1. Who we are:
We are INEXTO SA of Avenue Edouard-Dapples 7, 1006 Lausanne, Switzerland. You can contact us at this address by post or by email at info@inexto.com.
Our data protection representative is Rachel Burlet-Chen, Legal and Compliance Officer, INEXTO SA.
2. Why we process your data, the lawful basis for processing your data and who we share it with
We process limited personal data related to your use of the app. We synchronize the name, email addresses and pin code for users of the app. This is used only if the entity that is our customer and on whose behalf you are using the app for track & trace purposes (“your Employer”) specifies that the login feature is required to authenticate which user performs a specific track & trace event.
Also, if enabled on the backend on the instruction of your Employer, we may collect the location of the device to geo-tack the track & trace events.
Camera Permission
Finally, the app requests permission to use the camera on your device in order to scan barcodes. No other data is passed to the application other than what barcodes have been scanned.
Personal data is stored securely and encrypyted in a local database.
We process personal data so that a user can login in the app and be authenticated in line with the requirements of your Employer.
The personal data is not shared with any third parties unless your Employer requests that the track & trace events processed through the app to be stored on your Employer’s own repository.
The lawful basis of the processing is that it is processing necessary for the purposes of the legitimate interests pursued by your Employer in authenticating users that perform track & trace events and in processing track & trace events.
3. Transfers of data outside the European Economic Area
We do not transfer your personal data outside the European Economica Area or Switzerland.
4. Information received from third parties and the source of that data
We do not receive any personal data from third parties.
5. Your rights relating to personal data
You have the following rights under the GDPR, in certain circumstances and subject to certain exemptions, in relation to your personal data:
- right to access the data – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
- right to rectification- you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
- right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
- right to restriction of processing or to object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
- right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format. In order to exercise any of the rights set out above, please contact us at the contact details at the start of this privacy notice.
If we are processing personal data based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal.
If you are unhappy with how we process personal data, we ask you to contact us so that we can rectify the situation.
You may lodge a complaint with a supervisory authority. The Swiss supervisory authority is the Federal Data Protection and Information Commissioner.
6. Requirement to process personal data
Q: Is it possible to use the app without processing personal data?
At a minimum, we will know the device identifier which has performed the operation on the application.
If app login is not enabled then the application is not required to maintain a list of users on the backend (which is synchronized on the devices). This decision to enable app login is made by your Employer.
Q: What are the consequences of refusing permission for the app to process personal data?
The app cannot be used.
7. Automated decision-making and profiling
We do not use any personal data for the purpose of automated decision-making or profiling.
8. Effective Date and Updates
This notice applies from May 3, 2019
Registered users will be notified of updates to this Privacy Notice by email.