Privacy Policy | Tracenable

Last Updated: 01/09/2024 Datacie Ltd, registered in Switzerland under company number CHE-231.706.060 (UID), with its registered address at Chemin Erna Hamburger 1C, EPFL Innovation Park, 1015 Lausanne, Switzerland (“we”, “us”, “our”) operates the website tracenable.com. We are dedicated to protecting the confidentiality and privacy of your personal data. We comply with applicable data protection laws, including the Swiss Federal Act on Data Protection (nFADP), the General Data Protection Regulation (GDPR) where applicable, and, for California residents, the California Consumer Privacy Act (CCPA). This Privacy Policy outlines your rights, the types of personal data we collect, how we use it, and how we safeguard it.

1. Who is Responsible for Data Processing? This Privacy Policy applies to Datacie Ltd, the operator of tracenable.com. For questions related to this policy or the processing of your personal data, please contact our Data Protection Officer (DPO) at: legal@tracenable.com

2. What Personal Data Do We Collect and How? We collect personal data in the following ways: a) Personal Data You Provide to Us

Account information: When you create an account with us, we collect information associated with your account. This may include your name, email address, phone number, company name, account credentials, and billing information, such as payment details and transaction history.
Content and files: When you use our services, we collect the information you provide to us, including any content, documents, or files you upload or submit.
Communication information: If you communicate with us via email, forms on our website, or other methods, we collect your name, contact details, and the contents of your communications.
Event and survey participation: If you participate in our events, surveys, or webinars, we may collect personal information such as your name, contact details, and responses to survey questions or event registration details.
Social media interactions: We have pages on social media platforms like Instagram, Facebook, Medium, X (formerly Twitter), YouTube, and LinkedIn. When you interact with our social media pages (e.g., by liking, commenting, or messaging us), we collect the information you choose to share with us. In addition, social media platforms may provide us with aggregated data about engagement and interactions on our content.

b) Personal Data We Collect Automatically

Log information: When you visit or interact with our website and services, our systems automatically collect information such as your IP address, browser type, browser settings, the date and time of your access, and how you navigate or interact with our services.
Usage data: We collect data on how you use our services, including the types of content you view, features you engage with, and actions you take (e.g., downloading resources, filling out forms). This includes information about your geographic location (e.g., country), time zone, device type (mobile, tablet, desktop), and session data, such as timestamps of access.
Device information: We gather data about the device you are using to access our services, such as the device name, operating system, and unique device identifiers. This data may also include browser type and settings.
Cookies and tracking technologies: We use cookies and similar tracking technologies to manage our website and services, improve functionality, and enhance user experience. For more information on our use of cookies, please refer to our Cookies Policy.

c) Personal Data We Receive From Third Parties

Public sources: We may collect data from publicly available sources, such as business directories, social media platforms, or other publicly accessible online sources, for purposes like business development and recruitment.
Third-party partners: We receive information from our trusted partners, such as marketing platforms or service providers, to enhance our understanding of customer needs and deliver relevant content. Additionally, we may receive data from security partners to help prevent fraud or security threats.

3. Why We Process Your Personal Data We process personal data for the following purposes:

To provide and maintain our services: We use your personal data to provide you with the services or products you request, ensure their functionality, and facilitate the management of your account. This includes processing payments, responding to inquiries, and offering technical support.
To improve and develop our services: We process personal data to understand how our services are used, identify areas for improvement, and develop new features. This includes conducting analytics, research, and user feedback analysis to enhance your experience and refine our offerings.
To communicate with you: We use personal data to communicate with you directly, whether for transactional purposes (e.g., order confirmations, updates to your account) or to provide information and marketing about our services, events, or promotions, where you have consented to receive such communications.
For marketing and promotional activities: With your consent, we process your personal data to send newsletters, offers, and event invitations. This helps ensure you are informed about new products, services, or relevant industry insights that may interest you. You can opt out of marketing communications at any time.
To ensure the security of our services: We process personal data to safeguard our services from unauthorized access, misuse, and other security threats. This includes monitoring and detecting fraudulent or illegal activities, protecting our IT infrastructure, and addressing potential risks.
To prevent fraud and misuse: We use personal data to prevent fraud, abuse, and other criminal activities. This includes safeguarding user accounts, preventing identity theft, and ensuring the integrity of our services. We may also use data to investigate violations of our terms of service or user agreements.
To comply with legal obligations: We process your personal data to comply with legal, regulatory, and contractual obligations under Swiss law and other applicable jurisdictions. This may include fulfilling tax reporting requirements, adhering to anti-money laundering regulations, or complying with court orders or government requests.
To protect the rights, privacy, and safety of our users and third parties: We may use personal data to enforce our terms of service, protect the rights and privacy of our users, and safeguard the safety of our customers, employees, and third parties. This includes responding to legal claims or disputes and defending our legal rights.

Aggregated or de-identified information: We aggregate or anonymize personal data in a manner that prevents it from identifying individuals. This de-identified information is used for analyzing the effectiveness of our services, conducting research, improving features, and generating statistical insights. We may also share aggregated, non-identifiable information (e.g., general user statistics) with third parties for business or research purposes. We do not attempt to re-identify anonymized data unless required by law.

4. Legal Basis for Processing Personal Data We process your personal data based on the following legal grounds:

Consent: We may rely on your freely given consent at the time you provided your personal data to us.
Contractual necessity: We may process personal data in order to fulfill our contractual obligations.
Legitimate interest: We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These interests include delivering our sevices and products, security monitoring, and marketing.
Legal obligation and public interest: We may process personal data in order to meet regulatory and public interest obligations or mandates.

5. Sharing Your Personal Data We may share personal data with trusted third parties to help us deliver efficient and quality services and products. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:

Third parties that support us as we provide our services and products (e.g. providers of telecommunication systems, mailroom support, IT system support, archiving services, document production services and cloud-based software services, scanning services).
Our professional advisers, including lawyers, auditors and insurers.
A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger/acquisition of part or all of our business or assets, or any associated rights or interests.
Payment service providers.
Marketing service providers.
Law enforcement or other government and regulatory agencies (e.g. FAOA, FINMA) or other third parties as required by, and in accordance with, applicable law or regulations.
Recruitment service providers.

6. Data Protection Rights If we process personal data about you, you have the rights listed below. Before responding to your request, we may ask for proof of identity. This helps us to ensure that personal data is not disclosed to any person not authorized to receive it. We may also ask you for sufficient information about your interactions with us so that we can locate your personal information.

Access: You can ask us to verify whether we are processing personal data about you, and if so, to provide more specific information.
Correction: You can ask us to correct our records if you believe they contain incorrect or incomplete information about you.
Erasure: You can ask us to erase your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected and no retention requirements exist.
Processing restrictions: You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, or prefer to restrict its use rather than having us erase it.
Data portability: In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data in electronic form if technically feasible.
Automated individual decision-making: You can ask us to review any decisions made about you that we made solely based on automated processing, including profiling, that produced legal effects concerning you or that significantly affected you.
Right to object to marketing, including profiling: You can object to our use of your personal data for marketing purposes, including profiling. We may need to keep some minimal information to comply with your request to cease marketing to you.
Right to object to active sourcing: You can object to our use of your personal data for active sourcing purposes. We may need to keep some minimal information to comply with your request to cease recruiting activities.
Right to withdraw consent: You can withdraw your consent that you have previously given to one or more specified purposes for processing your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.

7. International Data Transfers If we transfer your personal data outside of Switzerland or the European Economic Area (EEA), we ensure that adequate protection measures, such as standard contractual clauses or binding corporate rules, are in place to protect your data.

8. Data Security We use industry-standard security measures to protect your personal data from unauthorized access, loss, or misuse. These include:

Encryption: All personal data transmitted to and from our systems is encrypted using industry-standard encryption protocols.
Access control: We limit access to your personal data to authorized personnel only.
Data minimization: We collect and process only the data necessary for the stated purpose.

9. Data Retention We retain personal data to provide our services, offer proposals, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are subject to. We retain personal data for so long as the personal data is needed for the purposes for which it was collected or in line with legal and regulatory requirements or contractual arrangements. As a rule, the statutory retention period is ten years from the end of the business relationship. We will dispose of personal data when we no longer need it.

10. CCPA Privacy Rights We do not, and do not intend to, sell personal information as "selling" is defined under the California Consumer Protection Act ("CCPA"). California residents who wish to submit requests for information pursuant to Sections 1798.110 and 1798.115 of the CCPA may do so by emailing legal@tracenable.com.

11. Protection of Young Children Our services are not directed to, or intended for, children under 13. We do not knowingly collect personal data from children under 13. If you have reason to believe that a child under 13 has provided personal data to us, please email us at legal@tracenable.com. We will investigate any notification and, if appropriate, delete the personal data from our systems. Users under 18 must have permission from their parent or guardian to use our services.

12. Changes to this Privacy Policy We may update this Privacy Policy periodically to reflect changes in our practices or legal obligations. We will post any updates on this page with the latest revision date.

Privacy Policy for tracenable.com