Validato AG, Claridenstrasse 34, 8002 Zurich, Switzerland, is the operator of the website www.validato.ch and the respective services offered. This Data Privacy Policy informs the users of this website in accordance with Swiss and EU data protection law about the nature, scope and purpose of the collection and use of personal data by Validato AG.
Your trust is important to us; therefore, we take the issue of data protection seriously and pay attention to appropriate security. We have taken technical and organizational measures to ensure that the Swiss (Swiss Data Protection Act (DPA)) and EU data protection regulations (in particular the EU General Data Protection Regulation (GDPR)) are observed both by us and by our external service providers.
So that you know what personal data we collect from you and for what purposes we use it, please take note of the information below.
When you visit our website, our servers temporarily store each access in a log file. The following technical data is collected without your intervention, as is generally the case with every connection to a web server, and is stored by us until it is automatically deleted after 12 months at the latest:
The collection and processing of this data is done for the purpose of enabling the use of our website (connection establishment), to ensure system security and stability on a permanent basis and to enable the optimization of our Internet offering, as well as for internal statistical purposes.
This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.
In order to purchase services from Validato AG in the online platform, you need to open a client account in the name of the client. When registering for a client account, we collect the following data:
The data is collected for the purpose of providing the client with password-protected direct access to his basic data stored with us (online platform). In this platform, the client can view his completed and open orders or manage or change the client's personal data.
The legal basis of the processing of the data for this purpose is the consent given by you according to Art. 6 para. 1 lit. a GDPR.
If you want to buy services in our online platform, we need the following data to process the contract:
Unless otherwise stated in this Data Privacy Policy or you have separately consented to it, we will only use the aforementioned data to process the contract, namely to perform the requested validation, to prepare and deliver the validation report to you and to ensure correct payment.
If you provide us with personal data of other persons, e.g. data about a candidate, you will only provide us with corresponding personal data if you are entitled to do so according to the applicable data protection laws and if the other person agrees (e.g. on the basis of a signed declaration of consent) that you provide us with the personal data for the purposes of the processing.
The legal basis of data processing for this purpose is the fulfillment of a contract according to Art. 6 para. 1 lit. b GDPR.
We only pass on your personal data as well as the data transmitted to us if you or the candidate has or have expressly consented to this, if there is a contractual or legal basis for this or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.
Furthermore, we will only pass on your data and the data of candidates to third parties if this is necessary within the framework of the use of the website or the processing of the contract (also outside the website), namely the provision of the purchased service (i.e. validation).
The data is passed on for the purpose of providing the requested service and maintaining the functionalities of our website. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If we make advance payments, e.g. in the case of an order on account, we may obtain credit information from a credit agency on the basis of mathematical-statistical methods in order to protect our legitimate interests. For this purpose, we transmit the required personal data or the data of the customer to a credit agency and use the information received about the statistical probability of a payment default for a weighed decision on the establishment, implementation or termination of the contractual relationship. The creditworthiness information may include probability values (score values) calculated on the basis of scientifically recognized mathematical-statistical methods, the calculation of which includes address data. Your interests worthy of protection are taken into account in accordance with the statutory provisions.
Our legitimate interest in data processing within the meaning of Art. 6 Para. 1 lit. f GDPR lies in the purposes described above.
We are entitled to transfer your personal data, those of the client or those of the candidate for the purpose of the data processing described in this Data Privacy Policy and the provision of services also subsidiaries of Validato AG and third companies (contracted service providers) abroad. These are obligated to data protection to the same extent as we ourselves. If the level of data protection in a country does not correspond to that in Switzerland or the European Union, we will ensure by contract that the protection of the personal data corresponds to that in Switzerland or the EU at all times.
For the sake of completeness, we would like to point out for users resident or domiciled in Switzerland that there are surveillance measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, limitation or exception based on the objective pursued and without any objective criterion that would make it possible to limit the access of the U.S. authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated both with the access to these data and with their use. Furthermore, we would like to point out that in the U.S. there are no legal remedies available to data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective judicial legal protection against general access rights of U.S. authorities. We explicitly draw the attention of the data subject to this legal and factual situation so that he or she can make an appropriately informed decision to consent to the use of his or her data.
We would like to point out to users residing in a member state of the EU that, from the perspective of the European Union, the USA does not have a sufficient level of data protection - among other things due to the issues mentioned in this section. Insofar as we have explained in this Data Privacy Policy that recipients of data (such as Google) are based in the USA, we will ensure either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield that your data is protected with our partners with an appropriate level.
You have the right to obtain information about the personal data that we store about you upon request. In addition, you have the right to correct incorrect data and the right to delete your personal data, provided that this does not conflict with a legal obligation to retain the data or an authorization that allows us to process the data.
If you have any questions or concerns regarding data protection on the Validato AG website, please contact our data protection rights contact by sending an e-mail with the subject Data Protection to [email protected] or a letter to the postal address Validato AG, Claridenstrasse 34, 8002 Zurich, Switzerland. In order to process your request, we may, at our sole discretion, require proof of identity.
We use appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share a computer with others.
We also take internal company data protection very seriously. Our employees and the service companies commissioned by us have been obligated by us to maintain confidentiality and to comply with the provisions of data protection regulations.
We store personal data only as long as it is necessary to use the tracking and analysis services mentioned above as well as further processing within the scope of our legitimate interest. We irrevocably delete the data of the persons to be validated as well as the corresponding validation report 120 days after the report has been generated. Contract data will be retained by us for a longer period of time, as this is required by legal retention obligations. Retention obligations that require us to retain data result from accounting regulations and tax regulations. According to these regulations, business communication, concluded contracts and accounting vouchers must be kept for up to 10 years. As far as we no longer need this data to perform services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.
Validato AG reserves the right to change this privacy statement at any time. We therefore recommend that you review this statement regularly.
Copyright © 2024 Validato