Privacy Policy Actuways

Introduction and scope

‍
Actuways develops, operates and markets digital platforms and services to optimize procurement and sales processes in the industrial B2B sector. We develop, integrate and provide solutions based on artificial intelligence to increase process automation and efficiency in industrial supply chains. In addition, we provide consulting and support services for the digital transformation of industrial companies and promote professional exchange and networking between suppliers and buyers of industrial technologies at international level. Actuways may involve branches and subsidiaries and may collaborate domestically and internationally.

This privacy policy informs you which personal data we collect in connection with our websites, digital platforms, services, consulting offers, events and cooperation projects, how we use, disclose and store that data, and which rights you have as a data subject. It applies to all offers of Actuways insofar as reference is made to this privacy policy in the respective services or contractual terms.

We process your data in accordance with the Swiss Data Protection Act (DSG) and — where applicable — the EU General Data Protection Regulation (GDPR). If data are transferred to third countries in the course of our activities, we will inform you separately in this policy.

Controller

Actuways AG
Technoparkstrasse 2
8406 Winterthur
E-Mail: datenschutz@actuways.com

Actuways GmbH is registered in the commercial register of the Canton of Zurich under company number CHE286.721.991

Data protection officer

Fionn Kientzler
Technoparkstrasse 2
8406 Winterthur
E-Mail: datenschutz@actuways.com

‍

Categories of processed data

In the course of our business activities and the provision of our digital platforms and services we process various categories of personal data. The exact data we collect depend on how you use our offerings and which information you voluntarily provide. In general, the following data categories may be affected:

(Please verify)

1. Master data and contact details

• Name, given name, title
• Company name, department, role/function
• Postal address, email address, telephone number
• Language settings
• Registration information on our platform (e.g. username, password in encrypted form)

‍

2. Communication data

• Contents of communications with us (e.g. via email, contact form, telephone, chat)
• Date and time of communication

‍

3. Usage data and metadata

• IP address, browser type and version, operating system used
• Referrer URL (previously visited page)
• Date and time of access
• Pages and content visited on our website and platforms
• Interactions with our services (e.g. clicks, search queries, downloaded documents)
• Device information (e.g. device type, unique device identifiers)

‍

4. Contract data

• Information about concluded contracts and services
• Payment data (e.g. bank details, credit card data — these are usually processed by external payment service providers and we typically only receive confirmations)
• Service data (e.g. delivered services, project progress)

‍

5. Marketing and preference data

• Your interests and preferences (e.g. topics of interest, newsletters subscribed to)
• Consents for marketing measures
• Information from surveys or feedback

‍

6. Applicant data

• Information you provide as part of an application (e.g. CV, references, cover letter)

We note that we generally do not collect special categories of personal data (e.g. health data, religious or political beliefs), unless this is strictly necessary for providing a specific service and you have given your explicit consent.

‍

Purposes of data processing

‍
We process your personal data exclusively for the purposes described in this privacy policy and on the basis of a valid legal basis. Our main purposes for processing data are:

1. Provision and optimization of our digital platforms and services

• Operation, maintenance and improvement of our platforms and services.
• Provision of user accounts and platform functionality.
• Fulfilment of customer-specific customizations and integrations.

‍

2. Fulfilment of contractual obligations and provision of our services

• To execute contracts concluded with you or your company (e.g. platform use, consulting services, marketing projects).
• For communications in the context of contract fulfilment (e.g. project updates, invoicing).
• To provide support and customer service.

‍

3. Communication and customer relationship management

• To answer your inquiries via contact forms, email or phone.
• To send relevant information, updates or newsletters if you have consented.
• To maintain our business relationships and inform you about new offers that may be of interest to you or your company.

‍

4. Marketing and lead generation

• To analyse market and customer needs and further develop our services.
• To carry out marketing campaigns and address potential customers in the B2B sector.
• To measure the success of our marketing activities.

‍

5. Security and protection of our systems

• To ensure IT security and protect our data against unauthorized access or misuse.
• To detect and prevent cyber attacks and fraud attempts.

‍

6. Compliance with legal and regulatory obligations

• To comply with statutory obligations (e.g. commercial and fiscal retention obligations).
• To cooperate with authorities in the context of legal requirements.

‍

7. Promotion of professional exchange and networking

• To organise and conduct events, webinars or workshops that serve professional exchange and industry networking.
• To provide content and resources that promote knowledge transfer.

Legal bases for processing personal data

We process your personal data in accordance with the Swiss Data Protection Act (DSG) and — where applicable — the EU General Data Protection Regulation (GDPR). Processing takes place only if one of the following legal bases applies.

• Consent (Art. 6(1)(a) GDPR / equivalent under the Swiss DSG):
  If you have expressly consented to the processing (e.g. for receiving newsletters, setting non-essential cookies or profiling for marketing purposes), we process your data on the basis of that consent. You may withdraw your consent at any time without giving reasons. The withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.
  
  
• Performance of a contract (Art. 6(1)(b) GDPR):
  Where processing is necessary for the performance of a contract with you or for the implementation of pre-contractual measures (e.g. registration on our platform, project execution, invoicing), the processing is based on this legal ground.
  
  
• Legal obligation (Art. 6(1)(c) GDPR):
  Where we are legally obliged to retain or disclose data (e.g. tax or commercial retention obligations), we process data to fulfil these legal obligations.

‍

• Legitimate interests (Art. 6(1)(f) GDPR):

In certain cases we process data to safeguard our legitimate interests, provided your interests or fundamental rights do not override them. Typical purposes include:

• Ensuring IT security and preventing misuse and fraud;
• Operation, optimisation and technical maintenance of our platforms;
• Direct marketing and customer care relating to existing customer relationships;
• Conducting analyses to improve our offerings.
• Before any processing on the basis of legitimate interests we carry out a balancing test and document why our interest does not override the interests of the data subjects.
  
  

• Protection of vital interests (Art. 6(1)(d) GDPR):
  This legal basis applies only in exceptional cases (e.g. where vital interests of a person are at stake). Special categories of personal data (e.g. health data) are processed only if there is an express legal basis or you have given explicit consent.

If we process data on the basis of your consent, we will inform you specifically about the purpose, the right to withdraw and the consequences of withdrawal. If you refuse to provide certain data, this may mean that we cannot provide some services (or not fully).

If you have questions about the legal basis for a specific processing or about exercising your rights, please contact the addresses given in this privacy policy.

‍

Disclosure of data to third parties

We disclose your personal data only where this is necessary for the purposes described in this privacy policy, where there is a legal obligation, or where you have consented. Disclosures are kept to the necessary minimum and comply with applicable data protection laws (Swiss DSG / GDPR where applicable).

Examples of recipients and purposes of data disclosure:

• Service providers and processors
  We use external service providers for the operation and maintenance of our IT infrastructure and platforms (e.g. hosting, cloud services), for email and newsletter dispatch, CRM, payment processing, analytics and marketing services. These partners process data exclusively on our instructions and are contractually bound by a Data Processing Agreement (DPA) or equivalent arrangements.

‍

• Marketing and analytics partners
  For operating and optimising our marketing activities we may share data with specialised providers (e.g. campaign management, lead generation, tracking). Transfers are made only to the extent covered by your consent or our legitimate interests.
  
  
• Business and platform partners
  In cooperation projects, for networking providers and demanders, or for joint service delivery, data may be shared with partner companies and platform operators. Such sharing takes place only if required to perform the service or if you have consented.
  
  
• Group companies and subsidiaries
  If necessary, data may be transferred within the Actuways group to affiliated companies. The same protection obligations and purpose limitations apply.
  
  
• Advisors, auditors and legal counsel
  We disclose data to auditors, tax advisors, lawyers or other consultants where necessary for legal or tax advice, audits or enforcement of legal claims.
  
  
• Public authorities and agencies
  If legally required or necessary to enforce our rights, we disclose data to authorities, courts or other public bodies.
  
  
• Acquirers in case of corporate transactions
  In restructurings, mergers or sales of business units, personal data may be disclosed to potential acquirers or contracting parties. Even in such cases we ensure data protection by appropriate contractual and technical measures.
  
  
• Anonymized or aggregated data
  For analysis, research or reporting purposes we may use or share anonymized/aggregated data from which no conclusions about individuals can be drawn.

Security and contractual measures
All recipients that process data on our behalf are contractually obliged to implement appropriate technical and organizational measures to protect the data and to process the data only according to our instructions.

Data transfers to third countries
If data are transferred to countries outside Switzerland or the EEA, we implement appropriate safeguards (e.g. adequacy decisions, standard contractual clauses or other appropriate guarantees). Further information is provided in the section “Data transfers to third countries”.

Questions or objections
If you have questions about the disclosure of your data or wish to object to a disclosure, please contact us using the contact details provided in this privacy policy.

Data transfers to third countries

‍
Third countries are states outside Switzerland and the European Economic Area (EEA). Occasionally we need to transfer personal data to such countries — for example to hosting and cloud providers, external analytics providers, payment processors or group companies abroad. Such transfers are made only if necessary for the purposes set out in this privacy policy.

Which safeguards we implement

• Adequacy decision: Where the recipient country benefits from an adequacy decision by the European Commission or an equivalent assessment, we rely on that as the legal basis for the transfer.
  
  
• Standard Contractual Clauses (SCC): If no adequacy decision exists, we secure the transfer by means of standard contractual clauses or equivalent contractual guarantees recognised by supervisory authorities.
  
  
• Binding Corporate Rules (BCR): For intra-group transfers we use, where possible, binding corporate rules.
  
  
• Technical and organizational measures: In addition to contractual safeguards we deploy technical measures (e.g. encryption, pseudonymisation, access restrictions) to increase data protection.
  
  
• Transfer impact assessment: Where required, we conduct a transfer impact assessment and document further protective measures to minimise the risk of insufficient data protection.

Examples of typical recipient countries

• Cloud and hosting providers in the USA or other non-EEA states
• Analytics and marketing services outside Switzerland/EEA
• Subsidiaries or partner companies located outside Switzerland/EEA

Transparency and minimisation

• We transfer only the data necessary for the specific purpose.
• Where possible, we ensure processing in a country with comparable data protection standards.
• Where particular risks exist, we implement additional technical or contractual measures.

‍

Your rights and further information
If you wish to know to which countries your data are transferred and which specific safeguards apply in your case, please contact us using the addresses given in this privacy policy. You also have the rights described below (e.g. access, objection), which we will uphold in case of transfers to third countries.

Data retention periods

We retain your personal data only for as long as necessary to fulfil the purposes for which they were collected or as required by law. After expiry of these periods, your data will be deleted or anonymized so that identification is no longer possible.

The exact retention period depends on the data category and the purpose of processing:

• Contract data: Data necessary for the performance of a contract are generally kept for the duration of the business relationship and thereafter in accordance with statutory retention obligations. In Switzerland, for example, business records are typically retained for 10 years (Art. 958f CO).
  
  
• Communication data: Correspondence (e.g. emails, contact form inquiries) is retained as long as necessary to handle your inquiries, to document business processes or to fulfil legal obligations.
  
  
• Usage and metadata: Data generated during use of our websites and platforms (e.g. IP addresses, log files) are usually stored for a shorter period unless required longer for security analyses or debugging. For analytical purposes, these data are often pseudonymised or anonymised.
  
  
• Marketing and preference data: Data processed for marketing purposes or based on your consent (e.g. newsletter subscriptions) are stored until you withdraw consent or object to processing.
  
  
• Applicant data: Applicant data are retained for the duration of the application process and, if no employment results, for an appropriate period thereafter (e.g. 6 months) to defend against possible legal claims, unless you have consented to a longer retention.

Criteria for setting retention periods
The criteria used to determine retention periods include:

• The necessity of the data for providing our services.
• The type and sensitivity of the data.
• The purposes for which we process the data.
• Legal or contractual retention obligations.
• The possibility to assert or defend legal claims.

After the retention period expires, your data will be securely deleted or anonymized so that they can no longer be linked to you.

Your rights as a data subject

As a data subject you have various rights regarding the processing of your personal data. Below is an overview with brief explanations of how you can exercise these rights at Actuways.

• Right of access
  You have the right to know whether and which personal data we process about you, for what purposes, to which recipients data have been disclosed and the planned retention period and legal basis for the processing.
  
  
• Right to rectification
  You can request correction of inaccurate data or completion of incomplete data.
  
  
• Right to erasure (right to be forgotten)
  Under certain conditions you can request deletion of your data (e.g. if the data are no longer necessary for the purposes or the processing is unlawful). Legal retention obligations may prevent deletion.
  
  
• Right to restriction of processing
  In certain cases you can request restriction of processing (e.g. where the accuracy of the data is contested or where instead of deletion you prefer restricted storage).
  
  
• Right to object
  You can object to processing of your data where the processing is based on our legitimate interests. You can object to direct marketing at any time.
  
  
• Withdrawal of consent
  Consents previously granted may be withdrawn at any time with effect for the future. Withdrawal does not affect the lawfulness of processing carried out up to the time of withdrawal.
  
  
• Right to data portability
  Where processing is based on consent or on the performance of a contract, you can request the personal data concerning you in a structured, commonly used and machine-readable format or request transmission to another controller.
  
  
• Right to lodge a complaint with a supervisory authority
  You have the right to lodge a complaint with the competent data protection supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC/EDÖB). For persons in the EU the competent national supervisory authority may also be relevant.

How to exercise your rights

• For requests concerning your rights, please contact us by email at: datenschutz@actuways.com or in writing at the “Controller” address above.
• To protect personal data and verify identity, we may ask you for further evidence (e.g. a copy of an identity document or comparable information).
• We endeavour to process your request promptly and to respond within 30 days. In complex cases or for large-scale requests the period may be extended by up to a further 60 days; we will inform you of the reasons for any delay.

Further notes

• Exercising your rights is generally free of charge. We may charge a reasonable fee or refuse to act where requests are manifestly unfounded or excessive.
• In certain cases statutory restrictions or retention obligations may limit or prevent the exercise of certain rights (e.g. erasure). If so, we will inform you of the reasons.

If you need assistance or have questions about exercising your rights, our data protection team will be happy to help at datenschutz@actuways.com.

Cookies and similar technologies

We use cookies and similar technologies (e.g. local storage, pixel tags, web beacons) to operate our website and platforms functionally, securely and user-friendly. Below we explain the types of cookies we use, for what purposes and how you can manage your settings.

Which cookie types we use

• Necessary cookies
  These cookies are essential for operating the website (e.g. session management, security, login functions). Without these cookies, essential functions cannot be guaranteed. No consent is required for these cookies.
• Functional cookies
  These store settings and preferences (e.g. language, display settings) so the site is personalized on your next visit.
• Performance / analytics cookies
  These cookies help us analyse website usage (e.g. visited pages, dwell time, error messages) so we can improve performance and content. Third‑party analytics tools (e.g. Google Analytics) may be used.
• Marketing / tracking cookies
  These cookies are used to present relevant content and advertising and to perform conversion tracking. They also serve lead generation and campaign performance measurement.

‍

Legal basis

• Necessary cookies are based on our legitimate interest in operating the website securely and functionally.
• For functional, analytics and marketing cookies we obtain your consent where legally required. You can withdraw your consent at any time.

Cookie banner and consent
On your first visit we inform you by a cookie banner and, where required, obtain your consent. Via the link in the banner or in our cookie settings you can adjust or withdraw your choices at any time.

Third parties and transfers
Some cookies are set by third parties (e.g. hosting partners, analytics or advertising providers). These parties process data according to their own privacy notices. If this involves a transfer to third countries, we apply the safeguards described in this privacy policy.

Retention periods
Cookies have different retention durations: session cookies are deleted when the browser is closed; persistent cookies remain depending on purpose for several days to several years. More detail is provided in our cookie table (see list of cookies used).

How to manage or delete cookies

• Browser settings: You can block or delete cookies in your browser. Note that this may limit the functionality of our website.
• Opt‑out options: For certain analytics or advertising services third parties offer opt‑out options (e.g. browser add-ons or provider opt‑out pages).
• Our settings: Use the functions in the cookie banner or settings to adjust or revoke your consent.

Consequences of blocking

• Disabling cookies completely may restrict site functionality and user experience (e.g. login, personalized content, form usage).

Further information and contact

• A detailed table of cookies used (name, provider, purpose, retention) is available in the cookie table on our website. For questions or if you cannot change your settings contact datenschutz@actuways.com.

‍

Web analytics tools

We use web analytics tools to better understand usage of our websites and platforms, optimise performance and continuously improve our offering. Typically, pseudonymised or anonymised data about your usage is captured (e.g. pages visited, dwell time, technical device information and interactions).

Aims of web analytics

• Improve usability and technical performance.
• Analyse visitor behaviour to optimise content and features.
• Measure marketing effectiveness and campaign performance.
• Detect and fix technical issues.

Legal basis

• Where consent is required (e.g. for marketing tracking or non-essential cookies), processing is based on your consent.
• For non-personal analyses for operational security and error correction processing may rely on our legitimate interests. A balancing test is conducted in each case.

Further information

• A detailed overview of the web analytics tools we use, the specific data collected, retention periods and your objection options can be found in our [Cookie Settings / Cookie Table link].

Social media plugins

We embed functions of social networks on our websites and platforms to enable content sharing, promote events or increase reach. Below we explain which plugin types we use, what data may be processed and how you can influence the processing.

Which plugins are used

• Share buttons and social share functions (e.g. LinkedIn, Xing)
• Embedded content (e.g. feeds, videos, presentations)
• Social login functions where available (e.g. login via a corporate profile)
• Follow or like buttons for our corporate pages

Which data may be processed

• When the page loads or when you click a plugin, technical data such as IP address, browser information, time of access and the accessed URL may be transmitted to the social network operator.
• When actively using a plugin (e.g. sharing a post, logging in), the respective content and possibly your account data are transmitted to the respective provider.
• If third‑party content is embedded (e.g. videos), the third party processes data according to its privacy policy.

Legal basis

• If plugins contain tracking functions or personal data are used for marketing, processing generally relies on your consent.
• For purely technical functions or legitimate security interests processing may in isolated cases be based on our legitimate interests; we limit such uses to the necessary minimum.

Note on third parties and third countries

• Social network operators are independent controllers for processing related to their plugins. Your data may be transferred to third countries outside Switzerland or the EEA. See the “Data transfers to third countries” section for further information on safeguards.

Protection of your data / default settings

• Where possible we use privacy‑friendly variants (e.g. two‑click solution) so plugins are loaded only after active consent.
• For embedded content we check whether content can be hosted locally or loaded only after consent.
• Social login is offered only when suitable data protection measures are in place and the processing is transparent.

How you can influence processing

• Use the cookie settings to prevent loading of non‑essential social plugins.
• Log out of social networks or use browser protection tools to reduce data transfers.
• Additional opt‑out options are available in the privacy information of the respective providers.

Questions or objections

• If you would like to know which social plugins are active on a page or if you wish to object to processing by social plugins, contact datenschutz@actuways.com. We will examine your request and inform you of the possible steps.

‍

Newsletter

We inform you by newsletter about news, specialist topics, events and offers that are relevant to production companies and machine engineering companies in the B2B sector. Below are the key details on how we process your data in connection with our newsletter service.

Registration and consent

• Dispatch only takes place with your explicit consent.
• We use double opt‑in to verify subscription: after registration you receive a confirmation email and dispatch starts only after your confirmation.
• On registration you may specify thematic preferences (e.g. platform updates, AI solutions, case studies) so we can target content.

What data we process

• Email address, given name/surname (if provided), company name and, where applicable, job title.
• Preference and interaction data (e.g. opened mails, click behaviour) to the extent technically captured.

Purpose and legal basis

• Purpose is information and customer retention, and the provision of knowledge‑based content to prospects and customers.
• The legal basis is usually your consent; for existing customers mailings about similar products/services can be based on legitimate interests if no objection exists.

Tracking and analysis

• To measure newsletter effectiveness we use technical metrics (e.g. open and click rates). These evaluations serve to optimise content.
• Tracking is conducted only where legally permitted and is generally pseudonymised. You can prevent tracking by adjusting your email client settings or by unsubscribing.

Mailing providers and data disclosure

• We use external mailing providers. These process your data only according to our instructions and are contractually obligated to comply with data protection standards.
• If the provider processes data outside Switzerland/EEA we implement appropriate safeguards (see “Data transfers to third countries”).

‍

Unsubscribe and withdrawal

• Every newsletter contains a clear unsubscribe link; you can also unsubscribe at any time by emailing datenschutz@actuways.com.
• Withdrawal of consent applies for the future. Your email address will be deleted after legally required retention periods or excluded from mailings.

Retention period

• We retain newsletter data as long as required for the purposes or until you withdraw consent. Profile and tracking data are deleted or anonymised after an appropriate period.

Your rights

• You may request access, rectification, deletion, objection or restriction at any time. Contact datenschutz@actuways.com.

For newsletter questions or special preferences contact datenschutz@actuways.com.

Contact form and email contact

When you contact us via the website contact form or by direct email, we process the personal data necessary to answer your request and, if applicable, provide follow‑up services.

What data we collect

• Details you provide in the contact form: name, company, function, email address, telephone number, subject, message and any selected categories or preferences.
• Attachments you send (e.g. project documents).
• Metadata: timestamp of the request, IP address, browser and device information and, where applicable, referrer information.

Purpose of processing

• Handling your request and communicating with you.
• Preparing offers, consultations or contract negotiations.
• Documenting inquiries for quality assurance and internal follow‑up.
• Only with your explicit consent: sending marketing information or newsletters.

Legal basis

• Processing necessary for pre‑contractual measures or for performance of a contract (if your request leads to a contract).
• Where necessary, processing on the basis of our legitimate interests (e.g. handling inquiries, abuse prevention).
• For promotional messages processing is generally based on your consent.

Disclosure and processing by subprocessors

• We use service providers (e.g. hosting, CRM systems, email providers) for processing and archiving. They process data only according to our instructions and under contractual data protection rules.
• Relevant information about disclosure to third parties and transfers to third countries can be found in the respective sections of this privacy policy.

Retention period

• Requests are generally stored as long as needed to process them, to preserve legal claims or to meet statutory retention periods. After that the data are deleted or anonymised.

Security note for attachments and sensitive data

• Do not send highly sensitive data (e.g. health data, political opinions, religious beliefs) by unencrypted email unless explicitly required or a secure transmission method has been agreed.
• Attachments are scanned for malware; for security reasons large or unusual attachments may trigger follow‑up questions.

Response times and communication

• We endeavour to answer general inquiries within [e.g. 5 business days]. Complex requests may take longer; in that case we will inform you of the expected timeframe.

How to exercise your rights for contact form data

• For access, rectification, deletion or restriction of processing of data submitted via the contact form, or to object, contact datenschutz@actuways.com or the controller address.
• For identity verification we may request brief proof of identity.

Further notes

• By submitting a contact form you consent to the described processing of the data.
• Detailed information on technical and organisational safeguards, disclosures to third parties and transfers to third countries can be found in the respective sections of this privacy policy.

Data security / technical and organisational measures

Protecting your personal data is a top priority. We implement reasonable technical and organisational measures to ensure the confidentiality, integrity and availability of personal data. Absolute security cannot be guaranteed, but we implement a level of protection appropriate to the risk and state of the art.

Examples of measures deployed

• Access controls and rights management: Role‑based permissions and the principle of least privilege ensure employees access only the data they need. Administrative accesses are restricted and logged.
• Authentication and access security: Use of multi‑factor authentication (MFA) for internal management and sensitive systems; secure password policies and regular password changes.
• Encryption: Transport encryption (TLS/HTTPS) for data in transit; where appropriate, encryption of stored data (at rest). Key management follows recognised security standards.
• Network and application security: Firewalls, intrusion detection/prevention, regular vulnerability scans and penetration tests to identify and fix security gaps.
• Secure development practices: Security is considered in product development (Secure Development Lifecycle), including code reviews and automated tests.
• Data backup and business continuity: Regular backups, disaster recovery plans and measures to ensure operational availability aligned with applicable service level requirements.
• Pseudonymisation and anonymisation: Where technically possible and sensible, data are pseudonymised or anonymised to reduce identifiability.
• Monitoring and logging: Event and access logs aid detection of security incidents and support forensic analysis.
• Employee training and physical access controls: Regular data protection and security training for employees and physical access controls in sensitive areas.
• Supplier and processor management: Selection, contractual binding and periodic review of external providers. We conclude DPAs with relevant partners and require technical and organisational safeguards.
• Incident management and reporting procedures: Procedures exist to detect, assess and remediate security incidents and to notify relevant authorities as required. In the event of a relevant data breach we inform affected persons and supervisory authorities to the extent legally required.

Assessment of protection level
Before starting new processing activities or for transfers to third countries we carry out risk analyses and document additional measures if necessary.

Contact for security issues
If you have questions about data security or wish to report a security incident, please contact datenschutz@actuways.com. We take every report seriously and investigate promptly.

Changes to the privacy policy

We review this privacy policy regularly and adapt it as necessary — for example in response to legal changes, updates to our services or new processing purposes.

Material changes

• For material changes that significantly affect your rights or the way we process data, we will inform you separately in accordance with legal requirements (e.g. by email to registered users or by a prominent notice on our website).
• Minor editorial or technical adjustments will be published directly in the text of the privacy policy and marked with the date of the last update.

Currency and effective date

• The date of the last update is shown at the end of this privacy policy. New provisions take effect on the stated date unless otherwise indicated.
• We recommend that you read the privacy policy regularly to stay informed about the current status.

Effects on your rights

• Your existing rights remain unaffected by changes. If changes require a new legal basis or expanded processing, we will, where necessary, obtain your consent.

Questions about changes

• If you have questions about changes to this privacy policy or want to know which version applies to you, contact datenschutz@actuways.com.

Contact options for privacy matters

If you have questions about data protection or wish to exercise one of your rights, you can contact us as follows:

• Controller:
  Actuways AG
  Technoparkstrasse 2, 8406 Winterthur, Switzerland
  Email: datenschutz@actuways.com
  
  
  
• Data protection requests by email or post:
  Please state your full name, a contact option (email or phone) and a brief description of your request or the specific request (e.g. access, deletion, restriction). If required, include identity verification documents.
  
  
• Processing time and procedure:
  We acknowledge receipt of your request generally within a short time and ordinarily process legitimate requests within 30 days. In complex cases or with high request volumes the time limit may be extended in accordance with applicable law; we will inform you of the reasons and the expected timeframe.
  
  
• Identity verification:
  To protect your data we may ask to verify your identity briefly before complying with an access or deletion request. This is to safeguard your rights and the security of your data.
  
  
• Complaint to a supervisory authority:
  If you are not satisfied with our response, you have the right to lodge a complaint with the competent data protection supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC/EDÖB). For data subjects in the EU the respective national supervisory authority may also be competent.

‍