How does Supertext treat your personal data?

Privacy Policy | Last updated: May 2018

We want to make this easy for you. And comply with the the GDPR's requirement for transparency. That's why this privacy policy is written in plain language – and therefore in a clear and understandable way.


Section 1

Introduction

Supertext AG provides various language services over the Internet. We provide these services in cooperation with a large network of freelance language professionals. These include copywriters, authors, journalists, translators, editors, proofreaders and plain language specialists.

Protecting your data is very important to us, which is why this policy explains how we handle your personal information.

To use the services provided by Supertext AG, you must accept this data protection policy. You must also be aware that this policy may be updated from time to time. However, we will not limit the rights guaranteed to you in this data protection policy without your express consent. We will publish any changes on this page. In case of any major changes, we will always personally inform our customers and contacts as well. We also archive older versions of this policy. We will be happy to provide access to these versions on request.

Section 2

Applicable law

Our website is subject to Swiss data protection law. More specifically, this is the Federal Act on Data Protection (DPO) as well as any applicable foreign data protection laws, including the General Data Protection Regulation (GDPR) of the European Union (EU) in particular. The EU recognizes that Switzerland upholds adequate data protection standards.

Section 3

What personal data do we save and process?

In the Supertext system, we create individual profiles for current and potential customers, partners and freelance partners. These profiles mainly contain contact details that visitors of the website provide themselves, including:

  • Name
  • Gender
  • Contact addresses (private or business)
  • Email addresses
  • Websites
  • Phone numbers
  • Profile picture.

If needed, we also store data that is important for managing orders and providing customer support, such as:

  • Documents that we assign for editing/translation
  • Notes from conversations
  • Log files that record order-related system activities in the customer’s profile.

For the sake of security, we may also store the IP address, time and date. We do this to help prevent abuse, such as identity theft and spam mail.

Finally, newsletters may contain graphics and web links that allow us to collect information to determine whether recipients have opened a particular newsletter and which web links they have clicked on. This allows us to assess the usage of newsletters for the sake of quality assurance and improvements.

We are legally allowed to store and collect data based on the principles set out in the General Data Protection Regulation (GDPR), Art. 6, Para. 1 lit. a, b and f – with information protection being a legitimate interest.

Section 4

Where do we store this data?

Our website, its Supertext system and the entire database are hosted by Microsoft Azure in Ireland and the Netherlands. Microsoft Azure creates standard web server log files each time our website is accessed. These log files store the following details:

  • IP address
  • Date
  • Time
  • Browser request, including origin of the request (“referrer”)
  • What is known as the user agent is also important. This helps identify the type of browser being used – in particular, about the language, version and operating system.

The Supertext system also stores files for logging errors and function calls. These log files may include user data. The log files help us to identify technical problems and to ensure security. We delete all log files within a maximum period of 365 days.

Ireland and the Netherlands comply with the same appropriate data protection standards as all EU member states. The legal basis for keeping log files is found in the GDPR, Art. 6, Para. 1 lit. a, b and f – with information protection being a legitimate interest. Additional information can also be found in the Microsoft Privacy Statement.

Section 5

How do we use the data?

All of the data we collect is used exclusively for:

  • Processing current orders/jobs
  • Assisting and advising our customers
  • Sales analyses (with and without reference to persons)
  • Web traffic analysis (with and without reference to persons)
  • Sales and marketing activities within the Supertext Group.

This may also include our passing on data to third parties, for example, when freelance translators or the newsletter tool provider need certain data to complete their tasks. However, we only pass on data that is required for our specific purposes – and never for further use by third parties.

Section 6

How do we ensure data security?

We have taken several procedural, physical and technical security measures in order to protect your data against loss, theft and unauthorized access. Owing to the nature of electronic data communications, however, we cannot guarantee 100% confidentiality, i.e. there is a certain residual risk involved.

As a customer, you are responsible for safeguarding your login details, email account and the API authentication token (see Para. 7). You are using transport encryption (SSL/TLS) when you access our website.

Section 7

What services do we outsource to third parties?

To complete our daily copywriting and translation jobs, we use our partner companies of the Supertext Group and relies on our global network of freelance copywriters, translators, proofreaders, editors and plain language specialists. They receive only the documents provided to us by our clients – and no other personal data.

What is important for you to know is that our partners are obligated to protect the confidentiality of all personal data, of which there are three categories:

  1. Most partners in the United States maintain an adequate level of data protection in line with the US-European and US-Swiss Privacy Shield. The Privacy Shield is an agreement regarding data protection law negotiated between the European Union and Switzerland and the USA.
  2. Companies located in EU member states are responsible for ensuring their own compliance with the GDPR. Adequate data protection is therefore provided for here, too. The legal basis for data protection within European companies is set out in the GDPR, Art. 6 Para. 1 lit. a and b.
  3. Certain US-based partners are neither subject to the Privacy Shield provisions nor to the GDPR. In these cases, Supertext AG has entered into its own agreements that require our partners to protect the confidentiality of all data.

Category A services

We use MailChimp (USA) to send our newsletters. More information can be found in the detailed MailChimp Terms of Service.

We use SendGrid (USA) to send automated emails from the Supertext system. More information can be found in the detailed SendGrid Privacy Policy.

We use QuickBooks from Intuit, Inc. (USA) for our accounting. More information can be found in the detailed Intuit, Inc. Privacy Statement.

Our website uses the Intercom (USA) chat platform. More information can be found in the detailed Intercom Terms & Policies.

We embed maps on our site with Google Maps, use Google Analytics for the statistical analysis of how visitors use our website and Google AdWords for search engine advertising. We also use YouTube to embed videos. When these services are used, data is sent to Google LLC, located in the USA. More information on this can be found in Google’s detailed Privacy Policy.

The GDPR: Art. 6 Para. 1 lit. f is the legal basis for the use of videos – with the operation of our website and information protection constituting legitimate interests.


Category B services

We use Office365 suite from Microsoft (Ireland) to carry out our daily business activities, i.e. for emails, file storage, team chats, etc. More information on this topic can be found in the Microsoft Privacy Statement.

We use DMARC Analyzer (Netherlands) for the analysis of email problems. More information on this topic can be found in the DMARC Analyzer Privacy Statement.


Category C services

We use PersistIQ (USA) to send sales emails. More information can be found in the detailed PersistIQ Privacy Policy.

We use Webtype (USA) to embed fonts. More information can be found in the detailed Webtype Privacy Policy.

We use Calendly (USA) to schedule appointments on our website. More information can be found in the detailed Calendly Privacy Policy.


Furthermore, we offer several integrations of our copywriting and translation platform for third-party systems (e.g. content management systems, such as WordPress and Drupal as well as the ns.publish publishing software). These integrations let you, the customer, place and manage your Supertext AG orders directly within the respective third-party system. To use these integrations, you (the user) must first use an API authentication token to authenticate the link between the systems. We automatically generate this token for each user and make it available to you in your Supertext user account. Please store the token securely to prevent any abuse.

Section 8

How do we use cookies?

Supertext AG uses cookies to make using our services more effective, faster and more secure. Supertext’s services, including our various websites, APIs, email notifications and advertisements, use this technology for a variety of purposes, including:

  • Your Supertext system login
  • To save your settings
  • To personalize the displayed content
  • To guard against spam mail and abuse.

We do not use cookies to display personalized advertising (remarketing).

What are cookies?
Cookies are small files saved by websites on your computer as you browse the Internet. Like many other websites, we also use cookies to find out how people are using our services and how we can continue to improve them.

Why do we use this technology?
Cookies allow us to provide, analyze and improve our services in a variety of different ways. We use them for the following purposes:

Authentication and security:

  • Your Supertext system login
  • To protect your security
  • To access content that is not available to all users
  • To detect and prevent spam mail and abuse.

These technologies, for example, help to authenticate your identity when you access the Supertext system and prevent the unlawful access to your account by third parties.

Settings:
Cookies help us, for example, to save your language or current country settings, allowing us to display content in the selected language – without requiring you to configure this setting or respond to the language prompt every time you log into the system.

Do we use on and off-site targeting?
No, we do not. “Targeting” is the practice of precisely aiming online and offline marketing at a certain target group. This requires identifying the target groups before carrying out the planned advertising campaign. Modern technologies make it possible to target specific groups with a given campaign.

Are there any third-party cookies?
Yes, there are. The integrated Google Analytics service, for instance, creates a cookie to track your browsing behavior on the Supertext websites. The same thing happens if you access our website via one of our GoogleAdWords ads.

How can I disable the saving of cookies?
Google offers a browser add-on that lets you disable Google Analytics. Furthermore, you can configure your browser to save cookies only with your consent or only in specific instances.

Section 9

What rights do I have as a data subject?

Anyone visiting our website, as well as other persons can send us a request for information, free of charge, regarding what personal data belonging to them, if any, has been handled by us. You have additional rights as well, including the right to

  • restrict how your personal data may be processed
  • request a copy of the data records relevant to you
  • correct, delete (“right to be forgotten”) or block access to your personal data
  • revoke any consent you have given in the past
  • object to the collection of your personal data.

Persons whose personal data we process have a right of appeal to a competent data protection supervisory authority. Switzerland’s supervisory authority for data protection is the Federal Data Protection and Information Commissioner (FDPIC).

Section 10

Concluding information

You can unsubscribe from our newsletter at any time by clicking the link included in each newsletter email or by contacting Supertext AG directly.

Accessing our website – as is always the case when using the Internet – is subject to the mass surveillance carried out by security authorities in Switzerland, the EU, the USA and other states. This includes surveillance of a general, groundless, indiscriminate nature even in the absence of any suspicion.

Section 11

Responsibility and contact addresses

Heinrich Muralt is the data security officer at Supertext AG. The data subjects as well as supervisory authorities can contact us by email or conventional mail:

privacy@supertext.ch
Supertext AG | Hardturmstrasse 253 | 8005 Zurich | Switzerland

We have a data security representative in the EU who can be contacted by supervisory authorities and data subjects in compliance with the GDPR, Article 27.

privacy@supertext.de
Supertext Deutschland GmbH | Dudenstrasse 78 | 10965 Berlin | Germany