Privacy policy

1. introduction

We at ITpoint Systems AG ("we", "us", "ITpoint") take the protection of your data seriously.

This Privacy Policy explains how ITpoint collects and uses personal data and explains what rights you have in relation to your personal data.

As a responsible company, we have taken numerous technical and organizational measures to ensure that the personal data we process is protected as comprehensively as possible in order to meet the requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (DSG) and country-specific data protection regulations.

ITpoint processes personal data for a variety of purposes. We collect this data directly from you, e.g. when you engage us to provide services directly to you, or we may obtain your personal data from publicly available sources (e.g. LinkedIn) or process your data in the course of providing services to your employer (as our client).

This Privacy Notice is intended to cover all aspects and scenarios of ITpoint's processing of personal data and will be supplemented, where appropriate, by more specific privacy notices provided to you at the time your personal data is collected.

2. name and address of the data controller

The data controller within the meaning of the GDPR and the FADP, other data protection laws applicable in Switzerland and in the member states of the European Union and other data protection regulations is

ITpoint Systems AG
Phone: +41 41 798 80 80
E-mail: servicedesk@itpoint.ch (for data protection inquiries)
Website: https://www.itpoint.ch

ITpoint Systems AG is a subsidiary of Sharp Electronics (Europe) GmbH. Please note that each Sharp organization within Europe is a separate data controller and that you should check the privacy policy on the website domain of the country (e.g. sharp.co.uk, sharp.fr, sharp.de, itpoint.ch) that you access or reside in.

As a data controller, we are responsible for deciding how we store, use and protect personal data. This also means that we are responsible for responding to your requests regarding the use of your personal data. If you have any questions about the processing of your personal data, you can contact us using the contact details below:

E-mail: servicedesk@itpoint.ch

You can contact our data protection officer directly at any time with any questions or suggestions on the subject of data protection.

3. data protection officer

Article 27 of the General Data Protection Regulation (GDPR) requires organizations that are not based in the European Union (EU) to appoint a representative in the EU if they are subject to the GDPR.

ITpoint Systems AG may carry out processing activities to which the GDPR applies. For this reason, in accordance with the GDPR, ITpoint Systems AG has appointed a representative to act on its behalf when it carries out processing activities to which the GDPR applies in accordance with Articles 13 and 14 of the GDPR and when it does so. Such appointment shall not be construed as a confirmation that the GDPR applies to any of their processing activities.

The Data Protection Officer of the controller is:
EU:
Sharp Electronics (Europe) Ltd. Sucursal en España, registered in Spain, with registered office at WTC Almeda Park, Plaça de la Pau s/n, Edificio-6, Planta-4, 08940 Cornellà de Llobregat, Barcelona, Spain Email: proteccion.datos@sharp.eu

UK:
Sharp Electronics Europe Ltd, 4 Furzeground Way, Stockley Park, Uxbridge, UB11 1EZ, United Kingdom E-Mail: DPOEurope.SEE@sharp.eu

4. personal data

This data protection notice applies to all personal data processed by ITpoint. "Personal data" means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. Personal data also refers to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of an individual.

This also includes sensitive personal data (special categories of data referred to in the GDPR), including

  • Ethnic origin
  • Political views
  • Religious or philosophical beliefs
  • Membership of a trade union
  • Genetic data
  • Biometric data
  • Physical or mental health
  • Sexual life or sexual orientation

Sensitive personal data also includes personal data relating to criminal convictions and offenses.

5 What data is processed?

We collect personal information when you create an account with us, purchase products or services from us, fill out forms we provide to you, submit a report or communication about our products or services, contact us by phone or email, or otherwise communicate directly with us.

Below we define the types of personal data that we process depending on the circumstances in which the personal data is collected. We collect the following types of personal data from you:

5.1 Visitors to our website

Personal data that we collect about you when you visit our website falls into two categories.

A. Information provided directly by you:
We collect personal information that you voluntarily provide to us through our website, such as when you fill out online forms to contact us, subscribe to a newsletter, use one of our online offers, sign up to receive marketing communications from us, participate in surveys or register for events organized by us. The information we collect about you includes the following:

  • Name
  • Job title, level or function, role
  • Company or organization
  • Company data
  • Contact information, including primary e-mail, e-mail address and telephone numbers
  • Demographic information, such as industry, country, zip code, preferences and interests
  • Other information relevant for customer surveys or similar studies
  • Information relevant to the provision of our services to you
  • All other personal data that you voluntarily provide to us

We do not intentionally collect sensitive data unless you provide us with such data. Although there are free text fields on the website where you can enter any information, we do not intend to process sensitive data and you should therefore refrain from providing such data. If you choose to provide sensitive personal data in this way, you consent to the collection and processing of that sensitive data.

B. Automatically collected information
When you visit our website, we automatically collect certain personal information from your device, such as your IP address, device type, unique device identification number, browser type, general geographic location (e.g. country or city) and other technical information. We may also collect information about how you and your device have interacted with the content of our website, e.g. links clicked, information accessed. We collect this information to gain a better understanding of our website visitors, where they come from and what content on our websites is of interest to them. This information may also be used for analysis and quality purposes. For more information on how ITpoint uses automatically collected data, including cookies and other similar tracking technologies, please see our Cookie Policy.

Our website also uses various social media plugins; further information on their use can be found in section 4.6.

5.2 Customers

If you engage us to provide services to you, we will collect and use personal data for legitimate business purposes in connection with the provision of services to you. In the course of providing such services, ITpoint may also process personal data of individuals who are not directly our customers (e.g. employees, customers or suppliers of our customers).

The majority of the personal data that we collect and use to provide our services is provided voluntarily by our customers. If this data relates to persons who are not direct customers of ITpoint, we obtain confirmation from our customer that they are authorized to pass the data on to us for lawful further processing.

We process the following types of personal data:

  • Basic information, such as your name, the company you work for, your position and your relationship to a person
  • Contact information, such as your postal address, e-mail address and telephone numbers
  • Financial information, including any information to facilitate payments between the parties
  • Other personal data about you or other third parties that you provide to us for the use of our services

5.3 Contacts in our CRM systems

We process personal data about our business contacts (e.g. existing, former or potential customers, including the persons employed by them and other business contacts) in our CRM (Customer Relationship Management) systems.

Our CRM systems are used to support the business and facilitate our marketing activities. ITpoint uses the information stored in these systems to provide its contacts with information about ITpoint products, marketing materials, surveys and invitations to events and to manage customer relationships generally.

We process the following categories of personal data in our CRM systems:

  • Name, job title, address, e-mail address, telephone and fax number
  • Name of the employer or organization with which the person is associated
  • Marketing preferences
  • Responses to invitations and confirmations of participation in events
  • Any other information voluntarily provided in the course of our business relationship

We do not intentionally collect sensitive data unless you provide us with such data (e.g. special dietary requirements that reveal your religious affiliation or food allergies) when you attend one of our events. The collection of such data is subject to specific privacy notices that apply to the event you attend.

5.4 Participants in ITpoint events

We process personal data of participants in events organized by ITpoint, including meetings, conferences, trainings and webinars. We may use various applications and online platforms to manage the registration processes for events. Please refer to the privacy notices of these platforms and read them carefully when you provide your personal data to participate in an event.

We process the following categories of personal data (insofar as they apply to a specific event):

  • Name, age or date of birth
  • Personal data of the customer (private, office and business information)
  • Credit or debit card number
  • Customer information (private, office and business information)
  • E-mail address
  • Gender
  • Place of residence or other physical address
  • Names of employers
  • Function (job title)
  • Passport number
  • Telephone or fax numbers

We do not intentionally collect sensitive data unless you provide us with such data (e.g. special dietary requirements that reveal your religious affiliation, or food allergies or other data relating to your health that is necessary to provide support to participants and facilitate their participation in ITpoint events).

ITpoint may take photos and make audio or video recordings in public areas of ITpoint events. After the event, the recordings can be further processed before they are published or distributed for marketing purposes.

5.5 People who use our platforms and applications

We provide external users, including our customers and their end users, with access to various applications managed by us, such as customer service portals. All personal data collected through these applications (e.g. name, e-mail address, dates and time of registration) is collected to provide this service to individuals, verify their identity and enable them to log in securely in a protected web environment. They also enable ITpoint to grant or deny access in the event of misuse of the service. Third party applications provided by ITpoint are subject to their own privacy notices. Please familiarize yourself with their content and read them carefully when using our platforms and applications.

5.6 People who visit our social media pages and interact with our social media tools

Social media
ITpoint uses various social media platforms for recruitment, marketing and business development purposes. We use social media to advertise recruitment opportunities at ITpoint and to promote products and services.

Please note that while ITpoint is responsible for the content published via social media platforms, ITpoint is not responsible for the management and administration of the social media platforms. You should always familiarize yourself with the legal and privacy policies of these social media platforms and read them carefully. If you have any questions about how the social media platform uses your data, you should contact the platform provider directly.

ITpoint may receive aggregated data from these social media platforms, such as the number of "likes" in response to content and posts published by ITpoint, the number of visitors engaging with our posts, or information about links clicked and content downloaded.

Social media plugins
Social media plugins are also implemented on our website, e.g. a special button that enables the website to establish a direct connection with the server of the respective social media platform. Through this direct connection, the social media provider is informed about the corresponding page on our website that triggered this link. If you wish to prevent such disclosure, you should check your settings in your social media accounts before visiting our website, as ITpoint has no influence on the collection of data by social media plugins.

Our website uses the following plugins and widgets:

  • X (formerly Twitter)
    Functions of the X service are integrated on our website. If you use X and the "Retweet" function, the websites you visit will be linked to your X account and made known to other users. If you are not yet logged into your X account, clicking on an X button will redirect you to the X login page where you can enter your login details. Data will also be transmitted to X. We would like to point out that we have no knowledge of the content of the transmitted data or its use by X. Further information can be found under X Privacy Policy.
  • YouTube
    Our website uses plugins from YouTube, which is operated by Google. When you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which pages you have visited.

    If you are logged into your YouTube account, YouTube allows your surfing behavior to be directly assigned to your personal profile. You can prevent this by logging out of your YouTube account. If you are not yet logged in, clicking on a YouTube button will display the YouTube login page where you can enter your login details. Further information can be found in the Google privacy policy.
  • LinkedIn Lead Gen Forms
    ITpoint uses LinkedIn Lead Gen Forms for sponsored content from ITpoint and sponsored LinkedIn InMails for recruitment, business development and marketing campaigns. Once LinkedIn members click on the ITpoint ad, they see a form pre-populated with information from their LinkedIn profile, such as name, contact information, company name, seniority, job title and location. Once a LinkedIn member submits a lead form, they will be connected to ITpoint. Please click here for the LinkedIn Privacy Policy.
  • Google Maps
    Our website uses the Google Maps map service via an application programming interface (API). In order to use Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the United States and stored there. We have no influence on this data transfer. Further information can be found in the Google privacy policy.

5.7 Persons who correspond with ITpoint by e-mail

ITpoint uses a variety of tools to ensure the security of our IT infrastructure, including our email facilities. Examples of such tools are:

  • Systems that check incoming emails to ITpoint recipients for suspicious attachments and URLs to prevent malware attacks
  • Endpoint threat detection tools to detect malicious attacks
  • Tools that block certain content or websites

When you correspond by email with an ITpoint recipient, your emails are scanned by the tools ITpont uses to maintain the security of its IT infrastructure, which could result in content being read by authorized ITpoint personnel who are not the intended recipient.

5.8 Job applicants

We process personal data for recruitment purposes to facilitate the administration of our vacancies and to match your skills, experience and education with the jobs offered by ITpoint. This data may be collected directly from the applicant or from other third parties about the applicant.

In general, we collect the following types of personal data:

  • CVs/resumes
  • Identity documents
  • academic certificates
  • Professional career
  • Employment information and references

This information will be shared with the relevant recruiters and people involved in the recruitment process so that they can decide whether to invite you for interview. ITpoint collects further information when you are invited to an interview (or equivalent) and beyond. This information includes interview notes, assessment results, feedback and offer details.

As part of our recruitment process, we may also collect data from special categories of applicants where we are required to do so by employment law. This data is relevant to the future working environment at ITpoint or to the future provision of employment benefits, or with the express consent of the individual concerned where the collection of such data is permitted by law.

Our recruitment tools and websites contain their own privacy notices explaining why and how personal data is collected and processed by these applications. We encourage individuals who use our recruitment tools and websites to familiarize themselves with the privacy notices on these tools and websites.

5.9 Suppliers and providers

We process personal data about our suppliers (including subcontractors and individuals associated with our suppliers) in order to manage our relationships and contracts and to obtain services from our suppliers.

The personal data we process is generally limited to contact information (name, employer's name, telephone, e-mail and other contact details) and financial information, including payment-related information.

5.10 Visitors to the ITpoint business premises

When you visit an ITpoint property, we process your personal data to provide you with certain facilities (e.g. access to our buildings and meeting rooms or Wi-Fi), to control access to our buildings and to protect our offices, staff, goods and confidential information (e.g. through the use of CCTV).

The personal data we collect is generally limited to your name, contact details, location and the time you enter and leave our premises.

  • Visitor records and access badges
    Visitors to our premises must register at reception and we retain this visitor data for a short period of time. Visitors to our premises are issued with a temporary access badge which they can use to enter our premises. Our visitor data is used to check that access badges are returned, to investigate a security incident and for emergencies (e.g. if an office needs to be evacuated).
  • Wi-Fi
    We monitor and log the data traffic in our Wi-Fi networks. In this way, we obtain limited information about a user's network behavior, but we can also at least see the source and destination addresses from which and to which the user connects.
  • Video surveillance
    ITpoint uses CCTV surveillance to the extent permitted by law. CCTV images are stored securely and are only accessible when required(e.g. to investigate an incident).

6. purposes and legal grounds for processing

We limit the collection of personal data to what is strictly necessary to fulfill our legal or business obligations. In some cases, however, the provision of personal data may be required in part by law (e.g. tax regulations), in the context of contract negotiations or in the provision of a service. We describe below:

  • the purposes for which we collect your personal data and;
  • the legal basis that allows us to process your personal data
Type of dataPurposes of data processingLegal basis for data processing
1.





























Visitors of
itpoint.ch




























- To administer and manage our website, including to confirm and authenticate your identity and prevent unauthorized access to restricted areas of our website
- To personalize and enrich your browsing experience by displaying content that is likely to be relevant to you, that is likely to be more relevant and interesting to you
- To analyze the data of visitors to our website
- To identify the company, organization, institution or authority you work for or are otherwise associated with
- To develop our business and services
- To provide you with marketing communications
- To carry out benchmarking and data analysis (e.g. in relation to the use of our website). For example, in relation to the use of our website and demographic analysis of visitors to our website
- To understand how visitors use the features and functionality of our website
- To monitor and enforce compliance with applicable terms of use
- To conduct quality and risk management audits
Any other purpose for which you have provided information to ITpoint		- Our legitimate interest in the effective provision of information and services to you and the effective and lawful operation of our business
- Our legitimate interest in the development and improvement of our website and your user experience
- Explicit consent of the visitor






















2.








Customers








- To provide services to you
- To manage our relationship and maintain contractual relationships
- For accounting and tax purposes
- For marketing and business development
- To comply with our legal and regulatory obligations
- For the establishment, exercise or defense of legal claims
- For historical and statistical purposes		- Performance of a contract
- Our legitimate interest in the effective provision of information and services to you and the effective and lawful operation of our business
- Our legitimate interest in the performance of a contract between you and ITpoint


3.





Contacts in our CRM systems




- To provide you with information about our products and services
- For marketing and business development
- To manage our relationship and maintain contractual relationships

- Explicit consent of the business contact
- Our legitimate interest in managing the relationship with our business contacts and providing information about ITpoint, our services and events organized by us
4.











Participants in ITpoint events










- To provide you with information about our products and services
- For marketing and business development
- To manage participation in the event and its organization







- Explicit consent of the participant
- Our legitimate interest in organizing events and managing the registration process for such events.
- Our legitimate interest in protecting our employees, assets and information and preventing unauthorized persons from gaining access to ITpoint events outside the company.
- Our legitimate interest in providing information about ITpoint, our services and the events we organize
5.







People who use our platforms and applications





- To manage our relationship and maintain contractual relationships
- To facilitate access to our platforms and applications




- Our legitimate interest in the effective provision of information and services to you and the effective and lawful operation of our businesses
- Our legitimate interest in the performance of a contract between you and ITpoint
- Explicit consent of the end user of the platform/application
6.





People who visit our social media pages, social media plugins and tools


- To provide you with information about our products and services
- For marketing and business development
- For recruitment


- Our legitimate interest in promoting the services
- Our legitimate interest in attracting, identifying and sourcing talent
- Our legitimate interest in improving your website experience and optimizing our services
7.



Persons who correspond with ITpoint by e-mail

- To provide you with a solution to your request or application
- For information security purposes

- Our legitimate interest in protecting our IT infrastructure from unauthorized access or data loss
- Our legitimate interest in analyzing email traffic
8.


















Job applicants


















- For recruitment and talent sourcing purposes
- To facilitate the selection and onboarding of candidates
- To comply with our legal and regulatory obligations
- For the establishment, exercise or defense of legal claims
- To manage your account throughout the application process, including - Conducting background checks, if applicable
- For statistical purposes







- Candidate's explicit consent
- Our legitimate interest in attracting, identifying and engaging talent
- Our legitimate interest in processing and managing applications for jobs at ITpoint, including screening and selecting candidates
- Our legitimate interest in recruiting and onboarding candidates, by making an offer to successful candidates and carrying out pre-employment checks
- Our legitimate interest in managing our careers websites (including carrying out statistical analysis)
- To comply with legal or regulatory obligations (in carrying out background checks to ensure that an applicant is suitable for employment)
9.










Suppliers and providers










- To manage our relationship and our contract, including the administration of payments and debt collection
- To comply with our legal and regulatory obligations
- For the establishment, exercise or defense of legal claims




- Performance of a contract
- Compliance with a legal or regulatory obligation
- Our legitimate interest in managing payments, fees and charges and the collection and recovery of monies owed to ITpoint
- Our legitimate interest in preventing ITpoint from inadvertently trading on the proceeds of criminal activity or assisting in other unlawful or fraudulent activity
10.






Visitors to the ITpoint offices





- To manage visitor access to ITpoint's premises
- To protect and secure our premises, employees and information
- To comply with our legal and regulatory obligations
- For the establishment, exercise or defense of legal claims		- Our legitimate interest in protecting our offices, employees, goods and confidential information
- Our legitimate interest in the prevention and detection of crime and the establishment, exercise and defense of legal claims


7 How we share your personal data

We pass on your personal data to the following parties:

  • Our employees: Our employees have access to your personal data, but only if this is necessary for their tasks.
  • Companies that belong to the same group of companies as us: For the purpose of providing a service to you.
  • Partners and dealers: For answering your inquiries about products and services that are not offered directly by ITpoint.
  • External service providers: ITpoint uses external service providers to help us, for example, with information technology and other administrative support services. Our service providers are contractually obliged to guarantee an appropriate level of security and data protection.
  • Law enforcement and regulatory authorities: If we need to disclose or share your personal data in order to comply with a legal obligation or regulatory requirement.

8. changes in the ownership and control of the company

We may transfer, sell or assign the information described in this Privacy Policy to third parties as part of a sale, merger, consolidation, change of control, transfer of assets or reorganization of our business. If we are involved in a merger, acquisition or sale of assets, we will always process your data in accordance with your rights and freedoms and subject to confidentiality agreements between the parties.

9. transmission of personal data

Sharp Group companies operate in various locations around the world. Some parts of our internal infrastructure are centralized, including the provision of information technology services. We may also share personal data with third parties (and their affiliates) who provide the above additional services to ITpoint or Sharp Group.

Therefore, your personal data is sometimes transferred outside of the jurisdiction in which it was collected and stored. This includes countries outside Switzerland, the European Economic Area (EEA) and the United Kingdom (UK). Where such a transfer is necessary, we will take appropriate security and legal measures to ensure the safety of the personal data. ITpoint and the Sharp Group have appropriate intra-group data transfer agreements in place which provide for a legally binding and enforceable obligation to protect personal data within the Sharp Group. Where personal data is transferred to a third party provider, we also ensure that legally binding contractual safeguards are in place that comply with the GDPR, revDSG and other applicable data protection laws.

10. your rights

You have the following rights in relation to your personal data:

  • Access to the personal data stored by ITpoint about you
  • to have your personal data corrected, e.g. if it is incomplete or incorrect
  • You can opt out of receiving marketing communications at any time
  • restrict or object to the processing of personal data or request the erasure of personal data (in certain circumstances and subject to applicable law)
  • to receive a copy of the personal data you have provided to ITpoint in a structured, commonly used and machine-readable format (known as "data portability"), subject to applicable laws
  • If you have voluntarily provided personal data or otherwise consented to its use, the right to withdraw your consent
  • The right to lodge a complaint with a data protection authority

If you would like to exercise your rights in relation to the above or lodge a complaint about an alleged breach of data protection law, please contact us at servicedesk@itpoint.ch.

11. safety

ITpoint has implemented appropriate organizational and technical controls to protect the confidentiality and security of information it receives in the course of its business. Access to such information is limited and policies and procedures are in place to protect the information from loss, misuse and unauthorized disclosure.

12. data retention

We will only retain personal data for as long as it is needed for the purposes described in Section 5 of this Privacy Policy "Purposes and legal grounds for processing". Note that retention periods vary in different jurisdictions and are determined in accordance with local regulatory and professional retention requirements.

13. update of our guidelines

We may update this Privacy Policy from time to time to reflect changes in the way we process personal data (for example, if we introduce new systems or processes that involve new uses of personal data) or to clarify information we have provided in this notice. Our changes will be made in accordance with applicable data protection laws.

We encourage you to check back from time to time for updates to this document, but we will notify you directly of any changes to this document or the way we use your personal data where we are legally required to do so.

ITpoint Data Privacy Policy
Version: 2.0 | October 2023