• English
  • Deutsch
Note: This is an automatic translation of the Data Privacy Statement. In cases of variances between the German language version of this User Agreement, the German version will prevail.

IDENTT Privacy Policy

1. Purpose of this Privacy Policy 

This privacy policy explains how we process personal data, particularly in connection with our business activities and our website. If you would like more information about our data processing, you are welcome to contact us (see Section 2). “Personal data” refers to any information that can be associated with a specific person, and “processing” means any handling of personal data, such as collecting, using, and disclosing that data. 

2. Controller 

Depending on which of the following companies your business relationship is with, 

IDENTT SWISS AG, Fronwagplatz 13, 8200 Schaffhausen, Switzerland

  or 

IDENTT GmbH verification systems, Arndtstrasse 16, 22085 Hamburg, Germany

  or

IDENTT Sp. z o.o., Gen. Romualda Traugutta 45, 50-416 Wrocław, Poland,
is responsible for processing your personal data, as it determines why and how such data is processed. This responsibility may be assumed individually or jointly with other companies in the IDENTT Group. In this privacy policy, “IDENTT,” “we,” or “us” refers to the controller responsible for the processing. 

If you have questions about data protection, you can contact us at the following address: identt@identt.com 

The data protection officer for the controller in the EU is:
    Mauß Datenschutz GmbH
    Neuer Wall 10, 20354 Hamburg
    Phone: +49 40 / 999 99 52-0
    Email: datenschutz@datenschutzbeauftragter-hamburg.de 

You may provide us with data about other individuals (e.g., if you disclose data about other employees of your company). We assume this data is accurate and that you are authorized to share it with us. We kindly ask you to inform those individuals about our data processing (e.g., by referring them to this privacy policy). 

3. How do we process data in connection with our products and services? 

When you use our products and services (collectively referred to as “services”), we process data for the preparation of contract conclusion, onboarding, contract execution, and management: 

  • We may advertise our services, e.g., through newsletters. Further details can be found in Section 4. 
  • When we communicate with you regarding a contract, we process, in particular, the data you provide to us. In accordance with our legal obligations and internal policies, we also conduct sanctions and similar screenings of our customers, their governing bodies, and beneficial owners, for which we obtain data from relevant databases. This includes identification data such as the birthdate of listed individuals, information about economic and political ties, and sanction listings. This may also involve particularly sensitive personal data. 
  • If we enter into a contract with you, we process the data gathered during onboarding and information about the contract (e.g., the date and content of the agreement). We process personal data during and after the contract execution, including details about services, payments, customer service interactions, complaints, contract terminations, and related disputes or proceedings. These data processing activities are necessary for fulfilling the contract. 
  • We also use the above-mentioned data for statistical purposes. These statistics help us improve and develop our services and guide our business strategy. We may also use this data on an identifiable basis for marketing purposes; see Section 4 for more details. 

For contractual partners that are companies, we process fewer personal data, since data protection laws apply only to natural persons (i.e., human beings). However, we do process data of contact persons we interact with, such as name, contact details, professional information, communications, and information about executives, as part of the general information we hold about companies we work with. 

4. How do we process data in connection with advertising? 

We also process personal data to promote our services: 

  • Newsletters: We send electronic communications and newsletters that may contain advertisements for our offerings. We ask for your consent beforehand, except when promoting certain offerings to existing customers. In this context, we process not only your name and email address but also information about which services you have already used, whether you open our newsletters, and which links you click on. Our email service provider provides a tracking function that uses invisible image data, which is loaded via an encoded link from a server and transmits the relevant information. This is a common practice that helps us evaluate the effectiveness of our newsletters and improve them. You can avoid this tracking by configuring your email client accordingly (e.g., by disabling automatic image loading). 
  • Online advertising: See Section 9 for more information. 
  • Events: We may organize events (in-person or online). If you participate, we process your registration data to organize and run the event and, where applicable, to contact you afterward. We may also take photos or videos during the event and share them on platforms like social media. All IDENTT staff responsible for publication are aware of the need to protect individuals’ privacy and handle such material with appropriate care. 
  • Marketing calls: We may contact our customers and, in some cases, potential customers by phone and process related data about our contacts and possibly other associated individuals within the called organization. 
  • Market research: We also process data to improve our services and develop new products—for example, information about your purchases, your reactions to newsletters, or data from customer surveys, polls, social media, media monitoring services, and public sources. 

5. How do we disclose personal data? 

We may disclose personal data in the course of our activities to various parties. These particularly include the following categories of recipients: 

  • to other companies within the IDENTT Group (see Section 6); 
  • to our cooperation partners, so they can contact you; 
  • to persons associated with you, e.g., in the case of company contacts, other employees of the same company or the company itself; 
  • to intermediaries, if we work with them for our services and provide them with your information so they can contact you directly; 
  • to providers of sanctions and other databases, to whom we disclose the necessary information about you as part of an information inquiry; 
  • to public offices, authorities, and courts in connection with our legal obligations and in proceedings where we are a party or a third party is affected; 
  • to third parties, e.g., in connection with the acquisition or sale of assets by us; 
  • to service providers, especially providers of IT services (such as hosting or data analytics providers), administrative and consulting services, shipping and logistics services, as well as banks, postal services, etc. These service providers may process personal data to the extent necessary. For service providers related to our website, see Section 9 for more details. 

6. How do we work within the IDENTT  

We are part of the IDENTT Group and receive certain services from other companies within the group, such as accounting and IT services (see Section 5 for details on service providers). Group companies also collaborate in other areas and may exchange personal data for this purpose. For example, we may share personal data within the IDENTT Group for lead generation. Group companies may also use data they receive from other group companies for their own purposes, as outlined in this privacy policy. 

We assume that such disclosures do not conflict with any confidentiality interests unless you inform us otherwise. In doing so, we often act jointly with other group companies in terms of data protection responsibilities. You may exercise your data subject rights with the group company you are in direct contact with (we will coordinate internally with other group companies as needed). 

7. Can we transfer data abroad? 

Data recipients are located in Switzerland and the EU, among other places. However, they may also be located in other countries. This includes group companies and certain service providers, particularly in the IT sector. These service providers may be based in various countries worldwide. We may also transfer data to authorities or other parties abroad if we are legally obligated to do so, for example, in the context of a company sale or legal proceedings (see Section 11). Not all of these countries provide an adequate level of data protection. We compensate for lower levels of protection through appropriate contractual safeguards, particularly the European Commission’s Standard Contractual Clauses, which are available here. In specific cases, we may also transfer data without such contracts in accordance with data protection regulations—for example, if you have consented to the transfer, or if it is necessary for contract performance, the establishment, exercise or enforcement of legal claims, or overriding public interests. 

8. How do we use artificial intelligence?  

New technologies such as artificial intelligence (AI) and machine learning offer significant potential but also present challenges. We ensure that these technologies are used in alignment with our values and carefully weigh opportunities and risks in each case. We take responsibility for all content generated or decisions made by AI on our behalf. For decisions that have a significant impact on individuals, we ensure they can be reviewed by a human. If AI systems we deploy interact with you directly, we will inform you. 

We may use AI to improve our products and services, increase the efficiency of internal processes, enhance security, prevent misuse, or for other purposes mentioned above. AI applications may process personal data, though this is not always the case. Potential uses of AI include: 

  • Creating and simplifying access to information about our products and services 
  • Assisting in the creation of images, product texts, and similar non-personalized content 
  • Automatically processing customer inquiries and analyzing feedback to better respond to customer needs 
  • Enhancing the customer experience through personalized advice and tailored information 
  • Assisting in the generation of programming code 

9. How do we process data in connection with our website? 

Each time our website is used, certain data is collected for technical reasons and temporarily stored in log files (log data), particularly the IP address of the device, information about the internet service provider and the operating system of your device, details about the referring URL, the browser used, the date and time of access, and the content accessed during the website visit. 

Our website also uses cookies, i.e., files that your browser automatically stores on your device. This allows us to distinguish individual visitors, usually without identifying them. Cookies can also contain information about pages visited and duration of visit. Certain cookies (“session cookies”) are deleted when the browser is closed. Others (“persistent cookies”) remain stored for a specific period so that we can recognize visitors on a future visit. We may also use other technologies for browser-based data storage or visitor recognition, such as pixel tags or fingerprints. Pixel tags are invisible images or program code that are loaded from a server and allow certain analyses. Fingerprints are data about your device’s configuration that make it distinguishable from other devices. 

We use log data and data collected through cookies and similar technologies to enable the use of our website, ensure system security and stability, optimize the website, and for statistical purposes. Cookies and other technologies may also come from third parties who provide certain functionalities. Further details are provided below. 

You can configure your browser settings to block certain cookies or similar technologies, or to delete stored cookies and data. More information can be found in your browser’s help pages (usually under “Privacy”). 

We use the open-source software tool Matomo on our website to analyze user behavior and improve our offerings and usability. The software sets a cookie on the user’s computer (see above on cookies). When individual pages of our website are accessed, the following data is stored: two bytes of the user’s IP address; the accessed webpage; the referring website; subpages accessed; time spent on the website; and frequency of visits. Due to IP address truncation, it is generally not possible for us to associate browsing behavior with individual visitors. 

Matomo runs exclusively on our own website servers. The storage of personal data occurs only there. The data is not shared with third parties. The legal basis for processing the personal data of users is Art. 6(1)(f) GDPR. 

10. How do we process data related to social media? 

We operate our own profiles on social networks and other platforms (including LinkedIn, X [formerly Twitter], Xing, and YouTube). If you communicate with us there, comment on content, or share it, we collect related information, which we primarily use to communicate with you, for marketing purposes, and for statistical analysis (see Sections 4 and 11). 

Please note that the platform provider also collects and uses data (e.g., about user behavior), potentially in combination with other data known to them (e.g., for marketing purposes or content personalization). Where we share responsibility with the provider, we enter into an appropriate agreement, which you can find more information about from the platform provider. 

11. Are there other processing purposes?   

Yes, because many processes are not possible without the processing of personal data—including common and even unavoidable internal operations. It is not always possible to determine this precisely in advance, including the scope of data processed, but below you will find examples of typical (though not necessarily frequent) cases: 

  • Communication: When we are in contact with you (e.g., by email, via a contact form, or through social media), we process information related to the content, nature, timing, and location of the communication. To identify you, we may also process ID verification data. 
  • Compliance with legal requirements: As part of our legal obligations or powers, and to comply with internal regulations, we may disclose data to authorities. 
  • Job applications: If you apply for a position with us, we process the data you provide during the application process, and possibly additional data from public sources such as professional social media. We use this data for the application process and may use it for non-personal statistical purposes. Data from unsuccessful applications is deleted after six months unless you agree to us retaining your information for future recruitment processes—limited to your name and the application date. 
  • Prevention: We process data to prevent criminal acts and other violations, e.g., for fraud prevention or internal investigations. 
  • Legal proceedings: If we are involved in legal proceedings (e.g., court or administrative procedures), we process data about the parties involved and others such as witnesses or informants, and disclose data to those parties, courts, and authorities—potentially also abroad. 
  • IT security: We process data for monitoring, controlling, analyzing, securing, and auditing our IT infrastructure, as well as for backups and data archiving. 
  • Competition: We process data about our competitors and the market environment (e.g., political context, industry associations). This may include data about key individuals—especially names, contact details, roles or functions, and public statements. 
  • Transactions: If we sell or acquire receivables, other assets, business units, or companies, we process data as needed to prepare and execute such transactions—e.g., data about customers or their contacts/employees—and disclose such data to buyers or sellers. 
  • Other purposes: We process data as needed for additional purposes such as training and education, administration (e.g., contract management, accounting, enforcing or defending claims, evaluating and improving internal processes), compiling anonymous statistics and analyses, buying or selling receivables, businesses, or companies, and protecting other legitimate interests. 

12. How do we protect your data?        

We take appropriate technical and organizational measures to ensure a level of security for your personal data that is appropriate to the respective risk. However, we cannot guarantee absolute data security; certain residual risks generally cannot be ruled out.  

13. How long do we process personal data?     

We process your personal data for as long as it is necessary for the purpose of processing (for contracts, usually for the duration of the contractual relationship), as long as we have a legitimate interest in retaining the data (e.g., to enforce legal claims, for archiving, or to ensure IT security), and as long as the data is subject to statutory retention requirements (e.g., a ten-year retention period applies to certain data). After these periods expire, we delete or anonymize your personal data. 

14. What legal bases do we rely on for data processing?    

Depending on the applicable law, data processing is only permitted if explicitly authorized by that law. This does not apply under the Swiss Data Protection Act but does apply, for example, under the European General Data Protection Regulation (GDPR), to the extent it is applicable. In that case, we base the processing of your personal data on the following legal grounds: 

  • Art. 6(1)(b) GDPR for processing necessary for the performance of a contract with the data subject or to take pre-contractual steps (see Section 3). 
  • Art. 6(1)(f) GDPR for processing necessary for the purposes of legitimate interests pursued by us or a third party, provided these are not overridden by the interests or fundamental rights and freedoms of the data subject. This particularly applies to compliance with Swiss law, our interest in operating our activities in a stable, user-friendly, secure, and reliable manner, and the purposes outlined in Section 11. 
  • Art. 6(1)(c) GDPR for processing necessary for compliance with a legal obligation under the law of an EEA member state. The EEA includes the EU member states plus Iceland, Norway, and Liechtenstein. 
  • Art. 6(1)(a) GDPR for processing based on your separate consent. 

You are generally not obliged to provide us with data, except in specific cases (e.g., if you are required to fulfill a contractual obligation and this involves providing data to us). However, we must process certain data for legal and other reasons if we are to enter into and fulfill contracts. 

15. What are your rights? 

Under the applicable data protection laws, you have specific rights regarding your personal data and our processing of it. These rights include: 

  • Access: You can request information about whether we process personal data about you, what data we process, and additional details about our data processing. 
  • Correction and restriction: You can request that inaccurate personal data be corrected, incomplete data be completed, and the processing of your data be restricted. 
  • Deletion and objection: You can request the deletion of your personal data and object to the future processing of your data. In particular, you may object at any time—on grounds relating to your particular situation—to the processing of data for our legitimate interests and to our use of your data for direct marketing purposes. 
  • Portability: You can request that the personal data you have provided to us be made available in a structured, commonly used, and machine-readable format, provided the processing is based on your consent or is necessary for the performance of a contract. 
  • Withdrawal of consent: If we process data based on your consent, you may withdraw that consent at any time. The withdrawal will apply only to future processing. We may continue processing the data if another legal basis applies. 

If you wish to exercise any of these rights, please contact us (see Section 2). We may need to verify your identity before we can fulfill your request. 

You also have the right to lodge a complaint with the relevant supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). If the GDPR applies, you may also file a complaint with a competent European data protection supervisory authority.