Privacy Policy

CERRET | GENERAL Privacy Notice

Introduction

At CERRET SA (we, our or Cerret), we recognize the importance of your privacy and of transparency.

This general privacy notice (General Privacy Notice) applies to all our activities, including our websites, mobile applications, connected devices and other digital solutions (the Solutions), and the services we provide in this context (together with the provision of the Solutions, our Services).

We may have additional privacy notices (the Additional Privacy Notices) which apply in addition or instead of this General Privacy Notice in specific situations or for specific Services, in which case the terms of such Additional Privacy Notices will prevail over those of this General Privacy Notice.

By using our Services, or otherwise providing us your information, you expressly acknowledge that we may process your personal data in accordance with this General Privacy Notice.

Short Version

The following is a summary of (but not a replacement for) this General Privacy Notice. We recommend all users read the notice fully.

Our role. We, CERRET SA, are responsible for the processing, as controller, of your personal data (but only for our own activities and not those of third party providers) (see section 3);
Data we collect. We collect the information which you or our users provided to us. We also collect some information automatically when you interact with the Services (see section 4);
How we use it. We process your personal data in compliance with Swiss laws and other data protection laws applicable to us. This means that we will only process your information where we have a legal basis to do so (see sections 5), and only for certain reasons (mainly for providing our Services, operating our Solutions, and for the other legitimate purposes indicated in this General Privacy Notice) (see section 6);
Control and Access. We do not share your personal data with third parties or transfer it outside of your geographic region unless this is both necessary for the operation of our Services and permitted by applicable laws. This may for instance be the case when you use functionalities of our services which require data sharing (e.g. when you elect to share your position with your contacts), or when we use service providers to conduct our professional activities (see sections 7 and 8);
Retention. We do not store your personal data for longer than necessary for us to fulfill the purposes set out in this General Privacy Notice (see section 9);
Security. We apply security measures and strive to protect your personal data. However, no IT infrastructure is completely secure and we cannot guarantee that ours is (see section 10);
Your rights. You may contact us (contact@cerret.com) to exercise your rights pertaining to your personal data (see sections 12 and 14).

Who is responsible for the processing of your personal data

CERRET SA, Rue du Prieuré 39, 1202 Geneva Switzerland, is responsible for the processing, as controller, of your personal data. You will find our contact details below in section 11.

This General Privacy Notice only applies to data processing undertaken by or on behalf of us. Whilst our Solutions may interacts with orprovide links to third party websites, contents, or services, we are not responsible for their policies in relation to personal data. In such circumstances, the collection and use of your personal data are governed by the privacy policy of those third party providers, which you should carefully review to learn more about their personal data processing practices.

How we collect your personal data

We collect the personal data you or our customers provide to us.

We collect the personal data that you provide to us when interacting with us and/or using our Services, for example when you create and manage your account, active your Cerret device, through web forms you fill, when you subscribe to our newsletter, or apply for a job with us.

It is only mandatory that you complete the data fields identified as such. If one or more mandatory data fields are not completed, we will not be able to provide access to our Services. You are not required to complete the optional data fields in order to access our Services. These fields may be completed at any time through your account settings.

Some information about you may also be provided to us directly by our users

Even if you are not a user of our Services, we may collect certain information about from one of our users, for instance when they register with us their emergency contacts. Such information may include your name and contact information.

Certain personal data are also collected in an automated manner.

When you activate your CERET bracelet, we automatically collect real-time location data (GPS location information) and sound recorded from your smartphone

We also automatically collect certain personal data when you interact with our apps and websites, including by means of tools, web forms, cookies and other active elements, as further described in this General Privacy Notice.

You may define certain authorizations relating to the automatic collection of your personal data when you configure your device or your internet browser according to available functionalities. For more detailed information, please see the cookie section below (section 11).

How we use your data

We process your personal data in accordance with applicable laws and only if we have a valid legal ground to do so.

We process your personal data in compliance with applicable law, in particular Swiss data protection laws and, to the extent they apply to us, other data protection legislations, such as the EU General Data Protection Regulation (GDPR) or its equivalent in the United Kingdom.

This means that we will only process your information for certain reasons (see Section 7) where we have a legal basis to do so.

Additional Information on the “legal basis”

Here is what each of these legal bases is:

Contractual Necessity: the processing is necessary to fulfill our contractual obligations to you or to take pre-contractual steps at your request. This is particularly the case in particular when processing your personal data is strictly required to provide you with the Services. When the GDPR applies, Contractual Necessity is based on Article 6(1)(b) GDPR.
Legitimate Interest: the processing is necessary for the fulfillment of our legitimate interests, and only to the extent that your interests or fundamental rights and freedoms do not require us to refrain from processing. When the GDPR applies, Legitimate Interest is based on Article 6(1)(f) GDPR.
Vital Interest: the processing is necessary in order to protect the vital interests of the data subject or of another natural person. When the GDPR applies, Vital Interest is based on Article 6(1)(d) GDPR
Consent: we have obtained your prior consent in a clear and unambiguous manner. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal. For children under 16 years old, the consent must be provided by an adult with parental responsibility. When the GDPR applies, Consent is based on Article 6(1)(a) GDPR.
Legal Obligation: the processing is necessary to comply with our legal or regulatory obligations. When the GDPR applies, Legal Obligation is based on Article 6(1)(c) GDPR.

Additional Information on profiling and automated decisions

We do not process your personal data for the purpose of profiling you.

We also do not make decisions exclusively on the basis of an automated processing which have legal effects on the data subjects or affect them significantly (automated individual decision).

Why we use your data

We process your personal data for the reasons indicated in this Section or in any Additional Privacy Notice:

To provide our Services, operate the Solutions and for customer management purposes.

We mainly process your personal data to provide the Solutions and the Services and for related customer management purposes (such as invoicing).

Legal basis: Contractual Necessity, Legitimate Interests

Additional Information

Functioning of the Cerret bracelet. When you activate your bracelet by pressing the emergency button, your emergency contacts will automatically receive a call. We will also start recording your audio (for 30 seconds) and your precise localization (for 48 hours), and share your localization with your emergency contacts, or with persons around you if you opted-in to this feature. You will find further information on how the bracelet functions in our CERRET mobile app.

Your data is linked to your account and will be erased if you close your account or ask us to delete it. In addition, we only store your last precise localization, and whenever you reactivate the emergency button, the previous data will be deleted.

Just to be clear: we will not track your position unless you have activated the emergency button.

Providing maintenance and support. We use data to maintain our Services, troubleshoot and diagnose problems, and to provide customer support services.
Managing our customers and suppliers. If we are in a business relationship with you, we process the personal data that is necessary for our customer or supplier management, as well as for the following other related purposed, including (i) to carry out the transactions in which we are engaged, and to procure products and services from our suppliers and subcontractors; (ii) process your orders and payment (iii) to interact with you, for instance to reply to your inquiries; (iv) to track our activities (measuring sales, our work time, etc.) and those of our suppliers; (v) to manage our archiving and records; and (vi) for invoicing purposes.

The personal data that we process in this context includes: (i) personal data about individuals with whom we interact, such as the name, title, position, company name, email and/or postal address, phone number, billing and delivery addresses, payment method and related information; (ii) personal data relating to our interactions and the services provided; (iii) any other information provided to us by you, your employer, or third parties.

We use third-party services for payments and the dispatch of orders. For example, depending on the payment method selected, you will be redirected to the website of an online payment provider which is responsible for processing the payment. We transmit to these third parties only the data necessary for the operations they perform.

If you are our direct customer, our basis for processing the data is our contractual necessity. In other cases (e.g. if you are a representative of one of our customers), it is our legitimate interests in delivering our Services to our customers and ensuring we are paid for our services.

The personal data which we must retain for record-keeping, tax or other legal obligations will, as a rule, be kept for the duration of the contractual relationship and thereafter for a period of 10 years (or such other retention period as applicable). Shorter retention periods apply for personal data which must not be retained for the above reasons.

For our legitimate business interests related to the provision of the Services, including to ensure the security of the Services, improve our Services, as well as for monitoring or statistical purposes.

We may also process your personal data for our legitimate business operations related to providing our Services, which include (i) ensuring that our Services are provided in an efficient and secure way (e.g. through internal analysis of the Services’ stability and security, updates and troubleshooting); (ii) protecting the security of our IT systems, architecture and networks; (iii) benefiting from cost-effective services (e.g. we may opt to use certain services offered by suppliers rather than undertaking the activity ourselves); (iv) improving and developing the Services (including monitoring the use of our Services, and for statistical purposes); and (v) achieving our corporate goals).

Legal basis: Legitimate Interests, Consent

Additional Information

Additional information on the processing of your personal data for our legitimate business operations:

Ensuring that our Solutions are provided in an efficient and secure way. In addition to the personal data which you provide when logging-in to your account or interacting with the Solutions (e.g. when you fill in forms or upload content to the Solutions), we automatically collect technical information about your interactions with the Solutions, such as IP address, the content that was accessed, date and time of access, information about your web browser, your preferences, or other information related to your interaction with the Solutions, including your navigation details on the Solutions.

We process this data to establish a connection with your device over the internet, to identify you when you use the Solutions, control the use of the Solutions and for security purposes.

Protecting the security of our IT systems, architecture and networks. We use data to protect the security of our IT systems, architecture and networks, for instance to detect and disrupt the operation of malicious software by systematically scanning contents in an automated manner.
Personalizing and improving our Services. We may process your personal data, in particular data relating to your use of our Services and your habits and preferences (e.g. the content you accessed, date and time of access and your preferences), for internal analysis and statistical purposes, in order to better understand the needs of our users, to optimize their experience by personalizing our Services, and in general to improve the ergonomics and functionality of our Services. You may object to such processing activities at any time (see section 12 below for additional information on your rights).

You will find additional information in Section 11 in relation to the use of cookies for this purpose, including on the duration for which data collected this way are stored. Data collected by other means is deleted or anonymized at the latest [7] days after its collection.

Data anonymization. We may combine your personal data with other information (aggregate) or erase any information that allows us to identify you (anonymize), so that it is no longer considered personal data under applicable data protection law, in which case this General Privacy Notice will no longer apply and we may use such data for purposes not contemplated by this General Privacy Notice (e.g. for benchmarking or analytics purposes, or to develop and market new services). You may object to the anonymization or aggregation of your personal data for this purpose at any time (see section 12 below for additional information on your rights).

To send you our newsletter and other advertising information.

If you subscribe to our newsletter, we will collect your contact details (name and email address) and use it to provide you with our newsletter. You may unsubscribe from the newsletter service at any time, in which case your contact details will be deleted.

Legal basis: Consent

We also process the time of registration and your opt-in confirmation to demonstrate compliance. We also analyze your use of our newsletter, e.g. whether you have opened it or clicked on certain links, and process this data to optimize and improve our newsletter.

Legal basis: Legal Obligation; Legitimate Interests

Independently from your subscription to our newsletter, we may contact you by email to inform you about our activities if you have previously purchased a similar product or service from us, if you have not objected to the corresponding use of your email address. You can object to the use of your email address for this purpose at any time by contacting us (see contact detail in section 14).

Legal basis: Legitimate Interest

To provide you with job opportunities within Cerret.

We may process your personal data to allow you to consult and apply for job opportunities within Cerret. We will process the personal data you provide. In addition, if you provide us with links to your profile on social media platforms (such as LinkedIn) or with contact information for references, we will assume that we may gather information from these sources.

Any information you submit must be true, complete and not misleading. Should the information provided be inaccurate, incomplete, or misleading, subject to applicable law, this may lead to a rejection of your application during the application process or disciplinary action including immediate dismissal if you have been employed.

We will process your personal data exclusively for assessing your application. Your personal data is retained no longer than the duration of the recruitment process unless otherwise permitted by applicable laws and regulations.

Legal basis: Contractual Necessity (to take pre-contractual steps at your request)

To comply with our other legal obligations or for other legitimate interests.

We may further process your personal data if we have a legal obligation to do so or for other legitimate interests. This will for instance be the case if we need to disclose certain information to public authorities or retain such information for tax or accounting purposes, or for the establishment, exercise or defense of legal claims.

The personal data that we process for this purpose are those that we collected for one of the purposes indicated elsewhere in this section 6. We retain the personal data for the duration of the legal obligation imposed on us.

Legal basis: Legal Obligations, Legitimate Interests

The circumstances in which we share your personal data with third parties

We will only share your personal data with third parties if this is necessary for the operation of our Services, if there is a legal obligation or permission to do so, or if there is another valid reason to do so.

Additional Information

Sharing data with your contacts or other users. Our products have been create to make it easier for you to share information with your emergency contacts when (and only when) you really need it. We also believe in the power of the community, and depending on the functionalities available to you, you may have the option to share your information with our wider community of users.
Our service providers. We may share your personal data with third parties in connection with the operation of the Services or our business operations and with subcontractors such as IT service providers, cloud service providers, database providers, automated marketing solutions providers and consultants.
Social plug-ins. We may also enable you to use third-party services directly from the Solutions, in particular through the social plug-ins of Google, Instagram, Facebook, LinkedIn, or X. In such case, you acknowledge that the third-party operators of such services may access some of your personal data related to the Solutions, in accordance with their own privacy practices
Legal Obligation. We may also disclose your personal data where we have a legitimate interest in doing so, for example (i) to respond to a request from a judicial authority or in accordance with a legal obligation; (ii) to bring or defend against a claim or lawsuit; or (iii) in the context of restructuring, in particular if we transfer our assets to another company.

International Transfers

The personal data that we collect from you may be stored and processed in Switzerland and the European Union, or in the region where you reside, or transferred to, stored at or otherwise processed elsewhere, including in the U.S., or any other country which may not necessarily offer an adequate level of data protection as recognized by Switzerland and/or the European Union. In such cases, we will ensure that suitable safeguards are in place, in accordance with applicable data protection laws, for instance by relying on standard contractual clauses adopted by the European Commission.

If you transmit information and data to us, you are expressly deemed to consent to such data transfers. You may request additional information in this regard and obtain a copy of the relevant safeguards upon request by sending a request to the contact address indicated in section 14 below.

How long we store your personal data

Your personal data will not be stored longer than necessary. We will erase or anonymize your personal data as soon as it is no longer necessary for us to fulfill the purposes set out in section 6 of this General Privacy Notice. This period varies, depending on the type of data concerned and the applicable legal requirements. More information on each type of processing can be found in section 6 above.

Your account information is retained for as long as your account is active. If you suppress your user account, your account information will be deleted or anonymized within 30 days after such event, unless data must be retained for a valid reason (such as evidentiary or tax purposes).

In view of the legal obligations incumbent upon us, certain information relating in particular to the contractual relationship must be retained for at least 10 years.

Security

We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. We restrict access to your personal data to those persons who need to know it for the purpose described in this General Privacy Notice.

Although we take appropriate steps to protect your personal data, no IT infrastructure is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.

The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment and this General Privacy Notice applies to our use of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk.

If we have reasonable reasons to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify you of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on the Solutions).

How we use cookies or other analytical tools

We and our third party service providers use cookies and other similar technologies (Cookies) in connection with our Solutions in order for us to provide our Services and ensure that it performs properly, to analyze our performance and to personalize your experience, some of which are capable of automatically processing data on your electronic device and/or of transferring personal data about you to us or third parties.

You can learn more about how we use Cookies and similar technologies and how you can exercise control over them in our Cookie Policy.

Your rights with regard to the processing of your personal data

You have the right to access your personal data we process and may request that they be removed, updated, or rectified.

Unless otherwise provided by law, you have the right to know whether we are processing your personal data. You may contact us to know the content of such personal data, to verify its accuracy, and to the extent permitted by law, to request that it be supplemented, updated, rectified or erased. You also have the right to ask us to cease any specific processing of personal data that may have been obtained or processed in breach of applicable law, and you have the right to object to any processing of personal data for legitimate reasons.

By accessing your user account (if you have one), you can review, update, correct or delete the personal data available within your user account.

If you request us to delete your personal data from our systems, we will do so unless we need to retain your data for legal or other legitimate reasons. Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request.

Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent (without such withdrawal affecting the lawfulness of processing made prior to).

The above does not restrict any other rights you might have pursuant to applicable data protection legislation under certain circumstances.

Additional Information

In particular, if the GDPR applies to the processing of your personal data you have the following rights under the GDPR if the respective requirements are met:

Right of access (Art. 15 GDPR) – you have the right to access and ask us for copies of your personal data.
Right to rectification (Art. 16 GDPR) – you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to erasure (Art. 17 GDPR) – you have the right to ask us to erase your personal data in certain circumstances.
Right to restriction of processing (Art. 18 GDPR) – you have the right to ask us to restrict the processing of your personal data in certain circumstances.
Right to data portability (Art. 20 GDPR) – you have the right to ask that we transfer in a structured, commonly used and machine-readable format the personal data you gave us to another organization, or to you, in certain circumstances.
Right to object to processing (Art. 21 GDPR) – you have the right to object to the processing of your personal data which is based on our legitimate interests, in certain circumstances. In such case, we will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defense of legal claims.
As a rule, you are not required to pay any charge for exercising your rights and we will respond to your request within one month.

If you are a California resident using the Services, the California Consumer Privacy Act (CCPA) may provide you the right to request access to and deletion of your personal data. You may request that we:

disclose to you the following information covering the 12 months preceding your request: (i) the categories and specific pieces of personal information we collected about you and the categories of personal information we sold (see sections 4 and 6 of this General Privacy Notice); (ii) the categories of sources from which we collected such personal information (see section 4 of this General Privacy Notice); (iii) the business or commercial purpose for collecting or selling personal information about you (see sections 5 and 6 of this General Privacy Notice); and (iv) the categories of third parties to whom we sold or otherwise disclosed personal information (see section 7 of this General Privacy Notice).
delete personal information we collected from you; or
opt-out of any future sale of personal information about you.

In addition, users of the Services who are California residents and under 18 years of age may request and obtain removal of content they posted.

We do not sell user personal data to third parties for the intents and purposes of the CCPA.

In addition to the rights provided under the California Consumer Privacy Act (CCPA), residents of other U.S. states may have similar rights under state-specific privacy laws, including the Colorado Privacy Act (CPA), Virginia Consumer Data Protection Act (VCDPA), Connecticut Data Privacy Act (CTDPA), and Utah Consumer Privacy Act (UCPA). These rights may include the right to:

To exercise the right to request access to and deletion of your personal data, please see the contact details in section 14 below. We do not discriminate based on the exercise of any privacy rights that you might have under this section and will respond to your request consistent with applicable law.

Response to Do Not Track Signals

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected through our Services for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals.

You will find further details of your rights in sections 5 and 6 of this General Privacy Notice in connection with each processing activity we perform. If you want to exercise any of your rights, or want additional information about them, please contact us using the contact details listed below (see section 14).

You have the right to lodge a complaint with the competent authority.

If you are not satisfied with the way in which we process your personal data, you may lodge a complaint with the competent data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, in addition to the rights described above.

Although this is not required, we recommend that you contact us first, as we might be able to respond to your request directly.

Contact Us

If you believe your personal data has been used in a way that is not consistent with this General Privacy Notice, or if you have any questions or queries regarding the collection or processing of your personal data, please contact us at contact@cerret.com.

Updates to this General Privacy Notice

This General Privacy Notice may be subject to amendments. Any changes or additions to the processing of personal data as described in this General Privacy Notice affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you (including by email and/or via the Solutions, e.g. banners, pop-ups or other notification mechanisms). If you do not agree to the changes made, you must stop accessing and/or using the impacted Services.

____________________________________________

Last updated: [09/11/2024]

CERRET SOLUTIONS | COOKIE POLICY

Scope

This Cookie Policy explains how we, Cerret, use cookies, other analytical tools or similar technologies (collectively, Cookies) in relation to the Solutions.

This Cookie Policy is incorporated into and forms an integral part of our General Privacy Notice for the Solutions

In brief

We use various types of Cookies in connection with our Solutions, some of which are capable of automatically processing data on your electronic device and/or of transferring personal data about you to us or third parties.

What are cookies?

Cookies are small files of letters and numbers downloaded on to your computer when you access certain websites. In general, cookies allow a website to recognize a user’s computer. These technologies are generally used for various reasons. Cookies are generally divided in four categories:

Essential Cookies. Some cookies are placed on your electronic devices to make websites capable of being used, by providing basic features such as page browsing and accessing secure areas. The websites cannot function properly without this type of Cookies.
Functionality Cookies. Some Cookies enable the websites to remember choices persons make, for example, username, and language or text size. These cookies are known as “functionality cookies” and help to improve a person’s experience of the websites by providing a more personalized service.
Advertising Cookies. These cookies are used to better understand user interests and to display more relevant advertisements.
Analytics/productivity Cookies. Analytics/productivity Cookies, such as those linked to Google Analytics, help understand how users interact with the service by anonymously collecting and reporting information.

Which Cookies we use

Our use of cookies may vary depending on the section or functionalities of the Solutions you access, but we generally use the following:

Name	Owner	Purpose / Description	Duration and expiry	Type
_gcl_au	Google Analytics (link to privacy notice)	Used by Google Analytics to understand user interaction with the Solutions. https://policies.google.com/privacy	90 days	Analytics
_ga		Used to compute visitor, session, campaign data and to keep track of the use of the Solutions for Solutions analysis reporting. It stores a number generated randomly to identify unique visitors https://policies.google.com/privacy	2 years	Analytics
_gid		Used to store information about the use of a website by visitors and creates an analytical report on the functioning of the website. It stores the number of visitors, their source and the page visited in pseudonymized form. https://policies.google.com/privacy	1 day	Analytics
_gat_UA-126103277-1		Attribute Cookie. Contains the unique identification number of the account or website to which it relates. This is a variant of the gat_cookie which is used to limit the amount of data stored by Google on high traffic websites. https://policies.google.com/privacy	1 minute	Analytics

Your Choices

If you do not want Cookies to be stored on your electronic device, you can configure your internet browser or electronic device to refuse and/or restrict them. Some Cookies are, however, essential to the functioning of the Solutions, which may operate differently if you refuse or completely restrict all Cookies.

You can see the help section of your internet browser or electronic device for more specific instructions on how to manage Cookies. The following links may be helpful, or you can use the “Help” option in your browser.

Cookie settings in Firefox

Cookie settings in Internet Explorer

Cookie settings in Google Chrome

Cookie settings in Safari (OS X)

Cookie settings in Safari (iOS)

Cookie settings in Android

To opt out from and prevent your data from being used by Google Analytics across all websites, check out the following instructions: https://tools.google.com/dlpage/gaoptout

You may also set the use of Cookies on the Cookie consent management platform integrated into the Solutions.

To find out more about cookies, including how to see what cookies have been set and understand how to manage, delete and block them, visit www.aboutcookies.org or www.allaboutcookies.org.

Updates to this Cookie Policy

We may update this Cookie Policy. We encourage you to periodically review this page for the latest information about cookies set on the Solutions.

____________________________________________

Last updated: [09/11/2024]

Try for free

The CERRET bracelet

Sitemap

Policies

Social pages

Download the app