Why do we collect Information and Personal Data?
In general, we collect your information and personal data in order to provide our website (“Website”), products and services (e.g cloud services or support services) (together “Services”) in the most consistent, efficient and user-friendly manner possible. Personal data is only processed with the consent of the Users, unless the processing of the data is legally permitted.
We collect personal data and information in particular in order to:
- fulfill our contractual obligations with you
- fulfill our obligations regarding our Services
- send you payment reminders and receive payments for subscriptions to our Services
- enable you to communicate with us, respond to your e-mails and other requests
- process job applications
- improve the usability of our Website and Services
- improve and optimize the operation and performance of our Websites and Services
- diagnose problems, errors and security risks in our Services or on our Website
- prevent fraud and other abuse of our Services, systems or Website
- comply with the applicable laws and regulations
When using our Website or Services you generally have choices regarding the information and personal data you wish to share with us. When we ask for such data, you can always decline to provide it. However, parts of our Services or Website require certain personal data for the proper execution and use of the functions of the Services or Website. Therefore, if you refuse to provide us with the necessary information, you will unfortunately not be able to make full use of the Services or Website.
What type of Personal Data might we process?
In general, we may process the following personal data:
- Email address
- SIP address
- IP Address
- Company name and Business address
- Telephone number
- Billing and payment information where you subscribe to Services online
- Educational background and employment experience for job applications
For information on the data we process in our cloud-based Services please refer to our Whitepapers Luware Recording and Luware Nimbus.
When and how do we collect your Information and Personal Data?
In general, we may ask for information and personal data when you:
- use our Website
- use our Services
- request quotes, Services, support, downloads, upgrades, trials or general information
- place orders for Services
- make payments
- register for events
- subscribe to newsletters, programs, promotional emails, or other material
- apply for a job or submit your CV
- contact us in general
How do we keep your Personal Data safe?
For Users of our cloud-based Services, the Whitepapers Luware Recording and Luware Nimbus apply.
We take all reasonable steps to protect your information and personal data from misuse, interference and loss, as well as unauthorized access, modification or disclosure. The ways we do this include:
- encryption when collecting or transferring sensitive personal data
- limitation of physical access to our premises and devices
- limitation of access to the information we collect about you
- limitation of access on a strict need-to-know basis
- installation of appropriate security safeguards
- deletion or de-identification of personal data where required by law or by you (where permitted by the applicable law)
- signature of strict confidentiality agreements with all employees, partners and third parties we may disclose your personal data to
- encryption, wherever possible, if personal data is transferred outside the European Union, European Economic Area, Switzerland or the UK
This list is not exhaustive. The current technical and organizational measures of Luware can be found under Luware Technical and Organizational Measures and in the Luware Whitepapers Luware Recording and Luware Nimbus.
If you wish to receive more information about the data security measures at Luware please contact email@example.com.
Luware AG holds the ISO 9001 and ISO 27001 certification. More information can be obtained by contacting firstname.lastname@example.org.
Who may we disclose your Personal Data to?
General. We do not share your personal data with third parties, unless this is necessary to fulfil the purpose for which the data was collected, for example to fulfil contractual obligations, to respond to your enquiries, for our professional or legitimate business purposes or because of legal requirements. Personal data may be disclosed to or processed by the third parties listed below, where strictly necessary, for the purposes set out above:
- Luware Affiliates and Luware employees
- Luware certified Resellers and other authorized third parties
- Authorities, where required by the applicable laws or, where responding to a legal process
- Third parties for the purpose Luware’s internal business infrastructure (e.g. backup, storage, payment, ticketing tool, electronic signatures etc.)
- Microsoft Azure for our cloud-based Services
Luware Affiliates. Luware AG and all its Affiliates may share the personal data between each other. This relationship and the handling of personal data is governed by the Luware intracompany agreement which provides for compliance with the legal requirements of the applicable laws.
Luware Employees. All Luware employees are bound to strict confidentiality undertakings as part of their employment contract. This includes the relevant policies such as Personnel Regulations, IT-Security Regulations or Remote Working Policies.
Luware Resellers. Luware’s authorized resellers have entered into a Reseller Agreement with Luware which includes strict confidentiality undertakings and the requirement to adherence to the applicable data protection laws.
Infrastructure. Currently we are using the following third parties for the purpose of our internal business infrastructure: Microsoft (collaboration tool, customer relationship management and hosting infrastructure); Salesforce (cloud-based CRM system; https://www.salesforce.com/de/company/privacy/); DocuSign (cloud-based electronic document signature service; https://www.docusign.de/unternehmen/datenschutz); Freshdesk (cloud-based customer support services; https://www.freshworks.com/privacy/); Totango (cloud-based customer success platform; project tracking; https://www.totango.com/privacy-policy); Chargify (cloud-based subscription management payment solution; https://www.chargify.com/privacy-policy/).
Where we do transfer your personal data to such third parties or service providers, appropriate arrangements will be made in order to ensure correct and secure data processing in accordance with applicable data protection laws (e.g. EU Standard Contractual Clauses, Data Processing Agreements, Data Protection Impact Assessments). We do not permit our third-party service providers to use the personal information that we share with them for their marketing purposes or for any other purpose than in connection with the services they provide to us.
Where do we keep your Personal Data?
General Data. The data is generally stored at the head office in Zurich (Switzerland) or, if applicable, with a Luware Affiliate. Switzerland has been approved by the EU Commission as a country outside of the EU and the EEA which guarantees sufficient safeguards with respect to the protection of your personal data according to Art. 45 GDPR.
Data on cloud-based Services. Data we process in connection with our cloud-based Services is stored and processed in the Microsoft Azure Cloud. The location of the Microsoft Azure Cloud instance can be chosen by the customer. We currently offer the locations Switzerland, Germany and UK. Luware Affiliates, Luware UK, Luware Deutschland GmbH and Luware Poland Sp. z o.o may process data solely to provide support, troubleshooting and maintenance services to our customers. More information on the processing of customer data within our cloud-based Services can be obtained in our Whitepapers Luware Recording and Luware Nimbus.
Cross border transfer. Luware may transfer personal data outside the European Economic Area (EEA), Switzerland or the UK. In such a case, Luware will, wherever possible, anonymize that personal data so it is no longer classified as personal data according to the applicable data protection laws. Should such an anonymization not be possible, Luware will ensure that any such transfer takes place in accordance with the applicable laws (e.g. by issuing EU Standard Contractual Clauses and/or by performing a Data Transfer Impact Assessment).
EEA Representative (Art. 27 GDPR): Luware Deutschland GmbH, Schlossstrasse 70, 70176 Stuttgart, Germany; Contact Person: Philipp Beck, Luware Group CEO and Managing Director of Luware Deutschland GmbH.
UK Representative: Luware UK Limited, 70 Wapping Wall, London, E1W 3SS, UK; Contact Person: Alexander Grafetsberger, Executive Director at Luware UK Limited.
How long do we keep your Personal Data for?
The personal data of the Users will be deleted as soon as the original purpose of the processing ceases to apply, unless Luware is obliged as a processor to store the personal data in question for a longer period of time in accordance with applicable law. Personal data will be deleted as soon as the retention period provided in the applicable law expires. A different regulation can be provided for between you and Luware in the respective contracts.
Available customer data in our cloud-based Services is deleted per default within 30 days of termination of a subscription to the Services unless otherwise agreed between you and Luware or unless Luware is obliged to retain the data for a longer period of time in accordance with applicable law.
What are your rights?
Right to be Informed and Right of Access. You have the right, at any time, to request information about the personal data we keep of you. You have the right to request such information in electronic form and, where necessary, request rectification should your personal data not be up to date or inaccurate.
Right of Erasure. You have the right, at any time, to request we securely and permanently delete your personal data available to us. Please note that if you request deletion of personal data that is necessary for us to provide the Website or Services then you may not be able to use our Website or Services. Where your personal data is not strictly necessary for the performance of the Website or Services, you may request for such personal data to be permanently and securely deleted.
Legal Restrictions. In some cases, your ability to access or control your personal data will be limited, as required or permitted by the applicable law.
Request. If you wish to receive information on the personal data we keep of you, or if you would like to have your personal data deleted, please send an email to email@example.com to the attention of the Data Protection Officer with the subject “Data Subject Request” as well as your company reference and/or name. Your request will be dealt with in due course and in any case within one month of receipt of such a request. Should Luware only be the data processor of your personal data, then Luware will forward your request to the data controller as soon as reasonably practicable.
Luware Contact. Luware Data Protection Officer, firstname.lastname@example.org; Luware AG, Pfingstweidstrasse 102, 8005 Zürich Switzerland.You have the right to lodge a complaint with the competent supervisory authority:
Switzerland: Swiss Federal, Data Protection, and Information Commissioner, Feldeggweg 1, 3003 Berne; For more information please refer to: https://datenschutz.ch/die-datenschutzbeauftragte
Germany: Landesbeauftragter für Datenschutz und Informationsfreiheit Baden-Wüttenberg: https://www.baden-wuerttemberg.datenschutz.de/kontakt-aufnehmen/
United Kingdom: Information Commissioner’s Office UK: https://ico.org.uk/global/contact-us/
Applicable Law and Jurisdiction