Privacy Policy
This privacy policy (“Privacy Policy”) informs you about how we (FontesX GmbH, Neuhausweg 3, CH-8712 Stäfa, Switzerland) process personal data in the provision of the Services (as defined below, see Art. 2 “Definitions”): what data is collected, why and how we process it and with whom we share it. Please note that the Cookies and Analytics page is part of the Privacy Policy.
For the sake of clarity, FontesX GmbH is referred to in this document as “FontesX”, “we” and the associated pronouns. You, as well as the other users of the Services, are referred to as “User”, “you” and the associated pronouns.
1.Scope of Application
Your privacy is important to us, and this document covers the various aspects of data processing related to the use of the Services.
In order to provide the Services, FontesX needs to process certain Personal Data (as defined below), such as: Your email address, name, IP address, etc. We are a Swiss company that relies on international providers, which entails certain cross-border data transfers.
Please note that we do not use your personal information for automated decisions that produce legal effects, and that we do not sell personal information as defined in the California Consumer Privacy Act (CCPA).
2.The definition
Anonymization / Anonymized is the process by which data can no longer be associated with an individual. Anonymization means that re-identification is no longer possible, using techniques such as de-identification and k-anonymization.
Personal data is information relating to an identified or identifiable natural person. The information may be directly or indirectly identifiable (e.g., encrypted personal information remains personal information).
Processing means any operation relating to personal data, including, but not limited to, the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Services means all services offered by FontesX, including the Website.
User means any person of legal age with legal capacity (in accordance with applicable laws) who uses the Services. If you are not of legal age and have the capacity to enter into a contract, please do not use our services. If you are acting on behalf of a company, we may assume that you are authorized to act on behalf of that company in connection with the knowledge and/or acceptance of this Privacy Policy, regardless of the internal regulations and/or circumstances of that company and the entries in the Commercial/Commercial Register and without further verification of such authorization.
Contact
If you have any questions about this Privacy Policy or our processing, or if you would like to exercise your rights (see Article 4 “Your Rights” below), please contact us:
By e-mail: info@fontesx.com
By post: FontesX GmbH, Neuhausweg 3, CH-8712 Stäfa, Switzerland.
4.Your rights
To exercise your rights, please contact us as described in Article 3 “Contact Us”. Please note that, depending on the request, we may require additional information and/or a copy of an identification document (this information and documents will only be processed to establish your identity and ensure that your data is only sent to you or your legal representative).
You have the right to exercise your rights under applicable law, which may include (but are not limited to)
- Access: You can receive a copy of your personal data in an understandable language. If you wish, you can also request a copy in a machine-readable format that allows reusability (data portability).
- Rectification: You should be able to rectify your personal data through your interface, but you are also welcome to contact us for assistance.
- Erasure: You can request the deletion of your personal data collected with your consent or for the performance of a contract.
- Withdrawal of consent: You can withdraw your consent for specific purposes or for the entire processing of your personal data. Note, however, that withdrawing your consent may limit your access to the Services.
- Information: You can request information about whether or not personal data about you is processed by FontesX, as well as further information about the way in which your personal data is processed, such as the categories of recipients.
5.Processing of data
Purpose: To respond to an inquiry (including support)
Categories of data collected: Identity data (e.g. name), contact information (e.g. email
address), technical information (e.g. IP address, location), any data submitted in the request
Legal basis: Performance of a contract
Categories of recipients: FontesX, DSTC GmbH and Sitcons AG (2)
Zweck: Cookies (3)
Categories of data collected: Technical information, location, hiring preferences
Legal basis: Performance of a contract
Categories of recipients: FontesX, DSTC GmbH and Sitcons AG (2)
Purpose: Analytics (3) (no tracking)
Categories of data collected: Technical information
Lawful basis: Legitimate interest
Categories of recipients: FontesX, DSTC GmbH and Sitcons AG (2)
Purpose: Cookies (3) (Marketing purposes)
Categories of data collected: Technical information, historical information, profiling
Legal basis: Consent
Categories of recipients: FontesX, DSTC GmbH and Sitcons AG (2)
Purpose: Analytics (3) (Tracking)
Categories of data collected: Technical information, historical information, advertising data
Legal basis: Consent
Categories of recipients: FontesX, DSTC GmbH and Sitcons AG (2)
Purpose: Monitoring and technical maintenance
Categories of data collected: IP address, all data relevant to the error description, device
performance data, location
Lawful basis: Legitimate interest
Categories of recipients: FontesX, DSTC GmbH and Sitcons AG (2)
Purpose: Supplier Management
Categories of data collected: Identity data (e.g. name), contact information (e.g. email
address)
Legal basis: Performance of a contract
Categories of recipients: FontesX, DSTC GmbH and Sitcons AG (2)
Purpose: Customer management
Categories of data collected: Identity data (e.g. name), contact information (e.g. email
address), transaction-relevant data
Legal basis: Performance of a contract
Categories of recipients: FontesX, DSTC GmbH and Sitcons AG (2)
Purpose: Membership administration
Categories of data collected: Identity data (e.g. name), contact information (e.g. email
address)
Legal basis: Performance of a contract
Categories of recipients: FontesX, DSTC GmbH and Sitcons AG (2)
Purpose: Business initiation
Categories of data collected: Identity data (e.g. name), contact information (e.g. email
address)
Lawful basis: Legitimate interest
Categories of recipients: FontesX, DSTC GmbH and Sitcons AG (2)
Purpose: Archive
Categories of data collected: All personal data (to the extent necessary)
Lawful basis: Compliance with legal obligation / Legitimate interest
Categories of recipients: FontesX, DSTC GmbH and Sitcons AG (2)
View cookie options
(1)The types of data are for illustrative purposes and are not exhaustive. For a complete list of all types of data collected, please contact us at the address indicated in art. 3 “Contact”.
(2) For the purposes of this section, this includes sub-processors acting on behalf of the Recipient. Please refer to Art. 10.1 “Sub-processors”.
(3) Regarding cookies and analytics, we refer to art. 9 “Cookies and analytics” below.
6.Storage
We store personal data for the period necessary to achieve the purpose of processing, as well as for a retention period of 12 months, unless otherwise provided for by applicable law, in particular with regard to archives. Please note that personal data may be deleted or anonymised after the expiry of the retention period and with the exception of our archives and thus no longer fall within the scope of the Data Protection Regulations and the Data Protection Directive.
7.Place of processing and data transmission
Your personal data may be processed in various locations, including, but not limited to:
- Switzerland
- EEA,
- United States.
As we operate globally, cross-border transfers are required in order to provide our services to you. Nevertheless, we strive to protect your personal data by using security procedures (see Article 11 “Security” below) and by requiring legal guarantees from our partners. By accepting the Privacy Policy, you consent to the transfer of your personal data.
8.Legal Disclosure
Note that we may disclose personal information if necessary to comply with legal process, including court orders, subpoenas, or warrants, or in response to a request from courts, law enforcement, regulators, or other public authorities. This is our obligation to comply with laws and legal process, and for the EEA, such disclosure would be based on Article 6(c) of the GDPR.
9.Cookies and analytics
FontesX uses cookies and analytics technologies to learn more about interactions with our services and improve them accordingly. FontesX uses these technologies in particular for the following purposes:
- Compile statistics and analytics about interactions with the Services, including information about how and from where our Services are accessed, when and how often users use the Services, and which areas of the Services maintain the interest of our users.
- Collecting information about the functionality and performance of our Services,
- Security, including fraud prevention,
- Learn more about the audience of our services,
- Subject to your consent: Marketing and advertising, including advertising-related tracking
In particular, we use Google Analytics. This service of Google LLC in Mountain View, USA, or Google Ireland Limited in Dublin, Ireland (“Google”) enables us to measure and evaluate the use of our services (website) on a non-personal basis. The service uses persistent cookies set by Google. Google does not receive any personal data from us (nor does it store IP addresses), but it can track your use of our services (website), combine this information with data from other websites you have visited that are also tracked by Google, and use this information for its own purposes (e.g. to manage advertising). If you’ve signed up for Google, Google knows you. Google is responsible for the processing of your personal data in accordance with Google’s privacy policy. Google only informs us about how our services (website) are used, without giving any personal information about you. Google is committed to providing adequate data protection in accordance with the U.S.-EU and the U.S.-Swiss Privacy Shield and complying with the requirements of the GDPR. For more information, see Google’s privacy policy.
10.Disclosure of personal data
Sub-processors
FontesX relies on various partners to provide you with the services that can access certain personal data. This includes the following categories of partners:
- Technical services, such as hosting, or technical support.
- DSTC GmbH and Sitcons AG, for the services provided.
These providers act as sub-processors of FontesX (for the EEA, this corresponds to Article 28 of the GDPR). FontesX strives to ensure that all service providers who have access to personal data only act within the framework that we establish through our legal framework, such as applicable law (pursuant to the adequacy decision), data processing agreement, standard contractual clauses, binding corporate rules and/or Privacy Shield. We have also put in place some safeguards, such as data minimization, to ensure that these subprocessors only access your data when they need it.
Exchanges between controllers
If, in the course of your interactions with FontesX, we see potential for DSTC GmbH or Sitcons AG, we may refer you to that company with your consent. Personal data may be exchanged with this company. In this context, the company in question then acts as the data controller for the provision of its own services.
External Links
If reference is made to external content, please note that DSTC GmbH and Sitcons AG have no control over the privacy policies, content or security measures of the providers of such content and therefore cannot be held responsible in any way for the actions as well as the privacy policies, content and other matters of these third parties. If you do not agree with the privacy policies of these providers, please do not use these services.
Safety
Security is important to us, and we have safeguards in place to protect the information submitted to us. While we cannot ensure or guarantee that there will never be any loss, misuse, or alteration of information, we will use reasonable efforts to prevent this from happening. No method of transmission over the Internet, or method of electronic storage, is 100% secure, and we cannot guarantee or warrant the security of any information you provide to us.
If you use the Services or provide us with personal information, we may communicate with you electronically about security, privacy, and administrative issues related to your use of the Services, unless you have specifically instructed us to communicate by postal mail.
If we learn of an incident that may be considered a data breach under applicable law, we will attempt to notify you electronically by posting a notice on the Services and/or sending you an email.
Dispute Resolution and Governing Law
Subject to mandatory provisions or requirements of other laws, this Privacy Policy shall be governed by and construed in accordance with the laws of Switzerland, without regard to conflict of laws principles and without regard to the Contracts for the International Sale of Goods (CISG).
In the event of any dispute, disagreement, disagreement or claim arising out of or in connection with the Services or any provision of the Terms or any breach thereof, the parties will attempt to resolve such disputes amicably among themselves. If, despite the discussions in good faith, the parties cannot reach an agreement within 30 days, either party may submit the dispute to the competent courts.
All disputes shall be subject to the exclusive jurisdiction of the courts of the Canton of Zurich, Switzerland, with jurisdiction in Zurich.
11.Other provisions
Entire Agreement. The Privacy Policy constitutes the entire and exclusive agreement between you and us with respect to data protection.
Severability. If any part of the Privacy Policy is invalid or unenforceable, the unenforceable part will be given effect to the fullest extent possible, or, if it is not legally enforceable, replaced by the valid provision that most closely matches the intent of the parties, and the remaining portions will remain in effect in their original form.
Interpretation. The use of section headings is for convenience only and does not affect the interpretation of a provision.
Updating and enforceability. The most recent version of the Privacy Policy is the enforceable version. We may change this Policy at any time without notice, and such changes will be effective from the date of their posting (unless otherwise specified). In the event of material changes, the Privacy Policy will not be effective until it is posted in this version, at least 30 days prior to the effective date. Use of the Services after an update is deemed to be acceptance of the most recent version.
Cession. You may not assign or transfer any of your rights in the Services, in whole or in part, by operation of law or otherwise, without our prior written consent. FontesX may assign any of our rights or obligations to DSTC GmbH or Sitcons AG at any time without notice or consent.
Consent to electronic communications. You understand and acknowledge that any communication by electronic means involves risk, including, but not limited to, the risk of interception, damage or infection of the Content or misdirected, delayed or never received communications. FontesX advises its customers to take sufficient security measures for their systems, data and communications. Electronic communications (e.g. e-mails) and their attachments are confidential. If you receive messages in error, please inform the sender and delete all copies of the message. In addition, electronic communication does not in itself constitute financial advice. In principle, before acting on the basis of information, you should check its completeness and appropriateness with regard to the respective facts and seek independent financial advice. In any case, FontesX shall not be liable for any such inherent risks and any damages incurred in connection therewith. By using the Services, you agree to receive and use electronic communications from/with us. You agree that any notices, agreements, disclosures, or other communications that we send to you electronically satisfy any legal requirement for communication, including the requirement that such communications be in writing.
