We at Backed Finance AG, incorporated under the laws of Switzerland ("Backed Finance", "us", "we", or "our"), recognize and respect the importance of maintaining the privacy of visitors of our website. This Privacy Notice describes the types of information we collect from you when you visit our website ("Site") and/or use the features available thereon (together with the Site, the "Services"). This Privacy Notice also explains how we process, transfer, store and disclose the information collected, as well as your ability to control certain uses of the collected information. If not otherwise defined herein, capitalized terms have the meaning given to them in the Terms of Service, available at https://backed.fi/terms-of-service ("Terms"). "You" means any visitor and/or user of the Site and/or Services.
If you are an individual located in the European Union ("EU" and "EU Individual", respectively), some additional terms and rights may apply to you, as detailed herein. Our registered office is Baarerstrasse 14, 6300 Zug, Switzerland and our company number is CHE-410.125.970.
Our designated representative in the EU and the United Kingdom ("UK"), for privacy and data protection matters pursuant to applicable law, is the Prighter Group ("Prighter"). Prighter provides a way to exercise your privacy-related rights, as further detailed herein (e.g. requests to access or erase Personal Data). You may contact us via our representative, Prighter, or otherwise exercise your EU/UK data subject rights at https://prighter.com/q/14862971837. Alternatively you may contact us directly as stated in section 12 below.
"Personal Data" means any information that refers, is related to, or is associated with an identified or identifiable individual or as otherwise may be defined by applicable law. This Privacy Notice details which Personal Data is collected by us in connection with provision of the Services.
The key points listed below are presented in further detail throughout this Privacy Notice. You can click on the headers in this section in order to find out more information about any topic. These key points do not substitute the full Privacy Notice.
2. Personal Data We Collect, Uses and Legal Basis.
Depending on your usage, we collect different types of data and we and any of our third-party subcontractors and service providers use the data we collect for different purposes, as specified below. You have no legal obligation to provide us with certain Personal Data, but if you refuse to provide such Personal Data we may not be able to register you to the Site and/or provide you with the Services or part thereof.
2.1. Contact Information - When you request information from us, or contact us for any other reason, we will collect any data you provide, such as your name, email address and the content of your inquiry. When you sign up for newsletters or email lists, we collect your email address.
How we use this data: To respond to your request or inquiry and to provide you with newsletters and updates and for marketing purposes.
Legal Basis: We process this Personal Data based on performance of a contract when we respond to your inquiry and provide you with newsletters and updates. Processing your Personal Data for remarketing purposes is based on our legitimate interests.
2.2. Job Applicant Data - If you apply for a job with us, whether through our Site and/or any third party platform ("Recruitment Platform"), we collect your Personal Data when we process your job application. This may include your name, contact details, resume, recommendations, any other information we may request or that you choose to share with us, and any information posted on or provided by the Recruitment Platform, subject to such Recruitment Platform’s terms and conditions and privacy notice.
How we use this data: We use this data to process your job application, including to contact you for scheduling purposes and to provide you with updates.
Legal Basis: We process this Personal Data based on our legitimate interests to attract and assess candidates for employment.
2.3. Automatically Collected Data - When you visit the Site, we automatically collect information about your computer or mobile device, including non-Personal Data such as your operating system, and Personal Data such as your IP address, device ID. For more information about the cookies and similar technologies we use and how to adjust your preferences, please see the section "Cookies and Similar Technologies" below.
How we use this data: (1) to provide you with the Site and Services; (2) to review usage and operations, including in an aggregated non-specific analytical manner, develop new products or services and improve current content, products, and Services; (3) to prevent fraud, protect the security of our Site and Services, and address any problems with the Site and/or Services.
Legal Basis: When we process Personal Data to provide you with the Site and Services by means of Necessary cookies and/or Functionality session cookies (each as defined in Section 8 below), we do so based on performance of a contract with you. When we process this Personal Data for developing and improving our products and Services, review usage, and perform analytics, we do so based on your consent. When we process Personal Data to prevent fraud and/or to protect the security of our Site and Services, we do so based on our legitimate interest.
3. Additional Uses.
3.1. Statistical Information and Analytics. We and/or our service providers use analytics tools, including "Google Analytics" to collect and analyze information about the use of the Site and/or Services, such as how often users visit the Site, what pages they visit when they do so, and what other sites and mobile applications they used prior to visiting the Site. By analyzing the information we receive, we may compile statistical information across a variety of platforms and users, which helps us improve our Site and Services, understand trends and customer needs and consider new products and services, and tailor existing products and services to customer desires. The information we collect is anonymous and aggregated and we will not link it to any Personal Data. We may share such anonymous information with our partners, without restriction, on commercial terms that we can determine in our sole discretion. You can find more information about how Google collects information and how you can control such use at https://policies.google.com/technologies/partner-sites.
3.2. Direct Marketing. As described above, we may use Personal Data to let you know about our products and Services that we believe will be of interest to you. If you have agreed to it, we may contact you by email. In all cases, we will respect your preferences for how you would like us to manage marketing activity with respect to you. To protect privacy rights and to ensure you have control over how we manage marketing with you:
3.2.1. We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.
3.2.2. You can ask us to stop sending email marketing by following the "unsubscribe" link you will find on all the email marketing messages we send you. Alternatively, you can contact us at email@example.com.
3.2.3. You can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained below. If our marketing activities are based upon your consent, you may withdraw this consent at any time.
5. International Transfer
5.1. We use subcontractors and service providers and have affiliates who are located in countries other than your own, such as Switzerland, the United States and the State of Israel and send them information we receive (including Personal Data). We conduct such international transfers for the purposes described above. We will ensure that these third parties will be subject to written agreements ensuring the same level of privacy and data protection as set forth in this Privacy Notice, including appropriate remedies in the event of the violation of your data protection rights in such third country.
5.2. Whenever we transfer your Personal Data to third parties based outside of the European Economic Area ("EEA") and when required under applicable law, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
5.2.1. We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
5.2.2. Where we use certain service providers not located in countries with an adequate level of protection as determined by the European Commission, we will enter into contracts with our service providers that include the Standard Contractual Clauses approved by the European Commission which give Personal Data the same protection it has in the EEA.
5.3. Please contact us at firstname.lastname@example.org if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
We have implemented and we maintain appropriate technical and organization security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to Personal Data appropriate to the nature of such data. The measures we take include:
6.1. Safeguards – The physical, electronic, and procedural safeguards we employ to protect your Personal Data include secure servers and SSL encryption of data.
6.2. Access Control – We dedicate efforts for a proper management of system entries and limit access only to authorized personnel, who have committed themselves to confidentiality, on a need to know basis of least privilege rules, review permissions periodically, and revoke access immediately after employee termination.
6.3. Internal Policies – We maintain and regularly review and update our privacy related and information security policies.
6.4. Encryption – We encrypt the data in transit using secure SSL encryption protocols.
6.5 However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
6.6. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords, please take appropriate measures to protect this information.
7. Your Rights - How to Access and Limit Our Use of Certain Personal Data.
Subject to applicable law and certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to the Personal Data that we hold about you, as detailed below. You can exercise your rights by contacting us by email email@example.com. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honor your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by applicable data protection laws. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information and/or comply with any of your requests, as detailed below:
7.1. Right of Access. You have a right to know what Personal Data we collect about you and, in some cases, to have such Personal Data communicated to you. Subject to applicable law, we may charge you with a fee. Please note that we may not be able to provide you with all the information you request, and, in such case, we will endeavor to explain to you why.
7.2. Right to Data Portability. If the processing is based on your consent or performance of a contract with you and processing is being carried out by automated means, you may be entitled to (request that we) provide you or another party with a copy of the Personal Data you provided to us in a structured, commonly-used, and machine-readable format.
7.3. Right to Correct Personal Data. Subject to the limitations in applicable law, you may request that we update, complete, correct or delete inaccurate, incomplete, or outdated Personal Data.
7.4. Deletion of Personal Data ("Right to Be Forgotten"). If you are an EU Individual, you have a right to request that we delete your Personal Data if either: (i) it is no longer needed for the purpose for which it was collected, (ii) our processing was based on your consent and you have withdrawn your consent, (iii) you have successfully exercised your Right to Object (see below), (iv) processing was unlawful, or (v) we are required to erase it for compliance with a legal obligation. We cannot restore information once it has been deleted. We may retain certain Personal Data (including following your request to delete) for audit and record-keeping purposes, or as otherwise permitted and/or required under applicable law.
7.5. Right to Restrict Processing. If you are an EU Individual, you can ask us to limit the processing of your Personal Data if either: (i) you have contested its accuracy and wish us to limit processing until this is verified; (ii) the processing is unlawful, but you do not wish us to erase the Personal Data; (iii) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend of a legal claim; (iv) you have exercised your Right to Object (below) and we are in the process of verifying our legitimate grounds for processing. We may continue to use your Personal Data after a restriction request under certain circumstances.
7.6. Direct Marketing Opt-Out. You can change your mind at any time about your election to receive marketing communications from us and/or having your Personal Data processed for direct marketing purposes. If you do, please notify us by contacting us at firstname.lastname@example.org. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt out is effective.
7.7. Right to Object. If you are an EU Individual, you can object to any processing of your Personal Data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
7.8. Withdrawal of Consent. When we process your personal data on the basis of your consent, you may withdraw your consent at any time. This will not affect the lawfulness of any processing prior to such withdrawal. In order to withdraw consent to cookies, you will need to make changes to your browser settings; see section 8 below.
7.9. Right to Lodge a Complaint with Your Local Supervisory Authority. If you are an EU Individual, you may have the right to submit a complaint to the relevant supervisory data protection authority if you have any concerns about how we are processing your Personal Data, though we ask that as a courtesy you please attempt to resolve any issues with us first.
8. Data Retention.
8.1. Subject to applicable law, we retain Personal Data only as long as necessary for the purposes set forth above. We may delete information from our systems without notice to you once we deem it is no longer necessary for these purposes. We require that our processors delete Personal Data when they no longer require it.
8.2. In some circumstances, we may store your Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, audit, accounting requirements and so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, and whether those purposes can be achieved through other means, as well as applicable legal requirements.
8.3. Please contact us at email@example.com if you would like details regarding the retention periods for different types of your Personal Data.
9.4. How to Adjust Your Preferences. Most Web browsers are initially configured to accept cookies, but you can change this setting so your browser either refuses all cookies or informs you when a cookie is being sent. In addition, you are free to delete any existing cookies at any time. Please note that some features of the Services may not function properly when cookies are disabled or removed. For example, if you delete cookies that store your account information or preferences, you will be required to input these each time you visit, and if you block cookies, certain legal notices may re-appear on each page of the Site that you visit.
We do not knowingly collect Personal Data from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has used our Services without parental permission, please advise us immediately.
11. Changes to the Privacy Notice.
We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business, and we will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version. If we make material changes to this Privacy Notice, we will seek to inform you by notice on our Site or via email.