1. Applicability We are committed to protecting your privacy. Archlet AG takes the protection of not only your personal but the safety and security of all data that flows through our website www.archlet.io (“Website”) and end-user application of Archlet AG ("App" and together with the Website "Platform") serious. As part of this effort, we process personal data and information ("Personal Data") in accordance with the Swiss Data Protection Law and, where applicable, with the European General Data Protection Regulation (“GDPR”). This Privacy Policy applies to the Platform of Archlet AG (and any subsidiaries) but does not apply to any third party websites that may be linked to our Website or App, which will be governed by their own privacy policies. California Consumer Privacy Act (CCPA): We are not in the business of selling Personal Data. We do not sell any collected Personal Data. Personal Data that is collected by us as a result of your visiting of our Platform or using our product and services in any form, is only processed for that purpose or any other purpose that you consent to us. As a consumer, you have extensive rights under the CCPA. We have described these below for you. Contact us under the contact details provided below if you have any questions or concerns.
2. Controller
Archlet AG (Hardturmstrasse 132, 8005 Zürich, Switzerland, e-mail: privacy@archlet.ch is controller ("Controller" and "Archlet") in the sense of article 4 para. 7 GDPR.
3. General Information
The terms “We”, “Us” and ”Our” mean Archlet. The terms “You” and “Your” refer to you, as a user or visitor of Our Platform provided services. The term Personal Data refers to all information relating to an identified or identifiable natural person (hereinafter referred to as "Data Subject"); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, as set out in article 4 para. 1 GDPR. In addition, personal data subject to the Swiss Federal Act on Data Protection ("FADP") comprises data of legal persons. We treat all Personal Data confidentially.
4. Collection of Data
You may give Us information about You by submitting information on Our Platform or by corresponding with Us by phone, e-mail or otherwise. This includes information You provide when You register to use the Platform, subscribe to the Platform services, participate in discussion boards or other social media functions on the Platform, and when You report a problem relating to the Platform. The information You give Us may include your name, address, e-mail address, phone number, personal description or photograph. Any processing of Your Personal Data is based on a legal basis which is indicated below. By visiting the Platform, You agree to the collection and use of information in accordance with this Privacy Policy. We will not collect any Personal Data unless it is voluntarily provided by You or it is automatically collected by visiting the Platform (technical data such as Internet browser, operating system, date or time of the Platform access as well as the referrer URL, IP address and host name of the accessing computer). Access to Personal Data is limited to those employees of Us who need to know this data. The persons concerned are obliged to maintain confidentially and to comply with the applicable data protection laws and regulations.
5. Collection of Data by the App
The server, the App is communicating with, stores information in so-called log files automatically. This applies to information automatically transmitted by the App, as follows: type of mobile device, operating system in use, language/regional settings in use, technical information about the device in use, date and time of the request, IP address, mobile phone number or device identification, current geolocation information about the mobile device, name of the user, SIM card number, fingerprints, films, photos and audio recordings. This happens based on article 6 para. 1 lit. b GDPR, that regulates the lawfulness of processing when it is necessary for the performance of a contract or in order to take steps prior to entering into a contract.
Some web browsers may transmit "do-not-track" ("DNT") signals to mobile applications with which the user communicates. We currently do not change our tracking practices in response to DNT settings in your browser.
6. Purpose of Processing and Legal Basis
Any processing of data is based on a specific legal basis. If the processing is necessary for the performance of a contract to which the Data Subject is a party, or for the implementation of pre-contractual measures taken at the request of the Data Subject, the processing may be based on article 6 para. 1 lit. b GDPR. If the processing is necessary to safeguard the legitimate interests of the Controller or a third party, provided that the interests or fundamental rights and freedoms of the Data Subject, which require the protection of Personal Data, do not prevail, it can be based on article 6 para. 1 lit. f GDPR.
We process Your Personal Data for the following purposes:
a) to fulfil Our obligation to make the services available to You in accordance with the service conditions concluded between You and Us; the legal basis for data processing is article 6 para. 1 lit. b GDPR;
b) to inform You about changes to Our services; the legal basis for data processing is article 6 para. 1 lit. b GDPR;
c) to ensure that the content of the Platform is presented on Your computer as efficiently as possible; the legal basis for data processing is article 6 para. 1 lit. b or f GDPR;
d) in order to enable You to participate in test and trial offers of Our services; the legal basis for data processing is article 6 para. 1 lit. b GDPR;
e) to inform You about parts of the services which We believe to be of interest to You if You have given Your consent; the legal basis for data processing is article 6 para. 1lit. a GDPR; and
f) as part of Our efforts to offer You the greatest possible security when using the Platform; the legal basis for data processing is article 6 para. 1 lit. f GDPR.
We also process data that cannot be assigned to any person. These are data that do notpersonally identify You, including anonymous information and aggregated data. This information helps Us to better understand how Our visitors use the services, to analyse demographics, interests and behaviours of Our visitors, to improve the services, to provide customized services and information to visitors, and similar purposes. 7. Feedback
If You contact Us to provide feedback, register a complaint, or ask a question, We will record any Personal Data and other content that You provide in Your communication so that We can effectively respond to Your communication. We reserve the right to use this information in any manner permitted by law, to respond to Your communication. The processing of Your Personal Data for feedback processing is based on article 6 para. 1 lit. f GDPR.
8. Activity
When You use the services, We receive and store certain information which may include Your Personal Data, regarding Your use of the services. Examples include IP addresses, browser types, domain names, and other statistical data regarding Your use of the services. We may use this data in a way that does not disclose any of Your personally identifiable information, including, but not limited to, for purposes of developing new product and service offerings. 9. Cookies
We may send cookies to Your computer in order to uniquely identify Your browser and improve the quality of Our service. The term “cookies” refers to small text files that are stored permanently or temporarily on Your computer when You visit the Platform. Their main function is to analyse how the Platform is used, both for statistical evaluation and to help continually improve the Platform. Furthermore, the data collected by cookies is used to learn about Your preferences and to ensure that the Platform is provided without errors. Cookies do not cause any damage to Your computer and do not contain viruses. We may use both session cookies (which expire once You close Your browser) and persistent cookies (which stay on Your computer until You delete them). You can set Your browser to partly or completely deactivate cookies at any time. However, the complete deactivation of cookies can lead to the fact that You cannot use all functions of the Platform. You can find further information on this in the browser instructions. The use of cookies is based on article 6 para. 1 lit. f GDPR.
10. Web Analysis Services
In order to record the use of the Platform statistically and to evaluate it for the purpose of optimisation, We use web analysis services of third parties (tracking tools) to whom Personal Data may also be transferred in the course of using these services. For the purpose of the continuous optimisation of the pages and the design of the Platform, We use Google Analytics. Google Analytics is a web analytics service provided by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses also cookies, which enables an analysis of the use of the Platform. The information generated by the cookie about the use of the Platform (including Your browser type, referrer URL, IP address etc.) is transferred to a Google server in the USA and stored there. Google Analytics is set up so that IP addresses are only stored anonymously. Dueto this setting, Google shortens the IP addresses recorded within member states of the European Union or in other contracting states of the Agreement on the European Economic Area prior to storage. Google will use this information for the purpose of evaluating Your use of the Platform, compiling reports on Platform activity and providing further services relating to Platform activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Under no circumstances will Google merge Your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on its browser. By do so, You may not be able to use the full functionality of the Platform. By using the Platform, You agree to the processing of the data collected about it by Google in the manner and for the purpose described above. If You do not want to allow Google Analytics in principle, You can install the browser add-on (https://tools.google.com/dlpage/gaoptout) to deactivate Google Analytics. For more information on the privacy practices of Google or data protection in connection with Google Analytics, You can visit the Google Privacy & Terms website page (https://policies.google.com/privacy?hl=en) or the Google Analytics Help website (https://support.google.com/analytics/answer/6004245?hl=en).
We use Mailchimp (The Rocket Science Group, LLC) to manage email marketing subscriber lists and send emails to our subscribers to keep our subscribers up to date. Read their privacy policy here.
We use Lever (Lever, Inc.) to manage the job application process at Archlet. Data transmitted as part of your application will be transferred Lever Inc, which offers an applicant management software solution (https://www.lever.co/about/). In this context, Lever is our processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Lever. Read their privacy policy here.
11. Disclosure of Personal Data
We may disclose Your Personal Data for the following purposes:
a) Legal obligation We may disclose Your Personal Data in response to a request for information if We believe such disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, rule or regulation. The legal basis for processing to fulfil a legal obligation is article 6 para. 1 lit. c GDPR.
b) Violation of terms of services We may disclose Your Personal Data if We believe Your actions are in violation of Our terms of service and Privacy Policy, or to protect the rights, property and safety of Us or others. In this case, the transfer is based on article 6 para. 1 lit. f GDPR.
c) Disclosure within the company If necessary, We transmit Personal Data to other parts of the company, e.g. for billing purposes. In this case, the transfer is based on article 6 para. 1 lit. f GDPR.
12. Disclosure of Personal Data to Third Parties
Under no circumstances will We rent, sell or otherwise share Personal Data to third parties, except with your consent, the disclosure is necessary to assert, exercise or defend legal claims, a legal obligation exists or it is legally permissible and necessary for the execution of contractual relationships with You. Your rights regarding the transmission and processing of its Personal Data to third parties in accordance with the applicable data protection laws and regulations will be respected. A transfer of Personal Data to third parties will take place e.g. by transmitting the credit card data to the processing bank institutes or payment service providers for the purpose of debiting the purchase price. Furthermore, a transfer of Personal Data will take place inrelation to the web analysis services as listed above.
13. Links
Our Platform and services may contain links to third party websites to which We have no affiliation. This Privacy Policy does not extend to any external links. Except as set forth herein, We do not share Your Personal Data with those third parties, and are not responsible for and accept no liability for their privacy practices. We suggest You to read the privacy policies on all such third party websites.
14. Security
We take commercially reasonable steps to protect Your Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We use up to date TLS-encryption that Your systems support when transmitting data via Our systems. However, a complete protection of data against access by third parties is not possible. We cannot guarantee that all Internet or e-mail transmission is fully secure or free of errors. We also use suitable technical and organisational security measures to protect Your Personal Data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments. Nevertheless, We cannot guarantee their absolute security and We therefore cannot be held liable for intercepted information sent via the Internet or for third parties using revoked, stolen, forged, or otherwise insecure certificates. You should therefore take special care in deciding which information You send Us by e-mail and keep this in mind by disclosing any Personal Data to Us or to any other party via Internet.
15. Retention Period
We store Your Personal Data for as long as it is necessary for the respective purpose for which it was collected, in particular to fulfil contractual and legal obligations, such as statutory retention periods, or until You revoke Your consent in the processing of Personal Data. We may in any event retain and use such Personal Data as necessary to maintain accurate accounting, financial and other operational records, resolve disputes, and enforce the rights connected to the use of the Platform.
16. Your Rights
You are entitled to extensive rights which You can assert against Us based on article 15 to 21 GDPR. Upon request, We will inform You in writing, in accordance with the applicable statutory provisions, which Personal Data We have stored about You. You may request information about the origin, transfer, purpose of collection and use, the planned storage period and the type of processing of the Personal Data. Furthermore, at Your request, We will correct, complete, amend, delete or restrict the processing and storage of the Personal Data at any time, unless the processing is justified by Our legitimate interests, necessary to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. For this purpose and/or to obtain further information, please contact Us at privacy@archlet.ch.
You have the right to receive the Personal Data We hold about You in a structured, common, machine-readable format and free of charge. Upon request, We will transfer Your Personal Data to another controller. If You wish to exercise any of the rights mentioned in this section or if You have any questions about the processing of Your Personal Data, please contact Us at the e-mail address privacy@archlet.ch.
We are obliged to verify Your identity in such requests. Inquiries can therefore only be processed if a suitable proof of Your identity (copy of identity card or similar) is enclosed. If the processing of the Personal Data is carried out on the basis of the consent pursuant to article 6 para. 1 lit. a GDPR, You have the right to object such consent at any time. The data processing’s legality up to the time of objection stays untouched. Should the processing of Your Personal Data be based on article 6 para. 1 lit. e or f GDPR, You have the right to object, on grounds relating to Your particular situation, at any time to processing of Your Personal Data, including profiling based on those provisions. The respective legal basis for a processing of data is explained in this Privacy Policy. If You object, We will no longer process Your Personal Data, except we can prove reasons of compelling worth of protection, outweighing Your interests, rights and freedom or the processing is necessary for the establishment, exercise or defence of legal claims (article 21 para. 1 GDPR). Should Your Personal Data be processed for direct marketing purposes, You have the right to object at any time to the processing of Your Personal Data for such marketing. If You object, We will no longer process Your Personal Data for direct marketing (article 21 para. 2 GDPR).
Furthermore, You have the opportunity to file a complaint with the competent data protection supervisory authority and to revoke consent to data processing based on article 77 GDPR. Under the FDAP, the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html) is responsible for complaints.
17. Existence of an Automatic Decision-Making Process
As a responsible company, We refrain from automatic decision-making or profiling.
18. Conditions and Changes to this Privacy Policy
This is Our currently valid Privacy Policy. We are free to change this Privacy Policy from time to time. The new version will always be posted on the Website or App and will replace all previous versions. The changes will be effective immediately for new visitors and users of Our services and will become effective for existing users through continued use of the services after the effective date of the posted change. If You do not want to approve the changes to Our use of Your Personal Data, You have to notify Us before such changes take effect that You want to deactivate Your account with Us. Please note that You are always responsible for keeping Your Personal Data up to date and providing Us with Your current contact information.
