PRIVACY NOTICE

Our company, BOLTONSHIELD AG (the “Företag”, “we”), collects and processes certain personal data for the purpose of providing you (“you”, “your”) with the product Yubikey of Yubico AB (“Product”). When we do so we are regulated under the applicable Laws (Swiss Data Protection Law and EU General Data Protection Regulation) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Alla förfrågningar om detta integritetsmeddelande eller förfrågningar om att utöva någon av de rättigheter som anges ovan bör riktas till dataskyddsombudet via info@boltonshield.com eller per post till följande adress:

Dataskyddsombud, Minervastrasse 3, 8032 Zürich, Schweiz.

  1. What Information we Collect

When you are accessing our website and filling in your personal information through our contact form, we are collecting your personal information in order to be able to provide you with the Product.

The personal information we collect from you are the following:

  1. name and surname;

  2. e-mail address;

  3. telephone number;

  4. postal address;

(the “Personal Information / Your Personal Information”)

  1. Purpose of the Collection

We collect Your Personal Information so that we can provide/deliver to you the Product, as per your request through our website form.

In particular, Your Personal Information will be collected and may be used in order for our associates, such as Yubico AB, to contact you and follow up regarding the Product. If you wish so, you may view their Privacy Notice here.

We do not collect and we do not use any personal data other than that specifically mentioned above without your explicit consent, unless you ask us to do so.

You do not have an obligation to provide us with your personal data, but if you don’t, we will not be able to include you in our giveaway procedure and/or provide you with the Product.

Our Company does not use automated decision-making processes or profiling while processing your personal data.

  1. Our legal basis for processing your personal information

When we use Your Personal Information we are required to have a legal basis for doing so. There are various different legal bases on which we may rely on, depending on what personal information we process and why.

De rättsliga grunder som vi kan förlita oss på inkluderar:

  • Consent: where you have given us clear consent for us to process your personal information for a specific purpose;

  • Legitimate interests: where the use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information, which overrides our legitimate interests);

  1. How we Keep your Data

We process Your Personal Information at our offices, in Minervastrasse 3, 8032 Zurich, Switzerland.

Hosting and storage of your data takes place in Bolton Technologies Datacenter which servers are located in Cyprus.

For the storage and security of your personal data the Company takes all the necessary technical and organizational measures to ensure that the processing is carried out in accordance with the law and the GDPR (access control, firewalls, antivirus, cryptography, etc.).

  1. Access to your Data

Within our Company, your personal data is only accessible by the strictly required personnel and only for the purposes mentioned above.

We may disclose Your Personal Information to our affiliates, in which case we will require these affiliates to comply with this Privacy Notice. Our affiliates include any subsidiaries, or other companies that We control. We may also share Your Personal Information with our business partners to offer certain products, services or offers to you (relevant reference is made to paragraph 2 above).

We choose our associates very carefully, after the necessary checks have been carried out and sufficient guarantees have been provided to implement appropriate technical and organizational measures in such manner that processing will meet the requirements of the GDPR and the relevant laws and ensure the protection of your rights.

The external recipients of your personal data may also include private businesses, professional bodies or competent authorities to whom your data may need to be disclosed for the purposes stated in paragraph 2 and especially for compliance with our legal obligations.

  1. Retention Period

In accordance with Company policy, your data is kept only for as long as necessary to fulfil the purposes stated in paragraph 2 above, or – in the case of consent – until you withdraw your consent. In addition, we retain your personal data for as long as necessary to comply with tax laws, to exercise our legal rights and generally to pursue our legitimate interests.

After this period, your personal data will be irreparably destroyed. Any data kept by us for marketing and information purposes will be retained until you inform us that you no longer wish to receive such information (if applicable).

  1. Security

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. These measures include, but are not limited to, access control, internal audit etc. Furthermore, we limit access to Your Personal Information to those who have a genuine business need to know it. Those processing Your Personal Information will do so only in an authorized manner and are subject to a duty of confidentiality. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

  1. Your Rights

As a data subject, you may contact us at any time to make use of your rights, which are, the right to:

  1. receive information about the data processing and a copy of the processed data;

  2. demand the rectification of inaccurate data or the completion of incomplete data;

  3. demand the erasure of personal data;

  4. demand the restriction of the data processing;

  5. receive the personal data concerning the data subject in a structured, commonly used and machine-readable format and to request the transmittance of these data to another controller in certain situations;

  6. object to the data processing;

  7. withdraw a given consent at any time to stop a data processing that is based on your consent;

  8. complain to a competent supervisory authority.

For further information on each of those rights, including the circumstances in which they apply, please contact us (see ‘How to contact us’ below).

If you still feel that your personal data has not been handled appropriately according to the law, you can submit your complaint with the Federal Data Protection and Information Commissioner, the website of which can be found here.

How to contact us

You can contact us by post or email, if you have any questions about this Privacy Notice or the information we hold about you, to exercise a right under data protection law or to make a complaint.

Our contact details are shown below:

Boltonshield AG

Postal address: Minervastrasse 3, 8032 Zurich, Switzerland

Email address: info@boltonshield.com

  1. Changes to this Privacy Notice

This Privacy Notice was last updated on 6/9/2022.

We may change this Privacy Notice from time to time and when we do so, we will inform you via the most appropriate means of contact, when this considered necessary.