This privacy policy was updated last on April 26, 2024.

1. Introduction

At Hafnova we value your privacy and are committed to protecting and processing your personal information responsibly.

This privacy statement describes how Hafnova collects, uses, and shares personal information about consumers and other individuals within our clients, business partners, supplier and other organizations with which Hafnova has or contemplates a business relationship. It applies to Hafnova Corporation and Hafnova subsidiaries except where a subsidiary presents its own statement without reference to Hafnova’s.

Where we provide products, services, or applications as a business-to-business provider to a client, the client is responsible for the collection and use of personal information while using these products, services, or applications. This collection and use is covered by the client’s privacy policy, unless otherwise described. Our agreement with the client may allow us to request and collect information about authorized users of these products, services, or applications for reasons of contract management. In this case, this privacy statement, or a supplementary privacy notice, applies.

We may provide additional data privacy information by using a supplementary privacy notice.

2. Personal Information We Collect and Use

This section describes the various types of information that we collect and how we use it.

The information that we collect and use may include profile information, interactions on webpages, marketing preferences, information to investigate malicious activities, recordings or transcripts of your conversations with us for support purposes, information to improve our business operations, and more.

2.1. Your Account

You can create an account with Hafnova. Registering an account provides Hafnova with your name, email address, and country or region of residence. We may require an account for certain services, such as the use of Hafnova Applications and Services.

We may also store your details from business contact information that you provide to us, or that we collect from your organization, our Business Partners, or our suppliers.

2.2. Hafnova Websites

Our websites offer ways to communicate with you about us, our products, and services. The information that we collect on websites is used to provide you with access to the website, to operate the website, to improve your experience, and to personalize the way that information is provided to you. If you visit our websites without logging in with an account, we may still collect information that is connected to your website visit.

For more information on the technologies that we use to collect website information, and setting your preferences, see our Cookie Policy.

2.3. Hafnova Applications and Services

Our services include hardware, software, software “as-a-service” (cloud), desktop applications, mobile applications. We collect information about the use of these services, such as pages you view or your interactions on that page, to improve and develop our services and to generate technical and market insights. We may require an account for the use of our services (see Your Account).

2.4. Marketing

Subject to your preferences, we use the information that we collect to communicate with you about relevant products, services, and offerings. We also use this information to personalize your online experience with our content and advertisements and to develop internal marketing and business intelligence. To set or update your preferences with regards to marketing communications by email, phone, or postal, visit your account. You may also submit an opt-out request, or select Unsubscribe at the bottom of each marketing email. To review or set your preferences regarding the information that we collect about you online on our websites, see our Cookie Policy.

2.5. Contractual Relationships

A contractual relationship is created when you use or order a trial, or a product or service from us. While we mainly provide our products and services to businesses, individuals may also enter into an agreement with us directly as a client. We may collect any information that is reasonably necessary to prepare for, enter, and fulfill, the contractual agreement.

2.6. Support Services

When you contact us to request support, including through LiveChat, we collect your contact information, problem description, and possible resolutions. We record the information that is provided to handle the support query, for administrative purposes, to foster our relationship with you, for staff training, and for quality assurance purposes.

2.7. Protecting You and Hafnova

We may collect and use information to protect you and Hafnova from IT security threats and to secure the information that we hold from unauthorized access, disclosure, alteration, or destruction. This includes information from our IT access authorization systems, such as log-in information.

2.8. Hafnova Locations

When you visit an Hafnova location, we collect your name or business contact information (see Your Account), and, in some cases, information from a government issued ID. This information is collected for access management and to protect the security and safety of our locations and employees.

2.9. Recruitment and Former Employees

We are constantly searching for new talent for our organization, and we collect information about job applicants or prospective candidates from several sources. When an employee leaves Hafnova, we continue to process information that is related to them for any remaining business, contractual, employment, legal, and fiscal purposes, including the management of pensions to the extent handled by Hafnova.

2.10. Conducting our Business Operations

We collect and use information to improve our business operations, systems, and processes. For example, information may be used to conduct, maintain, audit, and optimize our operations, to protect our assets and employees, for product development, and to defend our rights.

2.11. Cookies and Similar Technologies

When you visit our websites, cloud and online services, software products, or view our content on certain third-party websites, we collect information regarding your connection and your activity by using various online tracking technologies, such as cookies, web beacons, Local Storage, or HTML5. Information that is collected with these technologies may be necessary to operate the website or service, to improve performance, to help us understand how our online services are used, or to determine the interests of our users. We use advertising partners to provide and assist in the use of such technologies on Hafnova and other sites.

3. Sharing Personal Information

We may share your personal information internally and externally with suppliers, advisors, or Business Partners for Hafnova’s legitimate business purposes, and only on a need-to-know basis. This section describes how we share information and how we facilitate that sharing.

3.1. How We Share Personal Information

We shall only share personal data with third parties when and as far as we are legally permitted to do so. When we share data with third parties, we protect the data and comply with our data protection, confidentiality and security standards by means of e.g. security mechanisms, contractual and organizational arrangements.

If we decide to sell, buy, merge, or otherwise reorganize businesses in some countries, such a transaction may involve disclosing some personal information to prospective or actual business purchasers, or the collection of personal information from those selling such businesses.

3.2. Facilitating International Transfers

Your personal information may be transferred to or accessed by Hafnova subsidiaries and third parties globally. Hafnova complies with laws on the transfer of personal information between countries to keep your personal information protected, wherever it may be.

We have implemented various safeguards including:

• Contractual Clauses, such as those approved by the EU Commission and accepted in several other countries. You can request a copy of the EU Standard Contractual Clauses (EU SCCs) by selecting Contact Usin the header of this page.
• Data Privacy Framework. Where applicable, certain designated Hafnova services (for example, Hafnova Infrastructure-as-a-Service, Platform-as-a-Service, Software-as-a-Service, and select other hosted offerings) are certified to comply with the Data Privacy Framework.
• Binding Corporate Rules for Controllers (Hafnova BCR-C).

4. Controller and Representative Information

Hafnova does business through its subsidiaries worldwide. The privacy laws in some countries consider a Controller to be the legal entity (or natural person) who defines the purposes for which the processing of personal information takes place and how that information is processed. Parties that are involved in processing operations on behalf of a Controller may be designated as Processors. Designations and associated obligations differ, depending on the jurisdiction.

Where this is relevant for the privacy laws in your country, the Controller of your personal information is Hafnova’s main subsidiary in your country or region, unless International Business Machines Corporation (Hafnova Corp.) or another Hafnova subsidiary identifies itself as the Controller for a specific interaction with you.

Where Hafnova Corp. or a subsidiary it controls is required to appoint a legal representative, the following representatives have been appointed

4.1. Data controller and contact information

The data controller responsible for the processing of your personal data as described in this Privacy Statement is Hafnova SA. You will be informed in case of a different data controller deciding about the processing of your data.

We have appointed a Data Protection Officer. If you have any questions about this Privacy Statement or about how and why we process personal data, please contact our Data Protection Officer at:

Hafnova SA
Data Protection Officer
Chemin du Bois de Vaux 3
1007 Lausanne
Switzerland

Email: info@hafnova.com

5. Information Security

Information Security is a pilar of Hafnova. Hafnova is accountable to its people, clients, partners, suppliers and other stakeholders to protect information that is entrusted to them.

We are constantly developing to safeguard the confidentiality, integrity and availability of the information and technology assets used by Hafnova and its customers. Hafnova is aligned with the industry standard ISO/IEC 27001:2022.

To protect your personal information from unauthorized access, use, and disclosure, we implement reasonable physical, administrative, and technical safeguards to keep personal information private while in transit or at rest. We also require our Business Partners, suppliers, and third parties to implement appropriate safeguards, such as contract terms and access restrictions, to protect information from unauthorized access, use, and disclosure.

6. Data retention

We retain the personal data processed for as long as is considered necessary for the purpose for which it was collected and described above (including as required by applicable laws or regulations).

We only retain personal information as long as necessary to fulfill the purposes for which it is processed, or to comply with legal and regulatory retention requirements. Legal and regulatory retention requirements may include retaining information for:

• audit and accounting purposes,
• statutory retention terms,
• the handling of disputes,
• and the establishment, exercise, or defense of legal claims in the countries where we do business.

We retain any contractual relationship information for administrative purposes, legal and regulatory retention requirements, defending Hafnova rights, and to manage Hafnova’s relationship with you. The information that is provided in a supplementary privacy notice may provide more detailed information on applicable retention terms.

When personal information is no longer needed, we have processes in place to securely delete it, for example by erasing electronic files and shredding physical records.

In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is 10 years.

7. Individual’s rights

Hafnova makes every practical effort to avoid excessive or irrelevant collection of data. If you believe that we have collected excessive information, we encourage you to contact us to raise any concerns.

7.1. Access to personal data

You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us. We aim to respond to any requests for information promptly and, in any event, within the legally required time limit.

7.2. Amendment of personal data

To update personal data submitted to us, you may email us or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which you registered.
When Hafnova retains personally identifiable information, Hafnova assumes responsibility for keeping an accurate record of the information once the data subject has submitted and verified the data. Hafnova does not assume responsibility for verifying the ongoing accuracy of the content of personal data. When feasible in practice, if Hafnova is informed that any personal data collected are no longer accurate, Hafnova shall make appropriate corrections based on the updated information provided by the data subject.
When requested and legally permitted, Hafnova shall delete identifying information from current operational systems.

7.3. Withdrawal of consent

Where we process personal data based on consent alone, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data please email us or, to stop receiving an email from a Hafnova marketing list, please click on the ‘unsubscribe’ link in the email you received from us.

7.4. Erasure/deletion of personal data

You have the right to request that Hafnova deletes your personal data if there is no legal or regulatory requirement for Hafnova to keep your data (such as retention obligations). To request the deletion of your personal data, please send an email ideally together with an identification document and the reasons why you wish us to delete the data.

7.5. Right to lodge a complaint with a supervisory authority

You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates applicable data protection law.
For Switzerland this is Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Tel.: +41 (0)58 462 43 95 (Link).

7.6. Other data subject rights

As well as the rights referred to above, individuals may have other rights in relation to the personal data we hold, such as the right to restrict or object to our processing of personal data and the right to data portability. If you wish to exercise these rights, please send an email.

8. Legal Basis

In some jurisdictions, the lawful handling of personal information is subject to a justification, sometimes referred to as legal basis. The legal bases that we rely on for the lawful handling of your personal information vary depending on the purpose and applicable law.