Privacy Policy FemtoTools AG

1. Responsibility and content of this Privacy Policy

We, FemtoTools AG (Furtbachstrasse 4, 8107 Buchs/ZH, Switzerland, CHE-113.745.251), are the operator of the website www.femtotools.com ("website") as well as your contractual partner in customer relationships. Unless otherwise specified, we are responsible for the data processing listed in this Privacy Policy.
In order to know what personal data we collect from you and for what purposes we use it, please take note of the following information. Regarding data protection, we are primarily guided by the legal requirements of Swiss data protection law, in particular the Swiss Federal Act on Data Protection ("FADP"), as well as the EU General Data Protection Regulation ("GDPR"), the provisions of which may be applicable in individual cases.

2. Contact person for data protection

If you have any questions about data protection or would like to exercise your rights, please contact our data protection contact by sending an email to the following address: privacy@femtotools.com
Alternatively, you can use the following address:
FemtoTools AG
Privacy
Furtbachstrasse 4
8107 Buchs/ZH
Switzerland

3. When you visit our website (log file data)

When you visit our website, the servers of our hosting provider Hostpoint AG, Neue Jonastrasse 60, 8640 Rapperswil-Jona, Switzerland store each access in a log file for a maximum period of 12 months. The following data is collected and stored by us until it is automatically deleted:

• the IP address of the requesting computer
• the date and time of access
• the name and URL of the retrieved file
• the website from which the access was made, with the search term used, if applicable
• the operating system of your device and the browser you are using (including type, version and language setting)
• Device type in case of access by mobile phones
• the city or region from which the access was made, and
• The name of your Internet access provider

This data is processed for the purpose of enabling the use of our website, ensuring system security and stability in the long term, as well as for error and performance analysis. It also allows us to optimize our website.
In the event of an attack on the network infrastructure of the website or in the event of suspicion of other unauthorized or abusive use of the website, the IP address and the other data will be evaluated for clarification and defense and, if necessary, used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned.
For the purposes described above, we have a legitimate interest in data processing within the meaning of art. 6 (1) (f) GDPR.

4. Use of one of our contact options

If you contact us via our contact addresses and channels (e.g., by email or telephone), your personal data will be processed. The data that you have provided to us will be processed, e.g., the name of your company, your name, your function, your email address or telephone number and your enquiry.
We process this data exclusively to respond to your enquiry in the best possible way. The legal basis for this data processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the best possible response to your enquiry or, if your enquiry relates to the establishment or performance of a customer relationship, the performance of a contract within the meaning of art. 6 (1) (b) GDPR.

5. Applications

You can apply to us spontaneously or in response to a specific job advertisement via an email address. We process the following data:

• Name
• Surname
• Email address
• Cover letter
• Curriculum Vitae (CV)
• Certificates and diplomas
• Other files

We will use this and any other information you voluntarily provide to us to assess and process your application. Applications from unsuccessful candidates will be deleted at the end of the application process unless you have expressly consented to a longer retention period, or we are not legally obliged to retain them for a longer period. The legal basis for the review of your application and the handling of the application process is the implementation of pre-contractual measures within the meaning of art. 6 (1) (b) GDPR.

6. Processing in the context of a customer relationship

We process personal data in the context of your customer relationship with us. Among other things, we process the following data:

• Your contact information (e.g., name, address, telephone number, email address)
• Information about the company for which you are contacting us and your role within the company
• Billing and payment information
• Identification and background information you provide to us
• Information you provide to us in order to deal with your enquiry
• More information you provide to us.

We process this data in the context of the provision of our services to interact with you, to process your enquiry in the best possible way for you, to communicate with you, to bill for the services provided, as well as to administer the customer relationship with you.
To the extent necessary for the performance of the contract, we will also disclose the necessary information to third party service providers (e.g., shipping companies).
The legal basis for the processing of personal data for the aforementioned purposes lies in the implementation of pre-contractual measures and the fulfilment of a contract within the meaning of art. 6 (1) (b) GDPR, in the fulfilment of legal obligations in accordance with art. 6 (1) (c) GDPR as well as in our legitimate interest in the goal-oriented and efficient management of the customer relationship within the meaning of art. 6 (1) (f) GDPR.

7. Centralized data storage and marketing

Central data storage
We will store and link the data described in this Privacy Policy, in particular your personal data, your contact details and the data relating to the customer relationship, in a central database if it is possible to make a clear assignment to you. This allows us to manage your information effectively, respond to your requests and provide you with the services you require. The legal basis for this processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the efficient management of data. For this purpose, we use the software Salesforce, Inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States. The legal basis for this processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the use of third-party services.

Newsletter
If you have registered for our email newsletter, we collect the following data, with mandatory information marked accordingly (e.g. with an asterisk):

• Email address
• Name and surname

By registering, you consent to the processing of this data to receive news from us about our company, our offers and related products and services. We will use your data to send emails until you withdraw your consent. You can opt-out at any time using the unsubscribe link in all our newsletter emails.
Our newsletter emails may contain a web beacon or 1x1 pixel or similar technology. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter subscriber. For each newsletter email sent, we receive information about which addresses have not yet received the email, to which addresses it was sent, and to which addresses it failed to be sent. It also shows which addresses opened the email, for how long, and which links they clicked on. Finally, we also receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimize the newsletter emails in terms of frequency, timing, structure and content of the emails. This allows us to better tailor the information in our emails to the individual interests of the recipients.
The web beacon is deleted when you delete the email. To prevent the use of the web beacon in our newsletter emails, please set your email program not to display HTML in messages. Refer to the help sections of your email software for information on how to configure this setting, such as here for Microsoft Outlook.
By subscribing to the newsletter, you also consent to the statistical evaluation of user behavior for the purpose of optimizing and adapting the newsletter. This consent constitutes our legal basis for the processing of the data within the meaning of art. 6 (1) (a) GDPR.
We use the email marketing software Hubspot from Hubspot Inc., 2 Canal Park Cambridge, MA 02141United States for marketing emails. Therefore, your data will be stored in a database of Hubspot which will allow them to access your data. The legal basis for this processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the use of third-party services.

8. Cookies

Cookies are information files that your web browser stores on your device's hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.
Cookies help, among other things, to make your visit to our website easier, more pleasant and more meaningful. We use cookies for various purposes that are technically necessary for you to use the website. For example, cookies perform technical functions necessary for the operation of the website, such as load balancing, i.e., distributing the performance load of the page to different web servers to relieve the servers. Finally, we also use cookies in the design and programming of our website, e.g., to enable the uploading of scripts or code.
The legal basis for this processing is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in providing a user-friendly and up-to-date website.
Most internet browsers automatically accept cookies. Details of the services associated with each cookie and data processing can be found in this Privacy Policy.
You may also be able to configure your browser so that no cookies are stored on your device or that a notification always appears when you receive a new cookie. On the following pages you will find explanations on how to configure the processing of cookies on selected browsers.

Google Chrome
Apple Safari

Disabling cookies may prevent you from using all the features of our website.

9. Disclosure of data to third parties

Without the support of other companies, we would not be able to provide our services in the desired form and efficiently. In order to be able to use the services of these other companies, it is also necessary to disclose your personal data to a certain extent. Such disclosure takes place, in particular, insofar as this is necessary for the performance of the customer relationship. The legal basis for these transfers is the performance of the contract within the meaning of art. 6 (1) (b) GDPR.
The data will also be passed on to selected service providers and only to the extent necessary for the provision of the service. Various third-party service providers are already explicitly mentioned in this Privacy Policy. These are, for example, IT service providers (such as providers of software solutions) or advertising agencies. The legal basis for this data transfer is our legitimate interest within the meaning of art. 6 (1) (f) GDPR in the procurement of third-party services.
In addition, your data may be passed on, to payment providers, authorities or lawyers, if this is necessary for the performance of the customer relationship, if we are legally obliged to do so or if this is necessary to safeguard our rights, in particular to enforce claims arising from the relationship with you. Data may also be shared if another company intends to acquire our company or any part of it and such disclosure is necessary to conduct due diligence or to complete the transaction. Our legitimate interest within the meaning of art. 6 (1) (f) GDPR in safeguarding our rights and complying with our obligations or selling our company forms the legal basis for this data transfer.

10. Transfer of personal data abroad

We are entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing specified in this Privacy Policy. Of course, the legal requirements on the disclosure of personal data to third parties are complied with. If the country in question does not have an adequate level of data protection, we ensure that your data is adequately protected by these companies by means of contractual arrangements.

11. Retention periods

We only store personal data for as long as it is necessary to carry out the processing described in this Privacy Policy within the scope of our legitimate interest. In the case of contract data, storage is prescribed by statutory retention obligations. Requirements that oblige us to retain data result from the provisions on accounting and tax regulations. According to these regulations, business communications, concluded contracts and accounting documents must be retained for up to 10 years. The data will be deleted or anonymized as soon as there is no longer any obligation to retain it and there is no longer a legitimate interest in storing it.

12. Data security

We use appropriate technical and organizational security measures to protect your personal data stored by us against loss and unlawful processing, in particular unauthorized access by third parties. Our employees and service providers are bound by us to maintain confidentiality and privacy. They will only have access to personal data to the extent necessary to perform their duties.
Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot guarantee the security of information transmitted in this way.

13. Your rights

Provided that the legal requirements are met, you as a data subject have the following rights:

• Right of access: You have the right to request access to your personal data stored by us at any time, free of charge, when we process it. This gives you the opportunity to verify which personal data we process about you and that we use it in accordance with applicable data protection regulations.
• Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned about the adjustments made, unless this is impossible or involves disproportionate effort.
• Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, in particular in the case of statutory retention obligations, the right to deletion may be excluded. In this case, if the conditions are met, the deletion may be replaced by a blocking of the data.
• Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.
• Right to data portability: You have the right to receive from us personal data that you have provided to us free of charge in a readable format.
• Right to object: You can object to data processing at any time.
• Right of revocation: In principle, you have the right to revoke your consent at any time. However, processing activities based on your consent in the past do not become unlawful as a result of your revocation.
• Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g., against the way in which your personal data is processed.

To exercise these rights, please use the contact options under Section 2.

Updated: January 2024