Privacy Policy

‍

Who are we?

We are Rentouch GmbH (referred to below as “Rentouch” or “we” or “us”, a global software company offering a hosted software-as-a-service enterprise alignment and collaboration software (“piplanning.io”) that is accessible via the internet.

For the purposes of the EU’s General Data Protection Regulation (GDPR), Rentouch GmbH is the Data Controller of the Personal Data that we collect from you. Our registered address is Rentouch GmbH, Schönenbergstrasse 68, 8820 Wädenswil, Zürich, Switzerland.

If you have any questions about this policy, you can contact our Data Protection & PrivacyOfficer at: privacy@rentouch.ch

When does this Privacy Policy Apply?

This Privacy Policy applies to the Rentouch products, our website at piplanning.io (the“Website”) and other interactions (e.g. customer service inquiries, user conferences, etc.)that you may have with us (together with any related software, tools and services provided in connection with Rentouch products, collectively, the “Services”).

This Privacy Policy does not apply to any third-party applications or software made available through or integrated with the Rentouch products or otherwise made available as part of theServices (‘Third-Party Services’), or any other third-party products, services or businesses.In addition, your access to and use of the Services is governed by separate terms and conditions (the ‘Master Subscription Agreement / MSA‘), and the organization (for example your employer) that entered into the Master Subscription Agreement (the‘Customer’) controls its use of the Services and any associated Customer Personal Data, as defined in the ‘Data Processing Agreement / DPA’.

For the purposes of this policy ‘Personal Data’ means any information which is related to an identified or identifiable natural person.

The Services are not intended for children and we do not knowingly collect data relating to children.

‍

How do we collect Personal Data?

‍

Activity: Visiting our Website

‍

Personal Data that may be collected:

• Device identifiers (including IP address)
• The domain name of the website that directed you to our Website
• The number of times you have visited our Website
• The average time spent on a page
• What pages you viewed
• Contact details
• Contact details of other subjects if sent by the users – under their responsibility – through referral forms
• Cookie information. For more details about how we use cookies, and your opt-out opportunities and other options, please see ourCookie Policy

‍Do not track disclosure: Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. You may, however, disable certain tracking (eg, by disabling cookies) and as set out in our Cookie Policy.

‍Clear GIFs, pixel tags and other technologies: We may use clearGIFs (also referred to as web beacons, web bugs or pixel tags), pixel tags and other technologies, in connection with our services to, among other things, track the activities of users of our services, help us manage content, and compile statistics about usage of our services.We and our third-party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, to identify when our emails are viewed, and to track whether our emails are forwarded.

Log files: Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files.

Third-party analytics: We also use automated devices and applications, such as Google Analytics (more info here) or Hotjar to evaluate the use of our sites and services. We use these tools to gather personal and non-personal data about users to help us improve our services and user experiences. These analytics providers may use cookies and other technologies to perform their services and may combine the information they collect about you on our Sites with other information they have collected for their own purposes. This Policy does not cover such uses of data by third parties. Please update your cookies settings accordingly, should you want to exclude third-party analytics.

‍

Activity: Using the Services

‍

Personal Data that may be collected

When our Customer engages us to provide you with our Services, we collect and use personal data when we have a valid business reason to do so in connection with those Services and our contractual agreements with our Customers. In the context of providing Services to the Customer, Rentouch also processes personal data of individuals who are not directly clients such as the Customer’s employees.

Such data might be:

• Contact information, including potentially your name and email address
• Any username you may have on that other site or platform
• Device information, as we collect data about devices accessing the Services, this can include type of device, the operating system used, device settings, application IDs, unique device identifiers and crash data depending on the type of device used and its settings
• Location information such as business address submitted by your employer or an IP address received from your browser or device to determine your approximate location. We may also collect location information from devices in accordance with the consent process provided by your device
• Contact Information, in accordance with the consent process provided by your device or other third-party API, any contact information that the user chooses to import (such as an address book from a device or API) is collected when using the Services
• Third-Party data that we may receive about organizations, industries, lists of companies that are Customers, website visitors, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partnersor others that we use to improve our own information better or make it more useful. This data may be combined with data that we collect and might include aggregate-level data, such as which IP addresses correspond to post codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed

Rentouch also generates services metadata to provide additional context about the way that users work and to improve its Services continuously. For example, we log the board activities, people, features, content and links that you view or interact with, the types of files shared and any Third-Party Services used.

Where we need to collect personal data by law, or under the terms of the Master Subscription Agreement, and you fail to provide that data when requested, we may not be able to provide the Services or provide them at the desired quality and/or functionality.

‍

Activity: Attending Professional Events

‍

Personal Data that may be collected

Contact information, including name, mailing address, phone number, email address and contact preferences.

‍

Activity: Accessing Third-Party Services

‍‍

Personal Data that may be collected

Contact information, including potentially your name and email address.
Any username you may have on that other site or platform. Additional information that the third party has elected to make available to Rentouch to facilitate the integration Any other information you may make available to the public or authorized users of the Third-PartyServices.

‍

Activity: Other activities that result in data collection

Personal Data that may be collected

We also receive other information when submitted to our Website or in other ways, such as if you participate in a focus group, contest, activity or event, apply for a job, enroll in a certification program or other educational program hosted by Rentouch or a vendor, request support, interact with our social media channels or otherwise communicate with us.

Activity: Requesting Marketing Materials

‍

Personal Data that may be collected

• Contact information, including potentially your name, mailing address, phone number, email address, contact preferences
• Login information (account number, password)
• Marketing preferences
• Social media account information

Activity: Recruitment

‍

Personal Data that may be collected

When you apply for a job at Rentouch, we will collect and process your personal data. As a general matter, the data we collect regarding our job applicants includes

• resumes or CVs
• identification documents
• academic records
• work history
• employment information and references.

Depending on the country, Rentouch may collect personal data from different sources, such as directly from you, recruitment agencies, publicly available online sources (e.g. LinkedIn), references or as a result of background screening checks.

Activity: Employees and External Resources

‍

Personal Data that may be collected

When you work at Rentouch, we will collect and process your personal data. As general matter, the data we collect from our employees (this including also external resources cooperating with Rentouch) includes:

• data collected during the recruitment;
• employee data: identity and contact information (e.g. full name,
  email address, address, photograph, telephone number); employment and education data, (e.g. previous title, previous employer office location and department, references, licenses, certificates, education information);
• data collected while conducting employment activities for Rentouch (e.g. marketing material with an employee’s name or photograph on it, e-meeting video recordings, work email archive, contents and elements in Rentouch’s corporate IT tools);
• additional personal information you may provide to us, (e.g. photos and videos, work samples, hobbies and any other personal information provided to us during your employment or recruiting process);
• data collected from third parties, (e.g. working and travel permit confirmations or personal data included in written or oral communication with employee’s references);
• information captured by on-premise security systems (e.g. entrance camera surveillance and key card entry systems);
• employee’s emergency contacts (e.g. name, relation, telephone number, email and address of the emergency contact person provided by the employee);
• technical data: we collect some technical data automatically through the use of our website, premises or services, which may be associated with employees (e.g. IP-address);
• special category data: we may also process special categories of personal data, for example (i) employee has any disabilities, which we have to consider in ensuring an equal and accessible working environment; (ii) employees’ health status (e.g. taking of sick days, doctor’s certificates or food allergies) or other information based on legal requirements (e.g. COVID certificate); and (iii) sensitive personally identifiable information; special categories of personal data; and/or sensitive personal data; as defined by applicable privacy laws and regulations.

We process your personal data for the following purposes: (i)managing our employment contracts; (ii) managing our employment and skill development; (iii) organizing employee events; (iv) organizing employee surveys; (v) managing business activities; (vi)communicating internally and externally; (vii) ensuring safety and security; and (viii) taking care of our employees’ welfare. Rentouch makes use of tools to improve and optimize its operations and reduce costs. Some of these tools may scan elements and contents of Rentouch employees’ corporate IT tools. Rentouch also makes use of platforms improving the employee experience and providing benefits which might require the processing of some of the above mentioned personal data.

‍

Activity: Accessing ourRentouch Offices

‍

Personal Data that may be collected

When you access our offices, we process your personal data in order to provide you with certain facilities, to control access to our buildings, and to protect our offices, personnel, goods and confidential information.

We may monitor and log traffic on our Wi-Fi networks. This allows us to see limited information about a user’s network behavior, but will also include being able to see at least the source and destination addresses the user is connecting from and to.

We process such personal data for our legitimate interest in protecting our offices, personnel, goods and confidential information and legitimate interest in preventing and detecting crime, and establishing, exercising and defending legal claims.

What do we use your Personal Data for?

We use the Personal Data we collect from you for the following purposes:

• Provide, update, maintain and protect our Services, Website and business. This includes the use of information to support the delivery of the Services under the Master Subscription Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at a user’s request.
• Optimize the Website and your experience on it. For example, to ensure that the content of the Website is presented on your computer as efficiently as possible, as well as for troubleshooting, data analysis, testing, research, and statistical purposes.
• To develop and provide search, learning and productivity tools and additional features. We try to make the Services as useful as possible. For example, we may improve search functionality by using Personal Data to help determine and rank the relevance of content, channels or expertise to a particular Authorized User, make Services or third-party service suggestions based on historical use and predictive models, or identify organizational trends and insights to customize a Services experience or create new productivity features and products. From time to time, we may also send surveys through our product to assess the engagement of users and get useful suggestions to improve the services.
• To send emails and other communications. We may send you Service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings and important Services-related notices, such as security, privacy and fraud notices. These communications are considered part of the Services and you may not opt-out of them.
• To market our products and services. We sometimes send emails about new product features, promotional communications or other news about Rentouch. These are marketing messages, so you can control whether or not you receive them. You can manage those preferences or even opt-out by clicking on the dedicated link in those messages.
• To organize events. We sometimes organize events and other activities for our Customers, employees and/or prospects.
• For security reasons. As part of our efforts to offer you robust and strong security when using our Website and Services.
• For billing, account management and other administrative matters. We may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
• To Comply with Our Legal or Contractual Obligations. For example, we may use Personal Data to identify Website visitors, including for account authentication purposes; to carry out our obligations and enforce our rights under any contracts to which we are a party; and to respond to valid legal requests for information.
• Fraud and Illegal Activities Prevention. We may use Personal Data to prevent, protect against, investigate, or prosecute any fraud, abuse, or other misuse or illegal activity using our Services.

Failure to provide such personal data might result in Rentouch’s inability to fulfill the above-listed purposes.

‍

Who do we share your information with?

We may share Personal Data with our partners (e.g. marketing, education, distribution, and reseller partners, online marketplaces, data hosting providers and other service providers) and affiliate Rentouch companies who perform one or more of the functions or purposes outlined above on our behalf.

Specifically, we may disclose Personal Data that we collect or that you provide to us in the following circumstances:

• To our partners, service providers and other third parties with whom we share Personal Data to support our efforts to provide and promote our Services (e.g. to analyze data, host data, provide customer support, teach courses related to our products, and deliver online and offline marketing communications).
• As required by law, such as to comply with any court order, subpoena or other law or legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a governmental or regulatory request.
• To related Rentouch entities, for customer support, marketing, technical operations, and account management purposes.
• To buyers or other successors in the event of a merger, sale or transfer of some or all of Rentouch’s assets.

Third parties with whom we share Personal Data are bound by all relevant and applicable data privacy laws and/or terms of confidentiality.

‍

Our lawful basis for processing your Personal Data

In certain jurisdictions, we may process Personal Data only if we have a lawful basis on which to do so. The lawful basis for the processing described above includes:

• Performance of the Contract. Sometimes, such as when we use your contact information to send you the information you have requested, the reason we process Personal Data is to perform the service which you have requested.
• Legitimate Interests. In many cases, we process Personal Data because it is in our legitimate interest to do so, and that interest is not overridden by your privacy interests. This applies, for example, when we process Personal Data as part of our fraud prevention program, where our legitimate interest is in ensuring the appropriate use of our services and products, or to collect business analytics data, where our legitimate interest is in improving our business, services, and products.
• Consent. In some cases, we do not process your Personal Data unless we have your consent to do so.
• Legal Obligation. In some cases, we collect, process, and share Personal Data because we have a legal obligation to do so. For example, if we are subject to a valid legal process, we may have no choice but to provide the requested information.

‍

What are your rights?

Rentouch is a global company and as such we collect personal information from individuals all over the world. We strive to comply with all applicable privacy and data security laws around the globe, including General Data Protection Regulation EU2016/679 (“GDPR”), the Swiss Federal Act on Data Protection (“FADP”), the California Consumer Privacy Act of 2018 (“CCPA”) and other applicable laws.

Your GDPR, FADP and California Privacy Rights.

Where GDPR, FADP and CCPA apply, you may have certain rights you can exercise under certain circumstances. These may include:

• Right of Access/Right to Know/Right to Data Portability: You have the right to request that we disclose to you the Personal Data we collect, use, or share about you, as well as information about our data privacy practices.
• Right of Erasure/Deletion: You may have the right to request that we delete the Personal Data that we have collected from you or about you.
• Right to Object: You may have the right to object to, or opt-out of, certain processing that we carry out with your Personal Data.
• Right to Rectification: You may have the right to update or to correct any incomplete or inaccurate Personal Data that we hold about you.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
• Right to Lodge a Complaint: Under GDPR you have the right to lodge a complaint with an appropriate data protection authority if you have concerns about how we process your Personal Data.

For any other requests to exercise your GDPR, FADP and CCPA privacy rights, please email us at privacy@rentouch.ch.

Please note that to protect the security, confidentiality, and integrity of your Personal Data, we may need to verify your identity before processing your request. In some cases, we may need to collect additional information to verify your identity, such as a government-issued ID.

If you are subject to CCPA, we currently do not share or disclose your Personal Information to third parties for the third parties’ direct marketing purposes. If we change our practices in the future, we will implement an opt-out policy as required under California laws.

Finally, under the CCPA you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. If you choose to do that, we may seek additional information to ensure that you have actually designated the agent to make the request.

‍

How do we protect your Personal Data?

We take the security of your Personal Data very seriously and work hard to protect it from loss, misuse and unauthorized access or disclosure.

We are not in the business of selling personal data or information. We do not sell any collected Personal Data or Information. Personal Data or Information that is collected by us as a result of your visiting our website or using our product and services in any form, is only processed for that purpose or any other purpose that you consent to us.

‍

How long do we keep your Personal Data for?

We may retain Personal Data pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Personal Data for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

With regards to Personal Data collected while using our services, we will retain such Personal Data in accordance with our Customer’s instructions, including any applicable terms in the Master Subscription Agreement, and as required by applicable law. The deletion of Customer Data and other use of the Services by the Customer may result in the deletion and/or de-identification of certain associated other Information.

‍

International Data transfers

As we are a global organization, we may need to transfer Personal Data to, or allow it to be accessed by, our Rentouch entities in Switzerland, the EEA, the USA and elsewhere in the world.

Links to Third-Party Websites

The Website may contain links to other websites for additional information and convenience. Rentouch does not control those other websites, endorse or make any representation about other websites, and is not responsible for the privacy practices of those other websites.

Changes to this Privacy Policy

We are free to change this privacy policy at any time, and we will occasionally update it to reflect changes in our operations, our services or applicable law. These changes will be effective immediately and will become effective for existing users through the continued use of the services after the date of the changes. When changing non-substantial details we will just revise the last available version on our systems. If we make any material or other significant changes, we will take additional steps to inform you of these if required by law (e.g. posting notice of the changes on the website, etc.). You must therefore regularly check our website https://piplanning.io/legal.

Last Update December 1st 2022

‍