Privacy policy

With this privacy policy, we inform you about which personal data we process in connection with our activities including our https://www.sanitized.com/-Website. We particularly provide information about the purpose for processing personal data, how we process personal data, where we do so, and which personal data we process. We furthermore provide information about the rights of persons whose data we process.

For individual or additional activities, additional privacy policies and other legal documents like the General Terms and Conditions (GT&C), usage conditions, or participation conditions may apply.

We are subject to Swiss data protection law and any applicable foreign data protection law such as those of the European Union (EU) and the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures an adequate level of privacy.

1. Contact addresses

Entity in charge of processing personal data:

SANITIZED AG
Lyssachstrasse 95
3401 Burgdorf
Switzerland

[email protected]

We will notify you if other parties are responsible for processing personal data on an individual basis.

1.1 Data protection officer/data protection consultant

We have the following data protection officer and the following data protection consultant as a point of contact for data subjects and authorities in case of inquiries related to data protection:

Data protection officer
Lyssachstrasse 95 
3401 Burgdorf
Switzerland

[email protected]

1.2 Data protection representative in the European Economic Area (EEA)

We have the following data protection representative as per Art. 27 GDPR:

SANITIZED (Europe) SARL
13 rue du 17 Novembre
BP 1396
68070 Mulhouse Cedex
France

[email protected]

The data protection representative serves as an additional point of contact for GDPR-related inquiries for data subjects and authorities in the European Union (EU) and in the rest of the European Economic Area (EEA).

2. Terms and legal bases

2.1 Terms

Personal data denotes any data that relates to a particular or determinable natural person. A data subject is a person whose personal data we process.

Processing includes any handling of personal data, regardless of the utilized means and processes, such as querying, comparing, adjusting, archiving, storing, reading, announcing, procuring, recording, collecting, erasing, disclosing, ordering, organizing, saving, altering, disseminating, linking, deleting, and using personal data.

The European Economic Area (EEA) includes the Member States of the European Union (EU) and the principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) denotes the editing of personal data as the processing of personal data.

2.2 Legal bases

We process personal data in compliance with Swiss privacy laws such as the Swiss Federal Act on Data Protection (Data Protection Act, DPA) and the Regulation on Data Protection (Data Protection Regulation, DPR).

If and to the extent the General Data Protection Regulation (GDPR) is applicable, we process personal data according to at least one of the following legal bases:

  • Art. 6 Para. 1 lit. b GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to perform pre-contractual measures.
  • Art. 6 Par. 1 lit. f GDPR for the necessary processing of personal data to preserve our legitimate interests or those of third parties, except where such interests are overridden by the fundamental rights and freedoms and interests of the data subject. Legitimate interests particularly include being able to exercise and communicate about our interests and activities securely, reliably, and in a user-friendly manner over the long term, ensuring information security, protecting against abuse, asserting our own legal claims, and complying with Swiss law.
  • Art. 6 Par. 1 lit. c GDPR for the necessary processing of personal data to comply with a legal obligation that we are subject to as per any applicable law of member states in the European Economic Area (EEA).
  • Art. 6 Para. 1 lit. e GDPR for the necessary processing of personal data to carry out a task that is in the public interest.
  • Art. 6 Para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6 Par. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.

3. Type, scope, and purpose

We process all personal data that is necessary to carry out our activities in a secure, reliable, and user-friendly manner over the long term. Such personal data can particularly fall under the category of inventory and contact data, browser and device data, content data, meta and/or marginal data and usage data, location data, sales data as well as contract and payment data.

We process personal data during any duration that is necessary for the respective purpose or the respective purposes or is legally required. Personal data that no longer requires processing is anonymized or erased.

We may have personal data processed by third parties. We can process personal data together with third parties or send it to third parties. These kinds of third parties are particularly specialized service providers whose services we use. We also ensure privacy with these kinds of third parties.

We process personal data only upon receiving consent from the data subject, unless the processing is permissible due to other legal reasons. For instance, processing without consent may be permissible to fulfill a contract with the data subject and for the corresponding pre-contractual measures in order to preserve our overriding legitimate interests since the processing is evident from the circumstances or takes place according to prior information.

In this context, we particularly process information that a data subject voluntarily sends us when they contact us – such as by letter, e-mail, instant messaging, contact form, social media, or telephone – or when they register for a user account. For instance, we can store this type of information in an address book, in a customer relationship management system (CRM system), or using comparable tools. Whenever data about other persons is sent to us, the senders are obliged to guarantee the privacy of these people and to ensure the accuracy of this personal data.

Furthermore, we process personal data that we receive from third parties, procure from publicly available sources, or collect when conducting our activities, provided that such processing is permitted on legal grounds.

4. Personal data abroad

We generally process personal data in Switzerland and in the European Economic Area (EEA). However, we can also export and/or send personal data to other states, particularly in order to process it or have it processed there.

We can export personal data to any state and territory on Earth and elsewhere in the universe , if local law guarantees adequate privacy according to the Decision of the Swiss Federal Council and adequate privacy – if the General Data Protection Regulation (GDPR) is applicable – according to the Decision of the European Commission.

We can send personal data to states whose laws do not guarantee adequate privacy if the privacy is guaranteed for different reasons, particularly based on standard data protection clauses or using other suitable guarantees. In exceptional cases, we can export personal data to states without adequate or suitable privacy if particular requirements to that end under data protection law have been fulfilled, such as explicit consent from the data subjects or a direct correlation with the conclusion or processing of a contract. Upon request, we gladly give data subjects information about any guarantees or deliver a copy of any guarantees.

5. Rights of the data subject

5.1 Claims under data protection law

We grant data subjects any claims according to applicable data protection law. Data subjects particularly have the following rights:

  • Information: Data subjects may request information on whether we process their personal data and, if so, the type of personal data. Furthermore, data subjects receive information that is required to assert their claims under data protection law and ensure transparency. Moreover, this includes processed personal data as well as information on the processing purpose, the storage duration, information on any disclosure and/or any exporting of data to other states and on the origin of the personal data, among other things.
  • Rectification and restriction: Data subjects may rectify incorrect personal data, complete incomplete data, and have the processing of their personal data restricted.
  • Erasure and objection: Data subjects may have their personal data erased (“right to be forgotten”) and object to the processing of their data with effect for the future.
  • Data disclosure and data transfer: Data subjects can request that their personal data be disclosed or transferred to another controller.

We can postpone, limit, or deny the exercising of the data subject’s rights to the extent legally permissible. We can notify data subjects about any requirements that must be met to exercise their claims under data protection law. For instance, we can entirely or partially deny the information due to business secrets or the protection of other persons. For instance, we can also partially or entirely deny the deletion of personal data due to legal retention obligations.

In exceptional cases, we can charge costs for exercising rights. We will inform the data subjects in advance about any costs.

We are obliged to use adequate means to identify data subjects who request information or assert other rights. Data subjects are obliged to collaborate.

5.2 Right to object

Data subjects have the right to assert their claims under data protection law through the courts or file objections with a data protection supervisory authority in charge.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (EDÖB).

If the General Data Protection Regulation (GDPR) is applicable, data subjects have the right to file an objection with a European data protection supervisory authorityin charge.

6. Data security

We take the appropriate technical and organizational measures to ensure data security that is adequate for the particular risk. However, we are unable to ensure absolute data security.

Our website is accessed via transport encryption (SSL/TLS, particularly using the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption using a padlock in the address bar.

As is generally the case with all digital communications, our digital communications is subject to mass surveillance without reason and suspicion as well as other monitoring by security authorities in Switzerland, in the rest of Europe, in the United States of America (USA), and in other states. We do not have any direct control over the corresponding processing of personal data by surveillance agencies, police stations, and other security authorities.

7. Usage of the website

7.1 Cookies

We can use cookies. Cookies – both first-party cookies and third-party cookies belonging to third parties whose services we use – are data that is saved in the browser. This sort of saved data is not necessarily limited to traditional cookies in text form.

Cookies can be temporarily stored in the browser as “session cookies” or stored for a particular period of time as permanent cookies. “Session cookies” are automatically deleted whenever the browser is closed. Permanent cookies have a particular storage duration. Cookies particularly enable a browser to be identified during the next visit to our website, allowing us to, e.g., measure the reach of our website. For instance, permanent cookies can also be used for online marketing.

Cookies can be partially or entirely deactivated and erased in the browser settings at any time. However, without cookies, our website may no longer available to the full extent. We actively and explicitly request – at least if required – permission to use cookies.

In the case of cookies that are used to measure success and reach or for advertising, a general opt-out can be made for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.

The legal basis for the processing of personal data in this context are Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

7.2 Server log files

Every time our website is accessed, we can record the following information if it is sent to our server infrastructure from our browser or can be determined by our web server: Date and time including time zone, internet protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the individual subpages accessed on our website including transferred data amounts, websites (referrers) recently opened in the same browser window.

This sort of information that can also constitute personal data is stored in server log files. This information is necessary to deliver our website in a user-friendly, and reliable manner over the long term and to ensure the data security and particularly the protection of personal data – including through third parties or with the help of third parties.

7.3 Tracking pixels

We can use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – including from third parties whose services we use – are small, normally invisible images that are automatically opened when our website is visited. Tracking pixels can be used to record the same information as in server log files.

8. Notifications and messages

We send notifications and messages by e-mail and other communication channels such as instant messaging or SMS.

8.1 Success and reach measurement

Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links were clicked on in the process. These kinds of web links and tracking pixels can also record the use of notifications and messages on a personal basis. We require this statistical recording of usage and reach measurement so that we can send notifications and messages in an effective, user-friendly and long-term, secure, and reliable manner based on the needs and reading habits of the recipients.

8.2 Consent and objection

You must generally grant explicit consent to the use of your e-mail address and other contact addresses, unless usage is permissible due to other legal grounds. For any consent, we use the “double opt-in” process whenever possible. In other words, you receive an e-mail with a web link that you need to click on to confirm to prevent abuse by unauthorized third parties. We can log these kinds of consent including internet protocol (IP) addresses and date and time for verification and security reasons.

You may generally object to receiving notifications and messages such as newsletters at any time. With this kind of objection, you can simultaneously object to the statistical recording of usage for measuring success and reach. We reserve the right to send messages and notifications that are required in connection with our activities.

8.3 Service providers for notifications and messages

We send notifications and messages with the help of specialized service providers.

9. Social Media

We are on social media platforms and other online platforms so that we can communicate with interested parties and provide information about our activities. Personal data may also be processed outside of Switzerland and the European Economic Area (EEA) in connection with such platforms.

In each case, the General Terms and Conditions (GTC) and usage terms as well as privacy policies and other provisions of the individual operators of such platforms also apply. These provisions particularly provide information about the rights of the data subject directly vis-a-vis the respective platform, which includes, for instance, the right to information.

For our social media presence on Facebook including what are known as page insights, we – if the General Data Protection Regulation (GDPR) is applicable – are responsible together with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta company (in the U.S., among others). Page insights provide information on how visitors interact with our Facebook page. We use page insights so that we can deliver our social media page on Facebook in an effective and user-friendly manner.

Additional information regarding the type, scope, and purpose of the data processing, information on the rights of data subjects and the contact information for Facebook as well as its data protection officers can be found in Facebook’s privacy policy. We have concluded a “Controller Addendum” with Facebook and thereby particularly stipulated that Facebook is responsible for ensuring the rights of data subjects. For page insights, the corresponding information can be found on the “Information about page insights” including”Information about page insights data” page.

10. Third-party services

We use the services of specialized third parties so that we can carry out our activities continuously and in a user-friendly, secure, and reliable manner. Among other things, we can use such services to embed functions and content in our website. When such embedding occurs, the utilized services record the users’ internet protocol (IP) addresses at least temporarily for obligatory technical reasons.

Third parties whose services we use may aggregate, anonymize or pseudonymize data associated with our activities for mandatory security, statistical, or technical reasons. This can be, for instance, service or usage data in order to provide the respective service.

We particularly use:

10.1 Digital infrastructure

We use services from specialized third parties in order to use the required digital infrastructure in connection with our activities. These include, for instance, hosting and storage services from select providers.

We particularly use:

10.2 Contact options

We use services from select providers so that we can better communicate with third parties such as potential and existing customers.

We particularly use:

10.3 Audio and video conferences

We use specialized services for audio and video conferences in order to communicate online. By doing so, we can, for instance, hold virtual meetings or conduct online training sessions and webinars. The legal texts of the individual services such as privacy policies and terms of use additionally apply for participating in audio and video conferences.

Depending on your life situation, we recommend muting your microphone by default when participating in audio or video conferences and blurring the background or setting a virtual background.

We particularly use:

10.4 Map material

We use third-party services in order to integrate maps into our website.

We particularly use:

10.5 Digital audio and video content

We use services from specialized third parties to make it possible to directly play digital and audio content such as music or podcasts.

We particularly use:

10.6 Fonts

We use third-party services so that we can embed select fonts, icons, logos and symbols into our website.

We particularly use:

10.7 Advertising

We specifically post ads for our activities on third-party platforms such as social media platforms and search engines.

We use this advertising specifically to reach people who are already interested or may be interested in our activities (Remarketing and Targeting). To that end, we can send the corresponding data – which may also include personal data – to third parties that make such advertising possible. Furthermore, we can determine whether our advertising is successful, i.e., particularly if it is drawing visits to our website (Conversion Tracking).

Third parties with whom we post advertisements and where you as a user are registered may associate the use of our online website with the profile you have with those third parties.

We particularly use:

11. Success and reach measurement

We attempt to determine how our online website is being used. In this framework, we can, for instance, measure the success and reach of our activities and the impact of links to our website from third parties. However, we can also try out and compare how different parts or versions of our online website are used (“A/B test” method). Due to the results of the success and reach measurement, we can particularly rectify errors, strengthen any piece of content, or make improvements to our online website.

In most cases, the internet protocol (IP) addresses of individual users are saved for the success and reach measurement. In this case, IP addresses are generally masked (“IP masking” ) to follow the principle of data economy using the appropriate pseudonymization.

Cookies can be used and user profiles can be created when measuring success and reach. For instance, any created user profiles include the individual visited pages or viewed content on our website, information on the size of the screen or browser window and the location – or at least an approximation thereof. Generally, any user profiles are created solely with pseudonymization and are not used to identify individual users. Individual services from third parties with whom users are logged in may be able to associate the use of our online website with the user account or user profile on that respective service.

We particularly use:

12. Final provisions

We have created this privacy policy using the Privacy Policy Generator from Datenschutzpartner.

We may modify and amend this privacy policy at any time. We will inform you about any modifications and amendments in a suitable fashion, particularly by publishing the latest privacy policy on our website.

This privacy policy is an unofficial translation of the German-language original.