PRIVACY POLICY

The operator of the website https://www.octopwn.com and https://live.octopwn.com (hereinafter: Website) is Octopwn GmbH. (company registry no.: CHE-226.163.521, registered office: c/o Domizilagentur GmbH Badenerstrasse 580, 8048 Zürich Switzerland.), as data controller (hereinafter referred to as the "Data Controller" or “Controller”), hereby declares and expressly undertakes to ensure that its data processing on the Website fully and completely complies with the applicable and valid Swiss Data Protection Act and the European Union’s General Data Protection Regulation (hereinafter referred to as "GDPR").
The purpose of this Privacy Policy is to inform the natural persons using the Website and/or newsletter service, as data subjects, about the details of the data processing carried out by the Data Controller in connection with the newsletter service, as well as the rights of data subjects, legal remedies and how to enforce them.
The Data Controller declares that it acknowledges the contents of this Privacy Policy and the obligations contained therein, in particular, but not exclusively, the principles mentioned in point III. of this Privacy Policy, as binding for itself and its employees, and that it will fully comply with the provisions contained therein.
The Data Controller also declares that it will use all means at its disposal to protect the security of the data provided by the persons concerned.
The Data Controller reserves the right to amend this Privacy Policy by informing the data subjects of the fact and content of the amendment by sending a notification to the e-mail address provided by the data subjects prior to the amendment taking effect.
This Privacy Policy will enter into force on June 2024.
  1. THE DATA CONTROLLER'S DATA:
Name: Octopwn GmbH.
Company registration number: CHE-226.163.521
Seat/registered office: c/o Domizilagentur GmbH Badenerstrasse 580, 8048 Zürich Switzerland.,
E-mail contact: [email protected]
II. DEFINITIONS
(1) "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
(2) "data processing" means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. "restriction of processing": the marking of stored personal data for the purpose of restricting their future processing;
(4) 'filing system' means a set of personal data, structured in any way, whether centralised, decentralised, functional or geographical, which is accessible on the basis of specific criteria;
(5) "data controller" means the natural or legal person or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by the EU law or by the Swiss law, the controller or the specific criteria for the designation of the controller may also be determined by the EU law or by the Swiss law;
(6) "processor" means a natural or legal person or any other body which processes personal data on behalf of the controller;
(7) "recipient" means a natural or legal person or any other body, whether or not a third party, to whom or with whom personal data are disclosed. Public authorities which may have access to personal data in the framework of an individual investigation in accordance with the EU law or with the Swiss law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
(8) "third party" means a natural or legal person or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;
(9) 'data subject's consent' means the freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;
(10) "Data breach" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
(11) or a means any natural or legal person carrying on an economic activity, regardless of its legal form, including partnerships or associations carrying on a regular economic activity.
III. BASIC PRINCIPLES
The Data Controller undertakes and warrants that it will comply fully and completely with the following principles in all its processing:
Personal data
  1. must be lawful, fair and transparent for the data subject ("lawfulness, fairness and transparency");
  2. collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; ("purpose limitation");
  3. be adequate, relevant and limited to what is necessary for the purposes for which the data are processed ("data minimisation");
  4. be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes for which they are processed are erased or rectified without undue delay ("accuracy");
  5. be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed ("limited storage");
  6. be carried out in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage ("integrity and confidentiality"), by implementing appropriate technical or organisational measures.
  7. The controller is responsible for compliance with the data management principles and must be able to demonstrate such compliance ("accountability").
IV. DATA PROCESSING ACTIVITIES
The Data Controller declares and records that it carries out the following data management activities on the Website:
a) data management relating to registration or purchase of a licence
b) data management related to newsletter subscriptions.
The Data Controller further declares and records that, through the above processing activities, the following personal data of the natural persons concerned are collected and stored:
  • Name
  • e-mail address
  • billing address
The Data Controller declares that the processing of personal data is based on the grounds set out in Article 6 of the GDPR: the data subject's consent. The data subject gives his or her consent to the processing of his or her personal data electronically by means of an explicit action on the Website: by ticking the check box, thereby unambiguously giving his or her consent to the intended processing of his or her personal data by the Data Controller.
The data subject shall have the right to withdraw his or her consent at any time without giving reasons, however, the withdrawal of consent shall not affect the lawfulness of the processing based on consent prior to its withdrawal.
Retention period of the processed data: until the withdrawal of the consent of the data subject. In particular, the withdrawal of the data subject's consent shall be deemed to be withdrawal of consent if the data subject cancel his/her registration and/or unsubscribes from the newsletter service
V. WHO IS ENTITLED TO ACCESS THE DATA
Personal data may be accessed by employees of the Data Controller with access rights related to the relevant data management purpose, and by persons and organisations performing data processing activities for the Data Controller on the basis of service contracts, to the extent and to the extent necessary for the performance of their activities, as determined by the Data Controller.
VI. RIGHTS OF THE DATA SUBJECT
  1. Right to information
(1) The data subject shall have the right to be informed of the information relating to the processing of his or her data before the processing of his or her data commences.
(2) Information to be provided where personal data are collected from the data subject:
  1. the identity and contact details of the controller and, where applicable, the controller's representative;
  2. the contact details of the Data Protection Officer, if any;
  3. the purposes for which the personal data are intended to be processed and the legal basis for the processing;
  4. in the case of processing based on Article 6(1)(f) of the GDPR, the legitimate interests of the controller or a third party;
  5. where applicable, the recipients of the personal data and the categories of recipients, if any;
  6. where applicable, the fact that the controller intends to transfer the personal data to a third country or an international organisation and the existence or absence of an adequacy decision by the Commission or, in the case of a transfer referred to in Article 46, Article 47 or the second subparagraph of Article 49(1) of the GDPR, an indication of the appropriate and suitable safeguards and a reference to the means of obtaining a copy or the availability of a copy.
(3) In addition to the information referred to in paragraph 2, the controller shall, at the time of obtaining the personal data, in order to ensure fair and transparent processing, provide the data subject with the following additional information:
  1. the duration of the storage of personal data or, where this is not possible, the criteria for determining that duration;
  2. the right of the data subject to request the controller to access, rectify, erase or restrict the processing of personal data concerning him or her and to object to the processing of such personal data, and the right to data portability;
  3. in the case of processing based on Article 6(1)(a) or Article 9(2)(a) of the GDPR, your right to withdraw your consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal;
  4. the right to lodge a complaint with a supervisory authority;
  5. whether the provision of the personal data is based on a legal or contractual obligation or is a precondition for the conclusion of a contract, whether the data subject is under an obligation to provide the personal data and the possible consequences of not providing the data;
  6. the fact of automated decision-making, including profiling, as referred to in Article 22 (1) and (4) of the GDPR and, at least in these cases, clear information on the logic used and the significance of such processing and its likely consequences for the data subject.
(4) Where the personal data have not been obtained from the data subject, the controller shall provide the data subject with the following information:
  1. the identity and contact details of the controller and, where applicable, the controller's representative;
  2. the contact details of the Data Protection Officer, if any;
  3. the purposes for which the personal data are intended to be processed and the legal basis for the processing;
  4. the categories of personal data concerned;
  5. the recipients of the personal data and the categories of recipients, if any;
  6. where applicable, the fact that the controller intends to transfer the personal data to a recipient in a third country or to an international organisation and the existence or absence of an adequacy decision by the Commission or, in the case of a transfer referred to in Article 46, Article 47 of the GDPR or the second subparagraph of Article 49 (1), an indication of the appropriate and suitable safeguards and a reference to the means of obtaining a copy or their availability.
(5) In addition to the information referred to in paragraph 4, the controller shall provide the data subject with the following additional information necessary to ensure fair and transparent processing for the data subject:
  1. the duration of the storage of personal data or, where this is not possible, the criteria for determining that duration;
  2. where the processing is based on Article 6(1)(f) of the GDPR, the legitimate interests of the controller or a third party;
  3. the right of the data subject to request the controller to access, rectify, erase or restrict the processing of personal data concerning him or her and to object to the processing of personal data, and the right to data portability;
  4. in the case of processing based on Article 6 (1) (a) or Article 9 (2) (a) of the GDPR, the right to withdraw consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal;
  5. the right to lodge a complaint with a supervisory authority;
  6. the source of the personal data and, where applicable, whether the data originate from publicly available sources; and
  7. the fact of automated decision-making, including profiling, as referred to in Article 22 (1) and (4) of the GDPR and, at least in those cases, the logic used and clear information on the significance of such processing and its likely consequences for the data subject.
  8. Right of access of the data subject
(1) The data subject shall have the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information:
  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
  4. where applicable, the envisaged period of storage of the personal data or, if this is not possible, the criteria for determining that period;
  5. the right of the data subject to obtain from the controller the rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data;
  6. the right to lodge a complaint with a supervisory authority;
  7. if the data were not collected from the data subject, any available information on their source;
  8. the fact of automated decision-making, including profiling, as referred to in Article 22 (1) and (4) of the GDPR and, at least in those cases, the logic used and clear information on the significance of such processing and its likely consequences for the data subject.
(2) The data controller shall provide the data subject with a copy of the personal data processed. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject has made the request by electronic means, the information shall be provided in a commonly used electronic format, unless the data subject requests otherwise.
3. The data subject's right to rectification and erasure
3.1. Right to rectification
(1) The data subject shall have the right to obtain, upon his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data, including by means of a supplementary declaration.
3.2 Right to erasure ("right to be forgotten")
(1) The data subject shall have the right to obtain from the controller the erasure of personal data relating to him or her without undue delay at his or her request and the controller shall be obliged to erase personal data relating to him or her without undue delay where one of the following grounds applies:
  1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws his or her consent pursuant to Article 6 (1) (a) of the GDPR (consent to the processing of personal data) or Article 9 (2) (a) of the GDPR (explicit consent), and there is no other legal basis for the processing;
  3. the data subject objects to the processing on the basis of Article 21 (1) of the GDPR (right to object) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing on the basis of Article 21 (2) of the GDPR (objection to processing of personal data for commercial purposes);
  4. the personal data have been unlawfully processed;
  5. the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
  6. the personal data were collected in connection with the provision of information society services referred to in Article 8 (1) of the GDPR.
(2) Where a controller has disclosed personal data and is required to erase it at the request of the data subject, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that process the data that the data subject has requested the deletion of the links to or copies or replicas of the personal data in question.
(3) Paragraphs (1) and (2) shall not apply where the processing is necessary:
  1. to exercise the right to freedom of expression and information;
  2. for the purposes of complying with an obligation under Union or Swiss law to which the controller is subject to which the processing of personal data is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. on grounds of public interest in the field of public health pursuant to Article 9 (2) (h) and (i) of the GDPR and Article 9 (3) of the Regulation;
  4. for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 89 (1) of the GDPR, where the right referred to in paragraph 1 would be likely to render such processing impossible or seriously impair it; or
  5. to bring, enforce or defend legal claims.
4. Right to restriction of processing
(1) The data subject shall have the right to obtain, at his or her request, restriction of processing by the controller if one of the following conditions is met:
  1. the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the controller to verify the accuracy of the personal data;
  2. the data processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
  3. the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
  4. the data subject has objected to the processing pursuant to Article 21 (1) of the GDPR; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of the controller override those of the data subject.
(2) Where processing is restricted pursuant to paragraph 1, such personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or Switzerland.
(3) The controller shall inform the data subject at whose request the processing has been restricted pursuant to paragraph (1) in advance of the lifting of the restriction.
5. Obligation to notify the rectification or erasure of personal data or the restriction of processing
(1) The controller shall inform all recipients to whom or with whom the personal data have been disclosed of the rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
(2) At the request of the data subject, the controller shall inform the data subject of these recipients.
6. The right to data portability
(1) The data subject shall have the right to receive personal data relating to him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, if:
  1. the processing is based on consent pursuant to Article 6 (1) (a) of the GDPR (consent of the data subject to the processing of personal data) or Article 9 (2) (a) of the GDPR (explicit consent of the data subject to the processing) or a contract pursuant to Article 6 (1) (b); and
  2. the processing is carried out by automated means.
(2) In exercising the right to data portability under paragraph (1), the data subject shall have the right to request, where technically feasible, the direct transfer of personal data between controllers.
(3) The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17 of the GDPR. That right shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(4) The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
7. The right to object
(1) The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data carried out in the public interest or in the exercise of official authority or processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party (processing based on Article 6 (1) (e) or (f) of the GDPR), including profiling based on those provisions. In such a case, the controller may no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
(2) If personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.
(3) Where the data subject objects to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for those purposes.
(4) The right referred to in paragraphs (1) and (2) shall be explicitly brought to the attention of the data subject at the latest at the time of the first contact with the data subject and the information shall be clearly displayed separately from any other information.
(5) In the context of the use of information society services and by way of derogation from Directive 2002/58/EC, the data subject may exercise the right to object by automated means based on technical specifications.
(6) Where personal data are processed for scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of the GDPR, the data subject shall have the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
8. Right to exemption from automated decision-making
(1) The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
\2) Paragraph (1) shall not apply where the decision:
  1. necessary for the conclusion or performance of a contract between the data subject and the controller;
  2. is permitted by Union or Swiss law applicable to the controller which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or
  3. is based on the explicit consent of the data subject.
(3) In the cases referred to in points (a) and (c) of paragraph 2, the controller shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention by the controller, to express his or her point of view and to object to the decision.
(4) The decisions referred to in paragraph 2 shall not be based on the special categories of personal data referred to in Article 9 (1) of the GDPR, unless Article 9 (2) (a) or (g) applies and appropriate measures have been taken to safeguard the rights, freedoms and legitimate interests of the data subject.
9. Right of the data subject's right to complain and seek remedy
9.1 Right to file a complaint with a supervisory authority.
(1) The data subject shall have the right to lodge a complaint with the supervisory authority pursuant to Article 77 of the GDPR if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
(2) The data subject may exercise his or her right to lodge a complaint by contacting:
Federal Data Protection and Information Commissioner (FDPIC) (postal address: Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter Feldeggweg 1 CH - 3003 Bern, Phone: 058 462-4395, web: https://www.edoeb.admin.ch, online contact: https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt/).
(3) The supervisory authority with which the complaint has been lodged shall inform the customer of the procedural developments concerning the complaint and the outcome thereof, including the customer's right to judicial remedy under Article 78 of the GDPR or DSG (Swiss Data Protection Act).
9.2 Right to an effective judicial remedy against the supervisory authority
(1) Without prejudice to any other administrative or non-judicial remedy, any natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of the supervisory authority concerning that person.
(2) Without prejudice to any other administrative or non-judicial remedy, any data subject shall have the right to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform the data subject within three months of the procedural developments concerning the complaint lodged under Article 77 of the GDPR or of the outcome of the complaint.
(3) Proceedings against a supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.
(4) If proceedings are brought against a decision of a supervisory authority on which the Board has previously issued an opinion or taken a decision under the consistency mechanism, the supervisory authority shall send that opinion or decision to the court.
9.3 Right to an effective judicial remedy against the controller or processor
(1) Without prejudice to the administrative or non-judicial remedies available, including the right to lodge a complaint with a supervisory authority under Article 77, every data subject shall have an effective judicial remedy if he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data not in accordance with this GDPR.
(2) Proceedings against a controller or processor shall be brought before the courts of the Member State in which the controller or processor is established. Such proceedings may also be brought in the courts of the Member State in which the data subject has his or her habitual residence, unless the controller or processor is a public authority of a Member State acting in its exercise of official authority.
10. The Data Controller shall compensate any damage caused to another party by unlawful processing of the data subject's data or by breach of data security requirements. The controller shall also be liable to the data subject for any damage caused by the processor and, in the event of a personal data breach, for the damages for the breach.
11. Information about the data breach
(1) Where a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the personal data breach without undue delay.
(2) The information referred to in paragraph 1 provided to the data subject shall clearly and plainly describe the nature of the personal data breach and shall include at least the following information
- the name and contact details of the Data Protection Officer or other contact person who can provide further information,
- the likely consequences of the personal data breach, the measures taken or envisaged by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.
(3) The data subject need not be informed as referred to in paragraph 1 if any of the following conditions are met:
  1. the controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the personal data breach, in particular measures, such as the use of encryption, which render the data unintelligible to persons not authorised to access the personal data;
  2. the controller has taken additional measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject referred to in paragraph 1 is no longer likely to materialise;
  3. information would require a disproportionate effort. In such cases, the data subjects should be informed by means of publicly disclosed information or by a similar measure which ensures that the data subjects are informed in an equally effective manner.
(4) Where the controller has not yet notified the data subject of the personal data breach, the supervisory authority may, after having considered whether the personal data breach is likely to present a high risk, order the data subject to be informed or determine that one of the conditions referred to in paragraph 3 is met.
VII. OBLIGATIONS OF THE CONTROLLER
The Data Controller may, at the request of the data subject:
(1) provide information about the processing of your personal data,
(2) rectify your personal data,
(3) erase or block your personal data, except for mandatory processing required by law.
The Data Controller shall delete the personal data from its non-case-related records if:
(1) the processing is unlawful;
(2) the data subject requests it, provided that erasure is not excluded by law;
(3) the information is incomplete or incorrect and the condition cannot be lawfully corrected;
(4) the purpose of the processing has ceased to exist or the statutory time limit for the storage of the data has expired;
(5) it has been ordered by a court or by a final decision of the Authority which has not been challenged by the Controller.
VIII. THE PROCEDURE TO BE FOLLOWED IN THE EVENT OF A REQUEST BY THE DATA SUBJECT
(1) The Data Controller shall facilitate the exercise of the rights of the data subject, and shall not refuse to comply with a request to exercise the data subject's rights set out in this Privacy Policy, unless it proves that it is not possible to identify the data subject.
(2) The Data Controller shall inform the data subject of the action taken on the request without undue delay and in any event within one month of receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. The Data Controller shall inform the data subject of the extension of the time limit within one month of receipt of the request, stating the reasons for the delay.
IX. PROCEDURE IN THE EVENT OF A DATA BREACH
(1) A personal data breach is a breach of security within the meaning of the GDPR that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
(2) In case of detection of a personal data breach, the representative of the Data Controller shall immediately conduct an investigation to identify the personal data breach and its possible consequences. The Data Controller shall take the necessary measures to remedy the damage.
X. INFORMATION ON VISITORS' DATA ON THE WEBSITE OF THE DATA CONTROLLER
(1) During the visits to the website of the Data Controller, one or more cookies - small packets of information sent by the server to the browser and returned by the browser to the server for each request directed to the server - are sent to the computer of the person visiting the website, through which his/her browser(s) will be uniquely identifiable, provided that the person visiting the website has given his/her explicit (active) consent to this by continuing to browse the website after being clearly and unambiguously informed.
(2) Cookies are used solely to improve the user experience and to automate the login process. The cookies used on the website do not store personally identifiable information and the Data Controller does not process personal data in this context.
XI. RULES ON DATA PROCESSING
(1) The Data Controller shall engage an external processor to carry out the following tasks in relation to the personal data it processes:
- HOSTING SERVICE
Name and contact details of the data processor: On behalf of Google Cloud Platform (GCP) Google Switzerland GmbH acts as a data subprocessor.
Address: Europaallee 36, 8004 Zurich, Switzerland
Phone: +41 44 668 1800
Scope of data processed: all personal data provided by the data subject.
Data subjects: the data subject who uses our paid services.
Purpose of processing: to ensure the smooth and continuous provision of services by the Data Controller.
Duration of processing: until the end of the agreement between the Data Controller and the Processor or until the data subject's request for erasure.
The legal basis for the processing of data is Article 6 (1) (f) of the GDPR.
  • PAYMENT PROVIDER
    Name and contact details of the data processor: Stripe Inc.
Address: 354 Oyster Point Boulevard South San Francisco, California, 94080, USA
Chat: link
Scope of data processed: all personal data provided by the data subject (trackers, usage data, first name, last name, email address, various types of data as specified in the privacy policy of the service, billing address, payment info, purchase history.). For more details, please visit Sripe’s webpage here.
Data subjects: the data subject who uses the payment service.
Purpose of processing: to ensure the smooth and continuous provision of services by the Data Controller in case of payment.
Duration of processing: until the end of the agreement between the Data Controller and the Processor or until the data subject's request for erasure.
The legal basis for the processing of data is Article 6 (1) (f) of the GDPR.
(2) The data subject shall also have full and complete rights against the data processor as set out in point VI of this Privacy Policy.
(2) The Data Controller declares that the processor shall process the personal data that have come to its knowledge only in accordance with the provisions of the Data Controller, shall not process the personal data for its own purposes and shall store and retain the personal data in accordance with the provisions of the Data Controller.
(3) The Data Controller expressly states that it is not directly or indirectly responsible for the data processing and data security of the Processor, which is governed solely by the data protection policies and rules of the Processor.
(4) The Data Controller reserves the right to involve additional processors in the future, which will be informed by amending this Privacy Policy.

Feel free
to joinour open
community

Made with love in Switzerland. Hack safely, use Octopwn.
All rights reserved. - Octopwn - 2024
ver: nxg8