Effective date: 23 May 2018

ViaSyst Synergy Services SA (ViaSyst)

Chemin des Côtes 4, CH-1020 Renens (Lausanne)

www.viasyst.com | info@viasyst.com

1. Scope and Applicable Law

This Data Protection Policy outlines how ViaSyst collects, processes, and protects personal data. It applies to all data subjects whose data is processed by ViaSyst, including users of our audit management SaaS, clients, and business partners.

ViaSyst complies with:
– Swiss Federal Act on Data Protection (FADP)
– EU General Data Protection Regulation (GDPR)

In the framework of the ViaSyst audit management SaaS, ViaSyst acts only as a data processor, never as a data controller.

By using our services or accepting this policy, you consent to the processing of your data as described herein.

2. What Data We Collect and How

a. Purpose of Processing
ViaSyst collects and processes data for the following purposes:
– Providing and improving services
– Personalizing user experiences
– Analyzing usage trends and behaviors
– Communicating with users (e.g., newsletters, updates)
– Fulfilling contractual and legal obligations

ViaSyst does not sell or share personal data with third parties for commercial purposes.

b. Categories of Data

i. Anonymous Data
Collected automatically during website usage, including:
– IP address (client and server)
– Date, time, and duration of visit
– Referring pages and URLs
– Accessed pages and files
– Browser and device information (User Agent, Win32 Status, Server Port, Method)
– Search queries and browsing behavior

ii. Personal Data
Collected when users interact with our site, forms, or services, including:
– Name and surname
– Email address
– Company and work address
– Country
– Login details and user behavior in the account

– Qualification data and associated files

c. How Data Is Collected

i. Directly from You:
– Online forms on viasyst.net
– Email or business communication
– Participation in surveys, events, or social media
– Logfiles, cookies, and JavaScript interactions

ii. From Third Parties:
– Business partners or clients (as part of service execution)
– Public sources such as websites or directories
– Third-party tools such as Google Analytics

When acting as a data processor, ViaSyst follows client instructions and ensures compliance with Article 28 of the GDPR.

3. Legal Bases for Processing (GDPR Article 6)

Depending on the context, we process personal data based on one or more of the following legal bases:
– Consent (e.g., for marketing newsletters)
– Contract performance (e.g., user accounts, service delivery)
– Legal obligation (e.g., recordkeeping)
– Legitimate interests (e.g., website analytics, security)

You may withdraw your consent at any time, without affecting the lawfulness of prior processing.

4. Data Retention

Personal data is retained only for as long as necessary to:
– Fulfill the purposes outlined in this policy
– Comply with legal or contractual obligations
– Defend legal claims

Retention periods vary depending on the data type and processing context.

5. Data Security

We implement technical and organizational measures to safeguard your data, including:
– Secure data storage
– Access controls and encryption
– Employee training in data protection

Only authorized personnel may access personal data, and only when necessary.