Privacy Policy
1. Scope of Application
provenanceproof.com, its operating company Provenance Proof AG as well as its parent and sister companies (hereinafter referred to as Provenance Proof) provide this Privacy Policy, which outlines the company’s practices in collecting and disclosing personal data. This Privacy Policy applies to all websites that contain a direct link to this Privacy Policy and are under the control of Provenance Proof (hereinafter referred to as the Provenance Proof website). By accessing or using the Provenance Proof website, you consent to the collection and use of your personal data as described in this Privacy Policy.
We undertake to handle your personal data in a responsible manner. We accordingly consider it a matter of course to comply with the legal requirements of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Telecommunications Act (TCA)and other provisions of Swiss data protection law. Regarding personal data of users from the European Union, we also comply with the provisions of the EUGeneral Data Protection Regulation (GDPR).
Please note that the information below may be reviewed and amended from time to time. We therefore recommend that you consult this Privacy Policy on a regular basis. Which specific data are processed and in what way they are used is primarily determined by the agreed services.
This Privacy Policy is an integral part of the Terms of Use, which you can find here.
While you visit the Provenance Proof website or are forwarded to our website, your personal data will be collected and used by us to the following extent and for the following purposes:
2. Description and Scope of Data processing
2.1 PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
Each time the Provenance Proof website is visited, our system automatically records data and information from the computer system of the computer from which the site is visited. In particular, the following data are collected, technically anonymised in each case:
- Information about the type of browser and the version used
- Operating system of the user
- The user’s Internet service provider
- IP address of the userDate and time of access
- Websites from which the user’s system accesses our website
- Websites retrieved by the user’s system via our website
The data are also stored in the log files of our system or third parties. No storage of these data together with other personal data of the user takes place.
2.2 NEWSLETTER
On our website you can subscribe to a free newsletter of Provenance Proof which informs you about new products, Provenance Proof, our publications and so on. When you register for the newsletter, your personal data, which you enter in the input screen, will be transmitted to us and stored. Your consent to this kind of processing of the data is obtained when you submit registration and reference is made to this Privacy Policy.
2.3 SIGNUP
On our website, we offer users the opportunity to sign up for an account by providing personal data. The data you enter into an input screen are transmitted to us and stored. As part of a know your customer (KYC) process, this data may be forwarded to a third party for verification. The processing of this data including the forwarding to a third party qualifies as legitimate interest pursued by Provenance Proof.
If you give your consent to the use of your name, logo, brand or the like as well as your e-mail address and a link to your website for publication as current user, we use the aforementioned data for display on our Websites. However, all intellectual property rights remain with the respective owner of such rights. You may revoke your consent at anytime.
2.4 PERSONAL DATA ENTERED INTO THE BLOCKCHAIN
If you enter data related to a specific gemstone into the Provenance Proof Blockchain, you will have to enter personal data such as your e-mail address and your name. This data will be forwarded to a third party which technically designs and hosts the Provenance Proof Blockchain. The processing of this data including the forwarding to a third party qualifies as legitimate interest pursued by Provenance Proof. Furthermore, this data will remain in the Blockchain. With the approval of the Privacy Policy during the registration process, you consent and acknowledge that this data may not be deleted in accordance with the relevant statutory provisions due to the technical characteristics of the Blockchain technology.
2.5 CONTACT FORM AND E-MAIL CONTACT
A contact form is available on our website, which can be used for making contact electronically. If a user makes use of this option, the data entered in the input screen are transmitted to us and stored. Your consent to the processing of the data is obtained when you send the form and reference is made to this Privacy Policy.
Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transferred by e-mail or the personal data in accordance with the input screen will be stored. E-mail traffic is not encrypted. The risk remains with the user.
No data are forwarded to third parties in this connection. The data will be used exclusively for processing the conversation or for on-site consultation.
3. Cookies/tracking and other technologies relating to the use of our website
3.1. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
The Provenance Proof website uses cookies. Our interest in optimising our website is regarded as legitimate. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. We use cookies to make use of our services more pleasant for you.
We use session cookies to recognise that you have already visited individual pages on our website or that you have already logged into your customer account. These are automatically deleted when you exit our website. Moreover, for the purpose of user friendliness, we use temporary cookies which are stored on your device for a set period of time. If you visit our website again to make use of our services, it will automatically recognise that you have already been there and what settings and inputs you have made so you do not have to re-enter them.
We also use cookies to record statistics on and assess the use of our website so we can optimise our offer for you and to display information specially tailored to you. If you visit our website again, these cookies enable us to detect that you have already visited it before. These cookies are deleted automatically after a set period.
The personal data of the users collected in this way are pseudonymised using technical measures. It is therefore no longer possible for us to assign the data to the visiting user. The data are not stored together with other personal data of the users. When visiting the Provenance Proof website, an information banner informs users about the use of cookies for analysis purposes and draws their attention to this Privacy Policy. In this context, there is also a note on how the storage of cookies can be prevented. If you block cookies, it is possible that not all functions of our website can be used to their full extent.In our newsletters and other marketing e-mails, we include visible and invisible elements to the extent permitted. By retrieving these elements from our servers, we can determine whether and when you have opened the e-mail, so that we can measure and better understand how you use our offers and can tailor them to you. You can block this in your e-mail program; most are preset to do so.
By using our website and consenting to receive newsletters and other marketing e-mails, you consent to the use of these technologies. If you do not want this, you must adjust your browser or e-mail program accordingly.
3.2 GOOGLE ANALYTICS AND OTHER STATISTICAL SERVICES
We use Google Analytics or similar services on our website. This is a third-party service that may be located in any country on earth. In the case of Google Analytics, it is Google LLC in the USA, www.google.com, with which we can measure and analyse the use of our website (not person-specific). Permanent cookies, set by the service provider, are also used for this purpose. The service provider does not receive any personal data from us, but may track your use of the website and combine this information with data from other websites you have visited and which are also tracked by the service provider. The latter can use these findings for its own purposes (e.g. controlling advertising). If you are registered with the service provider, the service provider also recognises you. The service provider’s processing of your personal data is then the responsibility of the service provider in accordance with its privacy policy. The service provider merely informs us how our respective website is used (without any information about you personally).
3.3 SOCIAL MEDIA
We can also use plug-ins from social networks such as Facebook, Twitter, YouTube, Google+ and Instagram on our website. The corresponding buttons/symbols show you when this is the case. We have configured these elements to be disabled by default. If you activate them by clicking on them, the operator of the social network in question can register that you are on our website and where, and can use this information for its purposes. The processing of your personal data is then the responsibility of this operator in accordance with its privacy policy. We do not receive any information about you from it.
4. Purpose and legal basis of data processing
4.1. FOR THE FULFILMENT OF CONTRACTUAL OBLIGATIONS
Data are processed for the performance of our contracts with our customers or for the performance of pre-contractual measures in response to an enquiry. The purposes of data processing are geared primarily to the specific product or service provided by us. The personal data collected in this way will be used for the entire processing of your use of the Provenance Proof services, including any subsequent warranty claims, technical administration, etc.
Further details about data processing purposes can be found in the Terms of Use, the Code of Conduct and the FAQ.
4.2 FOR THE BALANCING OF INTERESTS
Where necessary we process your data above and beyond the actual fulfilment of the contract in order to uphold our own legitimate interests or those of third parties. Examples:
- Consultation and exchange of data with information centres and other third parties (e.g. debt enforcement registers, credit information)
- To examine and optimise requirements analysis methods for the purpose of approaching customers directly
- Advertising or market and opinion research
- To enforce legal claims and as defence in legal disputes
- To safeguard IT security and IT operations
- To prevent and investigate criminal offences
- To conduct measures for the business management and further development of products and services as well as our website
- We also collect personal data from publicly accessible sources for the purpose of customer acquisition.
4.3. ON THE BASIS OF LEGAL REQUIREMENTS OR IN THE PUBLIC INTEREST
We as a company are also subject to various legal obligations in which connection we are obliged to process and store your data.
5. Retention of your personal data
We only store your data for as long as is necessary to use the tracking services in our legitimate interest and to perform the services you have requested or consented to.
We process and store your data for as long as this is necessary for the fulfilment of our contractual and statutory obligations. Please note that according to the law certain data have to be retained for a specific period of time. We block these data in our system and only use them for the fulfilment of legal requirements.
6. Disclosing data to third parties
We only disclose your data to third parties if you have consented to us doing this, we are otherwise legally entitled to do so or if this is necessary for the assertion of our rights. In addition, we may share your personal data with other companies affiliated with Provenance Proof if they agree to treat the data in accordance with this Privacy Policy. Your personal data may also be shared with third parties acting for or on behalf of us so that they may process the data for the purpose(s) for which the data were originally collected or for other legitimate purposes, such as providing services, evaluating the usefulness of this site, marketing purposes, data management or technical support. These third parties have contractually undertaken towards us only to make use of personal data for the agreed purposes, not to sell them to other third parties and not to disclose them to other third parties except when required to do so by law, permitted to do so by us or set out in this Privacy Policy.
Personal data collected from you can also be disclosed to third parties if the business is sold, assigned or transferred in full or in part including the associated customer data. In this case we would oblige the buyer, assignee or transferee to treat personal data in compliance with this Privacy Policy. Personal data can also be disclosed to third parties if we are obliged to do so by law, court order or official regulations or this is necessary to support criminal or judicial investigations or other legal investigations or proceedings in Switzerland or abroad.
7. Transmitting personal data abroad
We are entitled to forward your data to third-party companies abroad if this is necessary for the execution of your orders, legally permissible or you have granted us your consent. If the data protection level in a country is considered inadequate compared with Swiss standards and/or the EU General Data Protection Regulation, we ensure by way of contract that your personal data are at all times protected in accordance with Swiss guidelines and/or the EU General Data Protection Regulation.
8. Security
We deploy adequate technical and organisational security measures that we deem appropriate to protect your data stored by us against manipulation, partial or full loss and unauthorised third-party access. Our security measures are constantly adjusted in line with technological developments. Personal data are transmitted in encrypted form. Absolute protection cannot be guaranteed, but the Provenance Proof website and other systems are protected by technical and organisational measures against loss, destruction, access, alteration or processing of personal data. We also take our own internal data protection very seriously. Our employees and the service providers commissioned by us are sworn to secrecy and compliance with the statutory data protection provisions. They are furthermore only granted access to personal data to the extent that is necessary.
9. Options and rights of data subjects
When using the Provenance Proof website, you have several options. You may choose not to provide any personal data at all by not filling out any such forms or data fields on our website and by not using any of the available personalised services. If you choose to provide personal data, you have a right to access, correct, restrict, delete, transfer and object with regard to your personal data to the extent applicable by law.
9.1. RIGHT TO INFORMATION
You can request confirmation from Provenance Proof as to whether personal data concerning you are processed by us.
If such processing exists, you can request the following information from Provenance Proof:
- the purposes for which the personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipient to whom the personal data concerning you have been or are to be disclosed;
- the planned duration of the storage of the personal data concerning you or, if it is not possible to provide specific details about this, criteria for determining the storage period;
- the existence of a right to correction or deletion of the personal data concerning you, a right to the restriction of processing by the controller or a right of objection against this processing;
- the existence of a right of appeal to a supervisory authority;
- all available information about the origin of the data if the personal data were not collected from the data subject;
- the existence of automated decision-making.
You have the right to request information about whether the personal data concerning you are transmitted to a third-party country or to an international organisation. In this connection you can request to be informed about the suitable guarantees in connection with such transmission.
You acknowledge and agree to the fact that data entered into the Provenance Proof Blockchain may not be corrected or completed or fully deleted due to the technical characteristics of the blockchain technology (e.g. immutability and durability).
9.2. RIGHT OF CORRECTION
You have a right to correction and/or completion vis-à-vis the controller to the extent that the processed personal data concerning you are incorrect or incomplete. Provenance Proof must make the correction immediately.
9.3. RIGHT TO RESTRICTION OF PROCESSING
You can request the restriction of processing of the personal data concerning you under the following conditions, if
- you dispute the correctness of the personal data concerning you for a period that enables Provenance Proof to review the correctness of the personal data;
- the processing is unlawful and you reject deletion of the personal data and instead request the restriction of use of the personal data;
- Provenance Proof no longer requires the personal data for the processing purposes but you require them for the assertion, exercise or defence of legal claims, or
- you have filed an objection to processing and it is not yet clear whether Provenance Proof's legitimate reasons outweigh your reasons.
9.4. RIGHT TO DELETION
You can request from Provenance Proof that the personal data concerning you are immediately deleted and the controller will be obliged to delete such data immediately if one of the following reasons applies:
- The personal data concerning you are no longer required for the purposes for which they were collected or otherwise processed.
- You revoke your consent upon which processing is based and there is no other legal basis for processing.
- You file an objection to processing and there are no overriding legitimate reasons for processing. The personal data concerning you have been unlawfully processed.
If you should have any questions or wish Gübelin Gem Lab Ltd. to change or delete your profile, please inform us of this in writing (by post) at the following address:
Provenance Proof AG
Maihofstrasse 102
6006 Luzern
Switzerland
9.5. RIGHT TO DATA PORTABILITY
You have the right to receive personal data concerning you that you have made available to the controller in a structured, current and machine-readable format. You also have the right to transmit these data to another data controller without obstruction from Provenance Proof to whom the personal data have been made available if
- processing is based on consent or a contract and
- processing takes place by way of automated processes.
9.7. RIGHT TO REVOCATION OF DECLARATION OF CONSENT UNDER DATA PROTECTION LAW
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of processing carried out on the basis of consent up to the time of revocation.
10. Contact address
If you wish to contact us regarding our use of your personal data or to object to the processing of your personal data, please send an e-mail to [email protected] or contact us by post at the following address: Provenance Proof AG, Maihofstrasse 102, 6006 Lucerne, Switzerland. Should you wish to contact us, you should specify the precise data you wish us to correct, update or delete for you. Please enclose an appropriate identification of yourself. Requests for the deletion of personal data are subject to all legal and ethical reporting, archiving or retention obligations applicable to us.
11. Information for children and parents
This website is intended for adult users. It is forbidden for minors, in particular children under the age of 13, to transmit personal data about themselves to us or to register for a service. If we discover that such data have been transmitted to us, they will be deleted from our database. The parent (or legal guardian) of the child may contact us and request deletion or unsubscription. For this purpose we require a copy of an official document that identifies you as a parent or guardian.