General Privacy Notice of UpCircle Technology AG

In this Privacy Notice, we, UpCircle Technology AG ("UpCircle"), explain how we collect and process your personal data. This is not necessarily an exhaustive description. We may inform you about additional data processing activities, e.g., in general terms and conditions, forms and notices.

This Privacy Notice is aligned with the requirements of the EU General Data Protection Regulation ("GDPR") and the Swiss Federal Act on Data Protection ("FADP"). However, whether and to what extent these laws are applicable depends on the individual case.

1. Identity and contact details of the controller

The "controller" of data processing as described in this Privacy Notice (i.e., the responsible person) is UpCircle Technology AG, Stapferstrasse 63, 8006 Zürich, CHE-472.188.442.

You can send your data protection-related questions and/or requests to the following address: dpo@upcircle.ai.

2. Collection and processing of personal data

2.1 Definition of personal data

The term "personal data" refers to all information relating to an identified or identifiable natural person ("data subject").

2.2 Collection from data subjects

We primarily process personal data that we receive in the course of initiating or carrying out a business relationship with you or your employer or others represented by you, or that we collect from you as a user of our website and, where applicable, apps and other applications. This Privacy Notice also applies to applicants and employees. Additional internal information applies to the latter.

If you provide us with personal data of other persons (e.g., work colleagues), please make sure that these persons are aware of this Privacy Notice and only share their personal data with us if you are allowed to do so and if this data is correct.

2.3 Collection from third parties

To the extent permitted, we obtain certain personal data from publicly accessible sources (e.g., debt collection register, land register, commercial register, press, internet) or we obtain such information from public authorities or other third parties (e.g., business partners).

Apart from the personal data that you disclose to us directly (Section 2.2), the categories of personal data that we receive about you from third parties include, but are not limited to, information

  • from public registers (e.g., information from the commercial register on your function within the company and your authority to sign for the company you represent);
  • provided to us by persons associated with you (e.g., work colleagues, consultants, representatives, etc.) for the purpose of assessing, entering into or performing contracts with you (e.g., references, powers of attorney);
  • from banks, insurance companies and distributors and other business partners for the use or provision of goods and/or services by you (e.g., payments, purchases etc.);
  • from media and internet about your person (as far as this is indicated in the concrete case, e.g., in the context of an application, marketing/sales, press review etc.);
  • in connection with the use of third-party websites and online offers where such use can be attributed to you;
  • in connection with any administrative or legal proceedings.

We are committed to the processing principles and therefore endeavour to collect and process only the personal data that we need to achieve the purposes set out in Section 3. If we unintentionally record personal data via our technology in the course of research and development work, this data will be deleted or anonymized promptly.

Please note that our web server automatically logs every visit to our website in a temporary log file. User-specific data (e.g., information about your browser and your IP address) as well as technical data (e.g., name and URL of the referring website) are logged for the purpose of establishing the connection and optimizing the website visit, for which purpose “cookies” may be used (Section 5).

3. Data processing

3.1 Purposes of the data processing

We process your personal data primarily for the purpose of reviewing, concluding and fulfilling contracts with you or other persons who represent you (e.g., your employer), in particular in connection with the development, manufacture, and distribution of technology solutions (software and hardware), especially in the area of recycling and waste management, as well as the provision of associated services and consulting. We also process personal data to review applications and to perform employment contracts if and insofar as this is necessary to assess the suitability of the applicant or to perform an employment contract. Your personal data may also be processed in order for UpCircle to comply with legal and regulatory obligations in Switzerland and abroad.

In addition, we may process personal data about you and other persons, to the extent permitted and as we deem appropriate, in particular for the following purposes in which we (and, as the case may be, third parties) have a legitimate interest:

  • evaluation, improvement and further development of our offers, products, services, and websites, apps and other platforms on which we are present;
  • postal and/or electronic communication with you (e.g., to respond to your inquiries) and, where applicable, third parties (e.g., media inquiries);
  • marketing, unless you have objected to the use of your data for this purpose. If you are part of our customer base and receive our advertising, you may object at any time by sending an e-mail to the address indicated in Section 1;
  • statistics, conducting market and opinion research;
  • assertion of legal claims and defence in connection with legal disputes and proceedings;
  • prevention and investigation of criminal offences and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);
  • ensuring the functionality and security of our operations, in particular IT, our websites, any apps and other platforms;
  • video surveillance to safeguard domiciliary rights and other measures for IT, building and facility security as well as for the protection of our employees, customers and other persons as well as assets belonging to or entrusted to us (e.g., by means of visitor lists, access controls, network and mail scanners, telephone recordings);
  • acquisition and sale of business divisions, companies or parts of companies and other transactions and the related transfer of personal data as well as measures for the business management of UpCircle.

4. Legal basis

Within the scope of the applicability of the FADP, we are generally not required to have a justification or legal basis for the processing of your personal data. If we are required to have a legal basis due to the applicability of the GDPR, we generally base the respective processing on one of the following legal bases, which usually also corresponds to the purpose according to Section 3.1:

If we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the conclusion and/or fulfilment of a contract with you (or the entity you represent, e.g., your employer) (Art. 6 para. 1 lit. b GDPR) or that we (or third parties) have a legitimate interest in pursuing the purposes mentioned in Section 3.1 (Art. 6 para. 1 lit. f GDPR). Our legitimate interests include, but are not limited to, the marketing of our products and services, the interest in better understanding our markets and the ability to manage and develop our business and operations safely and efficiently. We may also process your data on the basis of other legal bases, e.g., in the event of a legal obligation (Art. 6 para. 1 lit. c GDPR).

If you have given us your consent to process your personal data for specific purposes, we will process your personal data within the scope of and based on this consent (Art. 6 para. 1 let. a GDPR), unless we have another legal basis and require one. You can revoke any consent you have given at any time with effect for the future by sending an email to dpo@upcircle.ai.

5. Cookies in relation to the use of our website

We only use technically necessary cookies (codes temporarily stored in your browser) on our website in order to be able to guarantee you a flawless browsing experience on our website. These are exclusively so-called session cookies, which are deleted after the end of your website visit. You have the option at any time to configure your browser so that cookies are blocked or deleted prematurely. However, this may affect the functions of the website. Please note that if you click on a third-party link, we are not responsible for the subsequent processing of your data, and you must comply with the relevant third-party provider.

6. Recipients of personal data

We may disclose your personal data to third parties in the course of our business activities and in pursuit of the purposes described in Section 3. These third parties process your data either on our behalf and according to our instructions ("processors") or on their own responsibility. These third parties include the following:

  • service providers (e.g., IT providers, cloud providers, web hosting agencies, accountants);
  • suppliers, subcontractors and other business partners;
  • employers, landlords and other third parties (e.g., reference providers);
  • domestic and foreign offices and authorities (in the context of implementing employment contracts, e.g., social insurance) or courts;
  • the media;
  • the public, including users of our websites and social media;
  • competitors, industry associations, organizations and other bodies;
  • potential acquirers of our company or parts thereof;
  • parties and other involved persons in legal or regulatory proceedings.

together "recipients".

7. Data abroad

The recipients pursuant to Section 6 are generally located in Switzerland but may also be located abroad. In particular, you must expect your data to be transferred to countries in the EEA and to the USA, where some of the service providers we use are located (e.g., Google).

If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection (we use the revised Standard Contractual Clauses of the European Commission, which are available here, unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. Such an exception may exist in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the conclusion or execution of the contract requires such disclosure, if you have expressly consented to the disclosure or if it concerns data that you have made generally accessible and whose processing you have not objected to.

8. Duration of the retention of personal data

We process and retain your personal data as long as it is necessary for the fulfilment of our contractual obligations and compliance with legal obligations or other purposes pursued with the processing (Section 3.1), for example, for the duration of the entire business relationship (i.e. from the initiation, during the performance of the contract until to its termination) and beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data will be retained for the time during which claims can be asserted against our company or if other legitimate business interests require this (e.g., for evidence and documentation purposes). As soon as the purposes and/or laws no longer require it, your data will be deleted or made anonymous. For technical data collected via our website (e.g., system protocols, logs), shorter retention periods of twelve months or less generally apply.

9. Data security

We take appropriate technical and organizational measures to protect your data from loss and unauthorized access and misuse. These include employee training, IT and network security solutions, access controls and restrictions, pseudonymization of personal data (e.g., when disclosing personal data to service providers), and regular checks.

10. Automated individual decision-making

In general, we do not carry out automated individual decision-making, i.e., decisions that are based exclusively on automated processing (without human influence) and that are associated with a legal consequence for you (e.g., refusal to conclude a contract) or which significantly affect you in any other way. Should we exceptionally make such decisions, you will be informed in advance.

11. Your rights

To the extent provided for by applicable data protection law, you have the right to access, rectify and erase of your personal data, the right to restrict data processing as well as the right to object to processing, in particular for direct marketing purposes, and other legitimate interests in processing as well as the right to receive certain personal data for the purpose of transmission to another controller. Please note that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest or need the data to assert claims. We have already informed you about the possibility of withdrawing your consent in Section 3.2. Please note that exercising your rights may contradict our contractual agreements and this may have consequences such as premature termination of a possible contract.

The exercise of such rights usually requires that you clearly prove your identity by providing us with a copy of your ID. To exercise your rights, you can contact us at the address indicated in Section 1.

As a data subject, you also have the right to enforce your claims in court or to file a complaint with the competent data protection authority. The competent data protection authority is the Federal Data Protection and Information Commissioner.

12. Amendments

We may amend this Privacy Notice at any time without prior notice. The current version published on our website shall apply.

Version valid from 10 May, 2024.