At ITpoint Systems AG (“we”, “us”, “ITpoint”), we take your privacy seriously.
This privacy notice explains how ITpoint collects and uses personal data and describes the rights you have with respect to your personal data.
As a responsible organisation, we have implemented numerous technical and organisational measures to ensure the most complete protection of any personal data processed by us, in order to meet the requirements of the General Data Protection Regulation (“GDPR”), the Swiss Federal Data Protection Act (“FADP”) and in accordance with any country-specific data protection regulations.
ITpoint processes personal data for a variety of purposes. We collect this data directly from you, for example, if you engage us to provide services directly to you, or we may also obtain your personal data from publicly available sources (e.g., LinkedIn), or process your data in the context of providing services to your employer (as our customer).
This privacy notice is intended to cover all aspects and scenarios of how ITpoint processes personal data and it is further supplemented by more specific privacy notices, which are provided to you at the time your personal data is collected, where appropriate.
The data controller for the purposes of the GDPR and FADP, other data protection laws applicable in Switzerland and Member states of the European Union and other provisions related to data protection is:
ITpoint Systems AG
Phone: +41 41 798 80 80
Email: [email protected] (for Data Protection Enquiries)
Website: https://www.itpoint.ch
ITpoint Systems AG is a subsidiary of Sharp Electronics (Europe) GmbH. Please note that each Sharp organisation within Europe is a Data Controller in its own right and you should check the Privacy Policy on the local country website domain (e.g. sharp.co.uk, sharp.fr, sharp.de, itpoint.ch) which you are accessing or where you reside.
As a data controller we are responsible for deciding how we hold, use and keep personal data secure. It also means we are responsible for responding to requests you make in relation to how your personal data is used. If you have any questions about the way your personal data is processed, you can contact us on these details:
Email: [email protected]
You may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.
Article 27 of the General Data Protection Regulation (GDPR) requires organizations that are not established in the European Union (EU) to designate a representative in the EU if they are subject to the GDPR.
ITpoint Systems AG may undertake processing activities to which the GDPR applies. For that reason, ITpoint Systems AG has appointed a representative in accordance with the GDPR to act on their behalf if, and when, they undertake data processing activities to which the GDPR applies, in accordance with Articles 13 and 14 of the GDPR. Such appointment is not intended to be an acknowledgement that the GDPR is applicable to any of their processing activities.
The Data Protection Representative of the Controller is:
EU:
Sharp Electronics (Europe) Ltd. Sucursal en España, incorporated in Spain whose registered office is at WTC Almeda Park, Plaça de la Pau s/n, Edificio-6, Planta-4, 08940 Cornellà de Llobregat, Barcelona, Spain E-Mail: [email protected]
UK:
Sharp Electronics Europe Ltd, 4 Furzeground Way, Stockley Park, Uxbridge, UB11 1EZ, United Kingdom E-Mail: [email protected]
This privacy notice covers any personal data processed by ITpoint. “Personal data” means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. Personal data also refers to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of an individual.
It also includes sensitive personal data (special category data as referenced in the GDPR), including:
Sensitive personal data also includes personal data relating to criminal convictions and offenses.
We will collect personal data when you set up an account with us, purchase products or services from us, complete forms we provide to you, make a report or notification about our products or services, contact us by phone, email or communicate with us directly in some other way.
Below we define types of personal data processed by us depending on the circumstances in which personal data is collected. We collect the following types of personal data from you:
Personal data we collect about you when you visit our site falls into two categories.
A. Information provided directly by you:
We collect personal data that you provide voluntarily through our site, for example, when completing online forms to contact us, subscribing to a newsletter, using one of our online services, subscribing to receive marketing communications from us, participating in surveys or registering for events that we are organizing. The information we collect about you includes the following:
We do not intentionally collect sensitive category data, unless you provide us with such data. While there may be free text boxes on the site where you are able to enter any information, we do not intend to process sensitive information and you should therefore refrain from providing any such data. If you choose to provide any sensitive personal information in this manner, you acknowledge you consent to the collection and processing of this sensitive information.
B. Automatically collected information:
When you visit our site, we collect certain personal data automatically from your device, such as your IP address, device type, unique device identification number, browser type, broad geographic location (e.g., country or city-level location) and other technical information. We may also collect information on how you and your device interacted with the content on our site e.g. links clicked, information accessed. We collect this information to gain better understanding of the visitors to our site, where they come from and what content on our sites is of interest to them. This information may further be used for analytics and quality purposes. Further information on how ITpoint uses automatically collected data, including cookies and other similar tracking technology, is explained in our Cookie Policy.
Our site also uses various social media plugins, please refer to section 4.6 for further information on their use.
When you engage us to provide services to you, we collect and use personal data for valid business purposes in the context of providing services to you. As part of any such service, ITpoint may also process personal data of individuals who are not directly our customers (for example, employees, customers or suppliers of our customers).
The majority of the personal data we collect and use to provide our services is supplied voluntarily by our customers. Where such data may concern individuals who are not ITpoint’s direct customers, we obtain a confirmation from our customer confirming they have the authority to pass the data to us for lawful onward processing.
We process the following types of personal data:
We process personal data about our business contacts (e.g. existing, former or prospective customers, including any individuals employed by them and other business contact) in our Customer Relationship Management (CRM) systems.
Our CRM systems provide support to the business and facilitate our marketing operations. ITpoint uses the information recorded on such systems to share with contacts information about ITpoint products, marketing materials, surveys and invitations to events, and for general customer relationship administration purposes.
We process the following categories of personal data in our CRM systems:
We do not intentionally collect sensitive category data, unless you provide us with such data (for example, special dietary requirements which reveal your religious affiliation or any food allergies), if you attend one of our events. Collection of any such data will be subject to specific privacy notices, relevant to the event your are attending.
We process personal data about participants in events organised by ITpoint including meetings, conferences, learning sessions and webinars. We may use various applications and online platforms to manage event registration processes. Please take note of their own privacy notices and read them carefully when you provide your personal data for the purposes of event participation.
We process the following categories of personal data (to the extent they apply a specific event):
We do not intentionally collect sensitive category data, unless you provide us with such data (for example, special dietary requirements which reveal your religious affiliation or any food allergies or other data relating to your health necessary to provide support to participants and facilitate their attendance in ITpoint run events).
ITpoint may take photographs and audio or video recordings in public areas of the ITpoint events. Following the event, recordings may be further edited before they are published or distributed for marketing purposes.
We provide external users, including our customers and their end users, access to various applications managed by us such as our partner service portal. Any personal data collected via these applications (e.g. name, email address, data and time of registration) is captured to provide the individuals with this service, verify their identity and to provide them with a secure log in to a protected web environment. It also enables ITpoint to provide access or deny access due to misuse of service. Any third-party applications provided by ITpoint are subject to their own privacy notices. Please familiarise yourself with their content and read them carefully when you use our platforms and applications.
Social media sites
ITpoint uses various social media platforms for recruitment, marketing and business development purposes. We use social media to advertise recruitment opportunities with ITpoint and to promote products, services and brand.
Please note that while ITpoint is responsible for the content it publishes using social media platforms, ITpoint will not be responsible for the management and administration of any social media platforms. You should always familiarize yourself and read carefully any legal and privacy terms imposed by these social media platforms. If you have any questions on how the social media platform uses your data, you should contact the platform provider directly.
In some circumstances, ITpoint may obtain aggregated data from these social media platform providers, e.g. number of “likes” in response to ITpoint published content and posts, number of visitors who engage with our posts or information on links clicked and downloaded content.
Social media plugins
Social media plugins are also implemented on our site e.g. specific button which enables the site to establish a direct connection with the relevant social media platform server. As a result of such direct connection, the social media provider will be informed of the relevant page on our site which triggered such link. If you wish to prevent such sharing, you should review your settings within your social media accounts prior to visiting our website as ITpoint has no influence on how the data is collected using social media plugins.
Our site uses the following plugins and widgets:
ITpoint uses a variety of tools to maintain the security of our IT infrastructure, including our email facilities. Examples of such tools are:
If you correspond via email with a ITpoint recipient, your emails will be scanned by the tools ITpoint operates to maintain the security of its IT infrastructure, which could result in content being read by authorized ITpoint personnel other than the intended recipient.
We process personal data for recruitment purposes, to facilitate the administration of our available employment opportunities and to match your skills, experience and education with specific roles offered by ITpoint. Any such data may be collected directly from the candidate or from other third parties, about the candidate.
In general terms, we collect the following types of personal data:
This information is passed to the relevant hiring managers and persons involved in the recruitment process to decide whether to invite you for an interview. ITpoint will collect further information if you are invited to the interview (or equivalent) stage and onward. Such information includes interview notes, assessment results, feedback and offer details.
As part of our recruitment process, we may also collect special category data from candidates where we have an employment law obligation to do so. This information is relevant to their future working environment at ITpoint or the future provision of employment benefits, or with the individual’s explicit consent, where collecting such information is permitted by law.
Our recruitment tools and websites contain their own privacy notices explaining why and how personal data is collected and processed by those applications. We encourage individuals using our recruitment tools and websites to refer to the privacy notices available on those tools and websites.
We process personal data about our suppliers (including subcontractors, and individuals associated with our suppliers) in order to manage our relationship and contract, and to receive services from our suppliers.
The personal data we process is generally limited to contact information (name, name of employer, phone, email and other contact details) and financial information, including payment-related information.
When you visit an ITpoint office, we process your personal data in order to provide you with certain facilities (such as access to our buildings and conference rooms or Wi-Fi), to control access to our buildings, and to protect our offices, personnel, goods and confidential information (for example, by using CCTV).
The personal data we collect is generally limited to your name, contact information, location, and the time you enter and leave our office.
We limit the collection of personal data to only that which is absolutely necessary to carry out our legal or business obligations. In some cases, however the provision of personal data may be partly required by law (e.g. tax regulations), is needed as part of contractual negotiations, or as part of providing a service. Below, we describe:
Type of data | Purposes for processing | Legal grounds for processing | |
---|---|---|---|
1. | Visitors to itpoint.ch | – To administer and manage our site, including to confirm and authenticate your identity, and prevent unauthorized access to restricted areas of our site – To personalize and enrich your browsing experience by displaying content that is more likely to be relevant and of interest to you – To analyse the data of visitors to our site – To determine the company, organization, institution or agency that you work for or with which you are otherwise associated – To develop our business and services – To provide you with marketing communications – To conduct benchmarking and data analysis (for example, regarding usage of our site and demographic analyses of visitors of our site) – To understand how visitors use the features and functions of our site – To monitor and enforce compliance with applicable terms of use – To conduct quality and risk management reviews – Any other purpose for which you provided information to ITpoint | – Our legitimate interest in the effective delivery of information and services to you, and the effective and lawful operation of our businesses – Our legitimate interest in developing and improving our site, and your user experience – Explicit consent of the visitor |
2. | Customers | – To provide services to you – To administer our relationship and maintain contractual relations – For accounting and tax purposes – For marketing and business development – To comply with our legal and regulatory obligations – To establish, exercise or defend legal rights – For historical and statistical purposes | – Performance of a contract – Our legitimate interest in the effective delivery of information and services to you, and the effective and lawful operation of our businesses – Our legitimate interest in fulfilling a contract between you and ITpoint |
3. | Contacts in our CRM systems | – To provide you with information about our products and services – For marketing and business development – To administer our relationship and maintain contractual relations | – Explicit consent of the business contact – Our legitimate interest in managing the relationship with our business contacts and providing information about ITpoint, our services and events we organize |
4. | Participants in ITpoint events | – To provide you with information about our products and services – For marketing and business development – To administer the participation in the event and its facilitation | – Explicit consent of the participant – Our legitimate interest in organizing events and managing the registration process for such events. – Our legitimate interest in protecting our people, assets and information, and to prevent unauthorized people gaining access to off-site ITpoint events. – Our legitimate interest in providing information about ITpoint, our services and events we organize |
5. | Individuals who use our platforms and applications | – To administer our relationship and maintain contractual relations – To facilitate access to our platforms and applications | – Our legitimate interest in the effective delivery of information and services to you, and the effective and lawful operation of our businesses – Our legitimate interest in fulfilling a contract between you and ITpoint – Explicit consent of the platform/application end user |
6. | Individuals who visit our social media sites, social media plugins and tools | – To provide you with information about our products and services – For marketing and business development – For recruitment | – Our legitimate interest in promoting services – Our legitimate interest in attracting, identifying and sourcing talent – Our legitimate interest to improve your website experience and to optimize our services |
7. | Individuals who correspond with ITpoint via email | – To provide you with a resolution of your query or request – For information security purposes | – Our legitimate interest in protecting our IT infrastructure against unauthorized access or data leakage – Our legitimate interest in analysing email traffic |
8. | Job applicants | – For recruitment and talent sourcing purposes – To facilitate selection and onboarding of job candidates – To comply with our legal and regulatory obligations – To establish, exercise or defend legal rights – To administer your account throughout the application process including performance of any background checks, where applicable – For statistical purposes | – Explicit consent of the candidate – Our legitimate interest in attracting, identifying and sourcing talent – Our legitimate interest to process and manage applications for roles at ITpoint, including the screening and selecting of candidates – Our legitimate interest to hire and onboard candidates by making an offer to successful candidates, and carrying out pre-employment screening checks – Our legitimate interest to manage our career websites (including conducting statistical analyses) – Compliance with a legal or regulatory obligation (when carrying out background checks to warrant a candidate is eligible to work) |
9. | Suppliers | – For management of our relationship and contract including administration of payments and debt recovery – To comply with our legal and regulatory obligations – To establish, exercise or defend legal rights | – Performance of a contract – Compliance with a legal or regulatory obligation – Our legitimate interest in managing payments, fees and charges, and to collect and recover money owed to ITpoint – Our legitimate interest in safeguarding against ITpoint inadvertently dealing with the proceeds of criminal activities or assist in any other unlawful or fraudulent activities |
10. | Visitors to ITpoint offices | – For administration of visitor access to ITpoint premises – For protecting and safeguarding our premises, employees and information – To comply with our legal and regulatory obligations – To establish, exercise or defend legal rights | – Our legitimate interest in protecting our offices, personnel, goods and confidential information – Our legitimate interest in preventing and detecting crime, and establishing, exercising and defending legal claims |
We share your personal information with the following:
We may transfer, sell or assign any of the information described in this Privacy Policy to third parties as a result of a sale, merger, consolidation, change of control, transfer of assets or reorganisation of our business. Where we are involved in a merger, acquisition or sales of assets, we will always process your data in line with your rights and freedoms and subject to confidentiality agreements between the parties.
Sharp group companies operate in various locations across the globe. Some parts of our internal infrastructure are centralised which includes provision of information technology services. We may also transfer personal data to third parties (and their affiliates) which provide the above-mentioned ancillary services to ITpoint or Sharp group.
Therefore, your personal data will sometimes be transferred outside of the jurisdiction in which it was collected and stored. This includes countries outside of Switzerland, the European Economic Area (EEA) and the United Kingdom (UK). Where such a transfer is required, we put in place appropriate security and legal measures to safeguard the safety and security of personal data. ITpoint and Sharp group has implemented appropriate intragroup data transfer agreements, providing for a legally binding and enforceable commitment to protect any personal data within the Sharp company group. Where personal data is transferred to a third party service provider, we also ensure legally binding contractual protections are in place, consistent with the GDPR, FADP and any other applicable data protection laws.
You have the following rights in relation to your personal data:
To exercise your rights to any of the above or to lodge a complaint about an alleged breach of data protection law, please contact us via [email protected]
ITpoint has implemented appropriate organisational and technical controls to protect the confidentiality and security of information it obtains in the course of its business. Access to such information is limited, and policies and procedures are in place that are designed to safeguard the information from loss, misuse and improper disclosure.
Our policy is to retain personal data only for as long as it is needed for the purposes described in the section 5 of this Privacy Policy “Purposes and legal grounds for processing”. Note that retention periods vary in different jurisdictions and are set in accordance with local regulatory and professional retention requirements.
We may update this privacy policy from time to time to reflect changes in the way we process personal data (e.g. if we implement new systems or processes that involve the new uses of personal data) or to clarify information we have provided in this notice. Our changes will be in accordance with applicable data protection laws.
We recommend that you check for updates to this notice from time to time but we will notify you directly about changes to this notice or the way we use your personal data when we are legally required to do so.
ITpoint Data Privacy Policy
Version: 2.0 | October 2023