Information processing relationship

The Swiss Data Protection Act (nDSG) provides for extensive information obligations when collecting personal data in order to ensure the transparency of data collection in the interest of the data subject. As a customer of Fogbyte GmbH (hereinafter also referred to as “Fogbyte”, “we” or “us”), you trust that we comply with these information obligations and handle your personal data with care.

As part of our services, we collect and process information and personal data about you as a customer. Below we inform you in particular about which categories of personal data we collect, store or forward and for what purposes. We also inform you about your rights that you can exercise in the context of data protection.

Responsibilities

The controller responsible for processing your personal data is:

Fogbyte GmbH
Aarburgerstrasse 13
4800 Zofingen

+41 62 511 10 01 / info@fogbyte.com

As the controller, Fogbyte determines the purposes and means of the processing of your personal data and is responsible for the processing and use of your personal data in accordance with this data processing agreement. If you have any questions or uncertainties regarding this data processing agreement or the processing of your personal data, please contact us at any time by telephone or by sending an e-mail to info@fogbyte.com.

Categories of personal data

Personal data is information that can be linked to a specific person. We process various categories of such personal data. The most important categories are listed below for your guidance. However, we may also process other personal data in individual cases.

Master and contact data

  • Name
  • Address
  • emailaddress
  • Phone number

Information about purchased products and services

  • Information about purchased products and services

Communication data

  • Exchanged communication content and information
  • Time and place of communication

In certain situations, we may ask you for proof of identity for identification purposes

Technical data

  • Network information data
  • Private and public IP address
  • MAC address
  • Device name
  • Serial number
  • Warranty number
  • Warranty expiration date

Collection and purpose of data processing

As a rule, you provide us with personal data yourself by transmitting data to us or communicating with us. However, we may also collect personal data about you ourselves, e.g. if you use our services or we receive information about you from third parties, e.g. from partner companies with whom we work, from people who communicate with us or from public sources.

The processing (collection, storage, use and retention) of your data is based on this information processing relationship and the legal requirements as well as the associated obligations in other contracts with us. As part of contract initiation, administration and processing, we process your master data, communication data and technical data in particular. The purpose of contract processing generally includes everything that is necessary or expedient to conclude, execute and, if necessary, enforce a contract with you. This may also include the involvement of third parties (e.g. partner companies). On the one hand, data is collected by technicians as part of a service or support case. On the other hand, we may also receive data from other companies from which you have purchased services if you have given your consent for this.

The collection of data is a prerequisite for obtaining services from Fogbyte. If you do not provide the necessary information, no services can be offered. Your personal data is stored and processed on our internal servers and in processing programs.

Your data may be analyzed for quality management purposes. This may include reviewing and improving our processes and services to ensure that we meet quality standards.

We also process personal data in order to comply with legal obligations and to prevent and detect breaches. This includes, for example, the receipt and processing of complaints and other reports, the administration and storage of other personal data.

We process personal data in order to protect our legal interests. This may include, for example, the judicial or extrajudicial enforcement and defense of claims, both in Switzerland and abroad. We process different types of personal data depending on the situation. This includes contact data as well as information about events or processes that have led or could lead to legal disputes.

We process personal data for security purposes, to ensure IT security, to prevent theft, fraud and abuse and for evidence purposes (e.g. evaluation of system-side recordings of the use of our systems (log data), the prevention, defense and clarification of cyber attacks and malware attacks, analyses and tests of our networks and IT infrastructures as well as system and error checks).

Duration of storage

In principle, we process your personal data for as long as our processing purposes, the statutory retention periods and our legitimate interests, in particular documentation and evidence purposes, require it or storage is technically necessary (e.g. in the case of backups or in document management systems).

Your personal data will be stored for 10 years after the last service was purchased.

Disclosure of your data

We only transfer your personal data to external parties if this is permitted or required by law or if you have consented to this as part of a service. Specifically, we pass on your personal data for the above-mentioned purposes to the following categories of external parties who process the personal data for the above-mentioned purposes on our behalf or for their own purposes in accordance with the law:

  • We work with service providers in Switzerland and abroad who process data that they have received from us or collected for us on our behalf, in joint responsibility with us or on their own responsibility. These service providers include, for example, IT companies, cloud providers, banks or consulting firms. We generally process contracts with them regarding the use and protection of personal data
  • If we are legally obliged or authorized to do so, we may disclose personal data to courts and other authorities in Switzerland and abroad if there is suspicion of criminal activity or if this appears necessary to protect our own interests. Data may be passed on to cantonal and national authorities on the basis of statutory reporting obligations or by court order.
  • Where the inclusion of third parties results from the purposes, personal data may be processed. This applies, for example, to delivery addressees or payment recipients specified by you, third parties in the context of agency relationships or persons involved in official or court proceedings.
  • As part of our corporate development, we may sell or acquire businesses, parts of businesses, assets or companies or enter into partnerships, which may also result in the disclosure of data to the persons involved in these transactions.

Our processors are obliged to process personal data exclusively in accordance with our instructions and to take appropriate data security measures. Certain service providers are also jointly or independently responsible with us. Through the selection of service providers and suitable contractual agreements, we ensure that data protection is guaranteed throughout the processing of your personal data.

The above-mentioned categories of recipients may in turn involve third parties, so that your data may also become accessible to them.

Information, inspection, disclosure, correction and deletion of personal data

You have the right to receive information about your personal data at any time. You can view your processed personal data and the associated services or request a copy. The provision of a copy may be subject to a charge. We will inform you of any costs in advance.

If you discover that your data is incorrect or incomplete, you have the option of requesting a correction.

If you have given your consent for data processing, you can revoke your consent at any time or in part. The revocation must be made in writing. As soon as we have received your written revocation and the processing cannot be based on any legal basis other than consent, it will be discontinued. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

You have the right to have data that we process automatically or digitally handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the service. If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection, unless it is already subject to a legally recognized set of rules to ensure data protection. We may also disclose personal data to a country without adequate data protection without concluding a separate contract if this is necessary for the provision of services or if we can rely on an exemption clause. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests.

If the EU General Data Protection Regulation (GDPR) is exceptionally applicable to certain data processing, the following provisions also apply for the purposes of the GDPR and the data processing subject to it.
We base the processing of your personal data in particular on the fact that…

  • it is necessary as described above for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR)
  • it is necessary for the purposes of the legitimate interests pursued by us or by third parties as described above, namely for communication with you or third parties, for security purposes, for compliance with Swiss law and internal regulations and for other purposes such as administration, evidence and quality assurance, organization, implementation and follow-up of events and for the protection of other legitimate interests (Art. 6 para. 1 lit. f GDPR)
  • it is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c GDPR)
  • You have explicitly consented to the processing (Art. 6 Abs. 1 lit. a und Art. 9 Abs 2 lit. a DSGVO)

If you do not agree with our handling of your rights or the level of data protection in this order processing relationship, please let us know. If you are located in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de.

Protection of personal data

We take appropriate security measures of a technical and organizational nature to protect the security of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risk of loss, unintentional alteration, unwanted disclosure or unauthorized access. We cannot rule out data security breaches with absolute certainty; certain residual risks are unavoidable.

Technical safety measures

  • Data encryption
  • Pseudonymization of data
  • Logging
  • Access restriction
  • Storage of backups

Organizational safety measures

  • Employee instructions and training
  • Confidentiality agreements in relation to legal entities
  • Regular checks

We oblige our processors to take appropriate technical and organizational security measures.

Liability

Fogbyte shall be liable in accordance with Art. 97 of the Swiss Code of Obligations (OR) for all damages caused by non-fulfilment or poor fulfilment of this contract.

Fogbyte cannot be held liable for the following damages:

  • Damage caused as a result of a power shortage.
  • Damage caused as a result of a virus attack.
  • Damage caused as a result of a hack or cyberattack.
  • Damage caused as a result of a software or operating system error.
  • Damage resulting from the installation of faulty service packs or hot fixes.
  • Damage caused as a result of a natural disaster.

Processing of personal data by the client in connection with products or services of Fogbyte

The customer hereby agrees not to process any particularly sensitive personal data with the products and services of Fogbyte.

Contacting us

If you have any questions about this order processing relationship or the processing of your personal data, you can contact us using the contact details listed above.

Subject to change

Fogbyte may amend the present order processing relationship at any time. If significant changes are made, Fogbyte will inform you of this in an appropriate manner (e.g. by email).

Place of jurisdiction

The contract is regulated by Swiss law. All disputes arising in connection with the contract, its performance or interpretation shall be settled by a Swiss court, which shall have exclusive jurisdiction. The place of jurisdiction is the location of the registered office of Fogbyte.

Last updated: January 30, 2025