Online privacy policy Glue Software Engineering AG for eSignR

Glue Software Engineering AG
Schwarztorstrasse 31
3007 Bern
https://esignr.ch, https://www.glue.ch
Email: info@glue.ch

 

General
At Glue Software Engineering AG, Schwarztorstrasse 31, 3007 Bern, we are committed to handling personal data responsibly and in compliance with the law. This online privacy policy (“Policy”) describes how we process your personal data in relation to the Swiss Data Protection Act (DSG) when you visit our website or use our software solution, eSignR.

 

We have aligned this privacy policy with both the Swiss Data Protection Act and the European General Data Protection Regulation (GDPR). Whether and to what extent the GDPR applies depends on the specific case.

 

Processing of Personal Data
Personal data refers to any information relating to an identified or identifiable person. This includes your contact information such as name, phone number, address, or email address, as well as other information you provide to us, for example, during registration, orders, or support requests, which may also include your IP address that we register when you visit our website.

 

You are not obligated to provide us with your personal data. However, to establish and execute a contractual relationship, we need to collect and process personal data.

 

In some cases, you may want or need to transmit personal data of third parties to us. We want to remind you that, in such cases, you are obliged to inform the relevant persons about this privacy policy and ensure the accuracy of the transmitted data.

 

Purpose of Processing
We process your personal data on our website for the purpose of contract fulfillment, including but not limited to:

  • Initiating a contract, such as inquiries about contract initiation, price information
  • Payment transactions for services, such as purchasing a subscription
  • Providing customer support, such as responding to inquiries regarding provided features

 

Legal Basis for Processing
We can process personal data particularly when the processing is necessary:

  • To fulfill a contract with you or to process your contract inquiry
  • To comply with a legal obligation
  • To pursue legitimate interests, for example, when data processing is a central part of our business activities
  • Or based on your explicit consent to the processing

 

Your Rights
Under the GDPR or DSG, you have the following rights regarding your personal data:

 

  • Right to Information
    You have the right to request confirmation from us about whether we process personal data about you. If applicable, you have the right to request information about the processing of your personal data, including the purpose, categories of personal data, and recipients or categories of recipients to whom the personal data has been or will be disclosed.

 

  • Right to Rectification
    You have the right to correct and/or complete your personal data processed by us free of charge.

 

  • Right to Deletion
    You have the right to request the deletion of your personal data unless we are legally obligated to retain it, provided that:

    • The data is no longer required for the purposes for which it was processed
    • You have effectively objected to the processing or
    • The data has been processed unlawfully

 

  • Right to Restriction of Processing
    You may request the restriction of processing in the following cases:

    • You dispute the accuracy of your personal data for a period that allows us to verify the accuracy of the data
    • In case of unlawful processing, if you object to deletion and instead request restriction of use
    • If you request that data not be deleted but retained for the assertion of legal claims after the purpose has been fulfilled

 

  • Right to Data Portability
    You have the right to receive the personal data you have provided in a structured, commonly used, and machine-readable format. You are entitled to transmit this personal data to another company without hindrance, provided that this is technically feasible.

 

  • Right to Object
    You have the right to object at any time to the processing of your personal data based on special circumstances. In the event of objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

 

  • Right to Lodge a Complaint
    You also have the right to lodge a complaint with the relevant supervisory authority if you have concerns about whether the processing of your personal data is lawful. In Switzerland, the Federal Data Protection and Information Commissioner (FDPIC) is responsible for investigating potential violations.

 


Contact Points
You can exercise your rights regarding the processing of your personal data at the following contact points:

  • By mail: Glue Software Engineering AG, Data Protection, Schwarztorstrasse 31, 3007 Bern, Switzerland
  • By email: info@glue.ch with the subject “Data Protection”

 


Comprehensive Explanation

General Information on Cookies
We use cookies, web storage objects, and other technologies to provide functionalities on our website and platform.
We use the following categories of cookies:

 

  • Necessary: (Always active on the website and platform)
    Necessary cookies are crucial for the basic functions of the website and platform. Without them, the website and platform cannot function as intended. These cookies do not store personal data.

 

  • Functional: (Active on the website when you consent; never active on the platform)
    Functional cookies assist in performing specific functions, such as sharing website content on social media platforms or collecting feedback from third-party functions.

 

  • Analytics: (Active on the website when you consent; never active on the platform)
    Analytics cookies are used to understand how visitors interact with the website. They allow us to make statements about the number of visitors, bounce rate, sources of visitors, etc.

 

  • Performance: (Active on the website when you consent; never active on the platform)
    Performance cookies are used to analyze key performance metrics of the website. This helps provide visitors with a better user experience.

 

  • Advertising: (Active on the website when you consent; never active on the platform)
    Advertising cookies are used to analyze the effectiveness of advertising campaigns.
    The current list of cookies used on the website can be found in the cookie consent settings.

 

Server Logs Collection
We automatically collect and store information that your browser sends to us in server logs. These include:

  • Time of server request
  • IP address
  • Browser type and version, including the operating system used
  • Referrer URL
    Server log files are stored for up to 6 months and then deleted. The data is stored for security purposes, such as investigating misuse. If data needs to be retained for evidence, it will not be deleted until the incident is fully resolved.

 

Registration on the Platform
To create a user account on the platform, we only require the following data:

  • Email address
  • First and last name (stored encrypted)
  • Country of issue of your ID
  • Mobile number (stored encrypted)
  • Your password (stored as an Argon2 hash)
  • Your access code for the signature client (stored as an Argon2 hash)


Information for Paid Services
To provide paid services, we store your private or business address and any VAT number. These data are stored in our systems to issue a payment receipt.

 

Information for Proof of Service
To generate a proof of service, we store the following data for one year:

  • The time of your approved signature
  • The ID of the MobileID confirmation received for the signature approval


Storage Location and Operator
All the above data is hosted on servers in Switzerland. All companies involved in the operation of eSignR components are fully Swiss-owned and subject solely to Swiss legislation.

 

The operator of the server infrastructure is fence IT AG, Schwarztorstrasse 31, CH – 3007 Bern, Switzerland. fence IT AG is a sister company of Glue Software Engineering AG and holds ISO 27001 certification.

 

We have a data processing agreement (DPA) in place for the use of the above-mentioned services. This legally required agreement ensures that personal data is processed only according to our instructions and in compliance with the Swiss Data Protection Act.

 

Data Processing for Signature Solutions by Our Partners
As a prerequisite for using qualified electronic signatures (QES) through our platform, the identification process of our partner is performed. We query this partner via an API interface to check if valid identification exists for you.

 

To obtain a qualified electronic signature (QES) for a document, we transmit the following data to our partner:

  • The hash value of the document to be signed
  • Your first and last name
  • The country of issue of your ID
  • Your mobile number

 

Our partner for identification and qualified electronic signatures is:
Swisscom Trust Services AG
Hardturmstrasse 3
CH – 8005 Zürich


Processing your support requests
We use the ticketing system of fence IT AG, Schwarztorstrasse 31, CH – 3007 Bern to process your support enquiries.
fence IT AG is a sister company of Glue Software Engineering AG and is ISO 27001 certified.

 

External payment service provider
Our payment service provider, through whose platforms you and we can initiate payments:
– Worldline Schweiz AG, Hardturmstrasse 201, 8005 Zurich

 

If you pay for our services via the platform of our payment service provider, the data you enter will be transmitted to our payment service provider. Your data will only be passed on for the purpose of payment processing. Information about the payment method you use (e.g. credit card number, card verification number, etc.) is stored exclusively by the payment service provider.

 

Version from 1.2.2025 (replaces the version from 17.10.2024)