PROSE Privacy Policy

PROSE Privacy Policy – Effective September 1, 2023

This Privacy Policy applies to PROSE AG and all its affiliates (PROSE GROUP) (“we”, “PROSE”). It governs the handling of the personal data we collect from our customers, partners, suppliers and other online users (“you”, “users”) in connection with our business activities, including the provision of our website https://prose.one (“Website”), and our professional services (Services).

Why do we collect personal data?

In general, we collect personal data to make our website and services as consistent, efficient and user-friendly as possible. In particular, we collect personal data and information to:

Conclude, process, document and settle contracts with our business partners
Carry out our contractual obligations with you
Offer and provide our services
Obtain services from our business partners
Communicate with you, respond to inquiries and send you newsletters, information about PROSE’s offerings, customer surveys, invitations to events and similar information
Send you payment reminders and receive payments for our services
Process applications
Improve our services and develop new products and services
Improve the user-friendliness of our website
Improve and optimize the operation and performance of our website
Diagnose problems, errors, and security risks on the site
Prevent and investigate criminal offenses and misuse of our website and services
comply with applicable laws and regulations, comply with legal and contractual obligations, and enforce or defend against legal claims.

When using our website or services, you have a variety of choices regarding the personal information you share with us. However, parts of our services or the website require certain personal data for the proper performance and use of the functions of the services or the website. Unfortunately, if you do not provide us with the required information, you will not be able to take full advantage of the services or the website.

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. Information on this can be found in our PROSE Cookie Notice.

Insofar as we require a legal basis for the processing of personal data, we rely on your consent (within the meaning of Art. 6 (1) (a) GDPR) or we process your personal data for the purpose of initiating or fulfilling a contract (within the meaning of Art. 6 (1) (b) GDPR), in order to comply with legal requirements (within the meaning of Art. 6 (1) (c) GDPR) or to safeguard the legitimate interests of PROSE or third parties ((within the meaning of Art. 6 (1) (f) GDPR). In particular, a legitimate interest lies in fulfilling the purposes described in this Privacy Policy and being able to carry out appropriate measures.

Whose personal data do we process?

In particular, we collect and process personal data from the following persons:

Website users: When you browse our website or contact us
Employees and bodies of customers, partners and suppliers: If the organisation you work for is a recipient of our services or has a business relationship with us, we may process your data, in particular data in emails, telephone conversations or data recorded in related documentation.
Event participants: If you register for or attend one of our events, we will process personal data about you in connection with your participation in the event.
Recipients of marketing communications and surveys
Job applicant
Employees and contractors

What types of personal data do we process?

As a rule, we process the following personal data:

E-mail address
SIP Address
IP Address
Name
Company name and business address
Telephone number
Information on education and professional experience for job applications
Content of communication and business relationship with you
Any other personal data you provide to us
When you visit our website, we collect additional information, such as your browser type and access times. Further information on cookies can be found in our PROSE Cookie Notice.

When do we collect your information and personal data?

We collect personal information when you:

Visit our website
Request quotes for services
Placing orders for services
Work for one of our customers, partners or suppliers
Make payments
Register for or participate in events
Apply for a job or send us your CV
Visit our offices
Contact us in general

How do we ensure the integrity of your personal data?

We will take all reasonable steps to protect your personal information from misuse, interference and loss, as well as from unauthorized access, alteration or disclosure. In particular, we take the following measures:

Limiting access to office space and equipment
Limiting access to personal data
Limiting access on a strict need-to-know basis
Maintaining appropriate security measures
Deletion or anonymization of personal data if required by law
Signing confidentiality agreements with employees, partners and third parties (e.g. suppliers) to whom we may share your personal data

This list is not exhaustive.

PROSE is ISO 9001 certified. PROSE’s security precautions are constantly being revised and improved based on the latest state of the art.

Who do we share personal data with?

We do not share personal information with third parties except as necessary to fulfil the purpose for which the information was collected, such as to fulfil contractual obligations, respond to your requests, for our legitimate business purposes, or as required by law.

Personal data may be disclosed to or processed by the third parties listed below if it is necessary for the purposes set out above and in accordance with applicable data protection laws. This list is not exhaustive and there may be other circumstances in which we may need to share personal data with third parties.

PROSE Group Companies. PROSE AG and all of its group companies may exchange personal data with each other. It is contractually ensured that the handling of personal data within the PROSE Group companies complies with the applicable laws. The disclosure of data may take place for the purposes of the performance of our services, marketing, technical operations, account management or organizational matters.
PROSE employees who need the personal data for their task. All PROSE employees and, if applicable, commissioned third parties are bound by confidentiality obligations as part of their contract. This also includes relevant internal guidelines.
Suppliers assist PROSE in our general internal business operations or in the provision of aspects of our services. Our suppliers are only granted access to personal data to the extent necessary to provide their services and are subject to confidentiality obligations under their service contracts.
External recruiters and related organizations.
Auditors, lawyers, accountants and other professional advisers who advise and assist us in the lawful and effective management of our organisation and in relation to any disputes in which we become involved.
Law enforcement agencies or other government and regulatory agencies and bodies, or other third parties as required by applicable laws or regulations. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Third-party providers according to our PROSE Cookie Notice
Acquirers or interested parties in the acquisition of any business, company or other part of our business or in connection with any reorganization, merger, transfer or other disposition of our business, assets or portions thereof.

We do not allow third parties to use the personal information for their marketing purposes or for any purpose other than in connection with the services they provide to us. Exceptions to this may apply to third-party cookie providers, according to our PROSE Cookie Notice.

Where do we keep your personal data?

The data is generally processed by PROSE and its group companies within the EU, the EEA and Switzerland. In particular, you must expect that your personal data will be transferred to all countries in which PROSE has subsidiaries or locations, as well as to other countries in Europe and outside Europe where service providers commissioned by us and their subcontractors are located.

Switzerland has been recognized by the EU Commission as a country outside the EU and the EEA that ensures sufficient guarantees regarding the protection of your personal data in accordance with Art. 45 GDPR. Similarly, from Switzerland’s point of view, the member states of the EU and the EEA are considered to be states whose legislation ensures adequate protection of your personal data in accordance with Art. 16 para. 1 FADP.

When transferring personal data to countries that do not have a valid adequacy decision from the EU Commission or Switzerland, we will comply with our legal obligations in relation to your personal data, including a lawful basis for the transfer of personal data and putting in place appropriate safeguards to ensure an adequate level of protection for the personal data, or we will rely on one of the legal exceptions such as your consent, the conclusion or execution of the contract, the establishment, exercise or enforcement of legal claims. You can obtain further information about the recipient countries and the measures implemented at the contact address given in this privacy policy.

How long will your personal data be stored?

PROSE stores personal data for as long as the purposes pursued with the processing, the statutory retention periods and the legitimate interests of processing for documentation and evidence purposes require it, or as long as storage is technically necessary. Documentation and evidentiary purposes include PROSE’s interest in documenting operations, interactions, and other facts in the event of legal claims, discrepancies, for IT and infrastructure security purposes, and as evidence of good corporate governance and compliance. Retention can be for technical reasons if certain data cannot be separated from other data and must therefore be stored with them (e.g. in the case of backups or document management systems).

What are your rights?

Subject to the data protection laws applicable to you, you have the right to obtain from the controller access to and rectification or erasure of your personal data or restriction of the processing of your personal data. You can also object to the processing of your personal data. In addition, you may have a right to data portability.

If we have collected and processed your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of the processing carried out by us prior to your withdrawal, nor will it affect the processing of your personal data carried out on the basis of lawful processing grounds other than consent.

Right to lodge a complaint. You have the right to lodge a complaint with the competent supervisory authority:

Switzerland: Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Bern; www.edoeb.admin.ch

Germany: Berlin Commissioner for Data Protection and Freedom of Information: https://www.datenschutz-berlin.de/buergerinnen-und-buerger/beschwerde/einreichen-einer-beschwerde/

Sweden: Integritetsskyddsmyndigheten (IMY): https://www.imy.se/en/

France: Commission Nationale de l’Informatique et des Libertés https://www.cnil.fr/en

Austria: Data Protection Authority Republic of Austria: https://www.dsb.gv.at/Eingabeformular-online/Eingabeformular-online.html

Italy: Italian Data Protection Authority: https://www.garanteprivacy.it/web/garante-privacy-en/home_en

Inquire

Data Subject Request. If you would like access to the personal data we hold about you or if you would like to have your personal data deleted, please send an email to dpo@prose.one. Your request will be processed in due course, and in any event within one month of receipt of such request. If PROSE is only the data processor of your personal data, PROSE will forward your request to the data controller as soon as possible.

Responsible body and representative

The responsible body for the data processing described in this Privacy Policy is the respective PROSE company that is the affected business partner of PROSE in connection with the processing in question. The responsible body for this website is:

PROSE AG, Zürcherstrasse 39, 8400 Winterthur, Switzerland

Representative EU/EEA (Art. 27 GDPR): PROSE GmbH, Colditzstraße 28 Building 7 ed. C, 12099 Berlin

Cookie	Duration	Description
cookielawinfo-checkbox-advertising	1 year	CookieYes set this cookie to store the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-other	1 year	CookieYes sets this cookie to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookielawinfo-checkbox-statistics	1 year	This cookie is set by the GDPR Cookie Consent plugin to store the user consent for the cookies in the category "Statistics".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.