Privacy policy

ADSuisse carries out its activity in accordance with the Law on personal data protection and Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

privacy policy

contents


The basis for the collection, processing and storage of your personal data

Art. 1. The controller collects and processes your personal data under Art. 6, para. 1, Regulation (EU) 2016/679, and in particular under the following: - Obtained explicit consent from you as a user of the service/client; - Performance of controller’s obligations under a Contract with you; - Processing is necessary for compliance with a legal obligation to which the controller is subject; - Processing is necessary in order to protect the vital interests of you or of another natural person; - Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party;

Objectives and principles in the course of collection, processing and storage of your personal data

Art. 2. (1) The controller collects and processes the personal data which you as our client provide, for the purposes of performance of a contract, including the following purposes: - registration at ADSuisse’s website and creating a user accont; - accounting purposes; - statistical purposes; - protection of information security; - securing the performance of the contract for provision of the service concerned; - optimization of the provided service; - dispute resolution between you and third parties. (2) The controller collects and processes the personal data which you as a candidate for a work position at ADSuisse provide, for the purposes of selection and conclusion of a labor contract: - individualization of the person as a candidate; - contacting the candidate; - work selection. (3) The controller collects and processes the personal data which you as a legal representative of a company with which we conclude a contract, for the purposes of individualization of our contractual partner and performance of the contract. (4) The controller adheres to the following Principles in the course of processing of your personal data: - lawfulness, fairness and transparency; - purpose limitation of the processing personal data; - data minimization; - accuracy; - storage limitation; - integrity and confidentiality; (5) In the course of processing and storage of personal data, the controller is entitled to process and keep personal data for the purposes of protection of the following legitimate interests: - to perform its obligations towards state and municipal bodies and perform its obligations under the applicable legislation and regulations.

What kind of data does the controller collect, process and keep?

Art. 3. (1) The controller carries out the following operations with the personal data for the following purposes: - registration and creation of a profile for use of the service – the purpose of this operation is to identify the person in order to be provided with the service; - processing payment for service and accounting – the purpose of this operation is provision of a possibility for making a payment and keeping an account; - processing orders – the purpose of this operation is acceptance of order and delivery of the service; - processing of other data – the purpose of this operation is to optimize the service and your client’s experience; - collecting data for technical support – the purpose of this operation is to respond to your inquiries about the use of the service, fix “bugs”, etc. - marketing, such as upselling, cross selling and promotion – the purpose of this operation is to deliver regular and better service offers to customers. (2) The controller processes the following categories personal data and information for the purpose of provision of ADSuisse’s services: - your individualizing data (for example name, address, etc.); - contact information (for example e-mail, telephone number, etc.); - type and term of the services used by you; - information, related with payment and chosen methods for payment; - log-ins, cookies, IP addresses and device information; - other data, necessary for performing the obligations under the contract. (3) The controller processes your personal data for registration at the website and provision of the company’s services on the grounds of a contract (Article 6, para. 1, point “b” from Regulation (EU) 2016/679) which you conclude with ADSuisse by agreeing to our Terms of use. (4) The controller doesn’t collect and process personal data, that refers to: - revealing racial or ethnic origin; - revealing political opinions, religious or philosophical beliefs, or trade union membership - genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Duration of personal data storage

Art. 4. (1) The controller stores your personal data for the whole period of provision of the services and after deactivation of the account - for a period no longer than 3 years, unless otherwise required by the applicable law. After the expiry of this period, the controller provides care to delete and destroy or anonymize all of your personal data without undue delay. (2) The controller informs you in case that the period for the storage of the personal data is necessary to be extended in regard to performing the purposes, performing the contract, in regard to legitimate interests of the controller or other.

Transmission of your personal data for processing

Art. 5. (1) The controller is allowed on its own decision to transmit all or part of your personal data to a data processor for performing the purposes of processing, including in other countries, by complying with the requirements of Regulation (EU) 2016/679, for which you are considered informed with this Privacy notice and the publicly available list of processors used by the controller. (2) The controller informs you in case of intention to transmit part or all of your personal data to third countries or international organization.

Your rights in the course of collection, processing and storage of your personal data

Withdrawal of the consent

Art. 6. (1) If you no longer wish for your personal data to be processed for all or specific purposes, you may at any time withdraw your consent by filling the form in your profile or sending an e-mail with a request to the controller. (2) The controller could request you to certify your identity in a manner it considers appropriate given the circumstances.

Right of access by the data subject

Art. 7. (1) You have the right to obtain from the controller confirmation as to whether or not it is processing personal data concerning you. (2) You have the right to obtain access to the personal data related to you, аs well as to the information regarding the collection, processing and storage of your personal data. (3) The controller provides on your request, a copy of the personal data related to you and processing in electronic or other suitable form, including through visualization in your profile. (4) The provision of access to the personal data is free, but the controller keeps his right to charge administrative fee, in case of repeatability or excessiveness of the requests.

Right to rectification or completion

Art. 8. You have the right to obtain from the controller either by a request or directly through your profile: - rectification of inaccurate personal data concerning you; - to have incomplete personal data, concerning you, completed.

Right to erasure (‘right to be forgotten’)

Art. 9. (1) You have the right to request from the controller to erase the personal data concerning you and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies: - the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; - you withdraw your consent on which the processing is based and where there is no other legal ground for the processing; - you object to the processing of personal data concerning you, including for the purposes of the direct marketing and there are no overriding legitimate grounds for the processing - the personal data have been unlawfully processed; - the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; - the personal data have been collected in relation to the offer of information society services (2) The controller is not obliged to erase the personal data if he collects and process them: - for exercising the right of freedom of expression and information; - for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; - for reasons of public interest in the area of public health - for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes - for the establishment, exercise or defence of legal claims. (3) You can exercise your right to erasure by filling the request form in your profile or by sending an e-mail to the controller, after which you should certify your identity so that the controller is certain that you are the subject of the personal data which is requested to be erased.

Right to restriction of processing

Art. 10. You have the right to obtain from the controller restriction of processing where one of the following applies: - you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data; - the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; - the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; - you have objected to processing pending the verification whether the legitimate grounds of the controller override those of yours.

Right to data portability

Art. 11. (1) If you have given your consent for processing of your personal data or the processing is necessary for performance of a contract with the controller, or your personal data is processed by automated means, you could, after identification before the controller: - require the controller to provide you with your personal data in readable format and to transmit those data to another controller; - require the controller to transmit directly your personal data to another controller, specified by you, where technically feasible. (2) You could exercise your right to data portability by filling the request form in your profile or by sending an e-mail to the controller and indicate the format in which you require the data to be transmitted, as well as to whom.

Right to receive information

Art. 12. You have the right to require the controller to inform you about all recipients, to whom your personal data, for which has been required rectification, erasure or restriction of processing, have been disclosed. The controller is allowed to refuse to provide this information if this is impossible or involves disproportionate effort.

Right to object

Art. 13. You have the right to object at any time to processing of personal data concerning you including processing for the purpose of profiling or direct marketing

Your rights in case of personal data breach

Art. 14. (1) When the controller detects personal data breach, which is likely to result in a high risk to your rights and freedoms, the controller communicates the personal data breach to you without undue delay, as well as the measures taken or proposed to be taken by the controller. (2) The controller is not obliged to inform you if: - the controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach; - the controller has taken subsequent measures which ensure that the high risk to your rights is no longer likely to materialize; - it would involve disproportionate effort.

Persons, to whom your personal data is provided

Art. 15. (1) For the purpose of processing your personal data and provision of the service, the controller is allowed to provide your personal data to data processors, for which you are considered informed with this Privacy notice and the publicly available list of processors used by the controller. (2) Designated processors comply with all requirements of legality and security in the course of processing and storage of your personal data.

Other provisions

Art. 16. In case of violation of the principles of data protection or your rights according to this Privacy notice, the Terms of use or the applicable law, you could file a complaint before the competent national supervisory authority. Art. 17. You could exercise all of your rights related to the processing of your personal data by using the exemplary forms of ADSuisse or by using the functionalities in your profile. Of course, you can also exercise your rights by sending us an e-mail with a request. Please, have in mind that ADSuisse as a data controller with respect to your personal data may require additional information and certification of your identity for safety and security purposes. Art. 18. ADSuisse may at any time amend the Privacy notice for which it shall publish a notification on its website. Your continued use of the service after the publication of the amended Privacy notice means that you consent that your personal data shall be processed under the terms as set out therein.