dss+ Transformâ„¢ Application Privacy Policy (External)

This privacy policy (the Privacy Policy) applies to the processing of personal data by DSS Sustainable Solutions Switzerland SA (CHE-371.503.138), chemin du Pavillon 2, 1218 Le Grand-Saconnex (dss+, we, us or our) in connection with the use of its dss+ Transform application (the Application) accessible as a downloadable mobile application or as a website available at https://transform.consultdss.com/.

By accessing and using the Application, you expressly acknowledge that we collect and process your personal data in accordance with this Privacy Policy.

We reserve the right to amend the Privacy Policy at any time at our sole discretion in order to adapt it to any new commercial or technological practice or change in the law. Should this occur, we will inform you by any appropriate means (including via email or other notification methods or the Application). If you do not accept these amendments, your sole remedy is to no longer access and/or use the Application.

1. Introduction

1.1 We recognize the importance of your privacy and of transparency in our processing of your personal data. This Privacy Policy explains (i) which personal data are collected when you access and use the Application, (ii) the manner and the purposes for which we process the personal data, and (iii) the measures which we take in order to protect such personal data.

1.2 The Application is a tool that we provide to your employer, respectively the organization to which you are affiliated in any other way (Organization). This Privacy Policy does not govern how your Organization process your personal data. Please refer to your Organization's policies and contact your Organization directly for any inquiry relating to the use of your personal data by it.

2. How and Why We Process Your Personal Data

We only process your personal data when we have a valid reason to do so, in accordance with the law.

2.1 We process your personal data in compliance with Swiss data protection law and the UE General Data Protection Regulation and only when we have a valid reason to do so, as further specified below.

To provide the Application and Services to You or Your Organization

2.2 We mainly process your personal data to provide the Application and Services to your Organization and you, in accordance with your Organization's instructions. In this case, our processing of your personal data in connection with the Application is governed by a contract between us and your Organization, and your use of the Application is subject to your Organization's policies.

2.3 As part of the services we provide, Your Organization can:

  • Control and administer your account, including controlling privacy-related settings of the Application;
  • Access and process your data, including the interaction data, the webforms you fill in, and the contents of your communications and files associated with the Application and accounts.

For our legitimate business interests, including to improve our Application and services, as well as for monitoring or statistical purposes.

2.4 Furthermore, we may also process your personal data for our legitimate business operations related to providing the Application, which include (i) to provide the Application and our services in an efficient and secure way (including internal analysis to ensure the Application’s stability and security, updating, securing, and troubleshooting, as well as providing support) (ii) to improve and develop the Application and our services (iii) to benefit from cost-effective services (e.g. we may opt to use certain Application offered by suppliers); and (iv) to meet our corporate and social responsibility objectives (including monitoring our performance or the use of the Application and our services, and for statistical purposes).

2.5 When doing so, we generally rely on your legitimate business interest. We may also process your data we have obtained your prior unambiguous consent. You may withdraw your consent, respectively object to such processing activities at any time.

If we have a legitimate interest or a legal obligation to do so.

2.6 We may further process your personal data to comply with our legal or regulatory obligations. This will for instance be the case if we need to disclose certain information to public authorities or retain such information for tax or accounting purposes, or the establishment, exercise or defense of legal claims.

3. How and Where We Collect Your Personal Data

We collect the personal data which you provide or which is provided by your Organization.

3.1 We collect the personal data you provide when you correspond with us and/or our partners, or when you use the Application, for example, when you create and/or manage your account, or through webforms you fill up., as well as the information that your Organization provides us with in connection with the Application.

3.2 Such information may include your first and last name, work location, work phone number, cell phone number, job title, employer name, business address, industry, the information you filled in webforms, and any other information which we may request from you, or which may be provided by your Organization.

3.3 In relation with specific functionalities of the Application, we may also be provided by you or your Organization with health data pertaining to the work you perform for your Organization, or other sensitive data about you (Sensitive Data). In this case, in derogation to other sections of this Privacy Policy, we will not process your Sensitive Data beyond what is strictly needed for the performance of our contract with your Organization, and as requested by your Organization.

Certain personal data are also collected in an automated manner.

3.4 We may also automatically collect personal data when you access and use the Application, including by means of tools, web forms, cookies and other active elements contained in our emails and/or those of our partners, including basic logs on information such as IP address, user id, network ID and digitized signature, and user location.

You can define certain authorizations and settings related to the automated collection of your personal data.

3.5 You may define certain authorizations related to data collection, in particular in connection with the geolocation and your device’s right to access data contained in your device, according to the available functionalities on your device.

3.6 You may also define certain settings for the automated collection of your personal data on your web browser (if you access the Application via a computer) or on your device. For more detailed information, please consult the chapter on cookies below.

4. Processing Methods

We may process your personal data by automated means but takes appropriate security measures in this respect.

4.1 Our processing activities are carried out both by humans and with computers or computer tools, and in compliance with the purposes indicated in this Privacy Policy.

4.2 Furthermore, we may process your data to remove any information that identifies you and your Organization from it (anonymization) and further use such anonymised data for purposes not contemplated by this Privacy Policy (including for data mining, benchmarking and analytics purposes, or for developing and marketing new services).

5. How long Do We Store Your Personal Data?

5.1 We will not retain your personal data for a longer period than necessary for the purposes as outlined in this Privacy Policy.

5.2 If you leave your Organization (e.g. in the event of change of employment), or if your Organization requests us to do so, your account and access to the Application will be removed. In this case, we can will delete from our servers or anonymise any personal data associated with your account (including content) based on the request.

6. Communication to Third Parties

We may disclose your personal data to third parties in case this is necessary for the proper operation of the Application and the provision of the related services.

6.1 In addition to your Organization's access (see section ‎2.3), we may communicate your personal data to third parties for the purpose of operating the Application. This may include Amazon Web Services and/or Microsoft Azure(hosting services), Unifii Pty Ltd (IT infrastructure provider).

6.2 In the above contexts, the Application may contain links to third party content or website. Please note that this Privacy Policy does not apply to the practices of any company or individual that we do not control, nor to any other website that may be linked from the Application. In such contexts, the collection and use of your personal data are governed by such other party or websites’ privacy policy. We shall not be held responsible for their privacy practices.

We may also disclose your personal data to third parties when we have a legitimate interest or legal obligation to do so

6.3 We may also disclose your personal data when we have a legitimate interest to do so, for instance to (i) any third party to whom we assigns or transfers any of our rights or obligations; (ii) to competent courts or supervisory or regulatory bodies, when we must compellingly disclose your personal data, pursuant to any applicable law, regulation or order.

7. International Transfers
Your personal data may be disclosed outside of your country of residence, including to countries that do not guarantee the same level of data protection and privacy as Switzerland and the European Union.

7.1 The personal data that we collect from you may be stored and processed in your region, or transferred to, stored at or otherwise processed outside your country of residence, including, in respect of residents of a country within the European Economic Area (the “EEA”) or Switzerland, in a country outside the EEA or Switzerland, or any other country which do not necessarily offer an adequate level of data protection as recognized by the European Commission or Switzerland, including without limitation the U.K., U.S, Australia. and/or India. Your personal data may also be processed by staff operating inside or outside your country of residence, including staff located outside of the EEA or Switzerland, who works for us or our service providers.

7.2 Where we transfer your Personal Data outside the EEA or Switzerland, we will ensure that suitable safeguards are in place to help ensure that our third party service providers provide an adequate level of protection to your Personal Data, for instance by relying on the EU-U.S. Privacy Shield Framework, the Swiss-U.S. Privacy Shield Framework, or on standard contractual clauses adopted by the European Commission.

7.3 You may request additional information in this respect and obtain a copy of the relevant safeguards upon request through sending a request to the contact indicated section ‎11 below. Please contact your Organization directly for any transfer made or permitted by your Organization.

8. Security

We maintain physical, technical and procedural safeguards to keep secure your personal data.

8.1 We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. We restrict access to your personal data to those persons who need to know it for the purpose described in this Privacy Policy. In addition, we use standard security protocols and mechanisms to exchange the transmission of sensitive data. When you enter sensitive information on our website, we encrypt it using transport layer security (TLS) technology.

8.2 Although we take appropriate steps to protect your personal data, no application or website is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.

8.3 The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment and this Privacy Policy applies to your use and disclosure of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk.

9. Cookies and Similar Technologies

We use cookies and other similar technologies in connection with the Application.

9.1 We may use various types of cookies or other similar technologies some (authentication tokens) to manage the user access to the solution.

Why and how we use cookies and similar technologies?

9.2 They are essential to the functioning of the Application itself, and disabling this function may prevent use of the Application.

9.3 The cookies or other similar technologies are stored in the local storage. They are needed to authorize access to allow entry to the Application without a need to repeat the authentication process. The token is encrypted

9.4 Some cookies are retained in your electronic device for only as long as you access and use the Application, while others persist for a longer specified or unspecified period.

We use the following cookies:

Essential cookies

9.5 Some cookies we place on your electronic device ensure that the Application delivers you without limitation information securely and optimally. The Service/website cannot function properly without these Cookies.

Cookie Provider Stored / processed data Expiry Description
Authentication security token Unifii Local storage on a user device 3 days Tokens are encrypted once the information is processed
Authentication security cookie Tableau Local storage on a user device 3 days Tokens are encrypted once the information is processed

10. Your Rights

You have the right to access your personal data processed by us and may request without limitation that they be removed, updated, or rectified.

10.2 You should direct your privacy inquiries relating to the use of your personal data in this respect, including any requests to exercise your data protection rights, directly to your Organization’s contact person.

10.2 If you have questions about our legitimate business operations in connection with providing the Application to your Organization, as specified in sections 2.4 to 2.6, you may contact us to know the content of such personal data, verify their accuracy and request that they be supplemented, removed, updated, or rectified. You also have the right to ask us to cease processing any personal data that may have been obtained in breach of applicable law, and to object to the processing of your personal data for any other legitimate reason.

10.3 Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent.

10.4 You may also have the right to request your personal data’s portability, i.e. that the personal data you have provided to you be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format without hindrance from us and subject to our confidentiality obligations, subject to applicable data protection laws.

You have the right to lodge a complaint

10.5 If you are not satisfied with how we process your personal data, you may file a complaint with the competent supervisory authority, in addition to your rights outlined above.

11. Contact

11.1 As indicating above, if you have questions about our processing of your personal data in connection with providing the Application , please contact your organization directly.

11.2 For other inquiries, please contact us at privacy@consultdss.com.

Date last updated: 1 April 2020