Privacy Policy

We collect and process personal data that concern you but also other individuals («third parties»). We use the word «data» here interchangeably with «personal data».

In this Privacy Notice, we describe what we do with your data when you use chromnil.com, obtain services or products from us, interact with us in relation to a contract, communicate with us or otherwise deal with us. When appropriate we will provide a just-in-time notice to cover any additional processing activities not mentioned in this Privacy Notice. In addition, we may inform you about the processing of your data separately, for example in consent forms, terms and conditions, additional privacy notices, forms and other notices.

If you disclose data to us or share data with us about other individuals, such as family members, co-workers, etc., we assume that you are authorized to do so and that the relevant data is accurate. When you share data about others with us, you confirm that. Please make sure that these individuals have been informed about this Privacy Notice.

  1. What data to we process?

We process various categories of your personal data. The most important categories are as follows:

Master data: This includes basic details such as your name, contact details, personal details, photos, customer history, powers of attorney, declarations of consent, your relationship to us (e.g. customer, supplier, partner) as well as information about third parties (e.g. contact persons).

Contractual data: This is data which we collect in the course of providing our services (e.g. support or if you purchase our products in the online shop) as well as in general for the conclusion or the execution of contracts (both with customers, suppliers, service providers, partners, etc.), such as contractual services we owe you or you owe us, data concerning the provision of services, data from before concluding the contract (e.g. references), information about reactions (e.g. information about satisfaction) and financial data (e.g. payment information but also data about creditworthiness).

Communication data: This is data that we collect when we communicate with you or with third parties (e.g. by e-mail, telephone, mail or via other means of communication), such as the content of e-mails or letters, your contact details as well as marginal data from communication.

Technical data: This is data that we collect when you use our electronic resources (e.g., website), such as IP address, information about the operating system of your end device, the region, and the time of use. In general, technical data does not allow any conclusions to be drawn about your identity.

  1. Where do we collect your data?

From you: You provide much of the above data yourself (e.g., in connection with our services for you or your employer or client or when communicating with us). You are not obligated to provide your data, except for in individual cases (e.g., because of legal requirements). However, if you conclude contracts with us or want to use our services, for example, you have to disclose certain data.

From third parties: We can also collect data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet incl. social media) or receive it from authorities and from other third parties (e.g. credit bureaus, address brokers, associations, contractual partners, Internet analytics services). In particular, this includes the following categories: master data, contractual data and other data, but also all other above-mentioned data categories as well as data from correspondence and meetings with third parties. If you work for an employer or client or someone else who has a business relationship with us or other dealings, they may also make data about you accessible to us.

  1. For what purposes do we process your data?

In general, we collect and process your personal data for the following purposes in particular:

Operating our website: You can visit our website and obtain information about our services without telling us who you are. In order to be able to operate our website in a secure and stable manner, we collect technical data that at least allow us to recognize you. We also use cookies and similar technologies (see below).

Communication: We process your data in order to be able to communicate with you (e.g. in order to respond to inquiries, in the context of consulting as well as the execution of contracts).

Contractual relationships: We process data for the conclusion, administration and performance of contractual relationships.

Relationship management: We process data for marketing purposes and relationship management, for example to send our customers and other contractual partners personalized advertising for products and services from us. This may happen in the form of newsletters and other regular contacts (electronically, by e-mail or by telephone), through other channels for which we have contact information from you, but also as part of marketing campaigns (for example events, contests, etc.) and may also include free services (for example invitations, vouchers, etc.). You can reject this type of contact at any time or refuse or withdraw consent to being contacted for advertising purposes by sending a message to the address shown at the end.

Compliance with laws, instructions and recommendations from authorities and internal regulations: We may process personal data in the context of complying with laws (e.g. anti-money laundering, tax law obligations and for implementing health and safety concepts). Data may also be processed during internal and external investigations (e.g. by law enforcement or supervisory authorities or a commissioned private body). Legal obligations may be Swiss law or also foreign regulations which we are subject to as well as self-regulation, industry standards, in-house “corporate governance” and official instructions and requests.

  1. On what basis do we process your data?

If the GDPR applies, we base the processing of your data on the following basis, depending on the situation and the purpose of processing:

Contract: Insofar as we process data for the conclusion and execution of contracts which we conclude or have concluded for you or with you or your employer, client, or other people for whom you are working, this is also the legal basis on which we process your data.

Legal obligations: Furthermore, we can process your data based on the applicable legal, regulatory, and professional provisions we have to adhere to.

Legitimate interest: We can process your data based on our legitimate interest or a legitimate interest of a third party. In particular, this applies to achieving the purposes and objectives specified in Section 3 and for implementing associated measures. Among other things, we have a legitimate (and overriding) interest in marketing our products and services as well as in a better understanding of the markets relevant to us and our activities (in particular in the efficient and secure handling of our processes and in further development of our activities), in the efficient and effective management of our company and safeguarding of the security of our systems and our interests toward third parties.

Consent: If we ask you for your consent for the processing of your data, this is the legal basis on which we process your data. In this process, we inform you about the purpose of processing. You can withdraw your consent at any time by sending a written message (by mail or, if not stated or agreed otherwise, by e-mail) to us, with effect for the future. Once we have received and processed the message concerning withdrawal of your consent, we will no longer process your data for the purposes which you originally agreed to (unless further processing may be carried out based on another legal basis).

Other legal basis: In specific cases, we can also perform data processing based on other legal bases. If this is the case, we will inform you on a case-by-case basis.

  1. With whom do we share your data?

To perform the contract, to pursue our legitimate interests, or to comply with statutory requirements, it might be necessary to forward your data to the following categories of recipients:

Service providers: We work with service providers in Switzerland and abroad who process your data on our behalf or as joint controllers with us or who receive data about you from us as separate controllers.

Contractual partners: This refers to customers (for example, service recipients) and our other contractual partners, as this data disclosure results from these contracts.

Authorities: We may disclose personal data to agencies, courts, and other authorities in Switzerland and abroad if we are legally obliged or entitled to make such disclosures or if it appears necessary to protect our interests.

Other persons: This means other cases where interactions with third parties follows from the purposes set out in Section 3.

All these categories of recipients may involve third parties, so that your data may also be disclosed to them. We can restrict the processing by certain third parties (for example, IT providers), but not by others (for example, authorities, banks, etc.).

  1. Is your data disclosed abroad?

We mainly process and store personal data in Switzerland and the European Economic Area (EEA), but, in exceptional cases – for example via subcontractors of our service providers – potentially in every country around the world.

If a recipient is located in a country without appropriate data protection, we contractually oblige the recipient to comply with a sufficient level of data protection (for this purpose, we use the amended standard contractual clauses from the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?, including the amendments necessary for Switzerland), unless the recipient is subject to a legally accepted set of rules to ensure data protection and we cannot rely on a derogation clause. In particular, a derogation may apply in the event of legal proceedings abroad, but also in cases of overriding public interest if the performance of a contract which is in your interest requires this type of disclosure, if you have consented or obtaining your consent within an appropriate period is not possible and the disclosure is necessary in order to protect your life or your physical integrity or that of a third party, or if it concerns data made generally accessible by you whose processing you have not objected to.

  1. How long do we process your data?

We store personal data only for the duration required to fulfill the purposes for which the personal data was collected, if we have a legitimate interest in storing the data or are required to do so by law or storage is required for technical reasons (e.g. in the case of backups or document management systems). If no legal or contractual obligations run contrary, we erase or anonymize your data once the storage or processing period has elapsed as part of our usual processes.

We take appropriate technical and organizational measures in the interest of confidentiality, integrity and contractual availability of personal data. In accordance with our risk assessment, we implement admission controls in particular, but also access controls as well as procedures for regular checking, assessment and evaluation of the measures.

If there are no legal retention regulations in individual cases, we generally process personal data for the duration of the business relationship or contract period and then, depending on the applicable legal basis, for an additional five, ten or more years. This corresponds to the duration within which we can assert legal claims against third parties or third parties can do so against us. Ongoing or forthcoming legal proceedings may result in processing over and beyond this period.

  1. How do we protect your data?

We take appropriate security measures in order to maintain the required security of your personal data and ensure its confidentiality, integrity and availability, and to protect it against unauthorized or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access. However, the security risks cannot generally be completely excluded and a certain remaining level of risk is unavoidable.

  1. What are your rights?

Applicable data protection laws grant you the right to object to the processing of your data in some circumstances, in particular for direct marketing purposes, for profiling carried out for direct marketing purposes and for other legitimate interests in processing.

To help you control the processing of your personal data, you have the following rights in relation to our data processing, depending on the applicable data protection law:

  • The right to request information from us as to whether and what data we process from you;

  • The right to have us correct data if it is inaccurate;

  • The right to request erasure of data;

  • The right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;

  • The right to withdraw consent, where our processing is based on your consent;

  • The right to receive, upon request, further information that is helpful for the exercise of these rights

If you wish to exercise the above-mentioned rights in relation to us, please contact us in writing, at our premises or, unless otherwise specified or agreed, by e-mail; you will find our contact details below.

If you do not agree with the way we handle your rights or with our data protection practices, please let us know. If you are located in the EEA, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with the competent data protection supervisory authority in your country.

  1. Do we use online tracking techniques and cookies?

This website may use cookies to ensure optimal functionality and user experience. Cookies are small text files stored on your device by your browser. This website uses only essential cookies to ensure basic functionality. No tracking or marketing cookies are used, and no external third-party services (such as analytics tools or embedded content) are intentionally integrated.

Neither the technical data we collect nor cookies generally contain any personal data. However, your personal data, which we store or third-party providers commissioned by us store (e.g., if you have a user account with us or these providers), can be linked to the technical data or the information stored in the cookies and obtained from them and thus possibly to your person.

  1. Contact

If you have any questions about the data processing described in this privacy policy, exercise your data subject rights following the data protection law applicable to us, or have general questions about data protection at chromnil, please contact:

info@chromnil.com

  1. Can we update the privacy notice?

This Privacy Notice is not part of a contract with you. We can change this Privacy Notice at any time. The version published on this website is the current version.


Last updated: April 2025