1. Scope of Application
We undertake to handle your personal data in a responsible manner. We accordingly consider it a matter of course to comply with the legal requirements of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Telecommunications Act (TCA)and other provisions of Swiss data protection law. Regarding personal data of users from the European Union, we also comply with the provisions of the EUGeneral Data Protection Regulation (GDPR).
While you visit the Provenance Proof website or are forwarded to our website, your personal data will be collected and used by us to the following extent and for the following purposes:
2. Description and Scope of Data processing
2.1 PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
Each time the Provenance Proof website is visited, our system automatically records data and information from the computer system of the computer from which the site is visited. In particular, the following data are collected, technically anonymised in each case:
- Information about the type of browser and the version used
- Operating system of the user
- The user’s Internet service provider
- IP address of the userDate and time of access
- Websites from which the user’s system accesses our website
- Websites retrieved by the user’s system via our website
The data are also stored in the log files of our system or third parties. No storage of these data together with other personal data of the user takes place.
On our website, we offer users the opportunity to sign up for an account by providing personal data. The data you enter into an input screen are transmitted to us and stored. As part of a know your customer (KYC) process, this data may be forwarded to a third party for verification. The processing of this data including the forwarding to a third party qualifies as legitimate interest pursued by Provenance Proof.
If you give your consent to the use of your name, logo, brand or the like as well as your e-mail address and a link to your website for publication as current user, we use the aforementioned data for display on our Websites. However, all intellectual property rights remain with the respective owner of such rights. You may revoke your consent at anytime.
2.4 PERSONAL DATA ENTERED INTO THE BLOCKCHAIN
2.5 CONTACT FORM AND E-MAIL CONTACT
Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transferred by e-mail or the personal data in accordance with the input screen will be stored. E-mail traffic is not encrypted. The risk remains with the user.
No data are forwarded to third parties in this connection. The data will be used exclusively for processing the conversation or for on-site consultation.
3. Cookies/tracking and other technologies relating to the use of our website
3.1. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
We use session cookies to recognise that you have already visited individual pages on our website or that you have already logged into your customer account. These are automatically deleted when you exit our website. Moreover, for the purpose of user friendliness, we use temporary cookies which are stored on your device for a set period of time. If you visit our website again to make use of our services, it will automatically recognise that you have already been there and what settings and inputs you have made so you do not have to re-enter them.
By using our website and consenting to receive newsletters and other marketing e-mails, you consent to the use of these technologies. If you do not want this, you must adjust your browser or e-mail program accordingly.
3.2 GOOGLE ANALYTICS AND OTHER STATISTICAL SERVICES
3.3 SOCIAL MEDIA
4. Purpose and legal basis of data processing
4.1. FOR THE FULFILMENT OF CONTRACTUAL OBLIGATIONS
Data are processed for the performance of our contracts with our customers or for the performance of pre-contractual measures in response to an enquiry. The purposes of data processing are geared primarily to the specific product or service provided by us. The personal data collected in this way will be used for the entire processing of your use of the Provenance Proof services, including any subsequent warranty claims, technical administration, etc.
4.2 FOR THE BALANCING OF INTERESTS
Where necessary we process your data above and beyond the actual fulfilment of the contract in order to uphold our own legitimate interests or those of third parties. Examples:
- Consultation and exchange of data with information centres and other third parties (e.g. debt enforcement registers, credit information)
- To examine and optimise requirements analysis methods for the purpose of approaching customers directly
- Advertising or market and opinion research
- To enforce legal claims and as defence in legal disputes
- To safeguard IT security and IT operations
- To prevent and investigate criminal offences
- To conduct measures for the business management and further development of products and services as well as our website
- We also collect personal data from publicly accessible sources for the purpose of customer acquisition.
4.3. ON THE BASIS OF LEGAL REQUIREMENTS OR IN THE PUBLIC INTEREST
We as a company are also subject to various legal obligations in which connection we are obliged to process and store your data.
5. Retention of your personal data
We only store your data for as long as is necessary to use the tracking services in our legitimate interest and to perform the services you have requested or consented to.
We process and store your data for as long as this is necessary for the fulfilment of our contractual and statutory obligations. Please note that according to the law certain data have to be retained for a specific period of time. We block these data in our system and only use them for the fulfilment of legal requirements.
6. Disclosing data to third parties
7. Transmitting personal data abroad
We are entitled to forward your data to third-party companies abroad if this is necessary for the execution of your orders, legally permissible or you have granted us your consent. If the data protection level in a country is considered inadequate compared with Swiss standards and/or the EU General Data Protection Regulation, we ensure by way of contract that your personal data are at all times protected in accordance with Swiss guidelines and/or the EU General Data Protection Regulation.
We deploy adequate technical and organisational security measures that we deem appropriate to protect your data stored by us against manipulation, partial or full loss and unauthorised third-party access. Our security measures are constantly adjusted in line with technological developments. Personal data are transmitted in encrypted form. Absolute protection cannot be guaranteed, but the Provenance Proof website and other systems are protected by technical and organisational measures against loss, destruction, access, alteration or processing of personal data. We also take our own internal data protection very seriously. Our employees and the service providers commissioned by us are sworn to secrecy and compliance with the statutory data protection provisions. They are furthermore only granted access to personal data to the extent that is necessary.
9. Options and rights of data subjects
When using the Provenance Proof website, you have several options. You may choose not to provide any personal data at all by not filling out any such forms or data fields on our website and by not using any of the available personalised services. If you choose to provide personal data, you have a right to access, correct, restrict, delete, transfer and object with regard to your personal data to the extent applicable by law.
9.1. RIGHT TO INFORMATION
You can request confirmation from Provenance Proof as to whether personal data concerning you are processed by us.
If such processing exists, you can request the following information from Provenance Proof:
- the purposes for which the personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipient to whom the personal data concerning you have been or are to be disclosed;
- the planned duration of the storage of the personal data concerning you or, if it is not possible to provide specific details about this, criteria for determining the storage period;
- the existence of a right to correction or deletion of the personal data concerning you, a right to the restriction of processing by the controller or a right of objection against this processing;
- the existence of a right of appeal to a supervisory authority;
- all available information about the origin of the data if the personal data were not collected from the data subject;
- the existence of automated decision-making.
You have the right to request information about whether the personal data concerning you are transmitted to a third-party country or to an international organisation. In this connection you can request to be informed about the suitable guarantees in connection with such transmission.
You acknowledge and agree to the fact that data entered into the Provenance Proof Blockchain may not be corrected or completed or fully deleted due to the technical characteristics of the blockchain technology (e.g. immutability and durability).
9.2. RIGHT OF CORRECTION
You have a right to correction and/or completion vis-à-vis the controller to the extent that the processed personal data concerning you are incorrect or incomplete. Provenance Proof must make the correction immediately.
9.3. RIGHT TO RESTRICTION OF PROCESSING
You can request the restriction of processing of the personal data concerning you under the following conditions, if
- you dispute the correctness of the personal data concerning you for a period that enables Provenance Proof to review the correctness of the personal data;
- the processing is unlawful and you reject deletion of the personal data and instead request the restriction of use of the personal data;
- Provenance Proof no longer requires the personal data for the processing purposes but you require them for the assertion, exercise or defence of legal claims, or
- you have filed an objection to processing and it is not yet clear whether Provenance Proof's legitimate reasons outweigh your reasons.
9.4. RIGHT TO DELETION
You can request from Provenance Proof that the personal data concerning you are immediately deleted and the controller will be obliged to delete such data immediately if one of the following reasons applies:
- The personal data concerning you are no longer required for the purposes for which they were collected or otherwise processed.
- You revoke your consent upon which processing is based and there is no other legal basis for processing.
- You file an objection to processing and there are no overriding legitimate reasons for processing. The personal data concerning you have been unlawfully processed.
If you should have any questions or wish Gübelin Gem Lab Ltd. to change or delete your profile, please inform us of this in writing (by post) at the following address:
Provenance Proof AG
9.5. RIGHT TO DATA PORTABILITY
You have the right to receive personal data concerning you that you have made available to the controller in a structured, current and machine-readable format. You also have the right to transmit these data to another data controller without obstruction from Provenance Proof to whom the personal data have been made available if
- processing is based on consent or a contract and
- processing takes place by way of automated processes.
9.7. RIGHT TO REVOCATION OF DECLARATION OF CONSENT UNDER DATA PROTECTION LAW
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of processing carried out on the basis of consent up to the time of revocation.
10. Contact address
If you wish to contact us regarding our use of your personal data or to object to the processing of your personal data, please send an e-mail to email@example.com or contact us by post at the following address: Provenance Proof AG, Maihofstrasse 102, 6006 Lucerne, Switzerland. Should you wish to contact us, you should specify the precise data you wish us to correct, update or delete for you. Please enclose an appropriate identification of yourself. Requests for the deletion of personal data are subject to all legal and ethical reporting, archiving or retention obligations applicable to us.
11. Information for children and parents
This website is intended for adult users. It is forbidden for minors, in particular children under the age of 13, to transmit personal data about themselves to us or to register for a service. If we discover that such data have been transmitted to us, they will be deleted from our database. The parent (or legal guardian) of the child may contact us and request deletion or unsubscription. For this purpose we require a copy of an official document that identifies you as a parent or guardian.