With this privacy statement, we, REWIDI Ltd (hereinafter “REWIDI”, “we” or “us”), describe how we collect and process personal data. This privacy statement is not necessarily a comprehensive description of our data processing activities. It is possible that other privacy statements are applicable to specific circumstances. The term “personal data” in this privacy statement means any information that identifies or could reasonably be used to identify any person.
If you provide us with personal data of other persons (such as employees), please make sure respective persons are aware of this privacy statement and only provide us with their data if you are allowed to do so and if such personal data is correct.
This privacy statement is in line with the EU General Data Protection Regulation (GDPR).
1. Data Controller
The controller of data processed as described in this privacy statement (i.e. the responsible person) is REWIDI Ltd, unless we have informed you otherwise. You can contact us in connection with any data protection-related concerns as follows:
8808 Pfäffikon SZ
+41 55 416 26 76
Data Protection Officer of REWIDI: Dr. Martin K. Weber, LL.M.
2. Collection and processing of personal data in general
We primarily process personal data that we obtain from our customers and other business partners as well as other individuals in the context of our business relationships with them or that we collect from users when operating our websites, apps and other applications.
Insofar as it is permitted to us, we obtain certain personal data from publicly accessible sources (e.g. debt registers, land registries, commercial registers, press, internet) or we may receive such information from our customers and their employees, from authorities, courts, arbitral tribunals or other third parties.
3. Purpose of data processing in general
We primarily use collected data in order to conclude and process contracts with our customers and business partners, in particular when providing distribution and support services to our customers and in the context of the procurement of products and services from our suppliers and subcontractors, as well as in order to comply with our domestic and foreign legal obligations. You may be affected by our data processing in your capacity as an employee of such a customer or business partner.
In addition, in line with applicable laws and where appropriate, we may process your personal data and the personal data of third parties for the following purposes, which are in our (or, as the case may be, any third parties’) legitimate interest, such as:
- creating and developing our legaltech solutions, services and websites, apps and platforms;
- communication with third parties and the processing of their requests;
- advertising and marketing (including organizing events), provided that you have not objected to the use of your data for this purpose (if you are part of our customer base and you receive our advertisement, you may object at any time and we will place you on a blacklist against further advertising mailings);
- market and opinion research, media surveillance;
- ensuring our business operations, including our IT, our websites, apps and other appliances;
- surveillance to protect the domiciliary rights and other measures to ensure the safety of our premises and facilities as well as protection of our employees and other individuals and assets owned by or entrusted to us (such as e.g., access controls, visitor logs, network and mail scanners, telephone recordings);
- possible corporate transactions and the transfer of personal data related thereto;
- measures for business management and compliance with legal and regulatory obligations.
If you gave us your consent to process your personal data for certain purposes (for example when registering to arrange for a demo of our legaltech solutions), we will process your personal data within the scope of and based on this consent, unless we have another legal basis and as long as we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.
4. Collection and processing of personal data when using our website
4.1 Visiting our website
When you visit our website our servers temporarily store each access in a log file. The following data is collected and stored, without any action on your part, until it is automatically deleted after twelve months at the latest:
- the IP address of the requesting computer;
- the name of your internet access provider;
- date and time of access;
- name and URL of the data retrieved;
- the website from which our domain was accessed (and the search term used, as the case may be);
- the operating system of your computer and the browser used (type, version and language); and
- the transmission protocol used (e.g. HTTP/1.1).
This data is collected and processed for the purposes of allowing the use of our websites (establishing a connection), ensuring system security and stability in the long term and allowing our internet offering to be optimized, as well as to compose internal statistics. We rely on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR to process the data for these purposes.
The IP address will be evaluated for clarification and defense purposes only in the event of an attack on the website’s network infrastructure or in case of a suspicion of unauthorized or abusive use of the website. It may further be used for identification purposes in criminal proceedings and in the context of civil and criminal proceedings against the user concerned, as necessary and required. We rely on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR to process the data for these purposes.
4.1 Using our contact form (book a live demo)
If you contact us by using the contact form (book a live demo) located on our website, we collect the following information from you:
- First name*
- Postal code*
- Telephone number
- Email address*
- Your request/ message*
The fields marked with * are mandatory.
We use this data to respond to your query or provide the services you request. We only use your telephone number in connection with your query but never for marketing purposes.
We rely on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR to process your above data for the mentioned purposes. You can object to this data processing at any time.
4.3 Contacting us by e-mail and job applications
When you send us an e-mail and/or submit your application for a job at REWIDI Ltd., we process the personal data you provide to us for the purpose of examining your query and/or job application.
For this purpose, we will use your consent in accordance with Art. 6 para. 1 lit. a GDPR as the basis to process your personal data. You may nevertheless withdraw your consent for this processing at any time.
4.4 Links to our social media channels
On our website, we have incorporated links to our social media profiles on the following social networks:
- LinkedIn Corp., 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA;
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;
- XING SE, Dammtorstrasse 30, 20354 Hamburg, Deutschland.
If you click on the relevant brand icons, you will be automatically redirected to our profile on the relevant social network. In order to use the functions of the relevant network there, you must partially log in to your user account for the relevant network.
When you open a link to one of our social media profiles, a direct connection is established between your browser and the server of the relevant social network. This gives the network the information that you have visited our website with your IP address and accessed the link. If you access a link to a network while logged in to your account of the relevant network, the contents of our page may be linked to your profile in the network, which means that the network can link your visit to our website directly to your user account. If you want to prevent this, you should log out before clicking on the relevant links. An assignment takes place in any case, if you log into the relevant network after clicking on the link.
For more information about the purpose and scope of the data collection and further data processing by the above social media networks and your respective rights and data protection options, please have a look at their privacy policies.
4.5 Cookies and tracking in connection with the use of our website
5. Disclosure of personal data to third parties and transfer of data abroad
We will only transfer your personal data to third parties if you have given your express consent, if there is a legal obligation to do so, or if it is necessary for the enforcement of our rights, in particular to assert claims arising out of a contractual relationship.
In addition, we will transfer your data to third parties as far as it is necessary for the use of our website, the processing of your contact requests, the sending of our marketing communication, and the analysis of your user behavior. The use of the data forwarded for these purposes by third parties is limited to the stated purposes.
Various third-party service providers are explicitly mentioned in this privacy statement. Additional service providers to whom personal data collected via the website is passed on, or who may have access to such data, are the developers of PACTIUS A/S, Langelinie Allé 35, 2100 Copenhagen, Denmark, who maintain and further develop our digital tools PACTIUS und PACTIUS Privacy, and the webhosts of Pixels & Bits GmbH, Seestrasse 1, 6330 Cham, Switzerland, maintaining our website. The data is passed on for the exclusive purpose of providing and maintaining the functionalities of our website as well as our digital tools PACTIUS and PACTIUS Privacy. For this processing we rely on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR.
Retention periods for your personal data
We only store personal data for as long as necessary to:
- provide you with the products and services that you have requested or for purposes as to which you have given your consent;
- enable the above-mentioned tracking, advertising and analysis services within the scope of our legitimate interests.
Please note that legal retention periods may apply to certain data. Such data must be stored by us until the end of the retention period. We block any such data in our systems and use them exclusively to comply with our legal obligations.
We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as internal policies, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, inspections.
We also take internal data privacy very seriously. Our employees and the service providers that we retain are required to maintain secrecy and to comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their tasks.
8. Obligation to provide us with personal data
In the context of our business relationship, you must provide us with any personal data that is necessary for the conclusion and performance of a business relationship and the performance of our contractual obligations. In principle, there is no statutory requirement to provide us with data. Without this information, we will usually not be able to enter into or carry out a contract with you (or the entity or person you represent). In addition, the website cannot be used unless certain information is disclosed to enable data traffic (e.g. IP address).
9. Your Rights
In accordance with and as far as provided by applicable law (as in the case of the GDPR), you have the right to access, rectify and erase of your personal data, the right to restriction of processing or to object to our data processing in addition to the right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims. If exercising certain rights incurs costs for you, we will notify you thereof in advance. We have already informed you of the possibility to withdraw consent in Section 3 above. Please further note that the exercise of these rights may be in conflict with your contractual obligations and this may result in consequences such as premature contract termination or involve costs. If this is the case, we will inform you in advance unless it has already been agreed upon contractually.
In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents when your identity is not evident otherwise or cannot be verified in another way). In order to assert these rights, please contact us at the addresses provided in Section 1 above.
In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority.
10. Amendments to this privacy statement
We may amend this privacy statement at any time without prior notice. The current version published on our website shall apply. If the privacy statement is part of an agreement with you, we will notify you of amendments by e-mail or other appropriate means.
REWIDI Ltd, June 15, 2018