Privacy Policy for Platform Users
1. Introduction
We at Kemiex take data protection and privacy very seriously. Therefore, we have drawn up this Privacy Policy which explains to you our handling of your data when you register for and use our MarketRadar offering (the “Platform”). It does not cover neither the processing of data on our website “kemiex.com” nor the processing on a Private Portal of another company using Kemiex as their software. The corresponding privacy policy for our website can be found below. It only covers your processing of data if the GDPR applies to this processing. This is the case if you are currently in the European Union.
2. Controller and data protection officer
Controller of the processing of your data on the Platform is:
Kemiex AG Weberstrasse 3, 8004 Zurich, Switzerland (“Kemiex”).
Email: contact@kemiex.com
You can contact our data protection officer at privacy@kemiex.com
3. Purposes of the processing and legal basis
Purposes of processing:
We process your data for the following reasons and rely on the following legal basis:
- Purpose: Verify your registration. This includes a background check of your company (not the individual employee) with regard to financial strength, quality certifications and processes as well as professional behaviour.
Legal basis: Article 6 (1) (b) GDPR - Purpose: Contact you or offer you customer support.
Legal basis: Article 6 (1) (b) GDPR (for any inquiry related to the performance of a contract),
Article 6 (1) (f) GDPR (in case of other topics apart from the contract itself). Our legitimate interest is providing you with an answer and offering a good customer service. - Purpose: Provide requested own- and third-party services (e.g. trade credit insurance, analytics).
Legal basis: Article 6 (1) (b) GDPR - Purpose: Send you information about new services and features of the Platform.
Legal basis: Article 6 (1) (f) GDPR Our legitimate interest is informing you about news on our Platform.
4. Categories of personal data
We collect the following categories of personal data upon registration:
- First and last name
- Your company name
- Role in your company
- Country of origin
- Email address
- Telephone number
Apart from this, you are free to provide the following kinds of personal data:
- Personal data made available by you when contacting us via the Platform
We do not process any special categories of personal data (Article 9 GDPR).
5. Storage period
Your data is stored in accordance with our retention policy. We delete any personal data that is no longer necessary for the purpose for which the personal is processed. Where we store personal data due to legal retention periods or because of recording obligations, processing relies on Article 6 (1) (c) GDPR.
6. Obligation to provide data
There is no legal obligation to provide your data. However, a registration for the Platform is not possible if you fail to provide this data as we want to ensure that there are only companies meeting our quality requirements with an unambiguous contact person.
7. Recipients of personal data
Your data might be transferred to the following categories of recipients:
- Atradius
Moreover, data might be transferred to our data processors. We have concluded data processing agreements with them. These are the following:
- AC PM LLC, 1 N Dearborn Street, Suite 500, Chicago, IL 60602, USA: AC PM LLC offers Postmark, a service to communicate with business partners and see the status of the messages sent.
- Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland: Google is used for hosting the Platform.
- Salesforce.com Sàrl, Ernst-Nobs-Platz 1, 8004 Zürich, Switzerland: Salesforce is used as our CRM system.
- Microsoft, Konrad-Zuse-Str.1. 85716 Unterschleißheim as email provider.
8. Transmission to third countries
We are situated in Switzerland that is not part of the EU. Nonetheless, we offer a level of protection comparable to one of the EU as it was acknowledged by the EU commission in an adequacy decision.
Your data may be stored for technical reasons outside of Switzerland, on servers in Belgium.
Partially, our recipients are located in countries outside of the European Union or data might be transferred to countries outside of the European Union. These are the following third parties using the stated safeguards to ensure an adequate level of protection:
- AC PM LLC is seated in the USA. The data transferred to AC PM LLC includes the following kinds of personal data:
o Email address
o Content of the message
o Metadata (IP address, location)
The USA do not offer the same level of protection as the GDPR as this data might be subject to foreign intelligence services or other third parties. We use SCCs and supplementary measures to reach the same level of protection as provided under GDPR. The Data Processing Addendum and SCCs can be found here. - As Google Cloud EMEA Limited is hosting the Platform, all personal data transmitted to the Platform will also be transmitted to the servers of Google Cloud. This might also include servers of Google LLC that Google Cloud EMEA Limited is a subsidiary of. Google LLC is located in the United States of America This country does not offer the same level of protection as provided for by the GDPR. The transmitted data could be subject to foreign intelligence services or other third parties. Therefore, we use SCCs strengthened by supplementary measures to ensure an adequate level of protection. The SCCs can be found here. Google Cloud’s Privacy Notice can be accessed here.
- Although Salesforce.com Sàrl as our CRM hosts its data in Europe, personal data may also be transferred to salesforce.com Inc. in the United States of America. This country does not offer the same level of protection as provided for by the GDPR. The transmitted data could be subject to foreign intelligence services or other third parties. Therefore, any trans-fer between European and US entities of Salesforce are protected by BCRs as well as supplementary measures to ensure an adequate level of protection. The BCRs can be found here. Salesforce’s privacy notice can be accessed here.
- Microsoft Germany as our office software provider may also transfer personal data to the United States of America. This country does not offer the same level of protection as provided for by the GDPR. The transmitted data could be subject to foreign intelligence services or other third parties. Therefore, any transfer between European and US entities of Microsoft are protected by SCCs as well as supplementary measures to ensure an adequate level of protection. The SCCs can be found here. Microsoft’s privacy notice can be accessed here.
9. Rights of the data subject
As a data subject you have the following rights under the GDPR:
- Right to access (Article 15 GDPR): Upon request, we inform you whether and which person-al data we have stored about you. You can also demand information about the details of the processing of your data and can be provided with a copy of the relevant personal data.
- Right to rectification (Article 16 GDPR): You have the right to demand correction of any in-accurate personal data concerning you.
- Right to erasure (Article 17 GDPR): You have the right to obtain deletion of your data.
- Right to restriction of processing (Article 18 GDPR): You have the right to obtain restriction of your data. If your data is restricted, your data might only be processed with your con-sent with the exception of storage or the assertion of legal claims.
- Right to withdraw consent (Article 7 (3) GDPR): In case you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time. Any processing of your data that has happened until the time of withdrawal remains unaffected by it.
- Right to object (Article 21 (1) GDPR): You have the right to object processing on grounds relating to your particular situation, at any time to processing of personal data if the processing relies on our legitimate interest (Article 6 (1) (f) GDPR).
If you want to exercise any of these rights, please write an email to contact@kemiex.com.
Moreover, you have the right to lodge a complaint with a competent supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
10. Changes to this privacy policy
We reserve the right to change or actualise this privacy policy at any given point. A change of the privacy policy only concerns personal data collected or edited after said change. We will inform you in due course prior to any changes.
Thanks for reading this privacy policy.
Last updated: October 2022