Privacy Policy
Privacy Policy
Version: 1.2
Last updated: December 10, 2024
Hereby is described the privacy practice of collecting and processing personal data provided by persons engaging in business relations regulated by Terms and Conditions and other relevant documents (hereinafter Clients or you, your) with Rocket Soft AG, REG. Nr. CHE-330.661.254, Am Baumgarten 4, 6314 Unterägeri, Switzerland, under the brand XSwiss (hereinafter XSwiss or we, us and our) that possesses and operates an internet website www.xswiss.com (hereinafter the Website). The provisions of this Privacy Policy are subject to Federal Act on Data Protection (FADP) in the current version, on the protection of natural persons.
In case of conflict between this Privacy Policy and FADP (due to amendment of a legal act or for other reason), relevant parts of these legal acts shall be applied.
INTRODUCTION
We understand the importance of protection of your privacy and personal data and commit a lot of efforts to developing and maintaining high standards of our inner security measures and technologies to provide you with secure processing and storage of the data we collect from you; and keep your data safe against unauthorized or unlawful processing and against accidental loss, destruction or damage.
PERSONAL DATA WE PROCESS AND ITS OBJECTIVE
When registering for the Account and using XSwiss’s Services, we may collect and further process (see chapter 2 below) the following categories of your data:
Information requested during registration of the Account that identifies you, for example your name, date of birth, citizenship, etc.
Financial information, including your income, source of income / funds, taxation residence information, etc.
Your identity and residency verification documents, for example passport and/or ID card, utility bill, insurance contract, tax statement, rental agreement etc.
Contact information, i.e., your phone number, e-mail address, etc.
(information described above under a., b., c., and d. is hereinafter separately or collectively referred to as “Personal Data”).
We do not collect any of your Personal Data without your permission.
We use Google Analytics on our Website. If You want to know more about Google Analytics and how you can control the information collected by Google, please visit this link.
We do not intend to solicit or collect Personal Data from anyone under the age of 16 or under the legal age of your country, if it is higher. If you are under 16 or are not of a legal age of your country, do not enter any Personal Data on our Website.
The term we keep the Personal Data collected depends on the type of information, the purpose of its use, nature of sensitiveness, etc. To the general rule, we will retain your Personal Data for the length of time reasonably needed to fulfill the purposes outlined in this privacy policy, including for as long as needed to provide you with our products and Services, unless a longer retention period is required or permitted by law. We will also retain and use your information for as long as necessary to resolve disputes and/or enforce our rights and agreements.
We collect and process the Personal Data to fulfil our contractual obligations and legitimate interest before you, namely:
provide Services, including execution of requested transactions and related maintenance of the Services you registered for and manage the account you hold;
provide you with the information about your activities on the Account;
inform on any changes and updates to the Services you are provided with;
assess and mitigate risks related to anti-money laundering and terrorism financing regulations as well as transaction related risks;
comply with applicable legislation;
maintain actions in relation to legal claims;
provide additional or supportive services, as well as perform Client surveys, statistical analysis;
to ensure marketing activities (send you news, updates, promotions, product information, event announcements, and other).
improve the performance and functionality of our Services.
The above list may be extended depending on the development of the Services.
PROCESSING OF YOUR PERSONAL DATA
Your personal data may be received and processed:
by XSwiss within our inner systems of processing, which complies to technical and organizational measures in a manner that meets applicable requirements of the FADP and security standards; and/or
at outsource service providers and processors who access and use the data only to the extent required to perform the obligations subcontracted to them by XSwiss (hereinafter “Sub-processors”).
Those Sub-processors perform tasks on our behalf and are contractually obligated not to disclose or use collected information for any other purposes, then storage, help in facilitation of technical aspects of our Services or perform functions related to the administration of Services (collection and analysis) or other indicated under contractual closes.
You give your explicit consent that XSwiss may on its own discretion to engage Sub-processors, who comply with technical and organizational measures in a manner that meet applicable requirements of the FADP and security standards implied under this Privacy Policy.
If such Sub-processors are located outside of Swiss Confederation, European Union or European Economic Area, or other country with an adequate level of protection as determined by the Federal Council, the processing of personal data is done or will be done in accordance with applicable laws.
Sub-processors remain fully liable for all obligations subcontracted to, and all acts and omissions of, XSwiss is not responsible in the event that information is disclosed at a result of a breach or security lapse at any such Sub-processors, or for such Sub-processors' non-compliance with the foregoing requirements.
INCIDENTS NOTIFICATION
If XSwiss becomes aware of any breach of our security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to (excluding unsuccessful attempts or activities) personal data of Clients on systems managed or otherwise controlled by us, we will assess the impact of the breach. If required for your protection or upon request by the Federal Data Protection and Information Commissioner (FDPIC), we will notify you promptly and without undue delay, in compliance with the procedure prescribed under the FADP or other applicable laws.
The notification will be made to your e-mail address at the discretion of XSwiss or by other direct communication available to XSwiss and allowed by Client (for example, by phone or e-mail). It is sole responsibility of the Client to provide us with the e-mail address and ensure that this e-mail address is valid and current.
None of notifications of data security breaches from XSwiss may be and will be construed as an acknowledgment of any fault or liability with respect to data incident by us.
CLIENT’S SECURITY COMMITMENTS
Client agrees that without prejudice to our security measures and data incidents that it is Client’s responsibility to make appropriate use of our Services to ensure a level of security appropriate to the risk in respect of your Personal Data and securing your authorization credentials, system and devices which you use to access to our Services.
We are not obligated to protect your Personal Data that you choose to store or transfer outside XSwiss and our Subprocessors’ systems, and cannot be held responsible for any negative consequences you may suffer as a result thereof.
CLIENT’S RIGHTS IN RESPECT TO ITS PERSONAL DATA
You have the following rights in relation to your Personal Data:
Right of access — You have the right to obtain from us information as to whether your Personal Data is being processed, and, where that is the case, information about the purpose of processing, categories of data, and recipients as well as access to such Personal Data.
Right to data portability — You have the right to request the transfer of your Personal Data to yourself or another controller in a commonly used, machine-readable format, provided that the processing is based on consent or a contract and is carried out using automated means.
We will not ordinarily charge you for exercising your rights under this policy. However, if your requests are excessive, repetitive, or manifestly unfounded, we reserve the right to charge a reasonable fee based on the administrative costs incurred or to refuse to act on such requests, as permitted under the applicable data protection laws.
COOKIE & SIMILAR TECHNOLOGIES
We also collect Cookie and similar technologies for collecting technical information, which contains unique identifiers from you. In brief words we automatically receive the web address of the site that you came from and the IP address of the computer or device that you are using to access. This information helps to understand your preferences, navigate website efficiently, and allows to develop and improve our Services, and to manage the load on our servers.
If you prefer not to allow cookies, please use your browser settings, most browsers give you an ability to manage your cookies or provide you with “incognito mode” or similar options, which allows you not to record your visits and downloads in your browsing and download histories. In this mode any cookies created during this type of session are deleted after you close all “incognito” windows.
For more details, please check our Cookie Policy.
CHANGES TO THESE PRIVACY POLICY
Please note that we may amend this Privacy Policy from time to time at our sole discretion. Therefore, please check this Privacy Policy for updates. If any significant updates in regard to data processing terms are made, we will notify you additionally within reasonable time via e-mail provided by you.
CONFIRMATION AND CONSENT
By applying for the Account with XSwiss, you declare and confirm that you have familiarized yourself with this Privacy Policy, understood its content and possible consequences.
By applying for the Account with XSwiss you consent to the processing (incl. collection, storing, receipt, forwarding, disclosing, making available, deleting, etc.) of your Personal Data, as described in this Privacy Policy.
CONTACT DETAILS
If you require any additional information or have any further questions concerning this Privacy Policy or you wish to use any of your rights regarding your Personal Data, please contact us at [email protected].
The supervising authority for privacy issues in Switzerland is: The Federal Data Protection and Information Commissioner (FDPIC)
Postal address: Feldeggweg 1, CH - 3003, Bern, Switzerland
Telephone: 058 462 43 95
Email: [email protected]
Website: https://www.edoeb.admin.ch
OFFICIAL COMPLAINTS
If you are not satisfied with our answers, or you still have questions or claims related to your Personal Data, you may also contact the Federal Data Protection and Information Commissioner (in German Der Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (EDÖB)) using contact details indicated above. Should you feel that your rights related to the Personal Data are or may be violated, you may also submit an official complaint to aforementioned authority.