Legal pages

Swiss-US Data Privacy Framework

On 10 July 2023, the Swiss Federal Administration recognized the Swiss-U.S. Data Privacy Framework (Swiss-U.S DPF) as a valid transfer mechanism to comply with Swiss data protection requirements when transferring personal data from Switzerland to the United States. The decision concluded that the US ensures an adequate level of protection for personal information that is transferred from the Switzerland to US companies as part of the Data Privacy Framework Program.

  1. Introduction

    PointFive US Inc. (“PointFive US”, “we”, “our” or “us”) respect your privacy.

    This Data Privacy Framework Notice (“Notice”) describes our standards and procedures for handling Personal Information transferred from Switzerland to the U.S. in accordance with PointFive US’s obligations under the Swiss-U.S. DPF.

    This Notice is intended to ensure compliance with the Swiss Federal Act on Data Protection (FADP) and its ordinances.

    For the purpose of this Notice, “Personal Information” means any data relating to an identified or identifiable individual, including, for example, name, address, telephone number and e-mail address, and “processing” means any operation performed on Personal Information, such as, for example, collection, use, management, consultation or disclosure. This Notice supplements our  Privacy Policy. Unless specifically defined in this Notice, the terms in this Notice have the same meaning as in our Privacy Policy.

  2. Certification to the DPF Program

    PointFive US complies with the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  PointFive US has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this Notice and the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.

  3. How We Obtain Personal Information

    We obtain and process Personal Information from Switzerland in different capacities:

    • As a data controller, we collect and process Swiss Personal Information directly from individuals, either via our publicly available websites, including Pointfive.co or in connection with our customer, partner, and vendor relationships.
    • As an agent (as that term is used in the Principles), we obtain and process Swiss Personal Information on behalf of and under the instructions of our customers in connection with PointFive US branded cloud or hosted service offerings (“Online Services”). In that context, customers are the data controllers or agents and the roles and responsibilities of the parties for the processing of Personal Information are defined in our agreements with customers.
    • PointFive US commits to comply with the Swiss-U.S. DPF Principles with respect to all Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF.
  4. Data Privacy Framework Principles
    1. Notice. PointFive Privacy Policy in combination with this Notice describes our privacy practices with respect to Personal Information received from the Switzerland in reliance on the DPF. We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, and we remain liable for onward transfers to third parties ad described below. Individuals also have the possibility, under certain conditions, to invoke binding arbitration as explained in Annex I of the Swiss-U.S. DPF.
    2. Choice. Individuals have the right to choose (i.e., opt out) whether their Personal Information is (i) to be disclosed to a third party, or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. Individuals must be provided with clear, conspicuous, and readily available mechanisms to exercise this choice.
      By way of exception, it is not necessary to provide choice when disclosure is made to a third party acting as an agent performing tasks on behalf of and under the instructions of PointFive US, provided that such agent is bound by a contract ensuring the same level of protection as required by the Swiss-U.S. DPF Principles.
    3. Data Integrity and Purpose Limitation. Any Personal Information we receive may be used by PointFive US for the purposes indicated in our PointFive Privacy Policy or as otherwise notified to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you.
      We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current. Individuals are encouraged to keep their Personal Information with PointFive US up to date and may contact PointFive US as indicated below or in the PointFive Privacy Policy to request that their Personal Information be updated or corrected.We will retain your Personal Information in an identifiable form only for the period necessary to fulfill the purposes outlined in the PointFive Privacy Policy, unless a longer retention period is required or permitted by law or by the Principles. We will adhere to the Principles for as long as we retain the Personal Information collected under the DPF.
      When providing our Online Services, we process and retain Personal Information as necessary to provide our services as permitted in our agreement with customers, or as required or permitted under applicable law.
    4. Accountability for Onward Transfer of Personal Information.
      PointFive US may transfer Personal Information for the purposes described in the PointFive Privacy Policy to a third party acting as a data controller or as an agent. If we intend to disclose Personal Data to a third party acting as a data controller or as an agent, we will do so only for limited and specified purposes consistent with the consent provided by the individual, and we will ensure that the recipient provides the same level of protection as required by the Swiss-U.S. DPF Principles. If we intend to disclose Personal Information to a third party acting as an agent, we will comply with, and protect, Personal Information as provided in the Accountability for Onward Transfer Principle. When providing our Online Services, we disclose Personal Information as provided in our agreement with customers.
      We remain responsible for the processing of Personal Information received under the Swiss-U.S. DPF and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
      The only information of personal nature that we transfer to third parties work user, email and name*.* If in the future we will transfer personal information, in addition to or in lieu of the above, to a third party processor, we shall remain liable under applicable Swiss-U.S DPF Principles.
    5. Security. PointFive US takes reasonable and appropriate precautions, taking into account the risks involved in the processing and the nature of the Personal Information, to help protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. We follow generally accepted industry standards to protect against unauthorized access to or unauthorized use, alteration, disclosure or destruction of Personal Information. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute security. The Personal Information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required by contract to keep the information confidential. We implement a variety of security measures to maintain the safety of the Personal Information.
    6. Access. Where appropriate, individuals have reasonable access to their Personal Information and may request corrections, deletions, or additions where the Personal Information is inaccurate or has been processed in violation of the Swiss-U.S. DPF Principles. We may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles. Requests for access will be addressed within a reasonable time period.
      You may request access to your Personal Information by contacting us as described below.
      When providing our Online Services, we only process and disclose the Personal Information as specified in our agreements with customers. Our customer controls how Personal Information is disclosed to us and processed, and how it can be modified. Accordingly, if you want to request access, or to limit use or disclosure of your Personal Information, please contact the company to which you submitted your Personal Information and that uses our Online Services. If you contact us with the name of our customer to which you provided your Personal Information, we will refer your request to that customer and support them in responding to your request.
    7. Recourse, Enforcement and Liability. PointFive US has established internal procedures to periodically verify implementation of and compliance with the Principles. PointFive US conducts an annual assessment of its practices regarding Personal Information intended to verify that the assertions PointFive US makes about its practices are true and that such practices have been implemented as represented.
      In compliance with the Swiss-U.S. DPF, PointFive US commits to resolve DPF Principles-related complaints about our collection and use of your Personal Information.  Swiss individuals with inquiries or complaints regarding our handling of Personal Information received in reliance on the Swiss-U.S. DPF should contact PointFive US at: privacy@pointfive.co or through one of our other contact methods described below.
      PointFive US has further committed to cooperate with the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with its advice regarding unresolved complaints concerning both human resources and non-HR data transferred from Switzerland. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, you may contact the FDPIC or an alternative dispute resolution provider based in Switzerland or the United States. In order to be in line with Fair Information Practices, We will notify you within the time required by applicable law, but no later than three business days from becoming aware of any such breach.
      For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available here.
      PointFive US is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
      The FTC has jurisdiction over PointFive US’s compliance with the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
    8. Amendment. This Notice may be amended consistent with the requirements of the Swiss-U.S. DPF. When we update this Notice, we will also revise the “Last Updated” date at the top of this document.
    9. Questions or complaints. If you have any questions, concerns or complaint regarding our privacy practices, or if you’d like to exercise your choices or rights, you can contact us:
      For sensitive information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, data relating to the intimate sphere, political, religious, philosophical or trade-union-related views or activities, or information on social assistance measures or administrative and criminal proceedings or sanctions), PointFive US will obtain affirmative express consent (opt-in) from individuals before such information is (i) disclosed to a third party, or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individual.
      PointFive US will also treat as sensitive any Personal Information received from a third party where the third party identifies and treats it as sensitive.
      • By email at privacy@pointfive.co
      • by mailing to PointFive US Inc., Attn: Amir Hozez
      • Swiss individuals may also contact the Swiss Federal Data Protection and Information Commissioner (FDPIC) for assistance regarding unresolved complaints.

Book a Demo
Product
Product OverviewFeature Releases
RESOURCES
LatestBlogVideosWhitepapersCase StudiesSolution BriefsNewslettersPress ReleaseKnowledge Base
Company
About UsContact UsCareersNews
Follow us
GDPR
Copyright © PointFive | All Rights Reserved 2024
Privacy Policy
Terms & Conditions
Cookie Policy
Cookies Preferences