Olofsen Security Consultancy

Privacy Policy of Olofsen Security Consultancy

As Security specialists, Olofsen Security Consultancy holds your privacy as its highest priority. After all, Security & Privacy are unmistakably inherently connected. Following Article 13 of the Swiss Federal Constitution, the data protection regulations of the Federal Government (Bundesgesetz über den Datenschutz) and in accordance with GDPR for European clients, every individual is fully entitled to maximum protection of their privacy as well protection against misuse of their personal data. This privacy policy is a direct embodiment of article 24, paragraph 1 and paragraph 2 of the General Regulation on Personal data (GDPR). OSECON considers it most important to give its clients, business associates and/or other involved individuals a clear and transparent understanding about the data processing within OSECON as well the privacy rights that any individual has on basis of the GDPR. In this way, OSECON attempts to create awareness about the use of your Personal data in order to make an active and conscious choice about your privacy.

  • 1. Who are we and why this privacy statement?

  • With this Privacy Policy, we, OSECON (hereinafter “OSECON”, “we” or “us”), describe to our Data subjects (hereinafter “you”, the “client or “Data Subject”) how we collect and further process your Personal data in accordance with the General Data Protection Regulation (“GDPR”). In this Privacy policy, we intent to specifically inform you about us as the Controller, who our concerned Data Subjects are, the Processing of your Personal data, the purposes we exert for Processing your Personal data, the Legal ground(s) on which the Processing of the Personal data is based on, the retention period(s) that are applicable to your Personal data, the use of cookies and tracking technologies on the website, if and under what conditions Data transfer takes place to other organisations/countries, our Data security policy and your rights under the GDPR. This Privacy policy is not necessarily a comprehensive documentation of our complete data process. We have attempted to incorporate the most relevant topics as carefully and comprehensible as possible. It is, however, possible that, depending on the specific circumstances and/or the business relationship between us, other Privacy policy’s, Disclaimers, General Terms and Conditions, Conditions of Participation and/or other documents may be applicable to the specific circumstances of the business relationship between us.

    Our contact information:
    OSECON Address: Brülisauerstrasse 4c, 9050 Appenzell-Steinegg (AI) Schweiz E-mail: info@osecon.ch UID: CHE-411.935.167

    Please note that any (undefined) term in this Privacy policy shall, in case the term is defined within the GDPR, have the exact equivalent meaning as defined in the GDPR. You may find the GDPR in any European language by clicking here

    This privacy policy was last revised on 31 August 2020. OSECON reserves at all times the right to unilaterally change or revise the current version of the privacy policy. For this reason, OSECON advises you to revisit this page on a regular basis to stay updated on the last version of this privacy policy. If it is necessary to make major changes to (parts of) this privacy policy, a clear statement will follow on the 'homepage' of our website: https://www.osecon.ch and/or will be communicated to you by e-mail (if registered) when our business relationship requires that the modified version of the privacy policy is made available personally.

  • 2. OSECON as ‘Controller’ of your Personal Data & OLECO as our EU-representative:

  • The GDPR imposes substantial responsibilities and requirements on the Controller of your Personal data. But let’s first clarify with that is meant by ‘Controller’: in terms of the GDPR, OSECON could defined as “the legal person which, alone or jointly with others, determines the purposes and means of the Processing of your Personal data”. In other words, we are primarily responsible for and in control of the conduct for Processing Personal data that we (may) acquire from you whilst making use of e.g. our services or website.
    The GDPR additionally requires that we appoint a European representative in a European Member State as we have our principle place of business outside the European Economic Area (“EEA”). For this reason, we have appointed
    OLECO – A Dutch legal consultancy with its principle office in The Netherlands – as our representative for privacy related concerns within the EEA:

    Contact details of our representative: OLECO Address: Bolderweg 2, 1332 AT in Almere (the Netherlands) Chamber of Commerce: 74506994 (the Netherlands) Contact: info@oleco.nl

    If you in any case want contact us about any (Personal) data (protection) related concern(s), then please don’t hesitate to contact us or our representative with the contact details as provided under Section 1 or 2 of this Privacy policy.

  • 3. Categories of concerned Data subjects

  • For the performance of our services and activities, we (may) process the Personal data from the following main categories of Data Subjects:
  • 4. The Collection and Processing of Personal data

  • OSECON primarily processes Personal data, according to our purposes, that is acquired from clients, business partners/contacts, affiliated partners and/or other affiliated parties, as well as from other categories of Data subjects as mentioned under section 3 in the context of our business relationship(s) with them and/or collected from them as web users when operating our website(s), (social media) platforms, and/or other (online) applications.


    Please be advised of the following: our (digital) services, website and/or other online (social) platforms do not intend to collect the Personal data of website visitors in the age range of 16-18 years. In the unusual case that we do need to process data of a minor, we then only do so with the explicit legal Consent of the parent(s) or guardian(s). Unfortunately, we can never confirm the age and/or technically prohibit a minor visiting the website(s) and / or social media platforms as they are (also) accessible to minors. For that reason, we recommend that you are involved in the online activities of your minors so that it can be prevented that they disperse their Personal data without your Consent. If you believe that we have erroneously processed the Personal data of a minor, then please contact us (Section 1 or 2) so that we can inspect this immediately and, if necessary, correct it accordingly.
    In this Privacy policy "Personal data" shall be defined as: “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular, but not limited to, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”(Article 4 sub 1 of the GDPR). We will only collect and process Personal data that we essentially need for our specified purposes for Processing as laid out in Section 5. We also periodically review the Personal data that we obtained from our Data Subjects and delete anything we don’t need, use (anymore) or have no (longer a) purpose for.
    Please note: if you provide us with Personal data of other individuals (e.g. from contacts, colleagues, acquaintances, friends, family members and/or other individuals whom Personal data is involved), please make sure that the respective individuals are aware of this privacy policy and only provide us with their Personal data if you are allowed to do so and provided such Personal data is accurate and truthful.
    There are various methods by which a Data subject can provide us and/or by which we collect/process Personal data from. For your information, we only refer in this Privacy policy to the most common ways in which Personal data is collected/processed by OSECON. The categories of Data Subjects mentioned in Section 3 may provide us with their Personal data while:

    Insofar it is permitted to us, we may also obtain certain Personal data from you in addition to the above-mentioned methods of data collection/processing. OSECON may obtain also Personal data from publicly accessible sources (e.g., intellectual properties registers, commercial registers, debt registers, press, internet, social media) and/or may process such information from business partners/contacts, affiliated partners, other associated parties and/or otherwise involved (Third) parties (e.g. legal representatives, expert/specialists, authorities) while engaging with and/or performing the agreement between us.
    Apart from Personal data you provide to us directly and/or at your own discretion, the categories of Personal data OSECON collect and process (either being requested or sourced as specified above) depend on the type of business relationship you have with use. Some of the following categories of Personal data might therefore not be applicable to your business relationship with us. Please find for the transparency the following – non-exhaustive – list categories of Personal data that might be processed by OSECON during our business relationship under the presumption that we have a predesignated Purpose and a Legal basis for it:
    1. A. Name, address, phone number, e-mail-address;

    2. B. Bank account number (most of the times the last 4 digits), file/case references, order numbers/references, IP address, and / or all other (personal) data necessary and / or helpful in the performance of the agreement;

    3. C. Information/extracts from (public or restricted) registers (e.g. Chamber of Commerce);

    4. D. Information in connection with your professional role and activities;

    5. E. Personal data about you in correspondence and discussions with Third parties;

    6. F. Credit/debit rating information;

    7. G. Information provided to us by individuals associated with you such as consultants, legal representatives and/or in other ways involved Third parties (e.g. references, delivery-address, powers of attorney, information regarding legal regulations such as anti-money laundering and export restrictions for purposes such as concluding or Processing agreements with you);

    8. H. Information from or regarding distributors and other business partners for the purpose of ordering or delivering services to you or by you;

    9. I. Information about you found on social media or internet (insofar required in connection to e.g. with job applications, media reviews, marketing/sales, personalisation of our (digital) services etc.);

    10. J. (General) statistical data in connection with your use of our websites (e.g. Anonymised IP address(es), information regarding your device and settings, cookies, date and time of your visit, sites and content retrieved, applications used, referring website, localisation data and/or other general statistical data about the use of our website and/or content);

    11. K. Data received in connection with administrative or court proceedings (e.g. in the unlikely event that there is a conflict between us);

    12. L. In some cases, in context of our business relationship: company details, financial information, signature, Personal data in correspondence between you and Third parties and / or all other (personal) data necessary, legally obligated and/or helpful during the business relationship between OSECON and its clients;

    13. M. Any other (Personal) Data necessary and/or relevant while conducting our business relationship with you.


    Please note: our (digital) services or website do not intend to collect the Personal data of individuals and/or website visitors under the age of 16, unless we have the explicit legal consent from the parent(s) or guardian(s). Unfortunately, we can never confirm whether a visitor is under the age of 16 as the website(s) and / or social media platforms are also accessible to minors. For that reason, we recommend that you are involved in the online activities of your children so that it can be prevented that they distribute their Personal data without your consent. If you believe that we have incorrectly processed the Personal data of a minor, then please contact us or our Representative (Section 1, Section 2) so that we can examine and correct this accordingly.
  • 5. The Purpose(s), Legal basis and Retention period(s) for Processing your Personal data

  • We primarily use your Personal data for the Purpose of concluding and executing agreements with our clients and business partners, in particular in connection to: carrying out our services in accordance with our agreement(s), providing our services and content as well as expanding, developing and/or investing into new services and/or business opportunities. We might also use your Personal data for the purpose of providing (information on) our other (potential interesting) service(s) to you and for the procurement of services from our Business partners/contacts, affiliated partners and/or other affiliated parties involved, as well to comply with our domestic and foreign legal obligations. You may also be affected by our data Processing in your capacity as an employee and/or that of other categories of Data subjects as mentioned under Section 3.
    To provide you a clear overview, below you’ll find the most common Purposes that we (might) invoke while Processing your (or other individuals) Personal data. In this paragraph, we will also explain on which Legal basis the Processing of your Personal data occurs and which Retention period we apply for the Personal Data we process. Please note however that this list is not exhaustive; we also may process your Personal data in case we have a purpose that is compatible with an ‘original’ purpose as mentioned under
    Section 5.
    Your Personal data may be processed by us for entering into and executing agreements in context of providing our (digital) services and (might) be further used for e.g.: maintaining contact with you about and in regard to our agreement, for invoicing/payment purposes, for account management (and other administrative matters) and for maintaining our business relationships with you (see Section 4 – A, B & H of this Privacy Policy for the Personal data that might be processed for this purpose).
    We process the Personal data on the Legal basis of the ‘Contractual necessity’. If we can’t invoke the Legal basis of Contractual necessity, we then may assert the legal basis of our ‘Legitimate interest’, insofar we have one. We may also process the Personal Data our ‘Legal obligation’ or sometimes also ask for your ‘Consent’. The above-mentioned information is kept for as long as necessary to properly perform our Agreement and/or (digital) services. We then afterwards destroy it, unless we are legally obliged to keep (part of) it longer or have another Purpose and/or Legal Basis for the continuance of Processing this data. Your financial/tax information is kept for as long as is necessary to comply with our legal obligation to keep our (tax) administration (ten years maximum).
    In case you ask us questions, make requests, fill-in online contact forms, use the messaging options on online (social media) platforms or for example register for our newsletter, we then may process your Personal data. With the use of your Personal data we (try to) get back to you and - depending on the extent of your question, request or registration - address you promptly and accordingly (see Section 4 – A up to and including M of this Privacy Policy for the Personal data that might be processed for this purpose).
    We process this information either under the legal basis of the
    ’Contractual necessity’ or on basis of our ‘Legitimate interest’ to respond to you and/or to eventually conclude the contact with you in case we can’t evoke the legal basis of ‘Contractual necessity’. In some cases, we might ask for your ‘Consent’. In any case will we keep your Personal data until we think you are satisfied with our response, unless another Purpose or Legal basis justifies a longer retention period for the use of this Personal data. If you have registered to- or purchased our (digital) services, we then will keep the registration information until the agreement with you has been executed and afterwards insofar necessary to comply with our ‘Legal obligation’ to keep our (tax) administration (ten years maximum).
    Your Personal Data may be processed for the marketing and advertising of our (digital) services and content or those of our (affiliated) Business partners/contacts, affiliated partners and/or other affiliated parties, and provided that you have not objected to the use of your Personal data for this purpose (see Section 4 – A, C, D, H, I, & J of this Privacy Policy for the Personal data that might be processed for this purpose).
    We primarily process this information on the Legal Basis of your ‘
    Consent’ or because it is in our ‘Legitimate interest’ (e.g. business continuity) to process this Personal Data. We keep this information as long as we have your Consent and/or may exert any of our Legitimate interests. In any case will your Personal data for this purpose be deleted after five years, unless we agree differently or have an active business relationship.
    When you use our website and/or (digital) services, we (may) obtain general visitor data. We use this data for statistical analyses (e.g. visit and click behaviour) of our website. With the use of this data we try to ensure a smooth connection setup and comfortable use of the website, evaluate our systems, security, stability as well optimising the functionality of the website. We try to Pseudonymise or Anonymise this data as much as possible and do not provide any of this data to Third parties who could use it for our own purposes, unless specifically specified in this Privacy Policy. In some cases, we or affiliated Business partners/contacts, affiliated partners and/or other affiliated parties involved may also process Personal data through cookies while using our website. When that is the case, we will explicitly inform you about it - see Section 6 for more information on our use of cookies and/or similar technologies. (see Section 4 – J of this Privacy Policy for the Personal data that might be processed for this purpose).
    We use this Personal data on the legal basis of your
    ‘Consent’ or our Legitimate interest’ while monitoring and improving our website and/or (digital) services. Anonymous data (which no longer contains any Personal data) is kept as long as they are relevant to us. Personal data collected via our website is kept until you withdraw your consent or we no longer have a use for this data. In any case will your Personal Data be deleted after five years, unless we agree differently or have an active business relationship.
    We send out a newsletter on a quarterly base for which there is an option to subscribe yourself. Once subscribed, you receive a periodical newsletter via e-mail with information, news and developments in regard to our services/content as well as general news items. If you wish to cancel this subscription, you may do so at any time via the unsubscribe link provided in the e-mail(s) send to you. (see Section 4 – A of this Privacy Policy for the Personal data that might be processed for this purpose).
    Your e-mail address will only be added to the list of subscribers after obtaining your
    ‘Consent’ while registering for our newsletter. We keep this information until you cancel the subscription or in a different way withdraw your Consent. In case you withdraw your Consent/unsubscribe, we then register your e-mail address on the blocking list to be certain you do not receive the newsletter again by accident.
    We may process your Personal data in case you send us an (open) job application. For this purpose, we may process Personal data such as your name, age, contact details, CV, grade lists, (optional) reference letters, (optional) diplomas, a motivation letter and/or other (job) specific information while assessing for potential employment (See Section 4 A, C, D, E & I of this Privacy Policy for additional Personal data that might be processed for this purpose). For screening purposes, we may also (on the legal basis of our Legitimate interests) process online/publicly available information about you such as your social media profiles and use the outcome of this information for further assessment; this will (afterwards) always be discussed/communicated to you. The (results of the screening) itself will never be the (sole) reason on which we reject applicants. In some cases, we may refer to the help of external HR consultants in regard to your application. In these instances, we (may) share your Personal data with them.
    The Legal basis on which we process your Personal data in case of an (open) job application is either ‘
    Consent’, ‘Contractual necessity’ (insofar we enter into an agreement) orLegitimate interest’ (to assess whether we are employing you). We do not keep your Personal data for the above purposes longer than necessary. If the application process does not conclude to being employment by OSECON, with your consent we will your Personal data maximum eight weeks after the procedure in case another candidate doesn’t complete the procedure and we might still want to approach you. In some cases, we may ask you to give us Consent to keep your Personal data for a longer period of time. In that case we will keep your data for a maximum of one year after the application process has ended.
    In addition, in line with applicable law and where appropriate, we may exert the Legal basis of ‘Legitimate interest’ to process your (or other individuals’) Personal data for the following purposes:
    In the event that we require additional Persona Data from you for a specific purpose, while not having communicated the Processing of the specific Personal data or having provided the Purpose of processing to you in advance, we in that case will contact you at the moment that we require the additional Personal data and provide you with the necessary information, next to explicitly requesting your Consent before initiating the Processing of the additional Personal data.
    Insofar we have not provided an exact retention period for Processing your Personal data, the following norm applies for the retention of your Personal Data: we process and retain your Personal data as long as required for the performance of our Contractual necessity, our Legitimate interest and/or compliance with our Legal obligations, as well as for other Purposes we pursue while Processing. For example, we keep your Personal data for the duration of the entire business relationship (from the initiation, during the performance of the contract, for invoicing purposes, up until it is terminated or) as well as beyond this duration in accordance with our Legitimate interest, your Consent, the period of limitations of actions and/or documentation/administration obligations, unless we have made a different agreement. Personal data may furthermore be retained for the period during which claims can be asserted against our company, insofar as the data serves a particular purpose and/or if our or affiliated partners Legitimate interests require further retention (e.g., for evidence and documentation purposes). As soon as your Personal data are no longer required for any of the above-mentioned purposes, they will be deleted or anonymised to the extent possible. In general, shorter retention periods of no more than twelve months apply for operational data (e.g. system logs).
    Please note: If you have given us your Consent to process your Personal data for certain purposes (for example when registering to receive our newsletters), we will then only process your Personal data within the scope and based on this Consent, unless we have another Legal basis, provided that we require one. Given Consent can be withdrawn at any time. This, however, does not affect the Personal data processed prior to withdrawal of your Consent. Please be advised that the withdrawal of Consent may in some cases result in us not being able to provide/deliver certain services to you and/or us not being able to guarantee any longer the correct execution of an agreement between us.
  • 6. The use of Cookies and similair technologies

  • We typically only use necessary and technical ‘cookies’ and/or similar techniques to allow our website to function. We won’t collect and process any Personal data with the use of the cookies on our website. A cookie is a small text file that is sent to your computer and automatically saved by the web browser on your computer or mobile device, when you visit our website. If you revisit our website, we may ‘recognise’ you, even if we do not know your identity. The necessary cookies we use are mostly session cookies and deleted after your visit of the website ("session cookies"). We use persistent cookies for the purpose of saving user configuration (e.g., language and remembering your cookie preferences so that the pop-up doesn’t show up the next time you visit the website). We may also use technical cookies in order to create a session-id so that Certain cookies are placed by us directly, others may come from business partners while visiting their website after clicking on a hyperlink (see below). Notwithstanding the foregoing, you may configure your browser settings in a way that it rejects cookies, only saves them for one session or deletes them prematurely. Most browsers are pre-set to accept cookies. If you block (our) cookies, it is, however, possible that certain functions (such as, language settings and remembering your preferences) are no longer available to you.
    When you visit our website for the first time, we display a pop-up message explaining the use cookies with a referring link to our Privacy Policy where you can find information about the cookies we use. Insofar applicable, we have made agreements with other businesses that place cookies on our website about the use of these cookies. However, we do not have full control over what they do with the cookies themselves. It is for this reason advised that you also pay attention to their privacy statements. In any case will OSECON only store cookies on your device that are strictly necessary for the operation of our website or provide us with general statistical information about the use of our website and/or services. Please check our Cookie table below for more detailed information about our cookies, the purposes they serve and which retention period we have set for these cookies while using them:


    Strictly necessary cookies

    Name of cookie
    Provider
    Purpose / categories of Personal Data
    Retention period
    Type of cookie
    _has_shown_rapidweaver_privacy_message_ true
    OSECON
    By visiting the site, a warning message will appear that will invite you to visit, with a link, the privacy and cookie information page. closing the message, the site will install a cookie in the browser's local storage so that display of the warning will not be shown again if it has been viewed and closed using the appropriate button. the file does not collect personal data, it only stores a "true" value if the user closes the alert.
    Until deleted
    HTTP Cookie -
    Persistant
    _PHPSESSID
    OSECON
    This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.

    Session
    HTTP Cookie - Session





    As can be seen from the Cookie table in Section 6, most cookies have a pre-set expiration date. They expire automatically after the set period and will from that point no longer record any data. Please see our Cookie table for the specific retention period for each type of cookie. You can also choose to delete the cookies manually before the expiration date. If you wish to do so, please read the instructions of your browser on how to do this.

    In addition, we may use plug-ins (‘buttons’) from social networks such as Facebook, Twitter, YouTube, Instagram, and LinkedIn on our websites. The buttons work by using pieces of code that come from the social media providers themselves and is visible for the website visitor (typically based on the respective symbols). We have configured these elements to be disabled by default. When activated (by clicking on them and/or by accepting all our cookies when you (first) visit our website), the operators of the respective social networks may record Personal data like IP addresses and/or place tracking cookies for their own purposes. This processing of your personal data lays in the responsibility of the respective operator and occurs according to their data protection regulations. We do not receive any information about you from the respective social networks. Please read the concerned privacy statement from Facebook, Twitter, YouTube, Instagram and/or LinkedIn (which may change regularly) to find out what they do with your Personal data that they process when they collect Personal data from you. The information they process is most of the time transferred to and stored by social media networks on servers in, among other places, the United States.
  • 7. Datatransfer and Transfer of data abroad

  • In the context of our business activities, (digital) services and in line with the purposes of the data Processing set out in Section 5, we may transfer Personal data to Third parties, insofar as such a transfer is permitted and we deem it appropriate, in order for them to process Personal data for us or, as the case may be, their own purposes. In this context, the most common categories of Recipients are:
    (together: “Recipients”).
    Certain Recipients of your Personal data may be within the EEA (and insofar applicable, have appointed a suitable Data Protection Officer), but they may also be located in any country worldwide. In particular, you must anticipate your data to be transmitted to other countries in Europe and the USA depending on where our service providers are located (such as for example Microsoft, Goole, Apple). If we transfer data to a foreign country, we ensure an appropriate level of protection as legally required and conclude an appropriate (Processor) agreements. In case we transfer your data to a non-EEA Processors, we will only do so on the basis of the standard contract clauses issued by the European Commission, binding corporate rules and while relying on the statutory exceptions of Consent, Contractual necessity or legitimate interest such as the establishment, exercise or enforcement of legal claims, publically published Personal data or because it is necessary to protect the integrity of the individuals concerned.
    We do not sell, trade, or otherwise transfer your personally identifiable information to third parties unless we provide you with advance notice, we have your explicit consent and adequate legal data protection is guaranteed. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business or servicing, as long as those parties comply with the GDPR and agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, protect ours or others' rights, property, or safety. Non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or be used for other purposes.
  • 8. Data Security

  • We have taken appropriate technical and organisational security measures to reliably protect your Personal data from unauthorised access, loss, destruction, distortion, manipulation, unauthorized copying, unauthorized access and/or other data Processing offenses in accordance with ‘Privacy by design’ and ‘Privacy by default’. OSECON has different internal policies in place such as a Data Breach Protocol, a processing register and e.g. clear privacy directives with or for service providers and/or other involved (Third) parties. The staff of OSECON is further regularly updated with the latest privacy developments and/or legislation. As to technical measures, OSECON has made sure that IT and network security solutions are in place such as access controls and restrictions, physical access measures and organisational measures for access security, security of network connections via Transport Layer Security (TLS) technology, encryption of data (carriers) and transmissions, Pseudonymisation and/or Anonymisation of Personal Data, regular inspections, quality assurance and other technical and organisational (security measures) while processing your Personal Data.
  • 9. Third-party website(s)

  • Please be advised that this Privacy Statement and cookie Section do not apply to any Third-party websites linked to- or from our website through hyperlinks. We have no overview and/or influence and therefore cannot guarantee that these Third parties handle your personal data in a reliable, safe manner and in accordance with the GDPR. Please read the privacy statements of these Third parties before sharing Personal data with them.
  • 10. If you don’t want to provide Personal data to us in context of our business relationship

  • In the context of our business relationship, we ask you to provide us with any Personal data that is necessary for the conclusion and performance of our business relationship and the performance of our contractual obligations. As a rule, however, no statutory requirement exists to provide us with your Personal data. Do be advised that, without certain information, we will usually not be able to enter into- or carry out a contract/service with you (or the entity or individual you represent).
  • 11. Profiling and automated individual decision-making

  • In establishing and while carrying out a business relationship or while using our website, we generally do not use any automated individual decision-making (such as pursuant to article 22 of the GDPR). Should we decide to use such methods, we will then inform you separately on this and advise you of your relevant rights insofar required by law.
  • 12. Your rights under the GDPR

  • In accordance with and as far as provided by the GDPR you have different rights in regard to us Processing your Personal data. More specific, you have the Right of access (Art. 15 GDPR) - This right grants the Data subject insight in the Personal data concerning him or her and into other important information such as the purposes of the Processing or the period for which the data is retained; Right to rectification (Art. 16 GDPR) - This right grants the possibility for the Data subject to have inaccurate Personal data concerning them rectified; Right to erasure (Art. 17 GDPR ) - This right entails the possibility for the Data Subjects to have Personal data in possession of the Processon/Controller erased under the conditions as set out in art. 17 of the GDPR; Right to restriction of Processing (Art. 18 GDPR) - This right gives the Data Subject the possibility to (temporarily) forfend further Processing of Personal data concerning the Data Subject. A restriction mainly occurs at the stage of examining other exercises of rights by the Data subjects; Right to data portability (Art. 20 GDPR) - This right entails the possibility for Data subjects to receive their Personal data (after submitting a request) from the Processor/Controller in a commonly used, machine-readable, format and have this data transferred to another Controller or Processor. Right to object (Art. 21 GDPR) - This right includes the possibility for Data subjects to object to the further Processing of their Personal data. Please note that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the Personal data for asserting claims. If exercising certain rights will incur costs on you, we will notify you thereof in advance. We have already informed you of the possibility to withdraw Consent in Section 5.
    In general, exercising these rights requires that you are able to prove your identity. In some cases, we might ask you to identify yourself in order to prevent sending the wrong Personal data. In order to assert these rights, please contact us at the address provided in
    Section 1 or 2. We attempt to return to your request, question or complaint as soon as possible, but no later than one month after sending your communication. If you have a complaint about the (manner of) Processing of your Personal data, we are always at your disposal to find a correct answer/solution to any question or remark in regards with your privacy. Should you nevertheless not be able to reach a solution with us, we then would like to point out that you always have the opportunity to file a complaint with the Data Protection Authority (see hereunder).
    While we are at all times at your disposal for any privacy any related matter, every Data subjects has the right to enforce his/her rights in court or to lodge a complaint with the competent Supervisory Authority. As most of our clients are based in Switzerland, Germany and/or the Netherlands, we refer to the competent Data Protection Authorities of these countries:
  • 13. Amendments of this Privacy Policy

  • We may amend this Privacy Policy at any time without prior notice. The current version published on our website is the most current version and applies to all the relationships between OSECON and Data subject. If the Privacy Policy is part of an agreement with you, we will notify you by e-mail or other appropriate means in case of an (important) amendment of this Privacy Policy. When important modifications have been made to the current version of the Privacy Policy, we will notify you by publishing a notice on our homepage. To keep yourself updated with the latest version of our Privacy Policy, it is therefore suggested that you check this Privacy Policy on a regular basis.

    By using this website you agree to our privacy policy and cookie statement.