Why do we collect personal data?
In general, we collect personal data to make our website and services as consistent, efficient and user-friendly as possible. In particular, we collect personal data and information to:
- Conclude, process, document and settle contracts with our business partners
- Carry out our contractual obligations with you
- Offer and provide our services
- Obtain services from our business partners
- Communicate with you, respond to inquiries and send you newsletters, information about PROSE’s offerings, customer surveys, invitations to events and similar information
- Send you payment reminders and receive payments for our services
- Process applications
- Improve our services and develop new products and services
- Improve the user-friendliness of our website
- Improve and optimize the operation and performance of our website
- Diagnose problems, errors, and security risks on the site
- Prevent and investigate criminal offenses and misuse of our website and services
- comply with applicable laws and regulations, comply with legal and contractual obligations, and enforce or defend against legal claims.
When using our website or services, you have a variety of choices regarding the personal information you share with us. However, parts of our services or the website require certain personal data for the proper performance and use of the functions of the services or the website. Unfortunately, if you do not provide us with the required information, you will not be able to take full advantage of the services or the website.
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. Information on this can be found in our PROSE Cookie Notice.
Whose personal data do we process?
In particular, we collect and process personal data from the following persons:
- Website users: When you browse our website or contact us
- Employees and bodies of customers, partners and suppliers: If the organisation you work for is a recipient of our services or has a business relationship with us, we may process your data, in particular data in emails, telephone conversations or data recorded in related documentation.
- Event participants: If you register for or attend one of our events, we will process personal data about you in connection with your participation in the event.
- Recipients of marketing communications and surveys
- Job applicant
- Employees and contractors
What types of personal data do we process?
As a rule, we process the following personal data:
- E-mail address
- SIP Address
- IP Address
- Company name and business address
- Telephone number
- Information on education and professional experience for job applications
- Content of communication and business relationship with you
- Any other personal data you provide to us
- When you visit our website, we collect additional information, such as your browser type and access times. Further information on cookies can be found in our PROSE Cookie Notice.
When do we collect your information and personal data?
We collect personal information when you:
- Visit our website
- Request quotes for services
- Placing orders for services
- Work for one of our customers, partners or suppliers
- Make payments
- Register for or participate in events
- Apply for a job or send us your CV
- Visit our offices
- Contact us in general
How do we ensure the integrity of your personal data?
We will take all reasonable steps to protect your personal information from misuse, interference and loss, as well as from unauthorized access, alteration or disclosure. In particular, we take the following measures:
- Limiting access to office space and equipment
- Limiting access to personal data
- Limiting access on a strict need-to-know basis
- Maintaining appropriate security measures
- Deletion or anonymization of personal data if required by law
- Signing confidentiality agreements with employees, partners and third parties (e.g. suppliers) to whom we may share your personal data
This list is not exhaustive.
PROSE is ISO 9001 certified. PROSE’s security precautions are constantly being revised and improved based on the latest state of the art.
Who do we share personal data with?
We do not share personal information with third parties except as necessary to fulfil the purpose for which the information was collected, such as to fulfil contractual obligations, respond to your requests, for our legitimate business purposes, or as required by law.
Personal data may be disclosed to or processed by the third parties listed below if it is necessary for the purposes set out above and in accordance with applicable data protection laws. This list is not exhaustive and there may be other circumstances in which we may need to share personal data with third parties.
- PROSE Group Companies. PROSE AG and all of its group companies may exchange personal data with each other. It is contractually ensured that the handling of personal data within the PROSE Group companies complies with the applicable laws. The disclosure of data may take place for the purposes of the performance of our services, marketing, technical operations, account management or organizational matters.
- PROSE employees who need the personal data for their task. All PROSE employees and, if applicable, commissioned third parties are bound by confidentiality obligations as part of their contract. This also includes relevant internal guidelines.
- Suppliers assist PROSE in our general internal business operations or in the provision of aspects of our services. Our suppliers are only granted access to personal data to the extent necessary to provide their services and are subject to confidentiality obligations under their service contracts.
- External recruiters and related organizations.
- Auditors, lawyers, accountants and other professional advisers who advise and assist us in the lawful and effective management of our organisation and in relation to any disputes in which we become involved.
- Law enforcement agencies or other government and regulatory agencies and bodies, or other third parties as required by applicable laws or regulations. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- Third-party providers according to our PROSE Cookie Notice
- Acquirers or interested parties in the acquisition of any business, company or other part of our business or in connection with any reorganization, merger, transfer or other disposition of our business, assets or portions thereof.
We do not allow third parties to use the personal information for their marketing purposes or for any purpose other than in connection with the services they provide to us. Exceptions to this may apply to third-party cookie providers, according to our PROSE Cookie Notice.
Where do we keep your personal data?
The data is generally processed by PROSE and its group companies within the EU, the EEA and Switzerland. In particular, you must expect that your personal data will be transferred to all countries in which PROSE has subsidiaries or locations, as well as to other countries in Europe and outside Europe where service providers commissioned by us and their subcontractors are located.
Switzerland has been recognized by the EU Commission as a country outside the EU and the EEA that ensures sufficient guarantees regarding the protection of your personal data in accordance with Art. 45 GDPR. Similarly, from Switzerland’s point of view, the member states of the EU and the EEA are considered to be states whose legislation ensures adequate protection of your personal data in accordance with Art. 16 para. 1 FADP.
How long will your personal data be stored?
PROSE stores personal data for as long as the purposes pursued with the processing, the statutory retention periods and the legitimate interests of processing for documentation and evidence purposes require it, or as long as storage is technically necessary. Documentation and evidentiary purposes include PROSE’s interest in documenting operations, interactions, and other facts in the event of legal claims, discrepancies, for IT and infrastructure security purposes, and as evidence of good corporate governance and compliance. Retention can be for technical reasons if certain data cannot be separated from other data and must therefore be stored with them (e.g. in the case of backups or document management systems).
What are your rights?
Subject to the data protection laws applicable to you, you have the right to obtain from the controller access to and rectification or erasure of your personal data or restriction of the processing of your personal data. You can also object to the processing of your personal data. In addition, you may have a right to data portability.
If we have collected and processed your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of the processing carried out by us prior to your withdrawal, nor will it affect the processing of your personal data carried out on the basis of lawful processing grounds other than consent.
Right to lodge a complaint. You have the right to lodge a complaint with the competent supervisory authority:
Switzerland: Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Bern; www.edoeb.admin.ch
Germany: Berlin Commissioner for Data Protection and Freedom of Information: https://www.datenschutz-berlin.de/buergerinnen-und-buerger/beschwerde/einreichen-einer-beschwerde/
Sweden: Integritetsskyddsmyndigheten (IMY): https://www.imy.se/en/
France: Commission Nationale de l’Informatique et des Libertés https://www.cnil.fr/en
Austria: Data Protection Authority Republic of Austria: https://www.dsb.gv.at/Eingabeformular-online/Eingabeformular-online.html
Italy: Italian Data Protection Authority: https://www.garanteprivacy.it/web/garante-privacy-en/home_en
Data Subject Request. If you would like access to the personal data we hold about you or if you would like to have your personal data deleted, please send an email to email@example.com. Your request will be processed in due course, and in any event within one month of receipt of such request. If PROSE is only the data processor of your personal data, PROSE will forward your request to the data controller as soon as possible.
Responsible body and representative
PROSE AG, Zürcherstrasse 39, 8400 Winterthur, Switzerland
Representative EU/EEA (Art. 27 GDPR): PROSE GmbH, Colditzstraße 28 Building 7 ed. C, 12099 Berlin