This privacy protection declaration gives you an overview of the personal data that re Recognition GmbH (hereinafter referred to as “re Recognition”) collects, how this personal data is processed and to whom it may be passed on. You will also find out which rights you have as a data subject and how you can exercise them.
This English version is a translation of the German version and shall not have binding effect.
2. Legal basis
When processing your personal data, we take into account not only the Swiss Data Protection Act (Federal Act on Data Protection (DSG); SR 235.1) and its ordinance (Regulation to the Federal Act on Data Protection (VDSG); SR 235.11), but also – if and to the extent applicable – the General Data Protection Ordinance of the European Union (Ordinance (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, on the free movement of such data and on the repealing Directive 95/46/EC (General Data Protection Regulation)).
- Contact details of the controller and internal data protection officer
Controller: re Recognition GmbH
Internal data protection officer: [Name]
Address: Höhenstrasse 5a, 8280 Kreuzlingen, Switzerland
Phone: +41 (0)71 672 51 00
If you have a concern regarding data protection, you can send it by post or e-mail to the contact address mentioned above. You can contact the internal data protection officer at the same contact address or by e-mail at [e-mail address of the data protection officer].
The data protection declaration of the re Recognition is based on the terms used by the GDPR. Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. The processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
g) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Basis for the processing
We comply with the principles imposed on us by the data protection laws of Switzerland and – if applicable – the European Union. This means that we transparently explain to you which personal data we process for which purpose. We only process personal data which we have received lawfully and which we may process on the basis of a legal basis.
A legal basis can be (i) the initiation or performance of a contract, (ii) your consent, (iii) a law or (iv) a public interest that allows us to process the data, or (v) a legitimate interest on our part (e.g. preservation of the functionality of our IT systems, documentation of business contacts, marketing of our own and third-party products and services, quality assurance, etc.).
- 6. Purpose and Scope of the processing of personal data
a) Purpose of the processing
We primarily process the personal data that we receive in the course of our business relationship with you and other business partners or that we collect when operating our website, apps and other applications. We use the personal data we collect primarily to conclude and process our contracts with you and our business partners, in particular in connection with our business activities, the purchase of products and services and to fulfil our legal obligations at home and abroad. In addition, we process personal data from you and other persons, to the extent permitted and deemed appropriate, for the following purposes in which we (and sometimes also third parties) have a legitimate interest:
- Securing the quality and further development of our offers, services, apps and other platforms on which we are present;
- Administration and maintenance of the customer relationship (e.g. change of address) as well as invoicing;
- Communication with third parties and processing of their enquiries;
- Reviewing and optimising procedures for needs analysis to address customers directly and collecting personal data from publicly available sources to acquire customers;
- Advertising and marketing (by post, telephone, e-mail or SMS), provided that you have not objected to the use of your data;
- Assertion of legal claims and defence in connection with legal disputes and official proceedings;
- Prevention and investigation of criminal offences and other misconduct (e.g. conduct of internal investigations, data analysis to combat fraud or verification of access authorisation);
- Ensuring our operations, in particular IT, our website, apps and other platforms;
- Purchase and sale of business units, companies or parts of companies and other transactions under company law and the associated transfer of personal data.
b) Conclusion of a contract for a re Recognition product or service
When concluding a contract with re Recognition, we collect the following personal data from you in connection with the execution of the contract:
- Salutation (gender);
- First name and surname;
- Address incl. house number, postcode and place of residence;
- Telephone number (landline and mobile);
- E-mail address;
- Job Title;
- If applicable, further information and data about the customer in connection with the conclusion of the contract.
As part of our business relationship, you must provide the personal information necessary to establish and conduct a business relationship and to fulfill the contractual and legal obligations associated therewith. Without the aforementioned data, we will generally not be in a position to conclude a contract with you or the person you represent, or to process it.
We process the personal data mentioned at the beginning within the scope and on the basis of this consent, insofar as we cannot rely on any other legal basis.
If you select an online payment option (e.g. credit card purchase) when purchasing a product or service, payment is made via the online payment system of the respective provider. In this case, personal and payment data is processed directly by the provider of the respective system. We do not know or store your payment data. In this case, please observe the data protection regulations of the respective provider of the online payment system.
c) Newsletters and promotional e-mails
On our website you are given the opportunity to subscribe to our newsletter. The input mask used for this purpose determines what personal data are transmitted.
If you have agreed that we may use the data you have entered for advertising purposes, we will send you regular newsletters to draw your attention to further offers, services and news.
The enterprise’s newsletter may only be received by the data subject if you have a valid e-mail address and registered for the newsletter shipping. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller in a different way.
Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects. Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. You are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted. We automatically regard a withdrawal from the receipt of the newsletter as a revocation.
d) Visiting the website of re Recognition
The website of re Recognition collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. The following data may be collected:
- the browser types and versions used;
- the operating system used by the accessing system;
- the website from which an accessing system reaches our website (so-called referrers);
- the sub-websites;
- the date and time of access to the Internet site;
- an Internet protocol address (IP address);
- the Internet service provider of the accessing system, and
- any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, re Recognition does not draw any conclusions about the data subject. Rather, this information is needed to deliver the content of our website correctly, optimize the content of our website as well as its advertisement, ensure the long-term viability of our information technology systems and website technology, and provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, re Recognition analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise.
e) Contact via the website
If you contact us by e-mail or via a contact form on our website, the personal data you transmit is automatically stored. This personal data is stored for the purpose of processing the request or establishing contact.
- Transfer of personal data to third parties
In the context of our business activities and the purposes listed in Clause 6a), we also disclose your data to third parties, insofar as we have obtained your consent, we are legally obliged to do so or it appears to us to be appropriate, either because they process it for us or because they wish to use it for their own purposes. In particular, the following places can be receivers of your data:
- Service providers from us (e.g. banks, insurance companies), including contractors (e.g. IT providers);
- Dealers, suppliers, subcontractors and other business partners (e.g. suppliers of hardware, software, licenses or domains, landlords of lines or a hosting partner);
- Collection agencies;
- Credit verification companies;
- Domestic and foreign authorities, government agencies or courts;
- Public, including visitors to the website and social media;
- Competitors, industry organisations, associations and other bodies;
- acquirers of business units or companies or those interested in acquiring such units or companies;
- Parties in possible or actual legal proceedings.
Your personal data will not be transferred to third parties for purposes other than those listed in Clause 6a). In addition, the data passed on may only be used by third parties for the purposes specified in Clause 6a). If your data is passed on to the named recipients, only the personal data required for identification will be passed on. The data recipient processes the transmitted data on his own responsibility in accordance with the applicable data protection regulations. We reserve the right to disclose personal data on the basis of a court decision or by law, e.g. to a criminal prosecution authority, to pursue and uncover unlawful activities or to the PTS service.
The above-mentioned consignees are partly resident in Switzerland, in Europe or in third countries. In particular, you must expect your data to be transferred to all countries, in particular other European countries and third countries where the service providers we use are located (e.g. Microsoft, SAP). If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection by means of appropriate contracts (in particular on the basis of the so-called standard contractual clauses of the European Commission, cf. https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.) or so-called binding corporate rules or rely on the statutory exceptions of consent, contract execution, the establishment, exercise or enforcement of legal claims, predominant public interests of the published personal data or because it is necessary to protect the integrity of the data subjects. If the company concerned is certified for the Swiss-U.S. Privacy Shield (https://www.privacyshield.gov/welcome), a standard contract is concluded. You can obtain a copy of the contractual guarantees mentioned above from our internal data protection officer at any time, unless you can call up the link above. However, we reserve the right to black out copies for reasons of data protection or confidentiality or to supply only excerpts.
- Use of technologies
You may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
b) Google Analytics (with anonymization function)
On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service.
Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
For the web analytics through Google Analytics the controller uses the application “_gat. _anonymizeIp”. By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America.
These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties. The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
- Data security
We operate secure data networks that comply with the applicable technical standards. Appropriate technical and organizational precautions are taken to conscientiously protect your data from loss, destruction, falsification, manipulation or unauthorized access.
Although re Recognition uses all means necessary to prevent the disclosure of data due to data transmission errors or to prevent unauthorized access by third parties, it cannot accept any liability for such undesirable events. Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data via alternative means, e.g. by telephone.
- Period of data storage
We store personal data as long as it is or appears to be necessary for the execution of the contract or the purposes pursued with the processing. A different storage period may result from legal evidence and storage obligations, which are regulated in the Swiss Code of Obligations (OR, SR 220), in the Telecommunications Act (FMG; SR 784.10) or in the Federal Act on the Supervision of Postal and Telecommunications Traffic (BÜPF, SR 780.1), as well as for reasons of preserving evidence or avoiding the limitation of legal claims. The minimum storage period is generally ten years. As soon as your personal data is no longer required for the purposes specified in Clause 6a), it will be deleted or anonymised to the extent possible.
- Rights of the data subject
Your personal data belongs to you. You are therefore entitled to decide for yourself what happens to your personal data and may know at any time what happens to your personal data. You have the following rights in this regard:
a) Right of access
You can request information about your personal data processed by us. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, limitation of processing or objection, the existence of a right of appeal, the origin of your data if not collected from us, and the existence of automated decision-making, including profiling and, where appropriate, meaningful information on its details.
b) Right to rectification
Furthermore, you are entitled at any time to demand the correction of incorrect or incomplete personal data stored by re Recognition.
c) Right to erasure (Right to be forgotten)
Furthermore, you are entitled to demand the deletion of your personal data stored by re Recognition, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
d) Right of restriction of processing
You are also entitled to request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and re Recognition no longer needs the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection against the processing.
e) Right to data portability
Furthermore, you have the right to receive the data you have provided to re Recognition in a structured, common and machine-readable format or to request that it be transferred to another person in charge.
f) Right to object
If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data, if there are reasons for doing so that arise from your point of view. re Recognition shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
g) Right to withdraw data protection consent
You can revoke your consent at any time. As a result, re Recognition may not continue the data processing based on this consent in the future.
If the processing of personal data serves marketing and advertising purposes, you may revoke your consent to the processing for these purposes in general or in relation to certain products or services.
At this point we would like to point out that there is no possibility to object to general advertisements on Internet pages. This is the same type of advertising that you will find in a print newspaper or magazine.
h) Right of appeal
You have the option of complaining to the competent data protection supervisory authority if you are of the opinion that the processing of your personal data violates statutory provisions. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.
i) Enforcement of the rights of data subjects
When exercising the rights of the data subject, re Recognition reserves the right to assert the restrictions provided by law, among other things, if there is a legal obligation to store or process certain personal data, if re Recognition has an overriding interest in storing this data, or if this data is necessary for the assertion of claims. If costs are incurred in this respect, the relevant information will be provided in advance. The exercise of the right of revocation may also conflict with contractual agreements, which may entail cost consequences.
The assertion of the data subject’s rights against re Recognition must be addressed to the internal data protection officer by post or e-mail.
This data protection declaration corresponds to the status as of 1stOctober 2019.
When needed, our approach is to work in partnership with our clients to support them in developing solutions for bespoke, complex ICR/OCR challenges.
Out team has significant experience of the ICR/OCR needs across a range of markets from finance, education, healthcare, document management and more. With access to our technical specialists, consultants and partners experienced in developing solutions, we can support you in the quest for sophisticated ICR/OCR capabilities.
Get in touch
To learn more about our innovative technology, please contact us.