1. Who we are

• Controller: Octotronic AG
• Address: Technoparkstr. 1, 8005 Zürich, Switzerland
• Privacy email: privacy@octotronic.com
• EU representative: VISENSE Service GmbH, August -Bebelstr. 88, 14482 Potsdam, German
• EU representative email: privacy@visense-service.io

‍

2. Scope of this policy

This policy covers personal data that we process about the following groups.

• Website visitors, newsletter subscribers, event registrants, and persons who download materials from octotronic.com
• Business contacts, customers and prospects and their employees in the course of sales and customer relationship activities
• Employees including former, future and temporary, and externals working on site
• Applicants and other interested persons
• Users who interact with our public websites and any applications or software that we make available outside the OctoCore SaaS product

This policy does not cover inproduct processing inside OctoCore. That processing is governed by customer contracts and our Data Processing Addendum when we act as a processor. Employees and applicants receive additional notices where required.

‍

3. Scope of this policy

3.1 Contact and lead data: identification and contact details, company and role, the content of your inquiry, meeting notes, communication preferences.

3.2 Newsletter and event data: email address, subscription preferences, registration details, attendance status and related logistics.

3.3 Download data: contact details provided to access downloads and download metadata.

3.4 Usage data from the website and public apps: IP address, device and browser information, pages viewed, timestamps, referrer, approximate location derived from IP, error codes and basic diagnostic information.

3.5 Cookies and similar technologies: see our Cookie Notice for categories, tools and retention.

3.6 Employment data: for employees including former, temporary and externals on site we process identification and contact details, employment history and role, contract and payroll data, time and attendance, training records, access logs for company systems and premises, and information required to meet legal duties.

3.7 Applicant data: identification and contact details, CV and application documents, interview and assessment information, references that you authorize us to obtain, and communication records.

‍

We do not create user accounts on the public website and we do not ask you to upload files on the website.

‍

4. Sources of data

• Directly from you through forms, signups, emails, meetings, interviews and events.
• Automatically from your device when you browse the website or use our public applications and when embedded services load.
• From service providers such as hosting, analytics, email delivery, event tools and CRM.
• From publicly available business sources and professional networking platforms where permitted.

‍

5. Why we use the data and legal bases

5.1 Respond to inquiries and provide requested information or registrations. Legal bases are contract or precontract steps.

5.2 Send newsletters and product updates when you opt in. Legal basis is consent. You can withdraw any time.

5.3 Operate, secure and improve the website and public apps including analytics and troubleshooting. Legal bases are legitimate interests and consent where required for cookies that are not essential.

5.4 Manage sales leads and customer relations in our CRM. Legal basis is legitimate interests.

5.5 Human resources administration. Manage employment, access, payroll, benefits and workplace safety. Legal bases are performance of the employment contract, legal obligations and legitimate interests.

5.6 Recruitment. Receive, review and decide on applications, communicate with you and keep limited records. Legal bases are precontract steps at your request and legitimate interests. Where local law requires consent for a specific step we will ask for it.

5.7 Legal compliance and protection of rights. Comply with legal obligations, establish, exercise or defend legal claims and protect people and our services.

‍

6. Cookies and consent

6.1 Consent management: we use CookieYes to collect and manage consent for cookies that are not essential. The banner presents categories and your choices. You can reopen preferences at any time using the CookieYes control on the site or the Cookie Settings link in the Cookie Notice.

6.2 Categories: essential cookies are needed for the site to function and for security. Analytics, marketing and embedded media cookies are used only with your consent. Details appear in the Cookie Notice.

‍

7. Services we use

We rely on trusted service providers that process personal data only on our instructions and for our purposes. These include the following categories and key providers.

• Hosting or CDN: [provider name] for content delivery and security
• Consent management: CookieYes for the banner and preference storage
• Analytics: Google Analytics for usage statistics
• CRM: Close CRM for lead and relationship management
• Email delivery and newsletters: Mailgimp for message delivery and subscription management
• Event and form tools: Eventbrite for registrations and form handling
• Embedded media and maps: YouTube and Google Maps for videos and maps
• Social media measurement: LinkedIn Insight Tag for campaign measurement

Each provider receives only the data needed to deliver its service. Some providers may process data outside Switzerland or the EEA. Where that happens we use safeguards such as the Standard Contractual Clauses with Swiss addenda. See section 8.

‍

8. International transfers

If any provider processes personal data outside Switzerland or the European Economic Area we use safeguards recognized under Swiss and EU law. These include the Standard Contractual Clauses with Swiss addenda and complementary measures where needed. Once your vendor list is finalized we will reflect the relevant locations in the Cookie Notice and in our internal records.

‍

9. Retention

9.1 Contact and lead records are kept up to 24 months after the last interaction unless law requires longer.

9.2 Newsletter data is kept until you unsubscribe then retained on a suppression list to honor your choice.

9.3 Event and download records are usually kept 12 to 24 months after the event or download.

9.4 Server and security logs are usually kept 30 to 180 days.

9.5 Analytics data is usually kept 3 to 18 months depending on the tool configuration.

9.6 Core employment records are kept for the periods required by law.

9.7 Applicant records are kept for a limited period after the process ends then deleted unless you agree that we may keep your profile for future roles.

‍

10. Security

We apply technical and organizational measures appropriate to risk. Measures include encryption in transit, access controls based on least privilege, logging and monitoring, regular backups, secure development practices and vendor due diligence. We notify authorities and affected persons when the law requires it.

‍

11. Automated decision making

We do not make fully automated decisions that produce legal or similarly significant effects about individuals in the context of this website and our public apps.

‍

12. Your rights

Depending on your situation and the applicable law you can request information about our processing and a copy of your data. You can request correction of inaccurate data, deletion in certain cases, restriction in certain cases and objection to processing based on legitimate interests including direct marketing. You can withdraw consent at any time. For newsletters you can use the unsubscribe link.

‍

13. How to exercise your rights

Email privacy@octotronic.com. We aim to respond within 30 days. To protect your data we may ask for limited information to verify identity.

‍

14. Children

This website and our public apps are intended for business users. We do not knowingly collect personal data from children.

‍

15. Complaints

You can contact the Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Bern, Switzerland. If EU or UK data protection law applies to you, you may also contact your local supervisory authority.

‍

16. Changes and contact

We update this policy when our practices or the law change. The effective date is shown at the top.

Contact: Octotronic AG, Technoparkstr. 1, 8005 Zürich, Switzerland
Email: privacy@octotronic.com