This privacy notice ("Privacy Notice") informs our website visitors, newsletter subscribers, event participants, customers and business partners (or persons acting on behalf of our customers and business partners) and job applicants ("you") about how Sourire en Soie AG ("En Soie", "we", "us") treats personal data ("Data") in accordance with the Swiss Federal Act on Data Protection ("FADP") and the EU General Data Protection Regulation ("GDPR"), as applicable, when using our website, when buying any of our products, when supplying services or products to us, communicating with us, subscribing to our newsletters, registering for and participating in events, when applying for a job vacancy or in any of the other situations set out in Section 3 below. Within the scope of the FADP, references in this Privacy Notice to the GDPR shall be understood as references to the corresponding provisions in the FADP.

Controller is Sourire en Soie AG, Strehlgasse 26, 8001 Zurich, Switzerland, info@ensoie.com.

You are in general under no obligation to provide us with any Data. However, if you do not provide the required information regarding certain use cases set out in Section 3, we may not be able to process your corresponding request, get in contact with you or provide the products and services to you.

If you share with us Data regarding any other individual (e.g. regarding your employer/employees, relatives, family members, colleagues, etc.), we assume that this Data is correct. By sharing such Data with us, you confirm that you are authorized to do so and that you have informed the affected individuals about this Privacy Notice and our processing of their Data.

3.1 Website Use

The Data processing related to your use of our website is limited to Data that is required to operate, provide and secure the website and the services provided thereon ("Website Use Data") and for web analysis purposes ("Website Analysis Data").

Categories of Data: When accessing our website, the following information about your access and device may be collected automatically: IP address, operating system, type of device, browser name and version, date and time of access, address of the website from which you were redirected to our website (if applicable), etc. We may analyze your use of our website with web analysis tools.

Purpose and legal basis: The processing regarding website use is based on our legitimate interest to operate and secure our website, in particular for security reasons to ensure the stability and integrity of our systems (GDPR 6.1.1.f). In addition, we may perform basic web analysis based on our legitimate interest (GDPR 6.1.1.f) to optimize the website regarding usability and to gain insights about the use of our website. The collected data will not be merged with other personal data or disclosed to third parties.

3.2 Cookies

Data may also be collected via the use of cookies. Cookies created in a web environment or app are small text files that are stored on your device. This enables the website or app to remember specific entries and settings (for example, your login, language, usage, preferences and statistics) over a certain period of time. That way, you do not have to re-enter them when browsing around the site during the same visit. First party cookies are cookies set by our website and, therefore, only our website can read them. In addition, a website might potentially use external services which also set their own cookies. These are known as third-party cookies. Persistent cookies are cookies saved on your computer that are not deleted automatically when you quit your browser, unlike a session cookie which is deleted when you quit your browser.

Categories of Data, purpose and legal basis: Based on our legitimate interest (GDPR 6.1.1.f), we use the following types of cookies for the following purposes:

• Essential cookies: These cookies are technically required for the functionality of the website and the provision of the website content and services.

The following overview lists the cookies we may use, their purpose and the duration for which they are kept:

You can disable the use of cookies at any time by deleting the cookies placed by the website on your device. Alternatively, you can disable the use of cookies in the preferences of your browser, but this might result in some functions of our website being unavailable to you or not functioning properly anymore.

3.3 Communication

We may be in contact with you by use of different channels, e.g. if you fill in contact or similar forms on our website, send us e-mails or by using other electronic (or hardcopy) communication means, whereby Data may be exchanged ("Communication Data").

Categories of Data: If you fill in our contact forms, send us an e-mail or another form of electronic message (or a hardcopy message, e.g. a letter), we may collect such information as your name, e-mail address (or other form of communication identifier, e.g. messenger nickname), phone number, subject matter, message content, related metadata and any other information you choose to disclose in your communication to us.

Purpose and legal basis: We use Communication Data to process your inquiry and any other related questions and matters based on the content of your communication with us (GDPR 6.1.1.a). We may keep this data to document our communication with you, for training purposes, for quality assurance, for follow-up inquiries (GDPR 6.1.1.f) and for regulatory purposes (GDPR 6.1.1.c).

3.4 Contracts

If we enter into a contract with you, or into negotiations regarding such contract, we may collect Data in relation to the conclusion and performance of such a contract ("Contract Data"). In general, we collect this Data from you or other contractual partners and from third parties involved in the performance of the contract, but may also use Data from third-party or public sources.

Categories of Data: Name, last name, address, e-mail address, password in case a login is created, bank details, further information relating to the conclusion and performance of the contract, to your preferences or to your feedback.

Purpose and legal basis: We use Contract Data for the preparation, conclusion, performance and administration of our contractual relationships and any questions or inquiries that might arise in that relation (GDPR 6.1.1.b). We may keep this Data to document our communication with you, for training purposes, for quality assurance and for follow-up inquiries (GDPR 6.1.1.f).

3.5 Job Applications

We may process Data you provide to us in connection with an application for a job vacancy ("Application Data").

Categories of Data: Application Data may include your contact information, information about your working permit situation, your education and professional experience and any other information you choose to provide to us in connection with your application.

Purpose and legal basis: We process Application Data for the assessment of your application and potential negotiation, preparation, conclusion and performance of an employment contract with you (GDPR 6.1.1.b). In case no employment contract is concluded, but you provide us with your consent to retain your application for further job vacancies, we may do so based on your consent (GDPR 6.1.1.a).

3.6 Marketing, Events and Newsletter

We may process your Data for marketing purposes and relationship management, including events and newsletters (altogether "Marketing Data").

Categories of Data: Marketing Data may in particular include your contact information (e.g. name, company type and name, business function / title, e-mail, address, etc.), such further data categories as your preferences (e.g. your areas of interest), information relating to your participation in events and use of our newsletters as well as Communication Data.

Purpose and legal basis: We process Marketing Data for marketing purposes and relationship management, for example to send personalized advertising for our services and products, e.g. in the form of newsletters or other regular contacts either in person, via e-mail or other electronic form, by phone or any other communication channel for which we have contact information from you and by any other marketing means (e.g. through events, fairs, etc.). We do so based on our legitimate interest to keep you informed about our products and services (GDPR 6.1.1.f), to the extent permitted by applicable marketing regulation, or, where required, based upon your consent in this regard (GDPR 6.1.1.a). In either case, you can object at any time or refuse or withdraw your consent to be contacted for marketing purposes.

4.1 Categories of Recipients

We may make your Data available to the following recipients (in compliance with the applicable legal requirements):

a) external service providers (e.g. IT services providers, newsletter service providers, carriers, etc.);

b) contractual partners (to the extent the disclosure results from such contracts);

c) competent authorities, including tax authorities and courts (in Switzerland and abroad, if we are legally obliged or entitled to such disclosure or if it appears necessary to protect our interests);

d) legal and professional advisors, including legal representatives, accountants and auditors;

e) transaction partners and advisors (e.g. in relation to mergers, acquisitions or other business transactions involving us).

4.2 Cross-Border Transfer of Data

We may transfer your Data to countries within the EEA or to the UK and to the following countries outside of Switzerland or the EEA/UK, provided that (a) such countries provide for an adequate level of data protection according to the assessment of the competent authority, (b) we ensure an adequate level of data protection based on appropriate safeguards, such as the EU Standard Contractual Clauses adapted to Swiss law to the extent required, or (c) it is relied on a statutory exemption: USA. For a copy of the Standard Contractual Clauses, please contact us as indicated in Section 1.

We process and retain Data for as long as our processing purposes, the legal retention periods and our legitimate interests regarding documentation require it. Except in case of contrary legal or contractual obligations, we will erase or anonymize your Data once the storage or processing period has expired. Regarding specific use/Data categories, we will in general retain your Data as follows:

• Website Use Data: Website Use Data will be processed for as long as required to enable the requested access and secure the stability and integrity of the relevant systems.
• Website Analysis Data: Website Analysis Data will be stored for as long as required to perform the analysis and will thereafter be deleted or anonymized.
• Cookies: Cookies will be stored on your device for the time period required to achieve the related purpose and as further set out above and will thereafter be deleted by your browser.
• Communication Data: Communication Data will be deleted after responding to / completing your inquiry if and to the extent (a) we are not legally obliged to retain such Data (e.g. for accounting or document retention purposes) and (b) we do not have an overriding legitimate interest to retain such data for documentation, quality assurance or similar business purposes or for the assessment or exercise of, or defense against, legal claims.
• Contract Data: We generally keep Contract Data for the duration of the statute of limitations duration regarding contractual claims, as calculated from the end of the contractual relationship if and to the extent (a) we are not legally obliged to retain such Data (e.g. for accounting or document retention purposes) for a longer period and (b) we do not have an overriding legitimate interest to retain such Data for documentation, quality assurance or similar business purposes or for the assessment or exercise of, or defense against, legal claims.
• Application Data: We generally keep Application Data for the duration of the application process and three months thereafter, unless you ask or allow us to retain your application for a longer time. We may retain Application Data for longer for the assessment or exercise of, or defense against, legal claims.
• Marketing Data: We generally keep Marketing Data for as long as necessary to achieve the respective purposes. Such Data will be deleted thereafter if and to the extent (a) we are not legally obliged to retain such Data (e.g. for accounting or document retention purposes) and (b) we do not have an overriding legitimate interest to retain such data for documentation, quality assurance or similar business purposes or for the assessment or exercise of, or defense against, legal claims.

As data subject you may have the following rights:

a) Information, i.e. to ask us whether we are processing Data about you, and if so, to provide you with further information related thereto.

b) Correction, i.e. to ask us to correct or complement your Data if it is incorrect or incomplete.

c) Deletion, i.e. to delete your Data (to the extent we are not under a legal obligation or have an overriding legitimate interest to retain such Data).

d) Object, i.e. right to object to the processing of your Data based on our legitimate interest (GDPR 6.1.1.f) by explaining your particular reasons and specific circumstances on which your objection is based. Regarding cookies through which certain Data may be collected, you can block the setting of such cookies at any time by changing the settings in your browser accordingly. Please note that a deactivation of cookies may result in a limited user experience and you may not be able to use every function of our website.

e) Restrict processing, i.e. to ask us to temporarily restrict our processing of your Data.

f) Data portability, i.e. to ask us to provide you in electronic form (to the extent technically feasible) the Data you have provided to us.

g) Withdraw your consent, i.e. to withdraw your consent if and to the extent you have previously given your consent to any specific purpose of processing of your Data. This will not affect the lawfulness of any processing carried out before you have withdrawn your consent (or any processing based on any legal basis other than your consent) and it may mean that we will no longer be able to provide our services to you.

In case you wish to exercise any of these rights, please contact us as specified in Section 1. Before responding to your request, we may ask for proof of identity. This helps us to ensure that your Data is not disclosed to any unauthorized person.

We would like to point out that your rights are subject to restrictions, which we may invoke in individual cases.

We have put appropriate technical and organizational security policies and procedures in place to protect your Data from loss, misuse, alteration or destruction. Despite these security measures, we cannot completely eliminate the security risks associated with data processing.

If you believe that our processing of your Data contradicts the applicable data protection laws, you have the possibility to lodge a complaint with the appropriate data protection authority.

The data protection authority for En Soie is the Swiss Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Berne, Switzerland (https://www.edoeb.admin.ch).

This Privacy Notice does not form part of any contract with you and we may amend it at any time. The version published on our website is the version that currently applies.

Last update: 24.05.2024