Privacy Policy

Valid from the 24th of October 2023

Apostrophy (“Aphy”) is committed to protecting and respecting your privacy; for this reason, we collect and manage your personal data carefully and take specific measures to keep it safe.

Below you will find information on how we collect, gather and use your personal data in relation to your browsing of or subscribing to via our website www.aphy.io.

We also provide information about your rights with reference to the specific processing of your personal data.

Supplementary or additional statements and other legal acts apply to individual or additional offers and services.

This policy, based on our core business, is subject to Swiss data protection law and any other applicable foreign data protection law, in particular the European Union (EU), namely the General Data Protection Regulation (GDPR). It also ensures that Swiss data protection law guarantees a high standard of data protection.

 

1. Data controller

Apostrophy AG
Via Losanna 4, 6900 Lugano, Switzerland
+41 91 924 9003
privacy@aphy.io
VAT ID: CHE-317.269.345
Company registration number: CH-501.3.023.341-1

 

2. Definitions

Personal data means all information concerning a specific or determinable person. The individual concerned is the person whose personal data are processed.

Personal data worthy of special protection are data concerning religious, philosophical, political or trade union opinions or activities, data concerning health, the intimate sphere or membership of a race or ethnic group, genetic data, biometric data that uniquely identify a natural person, data concerning administrative and criminal prosecutions and sanctions, and data concerning social welfare measures;

Processing includes any processing of personal data, irrespective of the means and methods used, storage, disclosure, obtaining, deletion, recording, modification, deletion, and use of personal data.

Communication shall mean the transmission of personal data or the act of making them accessible to third parties.

Profiling means the automated processing of personal data consisting of the use of such data to evaluate certain personal aspects of a natural person, to analyse or predict aspects of that person's professional performance, economic situation, health, preferences, interests, reliability, behaviour, whereabouts and movements. High-risk profiling means profiling which entails a high risk to the personality or fundamental rights of the individual concerned because it involves a connection between data which makes it possible to assess essential aspects of the personality of a natural person.

The European Economic Area (EEA) comprises the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) defines the handling of personal data as the processing of personal data.

3. Legal and regulatory basis

We process personal data in accordance with Swiss Data Protection law, in particular the Federal Data Protection Act (FADP) and the Ordinance on the Federal Data Protection Act (DPO). 

For the most part (and to the greatest extent possible) data are processed in Switzerland.

As far as the applicability of the GDPR is concerned, the data is processed according to the following legal bases, specifically:

  1. Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the performance of a contract with you and for the implementation of pre-contractual measures.

  2. Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data for the protection of our own or third parties' legitimate interests, unless your freedoms, rights and fundamental interests prevail. Legitimate interests are in particular our interest in being able to provide our services permanently, intuitively, securely, and reliably and to advertise them, if necessary, the security of information and protection against misuse and unauthorised use, the enforcement of our legal rights and compliance with Swiss law.

  3. Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data for the fulfilment of a legal obligation to which we are subject under the applicable law of the member states in the European Economic Area (EEA).

  4. Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task in the public interest.

  5. Art. 6 para. 1 lit. a GDPR for the processing of personal data with your consent.

  6. Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data for the protection of your or another natural person’s vital interests.

4. Information we collect

 

The categories of personal data that Aphy collects and processes when you browse or subscribe via aphy.io, are:

  1. Your email address when you subscribe or sign up for updates on our services, along with your name and surname if you contact us;

  2. Upon consent, we collect and use your personal data for marketing purposes;

  3. Upon your consent, by analyzing your personal data, we can process information regarding your interests and preferences with respect to our products and services, in order to customize proposals and offers in line with your interests;

  4. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; we may use software tools to measure and collect session information, including page response times, length of visits to site pages, page interaction information, and methods used to browse away from the page and store this information to improve the process.

  5. Aphy does not process personal data relating to minors. By accessing aphy.io and using the services offered by Aphy you are declaring that you are of legal age.

 

5. How we use personal information

 

Your personal data is collected and processed by Aphy for the following purposes:

  1. Registration to the site and use of services reserved for registered users. Registration on the site is possible through the submission of your e-mail address information necessary to ensure your identification and the execution of services reserved for registered users;

  2. Statistical analysis and surveys. We use some information about your use of the site to perform statistical analysis and surveys in order to improve our offer and our services, the data is processed in anonymized aggregate form;

  3. Marketing contact: sending communications following the subscription to our services;

  4. Only with your consent, we may use the contact details you have provided, for commercial communications on our products and services, in order to update you on news, new arrivals, exclusive products, our offers and promotions and we may use your contact information as part of market researches and satisfaction surveys for the sole purpose of improving our services and the relationship with our Users. These communications will take place exclusively through the means chosen by you (email);

 

If you wish to authorize the activities referred to in point 3.4 and subsequently you no longer wish to receive further communications from Aphy or you want to limit the means by which you are contacted, you can stop these communications at any time by simply clicking on the "unsubscribe" link present at the bottom of each communication, or by contacting Aphy through the email address specified in this document.​

In relation to all the activities indicated above, we shall process your personal data mainly using IT and electronic tools; the tools we use guarantee high safety standards in full compliance with current legislation.

If you transfer us personal data relating to third parties, you shall be obliged to ensure data protection with regards to such third parties and to ensure the accuracy of such personal data. We also process personal data that we receive from third parties, that we obtain from publicly accessible sources or that we collect in the course of providing our services, if and insofar as such processing is permitted by law.

 

6. How and why we use your personal information

We use your personal data only for:

  1. The registration to the site and use of services reserved to registered Users.

We ensure that we exclusively use the minimum information necessary for the execution of this service.
You are free to communicate your data or not, but in the absence of the requested data, it will not be possible to provide or operate the Services and we will not be able to contact you with general or personalized service-related notices and messages;

  1. Comply with any applicable laws and regulations.

  2. Based on your consent.
    We shall carry out the following only if you have given us your express consent:

    • Carrying out marketing activities, conducting opinion polls and for market research;

    • Analysis of your browsing and subscribing activities in the context of your Aphy profile, in order to personalize your experience on our Site.

    • Providing your personal data for these activities is absolutely optional.

The site is hosted on the Squarespace.com platform. Squarespace.com provides us with the online platform that allows us to provide services to you. Your data may be stored through Squarespace.com’s data storage, databases and the general Squarespace.com applications. They store your data on secure servers behind a firewall. 

7. Who your data is processed by

Your personal data will be processed by staff specifically trained by Aphy.

Your personal data will also be transmitted to third parties that we use to provide our services; these third parties have been appropriately selected and are certified as GDPR-compliant. These third parties have been appointed as data controllers and carry out their activities according to the instructions given by Aphy and under its control. The third parties in question belong to the following categories: internet providers, companies specialized in IT and telematics; companies specialized in market research and data processing.

The list of data processors and sub-processor is available upon written request to our email address: privacy@aphy.io;
Your data may be transmitted to police and judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention and protection from threats to public security, to allow Aphy to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.

 

8. Extra-EU data transfer

Some of the third parties may be located in countries outside the European Union that nevertheless (i) offer an adequate level of data protection, as established by specific decisions of the European Commission or (ii) is made with the relevant Standard Contractual Clauses in place, along with additional technical, contractual and organizational safeguards, regardless of any lesser legal requirements which may apply in their jurisdiction. 

9. How long do we retain your data?

We retain your personal data for a limited period of time, which is different depending on the type of activity that involves the processing of your personal data.

After this period, your data will be permanently erased or otherwise rendered anonymous in an irreversible way.

Your personal data is stored in compliance with the following terms and criteria:

  1. Data of the registered user and collected in the context of the use of the services: the data will be stored until the termination of the service or you request the cancellation of your subscription to the service;

  2. Data used for carrying out market research and surveys for satisfaction surveys: up to the request by the user to interrupt the activity. In any case, for technical reasons, the termination of the processing and the subsequent ultimate cancellation or irreversible anonymization of the related personal data will be finalized within thirty days from the terms specified above.

 

10. Your rights

We guarantee you all the rights under the FADP. In particular, you can exercise your rights at any time with reference to the specific processing of your personal data by Aphy:

  1. Access your data and modify it: you have the right to access your personal data and to request that it be corrected, modified or integrated with other information. Upon your request, we shall provide you with a copy of your data in our possession;

  2. Revoke your consent: you can revoke the consent you have given for the processing of your personal data in relation to any service at any time. In this regard, we remind you that services are considered as the sending of communications, the conduct of market research and satisfaction surveys for the customization of the website and commercial offers according to your interests. Once we receive your request, we undertake to promptly cease to use your personal data based on this consent, while different usage or that which is based on other grounds, will continue to be carried out in full compliance with the provisions in force.

  3. Opposition to the processing of your data: you have the right to object at any time to the processing of your personal data made on the basis of our legitimate interest, explaining the reasons that justify your request; before accepting it, we shall have to evaluate the reasons for your request.

  4. Delete your data ("right to be forgotten"): you may request the cancellation of your personal data in the cases provided for by current legislation. Once your request has been received and examined and if it is legitimate, it will be our duty to promptly cease to process your personal data and to delete it.

  5. Request that the processing of your personal data is temporarily limited: in this case Aphy will continue to retain your personal data but will not use it, unless otherwise specified by you, and subject to the exceptions established by law.

  6. The request of your data or data transfer to other parties than Aphy ("right to data portability"). You can ask to receive your data that we process based on your consent or on the basis of an agreement with you in a standard format. If you wish, where technically possible, we may transfer at your request your data directly to a third party that you indicate.
    In order to exercise any of your rights described above you can contact us by writing to privacy@aphy.io (please enter “Privacy” in the subject field), or by writing to the Data Controller at the above physical address. 

  7. We may suspend, limit or refuse the exercise your rights to the extent permitted by law. We may draw your attention to any requirements that must be met in order to exercise your rights under the FADP. For example, we may refuse to provide information, in whole or in part, with regard to business secrets or the protection of other persons. We may also, for example, refuse to delete personal data in whole or in part with reference to statutory retention obligations.

  8. When you request information or assert other rights we are obliged to take reasonable measures to identify you. You are obliged to cooperate.

 

11. Security measures

We protect your personal data with specific technical and organizational security measures, aimed at preventing your personal data from being used illegitimately or fraudulently. In particular, we use security measures that guarantee: the pseudo-anonymization or the encryption of your data; the confidentiality, integrity, and availability of your data as well as the resilience of the systems and services that process them; the ability to restore data in the event of a data breach. However, despite these measures, the processing of personal data on the Internet can always have security gaps. We can therefore not guarantee absolute data security. Access to our website is via transfer encryption (SSL/TLS, in particular with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark the transfer encryption with a padlock in the address bar. Access to our website is subject - as it is basically the case for all Internet surfing - to constant and suspicion-free sweeping and other checks by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We cannot exert any direct influence on the proper handling of personal data by intelligence services, police forces and other security authorities

12. Complaints

If you believe that the processing of your personal data has been carried out unlawfully, you can lodge a complaint to one of the supervisory authorities responsible for compliance with the rules on personal data protection. The data protection supervisory authority for private data controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). You have the right - if and insofar as the GDPR applies - to lodge a complaint with a competent European data protection supervisory authority.

13. Remote Communication Software

We may use specialised audio and video conferencing services to communicate online. For participation in audio and video conferences, the legal provisions of each individual services, such as data protection policies and conditions of use, also apply. Depending on the situation, we recommend deactivating the microphone by default when participating in audio or video conferences, as well as blurring the background or imposing a virtual background. We use in particular:

Microsoft Skype: among others; provider: Microsoft; specific information on Skype: 'Microsoft Privacy Statement’

14. Legislative references

The processing of your personal data is carried out by Aphy in full compliance with the regulations on the matter pursuant to the Federal Data Protection Act and to the Regulation (EU) 2016/679 General Data Protection Regulation (“GDPR”). 

15. Final provisions

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.