, prospects, subscribers and individuals, satisfy a legal obligation, or pursue our legitimate interests.
- Public sources – Personal data may be obtained from public registers (such as commercial registers), news articles, sanctions lists, and Internet searches.
- Social and professional networking sites – If you register or login to our Website using social media (e.g., LinkedIn, Google, or Twitter) to authenticate your identity and connect your social media login information with us, we will collect information or content needed for the registration or login that you permitted your social media provider to share with us. That information may include your name and email address and, depending on your privacy settings, additional details about you, so please review the privacy controls on the applicable service to set how much information you want shared with us.
- Business clients – Our business clients may engage us to perform Services which involve sharing personal data they control as part of that engagement.
- Recruitment services – We may obtain personal data about candidates from an employment agency, and other parties including former employers, and credit reference agencies.
5. PURPOSES OF PROCESSING PERSONAL DATA
We may use the Personal Data for the following purposes:
- To provide and protect the Website and our Services;
- To administer, manage and develop our business and Services;
- To maintain and improve the Website and our Services;
- To develop new services;
- To provide you with information about us and our Services;
- To comply with any requirement of law, regulation or a professional body of which we are a member; and
With your explicit consent, we may also use your Personal Data to send newsletters and other marketing communication to you about our products and Services. Your consent to receiving such communication can be withdrawn at any time by clicking ‘unsubscribe’ in the respective communication or by contacting our business via email.
The Personal Data will be processed and used by us and any subcontractors we may engage in accordance with applicable data protection legislation. Where possible, your Personal Data will be shared in an anonymized and aggregated form to protect your privacy.
6. PERSONAL DATA SECURITY
We have implemented technical and organizational measures in an effort to safeguard the Personal Data in our custody. Such measures include:
- restricting access to Personal Data to staff and service providers on a need–to–know basis;
- setting up high security specifications on our Website.
While we endeavor to always protect our Website against unauthorized access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe.
7. DISCLOSURE TO THIRD PARTIES AND CROSS-BORDER TRANSFERS
In the context of our business activities and in line with the purposes of the data processing set out in Section 5, we may transfer data to third parties, insofar as such a transfer is permitted and we deem it appropriate, in order for them to process data for us or, as the case may be, their own purposes. In particular, the following categories of recipients (together the “Recipients“) may be concerned:
- Other members of our group of companies which includes our subsidiaries and holding companies, solely for the purpose of providing the Services and assessing the performance, functionality and any improvements to the Services;
- Our service providers (such as e.g. banks, insurance companies, IT providers);
- Domestic and foreign authorities or courts as well as arbitral tribunals if required by law;
7.2 Where your data is stored and cross-border transfers
Certain Recipients may be within Switzerland, but they may be located in any country worldwide. In particular, Personal Data may be transferred to countries, in which our service providers, their affiliates, or business partners are located as well as countries in which service providers (such as experts, IT service providers, and law firms) are located. If we transfer data to a country without adequate legal data protection, we ensure an appropriate level of protection as legally required by way of using appropriate contracts or binding corporate rules or we rely on the statutory exceptions of consent, performance of contracts, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the persons concerned.
8. YOUR DATA PROTECTION RIGHTS
You have rights that you can exercise under certain circumstances with respect to your Personal Data that we hold. To exercise your rights, please send an email to firstname.lastname@example.org.
8.1 Right to Access to Your Personal Data
You have a right to request a copy of the Personal Data held by us as a data controller, which we will provide to you in an electronic form. At our discretion we may require you to prove your identity before providing the requested information.
We aim to respond to any requests for information promptly and, in any event, within the legally required time limit. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
8.2 Right to Amendment of Your Personal Data
You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.
When feasible in practice, once we are informed that any personal data processed by us is no longer accurate, we shall make appropriate corrections based on your updated information.
8.3 Right to Withdraw Consent
If you have provided your consent to the collection, processing and transfer of your Personal Data, you have the right to fully or partly withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us. The withdrawal of your consent will not affect the lawfulness of any processing carried out before you withdraw your consent.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing. To stop receiving emails from a KSquared marketing list, please click on the ‘unsubscribe’ link in the email you received from us or use our contact form. Opting out of receiving marketing communications will not affect the processing of personal data for the provision of our Services.
8.4 Right to Erasure of Your Personal Data
You have the right to request that KSquared deletes your Personal Data when the Personal Data is no longer necessary for the purposes for which it was collected, or when, among other things, your Personal Data have been unlawfully processed.
8.5 Right to Restriction of Processing
You have the right to request that we restrict our processing of your Personal Data where you believe such data to be inaccurate, our processing is unlawful, or where we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.
8.6 Right to Portability of Your Personal Data
You have the right to request that we transmit the Personal Data we hold in respect of you to another data controller, where this is personal information which you have provided to us and where we are processing that data on the basis of your consent or in order to perform our obligations under contract to you (such as to provide our Services).
8.7 Right to Object to Processing
Where the legal justification for our processing of your Personal Data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of a legal claim.
8.8 Right to Lodge a Complaint with a Supervisory Authority
You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.
If you have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.