Arcual (also «we», «us») appreciate you visiting our website and your interest in the products and services we offer. Protecting your personal data is very important to us. In this Privacy Policy, we explain how we collect your personal data when you use our websites, including but not limited to: www.arcual.art, app.arcual.art (collectively our "website"), obtain products or services from us, interact with us in relation to a contract, communicate with us or otherwise deal with us, what we do with your personal data, for what purposes and on what legal foundation we do so, and what rights you have on that basis. We use the word «data» here interchangeably with «personal data».
«personal data» means any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; «sensitive personal data» is a subset of personal data and revealing e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health data or data concerning a natural person's sex life or sexual orientation. «Processing» means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
If you provide information to us about any person other than yourself, your employees, counterparties, your advisers, or your suppliers, you must ensure that the data is accurate and that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
This Privacy Policy is aligned with the EU General Data Protection Regulation («GDPR») and the Swiss Data Protection Act («DPA»). However, the application of these laws depends on each individual case.
Technical data includes:
This may help us to provide an appropriate layout of the website or, for example, to display a page correctly for your device and screen size. We know through which provider you access our offerings (and therefore also the region) because of the IP address, but usually, this does not tell us who you are. However, this changes for example when you create a user account, because personal data can then be linked with technical data (for example, we can know the browser you use to access an account through our website).
Some of our services can only be used with a user account or a registration. Such data will be kept until you request the user account be closed, and some of that data may be kept beyond the closing of the account, where it is required for legal or accounting reasons, or to ensure the proper functioning of other accounts you have interacted with in the application.
User account and registration data include
When you get in contact with us via contact form, email, telephone, chat, or by letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. If we record telephone conversations, we will tell you specifically. If we have to confirm your identity, for example in relation to a request for information, a request for press access, etc., we collect data to identify you (for example a copy of an ID document).
Communication data includes
Master data is the basic data that we need, in addition to contract data (see below), for the performance of our contractual obligations, and other business relationships. This data may include information such as name and contact details, and information about, for example, your role and function, your bank details, or your date of birth. We process your master data if you are a customer or other business contact, or work for one (for example as a contact person of the business partner), or because we wish to address you for our own purposes or for the purposes of a contractual partner (for example as part of marketing and advertising, for invitations to events, for vouchers, newsletters, etc.). We receive master data from you, from parties you work for, or from third parties such as contractual partners, associations, and from public sources such as the internet (websites, social media, etc.).
Master data is not comprehensively collected for all contacts. Rather, the collection of master data depends on the individual case and the purpose of the processing. In general, it may include:
We collect contract data in relation to the conclusion or performance of a contract, e.g. information about the products and the services provided or to be provided, as well as data from the period leading up to the conclusion of a contract, information required or used for performing a contract, and information about feedback (e.g. complaints, feedback about satisfaction, etc.). We generally collect this data from you, from contractual partners, and from third parties involved in the performance of the contract, but also from third-party sources (for example credit information providers) and from public sources.
Contract data includes:
We receive this data partly from you (for example when you make payments), but also from credit agencies and debt collection companies and from public sources (for example a commercial register).
In order to improve our products and services, we may collect behavioral data generated by the usage of our products, such as analytics about usage of particular features, or analysis of data generated by usage of the product. The data processed for this purpose is already known to us (for example where and when you use our services), or we collect it by recording your behavior (for example how you navigate our website. Behavioural ata is aggregated and anonymized as much as possible to ensure it is not tied to a particular user, and we delete this data when it is no longer relevant for the purposes pursued. We describe how tracking works on our website in Sections XIV et seq.
Behavioral data includes:
We also collect data from you in other situations. For example, data that may relate to you (such as files, evidence, etc.) is processed in relation to administrative or judicial proceedings. The retention period for this data depends on the processing purpose and is limited to what is necessary.
Much of the data set out in this Section is provided to us by you, e.g. through forms, in relation to communication with us, in relation to contracts, when you use the website, etc. You are not obliged or required to disclose data to us except in individual cases where there is a legal oblication. If you wish to enter into contracts with us or use our services, you must also provide us with certain data, in particular master data, contract data, and registration data, as part of your contractual obligation under the relevant contract. When using our website, the processing of technical data cannot be avoided. In the case of behavioral and preference data, you have the option of objecting or not giving consent.
If you or the person you represent (for example your employer) wishes to enter into or perform a contract with us, we must collect master data, contract data, and communication data from you, and we process technical data if you wish to use our website or other electronic offerings for this purpose. If you do not provide us with the data necessary for the conclusion and performance of the contract, you should expect that we may refuse to conclude the contract, that you may commit a breach of contract, or that we will not perform the contract. Similarly, we can only submit a response to a request from you if we process communication data and – if you communicate with us online – possibly also technical data. Also, the use of our website is not possible without us receiving technical data.
As far as it is not unlawful ,we also collect data from public sources (for example debt collection registers, land registers, commercial registers, the media, or the internet including social media) or receive data from other companies within our group, from public authorities and from other third parties (such as credit agencies, address brokers, associations, contractual partners, internet analytics services, etc.).
The categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we receive in relation to administrative and legal proceedings, information in relation with your professional functions and activities (so that we can, for example, conclude and process transactions with your employer with your assistance), information about you in correspondence and meetings with third parties, credit information (where we conduct business with you in a personal capacity), information about you that persons related to you (family, advisors, legal representatives, etc.) share with us so that we can conclude or perform contracts with you or involving you (for example references, your delivery address, powers of attorney, information about compliance with legal requirements such as those relating to fraud prevention and the combating of money laundering and terrorist financing, export restrictions, information from banks, insurance companies, sales and other contractual partners of us about your use or provision of services (for example payments, purchases, etc.), information from the media and the internet about the use or provision of services by you (for example payments made, purchases made, etc.), information from the media and the internet about you (where appropriate in a specific case, e.g. in the context of an application, marketing/sales, press review, etc., your address and potentially interests and other socio-demographic data (especially for marketing and research purposes) and data in relation with the use of third-party websites and online offerings where such use can be linked to you.
We process your data for the purposes explained below. Further information is set out in Sections XIV et seq for online services. These purposes and their objectives represent our interests and potentially those of third parties. You can find further information on the legal basis of our processing in Section V.
We process your data for communication purposes, in order to communicate with you, in particular, when you contact us in order to respond to your queries or when you exercise your rights. For this purpose, we use, in particular, communication data, master data, and registration data to enable us to communicate with you and provide our services or respond to requests. We keep this data to document our communication with you, for training purposes and quality assurance.
We process your data for entering into a contract with you, perform and administer it. In particular, we process communication data, master data, registration data and contract data about you. This might include data about third parties, e.g. if you order products or services for the benefit of a third party. This also includes data about potential customers, that we receive from communication with you, at a trade fair or any other business event. Regarding the conclusion of a contract, we use this data to assess your creditworthiness and to open up a business relationship with you. Administering and performing the contract with your might involve third parties, such as logistic companies, advertising service providers, banks, insurance companies, or credit information providers in order to provide our products and services to you.
We process your data for marketing and relationship management purposes. For example, we send personalized newsletters for products and services from us and, if applicable from selected third parties (e.g. advertising partners). Marketing and relationship management might include contacting you via e-mail, telephone, or other channels for which we have contact information from you. We and, if applicable, selected third parties, only display personalized content or advertising based on your usage behavior or send e-mails for marketing purposes (e.g. newsletter) if and to the extent you give your consent to us if required under applicable law. You can object to such marketing activities or withdraw your consent at any time (please see Section XI and XII).
As regards relationship management, we use a customer relationship management system («CRM») to store and process your data as described in this Privacy Policy (e.g. about contact persons, products and services provided to you, interactions, interests, marketing measures, newsletters, invitations to events and other information).
We process your data for market research and to improve our products and services (including our website).
We process your data to protect our IT and other infrastructure (e.g. buildings). For example, we process data for monitoring, analysis, and testing of our networks and IT infrastructures including access controls. We might also use surveillance systems, e.g. cameras for security purposes. In such a case, we will inform you at the relevant locations separately.
We process your data to comply with legal requirements, e.g. health security concepts, money laundering and terrorist financing, tax obligations, etc. and we might have to request further information from you to comply with such requirements («Know Your Customer») or as otherwise required by law and legal authorities.
We process your data as part of our risk management and corporate government in order to protect us from criminal or abusive activity. As part of our business development, we might sell businesses, parts of businesses, or companies to others or acquire them from others, or enter into partnerships and this might result in the exchange and processing of data based on your consent, if necessary.
Where we asked for your consent (e.g. for receiving newsletters and for personalized content or advertising based on your usage behavior or for processing sensitive data), we process your data based on such consent. You may withdraw your consent at any time with effect for the future by providing us written notice (e-mail sufficient), see our contact details in Section II. If you like to withdraw your consent for online tracking, please see Section XIV. Withdrawal of your consent does not affect the lawfulness of the processing that we have carried out prior to your withdrawal, nor does it affect the processing of your data based on other processing grounds.
Where we did not ask for your consent, we process your data on other legal grounds, such as
We might analyze aspects of your individual’s personality, behavior, interest, and habits, and make predictions or decisions about them for the purposes laid out in Section IV, e.g to perform statistical analysis or to prevent misuse and security risks. This analysis identifies correlations between different behaviors and characteristics to create profiles for individuals. For example, we may use profiling to determine in which products or services you might be interested. We may also use profiling to assess your creditworthiness. We do not use profiling that can produce legal effects concerning you or similarly significantly affect you without human review.
In certain circumstances, automated decision taking might be necessary for reasons of efficiency and consistency. In such cases, we will inform you accordingly and take the measures required by applicable law.
In order to perform our contracts, fulfill our legal obligations, protect our legitimate interest, and the other purposes and legal grounds set out above, we may disclose your data to third parties, in particular to the following categories of recipients:
We may share your information with service providers and business partners around the world with whom we collaborate to fulfill the above purposes (e.g. IT providers, shipping companies, advertising service providers, security companies, banks, insurance companies, telecommunication companies, credit information agencies, address verification provider, lawyers) or who we engage to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only.
In case required under the respective contract we share your data with other contractual partners. If we sell or buy any business or assets, we may disclose your data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.
If legally obliged or entitled to make disclosures or if it appears necessary to protect our interests, we may disclose your data to courts, law enforcement authorities, regulators, government officials, or other legal authorities in Switzerland or abroad, e.g. in criminal investigations and legal proceedings including alternative dispute resolution.
As we have explained in Section VII, we disclose data to other parties, not all of them located in Switzerland. Your data may be processed in the European Economic Area (EEA) and in exceptional circumstances also in countries outside the EEA and around the world, which includes countries that do not provide the same level of data protection as Switzerland or the EEA and are not recognized as providing an adequate level of data protection. We only transfer data to these countries when it is necessary for the performance of a contract or for the exercise or defense of legal claims, or if such transfer is based on your explicit consent or subject to safeguards that assure the protection of your data, such as the European Commission approved standard contractual clauses.
We only process your data for as long as necessary to fulfill the purposes we collected it for, including the purposes of complying with legal retention requirements and where required to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled. Upon expiry of the applicable retention period, we will securely destroy your data in accordance with applicable laws and regulations.
We take appropriate organizational and technical security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You have various rights in relation to our processing of your personal data, depending on the applicable data protection law:
You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information.
We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes so that we can keep your personal data up-to-date.
You have the right to require us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
You have the right to ask that we transfer the personal information you gave us to another controller or to you, in certain circumstances.
Where we process data based on your consent, you have the right to withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
If you believe that your data protection rights might have been breached, please let us know our contact the applicable supervisory authority.
Under applicable data protection law you have the right to object at any time to the processing of personal data pertaining to you under certain circumstances, in particular where your data is processed in the public interest, on the basis of a balance of interests or for direct marketing purposes.
If you like to exercise the above mentioned rights, please contact us at dataprotection@arcual.art or the contact details provided under Section II unless otherwise specified or agreed. Please note that we need to identify you to prevent misuse, e.g. by means of a copy of your ID card or passport unless identification is not possible otherwise.
If you subscribe to one of our newsletters offered, you may cancel the subscription at any time by using the option to unsubscribe contained in the newsletter.
We use cookies on our website and may allow certain third parties to do so as well. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. You can see the complete list of the cookies used below.
However, depending on the purpose of these cookies, we may ask for your express prior consent before they are used. You can access your current settings by clicking on the «Change Your Cookies» - button below and you can withdraw your consent under the same link at any time. You can also set your browser to block or deceive certain types of cookies or alternative technologies, or to delete existing cookies. You can also add software to your browser that blocks certain third-party tracking. You can find more information on the help pages of your browser (usually with the keyword «Privacy») or on the websites of the third parties set out below.
Necessary cookies are necessary for the functioning of the website or for certain features. They make the use of our website more pleasant for you. For example, they help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. They also ensure that you can move between pages without losing information that was entered in a form and that you stay logged in. These cookies exist temporarily only («session cookies»). The session cookies are automatically deleted after leaving our pages. If you block them, the website may not work properly. Other cookies are necessary for the server to store options or information (which you have entered) beyond a session (i.e. a visit to the website) if you use this function (for example language settings, consents, automatic login functionality, etc.). These cookies have an expiration date of up to 12 months. The legal basis for such cookies is our legitimate interest according to providing you with all functions of our website. Please find below a detailed list of all necessary cookies and their expiration period.
In order to optimize our website and related offers and to better adapt them to the needs of the users, we use cookies to record and analyze the use of our website, potentially beyond one session. We use third-party analytics services for this purpose that are listed below (see Section XV «Monitoring Tools»). For example, we analyze which page a user accesses most often and whether error messages are displayed. These cookies do not store any information beyond this. They are used exclusively to increase user-friendliness and to tailor websites more specifically to the user. Before we use such cookies, we ask for your express prior consent. You can withdraw consent at any time through the cookie settings.
We and our advertising partners have an interest in targeting advertising as precisely as possible, i.e. only showing it to those we wish to address. We have listed our advertising partners below. For this purpose, we and our advertising partners – if you consent – use cookies that can record the content that has been accessed or the contracts that have been concluded. This allows us to optimize our content (see Section XV «Monitoring Tools») and us and our advertising partners to display advertisements that we think will interest you on our website, but also on other websites that display advertisements from us or our advertising partners (see Section XVII «Tracking Tools»). If you consent to the use of these cookies, you will be shown related advertisements. If you do not consent to them, you will not see fewer advertisements, but simply any other advertisement. You can withdraw consent at any time through the cookie settings.
You can change your cookie settings at any time under the link provided below: www.arcual.art
Based on your consent we use tracking tools to ensure a tailored design and the continuous optimization of our website. We also use the tracking tools to statistically record the use of our website and evaluate it for the purpose of optimizing the content we show you.
Due to the continuous development of our website and the contents thereof, changes in law or regulatory requirements, we might need to change this Privacy Policy from time to time. Our current Privacy Policy can be found on our website and can be saved and printed out by you.
