Our commitment to you

1.     Scope of application

This Privacy Policy relates to the processing of personal data by CASUS Technologies AG, Uraniastrasse 31, 8001 Zurich (hereinafter referred to as "CASUS", "we" or "us"). We process personal data of visitors to our website and users of our online services, customers, business partners, supporters, event participants and other interested persons who contact us (the "data subjects").

Please note that this privacy policy may be subject to change from time to time. The current version published on our website applies.

2.     Definitions

Personal data" means any information relating to an identified or identifiable natural person.

Processing" includes any handling of personal data (the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data).

3.     Contact person

CASUS Technologies AG is responsible for the processing of personal data. If you have any data protection concerns, you can send them to the following contact address: contact@getcasus.com.

4.     How do we collect your personal data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter on our website or that you disclose to us in connection with the processing of our contractual relationship or for other reasons. On the other hand, data is automatically collected by our IT systems when you visit the website.

If necessary, we also process personal data from other sources, e.g. from companies that provide information for us, but also when using social networks, when a connection to our platform is created, or when we obtain information from public registers.

5.     What personal data do we process?

We define a "customer" as a legal or natural person who concludes a service contract with us or uses our services in the context of such a contract. A "user" is any person who uses our website or services outside of a service contract. We process data from both categories.

5.1.  Personal data that can be collected on the website

We process the personal data that is necessary for the effective operation of our website and our online services. The processed personal data can be divided into the categories of inventory and contact data, content data, usage data, contract data and payment data.

• Data that is automatically collected when you visit the website. This is primarily technical data (see details in section 7). For details on the technical collection and use of data by cookies, analysis tools and third-party plug-ins, please refer to the description in our policy on the use of cookies, analysis tools and third-party plug-ins on our website.

• Inventory and contact data (such as name and address, etc.) or content data that may be collected during use or registration

5.2.  Other personal data that we process

• Data that you provide to us as a customer in connection with the provision of our services and in fulfillment of our contractual relationship, e.g. title, first name, last name, user name, e-mail address, telephone number, company, address, subscription model, company website.

• The documents stored by our systems may also contain personal data of third parties:  You are responsible for the personal data of third parties that you disclose to us (e.g. when uploading documents). Please ensure that the person concerned agrees to this and is aware of this privacy policy.

• We may process data from users as described below.

• When you register for the newsletter or for the purpose of sending marketing measures, we process the personal data required for sending the newsletter, e.g. your surname, first name, e-mail address, date of birth, etc.

• Payment data (in particular bank information, credit card information, etc.)

• All other information that you provide to us, e.g. application data, etc.

6.     For what purposes do we process your personal data?

We process personal data for the following purposes:

6.1.  To perform our contractual relationship with you:

• for the provision of services within the framework of contractual relationships (e.g. within the framework of the use of our online tool) as well as for the exercise of all associated rights and the fulfillment of related obligations;

• for the planning and implementation of our events or online interviews;

• to contact us in response to your request.

6.2.  For marketing and market research purposes

• in particular for sending newsletters or for sending information about our events and online interviews. Depending on the marketing measure, separate consent may be obtained for this;

• to market and provide services and to conduct market research and internal development;

• to develop and improve our IT systems, security, know-how and methods of communicating with you.

6.3.  To use the website

• for the secure and stable operation of this website;

• The data created when you use the website can also be used to analyze your user behavior. For details on the technical collection and use of data by cookies, analysis tools and third-party plug-ins, please refer to the description in our policy on the use of cookies, analysis tools and third-party plug-ins on our website.

6.4.  Other purposes

• for bookkeeping and archiving in accordance with applicable law;

• to check your application documents;

• to fulfill legal or regulatory requirements.[1] 

7.     Server log files, technical provision of the website

The following information is automatically collected when you visit our website:

• IP address;

• last visited website;

• Date and time, incl. time zone;

• Access status/HTTP status code;

• accessed documents;

• amount of data transferred;

• Operating system, incl. user interface and version;

• Browser, incl. language and version.

  
  

Log file information is stored for a certain period of time for security reasons (e.g. to clarify acts of abuse or fraud) and then deleted. Data that needs to be stored for a longer period of time for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

We use this data to ensure a smooth connection setup, convenient use of the website, evaluation of system security and stability and for other administrative purposes. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. We also use cookies and analysis and marketing services when you visit our website. For more information, please refer to the policy on the use of cookies, analysis tools and third-party plug-ins on our website .

8.     Newsletter

The following personal data is processed when you register for the newsletter and confirm this in the e-mail link received (so-called double opt-in procedure): Surname, first name, e-mail address. The data is processed for the purpose of authenticating the subscriber upon registration and sending the subscriber a newsletter.

You can unsubscribe at any time using the "Unsubscribe" link in the newsletter or by sending an email to the contact address given here. The data processing operations that have already taken place remain unaffected by the revocation.

We use a US service provider, the communication platform Mailchimp, for the purpose of sending newsletters. The provider is Intuit Inc (Mountain View, 2700 Coast Avenue, CA 94043, USA); information on data protection: "Data protection declaration (Intuit) including country and region-specific provisions". If you enter data for the purpose of subscribing to the newsletter, it will be stored on MailChimp's servers in the USA. When you open an email sent with MailChimp, a file contained in the email (so-called web beacons) connects to the MailChimp servers. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is collected for the statistical analysis of newsletter campaigns, such as the time of access, IP address, browser type or operating system. This information cannot be assigned to the respective newsletter recipient.

9.     Webinars

We regularly host live interviews (so-called webinars) with experts to gain their insights, thoughts and practical tips for legal departments and law firms. The webinars can be found under "Resources" on the website. To view individual webinars, you will need to register. To do so, you must complete the relevant online form in which we ask for your first name, surname and e-mail address. We will only use your data to send you information about new webinars in the future. If you do not wish to receive such communications from us, you can inform us at any time at the address given in this privacy policy.

The webinars do not contain any images of the listeners. The questions are asked in the webinars via chat message, there is no naming or data transfer of any kind of listeners, which would be reproduced in the webinar.

If you are an interview partner in a webinar, we will ask you in advance for your consent to publish the webinar on our website or on youtube.

10.  Contact form

You can book a demo using the contact form on our website. For this purpose, we process the data you provide in the form (first name, surname, e-mail, telephone number).

11.  Do we pass on your personal data to third parties?

We may share your personal data with trusted third parties, including:

• Service providers to whom we outsource certain support services, in particular cloud and IT service providers;

• Service provider in the field of marketing and market research;

• Payment service providers (banks, credit card companies);

• Accountants, auditors;

• Third parties who work within the scope of our services, e.g. external consultants or other event participants

  
  

When transferring personal data to third parties, we also oblige them to handle your data in the same way as we do ourselves. In particular, third-party companies may not use your personal data for their own purposes (e.g. marketing).

12.  Is your personal data also sent abroad?

We generally process personal data in Switzerland and in the European Union (EU). However, we may also export or transfer personal data to other countries, in particular in order to process it or have it processed there. This is particularly the case when your data is passed on to third-party service providers or when IT systems are used.

When using our IT solutions and operating and CRM systems (e.g. notion, Microsoft, google) and our marketing mailing service (mailchimp) or when planning and implementing our events, data may also be exported to the USA, Ireland or Germany.

We can export personal data to all countries, provided that the law there guarantees adequate data protection in accordance with the decision of the Swiss Federal Council and - if the General Data Protection Regulation (GDPR) is applicable - in accordance with the decision of the European Commission. We may also transfer personal data to countries whose law does not guarantee adequate data protection, provided that data protection is guaranteed for other reasons, in particular on the basis of standard data protection clauses or with other suitable guarantees. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the special requirements under data protection law are met, for example the express consent of the data subjects or a direct connection with the conclusion or execution of a contract. If you have any questions, please do not hesitate to contact us.

13.  Rights of data subjects

In connection with the processing of personal data, the data subjects are entitled to the following rights by law. Please note that their existence and scope may vary in detail depending on the specific applicable data protection legislation:

• Information/disclosure: Data subjects have the right to find out from us whether personal data relating to them is being processed and what this data is. Requests for information can be made for this purpose.

• Rectification: If personal data is incorrect, the data subjects have a legal right to rectification.

• Restriction: Under certain circumstances, the data subject may request that the processing of their personal data be restricted. This may be the case, for example, if the accuracy of the data is in doubt. Please bear in mind that this may restrict or even prevent the provision of services.

• Deletion: The data subject has a legal right to the deletion of their personal data if it is no longer required for the purpose for which it was collected or in the event of a justified objection or withdrawal of consent. In any case, the right to use the data for statutory reasons and to assert, exercise and defend legal claims remains reserved.

• Data portability: The data subject may request the personal data that the data subject has made available to us in a commonly used and machine-readable form and - subject to weighty interests to the contrary - continue to use it.

• Withdrawal of consent: Some data processing operations are only possible with your express consent, such as the sending of the newsletter described under point 8. If the processing of personal data is based on your consent, you can withdraw this at any time. The withdrawal of consent does not affect processing based on other grounds. Furthermore, the withdrawal only applies to the future.

  
  

Please note that these rights are subject to conditions, exceptions or restrictions under the applicable data protection law (e.g. to protect third parties or business secrets). We will inform you accordingly if necessary. To assert your rights, please contact us at the address given above, enclosing proof of identity.

Furthermore, in the event of breaches of data protection law, you have the right to take ordinary legal action and to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

14.  How do we protect your data?

We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, unintentional alteration, unwanted disclosure or unauthorized access.

This website and our online services in general use SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

However, we would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

15.  How long do we store your personal data?

Personal data is stored for as long as is necessary to fulfill the purposes for which it was collected or for as long as we have a legitimate interest in doing so, for example to enforce or defend against claims, for archiving purposes and for IT security purposes. We also store your personal data if and for as long as it is subject to a statutory retention obligation.

If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply. Deletion may be waived if the data is anonymous.

16.  What else needs to be considered?

We do not assume that the EU General Data Protection Regulation ("GDPR") applies to data processing by us. However, if the GDPR is exceptionally applicable to certain data processing, this Section 16 shall also apply exclusively for the purposes of the GDPR and the data processing subject to it.

In this case, we base the processing of your personal data in particular on the fact that

• it is necessary for the initiation, conclusion and fulfillment of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR),

• it is necessary to safeguard our legitimate interests or those of third parties, e.g. for communication with you or third parties, to operate our websites, to improve our electronic offers and registration for certain offers and services, for security purposes, for compliance with the law and internal regulations, for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and to safeguard other legitimate interests (Art. 6 para. 1 lit. f GDPR),

• it is required or permitted by law on the basis of our mandate or our position under the law of the EU or the EEA or an EU member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);

• you have separately consented to the processing, e.g. via a corresponding declaration on our websites (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).

  
  

We would like to point out that we will generally process your data for as long as our processing purposes as mentioned above, the statutory retention periods and our legitimate interests, in particular for documentation and evidence purposes, require or storage is technically necessary (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we generally delete or anonymize your data after the storage or processing period has expired as part of our usual processes and in accordance with our retention policy.[2] 

If you do not provide us with certain personal data, this may mean that it is not possible to provide the associated services or conclude a contract. We always specify which of the personal data we require is mandatory.

The right to object to the processing of your data applies in particular to data processing for the purpose of direct marketing.

If you do not agree with our handling of your rights or data protection, please let us know. If you are in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de.

Policy on the use of cookies, analysis tools and third-party plug-ins on our website

1.     Cookies

We typically use "cookies" and similar technologies on our website to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. This enables us to recognize you when you return to this website, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after your visit to the website ("session cookies"), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) ("permanent cookies"). However, you can set your browser so that it rejects cookies, only stores them for one session or otherwise deletes them prematurely. Most browsers are preset to accept cookies.

For cookies that are used to measure success and reach or for advertising, a general opt-out is also possible for numerous services, such as Facebook, via Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

2.     Necessary cookies

We use so-called technically necessary cookies in some areas of our website. Such file elements allow your computer to be identified as a technical unit during your visit to this website in order to enable you to use our offer. We would like to point out that functions of our website may not work if you have deactivated the use of technically necessary cookies. Cookies do not allow a server to read private data from your computer or data stored by another server. They do not cause any damage to your computer and do not contain viruses. Technically necessary cookies are used to enable our website to function properly.

3.     Additional cookies

In addition, we use the following cookies to understand how you use our services.

4.     Use of Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

Further information on terms of use and data protection can be found at www.google.com/analytics/terms/de.html or at https://policies.google.com/privacy?hl=de&gl=de.

5.     Google Firebase

We use Firebase, an analysis and monitoring tool, on our website. We use Firebase from Google as our database and hosting provider. The service provider is Google. You can find out more about the data processed through the use of Firebase in the privacy policy on the following Firebase/Google website.

6.     Google Web Fonts

Our website uses Google Web Fonts, which is offered by Google, to display fonts. These web fonts are integrated by a server call, usually a Google server in the USA. This tells the server which of our web pages you have visited. The IP address of the browser of the end device of the visitor to this website is also stored by Google. Further information can be found on the Google website (on Google Web Fonts; on data protection).

7.     Intercom

We use Intercom, a messenger and communication platform, on our website. The service provider is Intercom Inc (55 2nd Street, 4th Floor, San Francisco, CA 94195, USA). This platform enables us to improve communication and interaction with customers and users. Further information (details on the type, scope and purpose of data processing) can be found on the Intercom website (https://www.intercom.com/legal/privacy).

8.     Stripe

For payment processing by credit card, we use Stripe from Stripe Inc. in the USA. The service includes sending the IP address, e-mail address and any other data required by Stripe to Stripe Inc. It cannot be ruled out that data processing may take place outside the scope of Swiss or EU law. Among other things, the information may be disclosed to Stripe Inc. in the USA. Further information can be found on the Stripe website (https://stripe.com/en-ch/privacy).

9.     Calendly

For booking appointments, we use Calendly, a planning and organization tool from Calendly LLC (271 17th St NW, Ste 1000, Atlanta, Georgia, USA). Calendly also processes data in the USA. Detailed information on data processing by Calendly can be found on the Calendly website (https://calendly.com/de/privacy/).

10.  Hubspot

We use HubSpot, a digital marketing tool, on our website. The service provider is the company HubSpot, Inc (25 First 2nd Floor Cambridge, MA, USA). The tool is used to improve communication and interaction with customers and other people. Details on the type, scope and purpose of data processing can be found on the HubSpot website (https://legal.hubspot.com/privacy-policy).

11.  Links to other websites

Our website contains so-called hyperlinks to websites of other providers (e.g. LinkedIn). If you activate these hyperlinks, you will be forwarded directly from our website to the website of the other provider. You can recognize this by the change of URL, among other things. We cannot assume any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please refer directly to these websites for information on how these companies handle your personal data.