Privacy policy

A. General

The following describes the personal data that we collect as well as the manner and the purposes for which we process this information.

This privacy policy is divided into three sections:

  • Section A, the first section, provides information that is also relevant for section B and section C.
  • Section B, the second section, provides information on how we protect your personal data when you visit our website.
  • Section C, the third section, provides information on data protection for customers, suppliers and partners.

Any references to “we” or “us” in the following mean AAC Infotray AG.

1. Controller and data protection officer

1.1 The company AAC Infotray AG, Zur Kesselschmiede 31, 8400 Winterthur, Switzerland (+41 52 260 31 31) is responsible for your data and its processing.

1.2 The company data protection officer, Eugen Steiner, can be contacted at the above-mentioned address and by e-mailing datenschutz@infotray.com.

2. Updates and changes to this privacy policy

This privacy policy is currently valid and was last updated in March 2023. The further development of our website including our services and/or further development of our business activities as well as any changes to statutory or official provisions may require changes to this privacy policy. For this reason, we recommend that you regularly check this privacy policy on our website.

B. Information on protection of your personal data when you visit our website

1. Purpose of data processing and lawful basis

1.1 Visiting our website

When you connect to our website, the browser you are using automatically sends information to our website’s server. This information is retained temporarily in what is known as a log file. The following information is recorded and retained until automatically deleted:

  • IP address used
  • Web page visited
  • Date and time of the visit
  • Volume of data sent in bytes
  • Source/reference that took you to the page
  • Browser used
  • Language and version of the browser software
  • Operating system used

We process the data mentioned to ensure that a smooth connection is established and the website is easy to use, to guarantee network and information security, to analyze system security and stability, and for administrative purposes. Your data is also analyzed using internal systems (plug-in to the content management system (CMS)) in a form rendered anonymous. This enables us to better tailor our content and our offering to your needs.

You are in no way contractually or legally obligated to provide the above-mentioned information to us. Nevertheless, we require the data to enable you to use our website.

The lawful basis for processing this data is the protection of our legitimate interests. Our legitimate interest follows from the above-mentioned purposes for collecting data. We do not use the data to identify you. We also rely on website cookies and tracking services. For more details, please see item 3 in section B of this privacy policy.

1.2 Use of our contact form

In the event of any questions about our products, requests for consultation appointments, training registrations, user meeting registrations or any type of issues, we offer you the option of contacting us using a form provided on the website. This requires data such as a valid e-mail address, surname, first name, country, company/business name, telephone number, etc., to be provided so that we are able to identify from whom and from where the inquiry originated, whether we are able to answer accordingly, and the interest you or your company has. Any other details provided are optional.

Your consent is required for data processed for the purpose of establishing contact with us. This consent takes the form of the following phrase found at the bottom of each form: “By submitting this form, you agree that AAC Infotray AG may use your data to process your inquiry. AAC Infotray AG may contact you by e-mail, phone or mail for advertising purposes. You may revoke this consent to AAC Infotray AG at any time.” (Please see items 1 and 2 in section A for the address to revoke consent.)

The personal data that we collect for using the contact form is retained in our Limsophy customer management system and assigned to the relevant department. This ensures that your inquiry is dealt with promptly and professionally.

The personal data that we collect is transferred via e-mail to AAC Infotray AG and is not directly saved on the web server for the sites www.infotray.com, www.limsophy.com and www.limsophybpm.com.

1.3 Use of the upload/download portal

When exchanging data of any kind, we offer you the option to exchange files with us using an upload/download portal that we make available on the website. To use the upload/download portal, you will need to first register using a valid e-mail address, surname, first name, company/business name. Data processing requires your consent or agreements concluded to this end.

2. To whom do we disclose your personal data?

2.1 We only disclose your personal data to third parties if:

  • You have granted your consent.
  • Disclosure is necessary for us to establish, exercise or defend legal claims or other legitimate interests and there is no reason to assume that you have an overriding interest meriting protection in non-disclosure of your data.
  • There is a legal obligation underlying the disclosure.
  • Disclosure is legally permissible and is necessary for us to fulfill our contractual duties to you and for the data processing outlined in this privacy policy.

We employ the professional assistance of external service providers to process your data, in particular to operate our websites www.infotray.com, www.limsophy.com and www.limsophybpm.com. We carefully choose and commission our service providers and they are bound to act in accordance with our instructions. The website aac.infotray.com (data exchange, training, user meeting registration) is hosted directly by AAC Infotray AG.

2.2 Protection of your data in a third country

We only allow your data to be processed in a third country (including outside the European Economic Area) if the necessary statutory requirements that guarantee suitable protection of your data are met. Further details, particularly regarding the guarantees that exist in the case of disclosure outside Switzerland and copies of the disclosed data, can be obtained from the contact person mentioned under item 1.2 of section A.

3. Cookies and tracking technologies

A cookie is a small amount of data generated by a website and saved by your web browser on your computer or mobile device. Its purpose is to remember settings for your next visit.

All AAC Infotray AG websites use cookies to improve the user experience and to collect statistical data that may then be used to assess advertising campaigns.

Two of the cookies we use are cookies that are necessary for the website to operate and are activated as standard. You are able to reject the use of all cookies using your web browser, but then sections of the website will not function correctly. Other cookies, known as performance cookies, are installed for the purpose of analyzing user behavior within the browser and, more specifically, are responsible for the following:

  • Tracking the number and type of visits to the website and its subsites to enable us to identify the sections of the website attracting higher visits and those requiring improvement.
  • Collecting statistical data on the number of users and their usage patterns as well as improving the speed and performance of the website.

When visiting our website, you are notified about the use of all cookies and are able to deactivate performance cookies in the cookie settings. You are also able to opt out of the use of cookies (and of this website) at any time by deleting the cookies set by the website. To do so, adjust the settings in your web browser accordingly or delete all cookies. If you do not deactivate performance cookies, you consent to the use of cookies for the above-mentioned purposes.

4. What rights do you have?

Under data protection legislation applicable to you and to data processing, you have the following rights:

  • The right to request access to the personal data we process.
  • The right to request immediate rectification of your personal data retained by us or the right to have incomplete personal data completed.
  • The right to request erasure of your personal data retained by us unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
  • The right to request restriction of the processing of your personal data if a) you contest the accuracy of the data, b) the processing is unlawful but you oppose the erasure of the personal data, c) we no longer require the data but you, however, require the data for the establishment, exercise or defense of legal claims, or d) you have objected to the processing.
  • The right to revoke any consent you have already granted us. This means that we will no longer be able to continue any data processing that was based on this consent.
  • The right to object to the processing of your personal data if this data is processed on the basis of legitimate interests to the extent that there are reasons arising from your particular situation or the objection is to direct marketing. In the latter case, you have a general right to object that we would implement without a particular situation being cited.
  • The right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another authority if the requirements for this are met.
  • The right to lodge a complaint with the supervisory authority responsible.

In the event of any questions about the existence of these rights or exercising them, please feel free to get in touch with the person listed under item 1.2 in section A.

5. How do we ensure that your data stays secure?

We use the transport layer security (TLS) protocol together with the latest secure encryption and TLS version when our website is visited. You can see whether an individual page on our website is encrypted before being sent if you see a closed image of the key or padlock symbol in the browser.

We also make use of suitable technical and organizational security measures to protect your data against any incidental or deliberate manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with the latest technological standards.

C. Information on data protection for customers, suppliers and partners

You are receiving this information because you are a (potential) customer, supplier or partner of AAC Infotray AG or you work for a (potential) customer, supplier or partner. In this capacity and as part of our business relationship, you provide us with various personal data. AAC Infotray AG strongly believes in being transparent about how your personal data is handled and in a respectful working relationship. That is why we keep you informed on how we handle your personal data. By providing this information, we also fulfill our legal responsibilities to the extent relevant.

1. What categories of personal data do we process?

1.1 We primarily process the following personal data:

  • Master data (such as names and, if necessary, dates of birth), contact details (such as phone, e-mail, place of work, business card), signatures that you place on documents, authorizations submitted.
  • User accounts for use of our systems.
  • Your position and your employer and, if this is relevant for the business relationship, your professional activities, experience and qualifications, references and details of the services that you have rendered for us.
  • Correspondence notes, e-mails and meetings, your opinions, your feedback and your comments on minutes of meetings that have been provided and collected as part of business operations.
  • In specific cases, also financial data (such as bank account data) so that a payment may be made and/or data from your insurance institution for the purpose of claims management.
  • Information provided in the course of court and out-of-court proceedings if there are any.
  • Publicly accessible data.

1.2 From whom do we receive the data?

We receive the data directly from you or the company that employs you. We also retrieve the data from public registers or databases (such as commercial registers or the internet).

1.3 Obligation to share your data

In most cases, you are under no legal obligation to share your personal data with us. Nevertheless, it may be that you need to provide us with this data on the basis of a contract with you or the company for which you work (this may be the case, for example, if you are mentioned as a contact in a contract or you have to present specific data, such as references, due to a contractual agreement). Specific data also has to be provided for the purpose of concluding a contract (such as a company’s bank details, names, addresses, etc.). In some cases, non-provision of data may lead to a breach of contract.

2. For what purposes and on what lawful basis do we process your data?

2.1 We use the personal data collected to perform our business operations, in particular:

  • To conclude and execute contracts, including correspondence, invoicing, contract management, project development and management, protection and management of contractual claims.
  • To build and maintain business relationships, including marketing (making available information about our offering, invitations to events in our business area, greeting cards), maintaining contact, correspondence, customer management and customer satisfaction surveys.
  • To administer rights and use of our IT systems and internal tools.
  • To process claims and insurance cases.
  • To safeguard and keep sustainable our business operations as well as the management of our company, such as archiving, invoicing, consulting with specialists on business incidents, fulfilling information obligations to administrative bodies and authorities, ensuring compliance and guaranteeing secure access to systems.

2.2 Lawful basis for processing your data

The lawful basis for processing your data is primarily the content of the contracts that have been or will be concluded with you.

We also have a legal obligation to collect and process specific data, such as for accounting or invoicing.

Furthermore, it may be necessary for us to process your data to protect our legitimate interests. This may be the case if we:

  • Contact our existing customers and partners as well as new customers as part of our marketing campaigns.
  • Protect and execute our legal claims.
  • Guarantee the security and availability of our IT systems and other infrastructure.
  • Pass on data to our service providers for the purpose of conducting specific tasks for us.

Before we process data on the basis of our legitimate interests, we ensure that your rights to data protection do not outweigh our legitimate interests. If you do not agree to processing on this basis and if specific conditions are met, you may lodge an objection to this. An objection to direct marketing may be lodged at any time. You can read more about your rights under item 5 “What rights do you have?”.

In rare cases, we of course process personal data that you have made available to us voluntarily and without the presence of the lawful bases mentioned above. You may revoke your consent in regard to such data at any time with the consequence that we are no longer permitted to use the data and will delete it. Any processing before this will, however, remain unaffected.

3. To whom do we disclose your personal data?

The disclosure of data constitutes data processing. For this reason, we only disclose your personal data to third parties if there is a lawful basis for this (as described under item 2.2 in section C, the lawful bases used by us are generally a contract with you, legal obligations, legitimate interests or consent).

Your data may also be shared with partners and customers if the business relationship, the project or common market practice requires this. Your personal data may also be shared with the following service providers, companies and authorities:

  • Companies rendering services for us on a contract basis such as IT hosting and maintenance suppliers, marketing agencies, consultants, banks, insurance companies, mailing services, etc., including processors.
  • Other subcontractors and business partners whose services we legally procure or with whom we are in a joint business relationship.
  • Authorities, law enforcement and courts in the event that they are required for the above-mentioned purposes if required by law or to legally protect our legitimate interests in fulfilling the applicable legal provisions.

The third parties listed above to whom we may disclose personal data may be based in Switzerland or other countries, including countries outside Europe. If we process personal data outside Switzerland or this occurs as part of using third-party services or communicating or transferring data to third parties, this only takes place if the conditions required under data protection legislation are met and, as a result, a reasonable level of protection can be assured for the personal data (through a suitability decision, standard contract clauses, privacy shield rules, etc.). More details on this and particularly a copy of the guarantees specifically available can be requested at any time from the contacts mentioned under item 1.2 of section A.

4. For how long do we retain your data?

We retain your data for as long as (i) required to fulfill the purpose of processing and/or (ii) there is a legal obligation that underlies retaining of the data such as statutory retention obligations for business documents and/or (iii) retention is required to establish, exercise or defend legal claims. As soon as we no longer need your personal data for any of the above-mentioned purposes, it is archived, erased or rendered anonymous to the extent practicable.

5. What rights do you have?

Under data protection legislation applicable to you and to data processing, you have the following rights:

  • The right to request access to the personal data we process.
  • The right to request immediate rectification of your personal data retained by us or the right to have incomplete personal data completed.
  • The right to request erasure of your personal data retained by us unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
  • The right to request restriction of the processing of your personal data if a) you contest the accuracy of the data, b) the processing is unlawful but you oppose the erasure of the personal data, c) we no longer require the data but you, however, require the data for the establishment, exercise or defense of legal claims, or d) you have objected to the processing.
  • The right to revoke any consent you have already granted us. This means that we will no longer be able to continue any data processing that was based on this consent.
  • The right to object to the processing of your personal data if this data is processed on the basis of legitimate interests to the extent that there are reasons arising from your particular situation or the objection is to direct marketing. In the latter case, you have a general right to object that we would implement without a particular situation being cited.
  • The right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another authority if the requirements for this are met.
  • The right to lodge a complaint with the supervisory authority responsible.

In the event of any questions about the existence of these rights or exercising them, please feel free to get in touch with the person listed under item 1.2 in section A.

6. How do we ensure that your data stays secure?

We make use of suitable technical security measures (such as backing-up IT systems and building protection) and organizational security measures (such as internal guidelines, training, handling instructions) to protect your data against any incidental or deliberate manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with the latest technological standards.