Online privacy policy Glue Software Engineering AG for eSignR

Glue Software Engineering AG
Schwarztorstrasse 31
3007 Bern
https://esignr.ch, https:/www.glue.ch
E-Mail: info@glue.ch


General information

Glue Software Engineering AG, Schwarztorstrasse 31, 3007 Bern, is committed to the responsible and legally compliant handling of personal data. This online data protection declaration (“declaration”) describes the way in which we process your personal data in relation to the provisions of the Swiss Data Protection Act (DSG) when you visit our website or use our eSignR software solution.

 

We have aligned this privacy policy with both the Swiss Data Protection Act and the European General Data Protection Regulation (GDPR). However, whether and to what extent the GDPR is applicable depends on the individual case.


Processing of personal data

Personal data is all information that relates to an identified or identifiable person. In addition to your contact details such as name, telephone number, address or e-mail address and other information that you provide to us, for example when registering, placing an order or making a support enquiry, this may also include the IP address that we register when you visit our website.

 

You are not obliged to provide us with your personal data. However, we must collect and process personal data in order to establish and fulfil a contractual relationship.

 

Under certain circumstances, you may want or need to transfer personal data of third parties to us. We would like to point out that in this case you are obliged to inform the persons concerned about this data protection declaration and to ensure the accuracy of the personal data concerned.


Purpose of the processing

We process your personal data on our website for the purpose of contract fulfilment, i.e. in particular

  • The initiation of a contract, in particular e.g. enquiries to initiate a contract, price information,
  • Payment transaction for a service, e.g. payment (“purchase”) of a subscription,
  • Ensuring customer support, e.g. enquiries relating to features provided


Legal basis of the processing

We may process personal data in particular if the processing is necessary:

  • For the fulfilment of a contract with you or for the processing of your contract enquiry;
  • For compliance with a legal obligation
  • To safeguard legitimate interests, for example if data processing is a central component of our business activities;
  • Or is based on your express consent to processing;

 


Your rights

You have the following rights in relation to your personal data under the GDPR and DSG:


Information

You have the right to ask us, free of charge, to confirm whether we are processing personal data about you.

 

If we process [SA1] personal data about you, you have the right to request information about the processing of your personal data. This information includes, in particular, details of the purpose of the processing, the categories of personal data and the recipients or categories of recipients to whom the personal data has been or will be disclosed.


Correction

You have the right to correct and/or supplement your personal data processed by us free of charge.


Cancellation

You have the right to request the deletion of your personal data, unless we are obliged to retain it under applicable law, provided that

  • your personal data are no longer required for the purposes pursued;
  • you have effectively objected to the processing, or
  • the data has been processed unlawfully.


Restriction of processing

You can request that we restrict processing in the following cases:

  • You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data
  • If, in the event of unlawful processing, you object to the erasure and instead request the restriction of the use of the personal data [SA2]
  • If, after fulfilment of the purpose, you request that the data should not be deleted, but should continue to be stored for the assertion of rights.


Right to data portability

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. You are entitled to have this personal data transmitted to another company without hindrance, insofar as this is technically feasible.


Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.


Right of appeal

You are also free to lodge a complaint with a competent supervisory authority if you have concerns whether the processing of your personal data complies with the law. In Switzerland, the FDPIC (Federal Data Protection and Information Commissioner) is responsible for investigating suspected violations.


Contact points

You can assert your rights in connection with the processing of your personal data to the following contact points:

  • By post: Glue Software Engineering AG, Data Protection, Schwarztorstrasse 31, 3007 Bern, Switzerland
  • By e-mail: info@glue.ch with the subject ‘Data protection’

 


Comprehensive explanation


General information on cookies

We only use functionally necessary cookies on our website and our platform. Cookies from third parties (e.g. tracking cookies) are not used.


Collection of server log files

We automatically collect and store information in so-called server log files, which a browser automatically transmits to us. These are

  • Time of the server request
  • IP address
  • Browser type and browser version and, derived from this, the operating system used
  • Referrer URL

The server log files are stored for a maximum of 6 months and then deleted. The data is stored for security reasons, e.g. to be able to clarify cases of misuse. If data has to be cancelled for reasons of proof, it is excluded from deletion until the incident has been finally clarified.


Registration on the platform

Only the following data is required to open a user account on the platform

  • E-mail address
  • First name and surname (stored in encrypted form)
  • Country of issue of your ID card
  • Mobile number (stored in encrypted form)
  • Your password (saved as Argon2 hash)
  • Your access code for the signature client (saved as an Argon2 hash)


Information for chargeable services

For the provision of chargeable services, we store the private or business domicile address and any VAT number. We store this data in our systems so that we can issue you with a payment receipt.


Details for a performance record

In order to be able to provide you with a performance record, we store the following data for one year

  • Time of the signature authorized by you
  • Identifier of the MobileID confirmation that you received to authorize the signature.


Storage location and operator

All the data listed above is hosted on servers in Switzerland. All companies involved in the operation of the eSignR components are fully owned by Swiss companies and are subject exclusively to Swiss legislation.

 

The operator of the server-side infrastructure is fence IT AG, Schwarztorstrasse 31, CH – 3007 Bern in Switzerland. fence IT AG is a sister company of Glue Software Engineering AG and is ISO 27001 certified.

 

We have concluded a contract for order processing (AVV) [SA3]  for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with Swiss data protection law.


Data processing for signature solutions from our partners

As a prerequisite for using qualified electronic signatures (QES) via our platform, the identification process of our partner is carried out. We ask this partner via an API interface whether a valid identification is available for you.

 

To obtain a qualified electronic signature (QES) for a document, we transmit it to our partner [SA4]  via an encrypted channel

  • The hash value of the document to be signed
  • Your first name and surname
  • Country of issue of your ID card
  • Your mobile number

 

Our partner for identification and qualified electronic signatures is:

Swisscom Trust Services AG
Hardturmstrasse 3
CH-8005 Zürich


Processing your support requests

We use the ticketing system of fence IT AG, Schwarztorstrasse 31, CH – 3007 Bern to process your support enquiries. fence IT AG is a sister company of Glue Software Engineering AG and has ISO 27001 certification.


External payment service provider

Our payment service provider, through whose platforms you and we can initiate payments:

  • Until 31.12.2023: Post CH Ltd
  • From 1 January 2024: Worldline Schweiz AG, Hardturmstrasse 201, 8005 Zurich

 

If you pay for our service via the platform of our payment service provider, the data you enter will be transmitted to our payment service provider. Your data will only be passed on for the purpose of payment processing. Information about the means of payment used by you (e.g. credit card number, card verification number, etc.) is stored exclusively by the payment service provider.

 

Version as of 01.11.2023