Privacy

DSS Sustainable Solutions Switzerland SA, Chemin Jean-Baptiste Vandelle 3A, CH-1290 Versoix, Switzerland, is responsible for the processing, as controller, of your personal data. You will find our contact details below in Section 13.

However, some of the processing activities set out in this General Privacy Notice are undertaken by our group entities, which will then act as data controller. The exact split differs between group entities and over time. We can confirm which processing activities are undertaken by which entity, on request.

This General Privacy Notice only applies to processing undertaken by or on behalf of us. Whilst we may provide links to third-party websites, contents, or services, we are not responsible for your use or access to such websites or for their policies in relation to personal data. In such circumstances, the collection and use of your personal data are governed by the privacy policy of those third-party providers, which you should carefully review to learn more about their personal data processing practices.

As further detail in this General Privacy Notice, we may process your personal data in connection with the professional Services we provide to your employer, respectively the organization to which you are affiliated in any other way (each an Organization). This General Privacy Notice does not govern how your Organization process your personal data through the Services. You must refer to your Organization's policies. Please see Section 8 below for additional information in this respect.

We collect the personal data that you or your organization provide to us.

We collect the personal data that you or your Organization provide to us when interacting with us and/or using our Services, for example when you use our Digital Solutions, communicate with us, create and/or manage your account, fill out website forms, subscribe to our newsletter, participate in a contest, promotion, survey or other promotion, participate in a blog or forum, contribute to market research we conduct, share information at a trade show or other event.

In particular, we may collect and process personal data about individuals with whom we interact, such as the name, title, position, company name, email and/or postal address and the professional fixed and/or mobile phone number. This information may either be directly provided by you or provided by your Organization (e.g. if you are the contact person designated by your employer to manage the relationship with us). We may also ask our third party partners to collect this information for us.

Some information is mandatory, and some is optional.

It is mandatory that you complete the data fields identified by an asterisk. If one or more mandatory data fields are not completed, we will not be able to provide access to our Services. You are not required to complete the optional data fields in order to access our Services.

Certain personal data are also collected in an automated manner.

We also automatically collect personal data, including by means of tools, web forms, cookies and other active elements, as further described in this General Privacy Notice.

You may define certain authorizations relating to the automatic collection of your personal data when you configure your device or your internet browser according to available functionalities. You may also define certain settings for the automated collection of your personal data through the cookies setting plug-in available on the Digital Solutions. For more detailed information, please see the cookie section below (Section 13).

We process your personal data for legitimate and clearly identified purposes.

Your personal data is collected and processed for the purpose of operating the Services and for the other legitimate purposes explicitly specified below or in the relevant Additional Privacy Notice, only to the extent relevant to achieve these purposes, and is not further processed in a manner that is incompatible with them.

We process your personal data for the following purposes:

To provide our Services to you or your Organization.

We mainly process your personal data to provide the requested Services to your Organization and you, including operating the Digital Solutions and providing the requested functionalities, in accordance with your Organization's instructions. In this case, our processing of your personal data in connection with the Services is governed by a contract between us and your Organization, and your use of the Services is subject to your Organization's policies.

If your use of our Services is not related to an Organization, our basis for processing the data is our Contractual Necessity.

You will find additional information about our activities in connection with the specific Services we provide in Section 15.

For our legitimate business operations related to the provision of the Services.

Furthermore, we may also process your personal data for our legitimate business operations related to the provision of the Services, which include (i) ensuring that our Services are provided in an efficient and secure way (e.g. through internal analysis of the Services’ stability and security, updates and troubleshooting, as well as support services); (ii) protecting the security of our IT systems, architecture and networks; (iii) managing our customers and suppliers; (iv) improving and developing the Services (including monitoring the use of our Services, and for statistical purposes); (iv) benefiting from cost-effective services (e.g. we may opt to use certain services offered by suppliers rather than undertaking the activity ourselves); and (v) achieving our corporate goals.

When doing so, we generally rely on our Legitimate Interests. We may also process your data we have obtained your prior unambiguous Consent. You may withdraw your consent, respectively object to such processing activities, at any time.

To send you our newsletter and other advertising information:

If you subscribe to one of our newsletters, we will collect your contact details (name and email address) and use it to provide you with the requested newsletter, based on your Consent. You may unsubscribe from the newsletter service at any time, in which case your contact details will be deleted.

We also process the time of registration and your opt-in confirmation based on our Legal Obligation to demonstrate compliance. We also analyze your use of our newsletter, e.g. whether you have opened it or clicked on certain links, and process this data to optimize and improve our newsletter, based on our Legitimate Interest.

We use the services of third parties to send our newsletters, which will have access to the information strictly required to them in order to provide you with the service. Their privacy statements are applicable in connection with this.

Independently from your subscription to our newsletter, we may also contact you by email to inform you about our activities if you or your Organization have previously subscribed or purchased a similar Service from us, if you have not objected to the corresponding use of your email address. You can object to the use of your email address for this purpose at any time by contacting us (see contact detail in section 15). The legal basis for the corresponding processing of your data is our Legitimate Interest to advertise certain sales offers and activities relating to our previous interactions with you.

To provide you with targeted information or advertisements based on your interactions with the Digital Solutions:

Provided we have collected your valid Consent, we use as part of our operation of certain Digital Solutions the services of third parties, which may place cookies on your device in order to provide you with personalized advertisements based on your interaction with our Digital Solutions. The privacy policies of those providers are applicable in relation to their activities. You may withdraw your Consent at any time (see Section 14 below for additional information on your rights).

You will find additional information in Section 13 in relation to the use of cookies in connection with the operation of our Digital Solutions.

To comply with our other Legal Obligations or for other Legitimate Interests.

We may further process your personal data if we have a Legal Obligation to do so or for other Legitimate Interests. This will for instance be the case if we need to disclose certain information to public authorities or retain such information for tax or accounting purposes, or for the establishment, exercise or defense of legal claims. We retain the personal data for the duration of the legal obligation imposed on us.

If we have obtained your consent.

In addition to the above, we may process your personal data if we have obtained your prior unambiguous consent for specific purposes. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.

If you are an end user of a Service we provide to your Organization, or if we process for any other reason your personal data on behalf of your Organization (for instance, if you are not a user, but your personal data is provided to us by your Organization), please read the following:

• In the situations described above, our processing of your personal data is governed by a contract between us and your Organization. We will process your personal data as data processor for the providing of our Services to our customers, or in some cases, as a controller for our legitimate business operations related to providing those Services, as detailed in this General Privacy Notice
• This General Privacy Notice does not address how your Organization collects and uses your personal data or how we process your data when we act as processor for your Organization. Please refer to your Organization’s privacy policy for information about its processing activities.
• Some information about you may be provided to us directly by your Organization. If this is the case, it is your Organization which is responsible for ensuring that your personal data is collected and transferred to us in accordance with all privacy and data protection laws of all relevant jurisdictions, based on an appropriate legal ground.
• If you would like to make any requests or queries regarding our processing of your personal data on behalf of your Organization, please contact your Organization directly. For example, if you wish to access, correct, amend, or delete inaccurate personal data that was originally transmitted by your Organization, please direct your query to your Organization. If we are requested by your Organization to remove your personal data, we will respond to such request in a timely manner upon verification and in accordance with applicable law (thirty (30) days under Swiss law or the GDPR/UK GDPR).
• If you have questions about our legitimate business operations in connection with providing Services to your Organization, please contact us as described in Section 15.

Your personal data will not be stored longer than necessary.

We will erase or anonymize personal data as soon as it is no longer necessary for us to fulfil the purposes set out in this General Privacy Notice. This period varies, depending on the type of data concerned and the applicable legal requirements. In view of the legal obligations incumbent upon us, certain information relating in particular to the contractual relationship must be retained for at least 10 years.

When we process your personal data as Processor for your Organization, we will retain your data for the duration of our contract with your Organization, plus any period thereafter during which we must retain it for a legal or technical reason (such as evidentiary or tax purposes). If you leave your Organization (e.g. in the event of change of employment), or if your Organization requests us to do so, your account and access to the Services will be removed. In this case, we will delete from our servers or anonymised any personal data associated with your account.

More information on each type of processing can be found in Section 15.

We maintain physical, technical and procedural safeguards to keep secure your personal data.

We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. We restrict access to your personal data to those persons who need to know it for the purpose described in this General Privacy Notice. In addition, we use standard security protocols and mechanisms to exchange the transmission of sensitive data.

Although we take appropriate steps to protect your personal data, no IT infrastructure is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.

The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment, and this General Privacy Notice applies to our use of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk.

If we have reasonable reasons to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify your Organization or you directly (depending on our contractual obligation toward your Organization, if any), of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on the Digital Solutions).

We use Cookies, other analytical tools and similar technologies in connection with the Digital Solutions.

We use various types of cookies, other analytical tools or similar technologies (collectively, Cookies) in connection with our Digital Solutions, some of which are capable of automatically processing data on your electronic device and/or of transferring personal data about you to us or third parties.

These technologies are generally used to monitor and analyse your interactions with the Digital Solutions and/or to enable us to improve the Digital Solutions and their functionalities, including customizing the Digital Solutions and related services, depending on your interactions. We may also use Cookies to measure and monitor the traffic and use of the Digital Solutions and their performance.

Cookies are generally divided in four categories:

1. Essential Cookies. Some cookies are placed on your electronic devices to make the Digital Solutions capable of being used, by providing basic features such as page browsing and accessing secure areas. The Digital Solutions cannot function properly without this type of Cookies.
2. Functionality Cookies. Some Cookies enable the Digital Solutions to remember choices persons make, for example, username, and language or text size. These cookies are known as “functionality cookies” and help to improve a person's experience of the Digital Solutions by providing a more personalized service.
3. Advertising Cookies. These cookies are used to better understand user interests and to display more relevant advertisements.
4. Analytics/productivity Cookies. Analytics/productivity Cookies, such as those linked to Google Analytics, help understand how users interact with the Digital Solutions by anonymously collecting and reporting information.

Our use of cookies may vary depending on the section or functionalities of the Digital Solutions you access. You will find additional information for each Digital Solution which you use in Section 15.

If you do not want Cookies to be stored on your electronic device, you can configure your internet browser or electronic device to refuse and/or restrict them. You may also set the use of Cookies on the Cookie management page of the Digital Solutions if this functionality is available. However, some Cookies are essential to the functioning of the Digital Solutions, and they may operate differently if you refuse or completely restrict Cookies.

For more information, please visit the website http://www.allaboutcookies.org. You can also see the help section of your internet browser or electronic device for more specific instructions on how to manage Cookies.

You have the right to access your personal data we process and may request without limitation that they be removed, updated, or rectified.

If you are using a Service provided by your Organization, you should direct your privacy inquiries relating to our use of your personal data on behalf of your Organization, including any requests to exercise your data protection rights, directly to your Organization’s contact person.

In other cases, you may contact us directly to exercise your rights. Unless otherwise provided by law, you have the right to know whether we are processing your personal data, to know the content of such personal data, to verify its accuracy, and to the extent permitted by law, to request that it be supplemented, updated, rectified or erased. You also have the right to ask us to cease any specific processing of personal data that may have been obtained or processed in breach of applicable law, and you have the right to object to any processing of personal data for legitimate reasons.

Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent (without such withdrawal affecting the lawfulness of processing made prior to).

The above does not restrict any other rights you might have pursuant to applicable data protection legislation under certain circumstances. In particular, if the GDPR or the UK GDPR apply to the processing of your personal data those regulations grant you certain rights as a data subject if the respective requirements are met.

This section of the General Privacy Notice contains the information which is specific to certain Digital Solutions and other Services. It applies in addition to the other sections of this General Privacy Notice.

• www.consultdss.com; https://www.dsslearning.com/dssplus-ecommerce/ (main websites);
• dss⁺ Learning Platform;
• MIRA Platform;
• dss⁺ Transform Application (for clients);
• dss⁺ Transform Application (for DSS employees and independent contractors);
• STOP^® DataPro^®;
• https://impactforgood.consultdss.eu/