Introduction
CIOS Technology AG ("we," "our," or "us") is committed to protecting your privacy and ensuring you have a positive experience on our website and with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cios.app and interact with our services.
We are headquartered in Switzerland, and comply with applicable privacy laws, including the Swiss Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR) where applicable.
1. Information We Collect
1.1 Information You Provide Directly
We collect information you voluntarily provide when:
- Contact Forms: You submit inquiries, sign up for our newsletter, or request information through our website forms
- Email Communications: You send us emails or messages requesting support or information
- Account Creation: You create an account or profile to access our services
- Service Requests: You request a demo, trial, or other services
This information typically includes your name, email address, company name, phone number, and any other details you choose to provide in your message.
1.2 Automatically Collected Information
When you visit our website, we automatically collect certain information:
- Browser and Device Information: Browser type, device type, operating system, and device identifiers
- Usage Data: Pages visited, time spent on pages, links clicked, and navigation patterns
- IP Address: Your Internet Protocol (IP) address and approximate location
- Cookies and Tracking Technologies: Via cookies, web beacons, and similar tracking technologies
1.3 Third-Party Information
We may receive information about you from third-party sources, such as business partners, data providers, or public sources, which we combine with other information we collect about you.
2. How We Use Your Information
We use the information we collect for various purposes:
- Service Delivery: To provide, maintain, and improve our services and respond to your inquiries
- Communication: To send you service updates, announcements, newsletters, and promotional content (with your consent)
- Customer Support: To assist with support requests and technical issues
- Website Improvement: To understand how our website is used and optimize user experience
- Security and Fraud Prevention: To detect, investigate, and prevent fraud, security incidents, and other harmful activities
- Compliance: To comply with legal obligations, court orders, and regulatory requirements
- Marketing: To develop and market new services and features that may interest you
- Business Operations: To analyze trends, administer the site, and track user movement
3. Cookies and Tracking Technologies
3.1 What Are Cookies?
Cookies are small text files stored on your device that help us recognize you, remember your preferences, and understand how you interact with our website.
3.2 Cookies We Use
The cios.app website uses only strictly necessary cookies for basic website functionality, security, and accessibility. These are exempt from consent requirements under Art. 5(3) of the ePrivacy Directive and the Swiss FADP.
We do not set any analytics, advertising, retargeting, or tracking cookies on this website. No cookie consent banner is displayed because no optional cookies are set.
3.3 Google Fonts
Our website loads fonts from Google's content delivery network. When you visit our site, your browser connects to Google's servers to retrieve these fonts, which may result in your IP address being transmitted to Google. No cookies are set through this connection.
3.4 Theme Preference
We store your light/dark theme preference using your browser's local storage. This data stays on your device and is never transmitted to our servers.
4. Third-Party Services
4.1 Google Forms and Google Apps Script
Our contact and inquiry forms use Google Apps Script for form submission and processing. When you submit a form, your data is transmitted to Google's servers for processing and delivery to us. Google acts as a data processor for this purpose. Please review Google's Privacy Policy for information on how Google processes your data.
4.2 Google Fonts CDN
Web fonts are served from Google's content delivery network. See Google's Fonts Privacy Policy for details on how they handle connection data.
4.3 Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party sites before providing your information.
4.4 Data Processing
We have data processing agreements in place with service providers to ensure they handle your data securely and in compliance with applicable privacy laws.
5. Data Storage, Security, and Processing
5.1 Where We Store Your Data
Your information is stored on secure servers located within the European Union, Switzerland, and potentially other jurisdictions where we operate or where our service providers are based. For data transfers to jurisdictions outside the EU/EEA, we rely on Standard Contractual Clauses, Binding Corporate Rules, or other appropriate safeguards compliant with GDPR.
5.2 Security Measures
We implement technical, administrative, and physical safeguards to protect your personal data against unauthorized access, disclosure, alteration, and destruction. These include:
- Encryption of data in transit and at rest (SSL/TLS protocols)
- Secure authentication mechanisms and access controls
- Regular security audits and vulnerability assessments
- Employee training on data protection and privacy
- Incident response and breach notification procedures
5.3 Limitations
While we strive to protect your information, no security system is impenetrable. We cannot guarantee absolute security of your personal data. You acknowledge that transmission of data over the internet carries inherent risks.
6. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by applicable law. Our retention policies are as follows:
- Contact Form Data: Retained for up to 3 years or until you request deletion
- Email Inquiries: Retained for up to 3 years or until you request deletion
- Account Data: Retained while your account is active and for up to 1 year after account closure
- Marketing Lists: Retained until you unsubscribe or request deletion
When data is no longer needed, we securely delete or anonymize it. However, we may retain certain data to comply with legal obligations, resolve disputes, or enforce our agreements.
7. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal data:
7.1 GDPR Rights (EU/EEA Residents)
If you are located in the European Union or European Economic Area, you have the following rights:
- Right of Access: Request access to your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data ("Right to be Forgotten")
- Right to Restrict Processing: Request limitation of data processing
- Right to Data Portability: Receive your data in a structured, portable format
- Right to Object: Object to processing for direct marketing or other purposes
- Right to Lodge a Complaint: File a complaint with your local data protection authority
7.2 Swiss Privacy Rights
If you are located in Switzerland, you have the following rights under Swiss law:
- Right of Access: Request information about personal data we hold about you
- Right to Correction: Request correction of inaccurate data
- Right to Deletion: Request deletion of your data
- Right of Disclosure: Request information about data transfers and sources
7.3 Exercising Your Rights
To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within 30 days (or as required by applicable law). We may request verification of your identity before processing your request.
7.4 Withdrawal of Consent
If you have consented to processing of your personal data, you may withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing before the withdrawal.
8. Children's Privacy
Our website and services are not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will promptly delete such data.
For parents or guardians who believe their child has provided information to us, please contact us immediately.
9. International Data Transfers
Your personal data may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws different from your home country. When we transfer data internationally, we implement appropriate safeguards, including:
- Standard Contractual Clauses (as approved by the European Commission)
- Binding Corporate Rules
- Adequacy Decisions
- Your explicit consent to the transfer
By using our website and services, you consent to the transfer of your personal data to countries outside your country of residence.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated Privacy Policy on our website and updating the "Last Updated" date below.
Your continued use of our website and services after changes become effective constitutes your acceptance of the updated Privacy Policy.
11. Contact Us
If you have questions about this Privacy Policy, our privacy practices, or your personal data, please contact us:
Data Protection Authority
If you believe your privacy rights have been violated, you also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.
12. Additional Information
12.1 Do Not Track Signals
Some browsers include a "Do Not Track" feature. Currently, there is no industry-wide standard for recognizing Do Not Track signals. We may not respond to Do Not Track signals from your browser, but you can control your tracking preferences through cookies and other mechanisms.
12.2 California Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights, including the right to know, delete, and opt-out of the sale of personal information. Please contact us to exercise these rights.
12.3 Account Information
If you have created an account with us, you may review and update your account information by logging into your account or contacting us directly.
12.4 Email Communications
If you receive marketing emails from us and wish to unsubscribe, you may click the "Unsubscribe" link at the bottom of the email or contact us to opt out of marketing communications. Please note that we will continue to send you transactional and service-related emails.