Privacy Notice

This privacy notice applies to iSun AG, company code CHE-254.941.494, with its office address at Metallstrasse 8, Zug, Switzerland (hereinafter “iSun”) and its subsidiary iSun Lithuania, UAB, company code 305142686, with its registered office address at Jogailos g. 3 – 103, Vilnius, Lithuania (hereinafter “company”; when we refer to iSun and the company together we use “we” or “us”). The company has appointed Data Protection Officer, who can be contacted by e-mail: [email protected].

This privacy notice shows our commitment to protect your privacy rights and sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

We ask that you read this privacy notice carefully as it contains important information about what to expect when we collect personal data about you and how we will use your personal data.

All personal data is processed in accordance with the applicable data protection laws, in particular the Swiss Federal Data Protection Act and General Data Protection Regulation (EU) 2016/679 (“GDPR”).

Your personal data controller is iSun or the company. Each acts independently. When reading this privacy notice please pay attention to whom we refer to: when we use iSun, it means that iSun AG processes your personal data for the described purpose; when we use the company, it means that iSun Lithuania, UAB processes your personal data for the described purpose; when we use “we”, “us”, it means that both companies process your personal data for the described purpose as independent controllers


I. INTRODUCTION

The aim of this privacy notice is to set out the purposes for which, and the manner in which, we may collect and use personal information obtained about you.

Please pay attention to the fact that we may update this privacy notice from time to time, therefore please do review it regularly.

Security is highly important to us. We take all reasonable measures to protect personal data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction, including industry standard security and encryption features.

Contact details for feedback or any privacy enquiries you may have are provided at the end of this privacy notice (see section VI).


II. PERSONAL DATA WE COLLECT, THE PURPOSES AND LEGAL BASES

2.1 Video surveillance

The company may use video surveillance to view and record individuals on and around its offices. If the company uses video surveillance, the company will indicate such clearly at the location. The company believes that video surveillance systems have a legitimate role to play in helping to maintain safe and secure environment for its staff and its visitors. However, the company recognizes that this may also raise concerns about the effect on individuals and their privacy. The company intends to address your concerns with this privacy notice.

The company process your personal data for one or more of the following purposes

  • Crime protection: to protect its sites and assets from damage, disruption, vandalism and other crime protection purposes
  • Personal safety: for the personal safety of its staff, yourself, visitors and other members of the public
  • Internal investigations: for the purpose of supporting internal investigations, if required
  • Dispute resolution: to assist in the effective resolution of disputes or to assist in the defense of any civil, administrative, criminal litigation, if required

For the said purposes the company processes video recording without any sound based on which the company may be able to identify you on basis of your looks or other specific elements when you enter the monitored space.

The company processes personal data for the legitimate interests of the company and third parties (staff, visitors, other members of the public)

Camera locations are chosen to minimize viewing of spaces not relevant to the legitimate purposes of the monitoring and to ensure that we take a proportionate approach to any privacy impact to our staff and others. As a main rule we will only use video surveillance to monitor within our property boundaries. However, there are cases where the surveillance of the property is not sufficient for an effective protection. In those cases, we might exceed the video surveillance to the immediate surroundings of our offices. Only main entrances and secondary entrances of our offices are being monitored 24 hours a day and this data is continuously recorded.

The company will keep recorded information for 30 days. Recorded information can be kept longer if it is necessary for investigation and/or dispute resolution

2.2. Communication with you

When you communicate with us using general inquiries window or in any other way, we collect your name, surname, contact details and any other information you choose to provide or disclose to us. We collect this information on the basis of your consent expressed when voluntarily submitting your personal data details in sign-up forms, by e-mail, request or inquiries window and process it for the purposes of communication with you (e.g. to answer to your inquiry, provide with requested demo, etc.)

Please always take care and observe at least the following minimum requirements for the protection of your personal data when communicating with us

  • please omit using your address, personal identification number, date of birth, bank account number, card number, other special (sensitive) data, etc. in the subject of the request or file name
  • please omit using your personal identification number, payment card number, and other financial information and details, health, family member details, or other specific (sensitive) data, in the texts of requests, e-mails or similar communication to us, and
  • please make sure that the remaining personal data is only indicated to the extent necessary for the purposes for which the letter, request or inquiry is sent to us

2.3. Management of relationships with our suppliers, partners

We collect and process personal data (names, surnames, job titles, business contact details, contract details, content of correspondence, etc.) about our suppliers, partners (including their subcontractors and individuals associated with our suppliers, partners and their subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide services to our clients.

We use personal data for the following purposes:

  • Receiving services: we process personal data in relation to our suppliers/partners and their staff as necessary to receive the services from them
  • Providing services to our clients: where a supplier/partner is helping us to deliver services to our clients, we process personal data about the individuals involved in providing the services in order to administer and manage our relationship with the supplier/partner and the relevant individuals and to provide such services to our clients
  • Administering, managing and developing our relations and business: we process personal data in order to run our business, including managing our relationship with suppliers/partners, developing our business, concluding the contracts
  • Defending ourselves against legal claims, lawsuits, demands made against us and/or exercising our rights: we may process personal data in relation to our suppliers/partners and their staff in order to defend ourselves against legal claims, lawsuits, demands made against us and/or to exercise our rights
  • For compliance with legal obligations under applicable law: we may process personal data in relation to our suppliers/partners and their staff for compliance with legal obligations under applicable law
  • Security, quality and risk management activities: we have security measures in place to protect information (including personal data) in our control, which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake, for example, automated scans to identify harmful emails. We collect and hold personal data as part of our supplier contracting procedures. We monitor the services provided for quality purposes, which may involve processing of personal data

If the processing of personal data referred to in this section is necessary for the performance of a contract to which the data subject is party, the processing is based on contractual lawful basis. If the processing of data is necessary for complying with a legal obligation such as complying with tax law obligations or necessity to evidence and document services received, the processing will be based on the legal obligation basis. If personal data is processed for the other purposes specified above we will rely on the legitimate interest basis (e.g., such as receiving services, managing and developing our relations and business, administering contracts, security, quality and risk management activities).

2.4 Management of the relationships with our clients

We may process the following personal data of the clients (including individuals associated with the corporate clients): name, surname, contact information, content of correspondence, contract details, etc., in order to manage the relationships, contract, to provide services to our clients.

We use personal data for the following purposes:

  • Providing services: some of our services require to process personal data in order to provide deliverables (e.g. IT development services) to the clients. When we are granted with access to personal data controlled by clients, we usually act as a data processor in regards this data and process it strictly under the instructions of the client. Please contact respective data controller (the client), which engaged us, for further details in relation to personal data processing
  • Administering, managing and developing relations and business: we process personal data of the clients (including individuals associated with the corporate clients) in order to run our business, including managing relationships with clients, developing the business, concluding the contracts
  • Defending ourselves against legal claims, lawsuits, demands made against us and/or exercising our rights: we may process personal data in relation to our clients and their staff in order to defend ourselves against legal claims, lawsuits, demands made against us and/or to exercise our rights
  • For compliance with legal obligations under applicable law: we may process personal data in relation to our clients and their staff for compliance with legal obligations under applicable law
  • Security, quality and risk management activities: we have security measures in place to protect information (including personal data) controlled by us, which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake, for example, automated scans to identify harmful emails. We collect and hold personal data as part of client contracting procedures. We monitor the services provided for quality purposes, which may involve processing of personal data

If the processing of personal data referred to in this section is necessary for the performance of a contract to which the data subject is party, the processing is based on contractual lawful basis. If the processing of data is necessary for complying with a legal obligation such as complying with tax law obligations or necessity to evidence and document services provided, the processing will be based on the legal obligation basis. If personal data is processed for the other purposes specified above we will rely on the legitimate interest basis (e.g., such as administration of the contracts, managing and developing business, security, quality and risk management activities).

2.5 Social media platforms

Our official LinkedIn page is: https://www.linkedin.com/company/isunag. We use our LinkedIn page to communicate with you and let you know of job opportunities at iSun group of companies.

Personal data or any other information that you choose to post on the wall of our LinkedIn page is visible to other visitors, therefore, before posting any comment, please make sure that it does not contain sensitive personal data of yours or anybody else, the message that you want to post is not offensive, discriminatory or in any other way violates the law or the rights of other people. We reserve the right to delete any information that you post on our LinkedIn wall, if it violates the law or the rights of other people.

We process personal data of our LinkedIn page visitors based on their consent, which is expressed when visitors decide to share their personal data with us (e.g. comment and/or like our posts, apply for job). We may process personal data based on our legitimate interests (e.g., administration of our LinkedIn page, defense of our rights). In addition, we may process personal data if it is necessary for compliance with applicable law.

For information about the processing of your personal data by LinkedIn, please refer to https://www.linkedin.com/legal/privacy-policy / https://www.linkedin.com/psettings/privacy.

LinkedIn also uses cookies and similar technologies as set forth here: https://www.linkedin.com/legal/cookie_policy

As a LinkedIn user, you can control how your user behavior is recorded when you visit LinkedIn pages. You can manage the advertising and general settings in your account under https://www.linkedin.com/psettings/privacy.


III. DISCLOSING AND TRANSFERRING PERSONAL DATA

We may disclose your personal data to third parties and transfer your personal data outside the Switzerland and the European Union, as described below:

3.1 Disclosures to third parties

There are certain circumstances where we may transfer your personal data to employees, contractors and to other parties:

  • We may share information about you with other members of our group of companies so we can provide the best service across our group. They are bound to keep your information in accordance with this privacy notice
  • We may also share your information with certain service providers. They may process your personal data for us, for example, IT service providers (maintenance/support, development, etc.), hosting and cloud service providers, database providers, backup and disaster recovery service providers, email providers, SaaS/software providers, statistics, market research or business analytics service providers, other service providers. Our service providers will be required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided to the extent necessary for the provision of services to us
  • If we are discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable confidentiality terms
  • If we are reorganized or sold, information may be transferred to a buyer who can continue to provide services
  • If we are required to by law or if we are asked by any public authority, for example, the police
  • If we are defending a legal claim your information may be transferred as required in connection with defending such claim
  • To comply with local and national laws (e.g. for auditing purposes to our auditors)

3.2. International transfers of personal dat

Generally, we process and keep your personal data in the territory of Switzerland and the European Union, however, we may transfer your personal data outside these territories, for example, when it is necessary for the conclusion and execution of the contract.

Some of the countries may not benefit from an adequacy decision issued by the Swiss authorities or by the European Commission regarding protection afforded to personal data in that country. Details of these specific countries can be found here: https://www.edoeb.admin.ch/edoeb/en/home/datenschutz/arbeit_wirtschaft/datenuebermittlung_ausland.html and https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. Such transfers are undertaken in accordance with our legal and regulatory obligations. Appropriate safeguards under applicable data protection laws will be implemented, such as standard data protection clauses with data recipients or processors. A copy may be requested at the address set out in section VI.


IV. SOURCES OF PERSONAL DATA

We collect and receive your personal data from yourself (when you visit our offices, use our website, etc.) as well as from the following sources

  • Social network operators (such as LinkedIn, etc.)
  • Service providers and our partners
  • Clients
  • Other legal sources.

V. PERSONAL DATA STORAGE

We generally retain your personal information for as long as is necessary to provide our services to our clients, to receive services under the contracts concluded with suppliers/partners, to comply with our legal obligations and pursue our legitimate interests. Where your personal information is no longer required we will ensure it is securely deleted or anonymized.


VI. YOUR RIGHTS

You have specific rights when it comes to the processing of your personal data by us under applicable data protection laws of Switzerland and European Union.

You have such rights:

  • the right to information
  • the right to request access to the information we process about you
  • the right to request rectification of incorrect/inaccurate information about you
  • the right to request erasure of any data concerning yo
  • the right to request restriction of data processing
  • the right to data portability
  • the right to object to the processing of personal dat
  • the right to withdraw consent. You can withdraw your consent at any time where we are relying on your consent to process your personal data (e.g., delete your comment from our LinkedIn wall). Please be informed, that this will not affect the lawfulness of any processing carried out before you withdraw your consent.

In principle, we cannot accept verbal requests (telephone or face-to-face) as we may not be able to deal with your request immediately without first analyzing it and reliably identifying you. Your request should contain a detailed, accurate description of the personal data you want access to or against which you want to exercise your rights. When there are reasonable doubts regarding your identity, you might be asked by us to provide a copy of a document, which helps us to verify your identity. It can be any document such as your ID card or passport. Our use of the information on your identification document is strictly limited: the data will only be used to verify your identity and will not be stored for longer than needed for this purpose

To enforce your rights, you may submit requests, complaints or claims to us in writing by sending an e-mail to [email protected] (in case the company is the controller of your personal data) or [email protected] (in case iSun is the controller of your personal data).

We will respond to your request, complaint or claim in writing in accordance with the applicable laws and will do our best to provide you with information within the shortest time possible but in no event later than within 30 days after receiving your request

You have right to make a complaint regarding the privacy or data processing issues at any time. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place. In Switzerland, the Federal Data Protection and Information Commissioner (FDPIC), address Feldeggweg 1, CH - 3003 Bern, Switzerland, tel. No. 058 462 43 95, is the competent authority for data protection issues. In Lithuania, the State Data Protection Inspectorate, address L. Sapiegos g. 17, Vilnius, Lithuania, e-mail: [email protected], is the competent authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance. You can contact company via email at [email protected] or iSun via email at [email protected].


VII. CHANGES TO PRIVACY NOTICE

We may update this privacy notice at any time. Such updated privacy notice will take effect from the date of publishing on our website

Each time our privacy notice is updated, we will inform you of all changes that we deem significant by posting them on the website.



Version 1.0