Privacy Policy

Deeplink SA, November 29th, 2019

PREAMBLE

The security and protection of your Personal Data is one of the top priorities of Deeplink SA., a company duly incorporated under the laws of Switzerland, bearing registration number CHE-443.749.249, with registered address at Avenue Mon repos 2, Lausanne 1005  (hereinafter referred to as the “Company”, “we”, “Us”, “us” or “We” and depending on the case “Our” or “our”).

To ensure transparency, this Privacy Policy describes our information handling practices when you access content we own or operate on any websites, pages, features, chatbot, platform or content we own or operate (hereinafter referred to as “Deeplink Solution(s)”) and/or when you use our web application or third-party applications and related services (hereinafter referred to as “Third Party Service(s)”).

The Company understands that the collection of personal data involves a great deal of trust on your part. We take this trust very seriously and make it our highest priority to ensure the security and confidentiality of the personal data you provide us with.

This is why we implemented privacy by design and privacy by default standards and undertake to store your personal data in a secured way as well as to process your personal data with all appropriate care and attention in accordance with the Federal Data Protection Act (hereinafter referred to as the “FADP” RS 235.1), the Ordinance on the Federal Data Protection Act (RS 235.11) and, where applicable, the General Data Protection Regulation (hereinafter also referred to as the “GDPR”).

As part of our commitment to protect your Personal Data in a transparent manner, we want to inform you why and how the Company collects, uses and stores your personal data, the lawful basis on which your personal data is processed and what your rights and our obligations are in relation to such processing. Therefore, we encourage you to read this Privacy Policy with due care.

This Privacy Policy is applicable to all Visitors and Users, and it shall be read in conjunction with the Terms and Conditions (hereinafter referred to as the “Terms” which is available on this link www.deeplink.ai/en/terms.

Any capitalized terms not defined in this Privacy Policy (hereinafter: the “Policy”) have the meanings set forth in the Terms.

DEFINITIONS

Chatbot                            shall have the same meaning as in the Terms.

Collect                             shall mean a systematic approach to gathering and measuring Personal Data from the User to achieve a given result.  

Consent                           shall mean any freely given, specific, informed and unambiguous indication of which the Data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him.

Cookie(s)                         means a piece of information that is placed automatically on your electronic device’s hard drive when you access a website.

Data Protection Officer   shall mean the natural or legal person, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data and who oversees this Processing. For the purpose of this Policy, the Data Protection Officer is the Company.

Data portability                shall mean the right of the Data subject to receive its Personal Data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the Company.

Data subject                     shall mean the natural or legal persons whose data is processed, i.e. in the context of this Policy, this may refer to the Visitor and the User.           

Disclosure                       shall mean making Personal Data accessible, for example by permitting access, transmission or publication.

Deeplink solutions           means all application owned or operated by Deeplink. The principal components are Deeplink website, Deeplink chatbots, Deeplink platform.

Document                        shall mean any form that requires the user to enter information, including personal dataThe types of Personal Data collected by the Company are outlined in Section 5 of this Policy.

Force Majeure Event        shall have the same meaning as in the Terms.

Financial data                  shall mean data relating to your means of payment, including but not limited to payment which occurs by credit card, bank references, name of the owner of the account, card number, expiration date and other such data.

Payment Provider            shall mean Stripe Inc.

PCI-DSS                           Payment Card Industry – Data Secure Standards.     

Platform                           shall have the same meaning as in the Terms.

Personal Data                  shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, by reference to a unique identifier known such as a name, an identification number, an online identifier and stored in the Deeplink database.

Other indirect way of identification could be possible by handling many specific factors to the physical, physiological, genetic, mental, economic, cultural, geographic but Deeplink doesn’t store enough information or with enough granularity to allows the correlation and the identification of the user. The types of Personal Data collected by the Company are outlined in Section 5 of this Policy.

Personal Data breach      shall mean a breach of security leading to the accidental or unlawful destruction, loss or alteration of – or to the unauthorized Disclosure of, or access to – Personal Data transmitted, stored or otherwise processed.

Process /Processing        shall mean any operation with Personal Data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of data.

Questionnaire                  shall mean list of question asked to the customer

Recipient                         shall mean a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not.

Service(s)                        shall have the same meaning in accordance with the Terms.

User(s)                             shall have the same meaning in accordance with the Terms.

Visitor(s)                          shall mean any person visiting the Website.

Website                            means the website which is available at those URLs: www.deeplink.ch

Website Content              shall mean all features, texts, designs, layouts, wireframes, software, information, documents (including Terms, Privacy Policy and Legal notice) or content displayed on and/or technical information associated with the Website.

SCOPE

The Company provides this Policy to describe its procedures regarding the Processing and Disclosure of Personal Data collected by the Company while using the Deeplink solutions. This Policy shall apply to any use of the Deeplink solutions, whatever the method or medium used. It details the conditions at which, the Company may collect, keep, use and save information that relates to you, as well as the choices that you have made in relation to the collection, utilization and Disclosure of your Personal Data.

ACCEPTANCE

By browsing the Website, speaking with our chatbot, using our platform, Visitors and Users acknowledge and give the Consent that the Company may collect and Process a certain amount of Personal Data that relates to them and that they have read and understood this Policy and agree to be bound by it and to comply with all and any applicable laws and regulations.

The Consent is also given when the User freely submits the Personal Data required to become a User of the Services and the Platform. The User understands and agrees that the Company is free to use this Personal Data within the limit provided by law and this Policy.

If you do not agree with the terms of this Policy, please do not become a User and a Visitor as well as refrain from using the Deeplink solutions.

PRINCIPLE FOR PROCESSING PERSONAL DATA

While Processing Personal Data, the Company will respect the following general principles:

  • Fairness and lawfulness

When Processing Personal Data, the individual rights of the Data subjects must be protected. Personal Data must be collected and processed lawfully, in a fair manner, in good faith and must be proportionate to the objective.

  • Restriction to a specific purpose

Personal Data handled by the Company should be adequate and relevant to the purpose for which they are collected and processed. This requires, in particular, ensuring that the types of Personal Data collected are not excessive to the purpose for which they are collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.

  • Transparency

By this privacy policies, the Data subject is informed of how his/her Personal Data is being handled. When the Personal Data is collected, the Data subject must be informed of:

  • the existence of the present Policy;
  • the identity of the Data Protection Officer;
  • the purpose of Personal Data Processing;
  • how, where and by whom the data is being Processed;
  • third-parties to whom the data might be transmitted.
  • Consent of the Data subject

Personal Data can be processed without Consent if it is necessary to enforce a legitimate interest of the Company. Legitimate interests are generally of a legal (e.g. filing, enforcing or defending against legal claims, any duties which may arise from any licensing obligations) or financial (e.g. valuation of companies) nature. The Processing of Personal Data is also permitted if national legislation requests, requires or allows this.

COLLECTED DATA

This Policy applies to all information which is received during your visit to or use of the Deeplink solutions. It is important to understand that we may request that you provide this data at different stages throughout your interaction or use of the Deeplink solutions and some data can be collected just by logging into the screens of the Deeplink solutions.

In particular, the Company will collect the following Personal Data:

  • Visitors data;

When you browse the Website, the Company through Google analytics, automatically collects standard information provided by Google analytics such as

  • your geographical location
  • your browser information
  • the language of your browser

When you chat with the Chatbot, the Company automatically collects:

  • Your geographical location
  • Your type of device
  • The dialogue exchanged with the bot
  • The language of the dialogue
  • Document Data

According to the nature of the Documents and to be able to fill in them, the following Personal Data is/could be Collected:

  • Answers to the Questionnaires;
  • E-mail address;
  • Name;
  • Telephone number;
  • Other.
  • Contact Data

When you fill in the contact form, the following Personal Data is Collected:

  • E-mail address;
  • Name;
  • Company name;
  • Telephone number.

USE OF DATA

The following paragraphs describe the various purposes for which we collect and use your Personal Data, and the different types of Personal Data that are collected for each purpose. Please note that not all of the uses below will be relevant to every User or Visitor.

A. In general

You Consent to the following uses of your Personal Data:

  • Visitor’s Data is used in order to know who accessed the Website as a Visitor and to ensure that there is no cyber-security. It can also be used in order to communicate with you throughout your interaction with the Website, including for sending you emails to follow-up when you interrupted the process on the Platform. We may use your geographical location information in order to ensure that the Services will not be used in a country/area where it is expressly prohibited for the Website to be used in order to ensure that no legal action is taken against the Company;
  • The Company will use the Document Data to provide you with the Documents which are requested by the User, with a better service through the Platform, and in particular may also use it to ensure that the Services offered by the Company are carried out in the most efficient way possible.
  • The Document Data and/or Contact Data  will be used to communicate with you, provide you with information about new Services or offers available on the Platform, blog posts, promotions, special offers and other information, personalized promotional offers, in particular based upon their activity and their transaction history, answer to their questions and comments, send you invoices, prevent potentially prohibited or illegal activities, conduct research and compile statistics and to enforce the Terms, comply with any obligations which the Company is obliged to comply with by virtue of any regulations, guidelines or laws which apply to the Services or offers available on the Website.

You may revoke your Consent at any time for any use of your identifiable Personal Data by the Company. Please note that the withdrawal of your Consent will not affect the lawfulness of the Processing of your Personal Data based on your Consent before its withdrawal.

B. Customer service

You Consent that we use any of the Personal data for customer service purposes, including carrying out the Services to be offered within the Platform and to answer any possible queries. This typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. technical issue, question/complaint, general question, etc.).

You Consent that the Company may contact you to specify some points needed to provide you with the required Document and/or to propose you some tailor-made Services, when required.

Should you fill in the contact form and provide us with Personal Data through the contact form, your Contact Data will be Processed in accordance with this Privacy Policy. In such event, you expressly agree that the Company may contact you using your email address or your telephone number for the purpose of answering to your question or solicitation.

C. Internal research, analytic, security

You Consent that we may use your Personal Data, in accordance with applicable laws, for other general business purposes, such as conducting internal marketing and demographic studies and measuring the effectiveness of advertising campaigns. You Consent that we also use your Personal Data for security purposes.

D. Legal reasons or merger/acquisition

In the event that the Company or its assets are acquired by, or merged with, another company including through bankruptcy, we may share your Personal Data with any of our legal successors.

We may also disclose your Personal Data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency, national authority or self-regulatory association or agency; (iv) to protect our rights, privacy, safety or property, or the public; or (v) to enforce the terms of any agreement which is entered into by the Company.

Financial Data

Whenever processing a Payment for the use of the Services, you shall provide Personal Data which is Collected by the Payment Provider for the purpose of finalizing the Payment.

THIRD PARTY DISCLOSURE

The Company may disclose your Personal Data to third party service providers for Processing purposes, for instance with Deepl, Maarweg 165 50825 Cologne.

The Company may share your Personal Data to any other relevant third parties, in particular if we are requested to do so to comply with a court order or law enforcement authorities request, or if we find it necessary, as determined in the Company’s sole discretion, to investigate, prevent or take action regarding illegal activities, to defend our interest or as otherwise required or permitted by law.

The Company does not plan to send your Personal Data outside of Switzerland and the European Economic Area (hereinafter referred to as the “EEA”).

In the event of cross-border transfer outside of Switzerland and/or EEA, the Company will take all the measures required to ensure that an adequate protection is guaranteed using Standard Contractual Clauses which are issued by the European Commission or binding corporate rules. You may request access to a copy of these clauses by contacting the Company.

In some specific cases when this level of protection is not guaranteed, the Company will obtain your prior Consent or establish with the Recipient of Personal Data a contractual framework or sufficient safeguards that ensure an adequate level of protection abroad. You may request access to a copy of these safeguards by contacting the Company.

Unless otherwise stated, the third parties who receive data from the Company are prohibited to use this Personal Data beyond what is necessary to provide the product or service to you, directly or by participating to the Company’s activities.

STORAGE OF YOUR PERSONAL DATA

Your Personal Data will be stored by the Company using Infomaniak cloud services, 25 Eugène-Marziano, 1227 Les Acacias, Switzerland.

RETENTION OF YOUR PERSONAL DATA

In accordance with applicable laws, the Company will use your Personal Data for as long as necessary to satisfy the purposes for which your Personal Data was collected or to comply with applicable legal requirements.

Nevertheless, for the Chatbot the personal data concerning the navigation are deleted after a retention period of 6 months and only the data aggregated per day are kept.

SECURITY OF YOUR PERSONAL DATA

The Company undertakes to ensure that any appropriate, technical and organizational measures are taken in order to ensure that there is an adequate level of security is set and maintained especially in order to maintain confidentiality of your Personal Data.

The Company applies high industry standards and will always apply adequate technical and organizational measures, in accordance with applicable laws to ensure that your Personal Data is kept secure at all times.

In the event of a Personal Data breach, the Company shall without undue delay, and where feasible, not later than 72 hours after having become aware of it, notify the breach to the competent supervisory authority, unless said breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, the Company shall communicate this breach to you, if it is feasible, without undue delay.

PERSONAL DATA BREACH REPORTING

In the event that you want to report a Personal Data breach, do not hesitate to send an e-mail at info@deeplink.ai with the subject [Data Protection].

ACCESS TO YOUR DATA AND INFORMATION RIGHTS

You have the right to request access to or information about the Personal Data relating to you which are processed by the Company.

Where provided by law, you, your successors, representatives and/or proxies may (i) request deletion, correction or revision of your Personal Data; (ii) oppose the data Processing; (iii) limit the use and Disclosure of your Personal Data; and (iv) revoke Consent to any of our data Processing activities, if the Company is relying on your Consent and does not have another legal basis to continue Processing your data.

These rights can be exercised by contacting us through our contact form or writing to us at: info@deeplink.ai, attaching a copy of your ID with the subject [Data Protection].

If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.

The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, the Company may charge you a reasonable request fee according to applicable laws.

The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.

Portability of Your Data

You also have the right to receive your Personal Data, which you have provided to the Company with, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company.

This right can be exercised by contacting us through our contact form or writing to us at info@deeplink.ai attaching a copy of your ID with the subject [Data Protection]. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.

The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, the Company may charge you a reasonable request fee according to applicable laws.

The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.

The User hereby understands, acknowledges and accepts that the content of this section 15 does not apply to Financial data as outlined in Section 7.       

Privacy by Design and by Default

The Company will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the Processing in order to meet the requirements of the GDPR and protect your rights.

The Company will implement appropriate technical and organizational measures for ensuring that, by default, only Personal Data which are necessary for each specific purpose of the Processing are processed. This obligation applies to the amount of your Personal Data We collect, the extent of the Processing which occurs, the period of storage and their accessibility. These measures will ensure that by default your Personal Data are not made accessible without your intervention to an indefinite number of third parties.

Your Rights

You have a right to ask the Company to rectify inaccurate Personal Data we Collect and Process and the right to request restriction of your Personal Data pending such a request being considered. Where we Process your Personal Data on the basis of your consent, you have the right to withdraw that consent at any time. Please also note that the withdrawal of consent shall not affect the lawfulness of Processing based on consent before its withdrawal.

You have a right to ask us to stop Processing your Personal Data, or to request deletion of your Personal Data – these rights are not absolute (as sometimes there may be overriding interests that require the Processing to continue, for example), but we will consider your request and respond to you with the outcome. When Personal Data are Processed for direct marketing purposes, your right to object extends to direct marketing, including profiling to the extent it is related to such marketing.

You may object to direct marketing by clicking the “unsubscribe” link in any of our emails to you, or by contacting us by writing an e-mail at info@deeplink.ai with the subject [Data Protection]. Where we Process your Personal Data on the basis of your Consent, or where such Processing is necessary for entering into or performing our obligations under a contract with you, you may have the right under applicable data protection laws to request your Personal Data be transferred to you or to another controller.

You have the right to ask the Company for a copy of some or all of the Personal Data we Collect and Process about you. In certain circumstances the Company may Process your Personal Data through automated decision-making, including profiling.

Where this takes place, you will be informed of such automated decision-making that uses your Personal Data, be given information on the logic involved, and be informed of the possible consequences of such Processing. In certain circumstances, you can request not to be subject to automated decision-making, including profiling. You can exercise the rights by contacting us by writing an e-mail at info@deeplink.ai with the subject [Data Protection].

Right to withdraw consent. You have the right to withdraw your consent to the Processing of your Personal Data Collected on the basis of your consent at any time. Your withdrawal will not affect the lawfulness of the Company’s Processing based on consent before your withdrawal.

Right of access to and rectification of your Personal Data. You have a right to request that we provide you a copy of your Personal Data held by us. This information will be provided without undue delay subject to some fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your Personal Data held by the Company that is inaccurate. Your right to access and rectification shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.

Right to erasure. You have the right to request erasure of your Personal Data that: (i) is no longer necessary in relation to the purposes for which it was Collected or otherwise Processed; (ii) was Collected in relation to Processing that you previously Consented, but later withdraw such Consent; or (iii) was Collected in relation to Processing activities to which you object, and there are no overriding legitimate grounds for our Processing. If we have made your Personal Data public and are obliged to erase the Personal Data, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are Processing your Personal Data that you have requested the erasure of any links to, or copy or replication of your Personal Data. The above is subject to limitations by relevant data protection laws.

Right to data portability. If we Process your Personal Data based on a contract with you or based on your Consent, or the Processing is carried out by automated means, you may request to receive your Personal Data in a structured, commonly used and machine-readable format, and to have us transfer your Personal Data directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of your Personal Data.

Right to restriction of or Processing. You have the right to restrict or object to us Processing your Personal Data where one of the following applies:

  • You contest the accuracy of your Personal Data that we Processed. In such instances, we will restrict Processing during the period necessary for us to verify the accuracy of your Personal Data.
  • The Processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of its use instead. We no longer need your Personal Data for the purposes of the Processing, but it is required by you to establish, exercise or defense of legal claims. You have objected to Processing, pending the verification whether the legitimate grounds of Deeplink’s Processing override your rights.
  • Restricted Personal Data shall only be Processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if the restriction is lifted.

Notification of erasure, rectification and restriction. We will communicate any rectification or erasure of your Personal Data or restriction of Processing to each recipient to whom your Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request this information.

Right to object to Processing. Where the Processing of your Personal Data is based on consent, contract or legitimate interests you may restrict or object, at any time, to the Processing of your Personal Data as permitted by applicable law. We can continue to Process your Personal Data if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.

Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated Processing of your Personal Data, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.

Right to lodge a complaint. If you believe that we have infringed your rights, we encourage you to contact us by writing an e-mail at info@deeplink.ai with the subject [Data Protection] so that we can try to resolve the issue or dispute informally.

You can also complain about our Processing of your Personal Data to the Swiss Federal Data Protection and Information Commissioner.

CONTACTING THE COMPANY AND COMPLAINTS

The Company hopes to be able to answer any questions or concerns you have about your Personal Data. You can get in touch with the Company at the postal address or email address given in section 17 hereafter.

You have the right to make a complaint if you feel your Personal Data has been mishandled or if the Company has failed to meet your expectations. You are encouraged to contact the Company about any complaints or concerns, but you are entitled to complain directly to the relevant supervisory authority.

CHANGES TO THE PRIVACY POLICY

The Company may modify this Policy from time to time and will post the most current version on the Website. If a modification reduces your rights, a pop-up window will inform you immediately when you will browse our Deeplink solutions and you will have to accept the changes.

DATA PROTECTION OFFICER

The Data Protection Officer is Deeplink SA, a company duly incorporated under the laws of Switzerland, bearing registration number CHE-443.749.249, with registered address at Avenue Mon repos 2, Lausanne 1005 

RELEVANT AUTHORITY

Office of the Federal Data Protection and Information Commissioner FDPIC

Feldeggweg 1

CH – 3003 Berne

LINKS

The Deeplink solutions may contain links which direct you to third party websites or applications. The Company rejects any liability relating to the privacy policy in force on said third party websites, the collection and use of your Personal Data by the latter and relating to the contents of said websites or applications (whether the links are hypertext links or deep-links).

Under no circumstances the Company shall be liable for the utilization of these others applications, especially regarding to any laws applicable to data protection.

JURISDICTION AND GOVERNING LAW

This Policy and all matters arising out of or relating to it shall be governed by the substantive laws of Switzerland, without regards to principle of conflicts of laws thereof.

Any controversy, claim or dispute between a User and the Company arising out of or relating to this Policy shall be subject to the exclusive jurisdiction to the ordinary courts of Lausanne, Switzerland, without prejudice to an appeal to the Swiss Federal Court.       

23.       CONTACT

To ask questions or make comments on this Policy or to make a complaint about our compliance with applicable privacy laws, please contact us through:

  1. our email address: info@deeplink.ai; or
  2. our address:  Deeplink, EPFL Innovation park, Building C, CH – 1015 Lausanne.

We will acknowledge and investigate any complaint pursuant to this Policy. We will answer within 3 working days.