Why do we collect Information and Personal Data?
In general, we collect your information and personal data in order to provide our website, products and services in the most consistent, efficient and user-friendly manner possible. We also collect it to provide appropriate customer support and for purposes of research and development.
We may, in particular, collect information and personal data to:
- fulfill our contractual obligations with you
- fulfill our obligations regarding our products and services
- send renewal and billing reminders for subscriptions
- respond to your e-mails and other requests
- process job applications
- improve the usability of our websites, products and services
- improve and optimize the operation and performance of our websites, products and services
- diagnose problems, errors and security risks in products and services and on our websites
- prevent fraud and other abuse of our products, services, systems and website
- comply with the applicable laws and regulations
When using our website, products and services you generally have choices regarding the information and personal data you wish to share with us. When we ask for such data you can always decline to provide it. Parts of our website and many of our products and services require however a certain amount of your personal data for their proper performance and use of features. If you decline to provide that personal data, we won’t be able to deliver the full services to you.
What type of Personal Data might we request?
In general, we may request the following personal data:
- Email address
- SIP address
- IP Address
- Company name and Business address
- Telephone number
- Billing and payment information where you subscribe to services online
- Educational background and employment experience for job applications
When you visit our websites, we also collect information such as your browser type and access times. For more information on Cookies please visit our Cookie information (www.luware.com/en/cookie-notice/).
When and how do we collect your Information and Personal Data?
In general, we may ask for information and personal data when you:
- use our websites
- use our services or products
- request quotes, services, support, downloads, upgrades, trials or general information
- place orders for products or subscribe to services and make payments
- register for events
- subscribe to newsletters, programs, promotional emails or other material
- apply for a job or submit your CV
- contact us in general
How do we keep your Personal Data safe?
We take all reasonable steps to protect your information and personal data from misuse, interference and loss, as well as unauthorized access, modification or disclosure. The ways we do this include:
- encryption when collecting or transferring sensitive personal data
- limitation of physical access to our premises and devices
- limitation of access to the information we collect about you
- limitation of access on a strict need-to-know basis
- installation of appropriate security safeguards
- deletion or de-identification of personal data where required by law or by you (where permitted by the applicable law)
- signature of strict confidentiality agreements with all employees, partners and third parties we may disclose your personal data to
- encryption, wherever possible, if personal data is transferred outside the European Union, European Economic Area, Switzerland or the UK
This list is not exhaustive. If you wish to receive more information about the data security measures at Luware please contact firstname.lastname@example.org.
Luware AG holds the ISO 9001 and ISO 27001 certification. More information can be obtained by contacting email@example.com.
How do we use your Information and Personal Data?
In general, we use information and personal data to:
- provide our website, products and services to you in an appropriate manner by means of updating, securing and troubleshooting
- offer hosting and support services
- send communications about services and products for example regarding hosting services, product information or order status and confirmation
- send billing reminders and take payments for subscription renewals and other services we offer
- facilitate communication between you and us or between you and our certified partners
- customize, analyze, improve and develop our products, services, technologies, communications and our relationship with you
- prevent fraud and other illegal activities or to comply with the applicable laws in general
- protect the security and integrity of our business, websites, web-apps, products and services
- otherwise, as agreed between you and us at the point of collection of your personal data
We also use some of your information and personal data internally to operate our business, which includes analyzing our performance over a period of time, meeting legal obligations, developing and improving performance of employees and for research purposes.
Who may we disclose your Personal Data to?
General. We do not share your personal data with third parties, unless it is necessary to carry out your requests, for our professional or legitimate business needs, or as required or permitted by law. Therefore, we may disclose your personal data to:
- Luware Affiliates and Luware employees
- Luware certified Partners and other authorized third parties
- Authorities where required by the applicable laws or where responding to a legal process
- Third parties for the purpose Luware’s internal business infrastructure (e.g. backup, storage, payment, ticketing tool, electronic signatures, hosting platform, etc.)
Affiliates. Luware AG and all its Affiliates may share the personal data between each other. This relationship and the handling of personal data is governed by the Luware intracompany agreement which addresses and ensures compliance with the legal requirements of the applicable law.
Employees and Partners. All Luware employees and contractual partners of Luware are bound to strict confidentiality agreements. We keep all your personal data securely, adhering to strict organizational and technical safety procedures in accordance with the applicable data protection laws.
Infrastructure. Currently we are using the following third parties for the purpose of our internal business infrastructure: Microsoft (collaboration tool, customer relationship management and hosting infrastructure); Salesforce (cloud-based CRM system; https://www.salesforce.com/de/company/privacy/); Workday (HR and project tracking cloud-based system; https://www.workday.com/en-us/privacy.html); DocuSign (cloud-based electronic document signature service; https://www.docusign.de/unternehmen/datenschutz); Zendesk (cloud-based customer support services; https://www.zendesk.com/company/customers-partners/privacy-policy/); Totango (cloud-based customer success platform; project tracking; https://www.totango.com/privacy-policy); Chargify (cloud-based subscription management payment solution; https://www.chargify.com/privacy-policy/).
Where we do transfer your personal data to such third parties or service providers, appropriate arrangements will be made in order to ensure correct and secure data processing in compliance with applicable data protection laws (e.g. EU Standard Contractual Clauses, Data Processing Agreements). We do not permit our third-party service providers to use the personal information that we share with them for their marketing purposes or for any other purpose than in connection with the services they provide to us.
Where do we keep your Personal Data?
General. The data is generally stored at the head office in Zurich (Switzerland) or, if applicable, with a Luware Affiliate. Switzerland has been approved by the EU Commission as a country outside of the EU and the EEA which guarantees sufficient safeguards with respect to the protection of your personal data.
Luware UK Ltd. In the wake of Brexit, the UK is no longer within the EU and is therefore considered a “third country” according to the GDPR. The EU Commission is yet to issue an adequacy decision according to Art.45 GDPR. For this reason, Luware UK has entered into EU Standard Contractual Clauses (SCC) with Luware AG and with Luware Deutschland GmbH in order to govern the transfer of personal data between the Swiss affiliates and Luware UK and between the German affiliate and Luware UK.
Cross border transfer. Luware may transfer personal data outside the European Economic Area (EEA), Switzerland or the UK. In such a case, Luware will, wherever possible, anonymize that personal data so it is no longer classified as personal data according to the applicable data protection laws. Should such an anonymization not be possible, Luware will ensure that any such transfer takes place in accordance with the applicable laws (e.g. by issuing EU Standard Contractual Clauses and/or by performing risk assessments).
EEA Representative (Art. 27 GDPR): Luware Deutschland GmbH, Schlossstrasse 70, 70176 Stuttgart, Germany; Contact Person: Philipp Beck, Luware Group CEO and Managing Director of Luware Deutschland GmbH.
UK Representative: Luware UK Limited, 70 Wapping Wall, London, E1W 3SS, UK; Contact Person: Alexander Grafetsberger, Executive Director at Luware UK Limited.
How long do we keep your Personal Data for?
We will retain your personal data where we have an ongoing legitimate business need to do so (for example, to provide you with our services, to ensure the use of the website, and to comply with the applicable legal, tax or accounting requirements). Where there are specific contracts in place, we will delete or return to you your personal data within a reasonable timeframe after termination of the contract, unless prohibited by the applicable laws or as agreed otherwise between you and us. All personal data will be deleted when it is no longer needed for the original purpose (unless prohibited by law).
What are your rights?
You have the right, at any time, to request information about the personal data we keep of you. You have the right to request such information in electronic form and, where necessary, request rectification should your personal data not be up to date or inaccurate. Where personal data is not strictly necessary for the performance of the website, products or services or contractual obligations, you may also request for such personal data to be permanently and securely deleted.
We want to keep your personal data up to date. If you wish to receive information on the personal data we keep of you or if you would like to have your personal data deleted, please send an email to firstname.lastname@example.org with the subject “Data Subject Request” as well as your company reference and/or name. Your request will be dealt with in due course and in any case within one month of receipt of such a request. Should Luware only be the data processor of your personal data, then Luware will forward your request to the data controller as soon as reasonably practicable.
You have the right to lodge a complaint with the competent supervisory authority:
Switzerland: Swiss Federal, Data Protection, and Information Commissioner, Feldeggweg 1, 3003 Berne; For more information please refer to: https://www.zh.ch/de/kantonsrat/datenschutzbeauftragte-des-kantons-zuerich.html
Germany: Landesbeauftragter für Datenschutz und Informationsfreiheit Baden-Wüttenberg: https://www.baden-wuerttemberg.datenschutz.de/kontakt-aufnehmen/
UK: Information Commissioner’s Office UK: https://ico.org.uk/global/contact-us/
Applicable Law and Jurisdiction