Personal Data Processing Policy
ApeironSpace AG
Last updated: 01.11.2024
This Personal Data Processing Policy (hereinafter referred to as the “Policy”) governs the collection, storage, and use of personal data of visitors to the apeironspace.com website (hereinafter referred to as the “Website”) by ApeironSpace AG. This Policy ensures compliance with the European Union’s General Data Protection Regulation (GDPR) / Datenschutz-Grundverordnung (DSGVO), Regulation (EU) 2016/679, and applies to all personal data collected and processed by ApeironSpace AG.
1. Definitions
1.1. Personal Data — any information relating to an identified or identifiable natural person (“data subject”), where an identifiable natural person is one who can be identified, directly or indirectly, by reference to identifiers such as name, identification number, location data, online identifier, or other specific factors.
1.2. Data Controller (hereinafter referred to as the “Controller”) — the entity that determines the purposes and means of processing personal data. In this Policy, the Controller is ApeironSpace AG.
1.3. Website Visitor — any natural person accessing the Website over the Internet and using the Website.
2. Legal Basis and Purpose of Data Processing
2.1. The Controller collects and processes personal data on the following legal grounds under GDPR/DSGVO:
- Contractual necessity: to fulfill agreements and provide services requested by Website Visitors;
- Legitimate interests: to improve the Website’s performance, enhance user experience, and conduct internal analytics, provided that such processing does not override fundamental rights and freedoms of Website Visitors;
- Consent: where required, explicit consent will be obtained for specific data processing activities;
- Compliance with legal obligations: to fulfill obligations under applicable EU and Member State laws, including DSGVO requirements.
2.2. The Controller collects and processes personal data for the following purposes:
- Providing information and services requested by the Visitor;
- Improving the Website’s functionality and user experience;
- Conducting analytics to optimize content and assess Website performance;
- Fulfilling contractual obligations;
- Ensuring compliance with applicable EU and Member State legislation, including DSGVO.
3. Types of Personal Data Processed
3.1. The Controller may process the following types of personal data:
- Name, contact information (email, phone number);
- Browser and device information (IP address, browser type, and version);
- Website usage data, including access logs and user preferences;
- Other information voluntarily provided by the Visitor.
4. Rights of Data Subjects
4.1. In accordance with GDPR/DSGVO, Website Visitors have the following rights with regard to their personal data:
- Right of access: to obtain confirmation on whether their data is processed and, if so, to access the data;
- Right to rectification: to request correction of inaccurate or incomplete data;
- Right to erasure (“right to be forgotten”): to request deletion of their data under certain circumstances, for example, if data is no longer necessary for the purposes for which it was collected;
- Right to restriction of processing: to request that the processing of their data be limited under certain conditions;
- Right to data portability: to receive their data in a structured, commonly used, and machine-readable format and to transmit it to another controller where feasible;
- Right to object: to object to data processing based on legitimate interests or for direct marketing purposes;
- Right to withdraw consent: where processing is based on consent, to withdraw it at any time without affecting the lawfulness of processing conducted prior to the withdrawal;
- Right to lodge a complaint: to file a complaint with a supervisory authority, such as the Data Protection Commissioner in their country, if they believe their rights under GDPR/DSGVO are infringed.
Data subject requests can be submitted via the contact details provided below, and the Controller will respond promptly in compliance with GDPR/DSGVO.
5. Data Collection, Storage, and Transfer
5.1. Personal data is collected only for specified, explicit, and legitimate purposes and is processed in a manner compatible with those purposes.
5.2. The Controller applies technical and organizational security measures to ensure the confidentiality, integrity, and availability of personal data, protecting it against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include encryption, pseudonymization, and regular assessments of security protocols.
5.3. Personal data is retained only for as long as necessary to fulfill the purposes of processing or as required by applicable law. Once the processing purpose has been achieved or the retention period has expired, data will be securely deleted or anonymized in compliance with GDPR/DSGVO retention requirements.
5.4. Personal data may be transferred to third-party processors (such as service providers) only with adequate data protection safeguards in place, in accordance with GDPR/DSGVO requirements. Transfers outside the European Economic Area (EEA) will only occur with appropriate safeguards, such as Standard Contractual Clauses or other approved transfer mechanisms.
6. Use of Cookies
6.1. The Website uses cookies and similar technologies to enhance user experience, analyze site usage, and for advertising purposes.
6.2. Visitors may set their browser settings to refuse cookies. However, this may impact Website functionality. Detailed information on cookies used by the Website can be found in the Cookie Policy.
7. Updates to the Policy
7.1. The Controller reserves the right to update this Policy as needed to reflect changes in legal requirements or business practices. The updated Policy will be posted on the Website and will take effect upon publication.
8. Contact Information
ApeironSpace AG
Address: Oberneuhofstrasse 5, CH-6340 Baar, SWITZERLAND
Phone: +41 41 766 77 10
Email: partners@apeironspace.com
This Policy is binding for all employees and third parties interacting with the Controller.