Privacy Policy
1. Scope
This privacy policy governs the processing by papilio ltd., Bellerivestrasse 16, 8008 Zurich (hereinafter ‘papilio’, or ‘we’) of the personal data of visitors to its website and of assessment participants (herein-after ‘you’).
The handling of data relating to our interactions with contractors and assessment participants is regulated separately.
2. Contact
You can contact us at the following address:
papilio ltd.
attn: Privacy Team
Bellerivestrasse 16
8008 Zurich
info@papilio.ch
papilio is represented by Jost Gloor (CEO).
Although we are able to receive queries regarding an assessment we carried out at the request of a client, we are contractually obliged to forward the query to our client, who will then address it. Should you therefore have completed an assessment with papilio, in order to safeguard your rights, it may be more appropriate to directly contact the company which contracted papilio to carry out the assessment. Please refer to the privacy policy of that company to find the relevant contact details.
3. General Terms and Conditions
papilio complies with the legal provisions for data protection. All personal data, protected under the Swiss Federal Data Protection Act (hereinafter ‘DPA’) or the European General Data Protection Regulation (hereinafter ‘EU GDPR’), which are collected during the registration process or during the visits to the website, are exclusively used as stated in the contract, unless there is express consent otherwise given by the user, especially with regards to this privacy policy, and if the applicable law al-lows further use of the data. Our employees are required to keep personal information confidential.
4. What personal data is collected, and for what purpose
We collect browsing and usage data from visitors to our website. For example, we collect information about the type and version of the browsers used by our website visitors, the time of the visit, which operating system is installed on the visiting device, from which website and link the visitor came to our website, and which elements of our website visitors use and how. This personal data is stored along with the IP address of the visitor and is used to optimize the display of our website, and to protect it against attacks or other infringements. We do not link any usage data to individual users, and evaluate the personal data anonymously, except in cases when personal data is needed to address infringements.
In addition, we collect the personal data that you submit via the e-mail addresses stated on the website and in this privacy policy.
Should you complete an assessment with us, we will process your personal data for the purpose of the assessment, which we carry out at the request of our client (i.e. the company for which you are completing the assessment), on the basis of our contractual agreement with them.
This includes the following:
- access to our exercises
- optimization and statistical analysis (your personal data will be anonymized)
- access to our digitized services
The personal data processed as part of the assessment tests can be grouped in the following categories:
- identifiable information (e.g. title, first and last name, date of birth, gender)
- technical information (e.g. public IP address, time and date of access, browser activities, browser settings and login ID data. This data is used exclusively for security purposes, namely authentication and input control.)
- assessment information (e.g. your answers)
5. Retention period
papilio stores personal data only for as long as it is necessary for its purpose, or as required by law. Electronic data will be stored on our server and archived after one year, in such a way that it will only be accessible to authorized personnel.
In the case of misuses (e.g. attacks to our IT systems, etc.), we retain relevant personal data for up to ten years.
6. Processing by third parties
papilio may also let third parties process personal data for the aforementioned purposes. These are companies commissioned by us for the technical operations of our information technology infrastructure (including but not limited to outsourcing, hosting, etc).
Data may be processed by papilio or by named third parties in a European or non-European country. If necessary, papilio will provide sufficient contractual guarantees to ensure that such a third party will use personal data in accordance with the legal requirements and exclusively in the interests of papilio. These are based on the standards of the European Commission, which are also recognized in Switzerland. You have the right to inspect the relevant contracts in part or in full.
If you complete an assessment with papilio, then we are entitled to pass the data on to the company that contracted us to carry out the assessment.
7. Automated decisions in individual cases and/or profiling
We do not use systems which rely solely on auto-mated decision-making processes and/or profiling; your personalized data will undergo human scrutiny.
We may however use your personalized data to support us in processes that include automated decision-making and/or profiling: papilio assessment systems use automated decision-making processes in the context of purely online assessments, in order to differentiate between candidates and to optimize our systems as well as our services in accordance with the specifications of our client. The rationale for these automated decisions is to compare your assessment responses to developed research models and industry knowledge that we have developed through our outstanding statistical, scientific and psychological expertise.
Should you wish to ask for a human revision of papilio’s automated decision-making and/or profiling, to express your point of view and/or to contest a decision made within this context, please contact the company for which you are participating in this assessment.
8. Cookies
papilio uses cookies on its website, which are small parcels of information stored on computers and which can be sent to your browser by papilio’s web server, stored on your computer and retrieved by the web server at a later visit. Cookies store information about the visitor’s online preferences and allow papilio to enhance the user experience.
You can delete existing cookies at any time in your internet browser and block additional cookies in your browser settings. However, blocking cookies may interfere with some of the features on papilio’s website.
9. Legal basis for data storage
The legal basis for the processing of personal data by papilio is given by Article 13 (2) (a) of the DPA (processing personal data in direct connection with the conclusion or the performance of a contract, which corresponds to Article 6 (1) (b) of the EU GDPR and Art. 31 para. 2 let. a of the revised Swiss Data Protection Act, DSG), and by Article 13 (1) of the DPA (consent of the data subject or an obligation to process the data by law), which corresponds to Article 6 (1) (a) of the EU GDPR and Art. 31 para. 2 let. a of the revised Swiss Data Protection Act (DSG).
In cases of misuse (such as attacks on our IT systems), we reserve the right to store the corresponding personal data to protect our own interests, based on Article 13 (1) of the DPA, which corresponds to Article 6 (1) (f) of the EU GDPR and Art. 31 para. 2 let. a of the revised Swiss Data Protection Act (DSG).
10. Your rights
Upon request, papilio will provide information to individuals as to which parts of their personal data, if any, is being processed (right to obtain confirmation, right of access).
Upon your request:
- we will forgo all or part of the processing of personal data (right to withdraw consent to the processing of non-essential personal data, right to be forgotten). We will also communicate your request to be forgotten to third parties to whom we may have forwarded your personal data
- we will amend the relevant personal data (right to rectification)
- we will restrict the processing of the relevant personal data (right to restriction of processing; in such cases we will only store the personal data or use it to protect potential le-gal claims or third-party rights)
- the company that has contracted papilio to carry out your assessment will have any automated decision scrutinized by a human being
- you will receive the relevant personal data in a structured, common and machine-readable format (right to data portability)
To submit a request to exercise one of the rights described in this section (for example, if you no longer wish to receive e-mail newsletters from us or if you wish to cancel your account), you can use the relevant functionality on our website or contact our data protection officer or a member of staff, according to the information shown above under ‘Contact’ (Chapter 2).
Should we decide not to comply with a request, we will inform you about our reasons not to do so. For example, we are legally entitled to deny deletion of your personal data if they are still needed for the original purpose, if the processing of the data is based on compelling legitimate grounds or if we have overriding personal interests (for example, in a lawsuit against the requestor).
Should we assert our overriding interests against your request, you still have the right to object to the processing of your personal data, provided that your particular situation may result in a different outcome compared to other data subjects (right to object). For example, this could be the case if you are a person with a public profile, or if the processing of the data could put you at risk of being harmed by a third party.
Should you not be satisfied with our response to your request, you have the right to lodge a complaint with a supervisory authority in your country of residence or in Switzerland (right to lodge a complaint).
Within this context, the competent responsible authority in the EU is:
VGS Datenschutzpartner UG
Am Kaiserkai 69
20457 Hamburg
Germany
e-Mail: info@datenschutzpartner.eu
web: https://www.datenschutzpartner.eu
You may also contact your local regulatory authority.
11. Applicable law and place of jurisdiction
This privacy statement and the contracts concluded on the basis of this privacy statement shall be governed by Swiss law, unless the law of another country is compulsorily applicable. Place of jurisdiction shall be Zurich, unless another jurisdiction has been stipulated.