EN
EN IT DE ES FR PT
Contact usLogin

MY SWISS KEEPER SOLUTION
PRIVACY NOTICE

1. Introduction

At My Swiss Keeper SA (we, our or MSK), we recognize the importance of your privacy and of transparency.

This privacy notice (Privacy Notice) describes how we process your personal data when you interact with our My Swiss Keeper Solution accessible at https://www.myswisskeeper.com/privacy-notice-solution/ or as a mobile App (the Solution), and the services we provide in this context (together with the provision of the Solution, our Services).

By using our Services, you expressly acknowledge that we may process your personal data in accordance with this Privacy Notice.

This Privacy Notice is incorporated into and forms an integral part of our general terms & conditions forthe Solution (GTC). All capitalized terms not defined in this document have the meaning given to them in the GTC.

2. Short Version

The following is a summary of (but not a replacement for) this Privacy Notice:
  1. Our role. We, My Swiss Keeper SA, process your personal data mainly on behalf of the Keeper to which you are affiliated. This means that we act as data processor for your Keeper. You must refer to your Keeper’s privacy policy for information about its processing activities. In limited situations described in this Privacy Notice, we act as data controller of your personal data (see section 3);
  2. Data we collect and use. We collect the content that you or your Keeper provide us with, but this information is encrypted and we only use it to provide our Services or comply with our legal obligations. In addition, we collect your account information and data on how you interact with the Services for our legitimate purposes indicated in this Privacy Notice (see section 4, 5 and 6);
  3. Storage and Transfer. Your personal data is stored in Switzerland. We do not share it with third parties or transfer it abroad unless this is both necessary for the operation of our Services and permitted by applicable laws. (see sections 7 and 8);
  4. Your rights. You may contact us (privacy@myswisskeeper.com) to exercise your rights pertaining to your personal data (see sections 12 and 13).

3. Who is responsible for the processing of your personal data

The My Swiss Keeper Solution is operated by us, My Swiss Keeper SA, a Swiss company with registered office in Vaud, Switzerland. You will find our contact details below in section 12.

Except when we process your personal for our legitimate business operations related to providing the Services, as further detailed in this Privacy Notice, the Keeper to whom you are affiliated is responsible, as data controller, for the processing of your personal data through the Services. In that case, we act as a data processor for your Keeper in accordance with our GTC. 

- Us acting as a data processor means the following:

  • When we act as data processor, our processing or your personal data is governed by the contract with your Keeper, as detailed in our GTC.
  • This Privacy Notice does not govern how your Keeper processes your personal data through theServices. You must refer to your Keeper's policies.
  • Some information about you may be provided to us directly by your Keeper. If this is the case, it is your Keeper which is responsible for ensuring that your personal data is collected and transferred to us in accordance with all privacy and data protection laws of all relevant jurisdictions, based on an appropriate legal ground.
  • If you would like to make any requests or queries regarding our processing of your personal data on behalf of your Keeper, please contact your Keeper directly. For example, if you wish to request to access, correct, amend, or delete inaccurate personal data that was originally transmitted by your Keeper, please direct your query to your Keeper. If we are requested by your Keeper to remove your personal data, we will respond to such request in a timely manner upon verification and in accordance with applicable law (for example, 30 days under Swiss law or the GDPR).
  • If you have questions about our legitimate business operations, please contact us as described in section 13.

4. Types of data we collect and how we obtain it

Which information we collect? What does it include? How we collect it?
Contents Content of your files and communications you input, upload, receive, create, and control. This data is encrypted and can only be decrypted by us in limited circumstances in accordance with our GTC. Provided by you or your Keeper
Account information Your account details, including email address, username, account status, subscription information and purchase history. Provided by you or your Keeper
Usage Data IP address, the content that was accessed, date and time of access, information about your web browser, including your navigation details on the Solution Collected by us automatically

5. How we use your data

We process your personal data in compliance with applicable law, in particular Swiss data protection laws and, to the extent they apply to us, other data protection legislations, such as the EU General Data Protection Regulation (GDPR), manually or automatically using computer tools.

This means that we will only process your information for certain reasons (see Section 7) where we have a legal basis to do so.
Here is what each of these legal bases is:
  • Contractual Necessity: the processing is necessary to fulfill our contractual obligations to you or to take pre-contractual steps at your request. This is particularly the case in particular when processing your personal data is strictly required to provide you with the Services. When the GDPR applies, Contractual Necessity is based on Article 6(1)(b) GDPR.
  • Legitimate Interest: the processing is necessary for the fulfillment of our legitimate interests, and only to the extent that your interests or fundamental rights and freedoms do not require us to refrain from processing. When the GDPR applies, Legitimate Interest is based on Article 6(1)(f)GDPR.
  • Consent: we have obtained your prior consent in a clear and unambiguous manner. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal. When the GDPR applies, Consent is based on Article 6(1)(a) GDPR.
  • Legal Obligation: the processing is necessary to comply with our legal or regulatory obligations. When the GDPR applies, Legal Obligation is based on Article 6(1)(c) GDPR.

      • What about the "processor position"?
      When we act as processor for a Keeper, our processing of your personal data is governed by the agreement between us and your Keeper (see section 3).

We do not process your personal data to create a profile about you (profiling). We also do not make decisions exclusively on the basis of an automated processing which have legal effects on the data subjects or affect them significantly (automated individual decision).

6. Why we use your data

We process your personal data for the following reasons:
Why? Which data? Our role? Legal basis?
To provide our Services
This includes:
  1. maintaining the Solution
  2. creating and maintaining your user account
  3. interacting with you
 Contents, Account information Data Processor Contractual Necessity
To manage our customers
This includes:
  1. processing orders and payment
  2. tracking our activities
  3. managing our archiving and records
 Account information, Usage Data Data Controller Legitimate Interests, Contractual Necessity
For our legitimate business interests related to the provision of the Services
This includes:
  1. ensuring that our Services are provided in an efficient and secure way (e.g. through internal analysis of the Services’ stability and security, updates and troubleshooting)
  2. protecting the security of our IT systems, architecture and networks
 Usage Data Data Controller Legitimate Interests
To send you advertising information
We may contact you by email to inform you about our activities and our Services, if you have not objected to the corresponding use of your email address. You can object to the use of your email address for this purpose at any time by contacting us (see section 13) 		Account information Data Controller Legitimate Interests,
To comply with our legal obligations
This includes:
  1. keeping information for tax or accounting purposes, or for the establishment, exercise or defense of legal claims
  2. responding to disclosure request from public authorities
 Contents, Account information, Usage Data Data Controller Legal Obligations,

7. The circumstances in which we share your personal data with third parties

We will only share your personal data with third parties if this is necessary for the operation of our Services, if there is a legal obligation or permission to do so, or if there is another valid reason to do so.
  • Our service providers. We may share your personal data with third parties in connection with the operation of the Services and with subcontractors such as IT service providers and consultants. In particular, we use the services of Infomaniak, a Swiss-based hosting services provider.
  • Other Users. If you decide to share your content with other users of our Solution (for instance your Keeper or your authorized users), we will grant them access to your content.
  • Authorities. We may also disclose your personal data where we have a legal obligation to do so, for example to respond to a request from a judicial authority or in accordance with a legal obligation or to bring or defend against a claim or lawsuit.

8. International Transfers

We store your personal data on servers located in Switzerland.

We will not transfer your personal data to other countries or make it available there except if we have a legal obligation to do so. Note that we do not control from where you (or your Keeper and authorized users) access and use our services.

9. How long we store your personal data

Your personal data will not be stored longer than necessary. We will erase or anonymize your personal data as soon as it is no longer necessary for us to fulfill the purposes set out in section 6 of this Privacy Notice. This period varies, depending on the type of data concerned and the applicable legal requirements:
  1. Content: your content is retained for as long as your account is active. If you suppress your user account, your content will be deleted or anonymized within 90 days after such event, unless data must be retained for a valid reason.
  2. Account information: In view of the legal obligations incumbent upon us, certain information relating in particular to the contractual relationship must be retained for at least 10 years.
  3. Usage data: usage is generally deleted or anonymized immediately when you end your session.

10. Security

We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. Your content information is protected using strong encryption processes. We do not have access to encryption keys of our users as part of the normal operation of the Solution.
Although we take appropriate steps to protect your personal data, no IT infrastructure is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.
The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment and this Privacy Notice applies to our use of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk.
If we have reasonable reasons to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify you of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on the Solution).

11. How we use cookies or other analytical tools

Cookies are small files of letters and numbers downloaded on to your computer when you access certain websites. In general, cookies allow a website to recognize a user’s computer.
There are various types of cookies. But in connection with the Solution, we only use "essential cookies", which are required to make the Solution capable of being used (the Solution cannot function properly without them).
We currently only use the following cookie in connection with the Solution:
Name Provider Purpose / Description Duration and expiry Type
JSESSIONID Auth.myswisskeeper.com Establish the user (logged in) session Login sequence (session) HTTP

12. To find out more about cookies, including how to see what cookies have been set and understand how to manage, delete and block them, visit www.aboutcookies.org or  www.allaboutcookies.org.Your rights with regard to the processing of your personal data

By accessing your user account, you can review, update, correct or delete the personal data available within your user account. We do not have access to your content and therefore cannot help you exercise your data protection rights in that context. You should direct your privacy inquiries relating to your content, including any requests to exercise your data protection rights, directly to your Keeper’s contact person.

You may contact us directly to exercise your rights pertaining to your account information or usage data. Unless otherwise provided by law, you have the right to know whether we are processing your personal data, to know the content of such personal data, to verify its accuracy, and to the extent permitted by law, to request that it be supplemented, updated, rectified or erased. You also have the right to ask us to cease any specific processing of personal data that may have been obtained or processed in breach of applicable law, and you have the right to object to any processing of personal data for legitimate reasons.

The above does not restrict any other rights you might have pursuant to applicable data protection legislation under certain circumstances.
In particular, if the GDPR applies to the processing of your personal data you have the following rights under the GDPR if the respective requirements are met:
  • Right of access (Art. 15 GDPR) - you have the right to access and ask us for copies of your personal data.
  • Right to rectification (Art. 16 GDPR) - you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Right to erasure (Art. 17 GDPR) - you have the right to ask us to erase your personal data in certain circumstances.
  • Right to restriction of processing (Art. 18 GDPR) - you have the right to ask us to restrict the processing of your personal data in certain circumstances.
  • Right to data portability (Art. 20 GDPR) - you have the right to ask that we transfer in a structured, commonly used and machine-readable format the personal data you gave us to another organization, or to you, in certain circumstances.
  • Right to object to processing (Art. 21 GDPR) - you have the right to object to the processing of your personal data which is based on our legitimate interests, in certain circumstances. In such case, we will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defense of legal claims.
  • As a rule, you are not required to pay any charge for exercising your rights and we will respond to your request within one month.
If you are not satisfied with the way in which we process your personal data, you may lodge a complaint with the competent data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, in addition to the rights described above.
Although this is not required, we recommend that you contact us first, as we might be  able to respond to your request directly.

13. Contact Us

If you believe your personal data has been used in a way that is not consistent with this Privacy Notice, or if you have any questions or queries regarding the collection or processing of your personal data, please contact us at privacy@myswisskeeper.com.

14. Updates to this Privacy Notice

This Privacy Notice may be subject to amendments. Any changes or additions to the processing of personal data as described in this Privacy Notice affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you (including by email and/or via the Solution, e.g. banners, pop-ups or other notification mechanisms). If you do not agree to the changes made, you must stop accessing and/or using the impacted Services.
______________________________________
Last updated: May 13th 2022
© 2021 My Swiss Keeper
ISO27001 certified
Data stored in ISO27001 certified
Swiss data centres
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram