- References to “our,” “us,” and “we” refer to the FISBA entity responsible for processing your personal information, and references to “you” and “your” refer to an individual person interacting with us;
- Singular noun forms include plurals thereof, and vice versa;
- Phrases or words such as “including” and “such as” are defined as without limitation; and
- The word “or” is not exclusive.
- Your use of our products and services;
- Your use of our websites, mobile applications, and social media pages (“Online Channels”);
- Your business cards, e-mails, faxes, in-person interactions, meetings, telephone calls, site visits, tradeshows, training sessions, and other person-to-person interactions (“Offline Channels”); and
- Our distributors, suppliers, and vendors (collectively, “Business Partners”).
The Online Channels (e.g., via third-party links) and Business Partners (e.g., via contractual arrangements) may gain or have access to your personal information that we do not control and are therefore not responsible.
1. General Principles
To the extent required by applicable law, whenever we collect your personal information, we will:
- Provide appropriate and timely notice to you about our personal information data practices;
- Collect your personal information only for legitimate and specified purposes;
- Process your personal information in a manner consistent with the purposes for which we collected it;
- Take commercially reasonable steps to ensure your personal information is accurate, complete, reliable, and up-to-date;
- Not use your personal information for direct marketing purposes without giving you an opportunity to “opt-out”; and
- Take appropriate measures to protect your personal information that we disclose to third-parties or transfer to other countries, including via transfers within various FISBA entities.
2. Collecting Your Personal Information
In our ordinary course of business, we may collect the following types of personal information from you:
Information You Provide
We collect personal information that you provide us, such as:
- Your contact information (such as your name, location, company/employer name, job position/title, postal address, e-mail addresses, and phone numbers);
- Your biographical and demographical information (such as your affiliations, age, country or origin, date of birth, gender, language preference, marital status, membership in professional or rewards associations, nationalities, and registration numbers);
- Comments, orders, questions, and requests that you initiate with us (such as via our products or services in which you are interested);
- Information about how you use our products or services (such as via your customer service and purchase history);
- Information about your preferences, such as your preferred methods of communication; and
- Your interest in our newsletters and the like.
Information We Automatically Gather from Your Device
- Device and Browser Information. We may collect technical information about your device, such as:
- Your device type;
- Your operating system;
- Your browser settings and type;
- Your Internet Service Provider;
- Your IP address; and
- Any device identifiers.
We may collect this information automatically from your device through cookies or other similar technologies.
- Information about How You Interact With Us. We may collect statistical information about your use of our Online Channels and how you interact with our digital advertisements and promotions, such as any:
- Content you downloaded or viewed;
- Web pages you visited and paths of those visits;
- Links you clicked;
- Features you used;
- Promotional e-mails you opened; and
- Dates, lengths, and times of our various interactions
We may collect this information automatically from your device through cookies or other similar technologies.
- Location Information. We may collect your location information, including precise realtime location information from your device and imprecise location information derived from, for example, your IP address or postal/zip code.
3. Using Your Personal Information
If you provide us with your personal information, we may use it to:
Administer and Process our Products and Services
This may include:
- Fulfilling and processing your orders;
- Keeping you informed about the status of your orders;
- Performing accounting, auditing, billing, collection, and reconciliation services; and
- Providing customer support to you.
Develop and Manage our Relationships with You or our Business Partners
This may include:
- Providing you with information about our products and services;
- Delivering services or carrying out transactions that you or our Business Partners have requested;
- Providing you or our Business Partners with a consistent experience in interacting with our Online Channels; and
- Managing or performing our contractual relationships with you or our Business Partners.
Communicate with You
This may include:
- Informing you of our newsletters, promotional activities, products, and services that may be of interest to you;
- Providing your personal information about our relevant products, services, and transactions;
- Responding to questions you have made, including customer service requests;
- Responding to employment applications you completed; and
- Inviting you to participate in customer satisfaction or market research surveys.
Interact with, Provide, and Improve our Online Channels
This may include:
- Interacting within our Online Channels;
- Customizing our Online Channels to your preferences or interests, making them more compatible with your technology or otherwise making them easier to use;
- Maintaining the security of or otherwise protecting our Online Channels;
- Providing information about advertisements, products, services, and transactions that may be of interest to you; and
- Developing new Online Channels, products, and services.
Address Legal Issues
This may include, and without a duty to further notify you:
- Complying with our obligations to retain certain business records;
- Defending, establishing, or exercising various legal claims;
- Conducting investigations required by or with government officials;
- Complying with court orders, laws, or regulations;
- Detecting, preventing, or responding to fraud, intellectual property infringement, violation of our contracts or agreements, violations of law, or other misuse of our Online Channels, products, and services; and
- Protecting our rights or property, your rights or property, or others’ rights or property, including protecting physical or financial harm thereto.
In addition, we may also use your personal information for other uses consistent with the context in which we collected it.
In addition, we may also aggregate or anonymize any personal information that we collect and use it for any purpose, including for product development or research purposes, provided we will not use your personal information to identify you individually.
4. Disclosing Your Personal Information
We will not intentionally disclose your personal information, except:
- We may share your personal information with our Business Partners or third-parties that perform support services for us. If we do so, we will require these Business Partners or third-parties to only use your personal information to perform services on our behalf and to treat your personal information in compliance with applicable data protection and privacy laws.
- We may share your personal information with third-parties in connection with a confirmed or possible acquisition, bankruptcy, consolidation, dissolution, divestiture, joint venture, liquidation, merger, partnership, purchase, reorganization, restructuring, sale, spinoff, transfer of our assets, or under other similar circumstances.
- We may share your personal information with your permission or at your request.
- We may share aggregated or anonymized versions of your personal information internally and with third-parties for any purpose. However, we will not use your personal information to identify you individually.
- We may share your personal information as required by law, including without a duty to further notify you regarding same.
- From time to time, we may collect your personal information from, or share it with, our Business Partners.
- We may combine the information we receive from our Business Partners with information that we collect from you or your device, as described above.
5. Securing Your Personal Information
- We will store your personal information in our databases or databases maintained by our service providers. Many of these databases are stored on servers located in the United States. We take appropriate measures, by contract or otherwise, to provide adequate protection for your personal information that we disclose to third-parties or transfer to another country, including transfers within FISBA. However, we have not presently certified to the US Department of Commerce that we currently adhere to the EU’s Privacy Shield frameworks (as referred to in Section 13 below) and thus strive to comply with the EU’s Standard Contractual Clauses (“SCC”) in effect as of the date set forth below for data transfers between EU and non-EU countries.
- Although we use reasonable security measures to help protect your personal information against unauthorized alteration, disclosure, loss, or misuse, we do not absolutely guarantee the security of your personal information, and we are not responsible for breaches of security beyond our reasonable control.
6. Retaining Your Personal Information
- In general, we only maintain your personal information for as long as we have an ongoing relationship with you. However, how long we keep your personal information will vary and depend on the purpose and use of the personal information that we collected. There are legal requirements that we keep some types of personal information for specific periods. Otherwise, we will retain your personal information for no longer than is appropriate or necessary for the purposes for which we collected it.
- To determine the period for which we retain your personal information, we will consider businessappropriate criteria, such as:
- Legal requirements to retain your personal information for certain periods of time;
- Retention obligations related to actual or potential litigation or government investigations;
- Retention requirements in relevant agreements with our Business Partners;
- The date of your last interaction with us;
- The length of time between your interactions with us;
- The nature and sensitivity of your personal information; and
- The circumstance and purposes for which your provided or we collected your personal information.
7. Using Cookies and Similar Technologies
- Cookies, and other similar technologies (e.g., pixel tags, server logs, web beacons, etc.), can personalize and enhance your user experience by saving your preferences, customizing your Online experiences, and providing you with advertising that may be tailored to your interests. If you choose not to enable cookies on your device, certain features of our Online Channels may not be available to you in the same fashion as if you had enabled cookies.
- We use or may use “Essential Cookies,” which allow us to recognize your device when you interact with us.
- We use or may use “Session Cookies,” which do not identify you personally and expire after you close your web browser session. We use these temporary cookies to ensure the proper functionality and operation of our Online Channels.
- We use or may use “Persistent Cookies,” which do not expire after you close your web browser. Persistent cookies stay on your computer until you delete them or they expire. By assigning your device a unique identifier, we are able to create a database of your previous choices and preferences, which we then use to save you effort and time on future visits. We may also retain your language preferences, login credentials, passwords, etc.
- We use or may use “Advertising Cookies,” which advertisers may use to make advertising messages more relevant to you, both during and after a current Online session.
- We use or may use “Flash Cookies,” which allow rapid development of dynamic content, such as animation and video clips.
- Certain web browsers may also allow you to adjust your settings to accept or reject cookies or alert you if we place a cookie on your computer.
- We do not require you to accept our cookies to interact with our Online Channels. For example, while many web browsers accept cookies automatically, you can set your web browser so that it informs you about the setting of cookies, so that it does not accept cookies automatically on your behalf, it only accepts cookies in individual cases, or it automatic deletes all cookies when you close your web browser. In addition, you can delete cookies that have already been set at any time via your web browser or other software programs.
- Our cookies contain a character string that enables the unique identification of your web browser if you call up our website multiple times. However, we only store pseudonymous data in our cookies. Thus, when you enable our cookies, we assign a unique identification number to the cookie. But we do not assign your personal information to the unique identification number. Accordingly, our cookies do not store your personal information, which would otherwise enable us to directly assign a cookie to you. Instead, our cookies only store and receive pseudonymous information.
8. Analytics and Advertising
- Google Analytics includes, or may include, its features of Universal Analytics, which allow us to analyze the activities on our pages across our Online Channels and makes it possible for us to assign data, interactions, and sessions across your multiple devices to a pseudonymous user ID and thus allow us to analyze your activities across your devices.
- The information that is generated by the cookie about your use of our website (including your IP address) will be transmitted to, and stored by, Google on its servers in the United States. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation: (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- On our behalf, Google uses this information to evaluate your use of our website, to compile reports on website activity, and to provide us with other services related to website activity and internet usage. Google will not merge the IP address provided by Google Analytics within its Google Analytics framework with other data provided by Google.
- We only use Google Analytics with activated IP anonymization. This means that your IP address is shortened by Google within member states of the EU and/or in other contracting states of the Agreement on the EEA. Only in exceptional cases will Google send your full IP address to a Google server in the US and shorten it there.
- You can prevent the collection and transmission of the data generated by the cookie and related to your use of our website (including your IP address) to Google and the processing of this data by Google by using the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Download and install the available browser plug-in, after which Google will set an opt-out cookie that prevents the future collection of your data when visiting our website. However, please note that if you do so, you may not be able to use all functions of our website in full. To avoid detection by Universal Analytics across your devices, you must opt-out on all of the systems that you use. You may find additional information about Universal Analytics at this link: https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376 .
9. Links to Third-Party Internet Sites and Plug-ins
- Some of our various Online Channels may contain links to various external mobile applications, social media platforms, or other websites that we do not control, as well as plug-ins from other vendors’ services, such as Facebook’s “Like” feature. While we may provide these links and plug-ins as a courtesy or service to you, we do not endorse the activities or content of these vendors, nor any association, direct or indirect, with their operators.
- We abide by the Children’s Online Privacy Protection Act.
- We direct our Online Channels and Offline Channels to general audiences and do not knowingly direct or target them to be accessed by children under 13 years of age. We do not knowingly collect or solicit personal information from, or about, children under 13 – or the relevant minimum age under applicable local legal requirements.
- If we become aware that we have collected or processed personal information of a child under 13 years of age, we will appropriately and promptly delete the information from our records.
11. California Privacy Rights
- California Civil Code Section § 1798.83 permits users of our Online Channels that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact our Chief Privacy Officer at e-mail email@example.com.
12. GDPR and Privacy Shield Frameworks
- The EU adopted the General Data Protection Regulation (EU) 2016/67 (“GDPR”) on April 24, 2016, and it became enforceable beginning on May 25, 2018. It is a regulation in EU law on data protection and privacy for all individuals (formally called “Data Subjects”) within the EU and the EEA. The GDPR also addresses the export of personal information outside the EU and EEA areas. According to the GDPR, we must, provided we are a processor of personal information:
- Disclose our data collection activities to you;
- Declare our lawful basis and purpose for processing your personal information;
- State how long we retain your personal information;
- State if we share your personal information with any third parties or outside of the EEA;
- Upon request, provide you a copy of your personal information in a common format; and
- Under certain circumstances, erase your personal information.
- According to the GDPR, data transfers are only permitted among countries deemed as having adequate data protection laws. At present, the EU does not believe the USA satisfies this requirement. Accordingly, Privacy Shields were designed to create an interim program in which participating companies (as opposed to countries) are deemed as having adequate data protection programs, thereby facilitating the transfer of personal information to non GDPR-compliant companies. As a result, Privacy Shields allow US companies, or EU companies working with US companies, to generally meet the GDPR’s requirements regarding data protection. They allow individual companies to share personal information between EU and USA companies. The GDPR applies to all companies that process personal information of EU persons in connection with offering them goods or services or that monitor the behavior of individuals within the EU, such as by tracking an individual’s use of a website. The GDPR applies to both EU-based businesses and to businesses that have no physical or legal presence in the EU.
- We have not presently certified to the US Department of Commerce that we currently adhere to the Privacy Shield frameworks. However, we strive to comply with the EU’s SCCs in effect as of the date set forth below for data transfers between EU and non-EU countries.
- The GDPR requires the identity and contact details of the controller, and, where applicable, of the controller’s representative. Accordingly:
- Our GDPR Controller is FISBA AG, Rorschacherstrasse 268, 9016 St. Gallen. Schweiz, available by e-mail at firstname.lastname@example.org and by phone at +41 71 282 31 31;
- Our Representative of the Controller is Schwarzschildstrasse 10, 12489 Berlin. Deutschland, available by e-mail at email@example.com and by phone at +49 30 6392 36 97;
- Our Data Protection Coordinator is Patrick Rietmann at Rorschacherstrasse 268, 9016 St. Gallen, Schweiz, available by e-mail at firstname.lastname@example.org and by phone at +41 71 232 31 15.
13. Our Legal Bases for Processing Your Personal Information
Our legal basis for collecting and processing your personal information as described above typically includes at least one or more of the following
- You gave your informed consent
- To optimize the contents of our Online Channels for your interactions therewith;
- To collect statistical data;
- For advertising purposes;
- To provide customer support;
- To process an employment application you submitted;
- To prevent against cyber-attack and fraud, including in cooperation with government authorities;
- To provide a newsletter or other information of interest to you;
- To perform, or to take steps to perform, a contact with you or a Business Partner;
- To advance or protect our common, legitimate, ordinary, and usual business interests;
- To protect the security of our networks, premises, systems, and Online Channels; and
- To comply with our legal obligations.
14. Your Rights
- Although many of the following are not absolute, you may generally access, alter, amend, change, copy, correct, erase, excise, delete, object to, port, recertify, rectify, redact, remove, restate, restrict, review, update, verify, or withdraw your consent of your personal information by contacting our Chief Privacy Officer at e-mail email@example.com.
- Under some circumstances, you may also have a right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates your data protection rights. If you have questions about your rights, please contact our Chief Privacy Officer at e-mail firstname.lastname@example.org.