This policy applies for the processing data on www.entropya.com 

Introduction 

Entropya AG is committed to protecting your personal data and respecting your wishes and we want you to be confident that we are. We aim to be clear about when we collect your information and not do anything you would not reasonably expect us to do with your personal data. This policy aims to help you understand what personal data we collect, how we use it and how we store it and how this applies to our websites, products and services (collectively “Services”).  

BY ACCESSING AND READING THIS PRIVACY POLICY YOU ACCEPT THAT YOU HAVE BEEN INFORMED REGARDING YOUR PERSONAL DATA PROCESSING BY US, AS DESCRIBED HEREIN.  

When we act as data controller, deciding on the purposes and means of the processing of personal data , we have the responsibility to fulfil with all legal requirements regarding the processing of your personal data.

This Privacy Policy describes our privacy practices and policies relating to our Services. Entropya AG operates in various jurisdictions, including outside the UK , EU and  EEA . Any personal data collected will be used and held in accordance with both domestic and EU data protection requirements as dictated by applicable privacy legislation. Some of our affiliated Companies may provide you with their own privacy policies and notices relating to their specific role in the organisation, that will complement this policy,  when you access their services.

If you would like to know more about how we collect and use your personal data, please click on the headings below for further information. If you have any further questions, please contact us using the details in the Contact us section below. 

Who is Entropya AG? 

When we refer to Entropya AG, we are referring to Entropya AG, a public limited company with its registered office address at Weingartenstrasse 9 CH-8803 Rüschlikon, Switzerland. 

Where does Entropya AG collect your information from? 

• When you provide your personal data directly to us:

By using the contact form on our website.

• When you access our website:

So that we can provide you with the best possible experience when you visit our website, we collect cookies when you use our website. This can include the pages you visit and areas that are of most interest. Cookies can also be used to make using the website faster, such as by automatically filling in your name and address. Further information about cookies is set out below. 

In addition, the type of device you’re using to access our website or app and the settings on that device may provide us with information about your device, including the type of device it is, what specific device you have, what operating system you’re using, or why a ‘crash’ has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us. 

What type of information do we collect? 

The type of information (including personal data) that we collect and use and what we do with it will depend upon your relationship with us. 

If you contact us,  we request your: 

• name;
• email address and phone number;
• any personal data your message  may contain;
• any data contains by cookies.

How do we use the personal data we collect? 

Entropya AG uses your personal data in different ways, depending on the nature of our relationship with you, as follows:

• to provide you with our services;
• to manage you requests;
• to understand who is accessing our services, publications, events or information; 
• to keep a record of your relationship with us; 
• to understand how we can improve our services, products or information. 

What are the legal basis for processing personal data? 

We usually process your personal data only if at least one of the following legal grounds apply:

• You have given your consent for the processing;
• Processing is necessary for the performance or entering into a contract to which you are a party;
• Processing is necessary for compliance with a legal obligation applicable to us;
• Processing is necessary for the purposes of our legitimate interests.

Legitimate interest reasons include (but not limited to):

• Preventing risk and fraud;
• Prevention of financial losses;
• Recovery of damages;
• Defence of our rights in court;
• Ensuring people’s health and safety;
• Ensuring security of Entropya AG’s sites and premises.
• Ensuring cybersecurity, etc.
• Taking the steps necessary to identify you, when necessary;
• Answering questions or providing any support; 
• Helping customers find and use relevant products or services through our store; 
• Providing and improving our products and services; 
• Reporting and analytics; 
• Testing out features or additional services; 
• Assisting with marketing, advertising, or other communications; or
• Protecting Entropya AG’s image and reputation.

‍

We only process personal data for these “legitimate interests” after considering the potential risks to your privacy. This may include providing transparency into our privacy practices, offering you control over your personal data where appropriate, limiting the data we keep, limiting what we do with your data, who we send your data to, how long we keep your data, or the technical measures we use to protect your data.

When might we give your personal data to another party? 

We will never share your information with a third party who intends to use it for their own marketing purposes and there are very limited instances where we will share your personal data with a third party. This could include: 

• if a third party provides a service to us, such as running an event on our behalf, providing an element of a contract for us, such as email distribution, fulfilling an order, providing IT, marketing, content services, etc. This would include our trusted partners, entities that sell our products or services or provide our information and marketing for us; 
• for the administration of events. For example, an event venue may require the provision of the names and dietary requirements of attendees in advance, for security and health purposes; 
• where there is a legal or regulatory requirement to disclose your personal data such as from government authorities or the courts, we have a genuine and real concern regarding a person’s well-being, or where disclosure is necessary for taxation and criminal investigation purposes; and 
• where we have your written consent. 

We may be involved in the sale, transfer or reorganisation of some or all of its business at some time in the future. As part of that sale, transfer or reorganisation, we may disclose your personal data to the acquiring organisation, however, we will require the acquiring organisation to agree to protect the privacy of your personal data in a manner that is consistent with this Privacy Policy. 

How do we keep personal data about you safe? 

Entropya AG has a number of steps in place to keep your personal data as safe as possible. Reasonable measures (such as systems access security controls, safeguards to detect and prevent security system failures, and restricted access) have been implemented to help protect personal data from loss, misuse, unauthorized access or disclosure. We train our staff in data protection and data security to increase awareness of its importance. We keep our data protection and data security policies and practices under constant review and review the personal data that we hold, where we hold it and what we do with it. 

Entropya AG requires the third parties it works with to comply with data protection laws and puts controls in place to ensure that your information is handled safely and appropriately. 

Where we send your data 

We work with and process data about individuals across the world. To operate our business, we may send your personal data outside of your state, province, country or residence within the European Union (EU) and European Economic Area (EEA) or other regions of the world such as the UK, Canada or the United Stated of America.

If you are in the EEA, you must know that under the GDPR, data transfer between member states is considered safe.

Additionally, other countries have been recognised by the European Commission as offering adequate level of data protection. The full list can be consulted here. In other words, transfers to the country in question will be afforded the same treatment as if transferred between EEA member states. For example, when we send your personal data to Canada  it is protected under Canadian law, which the European Commission has determined that will adequately protect your data.

Your data may also be sent to other Entropya AG locations and to service providers who may be located in other regions. This data may be subject to the laws of the countries where we send it.  

We may transfer your personal data to third countries or international organisations that don’t provide adequate level of data protection according to the European Commission or, if you are in the UK, the ICO requirements. In this situation, we shall take appropriate safeguards to protect your data, and make available to you effective legal remedies for protecting and exercising your rights.

In such context, we will ensure that you data will be protected by contractual commitments at least equivalent to the Standard Contractual Clauses approved by the European Commission (SCCs), or if you are in the UK, by international data transfer agreement (IDTA) or relevant IDTA addendum to the SCCs, as the case may be. .

Where we cannot find other appropriate safeguards, we will transfer data to these destinations only under the following conditions:

•  We ask for your prior consent, after informing you of possible risks;
•  We transfer the data only at your request for the performance of a contract or the application of necessary pre-contractual measures in relation to us;
• The transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person;
• The transfer is necessary for important reasons of public interest;
• The transfer is necessary for the establishment, exercise or defence of a right in court;
• The transfer is necessary to protect your vital interests or those of others when you are not in a physical or legal capacity to express your consent; and 
• Other situations stipulated by law.

‍

How long do we hold your data?

We shall keep your personal data as long as necessary for the purposes for which they were collected. The retention period may vary depending on the purposes and sometimes it may be influenced by the legal provisions. 

When we rely on your consent (e.g., newsletter subscription), your personal data is kept for as long as you continue to consent. 

The erasure of data shall only take place to the extend that such personal data are no longer necessary for other purposes. We periodically evaluate storage periods to ensure that we retain your data only for as long as necessary in relation to the purposes pursued

What about if you use other websites linked from Entropya AG websites? 

Entropya AG does not have any control over how any third-party websites handle and use your information. Therefore, if you follow any links to any third-party sites from Entropya AG websites, you must check the privacy policy for such a third-party organisation in order to understand how your information could be used. This policy does not cover third-party websites. 

What are Cookies? 

Cookies are small text files which are used by websites to learn about your visit to the site and in some cases to tailor your experience on the website. We use cookies to improve your experience of using the Entropya AG websites, to provide functionality, improve performance, and help with behavioural advertising and embedded content.  

Further information about how we use cookies and how you may turn these off is available in our Cookie Policy. 

Contact with Corporate Subscribers  

‘Corporate Subscribers’ are organisations who Entropya AG might contact in a professional context, using generic work contact details, including phone, email and post. These contact details may be obtained from public domain sources (company websites etc.), from our own business records or from other companies and business contacts. 

We may contact corporate su scribers by email or telephone provided that the subscriber has not previously opted out. 

We may contact subscribers by mail if they have not previously opted out of receiving such communications. 

You have a right to object to the processing of your information for direct marketing. We will provide opt-out notices on our communications to you, or you can advise our team using the contact details in the Contact us section below. 

Disclaimer to security 

By accepting the terms of this Privacy Policy, you acknowledge and agree that no data transmission over the Internet is completely secure. We cannot guarantee or warrant the security of any information you provide to us and you transmit such information to us at your own risk. 

Retaining and disposing of information 

Your personal data is maintained on our networks or on the networks of our service providers. Your information may also be stored in a secure off-site storage facility. We retain personal data only as long as it is needed to fulfil the identified purposes or as may be required to comply with applicable laws. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. To satisfy regulatory requirements, certain personal data may be retained for at least seven years (unless there are legal requirements that require its further retention) after which all documentation will be destroyed in a manner commensurate with its sensitivity. 

What are your rights? 

Under the conditions set out in the data protection laws, as a data subject, you have the following rights:

• Right to be informed, right to receive details of the processing of your personal data, as described in the Privacy Policy;
• Right of access, the right to obtain confirmation from us regarding the processing of personal data, as well as details of the processing activities;
• Right to rectification, the right to obtain the correction of inaccurate/unjustified personal data, as well as the completion of incomplete data;
• Right to erasure without undue delay, („right to be forgotten”), under the conditions provided by the data protection laws;
• Right to restriction of processing, to the extent that you contest the accuracy of the data, the processing is unlawful and you oppose to the erasure, requesting instead the restriction of its use, or when we no longer have any purpose to process your data, but you request it for the establishment, exercise or defence of a right in court or when you object to the processing of data for a period enabling us to confirm our legitimate interests;
• Right to data portability to another controller, under the conditions stipulated by law;
• Right to object to the processing of personal data, at any time, free of charge and without any justification, when the data is processed for direct marketing purposes or when the processing is based on one of our legitimate interests invoked, unless we can demonstrate that there are legitimate reasons justifying that processing;
• Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly affects you to a significant extent, with the exceptions set out in data protection laws;
• Right to withdraw your consent, at any time;
• Right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data infriges data protection laws.

Responding to inquiries and complaints 

If you have questions or complaints with respect to our privacy policies and practices or if you wish to request access to, or correction of, your personal data under our care and control, please contact us using the contact details in the Contact us section below. 

Inquiries or complaints will be dealt with promptly. We will acknowledge your query, investigate and provide you with a response within thirty (30) days. 

Considering the complexity and number of pending requests you may have had; we may extend this period by two (2) further months. We will always inform you about any delay in advance, together with the reason for it. 

Please note that if you send us a request to your personal data, we have to make sure that it is before we can respond. In order to do so, we may use a third-party to collect and verify identification documents.

If we are unable to identify you, we may refuse to provide you with the information requested that might not belong to you.

If you are not happy with our response to a request, you can contact us to resolve the issue.

Right to file a complaint 

If you believe the privacy laws relating to the protection of your personal data or our Policy have not been respected, you may file a complaint with us at the address listed below. We will investigate all complaints. If, after an investigation, your complaint is deemed justified, we will take appropriate steps to correct the situation, including, if necessary, amending our policies and practices. If you are not satisfied with the results of the investigation or the corrective measures taken by us, you may exercise the remedies available under law by contacting your local Data Protection Supervisory or any other competent supervisory. 

Will this policy change? 

To make sure that this policy and our practices stay legally compliant and up-to-date, we may make changes from time to time. If we make any substantial changes, we will make this clear on our website, or by contacting you directly, if appropriate. To be sure that you don’t miss anything, please check back to this page from time to time. 

Contact us 

If you didn’t find what you have been looking for in this Policy, or you would like to speak to someone at Entropya AG about how we collect, use and store your personal data, if you have any questions, comments, requests or suggestions or if you would like to change your contact preferences, please contact us:

by email at” office@entropya.com

 by post office at: Weingartenstrasse 9 CH-8803 Rüschlikon Switzerland

Last update : 14.11.2023