Data privacy
Effective Date: January, 2024
Zurich
Chili Digital AG
Klausstrasse 43
CH-8008 Zürich
Switzerland
Ljubljana
Chili Digital in Ljubljana
Cesta na Vrhovce 5c
1000 Ljubljana
Slovenia
Authorised representatives
Roger Meili, CEO
Commercial register
CHE-113.780.224
UID
CHE-113.780.224
This privacy policy (the “Privacy Policy”) describes the types of Personal Data ChiliDigital AG (“chili.ch”, “we”, “us”, or “our”) may collect from all visitors and Subscribers (“User“, “you”, or “your“) or that you may provide to us when accessing and using the Platform. It also describes our policies and procedures on the collection, use, maintenance, protection, and disclosure of your Personal Data when you access and use the Platform and tells you about your privacy rights and the choices you may have with respect to your Personal Data.
Please read this Privacy Policy carefully before accessing and using the Platform to understand our policies and procedures regarding your Personal Data and how we will treat it.
Capitalized terms not otherwise defined herein have the meaning set forth in our Terms and Conditions, which is hereby incorporated by reference.
When you use the Integrations, we process Personal Data as a processor under the direction of our Subscribers. Our Subscribers, as data controllers, are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to collecting their customers’ Personal Data using the Integrations. Please see our Data Processing Agreement for more information.
Acceptance
By accessing and using our Platform, you agree to the collection and use of your Personal Data in accordance with this Privacy Policy. If you do not agree with our policies and procedures, please do not use the Platform or access or use any of our Integrations.
Updates
We reserve the right to modify this Privacy Policy at any time by posting an updated Privacy Policy on the Site. If we make changes, we will notify you by revising the date at the top of the policy. If we make any material changes, we may provide you with notice on the Platform and we may also, at our sole discretion, provide active Subscribers with an email notice of those changes. You are responsible for regularly reviewing this Privacy Policy and your continued use of the Platform after we make changes is deemed to be acceptance of the updated Privacy Policy. If any modification is unacceptable to you, you shall cease using the Platform and any Integrations to which you have subscribed. If you have any questions about this Privacy Policy, or if you wish to exercise any of your rights under this Privacy Policy, you may contact us at support@chili.ch
1. Personal Data We Collect About You
In order to provide the Site and our Integrations, we may collect Personal Data from you. “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
ChiliDigital AG collects Personal Data from the following categories of sources: (a) directly from you; (b) indirectly/automatically from you; (c) from our Subscribers using an Integration; and (d) third-parties.
1.1 Personal Data We Collect Directly From You
While you are accessing or using our Platform, including our Integrations, we may ask you to provide us with certain Personal Data about you that is necessary to provide you with our Integrations and you may also choose to provide us with additional Personal Data.
You may also provide us with information about you at the time of providing Feedback, subscribing to our Integrations, or requesting customer support, which may include the following:
1.1.1 Contact information: first and last name, email address, billing address,mailing address, business address, and telephone number;
1.1.2 Categories of Personal Data: name; address; and telephone number;
1.1.3 Business information: business name and address;
1.1.4 Payment information: our third-party Payment Processor may also collect your credit card number information and provide us with your name, type of service purchased, the date and time of the transaction;
1.1.5 Account information: username and password, display name, account activity, and other files you record or upload to your account;
1.1.6 Mobile Device Information: we may access and receive information that you provide us access to;
1.1.7 Communication information: any content of any communications you send and/or receive through the Platform or through other communication, such as email, to or from us;
1.1.8 Customer Testimonials: any customer testimonials and comments on our Platform, which you provide us through consent; and
1.1.9 Feedback and Support: information you provide through our customer service helpdesk, including subjects, descriptions, request type, and attachments.
We will not ask or require you to provide sensitive information such as information related to your finances, health, marital status, or any other information not required to provide the Platform or the Integrations. We will not ask for, and you should not provide us with, information regarding protected classifications, including: race, color, religion, national origin, age, sex/gender, gender identity, sexual orientation, marital status, medical condition and disability information, as described under the appropriate state or federal law.
1.2 Information We Automatically Collect From You
While you are accessing and using our Platform, we may automatically collect certain information from you. This information may include, but is not limited to:
1.2.1 Your device’s internet protocol address (e.g. IP address), browser type and version;
1.2.2 Access date and time, pages of our Site that you visit and the time spent on those pages, and other actions while using the Site;
1.2.3 Geolocation data, such as the precise or approximate location determined from your IP address;
1.2.4 When you access the Platform by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data;
1.2.5 Information about the device you use to access our Platform, including the hardware model, the type of mobile you use, operating system and version, unique device identifiers, cookie data;
1.2.6 Other diagnostic data.
The information we automatically collect from you is only statistical data and does not include Personal Data, but we may maintain it or associate it with Personal Data we collect in other ways to help us improve our Platform and deliver a better and more personalized service. We use these technologies for a number of purposes, including to enable you to use the Platform, facilitate the functioning of and your access to the Services, to better understand how you navigate through the Platform, and to detect and prevent fraud.
The technologies we may use for this automatic data collection may include:
Cookies (or browser cookies). Cookies are small files placed on the hard drive of your computer when you access certain websites that record your preferences. We use cookies to track use of and improve our Platform. Examples of Cookies we use: (a) Session Cookies (to operate our Platform); (b) Preference Cookies (to remember your preferences and various settings); and Security Cookies (for security purposes).
Flash Cookies. Certain features of our Platform may use local stored objects (or Flash Cookies) to collect and store information about your preferences and/or your activity on our Platform.
Web Beacons. Certain sections of our Platform and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, single-pixel gifs) that permit us to determine whether you performed a specific action, for example, if you visited our Platform or opened an email.
1.3 Third-Party Use of Cookies
Some content or applications on the Platform are served by third-parties, including payment processors, and content and application providers. These third-parties may use cookies, web beacons or other tracking technologies to collect information about you when you access or use our Platform including our Integrations. The information they collect may be associated with your Personal Data and/or they may collect information related to your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third-parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For more information about how you can opt out of receiving targeted advertising from many providers, see the Network Advertising Initiative’s opt-out page and Google Ads setting page.
Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. We use Google Analytics as a third party tracking service, but we don’t use it to track you individually or collect your Personal Data. We use Google Analytics to collect information about how our Site performs and how our users navigate through and use the Site. This information helps us evaluate our users’ use of the Site and improve our Site performance.
Google Analytics gathers certain non-personally identifying information over time, such as your IP address, browser type, internet service provider, referring and exit pages, timestamp, and similar data about your use of the Site. We do not link this information to any of your Personal Data such as your username. Google provides further information about its own privacy practices and offers a browser add-on to opt out of Google Analytics tracking. You can access Google Analytics’ privacy policy here.
Google Ads (AdWords). We use remarketing services to advertise on third party websites to you after you visited our Platform. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Platform. Google Ads (AdWords) remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page. Google also recommends installing the Google Analytics Opt-out Browser Add-on for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.
1.4 Personal Data We Collect from Our Subscribers
When Subscribers use our Integrations, they may collect Personal Data such as first and last name, email address, physical address, phone number, or other information about you. We call the information that our Subscribers submit or collect via the Integrations ‘Customer Data’ under our Terms and Conditions.
We do not control the types of Personal Data that our Subscribers may choose to collect or manage using the Integrations. We may store Customer Data on our service providers’ servers but process it as a processor under our Subscribers’ instructions and in accordance with our Terms and Conditions and Data Processing Agreement, which prohibit us from using the information except as necessary to provide and improve our Platform including our Integrations and as required by law.
Our Subscribers control and are responsible for correcting, deleting, or updating the Personal Data they process using the Integrations and for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the Personal Data to us for processing purposes.
1.5 Personal Data We Collect from Third Parties
We may collect Personal Data about you from other sources, including but not limited to (i) Third-Party Services that you use to link or connect with our Integrations, such as HubSpot Inc., Microsoft, Inc., and Tableau Software, LLC; (ii) service providers, analytics companies, advertising networks, and other third parties that, to the extent permitted by applicable law, provide us with additional information about you.
The information that we collect from Third-Party Services may include your username, account name, email address, phone number, business name, physical address, and other information used to connect such Third-Party Services with one or more of our Integrations.
Database Sync for HubSpot by ChiliDigital AG use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
2. How We Use Your Personal Data
We use the Personal Data you provide or we collect:
2.1 To present our Platform to you;’
2.2 To provide and maintain the functionality of the Platform, including to monitor the usage of our Site and our Integrations;
2.3 To notify you about changes to our Site or Integrations;
2.4 To allow you to participate in interactive features of our Platform when you choose to do so;
2.5 To provide customer support;
2.6 To create and manage your chilidatahub.ch, chilidatawarehouse.ch, chilidocs or other product related User Account;
2.7 To allow you to log into the Platform;
2.8 To process payments for Integrations you order through the Platform;
2.9 To provide you with news, special offers, and general information about other goods, services, and events that we offer that are similar to those you have already purchased or enquired about, unless you have opted not to receive such information;
2.10 For our internal business purposes, such as data analysis, audits, and so forth;
2.11 To gather analysis or valuable information so that we can improve our Platform;
2.12 To fulfill our obligations and enforce our rights arising from any contracts you entered with us;
2.13 To monitor the usage of our Site and our Integrations;
2.14 To detect security incidents and protect against deceptive, illegal, or unauthorized activities;
2.15 To comply with the law;
2.16 To evaluate and/or conduct a divestiture, restructuring, dissolution, merger, or other transfer or sale of some or all of our assets;
2.17 In any other way we may describe when you provide the information; and
2.18 For any other purpose with your consent.
3. How We Share and Disclose Your Personal Data
Where permissible under applicable law, we may share your information in the following situations:
3.1 With Service Providers. We may share your Personal Data with service providers, contractors, and other third parties we use to support our business, and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them.
3.2 With Business Partners. We may share your Personal Data with our business partners to offer you certain products, services or promotions, and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them.
3.3 With Other Users. When you interact in the public areas with other users, such Personal Data may be viewed by all users and may be publicly distributed.
3.4 For Business Transfers. We may share or transfer your Personal Data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
3.5 As Aggregated Information. We may disclose aggregated information about our users, and information that does not identify any individual, to our advertisers, business partners, or any other third party.
3.6 To Enforce Our Terms and Conditions. We may disclose your Personal Data to enforce and administer our Terms and Conditions.
3.7 To Protect Our Rights. We may disclose your Personal Data to protect the rights, property, or personal safety of our company, its employees, its members, and members of the public.
3.8 For Legal Compliance. We may disclose your Personal Data to comply with the law, a court order, or legal process, including to respond to (a) notices of intellectual property infringement, (b) claims that Customer Data violates the rights of third parties, (c) government or regulatory request, and/or (d) investigate the use of or respond to alleged violations or infringement of third-party content.
3.9 With Your Consent. We may disclose your Personal Data for any other purpose with your consent.
4. How We Secure Your Personal Data
We use commercially reasonable technological safeguards to secure any Personal Data we collect about you. The secure server software (“SSL”) we use encrypts all information you input before it is sent to us. In addition, your User Account information is password-protected for your privacy and security. You should always take steps to protect the confidentiality of the password you select. It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when you finish using a shared computer.
The security of your Personal Data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. If you have any questions about security on our Platform, you can contact us at support@chili.ch
For more information about how we protect Customer Data processed through our Integrations, please see our Data Processing Agreement.
5. How You Can Manage Your Personal Data
You may correct, amend, or delete the information we hold about you. Most of your account information can be changed in the “My Account” section of the Platform. After receiving proof of your identity, you may request that we delete or change any or all of your Personal Data (subject to certain exceptions) and we will do our best to respond to your request within thirty (30) days of receipt. You are responsible for keeping your Personal Data up to date.
6. Retention of Your Personal Data
We may retain your Personal Data for as long as your account is active or as needed to provide you with the Integrations. We will also retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We will also retain statistical data for internal analysis purposes. Statistical data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Platform, or we are legally obligated to retain this data for longer periods.
7. Consent to Processing of Your Personal Data in Switzerland
Please be aware that your Personal Data may be processed by us (and third parties on our behalf as further described in this Privacy Policy) outside of your home country, including to Switzerland, where data protection and privacy regulations may not offer the same level of protection as privacy laws in your country. If you create a Chili Digital AG User Account with us, you agree to this Privacy Policy and you consent to the transfer of all information you provide to us Switzerland. We will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other Personal Data.
Customer Data will be processed and stored in accordance with applicable Data Protection Laws (as defined in our Data Processing Agreement). For more information about where we process Customer Data and our legal basis for processing and storing Customer Data in Switzerland or elsewhere, see our Data Processing Agreement.
8. Opting-Out of Personalized Ads
You may choose to opt-out of receiving emails and newsletters from us and delete, disable, and manage browser cookies, and flash cookies.
8.1 Marketing Emails Opt-Out. If you no longer want to receive marketing emails from us, you may click the “Unsubscribe” link in an email, follow the instructions provided in any email we send, or contact us at support@chili.ch
8.2 Tracking Opt-Out. You can opt out of accepting cookies (or browser cookies) by activating the appropriate setting on your browser or you can set your browser to alert you when cookies are being sent. However, if you disable or refuse, you may not be able to access and use some parts of our Platform. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies, for more information on how to manage Flash cookies, please visit Adobe’s Flash player settings page.
9. Third Party Websites
We may provide links to third parties’ websites within the Platform, but this Privacy Policy does not apply when you access third party websites directly from the Platform. Please note that we have no control or responsibility over their data collection, use, or disclosure practices. When you click on links that take you to external websites, you will be subject to their privacy policies. If you access and transmit information to third parties’ websites, you do so at your own risk. You should carefully review the privacy policy of any third party website you visit before using it or disclosing your Personal Data to its provider.
10. Collection of Payment Information
We may use Third-Party Service providers for payment processing, such as Stripe. We will not store or collect your payment card details. The information will be provided directly to our third-party Payment Processor whose use of your Personal Data is governed by their privacy policy. These Payment Processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information. For more information about the Stripe privacy policy and/or Stripe’s security protocols, please visit the Stripe website.
11. Personal Data of Minors
The Platform is intended for individuals at the age of 18 years old or older. If you are under the age of 18, you may not use the Platform nor have a ChiliDigital AG User Account. We do not knowingly collect information from or direct any of our content specifically to children under 18. If we learn or have reason to suspect that you are a User who is under the age of 18, we will have to close your account. If you believe we might have any information from or about a child under the age of 18, please contact us at support@chili.ch.
12. Supplemental Notice To Individuals that Reside in the European Economic Area
Users of the Platform that are residents in the European Economic Area (EEA) may have additional rights afforded to them under the EU General Data Protection Regulation (GDPR) and European Union Member States, including the United Kingdom and Switzerland.
12.1 Making a request in relation to your Personal Data
The GDPR gives EEA consumers various rights with respect to the Personal Data we collect, including the right to (subject to certain limitations):
12.1.1 Request copies of your Personal Data;
12.1.2 Access, update or delete the Personal Data we have on you;
12.1.3 Request that we correct any information you believe is inaccurate, or request us to complete information you believe is incomplete;
12.1.4 Request erasure of your Personal Data that we have collected, under certain conditions;
12.1.5 Request that we restrict the processing of your Personal Data, under certain conditions;
12.1.6 Object to processing of your Personal Data, under certain conditions;
12.1.7 Request that we transfer the data we have collected to another organization, or directly to you, under certain conditions;
12.1.8 Withdraw consent at any time where we are relying on consent to process your Personal Data.
Please note that we may ask you to verify your identity before responding to such requests. You will not have to pay a fee to access your Personal Data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact your local Data Protection Authority about our collection and use of your Personal Data.
12.2 Controller’s Details
Please note that where we act as data processor on behalf of our Subscribers, you will be required to contact the data controller directly to exercise your rights. To learn more about how we process your data through our Integrations where we act as a processor and our Subscriber acts as the controller, please see our Data Processing Agreement. To determine the contact details of the applicable controller of your Personal Data, you may contact us at support@chili.ch.
12.3 Legal Basis for Processing
We need a lawful basis to collect, use and disclose your Personal Data as a controller. Our lawful basis will depend on the information concerned and the context in which it is processed. Generally, we rely on the following lawful basis for processing Personal Data:
12.3.1 We need to perform a contract with you;
12.3.2 You have given us a permission to do so;
12.3.3 The processing is in our legitimate interest and it is not overridden by your rights;
12.3.4 For payment processing purposes;
12.3.5 To comply with the law.
By creating a ChiliDigital AG User Account and/or by accessing and using an Integration, you are agreeing to our Terms and Conditions, this Privacy Policy, and, where applicable, our Data Processing Agreement (collectively, “Contracts”). You acknowledge and agree that we may rely upon these Contracts as a legal basis for processing your Personal Data.
12.4 Transfers of Personal Data
If you live in the EEA, we will only transfer your Personal Data from the EEA to countries outside the EEA on the basis of appropriate safeguards, such as the European Commission’s Standard Contractual Clauses or their equivalent under applicable law.
Contact Information
If you have any questions or complaints about this Privacy Policy or our handling of your Personal Data, please contact us at support@chili.ch.