Data Privacy Notice

How we handle Your Personal Data

scip AG takes protection of personal data very seriously. We follow national and international laws, regulatory obligations, guidelines, and best practices to guarantee the highest level of security and transparency of personal data for our clients. Our process was reviewed by a privacy law study at Princeton University and Radboud University. This document summarizes our efforts and answers the following questions:

If you have any more comments or questions regarding the collection and processing of your personal data please contact us via email at info@scip.ch or with the contact form on our web site.

Personal Data Collecting and Processing

Types of Personal Data

scip AG is, depending on the client relationship (if any), collecting and processing this kind of personal data:

User identifying mechanisms like cookies are used if their purpose is to guarantee the basic functionality of a service (e.g. authentication and session management).

Legal Basis

Depending on the customer relationship, data will fall into one of the following categories:

  1. Necessary for the legitimate interest of scip, without affecting personal interest or fundamental right in freedoms of a client;
  2. Necessary for preparing or executing services or products a customer has requested at scip;
  3. Required to meet our national and international legal or regulatory obligations.

Purposes of Processing

scip is processing personal data only for a specific purpose in the interest of the client relationship. This is in particular:

  1. Client on-boarding processes to verify your identity;
  2. Managing our relationship with existing clients;
  3. Providing products and services requested by clients;
  4. Guarantee proper availability and execution of requested products and services;
  5. Helping us to learn about the demands of our customers to optimize products and services;
  6. Meeting our on-going legal, regulatory, and compliance obligations;
  7. Ensuring security and safety for clients, employees and partners.

If there is any other purpose, we will inform you in time which will allow you to prohibit further collecting and processing of your personal data.

Access to Personal Data

Internal Access

Data located at scip AG is accessible by internal employees only. We follow the least privilege principle where access is minimized to employees only, if and as long as they are assigned to a project or process.

All employees are required to sign a non-disclosure agreement and complete mandatory confidentiality and privacy trainings, as well as our code of conduct training. We are not sharing any kind of personal data with third parties, service providers, authorities, or the public.

International Transfer

The HQ of scip is in Zürich, Switzerland. All personal data is stored in Switzerland and will not be transferred or shared outside Switzerland. Accessing and submitting data might let it traverse other countries and adjacent companies (like internet service provider, mail server, web hoster). We have no influence based on technological and topological structure of such Internet connections.

We are not working with ad networks, we are not embedding external libraries, we are not embedding external fonts, and we are not embedding social media buttons. All core files delivered to customers are hosted on scip servers.

Under some circumstances we may embed videos from external sources if it helps to enrich the user experience (e.g. YouTube, Vimeo). Such embedded objects always enable all available privacy features (e.g. encryption, disabling 3rd party cookies, http security header) to limit disclosure of personal data to outside entities.

Payment handling might be done by an external service provider. Such extended data processing would be indicated at the beginning of the exchange.

We are providing a Secure Transfer Server, an in-house solution to exchange data via secure channels and to prevent exposed transmission via other countries and companies. Please use additional security measures like encryption (e.g. PGP/SMIME) to increase the security of all your exchanges.

Retention Time

scip will only retain personal data as long as necessary to fulfil the purpose for which it was collected. This retention time will comply with legal, regulatory and internal policy requirements. After that retention period the data will be deleted irreversibly.

Your Rights

Overview

You have the right to correct inaccurate personal data we collect and process. We are committed to keep your personal data accurate and up-to-date. Therefore, if your personal data changes, please inform us as soon as possible.

Where we process your personal data on the basis of your consent you have the right to withdraw this consent at any time. Please note that this withdrawal may not affect our legal or regulatory obligations of data processing.

You have the right to ask us to stop processing your personal data. You have also the right to ask us to delete personal data already collected and processed. If you are object to direct marketing, you have always the possibility to click an unsubscribe button to halt further direct marketing. We need to store such opt-out inquiries to prevent unwanted processing in the future.

Where personal data is processed after your agreement, it is possible to ask that we transfer all collected data back to you applicable under the data protection laws.

You can exercise the rights set out above by contacting our DPO (Data Protection Officer). See below for contact possibilities.

Exercising Rights and Complaints

If you have any questions or are not satisfied with the collecting and processing of your personal data by scip AG, we would be happy to discuss the matters with you and find an acceptable solution. Please contact us:

Appendix

Security Note

We have state-of-the-art technical and organizational security measures in place to prevent the unauthorized and unlawful access and misuse of personal data. Regular security testing of our services helps us to reduce the attack surface. And further monitoring, logging, and alerting systems help us to identify and react to attack attempts quickly. If you suspect a system to misbehave, please contact us so we may address the issues as soon as possible.

Status of Privacy Notice

This privacy notice was set into effect in May 2018 and updated in June 2019 (clarifying wording, added payment processing). It is a notice explaining what scip AG does. It is not a contractual agreement with customers. We reserve the right to change this notice as needed.

Sie haben Fragen zum Thema?

Unsere Spezialisten kontaktieren Sie gern!