Skribble Privacy Policy

The data controller for the purpose of data protection laws, especially the EU General Data Protection Regulation (GDPR), is:

Skribble AG
Philipp Dick
Förrlibuckstrasse 190
8005 Zurich
Tel.: +41 44 505 16 64
Email: info@skribble.com
Website: https://www.skribble.com

1. General information

Based on Article 13 of the Swiss Federal Constitution and data protection provisions (Swiss Federal Act on Data Protection, FADP), and according to the European General Data Protection Regulation (GDPR), every person has a right to privacy and protection from misuse of their personal data. We take the protection of your personal data very seriously. We treat your data as confidential and handle it in accordance with statutory data protection regulations and our privacy policy.

The terms used in this policy are the terms defined in Article 4 GDPR.

We work together with our service providers and partners to protect all data processing operations from unauthorised access, loss, misuse and unauthorised changes, as effectively as possible and in accordance with the current state of the art.

1.1 Legal basis

Our legal basis for using your data depends on

• the services that you use (contract or pre-contractual measures, Article 6(1)(b) GDPR);
• our need to comply with a legal obligation (Article 6(1)(c) GDPR);
• consent that you have given us (consent, Article 6(1)(a) GDPR); or
• a legitimate interest, such as ensuring the security of the website (Article 6(1)(f) GDPR).

1.2 Purposes

We use your data for purposes including

• providing our service to you and keeping that service up and running;
• informing you of changes to our service;
• providing customer service;
• collecting analytical data and other valuable data so that we can improve our service;
• monitoring use of our service;
• recognising, preventing and correcting problems;
• sending you news, special offers and general information on other products, services and events we offer, as long as they are similar to those that you have already purchased - from us or enquired about with us, and provided that you have not disabled such notifications.

1.3 Processing of personal data

We process personal data in line with the EU GDPR and Swiss data protection law. Personal data is any information relating to an identified or identifiable natural person.

We process your data for as long as is necessary to fulfil the relevant purpose or purposes. When we are required to retain personal data beyond that period because we are subject to statutory and other obligations, we restrict processing accordingly.

Processing on our website (www.skribble.com)

2.1 SSL/TLS encryption on our website

We use SSL/TLS encryption on our website for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us. You can identify an encrypted connection because the address in your browser changes from http:// to https:// and, depending on the browser, if a padlock symbol is displayed in the browser bar.

When SSL or TLS encryption is enabled, third parties cannot read information that you send us via the contact form .

Please note that the transmission of data via the internet (e.g. when communicating by email) may be subject to security vulnerabilities. It is not possible to fully protect data from third-party access without using some type of email encryption, such as PGP or S/MIME, and you do so at your own risk.

2.2 Collection of server log files

You can generally visit our website without registering. When you visit our website, we store information on our server, such as the pages you access or the names of the files you open, along with the date and time of access, for statistical purposes. However, this data is not personal data.

We automatically collect and store information in server log files that your browser automatically sends to us. This information consists of:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the computer accessing our site
• Time of the server request
• IP address.

We can only associate this information with individuals indirectly. We will not combine this data with other sources of data. We reserve the right to review this data at a later point in time if we become aware of specific indications of unlawful use.

3. Rights of data subjects

Data protection legislation grants you the following rights as a data subject. To exercise one or more of these rights, simply contact our data protection officer.

3.1 Right of access

You have the right to request confirmation from us regarding whether or not we process personal data concerning you and, if we do, you have the right to access that personal data and the information described in Article 15 GDPR.

3.2 Right to rectification

As a data subject, you can change personal data that we have stored for you at any time or you can have us rectify it for you.

3.3 Right to erasure

As a data subject, you can submit a request for erasure at any time. Unless we are required by law or some other obligation to continue to retain your data, we will gladly grant your request. If we cannot erase your data, we will restrict its processing.

You can delete your account on your own in your profile settings. We would be happy to assist you with that.

3.4 Right to data portability

You have the right to receive the personal data concerning you that we process on the basis of your consent or a contract in a structured, commonly used and machine-readable format, and the right to transmit that data to another controller, if needed.

3.5 Right to object

Every data subject has the right to object to the processing of their personal data at any time on grounds relating to their particular situation.
We will no longer process that personal data unless we demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

3.6 Withdrawing your consent

You can withdraw your consent at any time once you have given it. To do so, send an informal request to our data protection officer or use our contact form or the opt-out link in our newsletter.

3.7. Right to file a complaint with a supervisory authority

If you are not satisfied with our reply to one of your requests to protect your personal data or with the way in which we are processing your data, you have the right to file a complaint with your local supervisory authority.

4. Use of data on our platform (my.skribble.com)

4.1 Security of processing

We use appropriate technical and organisational measures to ensure that your personal data is protected. The measures that we take are always in accordance with the current state of the art. Our employees are kept informed via regular updates and training. Our platform’s infrastructure runs on servers that are housed in ISO 27001-certified Swiss data centres, which have implemented high security standards.

4.2 Registering on the platform

To open an account on the platform, you only need to provide the following data:

• Email address
• First name and surname
• Nationality
• Mobile number.

Alternatively, you can register by using a supported single sign-on solution (such as trustID).

4.2.1 For businesses (single sign-on)
When you use single sign-on to provide your employees with easy access to our platform, your data is transmitted via the OpenID Connect API. As the data controller, you decide what data to send to us for authentication. We would be happy to send you a processing agreement. Just let us know if you would like us to do so.

4.3 Your details for paid services

When we provide paid services, we ask for additional data, such as payment details, so that we can process your order. We store this data in our system until the statutory retention period ends.

4.4 Data processing for our partners’ signature solutions

If you use advanced electronic signatures (AdES) and/or qualified electronic signatures (QES) on our platform, our partners will handle the identification process. We use an API to ask these partners if they have valid identification for you or we create an identity for you.

Our partners for signatures and identification are:

Swisscom (Switzerland) Ltd
Enterprise Customers Identification Services
Pfingstweidstrasse 51
CH-8005 Zurich
Swisscom Privacy Policy

GMO GlobalSign, Ltd.
Springfield House, Sandling Road
Maidstone, Kent ME12 2LP
United Kingdom
GlobalSign Privacy Policy

4.5 Processing of your support requests

We use CRM from HubSpot (2nd Floor, 30 North Wall Quay, Dublin 1, Ireland – HubSpot Privacy Policy ) to process your support requests and manage your customer data.

HubSpot is certified to the Swiss-US Privacy Shield framework, and places great importance on the provision of privacy-friendly technology. In addition, we have agreed the European standard contractual clauses and regularly check the provider’s data protection compliance.

4.6 External payment provider (Stripe)dat

We use Stripe, an external payment provider whose platforms both you and we can use to initiate payments (Stripe Payments Europe, Ltd (C/O A&L Goodbody, Ifsc, North Wall Quay, Dublin 1 – Stripe Privacy Policy )

If you pay with Stripe, the data you enter will be transmitted to Stripe. Your data is transmitted on the basis of Article 6(1)(b) GDPR (contract). Your data is forwarded for the sole purpose of processing your payment and only to the extent that is necessary for that purpose.

5. Third-party services on our website (www.skribble.com)

5.1 General information about cookies

We use cookies on our website and platform (my.skribble.com). Cookies are small text files that are stored on your web browser. They help us offer specific functions on our website.

Most browsers are set to accept cookies by default. You can adjust your browser’s security settings to reject cookies. If you do not accept cookies, you may not be able to use some features on our website, and some pages may not display correctly. You can find detailed instructions on how to set your browser to not store cookies here: https://www.allaboutcookies.org

You can find more information about the cookies we use in our Cookie Policy or in the cookie banner.

5.2 Live chat via HubSpot

For a better user experience and to get quick answers to your questions, you can communicate with us directly via the live chat service from HubSpot (2nd Floor, 30 North Wall Quay, Dublin 1, Ireland – HubSpot Privacy Policy . We process the information and messages that you send us when you use this service. Use of the service is voluntary.

If you use live chat, we can see whether you have read a message and when. Please do not share any sensitive information or account details with us via live chat.

Data may be processed outside the EU when you use live chat. When this happens, HubSpot is bound by its commitment to the Swiss-US Privacy Shield, which requires HubSpot to fully comply with data protection standards.

We store this data to your account so that we can access your full communication history if you have a follow-up question.

5.3 Our newsletter via HubSpot

If you want to stay up to date with news, offers and customer information, and would like to receive our newsletter, all we need is your email address. You will need to confirm your email address to verify that you want to receive the newsletter.

We use HubSpot (2nd Floor, 30 North Wall Quay, Dublin 1, Ireland – HubSpot Privacy Policy ) as our service provider for sending and managing the newsletter. You can withdraw your consent and unsubscribe at any time. Every message you receive from us gives you the option to completely unsubscribe or update your preferences.

5.4 Embedded social media links

Our website provides links to our company profiles on LinkedIn, Xing, Facebook, YouTube and Twitter. When you access one of these links, you leave our website and you are redirected to the servers of that social media provider.

You can find the privacy policy for LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA) here: LinkedIn Privacy Policy

You can find the privacy policy for Xing (New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany) here: Xing Privacy Policy

You can find the privacy policy for Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) here: Facebook Privacy Policy

You can find the privacy policy for YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) here: YouTube Privacy Policy

You can find the privacy policy for Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland) here: Twitter Privacy Policy

6. Questions for our data protection officer

If you have questions about data protection, please send us an email or contact our data protection officer directly:

Lena Ludwig
PSW GROUP Consulting GmbH & Co. KG
Flemingstrasse 20-22
D-36041 Fulda

dsb(at)psw.net
+49 661 4802 7624

7. Changes

We regularly make changes to our privacy policy as part of our continual improvement process to ensure that we remain in compliance with legal regulations. Such changes do not affect your rights as a data subject. Always refer to the latest version of this policy.