Privacy Policy

Version of April 1, 2024

In this privacy policy, we, Black Kite Ag (hereinafter referred to as blackkite), explain how we collect and process personal data. This is not an exhaustive description; other privacy policies or general terms and conditions, terms of participation, and similar documents may regulate specific matters. Personal data refers to all information related to an identifiable person.

If you provide us with personal data of other persons (e.g., family members, colleagues), please ensure that these persons are aware of this privacy policy and share their personal data with us only if you are allowed to do so and the personal data is accurate.

This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Federal Act on Data Protection ("FADP"), and the revised Swiss Data Protection Act ("revFADP"). Whether and to what extent these laws apply depends on the individual case.

1. Controller / Data Protection Officer / Representative

The controller for the data processing activities described here is Black Kite Ag. If you have any data protection concerns, you can contact us at the following address:

Black Kite Ag
Hinterbergstrasse 56
6312 Steinhausen
contact@black-kite.ch

2. Collection and Processing of Personal Data

We primarily process the personal data that we receive from our customers and other business partners during our business relationship with them and other persons involved, or that we collect from users of our websites, apps, and other applications.

As far as permitted, we also obtain certain data from publicly accessible sources (e.g., debt collection registers, land registries, commercial registers, press, internet) or receive such data from other companies within the blackkite group, from authorities, and other third parties. Besides the data you provide to us directly, the categories of personal data we receive about you from third parties include particularly information from public registers, information we learn in connection with administrative and legal proceedings, information related to your professional functions and activities (to enable us, for example, to do business with your employer), information about you in correspondence and meetings with third parties, creditworthiness information (if we do business with you in person), information about you given to us by people in your environment (family, advisors, legal representatives, etc.), so that we can conclude or execute contracts with you or involving you (e.g., references, your delivery address, powers of attorney, information for compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurers, sales and other contractual partners of ours regarding the use or provision of services by you (e.g., completed payments, purchases made)), information about you from the media and the internet (if this is indicated in the specific case, e.g., in the context of an application, media review, marketing/sales, etc.), your addresses and possibly interests and other sociodemographic data (for marketing), data in connection with the use of the website (e.g., IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location information).

3. Purposes of Data Processing and Legal Bases

We primarily use the personal data we collect to fulfill our contracts with our customers and business partners, in particular in the context of software development with our customers and the purchase of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations at home and abroad. If you are acting on behalf of such a customer or business partner, you can naturally also be affected by this in your capacity.

In addition, as far as permitted and we deem it appropriate, we also process personal data of you and other persons for the following purposes, in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

  • Offer and development of our offerings, services, and websites, apps, and other platforms, on which we are present;
  • Communication with third parties and processing of their requests (e.g., applications, media inquiries);
  • Examination and optimization of procedures for needs analysis for the purpose of direct customer communication as well as collection of personal data from publicly accessible sources for customer acquisition;
  • Advertising and marketing (including conducting events), provided you have not objected to the use of your data (if we send you advertising as an existing customer, you can object at any time, we will then put you on a block list against further advertising mailings);
  • Market and opinion research, media monitoring;
  • Assertion of legal claims and defense in connection with legal disputes and regulatory proceedings;
  • Prevention and investigation of criminal acts and other misconduct (e.g., conducting internal investigations, data analyses to combat fraud);
  • Ensuring our operations, especially IT, our websites, apps, and other platforms;
  • Video surveillance to protect house rights and other measures for IT, building, and facility security, and to protect our employees and other persons and the values owned or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings);
  • Acquisition and sale of business units, companies, or parts of companies and other corporate transactions and the related transfer of personal data as well as measures for business management and compliance with legal and regulatory obligations as well as internal rules of blackkite.

If you have given us consent to process your personal data for specific purposes (for example, when you sign up to receive newsletters or conduct a background check), we process your personal data within the scope and based on this consent, unless we have another legal basis and we need one. Given consent can be withdrawn at any time, but this does not affect data processing that has already taken place.

4. Cookies / Tracking and Other Technologies Related to the Use of Our Website

On our websites and apps, we typically use "cookies" and similar techniques that can identify your browser or device. A cookie is a small file sent to your computer or automatically saved on your computer or mobile device by the web browser you are using when you visit our website or install our app. If you visit this website again or use our app, we can recognize you even if we do not know who you are. Besides cookies that are only used during a session and deleted after your visit to the website ("session cookies"), cookies can also be used to store user settings and other information for a certain period (e.g., two years) ("permanent cookies"). You can, however, set your browser to reject cookies, to store them for one session only, or to delete them prematurely. Most browsers are preset to accept cookies. We use permanent cookies so you can save user settings (e.g., language, auto-login) and so we can show you tailored offers and advertising (which can also occur on websites of other companies; they then do not learn from us who you are, if we even know, because they only see that the same user who was also on our site on a certain page is also on their site). Certain cookies are set by us, some also by contract partners with whom we cooperate. If you block cookies, it may be that certain functionalities (such as language selection, shopping cart, order processes) no longer work.

In our newsletters and other marketing emails, we sometimes incorporate, as far as allowed, visible and invisible image elements, by whose retrieval from our servers we can determine whether and when you have opened the email, so we can also measure and better understand how you use our offers and can tailor them to you. You can block this in your email program; most are preset so that you do this.

By using our websites, apps, and consenting to receive newsletters and other marketing emails, you agree to the use of these techniques. If you do not want this, then you must adjust your browser or email program accordingly or uninstall the app, if it cannot be adjusted via the settings.

We sometimes use Google Analytics or similar services on our websites. This is a service of third parties that may be located in any country on earth (in the case of Google Analytics, it is Google Ireland (based in Ireland), Google Ireland relies on Google LLC (based in the USA) as a processor (both "Google"), www.google.com), with which we can measure and evaluate the use of the website (non-personal). Permanent cookies set by the service provider are also used for this purpose. We have configured the service so that the IP addresses of visitors are shortened by Google in Europe before being forwarded to the USA and thus cannot be traced back. We have turned off the settings "Data sharing" and "Signals". Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can infer the identity of the visitors from this data for its own purposes, create personal profiles, and link this data with the Google accounts of these people. As far as you have registered with the service provider yourself, the service provider also knows you. The processing of your personal data by the service provider then takes place under the responsibility of the service provider according to its privacy policy. The service provider only tells us how our respective website is used (no information about you personally).

On our websites, we also use so-called plug-ins from social networks like Facebook, X, YouTube, Pinterest, or Instagram. This is evident to you (typically via corresponding icons). We have configured these elements so that they are standardly deactivated. If you activate them (by clicking on them), the operators of the respective social networks can register that you are on our website and where, and can use this information for their purposes. The processing of your personal data then takes place under the responsibility of this operator according to its privacy policy. We receive no information about you from them.

5. Data Disclosure and Data Transfer Abroad

As part of our business activities and the purposes according to No. 3, as far as allowed and we deem it appropriate, we also disclose data to third parties, either because they process it for us or because they want to use it for their own purposes. This particularly involves the following entities:

  • Our service providers (within the blackkite group as well as externally, such as banks, insurers), including processors (such as IT providers);
  • Dealers, suppliers, subcontractors, and other business partners;
  • Customers;
  • Authorities, offices, or courts in Switzerland and abroad;
  • Media;
  • Public, including visitors to websites and social media;
  • Competitors, industry organizations, associations, organizations, and other bodies;
  • Acquirers or parties interested in acquiring business units, companies, or other parts of the blackkite group;
  • Other parties in possible or actual legal proceedings;
  • Other companies of the blackkite group;

These recipients are partly in Switzerland but can be anywhere in the world. You must particularly expect the transfer of your data to all countries where the blackkite group is represented by group companies, branches, or other offices, as well as to other countries in Europe and the USA, where our service providers are located (such as Microsoft, Amazon). If a recipient is located in a country without adequate legal data protection, we obligate the recipient contractually to comply with data protection (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless they are already subject to a legally recognized set of rules to ensure data protection, and we cannot rely on an exemption provision. An exception may apply, in particular, in legal proceedings abroad, but also in cases of overriding public interests or when the execution of a contract requires such disclosure, if you have consented or if it concerns data you have made generally accessible and whose processing you have not objected to.

6. Duration of Storage of Personal Data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e., for example, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as beyond according to the legal storage and documentation obligations. It is possible that personal data is stored for the time during which claims can be asserted against our company and as far as we are otherwise legally obliged or legitimate business interests require this (e.g., for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it is generally and as far as possible deleted or anonymized. For operational data (e.g., system logs, logs), generally shorter retention periods of twelve months or less apply.

7. Data Security

We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse such as issuing instructions, training, IT and network security solutions, encryption of data carriers and transmissions, pseudonymization, controls.

8. Obligation to Provide Personal Data

In the context of our business relationship, you must provide the personal data that is necessary for the commencement and execution of a business relationship and the fulfillment of the associated contractual obligations (you generally have no legal obligation to provide us with data). Without this data, we will generally not be able to conclude or execute a contract with you (or the entity or person you represent). Also, the website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.

9. Profiling and Automated Decision Making

We partially process your personal data automatically with the aim of evaluating certain personal aspects (profiling). We particularly use profiling to be able to inform and advise you about products in a targeted manner. We use evaluation tools that enable us to communicate and advertise according to your needs, including market and opinion research.

10. Rights of the Data Subject

Within the framework of the data protection law applicable to you and as far as provided therein (such as in the case of the GDPR), you have the right to access, rectification, deletion, the right to restrict data processing, and otherwise to object to our data processing, and to the processing of your data for direct marketing purposes, profiling operated for direct advertising, and other legitimate interests in processing as well as the right to receive certain personal data for the transfer to another party (so-called data portability). Please note, however, that we reserve the right to enforce the statutory restrictions on our own, for example, when we are obliged to store or process certain data, have an overriding interest in it (as far as we may rely on it), or need it for the assertion of claims. Should there be costs for you, we will inform you in advance. About the possibility to withdraw your consent, we have already informed in No. 3. Note that the exercise of these rights may conflict with contractual arrangements and this may have consequences such as early termination of the contract or cost implications. We will inform you in advance in such a case where it is not already contractually regulated.

The exercise of such rights usually requires that you clearly prove your identity (e.g., by a copy of your ID where your identity is otherwise not clear or can be verified). To assert your rights, you can contact us at the address given in No. 1. Each data subject also has the right to enforce their claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

11. Changes

We may adjust this privacy policy at any time without prior notice. The version published on our website is the applicable version. If the privacy policy is part of an agreement with you, we will inform you of the update via email or in another suitable way in the event of an update.

Steinhausen, April 1, 2024

Source: dsat.ch