Silenccio AG attaches a great deal of importance to responsibly handling your personal data. In this privacy policy, we describe how and why we process personal data.
‘Personal data processing’ is hereinafter understood to mean the likes of the collection, storage, retention, use, modification, disclosure, archiving, erasure or destruction of personal data.
‘Personal data’ hereinafter refers to all information relating to an identified or identifiable person (e.g. first and last name, date of birth, email address).
Data protection does not apply to the data of legal persons. However, such data may be personal data insofar as it relates to an identified or identifiable natural person.
If you disclose personal data that belongs to other people to us, please inform them of our privacy policy or hand it over to them. Only share personal data that belongs to third parties if you are authorised to do so and if the information is correct.
This privacy policy does not contain an exhaustive description of our data processing activities. If we process your data in ways other than those specified in this privacy policy, we will inform you separately of how your data is protected. In addition, the statutory exceptions and restrictions to the obligation to provide information on data processing activities (Article 20 of the FADP) apply.
Where the generic masculine form is used to improve legibility, it will refer to people who identify as male, female and non-binary in equal measure.
In this privacy policy, we explain how we collect and process personal data on our website www.cyberpreventionservices.axa.ch and on our platform https://cyberpreventionservicesapp.axa.ch, what purpose we collect and process personal data for, who has access to your personal data, how long we process your data for, what rights you are entitled to in this regard, and how you can contact us.
Data processing on this website is carried out by Silenccio AG, Weinbergstrasse 111, 8006 Zurich.
You can contact the controller by post or directly by email (datenschutz@silenccio.ch).
The contract is concluded by and the service provided by Silenccio AG, Weinbergstrasse 111, 8006 Zurich.
When processing your personal data, Silenccio AG complies with all of the applicable data protection regulations, in particular the revised Swiss Federal Act on Data Protection (FADP), the implementing ordinance (FADP-O) and, if applicable, other data protection laws applicable on a case-by-case basis (e.g. the European Union’s General Data Protection Regulation (GDPR)).
We may amend our privacy policy at any time, in particular when changes are made to the law or jurisdiction or where necessary for business reasons. The current version published on our website is the valid version. Please check this page regularly to ensure that you are aware of any changes.
We undertake to treat all information entrusted to us in the course of our professional activities as confidential. This confidentiality extends to all personal data, business information and other confidential content that our customers or partners send to us. We use all personal data, business information and other confidential content that our customers or partners send to us exclusively for the agreed purposes and only disclose the same to third parties in accordance with this privacy policy. Our employees are obligated to maintain this confidentiality and have received relevant training.
Personal data is primarily collected directly from you (e.g. by means of online forms).
If you provide us with other people’s personal data, please ensure that these people are aware of our privacy policy. Only provide us with correct data and ensure that you are authorised to disclose the data to us. The exceptions pursuant to Article 20 of the FADP remain reserved.
Insofar as doing so is permitted, we receive data from partners / group companies such as AXA Versicherungen AG and AXA-ARAG Rechtsschutz AG. This includes the following data in particular: Policy number, partner number, name of the contract holder (company name), first and last name of the contact person as well as email address and telephone number of the contact person or insured company.
We process personal data that you disclose to us or that we lawfully receive from companies, partners or other third parties for the purposes and underlying objectives listed below or agreed with them.
We process your data in the course of the agreed prevention and intervention services. Depending on the service requested, we process the following personal data for this purpose:
First and last name of the registered person including title and function in the company, company name, company address, email address, mobile phone number, business telephone number, URL.
For example, we use the data you send us, such as your email address or telephone number, to provide our prevention services and to contact you directly by telephone or electronically by email to provide our intervention consulting services and the supplementary documents you send us to process the problem you have reported.
The legal basis for the processing of this data is the contract between the customer and Silenccio AG.
Your personal data (title, last name, email address) will also be processed in the context of customer surveys, in particular for sending emails with the link to the survey. The purpose of the customer surveys is to enable us to further develop our services. The surveys are completely anonymous, so no conclusions can be drawn about you as a person. If you nevertheless voluntarily provide information about yourself in a text box, we will anonymise or pseudonymise your data in the course of the evaluation process. Your consent to data processing is obtained in the survey form. This consent includes data processing by Silenccio AG and AXA Versicherungen AG. Data processing by AXA Versicherungen AG is carried out in accordance with its privacy policy (https://www.axa.ch/en/information/data-protection.html).
Silenccio AG can be contacted directly for individual enquiries by means of the www.cyberpreventionservices.axa.ch / https://cyberpreventionservicesapp.axa.ch website using the contact form, email address or telephone number. Personal contact details (title, first and last name, email address, telephone number) are requested. These are required for feedback and processing enquiries. We therefore have a legitimate interest in storing the data to process the enquiries.
When you apply for a vacancy with us, we process your data for the purpose of carrying out the application process. Your application data will only be shared with individuals who are involved in the application process. The data will generally be deleted six months after completion of the application process. If your application is followed by the conclusion of an employment contract, we will continue to store your data and use it for the purposes of the employment relationship.
We also process your data as part of our internal processes, for administrative matters, for training and for quality assurance purposes. Data processing is permitted based on our overriding legitimate interest, which consists of sensible management and development of the company.
We do not sell your data to third parties. Your data will only be disclosed to contract data processors (e.g. suppliers, IT service providers and other service providers) and third parties to the extent necessary or requested by you, in particular if doing so is necessary to fulfil legal obligations or for other purposes specified in this privacy policy.
In addition to statutory data protection, these recipients are also contractually obligated wherever possible to use the data exclusively for the intended purposes and to maintain confidentiality.
If the data processors themselves call in third parties, we may permit this on a case-by-case basis, provided that it is contractually ensured that the latter also only process the data to the same extent and that the provisions set out in data protection legislation are complied with.
In connection with business activities, personal data may be disclosed in Switzerland, member states of the EEA and, under certain circumstances, worldwide. Personal data may be disclosed abroad if the Federal Council has determined that the legislation of the country in question or the international body guarantees adequate protection (Article 16 (1) of the FADP). The exceptions under Article 16 (2) of the FADP and Article 17 of the FADP remain reserved.
Insofar as doing so is legally permissible and appropriate and one of the above-mentioned purposes of data processing justifies doing so, we disclose data to the third parties listed below so that they can process it for us for service provision purposes.
This specifically includes policy number, partner number, name of the contract holder (company name), first and last name of the contact person as well as email address and telephone number of the contact person or insured company.
Mailjet (France): For automatically sending emails. This involves the sending links for using our application, for alerts relating to monitoring and hazards. Please read Mailjet’s privacy policy at: https://www.mailjet.com/legal/privacy-policy/
EyeonID (Sweden): You enter your credit card number directly into EyeonID. We only store a reference number so that notifications from EyeonID can be assigned to our customers. Please read EyeonID’s privacy policy: https://a.storyblok.com/f/97758/x/8e3b24b229/eyeonid-privacy-policy_web_2021-11-19.pdf
HaveIbeenpwned (Australia): Exchanging personal data (first name, surname, email address, telephone number) exclusively for service provision purposes, in particular for checking for data leaks. Please read HaveIbeenpwned’s privacy policy at: https://haveibeenpwned.com/Privacy
Meta / Facebook (Ireland, the USA, Sweden, Denmark): Exchanging personal data (first name and surname, name by which you are generally known if applicable) exclusively for service provision purposes. Please read Meta’s / Facebook’s privacy policy at: https://www.facebook.com/privacy/explanation
Salesforce (the USA): Exchanging personal data for efficient company management purposes. Please read Salesforce’s privacy policy at: https://www.salesforce.com/uk/company/privacy/
payrexx (Switzerland): Exchanging personal data for payment processing. Please read payrexx’s privacy policy at: https://payrexx.com/en/datenschutzerklaerung
DeHashed (USA): Exchanging personal data (first name, surname, email address, telephone number) exclusively for service provision purposes, in particular for checking for data leaks. Please read DeHashed’s privacy policy at: https://www.dehashed.com/legal
reCaptcha (USA): In order to determine whether data entered on this website is being provided by a human user or by an automated program, reCAPTCHA analyses a variety of data, including the IP address, time the visitor spent on the website and cursor movements initiated by the user. The data tracked during these analyses are forwarded to Google. For more information about reCAPTCHA’s (Google) Privacy Policy, please visit https://www.google.com/intl/de/policies/privacy/ und https://policies.google.com/terms?hl=de.
CLARITY (Ireland): Clarity analyses how visitors click through the website and records data about visitors devices and browsers, their geographical location and language in order to improve users experience. This does not involve collecting any personal data, i.e. all data is anonymised before being analysed and stored to make sure it cannot be linked to individual users. Please read CLARITY’s (Microsoft) privacy policy at: https://privacy.microsoft.com/de-de/privacystatement.
The legal basis for exchanging data with the above-mentioned service providers is your consent to the contract.
We store your personal data for as long as we are legally obligated to do so (e.g. retention periods) or for as long as we have a legitimate interest in storing your data to provide our services and/or operate our websites.
You have the right to request information from us as to whether we process your personal data and, if so, which aspects of your personal data we process, for what purpose, where we obtained your personal data from, which recipients we disclose your personal data to and how long we store it for (see Article 25 of the FADP).
You have the right to have us correct incorrect data or complete incomplete data (Article 32 of the FADP). If we have stored incorrect or incomplete personal data about you, we will be happy to correct or complete it based on your notification. If the accuracy or inaccuracy of the personal data is unclear, you can request that a confirmation note be attached. Article 32 (1) (a) and (b) of the FADP remain reserved.
In accordance with Article 17 of the GDPR, you have the right to request the erasure or anonymisation of data that is not absolutely necessary for the performance of the contract or that is not processed based on legal bases (e.g. retention requirements) or an overriding legitimate interest on the part of Silenccio AG. If erasure proves to be technically impossible or involves disproportionate effort, we may reject your erasure request.
In accordance with Article 18 of the GDPR, you have the right to restrict processing (e.g. if you dispute the accuracy of the data or assert that your data is being processed unlawfully).
You have the right to object (as per Article 30 (2) (b) of the FADP, Article 21 of the GDPR) with immediate effect for the future to any processing of your personal data that is not absolutely necessary for the performance of the contract, does not have to be carried out on a legal basis or is carried out when an overriding or legitimate interest on the part of Silenccio AG does not exist.
Under the conditions set out in Article 28 of the FADP, you have the right to request that we provide you with the personal data you have disclosed to us in a commonly used electronic format or that we transfer your personal data to another controller. This is always done free of charge.
Please note that there are legal exceptions to the rights listed (Article 25 et seq. of the FADP). To the extent permitted by law, we may refuse your request to exercise these rights.
To assert your rights, please send your request to the following address, enclosing a copy of your identity card or passport (unless your identity is otherwise clear or you can be identified):
Contact for data protection matters:
Silenccio AG
Weinbergstrasse 111
8006 Zurich
Switzerland
Email: datenschutz@silenccio.com
You further have the right to lodge a complaint with the competent supervisory authority. The supervisory authority is the Swiss Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Bern, Switzerland.
The competent supervisory authority in the Principality of Liechtenstein is: Data Protection Authority of the Principality of Liechtenstein, Städtle 38, P.O. Box 684, 9490 Vaduz, Principality of Liechtenstein.
The Silenccio AG website and web application are hosted in the Google Cloud. The servers are located in Switzerland, the European Union and the USA. Personal data collected on this website is stored on Google Cloud servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data.
Please read Google’s privacy policy at: https://cloud.google.com/privacy/gdpr?hl=en.
For security reasons and to protect the transmission of confidential content, such as enquiries you send to us as the website operator, both the website and the web application use SSL and TLS encryption. You can recognise an encrypted connection when the address bar in your browser changes from ‘http://’ to ‘https://’ and a padlock symbol appears in your browser bar. When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.
When you access and use our website and web application, our web servers collect certain technical data about your visit, which is recorded in logs. This information includes the likes of:
Technical data alone does not normally allow any conclusions to be drawn about your identity. Although we know your provider and therefore the region you are accessing the site from based on your IP address, we are generally unable to work out your identity – provided that you have never logged in with a user account. However, if you identify yourself on our website with your name or an email address, we collect the technical data on a personal basis.
We use this data for technical troubleshooting purposes to prevent and investigate attacks on our systems.
We reserve the right to subsequently check the log data if there is legitimate suspicion of unlawful use based on concrete evidence.
Data processing is based on our legitimate interest in providing you with a secure user experience.
The website and the web application sometimes use what are known as ‘cookies’. A cookie is a small file that is automatically stored on your device or computer by your web browser when you visit our website. Cookies do not damage your computer in any way and do not contain any viruses. They provide information about website or app usage.
As a user, you initially have the option of blocking or deleting cookies in your browser. As a second step, you will be asked for your consent to set cookies in the browser. Without cookies, you may only be able to use the website to a limited extent.
The visitor data collected by the cookies is pseudonymised and stored separately from other personal data. The data can only be assigned to a person if they have clearly identified themselves for use of the website (e.g. by logging in). In this case, the information can be used for targeted advertising purposes.
The stored cookies can also be processed by our cooperation and advertising partners. However, they only receive data based on an identification number (what is known as the ‘cookie ID’). Personal data is not transmitted.
You can determine how cookies are used yourself by making appropriate settings in your browser. Depending on the settings you make, your use of certain websites may be restricted.
Essential cookies
These cookies serve to optimise how the website works, help to make use secure and cannot be disabled in our systems. They are necessary for navigation on the website and for using certain functions (e.g. email contact form). This saves certain actions you have carried out. These cookies also make it easier for you to use our website and ensure that you can make optimum use of different areas. These cookies are generally only set in response to actions you take where you request a service (e.g. when setting your privacy preferences, filling out the contact form or calculating a premium). Only first-party cookies are used.
Performance cookies
We use these cookies to count visits and recognise access sources. They help us to analyse and improve our website’s performance. We see on an anonymised basis how visitors move around our website and which content attracts how much interest. This enables us to further optimise our online presence and to provide you with a user experience that is tailored to your needs. This information is collected anonymously. We cannot draw any direct conclusions about you as a person. We use first-party cookies and Google Analytics.
The legal basis is your consent in the cookie banner.
Functional cookies
These cookies enable enhanced functionality and personalisation, such as the playback of videos stored on the websites. This allows us to customise our website to the personal preferences of each and every user. The cookies may be set by us or by third-party providers whose services we use on our site. We save your entries and your selection of the pages viewed (e.g. viewing an agency page by means of the agency / consultant search). We may also use cookies, for example, to save your login credentials for forms or logging in so that you do not have to re-enter your login credentials each time you visit our website. If you do not allow these cookies, some or all of these functions may not work properly.
We use performance cookies from Github.com and YouTube.
Both the website and the web application have videos from YouTube integrated in them. The operator of YouTube is Google Ireland Limited (hereinafter referred to as ‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our web pages featuring an integrated YouTube video, a connection to YouTube’s servers is established. During this process, the YouTube server is made aware of which of our pages you have visited. Furthermore, YouTube can store cookies on your terminal device. These cookies enable YouTube to obtain information about visitors to this website. To name but a few examples, this information is used to collect video statistics, improve user friendliness and prevent attempted fraud. The cookies remain on your terminal device until you delete them. If you are logged into your YouTube account, you are enabling YouTube to allocate your surfing behaviour directly to your personal profile. You can prevent this from happening by logging out of your YouTube account.
Please read YouTube’s privacy policy at: https://policies.google.com/privacy?hl=en.
Websites and services provided by other providers that are linked to from our website or web application are designed and provided by third parties. We have no influence over the content and function of these third-party services. Please note that the linked third-party services may install their own cookies or collect personal data. We have no influence over this.