Privacy Policy for Website Visitors
Last Modified: Nov 09, 2020
Scope and updates of this Privacy Policy
We at Nevis (Nevis Security AG and our affiliates) are committed to protecting your privacy. This Privacy Policy applies to the information and data collected by Nevis as a controller concerning the information collected on our Websites or through other channels, as described below. This Privacy Policy describes how we collect, receive, use, store, share, transfer, and process your personal data. It also describes your choices regarding use, as well as your rights of access and correction of your personal information. If you do not agree with the data practices described in this Privacy Policy, you should not use the Websites.
This Privacy Policy does not apply to the data Nevis processes on behalf of our customers (Customer Data) in our capacity as a processor. Your use of the Nevis Products or Nevis Subscription Service as a customer of Nevis, including the use of our associated mobile applications (Mobile Apps), is covered under a separate Privacy Policy.
We periodically update this Privacy Policy. We will post any privacy policy changes on this page.
While we will notify you of any material changes to this Privacy Policy prior to the changes becoming effective, we encourage you to review this Privacy Policy periodically. We will also keep prior versions of this Privacy Policy in an archive for your review.
Data Controller and Data Protection Officer (DPO)
The data controller of www.nevis.net is Nevis Security AG, Birmensdorferstrasse 94, 8003 Zürich, Switzerland. Where a registration form is presented on this website, the data controller may vary depending on the actual offering or the purpose of the data collection, but it is, in any case, displayed on the individual registration form’s privacy statement.
If you have any questions about this Privacy Policy or our privacy practices, or if you have a disability and need to access this notice in a different format, please contact us by mail at:
Name of DPO: Akos Kovacs
E-Mail of DPO: compliance@nevis.net
General Note on Data Protection
This Privacy Policy is in line with the Swiss data protection legislation (FADP) and the EU General Data Protection Regulation (GDPR). The term "personal data" in this Privacy Policy shall mean any information that identifies or could reasonably be used to identify any person.
1. How we process your personal data
The short version
This website stores and processes personal data wherever it is necessary to display the required content, to offer the requested information and services, and improve the customer experience. We do not collect personal data without necessity and as far as possible voluntarily.
The long version
1.1 What personal data we collect and process
We collect your personal data when you use our Website, provide us with information via a web form, or otherwise interact with us. We also collect personal data from other sources.
Among the types of Personal Data that this Website collects, by itself or through third parties, there are Cookies; Usage Data; email address; phone number; first name; last name; gender; company name; profession; country; the number of employees; website; various types of Data; Data communicated while using the service.
Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.
Personal Data may be freely provided by you, or, in case of Usage Data, collected automatically when using this Website.
Any use of Cookies – or of other tracking tools – by this Website or by the owners of third-party services used by this Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy.
You are responsible for any third-party Personal Data obtained, published, or shared through this Website and confirm that you have the third party's consent to provide the Data to Nevis.
1.2 Legal basis for processing your data
Insofar as we obtain your consent for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is required to fulfill a contract to which you are a party, Article 6 (1) (b) GDPR serves as a legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as a legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of you do not outweigh the first-mentioned interest, Article 6 (1) (f) GDPR serves as the legal basis for processing.
Legitimate interests can, in particular, be:
- answering inquiries;
- the implementation of direct marketing measures;
- the provision of services and / or information intended for you;
- the processing and transfer of personal data for internal or administrative purposes;
- the operation and administration of our website;
- technical support for users;
- the prevention and detection of fraud and criminal offenses;
- the guarantee of network and data security insofar as these interests are in accordance with the applicable law and with the rights and freedom of the user.
1.3 Purposes for data processing
We process your personal data for various purposes and based on several different legal bases that allow this processing. For example, we process your personal data to provide and improve our Services, to provide you with a personalized user experience on this website, to contact you about our Services, to provide you with personalized advertising and marketing communications, to manage data collection and online surveys and registration and authentication provided directly by this Website and to detect, prevent, mitigate and investigate fraudulent or illegal activity. We also share your information with third parties, including service providers acting on our behalf, for these purposes. In addition, we may share your personal data among Nevis group companies in order to fulfill our contract with you.
1.4 How we share your Data
Nevis Partners and Processors
We may share data with trusted Nevis partners to contact you based on your request to receive communication, information, or provide customer support. Such third parties are prohibited from using your Personal Information except for these purposes, and they are required to maintain the confidentiality of your information.
Corporate Events
If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Nevis on the Websites and the Subscription Service. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.
Compelled Disclosure
We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
1.5 Transfer of personal data abroad
Some recipients of your personal data are located outside your country or have offices in countries where data protection laws may provide a different level of protection than the laws in your country. When transferring personal data to such recipients, we provide appropriate safeguards.
In particular, you must anticipate your data to be transmitted to any country in which the Nevis-Group is represented by affiliates, branches, or other offices, as well as to other countries in Europe and the USA where our service providers are located. If we transfer data to a country without adequate legal data protection, we ensure an appropriate level of protection as legally required by way of using appropriate contracts (in particular on the basis of the standard contract clauses of the European Commission), or we rely on the statutory exceptions of consent, the performance of contracts, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the persons concerned.
1.6 Retention Periods for your Personal Data
We process and retain your personal data as long as required for the performance of our contractual obligation and compliance with legal obligations or other purposes pursued with the processing, i.e., for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. Personal data may be retained for the period during which claims can be asserted against our company or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized to the extent possible.
2 Detailed information on the purposes of the processing of Personal Data
Personal Data is collected and processed for the following purposes and using the following services:
2.1 Use of Navigational Information
We use Navigational Information to operate and improve the Websites and to provide you with a better experience when you interact with Nevis. We may also use Navigational Information alone or in combination with Personal Information to provide you with personalized information about Nevis. Navigational Information, such as IP address, is used to approximate your location. For example, we may use your approximate location to provide content that has been translated or send emails at certain times using your local time zone.
You may disable the collection and use of your location data through browser-, operating system- or device-level settings.
2.2 Customer Testimonials and Comments
We post customer testimonials and comments on our Websites, which may contain Personal Information. We obtain each customer's consent prior to posting the customer's name and testimonial.
Use of Payment Information
If you give us Payment information, we use it solely as authorized by you in accordance with this Privacy Policy in order for you to use the Subscription Services, including to check your financial qualifications and collect payment from you. We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use information you provide except for the sole purpose of credit card processing on our behalf.
2.3 Security of your Personal Information
We use HubSpot on this page, which has a variety of security technologies and procedures to help protect your Personal Information from unauthorized access, use, or disclosure. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. All Personal Information is protected using appropriate physical, technical, and organizational measures. For more on Security at HubSpot, please see https://www.hubspot.com/security. HubSpot is our processor and is commissioned by us to process your data for us within the scope prescribed by law for this purpose.
2.4 Social Media Features
Our Websites include Social Media Features, such as the Facebook Like button and Widgets, such as the Share Button that run on our sites. These features are basic share functions without any data transfer from our page to the final third-party page. However, you will have to log into these accounts (Facebook, Twitter, etc.), and then those third-party solutions may collect your data and may set a cookie. In this case, this Privacy Policy does not apply to these features. Your interactions with these features are governed by the privacy policy and other policies of the companies providing them.
2.5 External Websites
Our Websites provide links to other websites of third parties. We do not control and are not responsible for the content or practices of these other websites. Our provision of such links does not constitute our endorsement of these other websites, their content, their owners, or their practices. This Privacy Policy does not apply to these other websites, which are subject to any privacy and other policies they may have.
2.6 Advertising
This type of service allows User Data to be utilized for advertising communication purposes. These communications are displayed in the form of banners and other advertisements on this Website, possibly based on User interests.
This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below.
Some of the services listed below may use Trackers to identify Users, or they may use the behavioral retargeting technique, i.e., displaying ads tailored to the User’s interests and behavior, including those detected outside this Website. For more information, please check the privacy policies of the relevant services.
In addition to any opt-out feature offered by any of the services below, Users may opt-out by visiting the Network Advertising Initiative opt-out page.
You may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.
LinkedIn Ads (LinkedIn Ireland Unlimited Company)
- LinkedIn Ads is an advertising service provided by LinkedIn Ireland Unlimited Company.
- Personal Data processed: Cookies; Usage Data.
- Place of processing: Ireland – Privacy Policy – Opt-out.
2.7 Analytics
The services contained in this section enable us to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics (Google Ireland Limited)
Google Analytics is a web analysis service provided by Google Ireland Limited (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
- Personal Data processed: Cookies; Usage Data.
- Place of processing: Ireland – Privacy Policy – Opt-out.
HubSpot Analytics (HubSpot, Inc.)
HubSpot Analytics is an analytics service provided by HubSpot, Inc.
- Personal Data processed: Cookies; Usage Data.
- Place of processing: United States – Privacy Policy – Opt-out.
Facebook Ads conversion tracking (Facebook pixel) (Facebook Ireland Ltd)
Facebook Ads conversion tracking (Facebook pixel) is an analytics service provided by Facebook Ireland Ltd that connects data from the Facebook advertising network with actions performed on this Website. The Facebook pixel tracks conversions that can be attributed to ads on Facebook, Instagram, and Audience Network.
- Personal Data processed: Cookies; Usage Data.
- Place of processing: Ireland – Privacy Policy.
Twitter Ads conversion tracking (Twitter, Inc.)
Twitter Ads conversion tracking is an analytics service provided by Twitter, Inc. that connects data from the Twitter advertising network with actions performed on this Website.
- Personal Data processed: Cookies; Usage Data.
- Place of processing: United States – Privacy Policy.
Google Ads conversion tracking (Google Ireland Limited)
Google Ads conversion tracking is an analytics service provided by Google Ireland Limited that connects data from the Google Ads advertising network with actions performed on this Website.
- Personal Data processed: Cookies; Usage Data.
- Place of processing: Ireland – Privacy Policy.
2.8 Contacting you
Contact form (this Website)
By filling in the contact form with their Data, you authorize Nevis to use these details to reply to requests for information, quotes, or any other kind of request, as indicated by the form’s header.
- Personal Data processed: company name; country; email address; first name; gender; last name; number of employees; phone number; profession; website.
Phone contact (this Website)
If you provide your phone number, we might contact you for commercial or promotional purposes related to this Website, as well as for fulfilling support requests.
- Personal Data processed: phone number.
Mailing list or newsletter (this Website)
By registering on the mailing list or for the newsletter, your email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Website. Your email address might also be added to this list as a result of signing up to this Website or after making a purchase and provided you do not object to receiving advertising emails.
- Personal Data processed: Cookies; email address; first name; last name.
2.9 Displaying content from external platforms
This type of service allows you to view content hosted on external platforms directly from the pages of this Website and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Google Fonts (Google Ireland Limited)
Google Fonts is a typeface visualization service provided by Google Ireland Limited that allows this Website to incorporate content of this kind on its pages.
- Personal Data processed: Usage Data; various types of Data as specified in the privacy policy of the service.
- Place of processing: Ireland – Privacy Policy.
Font Awesome (Fonticons, Inc. )
Font Awesome is a typeface visualization service provided by Fonticons, Inc. that allows this Website to incorporate content of this kind on its pages.
- Personal Data processed: Usage Data.
- Place of processing: United States – Privacy Policy.
Vimeo video (Vimeo, LLC)
Vimeo is a video content visualization service provided by Vimeo, LLC, that allows this Website to incorporate content of this kind on its pages.
- Personal Data processed: Cookies; Usage Data.
- Place of processing: United States – Privacy Policy.
YouTube video widget without cookies (Google Ireland Limited)
YouTube is a video content visualization service provided by Google Ireland Limited that allows this Website to incorporate content of this kind on its pages.
This widget is set up in a way that ensures that YouTube won't store information and cookies about Users on this Website unless they play the video.
- Personal Data processed: Usage Data.
- Place of processing: Ireland – Privacy Policy.
2.10 Handling payments
Unless otherwise specified, this Website processes any payments by credit card, bank transfer, or other means via external payment service providers. In general, and unless where otherwise stated, Users are requested to provide their payment details and personal information directly to such payment service providers. This Website isn't involved in the collection and processing of such information: instead, it will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.
ChargeBee (ChargeBee Inc.)
ChargeBee is a payment service provided by ChargeBee Inc.
- Personal Data processed: various types of Data as specified in the privacy policy of the service.
- Place of processing: United States – Privacy Policy
2.6. Managing contacts and sending messages
This type of service makes it possible to manage a database of email contacts, phone contacts, or any other contact information to communicate with the User.
These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
HubSpot Email (HubSpot, Inc.)
HubSpot Email is an email address management and message sending service provided by HubSpot, Inc.
- Personal Data processed: email address; Usage Data.
- Place of processing: United States – Privacy Policy.
2.11 Managing data collection and online surveys
This type of service allows this Website to manage the creation, deployment, administration, distribution, and analysis of online forms and surveys in order to collect, save, and reuse Data from any responding Users.
The Personal Data collected depends on the information asked and provided by the Users in the corresponding online form.
These services may be integrated with a wide range of third-party services to enable the Owner to take subsequent steps with the Data processed - e.g., managing contacts, sending messages, analytics, advertising, and payment processing.
SurveyMonkey (SurveyMonkey Europe UC)
SurveyMonkey is a survey builder and data collection platform provided by SurveyMonkey Europe UC.
- Personal Data processed: Data communicated while using the service; email address; first name; last name; profession; website.
- Place of processing: European Union – Privacy Policy.
2.12 Registration and authentication provided directly by this Website
By registering or authenticating, Users allow this Website to identify them and give them access to dedicated services. Personal Data is collected and stored for registration or identification purposes only. The Data collected are only those necessary for the provision of the service requested by the Users.
Direct registration (this Website)
The User registers by filling out the registration form and providing the Personal Data directly to this Website.
- Personal Data processed: country; email address; first name; gender; last name; website.
2.13 Remarketing and behavioral targeting
This type of service allows this Website and its partners to inform, optimize, and serve to advertise based on past use of this Website by the User.
This activity is facilitated by tracking Usage Data and by using Trackers to collect information, which is then transferred to the partners that manage the remarketing and behavioral targeting activity. Some services offer a remarketing option based on email address lists. In addition to any opt-out feature provided by any of the services below, Users may opt-out by visiting the Network Advertising Initiative opt-out page.
You may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.
Google Ads Remarketing (Google Ireland Limited)
Google Ads Remarketing is a remarketing and behavioral targeting service provided by Google Ireland Limited that connects the activity of this Website with the Google Ads advertising network and the DoubleClick Cookie.
Users can opt-out of Google's use of cookies for ads personalization by visiting Google's Ads Settings.
- Personal Data processed: Cookies; Usage Data.
- Place of processing: Ireland – Privacy Policy – Opt-out.
Twitter Remarketing (Twitter, Inc.)
Twitter Remarketing is a remarketing and behavioral targeting service provided by Twitter, Inc. that connects the activity of this Website with the Twitter advertising network.
- Personal Data processed: Cookies; Usage Data.
- Place of processing: United States – Privacy Policy – Opt-out.
Facebook Remarketing (Facebook Ireland Ltd)
Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook Ireland Ltd that connects the activity of this Website with the Facebook advertising network.
- Personal Data processed: Cookies; Usage Data.
- Place of processing: Ireland – Privacy Policy – Opt-out.
LinkedIn Website Retargeting (LinkedIn Corporation)
LinkedIn Website Retargeting is a remarketing and behavioral targeting service provided by LinkedIn Corporation that connects the activity of this Website with the LinkedIn advertising network.
- Personal Data processed: Cookies; Usage Data.
- Place of processing: United States – Privacy Policy– Opt-out.
2.14 Tag Management
This type of service helps the Owner to manage the tags or scripts needed on this Website in a centralized fashion.
This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.
Google Tag Manager (Google Ireland Limited)
Google Tag Manager is a tag management service provided by Google Ireland Limited.
- Personal Data processed: Usage Data.
- Place of processing: Ireland – Privacy Policy.
2.15 Traffic optimization and distribution
This type of service allows this Website to distribute their content using servers located across different countries and to optimize their performance. Which Personal Data are processed depends on the characteristics and the way these services are implemented. Their function is to filter communications between this Website and the User's browser. Considering the widespread distribution of this system, it is difficult to determine the locations to which the contents that may contain Personal Information of the User are transferred.
Cloudflare (Cloudflare Inc.)
Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc.
The way Cloudflare is integrated means that it filters all the traffic through this Website, i.e., communication between this Website and the User's browser, while also allowing analytical data from this Website to be collected.
- Personal Data processed: Cookies; various types of Data as specified in the privacy policy of the service.
- Place of processing: United States – Privacy Policy.
2.16 User database management
This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to this Website, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks' profiles) and used to build private profiles that the Owner can display and use for improving this Website.
Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Website.
HubSpot CRM (HubSpot, Inc.)
HubSpot CRM is a User database management service provided by HubSpot, Inc.
- Personal Data processed: email address; phone number; various types of Data as specified in the privacy policy of the service.
- Place of processing: United States – Privacy Policy.
HubSpot Lead Management (HubSpot, Inc.)
HubSpot Lead Management is a User database management service provided by HubSpot, Inc.
- Personal Data processed: various types of Data as specified in the privacy policy of the service.
- Place of processing: United States – Privacy Policy.
3 Cookies and Similar Technologies
3.1 Cookies
Nevis and our partners use cookies or similar technologies (such as web beacons and JavaScript) to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. To find out more about how we use cookies on our Websites and how to manage your cookie preferences, please see our Cookie Policy.
3.2 Navigational Information Collected by Our Customers
Our customers can use the tools we provide, as well as tools provided by third parties, to collect Navigational Information when you visit their webpages on the Subscription Service. Nevis does not control our customers' use of these tools, nor do we control the information they collect or how they use it.
3.3 Advertising
We partner with a third party ad network to either display advertising on our Web site or to manage our advertising on other sites. Our ad network partner uses cookies and Web beacons to collect information about your activities on this and other websites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking here: http://preferences.truste.com/ (or if located in the European Union, by clicking here: http://www.youronlinechoices.eu/). Please note this does not opt you out of being served to advertise. You will continue to receive generic ads.
3.4 Third-Party Tracking Technologies
The use of cookies and web beacons by any tracking utility company is not covered by our Privacy Policy or Cookie Policy.
4 Your Rights
In accordance with and as far as provided by applicable law (as is the case where the GDPR is applicable), you have the right to access, rectification, and erasure of your personal data, the right to restriction of processing or to object to our data processing in addition to the right to receive certain personal data for transfer to another controller (data portability). You also have the right to withdraw a given consent at any time.
Please note, however, that we reserve the right to enforce statutory restrictions on our part. For example, if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests), or need the data for asserting claims. If exercising certain rights will incur costs on you, we will notify you thereof in advance.
In general, exercising these rights may require that you are able to prove your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). To exercise any of these rights, please contact us by our contact form or postal mail to Nevis Security AG, Birmensdorferstrasse 94, 8003 Zürich, Switzerland, Attention: Privacy. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.
You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails, updating your communication preferences, or postal mail to Nevis Security AG, Birmensdorferstrasse 94, 8003 Zürich, Switzerland, Attention: Privacy. Customers cannot opt-out of receiving transactional emails related to their account with us or the Subscription Service.
Our customers are solely responsible for their own marketing emails and other communications; we cannot unsubscribe you from their communications. You can unsubscribe from our customers' marketing communications by contacting them directly.
In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).