We recognise the importance of your privacy and of transparency in our processing of your personal data.
This privacy notice (Privacy Notice) informs you on the personal data we collect when you access and use our Solution, and how we process it.
By accessing and using the Solution, you expressly acknowledge that we may collect and process your personal data in accordance with this Privacy Notice.
Lightly AG is responsible for the processing of your personal data through the webpage. You will find our contact details below in Section 13.
We collect the personal data that you or our users provide to us.
We collect the personal data that you provide to us when you use the Solution and/or services provided through the Solution, for example when you create and/or access your account, when you subscribe to our newsletter, or upload datasets (Datasets).
If you are not a user of the Solution, we may also collect the personal data contained in the Datasets.
Some information is mandatory and some is optional.
It is mandatory that you complete the data fields identified by an asterisk. If one or more mandatory data fields are not completed, we will not be able to provide access to the Services. You are not required to complete the optional data fields in order to access the services provided through the Solution.
Certain personal data are also collected in an automated manner.
We may also automatically collect personal data, including by means of tokens, cookies and other active elements, as further described in this privacy notice.
You may define certain authorisations relating to the automatic collection of your personal data when you configure your device [or your internet browser] according to available functionalities. You may also define certain settings for the automated collection of your personal data through the cookies setting plugin available on the Solution. For more detailed information, please see the cookie section below in section 11 of this Privacy Notice.
We may process your personal data by automated means, for the purposes indicated in this Privacy Notice and in accordance with applicable law.
We process your personal data in accordance with applicable law, in particular Swiss data protection law, and if applicable the UE General Data Protection Regulation, using computers or computer tools, in line with the purposes set out in this Privacy Notice.
We do not take decisions exclusively on the basis of an automated processing which have legal effects on the data subject or affects him significantly (automated individual decision) and do not process your personal data to create a profile about you.
We may process your personal data to erase any information that allows us to identify you (anonymisation) and we may then use such anonymous data for purposes not contemplated by this Privacy Notice (including for data mining, benchmarking, analytics purposes, or developing and marketing new services). You may object to the anonymisation of your persona data for this purpose at any time.
We process your personal data only if we have a valid legal ground to do so.
We will only process your personal data if we have a valid legal ground for doing so. Depending on the processing in question, we will only process your personal data if:
Finally, we may process your personal data if we are required by law to do so as further specified in section 6 below.
If you are not a customer or user of our Solution, we may also process your personal data contain in our customers' Datasets, as data processor for the providing of our Services to our customers. This Privacy Notice does not address how our customer uses your personal data.
We process your personal data only if we have a valid legal ground to do so.
Your personal data is collected and processed for the purpose of operating the Solution and for other clearly identified purposes at the time of collection, only to the extent relevant to achieve these purposes.
This includes:
To operate the Solution and provide the related Services
We mainly process your personal data to provide the Solution and the Services, based on our Contractual Necessity to do so, including for creating and maintaining a user account, providing you with requested information and Services, as well as for customer and user management purposes (including processing payments).
In addition to the personal data which you provide us with when logging-in to your account or interacting with the Solution, we automatically collect technical information about your interactions with the Solution, such as a unique user ID, IP address, the content that was accessed, date and time of access, information about your web browser, your preferences, or other information related to your interaction with the Solution, including your navigation details on the Solution.
We process this data to establish a connection with your device over the Internet, to identify you when you use the Solution, control use of the Solution and manage its stability and security, based on our Legitimate Interest.
Your account information is retained as long as your account is active. If you suppress your user account, your account information will be deleted or anonymised within [30] days after such event, unless data must be retained for a valid reason. Log files are generally deleted or anonymised [30] days after their collection, unless we must retain them for a valid reason.
To process orders and payments
To subscribe and pay for Services, you must provide the information requested from you. Depending on the payment method select, you will be redirected to the website of an online payment provider which is responsible for processing the payment, such as Stripe. We transmit to these third parties only the data necessary for the operations they perform.
The processing of billing data is based on our Contractual Necessity to provide you with the requested goods and Services. We are also required by law to store certain information such as invoices, contracts and other information relevant to accounting for a certain period of time (generally for 10 years). Data relating to uncompleted orders is stored for 3 months and then deleted.
To contact you and respond to your queries
You have the option of contacting us via the Solution, by e-mail or post. In this context, we process the data which you provide to us (including your contact information and the subject-matter of the request).
This data is used for the purpose of providing you with the requested information and services, based on our Contractual Necessity.
The retention period depends on the reason for your request and its context. Requests relating to orders shall be retained for the period specified for orders. Other requests are, as a rule, be retained for 3 months, unless there are legal grounds for retaining them.
We may disclose your personal data to third parties if this is necessary for the operation of the Solution or to comply with a legal obligation.
We may disclose your personal data to third parties if this is necessary for the operation of the Solution or to comply with a legal obligation.
We may disclose your personal data to third parties in connection with the operation of the Solution, and to subcontractors such as IT service providers, including Amazon Web Services (hosting provider), Auth0 (authentication services), Mixapanel, Fullstory, Hotjar, and Google Analytics (data analytics).
We may also enable you to use third-party services directly from the Solution, in particular through the social plug-ins of Google LLC; Facebook, Inc.; LinkedIn Corporation; Twitter; and Microsoft Corporation, in which case you acknowledge that third-party operators of such services may access some of your personal data related to the Solution.
In the above contexts, our Solution may contain links to other websites. This Privacy Notice applies only to our actions and does not apply, in particular, to the practices of third-party companies, individuals, or any other websites that may be referenced on the Solution.
We may disclose your personal data to third parties if this is necessary for the operation of the Solution or to comply with a legal obligation.
Your personal data is stored in Switzerland and/or the European Union, but may in certain circumstances be disclosed in other countries.
We store your personal data on servers located in Switzerland and/or the European Union.
In certain circumstances, your personal data may be made available to recipients located abroad, including without limitation from the U.S. In such cases, we will ensure that suitable safeguards are in place, in accordance with applicable data protection laws.
If you transmit information and data to us, you are expressly deemed to consent to such data transfers.
Your personal data is stored in Switzerland and/or the European Union, but may in certain circumstances be disclosed in other countries.
We store your personal data on servers located in Switzerland and/or the European Union.
In principle, we do not transfer your personal data to other countries or make them available there. However, in certain circumstances, in particular in connection with the operations of our subcontractors, your personal data may be made available to recipients located abroad, including without limitation from the U.S. In such cases, we will ensure that suitable safeguards are in place, in accordance with applicable data protection laws, for instance by relying on standard contractual clauses adopted by the European Commission.
If you transmit information and data to us, you are expressly deemed to consent to such data transfers.
You may request additional information in this regard and obtain a copy of the relevant safeguards upon request by sending a request to the contact address indicated in section 13 below.
Your personal data will not be stored longer than necessary.
We will erase or anonymise personal data as soon as it is no longer necessary for us to fulfil the purposes set out in section 6 of this Privacy Notice. This period varies, depending on the type of data concerned and the applicable legal requirements. If you suppress your user account, we will delete your personal data within 30 days after such event, unless data must be retained for a valid reason.
In view of the legal obligations incumbent upon us, certain information relating in particular to the contractual relationship must be retained for at least 10 years.
We maintain physical, technical and procedural safeguards to keep secure your personal data.
We maintain physical, technical and procedural safeguards to keep secure your personal data. We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. We restrict access to your personal data to those persons who need to know it for the purpose described in this Privacy Notice. When you enter sensitive information on our site, we encrypt it using Transport Layer Security (TLS) technology.
Although we take appropriate steps to protect your personal data, no IT solution is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.
The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment and this Privacy Notice applies to your use and disclosure of your personal data once it is under our control only.
If we have reasonable reasons to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify you of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on the Solution).
We use Cookies, other analytical tools and similar technologies in connection with the Solution.
We use Cookies, other analytical tools and similar technologies in connection with the Solution. We use various types of cookies, other analytical tools or similar technologies (collectively, Cookies), some of which are capable of automatically processing data on your electronic device and/or of transferring personal data about you to us or third parties.
These technologies are generally used to monitor and analyse your interactions with the Solution and/or to enable us to improve the Solution and its functionalities, including customising the Solution and related services, depending on your interactions. We may also use Cookies to measure and monitor the traffic and use of the Solution and its performance.
Our use of cookies may vary depending on the section or functionalities of the Solution you access.
You can manage Cookies through the settings of your web browser and/or electronic device, as well as through the interface available on the Solution.
If you do not want Cookies to be stored on your electronic device, you can configure your internet browser or electronic device to refuse and/or restrict them. However, some Cookies are essential to the functioning of the Solution, and it may operate differently if you refuse or completely restrict Cookies.
For more information, please visit the website http://www.allaboutcookies.org. You can also see the help section of your internet browser or electronic device for more specific instructions on how to manage Cookies.
You have the right to access your personal data we process and may request without limitation that they be removed, updated, or rectified.
Unless otherwise provided by law, you have the right to know whether we are processing your personal data. You may contact us to know the content of such personal data, to verify its accuracy, and to the extent permitted by law, to request that it be supplemented, updated, rectified or erased. You also have the right to ask us to cease any specific processing of personal data that may have been obtained or processed in breach of applicable law, and you have the right to object to any processing of personal data for legitimate reasons.
If you would like us to delete your personal data from our system, please send a request pursuant to the contact details below and your request will be accommodated unless we have a legal obligation to retain the record. Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request.
Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent. If the European General Data Protection Regulation (GDPR) applies to the processing of your personal data, the GDPR grants you certain rights as a data subject if the respective requirements are met:
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
You have the right to lodge a complaint with the competent authority.
If you are not satisfied with the way in which we process your personal data, you may lodge a complaint with the competent data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, in addition to the rights described above.
We have appointed a Chief Privacy Officer. If you believe your personal data has been used in a way that is not consistent with this policy, or if you have any questions or queries regarding the collection or processing of your personal data, please contact us at Igor Susmelj, dataprotection@lightly.ai.
This Privacy Notice may be subject to amendments, in particular with to adapt it to any new commercial or technological practice or change in law, in which we will inform you by any appropriate means, including by email and/or the Solution (e.g. banners, pop-ups or other notification mechanisms). If you do not agree to the changes made, you must stop accessing and/or using the Solution.
