EquiMatch.AI (hereafter: “EquiMatch”, “us”, or “we”) is committed to protecting your privacy. This Privacy Statement tells you what to expect EquiMatch to do with your personal information.
Please note that we refer to individuals who are clients of EquiMatch that wish to engage in a proprietary partnership with another organization as “Buyers”. A member of an organization that could (potentially) be approached by a Buyer or by EquiMatch for a partnership on behalf of a Buyer is referred to as an individual from a "Company of Interest".
This Privacy Statement only applies to personal information processed when someone visits our website and to the processing of personal information of individuals from Companies of Interest. Information for Buyers regarding their role in handling the personal information of individuals from Companies of Interest and of EquiMatch employees transferred to them by EquiMatch is available in Annex I.
This Privacy Statement has the following sections:
If you have any questions regarding this Privacy Statement or would like to exercise your data protection rights, you may contact us via our contact form. You may also use this contact form to get in touch with our representative in the EEA.
We collect or use the following personal information to provide and improve our services:
We do not process sensitive data, also known as "special category data", unless it has been manifestly made public by you, as an individual from a Company of Interest, on work-related channels such as your public website or public professional profile(s). We only process21 this information if it informs an integral part of your company's professional identity. To give you an example, if you create accessible products for the blind and you yourself, as the founder of the company, are blind, and this has been manifestly made public by you as part of promotional messages related to your products, then there is a possibility we will have a record of such information.
We do not process any personal information related to criminal convictions or offenses.
We may use your personal information as part of a profile related to your company.
We collect or use the following personal information to comply with legal requirements:
We collect or use the following personal information for dealing with queries, complaints or claims:
We must have a legal justification, or “lawful basis”, for collecting and using your personal information.
Which lawful basis we rely on may affect your data protection rights, which are in brief set out below:
Please note that the rights above are not absolute and may not apply in every case, even as detailed in the "our lawful bases for the collection and use of your information" section. Each data subject request will be evaluated on a case-by-case basis.
If you make a request to exercise your rights, we must respond to you without undue delay, and in any event within one month.
To make a data protection rights request, please contact us using our contact form.
You may also use the above contact form to make any complaints related to our processing of your personal information. If you remain unhappy with how we’ve used your information after filing a complaint with us, you can also complain to your local data protection authority.
Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:
Our lawful bases for collecting or using personal information to comply with legal requirements are:
Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:
If you are an individual from a Company of Interest, we get your personal information from publicly available sources, legitimate and legally operating paid sources, or directly from you.
If you are a website visitor, we get your personal information directly from you, from your interactions with our service.
We will only retain your personal information for as long as is necessary to fulfill the purposes we collected it for as enumerated above, including to satisfy any legal, accounting, or reporting requirements.
If you want to learn more about our specific retention periods for your personal information, you may contact us via our contact form.
Upon expiry of the applicable retention period, we will securely destroy your personal information in accordance with applicable laws and regulations.
We do not share personal information with third parties, except as necessary for our legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards. We may share personal information with third parties such as:
Where necessary, we may transfer personal information outside of the EEA and our base of operations in Switzerland. When doing so, we comply with data protection law, making sure appropriate safeguards are in place. Where an adequacy decision is not present and the Swiss-US/EU-US Data Privacy Framework does not apply, we use standard contractual clauses approved by the European Commission to safeguard transfers to third countries.
For further information regarding the safeguards applied to international transfers, please contact us using our contact form.
xx November 2024
"Agreement" refers to the service agreement between EquiMatch and Buyers, titled "MANDATE AGREEMENT FOR TARGET ORIGINATION"
The terms "Controller", "Data Subject", "Personal Data", "Processing", and "Processor", refer to the terms as defined in the FADP and GDPR.
"Data Privacy Framework" refers to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework self-certification program (as applicable) operated by the U.S. Department of Commerce.
“FADP" refers to the Swiss Federal Act on Data Protection of 25 September 2020 (SR 235.1).
“GDPR” refers to Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation).
"Standard Contractual Clauses” refers to the standard contractual clauses annexed to the European Commission’s Decision (EU) 2021/914 of 4 June 2021 currently found at https://eur-lex.europa.eu/eli/dec_impl/2021/914, as may be amended, superseded, or replaced.
Buyers and EquiMatch each act independently as Controllers when considering all activities within the scope of the Agreement. If the Buyer and EquiMatch enter into a Controller – Processor relationship, they will conclude a separate agreement as mandated by the FADP, and where applicable, the GDPR.
Where EquiMatch will be transferring Personal Data to the Buyer, and the Buyer is not based in a country that offers an adequate level of protection as defined under the FADP, and the relevant Data Privacy Framework does not apply, Module One of the Standard Contractual Clauses will apply. In Clause 7, the optional docking clause applies; in Clause 11, the optional language is deleted; in Clauses 17 and 18, EquiMatch and the Buyer agree that the governing law and forum for disputes for the Standard Contractual Clauses will be that of Switzerland; the annexes of the Standard Contractual Clauses will be deemed completed with the information set out in this Annex and the Agreement; and the supervisory authority that will act as the competent supervisory authority will be the Swiss Federal Data Protection and Information Commissioner. Moreover, insofar as the data transfers are subject to the FADP, references to the GDPR should be understood as references to the FADP, references to “EU”, “Union”, “Member State(s)” and “Member State law” will be interpreted as references to Switzerland and Swiss law, and references to courts will be interpreted as references to relevant courts in Switzerland.
The transfer of Personal Data of individuals from Companies of Interest will be transferred from EquiMatch to the Buyer, along with Personal Data of employees working for EquiMatch.
Data transferred may include identity information such as names and information on public professional profile(s); contact information such as email addresses, company addresses, and telephone numbers; and communication information such as emails and other correspondence. Sensitive data as defined in the FADP and GDPR (where it is defined as “special category data”) will only be transferred as it pertains to individuals from Companies of Interest, and will only be transferred where such information has been manifestly made public by the relevant individual, and where such information forms an integral part of the relevant company's identity. Information regarding criminal convictions or offenses will not be transferred.
Transfers of Personal Data will be performed on a continuous basis as necessary to execute the Agreement.
The nature and purposes of the Processing are as described in the Agreement.
Personal Data will be stored for only as long as is necessary for the respective business purposes of EquiMatch and the Buyer as described in the Agreement. Personal Data will also be deleted if an applicable legal retention period expires, or a relevant individual legitimately exercises their right to deletion.
Transfers to Processors, as regulated by the FADP and GDPR, will be subject to the engagement restrictions applicable to sharing “Confidential Information” with third parties as stipulated in the Agreement.
Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of individuals, appropriate technical and organizational measures will be taken to ensure a level of security appropriate to the risk by the Buyer, including: