Privacy Policy
The APRO Data Association (“APRO”) with registered office at [BVI], respects the privacy of Personal Data and is committed to protecting Personal Data. This Data Protection and Privacy Policy (this “Policy”) describes the policies and procedures APRO has implemented to protect Personal Data Processed by APRO in accordance with applicable Data Protection Laws.
APRO has voluntarily opted to apply the protections and obligations outlined in this Policy to all Data Subjects. However, such protections and obligations may be beyond the legal requirements of the jurisdiction of certain Data Subjects. Data Protection Laws vary widely across jurisdictions and while APRO will strive to meet this Policy for all Data Subjects, the Data Protection Laws for the Data Subject ultimately govern the protections conferred in the specific jurisdiction applicable to that Data Subject, and this Policy does not confer any rights beyond those granted by the relevant Data Protection Laws.
This Policy describes how APRO collects and uses Personal Data, the circumstances under which APRO may share Personal Data, the applicable rights of Data Subjects, and APRO’s technical and physical safeguards to protect the security of Personal Data.
DEFINITIONS
“Controller” means a natural or legal person, public authority, agency, or other body that, independently or jointly with others, determines the purpose and means of Processing Personal Data, as defined in Data Protection Laws. Controller shall refer to APRO, and with regard to certain processes, APRO may act as joint Controller with a third-party.
“Data Protection Laws” refer to applicable privacy legislations, regulations, or codes issued by data protection regulators.
“Data Subject” means a natural person who can be identified, directly or indirectly, by reference to their Personal Data.
“Personal Data” means any information attributable to an identified or identifiable natural person (a Data Subject), as defined in Data Protection Laws. Personal Data does not include data where the identity has been removed (anonymous data). Personal Data shall encompass Special Category Data.
“Process” or “Processing” or “Processed” or “Processes” means, as applicable, any operation or set of operations performed upon Personal Data, whether or not by automatic means.
“Processor” means a natural or legal person, public authority, agency, or other body that Processes Personal Data on behalf of a Controller, as defined in Data Protection Laws.
“Special Category Data” means Personal Data revealing racial or ethnic origin, criminal history, political opinions, religious or philosophical beliefs, sexual orientation, trade union membership, or health, genetic, or biometric data, or data pertaining to a child or minor.
A. GENERAL DATA PROTECTION INFORMATION
DATA PROTECTION PRINCIPLES
APRO is committed to processing data in accordance with its responsibilities under the Data Protection Laws, and in particular with the following principles:
- Fair, lawful and transparent processing;
- Collection for specified, explicit and legitimate purposes and no further processing in a manner that is incompatible with the specified purposes;
- Limitation to what is adequate, relevant and necessary in relation to the purposes for which the Personal Data is processed;
- Keep Personal Data accurate and up to date;
- Keep Personal Data only for as long as it is necessary or legally required;
- Process Personal Data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage;
- Process Personal Data in accordance with the rights of the Data Subject;
- Ensure an adequate level of data protection when transferring Personal Data to a country outside of the European Economic Area.
LEGAL BASIS FOR PROCESSING PERSONAL DATA
APRO will only use Personal Data when Data Protection Laws allow APRO to do so. Personal Data shall be Processed in a manner that is adequate, relevant, and not excessive in relation to the intended business purpose(s) of such Processing. A legal basis is required to process Personal Data. Personal Data may be processed only if at least one of the following legal bases applies:
1. Consent: Data Subject giving consent to the Processing of his or her Personal Data for a specific purpose(s);
2. Contractual necessity: Processing is necessary for the performance of a contract to which the Data Subject is party or entering into a contract;
3. Compliance with legal obligations: Processing is necessary for compliance with a legal obligation to which APRO is subject;
4. Vital interests: Processing is necessary in order to protect the vital interests of the Data Subject or of another natural person;
5. Public interests: Processing is permitted if it is necessary for the performance of a task carried out in the public interest;
6. Legitimate interests: Processing is necessary for the purposes of the legitimate interests pursued by APRO or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data.
RIGHTS OF DATA SUBJECTS
When applicable, APRO shall honor Data Subject rights, as described herein. In accordance with Data Protection Laws and in certain circumstances, a Data Subject may possess the right to:
1. Request access to his or her Personal Data that APRO holds to check that it is accurately and lawfully being processed;
2. Request correction of his or her Personal Data that APRO holds;
3. Request erasure of his or her Personal Data;
4. Object to Processing of his or her Personal Data where APRO relies on a legitimate interest (or those of a third party);
5. Request restriction of Processing of his or her Personal Data;
6. Request the transfer of his or her Personal Data;
7. Withdraw consent at any time where APRO relies on consent to Process Personal Data;
8. Be notified of a data breach involving a Data Subject's Personal Data.
APRO shall accept, when applicable, any written requests through the appropriate channels from a Data Subject to exercise his or her rights and freedoms pursuant to Data Protection Laws. APRO shall use reasonable means to verify the identity of the requester.
APRO DATA PROTECTION OBLIGATIONS
APRO and its Personnel have implemented appropriate technical and organizational measures to provide adequate protection regarding Data Subjects’ rights and the lawful, fair, and transparent Processing of Personal Data, as described herein. APRO data protection obligations include the following:
1. Consent: When consent is the lawful basis for Processing, APRO shall obtain the affirmative consent of a Data Subject prior to such Processing;
2. Purpose Limitation: APRO shall restrict the Processing of Personal Data to the intended business purpose(s);
3. Notification: APRO shall provide notification in clear language to a Data Subject at the outset of Processing;
4. Access: Upon request by a Data Subject, APRO shall provide such Data Subject with access to his or her Personal Data in the possession or under the control of APRO;
5. Correction: Upon request by a Data Subject, APRO shall correct any error or omission in a Data Subject’s Personal Data in the possession or under the control of APRO;
6. Erasure: Upon request by a Data Subject, APRO shall erase such Data Subject’s Personal Data in the possession or under the control of APRO;
7. Accuracy: APRO shall make a reasonable effort to verify that Personal Data Processed by or on behalf of APRO is accurate and complete;
8. Protection: APRO shall protect Personal Data in its possession or under its control by securing against unauthorized Processing;
9. Retention: Personal Data will be retained for as long as is necessary for the intended purpose;
10. Breach Notification: In the case of a data breach, APRO shall notify the supervisory or data protection authorities within seventy-two (72) hours.
SHARING OF PERSONAL DATA
APRO may share Personal Data with third-parties to Process (maintain, store, use) on APRO’s behalf. APRO requires all such Processors to take appropriate security measures to protect Personal Data in accordance with APRO’s policies. APRO does not allow Processors to Process Personal Data for their own purposes and only permits them to Process Personal Data for specified purposes and in accordance with APRO's instructions.
APRO may share Personal Data with third parties to Process on their own behalf. Such third parties will be considered joint-Controllers of such Personal Data. While joint-Controllers have shared discretion over the purposes of Processing, all such Controllers agree to Process such shared Personal Data in accordance with Data Protection Laws.
TRANSFER OF PERSONAL DATA ABROAD
APRO may transfer your Personal Data to third-parties based abroad for the purposes of the data processing described in this Policy. Such third-parties are obliged to protect the privacy of individuals to the same extent as APRO does. If the level of data protection in a country does not correspond to the Swiss or European level, APRO contractually ensures that the protection of your Personal Data corresponds to that in Switzerland or the EU at all times.
SECURITY MEASURES TAKEN TO PROTECT PERSONAL DATA
APRO has implemented appropriate elements of privacy by design in conjunction with technical and physical safeguards to protect the security of Personal Data from unauthorized or unlawful Processing. APRO uses a number of systems and applications to protect Personal Data at all times, which also allow for the following capabilities: the anonymization and encryption of Personal Data; the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of Processing Personal Data; the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and a process for regularly testing, assessing, and evaluating, at least annually, the effectiveness of such security measures.
THIRD PARTY WEBSITES AND SOCIAL MEDIA
This website may contain content and links to third-party websites that are not owned, operated, or controlled by APRO. APRO is not responsible for the privacy practices of or the content displayed on such third-party websites.
When engaging with APRO’s content on or through a third-party social networking website, plug-in, or application, APRO may Process Personal Data associated with your social media account.
B. SCOPE AND PURPOSE OF COLLECTION, PROCESSING, AND USE OF PERSONAL DATA WHEN VISITING OUR WEBSITES
When you visit our websites, our servers temporarily save each access in a log file. The following data may be collected without your intervention and stored by APRO until deletion, as is necessary in compliance with applicable laws:
- the IP address of the requested computer;
- the name of your internet access provider (usually your internet access provider);
- the date and time of access;
- the name and URL of the retrieved file;
- the page and address of the website from which you were redirected to the website and, if applicable, the search term used;
- the country from which the website is accessed;
- the operating system of your computer and the browser you are using (provider, version and language); and
- the transmission protocol used (e.g. HTTP/1.1).
The collection and processing of this data is carried out for the purpose of enabling the use of the website (connection establishment), to permanently guarantee system security and stability and to enable the optimization of our internet offer as well as for internal statistical purposes.
IF YOU CONTACT US BY E-MAIL
On the website you have the possibility to contact APRO or one of its experts by e-mail. You can also contact APRO for support questions by e-mail.
You are responsible for the message and/or transmitted content that you send to APRO. APRO recommends that you do not send any confidential data. Personal Data is only collected if you provide it to APRO voluntarily.
WHEN YOU APPLY FOR A JOB
If you submit a letter of application by e-mail, APRO processes the Personal Data you provide in order to check your application and, if necessary, to contact you in this context.
WHEN YOU APPLY AS DATA PROVIDER
When you apply as an APRO Data Provider, you may have to enter the following information into the online application form:
- E-mail;
- Company;
- First Name;
- Last Name;
- Street;
- Zip;
- City; and
- Country.
COOKIES, SCRIPTS AND RELATED TECHNOLOGIES
When you visit this website, APRO and its third-party service providers receive and record Personal Data that you may have provided and your digital signature, such as your IP address.
TRACKING TOOLS
Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited or Google Inc. Google Analytics uses methods that enable an analysis of the use of the website, such as cookies.
Google Tag Manager
We use Google Tag Manager, a service of Google Ireland Limited or Google Inc. to manage cookies and pixels for tracking tools and other tools.
Cloudflare Insights
We use the website functions from Cloudflare. Cloudflare offers a globally distributed content delivery network with DNS.
ADOBE TYPEKIT
This website uses so-called web fonts provided by Adobe Typekit for the uniform display of fonts.
LINKS TO OUR SOCIAL MEDIA PRESENCES
On the website, we have set up links to our social media presences on the following social networks.
REVIEW AND UPDATES TO POLICY
APRO will review and may update this Policy to reflect changes to APRO’s privacy practices or security measures as needed.
CONTACT
Please contact APRO by email at [support@apro.com] hould you have any questions or comments about this Policy or your Personal Data.