Privacy policy

Introduction and purpose

Our commitment

We are committed to scrupulously complying with the General Data Protection Regulation (GDPR) as well as the Swiss Data Protection Act (DPA). Your personal data will be handled with the utmost care and in strict compliance with current legislation.

Transparency and trust

We believe in a relationship of trust based on transparency. That's why we're committed to keeping you clearly informed about our personal data practices. We do not sell or rent your data to third parties, and we do everything in our power to ensure its security.

Your peace of mind

We want you to be able to use our services with complete peace of mind, knowing that your personal data is in safe hands.

As you read on, you'll discover in detail:

• What data we collect and why,
• How we use your data,
• With whom, if anyone, we share your data,
• How we protect your data,
• Your rights regarding your personal data.

Our tools

In the course of our business, we use various tools to facilitate our daily tasks, interact with our customers and ensure the smooth running of our company. These tools may involve the collection of certain information about you.

We are committed to using this data responsibly and transparently, while respecting your privacy.

We collect different types of personal data, depending on your interaction with our services. We undertake to collect only the data required to provide our services and manage our relationship with you.

Google Workspace

We use the Google Workspace suite for our communication and collaboration tools (Gmail, Google Drive, Google Docs, etc.).

Data collected:

• Identification data: Names, first names, professional email addresses, professional telephone numbers, professional postal addresses, profile photos.
• Activity data: Documents and files shared as part of our activities, communication exchanges (e-mails, instant messages, etc.).

Purpose :

• Communication and collaboration: Facilitate internal and external communication, secure document storage and sharing, meeting planning and real-time project collaboration.

Odoo

We use Odoo to manage our administrative tasks, customer relations (CRM) and billing.

Data collected :

• Identification data: Customer and prospect contact information (names, e-mail addresses, telephone numbers, companies).
• Commercial data: Purchase histories, billing and payment information, commercial correspondence.

Purpose :

• Customer relationship management: To effectively manage relations with our customers and prospects, process orders, issue invoices, track payments and provide high-quality customer service.

Matomo

We use Matomo to analyze visits to our website. This tool enables us to understand how visitors use our site, which pages are the most popular, and thus improve your online experience.

Data collected :

• Anonymized browsing data: Anonymized IP addresses, website navigation data (pages visited, time spent, interactions).
• Aggregated demographic data: Statistical information on visitors to our site (age, gender, location), without individual identification.

Purpose:

• Audience analysis and website improvement: To analyze the audience and performance of our website, to understand how users interact with our content, and to continually improve the user experience.

DeepL

We use DeepL for translations.

Data collected:

• None: We use a paid version of DeepL which does not keep a history beyond the time required for the service.

Purpose :

• Multilingual services: To provide high-quality services in our customers' preferred language, facilitating communication and understanding.

Google Gemini

We use Google Gemini as a large-scale language model (LLM) for various tasks, such as text generation, translation and answering questions.

Data collected :

• None: We use a paid version of Google Gemini which does not keep a history beyond the time required for the service.

Purpose:

• Content production assistance: To assist us in the production and revision of text, thus improving the efficiency and quality of our communications and services.

Legal basis for processing

The processing of your personal data is based on the following legal grounds:

Consent

For certain data, in particular those used for direct marketing or profiling purposes, we seek your explicit and informed consent before processing them. You have the right to withdraw your consent at any time, without this affecting the lawfulness of the processing based on consent prior to its withdrawal.

Execution of a contract

The processing of your data is necessary to perform a contract to which you are a party, for example to provide our services, process your orders, draw up invoices or monitor our services. It may also be necessary to take pre-contractual measures at your request, such as drawing up a quotation.

Legal obligations

The processing of your data is sometimes necessary to comply with our legal obligations, for example in terms of keeping accounting records, combating money laundering or responding to requests from the competent authorities.

Legitimate interest

In some cases, the processing of your data may be based on our legitimate interests, such as improving our services, preventing fraud, managing our customer relationship or communicating with you. We always ensure that these legitimate interests do not override your interests or fundamental rights and freedoms.

Data transfer and standard contractual clauses (STC)

In the course of our business, some of your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) and Switzerland. These transfers may be necessary for the use of certain tools or services, such as Google Workspace or DeepL.

We are committed to ensuring that these data transfers are carried out in strict compliance with legal requirements. We make every effort to ensure that your data is adequately protected, even when it is transferred outside the EEA and Switzerland.

To ensure the security of your data during these transfers, we have set up Standard Contractual Clauses (SCC) with our service providers located outside the EEA and Switzerland. STCs are standardized contracts approved by the European Commission, offering appropriate data protection guarantees for international transfers.

In addition to CCTs, we take additional measures to reinforce the protection of your data during international transfers:

• Careful selection of our suppliers: We choose our suppliers carefully, ensuring that they meet high standards of data security and confidentiality.
• Data encryption: We use encryption techniques to protect your data in transit and in storage.
• Limited access to data: We restrict access to your data to authorized persons who need access to perform their duties.
• Regular analysis: We regularly analyze our suppliers to check that their actions are in line with their data protection commitments.

User rights

You have the following rights regarding your personal data:

• Right of access: You have the right to request a copy of your personal data held by us, as well as information on how we process it.
• Right of rectification: If you find that your personal data is inaccurate or incomplete, you can request that it be rectified.
• Right to erasure (right to be forgotten): In certain circumstances, you may request that your personal data be deleted, for example if it is no longer required for the purposes for which it was collected, or if you withdraw your consent.
• Right to restrict processing: You may request the restriction of the processing of your data in certain situations, for example if you dispute the accuracy of your data or if you object to the processing.
• Right to object: You have the right to object to the processing of your personal data on grounds relating to your particular situation, in particular in the event of processing for direct marketing or profiling purposes.
• Right to data portability: You may request to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another data controller, where technically possible.

Our website

Our website is hosted on secure servers located in Switzerland, by our host Infomaniak. We have chosen this host to guarantee the security and confidentiality of your data, by keeping it in Switzerland.

Cookies and Matomo

We use Matomo, a privacy-friendly web analytics solution, to collect information about the use of our website. Matomo enables us to understand how visitors interact with our content, to identify the most popular pages and thus improve the user experience.

When you first visit our site, a banner will inform you of Matomo's use of cookies and ask for your consent to track your browsing. You are free to accept or refuse this tracking.

If you subsequently change your mind, you can modify your consent at any time by clicking on the “Cookie management” link in the footer of our site. You can then activate or deactivate Matomo tracking according to your preferences.

The data collected by Matomo is used solely for statistical analysis and to improve our website. It is never used for marketing or profiling purposes.

Data retention

We keep your personal data only for as long as is necessary for the purposes for which it was collected, and in compliance with our legal obligations and legitimate interests. We have set up a data retention policy which defines specific retention periods for each category of data.

Data retention period

• Customer data : As a general rule, we retain our customers' data for 10 years after the end of our business relationship, in accordance with the requirements of Swiss law. This period enables us to respond to any subsequent requests, manage disputes and comply with our legal accounting obligations.
• Prospect data : Prospective customers' data that has not led to a commercial relationship is kept for a maximum of 3 years.
• Navigation data (Matomo): Navigation data collected by Matomo is kept for a maximum of 13 months.
• Other data : The retention period for other personal data may vary according to their nature and the purposes for which they are processed. We undertake not to keep your data longer than necessary.

Subcontractors

The privacy policies of our subcontractors are as follows:

• Google LLC, United States
  Hosting of our communication and collaboration tools. Content production assistance.
  https://policies.google.com/privacy?hl=en-CH
  
  
• Odoo SA, Belgium
  Hosting of our CRM and billing tools.
  https://www.odoo.com/en_US/privacy
  
  
• Infomaniak SA, Switzerland
  Hosting of our servers.
  https://www.infomaniak.com/en/cgv/politique-de-confidentialite
  
  
• DeepL, Germany
  Translation services.
  https://www.deepl.com/en/privacy

Profiling and automated decision-making

Personal data is not used to make automated decisions. No profiling is carried out with personal data.

Need to talk to us?

If you have any questions about this privacy policy, if you wish to exercise your rights or if you have any concerns about the way in which we process your personal data, please do not hesitate to contact us. Our Data Protection Officer will be happy to answer your queries.

The person in charge of data protection (DPO) is at your disposal:

Alexandre Georges
[email protected]
Route de Grône 64A, 3966 Réchy

We undertake to respond to all requests concerning your rights within 30 days.

Changes

We may update this Privacy Policy from time to time to reflect changes in our practices or changes in legislation. We will notify you of any material changes by e-mail or by a notice on our website.

Current version: August 2024