Last updated August 2020
- Our Mission
- When and why we process your Personal Data
- How we share your information
- International data transfers
- Your rights
- Information for users in California
- How we protect your information
- How long we keep your information
- Third-party websites
- Change to this Privacy Notice
This is the Privacy Notice of Positive Technologies Holding AG, which is doing business as Positive Technologies (Positive Technologies, we, us). Please read this Privacy Notice to understand how we collect and use the information you provide to us when you visit this website, use our products and services, contact us, or apply for a job.
This Privacy Notice applies to this website, the products and services provided by us through this website. It does not apply to our websites, products or services that are covered by a separate privacy notice.
At Positive Technologies, our mission is to make this world driven by information technologies a safer place. We are doing this by protecting various types of infrastructures, devices, and data.
Your trust is important to us. For that reason, we strive to be transparent with you about how and why your data is collected and used so you can make meaningful choices.
We respect your privacy and also recognize the importance of an appropriate approach to data security, taking the necessary steps to make sure that your information is secure with us.
The controller for processing personal data relating to use of this website is Positive Technologies Holding AG, a company registered in Switzerland with company number CHE-242.779.821 and its registered offices located at 6302 Zug/ZG, c/o Bruhin Klass AG, Baarerstrasse 12, 6300 Zug, Switzerland.
If you have any questions or feedback regarding data protection or the processing of your personal data, please contact our Data Protection Officer at firstname.lastname@example.org.
When and why we process your Personal Data
We seek to only collect and process the personal data we need in order to provide you with our services. Below you will find more detailed information about how, when and why.
1. When you visit our website
When you visit our website, we automatically collect some personal data from your device. This information includes your IP address, date and time of the request, browser language and version, operating system version or producer, information about your device, user’s session fingerprints, as well as some data about how you interact with our website (e.g. which website you came from, pages visited, heatmaps and links clicked). We do this to keep our website secure and to understand who visits it and which pages they find interesting, so we can improve the site and provide relevant content. Some of this data is collected using cookies and similar technologies. You can find more detailed information in our Cookie Notice.
Our legal basis for processing the personal data collected by most types of cookies is your consent. You have the right to withdraw this consent at any time in your cookie preference center, but it will not affect any processing that has already taken place.
However, there are also some cookies which are necessary for the proper functioning of our website, and you cannot refuse them. The legal basis for this processing, and the processing of the data from the website logs, is legitimate interest.
2. When you contact us
There are several different ways you can get in touch with us, depending on the reason for your request. You can fill out one of the forms on our website - to contact our sales team, request a free demo, get a free pilot or access to premium content, sign up for a webinar, use Positive Bot or just send us an email for any other reason. The data you put into the form or in the body of the email will be sent to us automatically from the web server. It is useful for both Positive Technologies and you, if we are able to respond to enquiries quickly, so this processing is done on the basis of legitimate interest.
3. When you use our products and services
In connection with your use of our products or services, or when you request technical support, we process the personal data you provide when you sign up or engage our services, or contact us for any reason after that. The processing of this data is necessary for the performance of our contract with you. We also use some personal data for our internal auditing and accounting records. The legal basis for this processing is legitimate interest.
Additionally, although we do not aim to gain access to the personal data of our customers’ clients or employees, sometimes in the process of provision of our services we may unintentionally come across certain personal information. In most cases, we cannot predict which categories of data this may involve, and we do not control this data.
4. Direct marketing and other communications
If you have participated in one of our webinars, filled out a web form to enquire about our services or products, made use of our free downloads or connected with us at an industry event, we may wish to inform you about other future webinars or contact you to offer our products or services which we think may be of interest to you. This type of activity is considered direct marketing, and in this case we rely on our legitimate interest to process your personal data for this purpose. If you wish to object to this processing, you can simply click on the “unsubscribe” link at the bottom of the email you receive from us, or tell the person who called you that you don’t want to receive any more calls.
If you have given consent to receive calls and additional information from us by checking a box under a form on our website, you can withdraw your consent at any time by clicking on the “unsubscribe” link in the email you receive from us, or tell the person who called you that you don’t want to be contacted again.
5. When we think you might be interested in our products or services
If you've been contacted by Positive Technologies to offer a conversation about our products or services, it's because our research has indicated that you might be interested in what we have to offer. When we do pre-sales research, we look at various sources such as LinkedIn, industry-specific directories, etc. We want to offer our services to organisations which would benefit from having our support and be able to approach the most suitable person to discuss this with, so the legal basis for this processing of personal data is legitimate interest.
6. Social networks
If you request information or contact us on social media sites such as YouTube, LinkedIn, SlideShare, Twitter, or Facebook we will process your personal data in order to respond to your enquiry. For example, our sales or marketing department may contact you to provide more information about the product or service you expressed interest in or to offer a similar product, or an HR specialist could connect with you regarding a vacancy you enquired about. It is in the interest of both you and Positive Technologies if we respond to you, so this processing is done based on legitimate interest.
How we share your information
In order to provide you with our products and services, at times we have to share your personal data with partners and external third party service providers. They only process your personal data on the basis of data processing agreements and according to strict instructions, which do not allow them to use your data for any other purposes without notifying you or asking for your consent.
Some of the categories of the parties we may share your data with include providers of information technology, website hosting and management, data analysis, data backup, security and storage services, as well as consultants, partners, providers under agreements, and agents.
We, our partners, service providers and others may also be required to share your personal data with various financial institutions and/or enforcement or court authorities to comply with applicable laws, prevent fraud, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or agents.
Additionally, we may reveal your personal data to third-parties if: (1) you request or authorize it; (2) to address emergencies or acts of God; and (3) to address disputes, claims, or to persons demonstrating provable legal authority to act on your behalf.
If you would like to receive more detailed information regarding third parties we share your personal data with, please contact our Data Protection Officer at email@example.com.
International data transfers
Positive Technologies is an international company. That is why we may transfer your personal data to recipients outside the country where you are located. Data protection laws in those countries may differ from the country in which you initially provided the information. Where that is the case, in order to ensure that your personal data receives a comparable level of protection, we provide appropriate safeguards, such as adequacy decisions and frameworks or Standard Contractual Clauses approved by the European Commission.
We process and store personal data on Amazon Web Services servers located on the territory of Germany, EU. However, to meet the purposes for which your information was collected, we also transfer your data to Ireland (Google Analytics), U.S. (Google Analytics, Microsoft Office 365, HubSpot), Germany (Amazon Web Services hosting), Malta (Hotjar). Additionally, we may share your information with other companies operating under Positive Technologies brand in the following territories: UK, Italy, Czech Republic, Russia, Brazil, and South Korea.
If you would like to receive more information about the transfers or safeguards, please contact our Data Protection Officer at firstname.lastname@example.org.
Google Analytics uses traffic log cookies to gain information about visits to pages on our website. We use this information to generate reports on how our website is used to help us improve it. We do not retain any data specific to any identifiable user. The services are provided by Google LLC and Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, as well as Google Ireland Limited (as applicable), located at Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (collectively "Google"). All information is processed by Google in compliance with Data Processing Amendment to the Google Analytics Agreement, including cross-border processing. To get more information about how Google processes your personal data, please see its Privacy Notice.
Amazon Web Services
Amazon Web Services is a secure cloud services platform which offers computing power, database storage, content delivery, and other functionality to help businesses scale and grow. We use this service to store your data. The services are provided by Amazon Web Services, Inc., located at 410 Terry Avenue North, Seattle, WA 98109-5210, and Amazon Web Services EMEA SARL, located at 38 Avenue John F. Kennedy, L-1855, Luxembourg (collectively "Amazon"). All information is processed by Amazon in compliance with AWS GDPR Data Processing Addendum, including cross-border processing. To get more information about how Amazon processes your personal data, please see its Privacy Notice.
Microsoft Office 365
Microsoft Office 365 is a cloud-based subscription service that provides tools for working with documents and email in apps like Excel and Outlook. These tools help us to store, send and otherwise process your data. The services are provided by Microsoft Corporation, located at One Microsoft Way, Redmond, WA 98052-6399. To get more information about how Microsoft Corporation processes your personal data, please see its Privacy Statement.
HubSpot is a developer of software products for marketing and sales. We use this service to provide you the information about our products and services based on your preferences. The services are provided by HubSpot, Inc., located at 25 First Street, 2nd Floor Cambridge, MA 02141 USA. To get more information about how Microsoft Corporation processes your personal data, please see HubSpot Privacy Notice.
Data protection laws provide you with rights to help you understand and control how your personal data is used. These are your rights:
- Right to be informed about why and how we are processing your personal data — we hope we achieved this by providing you with this Privacy Notice.
- Right to have access to your data — you have the right to ask us if we are processing your personal data, why we are doing so, under what lawful basis, the categories of your personal data, whether the data is being sent outside the EU, who we share your data with, how long we keep it, and request a copy of the data we are processing. If you are unable to find sufficient information in our Privacy Notice, please contact our Data Protection Officer at email@example.com.
- Right to object to some processing — you have the right to object to direct marketing, or if processing is based on legitimate interest.
- Right to have your data deleted — otherwise known as “right to be forgotten”. You can exercise this right if you withdraw your consent and there is no further legitimate interest in our processing of your data, your objection to processing under legitimate interest outweighs our interests, the processing is no longer necessary, there is a law that requires the data to be deleted, or the processing is unlawful.
- Right to restrict processing — you can use this right if the personal data we are processing is inaccurate, if our processing is unlawful, if the data is no longer necessary for the original purpose of processing but needs to be kept for potential legal claims, or you have objected to processing carried out under legitimate interest and we’re still in the process of determining whether there is an overriding need to continue processing.
- Right to data portability — you can ask for your data which you provided to us on the basis of consent or because it was necessary for a contract and which we process by using a computer.
- Right to ask us about automated decision-making — you have the right to ask us to explain the logic involved in making any automated decisions and for the decision to be reviewed by a human being, if that decision had an effect on your rights or freedoms.
- Right to rectification — if any of your personal data that we hold is inaccurate, you can request to have it corrected.
- You have the right to lodge a complaint with the competent data protection authority if you have concerns about how we process your personal data. However, we would appreciate it if you contacted us first and gave us an opportunity to resolve the issue.
If you would like to exercise any of these rights, or find out more about how we process your personal data, please contact our Data Protection Officer at firstname.lastname@example.org. Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, we will let you know the date when the information will be provided. If for some reason we cannot satisfy your request, we will provide an explanation why.
Information for users in California
Under the California Consumer Privacy Act (CCPA), residents of the State of California have certain rights concerning the personal data we hold about them. These rights include the right to request access or deletion of your personal data, right to request that we stop selling your personal data, right against discrimination because you exercised the rights available to you and the right to protection against waiver of rights.
If you are a California resident, you can exercise your rights as provided in the CCPA by contacting our Data Protection Officer at email@example.com. As per definitions in the CCPA, please note that we do not sell your personal data.
How we protect your information
We are committed to ensuring security of your information. We make every effort to keep your information safe in accordance with our internal security procedures and applicable law. Appropriate security measures are in place to protect against loss, misuse, or alteration of your information. Specifically, we use the following measures to protect your personal information:
- Granting access to personal data only on a need-to-know basis
- Ensuring that persons who have access to personal data have been informed of the applicable laws relating the processing and protection of the personal data
- Applying cryptographic protection instruments to information systems containing personal data
- Restricting access to information resources and data processing facilities
- Using antivirus tools for personal data security systems
- Appointment of the person responsible for compliance with regulations for processing of personal data (you can contact this person at firstname.lastname@example.org)
- Periodically assessing risks related to the processing of personal data
- Training employees of Positive Technologies on working with personal data
- Ensuring that both Positive Technologies and third parties that are involved in personal data processing maintain confidentiality of the data and do not process it without appropriate legal grounds.
How long we keep your information
We keep your personal data for as long as it is necessary to achieve the purpose for which it was collected, usually for the duration of our contractual relationship plus any period thereafter as required or permitted by law, or to satisfy any legal obligations. When the data is no longer required, it is deleted.
In some cases, we can also delete your data if we think that it presents a threat to our company’s security, or if you violated the terms of this Privacy Notice, or if your contract has expired or was terminated.
Profiling means any form of automated processing of personal data that divides natural persons into groups (profiles) depending on their behavior, interests, and more specific characteristics. We do profiling by means of Google Analytics. You can find more details here: About Demographics and Interests. In any case, the data used for profiling purposes is not transferred to third parties or publically shared.
Our website may contain links to other websites of interest. However, we do not have any control over other websites and cannot be held responsible for the protection of any information that you may provide them. We encourage you to exercise caution and check the privacy statements of those websites.
Changes to this Privacy Notice
As our organization and services change from time to time, this Privacy Notice may change as well. We reserve the right to amend it at any time, for any reason, without notice to you, other than the posting of the updated Privacy Notice on our website. We may email periodic reminders of our notices and terms and conditions and will notify you of material changes thereto, but you should check our site to see the Privacy Notice that is in effect and any changes that may have been made to it.