The data controller for the purpose of data protection laws, especially the EU General Data Protection Regulation (GDPR) and Swiss Federal Act on Data Protection (FADP), is:
Tel.: +41 44 505 16 64
1. General information
The terms used in this policy are the terms defined in Article 4 GDPR.
We work together with our service providers and partners to protect all data processing operations from unauthorised access, loss, misuse and unauthorised changes, as effectively as possible and in accordance with the current state of the art.
1.1 Legal basis
Our legal basis for using your data depends on
- the services that you use (contract or pre-contractual measures, Article 6(1)(b) GDPR);
- our need to comply with a legal obligation (Article 6(1)(c) GDPR);
- consent that you have given us (consent, Article 6(1)(a) GDPR); or
- a legitimate interest, such as ensuring the security of the website, sending you information on the use of our platform or products, insofar as they are similar to those that you have already purchased or requested from us and you have not deactivated such communications (Article 6(1)(f) GDPR).
We use your data for purposes including
- providing our service to you and keeping that service up and running;
- informing you of changes to our service;
- providing customer service;
- improving our service;
- monitoring use of our service;
- recognising, preventing and correcting problems;
- sending you news, special offers and general information on other products, services and events we offer, as long as they are similar to those that you have already purchased - from us or enquired about with us, and provided that you have not disabled such notifications.
1.3 Processing of personal data
We process personal data in line with the EU GDPR and Swiss data protection law. Personal data is any information relating to an identified or identifiable natural person.
We process your data for as long as is necessary to fulfil the relevant purpose or purposes. When we are required to retain personal data beyond that period because we are subject to statutory and other obligations, we restrict processing accordingly.
2. Processing on our website (www.skribble.com)
2.1 SSL/TLS encryption on our website
We use SSL/TLS encryption on our website for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us. You can identify an encrypted connection because the address in your browser changes from http:// to https:// and, depending on the browser, if a padlock symbol is displayed in the browser bar.
When SSL or TLS encryption is enabled, third parties cannot read information that you send us via the contact form .
Please note that the transmission of data via the internet (e.g. when communicating by email) may be subject to security vulnerabilities. It is not possible to fully protect data from third-party access without using some type of email encryption, such as PGP or S/MIME, and you do so at your own risk.
2.2 Collection of server log files
You can generally visit our website without registering. When you visit our website, we store information on our server, such as the pages you access or the names of the files you open, along with the date and time of access, for statistical purposes. However, this data is not personal data.
We automatically collect and store information in server log files that your browser automatically sends to us. This information consists of:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the computer accessing our site
- Time of the server request
- IP address.
We can only associate this information with individuals indirectly. We will not combine this data with other sources of data. We reserve the right to review this data at a later point in time if we become aware of specific indications of unlawful use.
3. Rights of data subjects
Data protection legislation grants you the following rights as a data subject. To exercise one or more of these rights, simply contact our data protection officer.
3.1 Right of access
You have the right to request confirmation from us regarding whether or not we process personal data concerning you and, if we do, you have the right to access that personal data and the information described in Article 15 GDPR.
3.2 Right to rectification
As a data subject, you can change personal data that we have stored for you at any time or you can have us rectify it for you.
3.3 Right to erasure
As a data subject, you can submit a request for erasure at any time. Unless we are required by law or some other obligation to continue to retain your data, we will gladly grant your request. If we cannot erase your data, we will restrict its processing.
You can delete your account on your own in your profile settings. We would be happy to assist you with that.
3.4 Right to data portability
You have the right to receive the personal data concerning you that we process on the basis of your consent or a contract in a structured, commonly used and machine-readable format, and the right to transmit that data to another controller, if needed.
3.5 Right to object
Every data subject has the right to object to the processing of their personal data at any time on grounds relating to their particular situation.
We will no longer process that personal data unless we demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
3.6 Withdrawing your consent
You can withdraw your consent at any time once you have given it. To do so, send an informal request to our data protection officer or use our contact form or the opt-out link in our newsletter.
3.7. Right to file a complaint with a supervisory authority
If you are not satisfied with our reply to one of your requests to protect your personal data or with the way in which we are processing your data, you have the right to file a complaint with your local supervisory authority.
4. Use of data on our platform (my.skribble.com)
4.1 Security of processing
We use appropriate technical and organisational measures to ensure that your personal data is protected. The measures that we take are always in accordance with the current state of the art. Our employees are kept informed via regular updates and training. Our platform’s infrastructure runs on servers that are housed in ISO 27001-certified Swiss data centres, which have implemented high security standards.
4.2 Registering on the platform
To open an account on the platform, you only need to provide the following data:
- Email address
- First name and surname
- Mobile number.
Alternatively, you can register by using a supported single sign-on solution (such as trustID).
4.2.1 For businesses (single sign-on)
When you use single sign-on to provide your employees with easy access to our platform, your data is transmitted via the OpenID Connect API. As the data controller, you decide what data to send to us for authentication. We would be happy to send you a processing agreement. Just let us know if you would like us to do so.
4.3 Your details for paid services
When we provide paid services, we ask for additional data, such as payment details, so that we can process your order. We store this data in our system until the statutory retention period ends.
4.4 Data processing for our partners’ signature solutions
If you use advanced electronic signatures (AES) and/or qualified electronic signatures (QES) on our platform, our partners will handle the identification. We use an API to ask these partners if they have valid identification for you or we create an identity for you based on your data.
Our partners for signatures and identification are:
Swisscom (Switzerland) Ltd
Enterprise Customers Identification Services
GMO GlobalSign, Ltd.
Springfield House, Sandling Road
Maidstone, Kent ME12 2LP
A-Trust Gesellschaft für Sicherheitssysteme im elektronischen Datenverkehr Ltd.
Landstraßer Hauptstraße 1b
4.5 Processing of your support requests
HubSpot is certified to the Swiss-US Privacy Shield framework, and places great importance on the provision of privacy-friendly technology. In addition, we have agreed the European standard contractual clauses and regularly check the provider’s data protection compliance.
4.6 External payment provider (Stripe)
If you pay with Stripe, the data you enter will be transmitted to Stripe. Your data is transmitted on the basis of Article 6(1)(b) GDPR (contract). Your data is forwarded for the sole purpose of processing your payment and only to the extent that is necessary for that purpose.
4.7 External SMS provider
5. Third-party services on our website (www.skribble.com)
5.1 General information about cookies
Most browsers are set to accept cookies by default. You can adjust your browser’s security settings to reject cookies. If you do not accept cookies, you may not be able to use some features on our website, and some pages may not display correctly. You can find detailed instructions on how to set your browser to not store cookies here: https://www.allaboutcookies.org
5.2 Live chat via HubSpot
If you use live chat, we can see whether you have read a message and when. Please do not share any sensitive information or account details with us via live chat.
Data may be processed outside the EU when you use live chat. When this happens, HubSpot is bound by its commitment to the Swiss-US Privacy Shield, which requires HubSpot to fully comply with data protection standards.
We store this data to your account so that we can access your full communication history if you have a follow-up question.
5.3 Our newsletter via mailXpert
If you want to stay up to date with news, offers and customer information, and would like to receive our newsletter, all we need is your email address. You will need to confirm your email address to verify that you want to receive the newsletter.
5.4 Embedded social media links
Our website provides links to our company profiles on LinkedIn, Xing, YouTube and Twitter. When you access one of these links, you leave our website and you are redirected to the servers of that social media provider.
5.5 Surveys with Lamapoll
We regularly conduct online surveys using the web service Lamapoll (Langner Maibaum Notev GbR, Prenzlauer Allee 36 G, 10405 Berlin) for the purpose of gathering customers’ opinions and improving our services.
Lamapoll stores the responses on servers in Germany that comply with the highest standards of security. From there, they are transmitted to us via encrypted connections. It is not possible to connect your answers with your personal identity.
You can find more information about data protection at Lamapoll here: https://www.lamapoll.de/Support/Datenschutz
6. Questions for our data protection officer
If you have questions about data protection, please send us an email or contact our data protection officer directly:
PSW GROUP Consulting GmbH & Co. KG
+49 661 4802 7624