We recognize the importance of your privacy and of transparency in our processing of your personal data.
At V-Labs SA (we, our or V-Labs), we recognize the importance of your privacy and of transparency in our processing of your personal data. This privacy notice (Privacy Notice) informs you on the personal data we collect and process in connection with the provision of our application accessible at the Microsoft Store (the Solution) and/or the services provided through or in connection with the Solution (together with the Solution, our Services), as well as the website accessible under https://v-labs.ch/privacy-policy/ (the Website).
By accessing and using our Services, you expressly acknowledge that we may collect and process your personal data in accordance with this Privacy Notice.
2. Short Version
The following is a summary of (but not a replacement for) this Privacy Notice:
- V-Labs SA is responsible for the processing, as controller, of your personal data. This Privacy Notice, however, only applies to our activities, and not to those of third party providers (even if we link to their services or contents) (see section 3);
- As part of our operation of the Services, we may collect personal data which is provided to us by you, your Organization, or which we collect automatically when you interact with the Services (see section 4);
- We process such personal data in compliance with Swiss laws and other laws applicable to us, mainly for the purpose of providing our Services, in particular to operate the Solution, in accordance with the contract between us and your organization, acting as a processor for your organization, or in some cases, as a controller for our legitimate business operations related to providing those Services. We may also process your personal data to analyze and improve the use of our Services, comply with our legal obligations, and for the other legitimate purposes indicated in this Privacy Notice (see section 7, as well as sections 5 and 6);
- Your personal data is stored in Switzerland and/or in the E.U. We do not share it with third parties or transfer it abroad unless this is both necessary for the operation of our Services and permitted by applicable laws. This may for instance be the case when we use service providers or must interact with third parties to conduct our professional activities. However, some information on the Solution is available publicly or to other users, and thus worldwide (see sections 8 and 10);
- We do not store your personal data for longer than necessary for us to fulfill the purposes set out in this Privacy Notice (see section 11);
- We apply security measures and strive to protect your personal data. However, no IT infrastructure is completely secure and we cannot guarantee that our is (see section 12);
You may contact us (firstname.lastname@example.org) to exercise your rights pertaining to your personal data (see sections 14 and 15).
3. Who is responsible for the processing of your personal data
V-Labs SA, route de la Galaise 34, c/o Fongit, 1228 Plan-les-Ouates, Switzerland, is responsible for the processing, as controller, of your personal data. You will find our contact details below in section 13.
As further detailed in this Privacy Notice, we may process your personal data in connection with the professional Services we provide to your employer, respectively the organization to which you are affiliated in any other way (each an Organization). This Privacy Notice does not govern how your Organization processes your personal data through the Services. You must refer to your Organization’s policies. Please see section 8 below for additional information in this respect.
4. How we collect your personal data
We collect the personal data that you or our customers provide to us when using our Services, for example when you use our Solution, communicate with us, when you create and/or manage your account.
You are only authorized to provide us with personal data relating to you directly, unless you obtain the prior consent of the other individual about whom you want to share information.
It is mandatory that you complete the data fields identified by an asterisk. If one or more mandatory data fields are not completed, we will not be able to provide access to our Services. You are not required to complete the optional data fields in order to access our Services.
We also automatically collect personal data, including by means of tools, web forms and other active elements, as further described in this Privacy Notice.
You may define certain authorizations relating to the automatic collection of your personal data when you configure your device or your internet browser according to available functionalities. For more detailed information, please see section 13.
5. How we process your personal data
We process your personal data by automated means for the purposes indicated in this Privacy Notice and in accordance with applicable law.
We process your personal data in compliance with applicable law, in particular Swiss data protection laws and, to the extent they apply to us, other data protection legislations, such as the EU General Data Protection Regulation (GDPR), using computers or computer tools, in line with the purposes set out in this Privacy Notice.
We do not process your personal data to create a profile about you (profiling).
We do not make decisions exclusively based on an automated processing which have legal effects on the data subjects or affect them significantly (automated individual decision).
We may combine your personal data with other information (aggregate) or erase any information that allows us to identify you (anonymize), so that it is no longer considered personal data under applicable data protection law, in which case this Privacy Notice will no longer apply and we may use such data for purposes not contemplated by this Privacy Notice (e.g. for benchmarking or analytics purposes, or to develop and market new services). You may object to the anonymization or aggregation of your personal data for this purpose at any time (see section 14 below for additional information on your rights).
We take the technical and organizational appropriate security measures to prevent unauthorized access, disclosure, modification, alteration or destruction of your personal data, as specified in section 12 below.
6. On which legal ground do we process your personal data
We will only process your personal data if we have a valid legal ground for doing so. Unless we must process your personal data for one of the reasons listed below, we will process your personal data as data processor for the providing of our Services to our customers (see section 8)
Depending on the processing activity carried out, we will therefore only process your personal data if:
- The processing is necessary to fulfil our contractual obligations to you or to take pre-contractual steps at your request (Contractual Necessity);
This is the case in particular when processing your personal data is strictly required to provide you with the Services, as further specified in section 7 below. When the GDPR applies, Contractual Necessity is based on Article 6(1)(b) GDPR;
- The processing is necessary for the fulfilment of our legitimate interests, and only to the extent that your interests or fundamental rights and freedoms do not require us to refrain from processing (Legitimate Interest);
Our Legitimate Interests include in particular (i) ensuring that our Services are provided in an efficient and secure way (e.g. through internal analysis of the Services’ stability and security, updates and troubleshooting, as well as support services); (ii) improving and developing the Services (including monitoring the use of our Services, and for statistical purposes); (iii) benefiting from cost-effective services (e.g. we may opt to use certain services offered by suppliers rather than undertaking the activity ourselves); and (iv) achieving our corporate goals. When the GDPR applies, Legitimate Interest is based on Article 6(1)(f) GDPR;
- We have obtained your prior consent in a clear and unambiguous manner (Consent);
When the GDPR applies, Consent is based on Article 6(1)(a) GDPR;
- The processing is necessary to comply with our legal or regulatory obligations (Legal Obligation);
Finally, we will process your personal data if we are required by law to do so, as further specified in section 7 below. When the GDPR applies, Legal Obligation is based on Article 6(1)(c) GDPR.
7. Purposes for which we process your personal data
Your personal data is collected and processed for the purpose of operating the Services and for the other legitimate purposes explicitly specified below, only to the extent relevant to achieve these purposes, and is not further processed in a manner that is incompatible with them.
We process your personal data for the following purposes:
We mainly process your personal data to provide the Solution and the Services, based on our Contractual Necessity to do so, including for creating and maintaining a user account, interacting with you and other users (including for allowing other users to view your user’s public content), providing you with the requested information and Services, making the products, goods and Services available on the Solution, as well as for customer and user management purposes.
In addition to the personal data which you provide when logging-in to your account or interacting with the Solution, we automatically collect technical information about your interactions with the Solution, such as IP address, the content that was accessed, date and time of access, information about your web browser, your preferences, or other information related to your interaction with the Solution, including your navigation details on the Solution. We process this data to establish a connection with your device over the internet, to identify you when you use the Solution, control the use of the Solution and manage its stability and security, based on our Legitimate Interest to do so.
Your account information is retained for as long as your account is active. If you suppress your user account, your account information will be deleted or anonymized within 30 days after such an event, unless data must be retained for a valid reason (such as evidentiary or tax purposes). This does not include log files, which are automatically deleted or anonymized 30 days after their collection.
Unless you object to such processing, we may process your personal data, in particular data relating to your use of our Services and your habits and preferences (e.g. the content you accessed, date and time of access and your preferences), for internal analysis and statistical purposes, to better understand the needs of our users, to optimize their experience, and in general to improve the ergonomics and functionality of our Services. You may object to such processing activities at any time (see section 14 below for additional information on your rights).
Data collected in this context is deleted or anonymized at the latest 7 days after its collection.
We may further process your personal data if we have a Legal Obligation to do so or for other Legitimate Interests. This will for instance be the case if we need to disclose certain information to public authorities or retain such information for tax or accounting purposes, or for the establishment, exercise or defense of legal claims.
The personal data that we process for this purpose are those that we collected for one of the purposes indicated elsewhere in this section 7. We retain the personal data for the duration of the legal obligation imposed on us.
In addition to the above, we may process your personal data if we have obtained your prior unambiguous consent for specific purposes. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.
8. Our Operations with Your Organization
If you are an end user of a Service we provide to your Organization, please read the following:
- In the situations described above, our processing of your personal data is governed by a contract between us and your Organization. We will process your personal data as data processor for the provision of our Services to your Organization which is our customer.
- If you would like to make any requests or queries regarding our processing of your personal data on behalf of your Organization, please contact your Organization directly. For example, if you wish to request to access, correct, amend, or delete inaccurate personal data that was originally transmitted by your Organization, please direct your query to your Organization. If we are requested by your Organization to remove your personal data, we will respond to such request in a timely manner upon verification and in accordance with applicable law (for example, 30 days under Swiss law or the GDPR).
- If you have questions about our legitimate business operations in connection with providing Services to your Organization, please contact us as described in section 15.
9. The circumstances in which we share your personal data with third parties
We may share your personal data with third parties if this is necessary for the operation of our Services, if there is a legal obligation or permission to do so, or if there is another valid reason to do so.
We may share your personal data with third parties in connection with the operation of the Services and with subcontractors such as IT service providers, cloud service providers, database providers, automated marketing solutions providers and consultants, including Google Analytics (data analytics tool), Google Maps (web mapping service), Microsoft Azure (cloud infrastructure and web mapping service) and ESRI (GIS-data platform).
If you use a Service provided by an Organization you are affiliated with, we share certain data, such as interaction data and diagnostic data to enable your Organization manage the Services.
Your personal data may also be made available to other users of the Services or to third parties to the extent necessary for the proper operation and provision of the Services, for example for the purpose of accessing geospatial data from your Organization or other sources.
We may also disclose your personal data to third parties where we have a legal obligation to do so or a legitimate interest in doing so.
We may also disclose your personal data where we have a legitimate interest in doing so, for example (i) to respond to a request from a judicial authority or in accordance with a legal obligation; (ii) to bring or defend against a claim or lawsuit; or (iii) in the context of restructuring, in particular if we transfer our assets to another company.
10. International Transfers
Your personal data is stored in Switzerland and/or the European Union, but may in certain circumstances be disclosed in other countries.
We store your personal data on servers located in Switzerland and/or the European Union. We may also store a copy of your personal data near to the geographic location where you reside (e.g. in the U.S. for U.S. users) in order to provide you with a better service.
In principle, we do not transfer your personal data to other countries or make it available there. However, in certain circumstances, in particular in connection with the operations of our subcontractors, your personal data may be made available to recipients located abroad (e.g. Google, Microsoft and ESRI are headquartered in the U.S., from which locations some data may be available). In such cases, we will ensure that suitable safeguards are in place, in accordance with applicable data protection laws, for instance by relying on standard contractual clauses adopted by the European Commission.
Moreover, the information accessible to the public or to other users on the Solution may be accessed worldwide.
If you transmit information and data to us, you are expressly deemed to consent to such data transfers. You may request additional information in this regard and obtain a copy of the relevant safeguards upon request by sending a request to the contact address indicated in section 15 below.
11. How long do we store your personal data?
We will erase or anonymize personal data as soon as it is no longer necessary for us to fulfil the purposes set out in section 7 of this Privacy Notice. This period varies, depending on the type of data concerned and the applicable legal requirements. More information on each type of processing can be found in section 7 above.
Your account information is retained for as long as your account is active. If you suppress your user account, your account information will be deleted or anonymized within 30 days after such an event, unless data must be retained for a valid reason (such as evidentiary or tax purposes). Please note that some information about you may have to be retained for the duration of our contractual relationship with your Organization, even if your account is terminated (see section 8).
In view of the legal obligations incumbent upon us, certain information relating in particular to the contractual relationship must be retained for at least 10 years.
We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep your personal data secure and to prevent unauthorized access to it. We restrict access to your personal data to those persons who need to know it for the purpose described in this Privacy Notice. In addition, we use standard security protocols and mechanisms to exchange the transmission of sensitive data. When you enter sensitive information on our Solution, we encrypt it using Transport Layer Security (TLS) technology.
Although we take appropriate steps to protect your personal data, no IT infrastructure is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.
The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment and this Privacy Notice applies to our use of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk.
If we have reasonable reasons to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify you of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on the Solution).
We use various types of cookies, other analytical tools or similar technologies (collectively, Cookies) in connection with our Website, some of which are capable of automatically processing data on your electronic device and/or of transferring personal data about you to us or third parties.
Cookies are generally divided in four categories:
- Essential Cookies. Some cookies are placed on your electronic devices to make the Solution capable of being used, by providing basic features such as page browsing and accessing secure areas. The Website cannot function properly without this type of Cookies.
- Functionality Cookies. Some Cookies enable the Website to remember choices persons make, for example, username, and language or text size. These cookies are known as “functionality cookies” and help improve a person’s experience of the Website by providing a personalized service.
- Advertising Cookies. These cookies are used to better understand user interests and to display more relevant advertisements.
- Analytics/productivity Cookies. Analytics/productivity Cookies, such as those linked to Google Analytics, help understand how users interact with the Website by anonymously collecting and reporting information.
You will find the list of cookies we use in connection with the Website and their description on [URL Cookie management page].
You can manage Cookies through the settings of your web browser and/or electronic device, as well as through the tools available on the Website.
For more information, please visit the website http://www.allaboutcookies.org. See also the help section of your internet browser or electronic device for more specific instructions about how to manage Cookies.
14. Your rights about the processing of your personal data
You have the right to access your personal data we process and may request that they be removed, updated, or rectified.
If you are using a Service provided by your Organization, you should direct your privacy inquiries relating to our use of your personal data on behalf of your Organization, including any requests to exercise your data protection rights, directly to your Organization’s contact person.
In other cases, you may contact us directly to exercise your rights. Unless otherwise provided by law, you have the right to know whether we are processing your personal data, to know the content of such personal data, to verify its accuracy, and to the extent permitted by law, to request that it be supplemented, updated, rectified or erased. You also have the right to ask us to cease any specific processing of personal data that may have been obtained or processed in breach of applicable law, and you have the right to object to any processing of personal data for legitimate reasons.
By accessing your user account (if you have one), you can review, update, correct or delete the personal data available within your user account.
If you request us to delete your personal data from our systems, we will do so unless we need to retain your data for legal or other legitimate reasons. Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request.
Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent (without such withdrawal affecting the lawfulness of processing made prior to).
The above does not restrict any other rights you might have pursuant to applicable data protection legislation under certain circumstances. In particular, if the GDPR applies to the processing of your personal data the GDPR grants you certain rights as a data subject if the respective requirements are met:
- Right of access (Art. 15 GDPR) – you have the right to access and ask us for copies of your personal data.
- Right to rectification (Art. 16 GDPR) – you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to erasure (Art. 17 GDPR) – you have the right to ask us to erase your personal data in certain circumstances.
- Right to restriction of processing (Art. 18 GDPR) – you have the right to ask us to restrict the processing of your personal data in certain circumstances.
- Right to data portability (Art. 20 GDPR) – you have the right to ask that we transfer in a structured, commonly used and machine-readable format the personal data you gave us to another organization, or to you, in certain circumstances.
- Right to object to processing (Art. 21 GDPR) – you have the right to object to the processing of your personal data which is based on our Legitimate Interests, in certain circumstances. In such case, we will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defense of legal claims.
As a rule, you are not required to pay any charge for exercising your rights and we will respond to your request within one month.
You will find further details of your rights in sections 5 and 7 of this Privacy Notice in connection with each processing activity we perform. If you want to exercise any of your rights, or want additional information about them, please contact us using the contact details listed below (see section 15).
If you are not satisfied with the way in which we process your personal data, you may lodge a complaint with the competent data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, in addition to the rights described above.
Although this is not required, we recommend that you contact us first, as we might be able to respond to your request directly.
15. Contact Us
If you believe your personal data has been used in a way that is not consistent with this Privacy Notice, or if you have any questions or queries regarding the collection or processing of your personal data, please contact us at email@example.com.
16. Updates to this Privacy Notice
This Privacy Notice may be subject to amendments. Any changes or additions to the processing of personal data as described in this Privacy Notice affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you (including by email and/or via the Solution, e.g. banners, pop-ups or other notification mechanisms). If you do not agree to the changes made, you must stop accessing and/or using the impacted Services.
Last updated: 21.12.2021