Privacy Policy

Please note that the French version shall prevail in case of discrepancies.

INTRODUCTION

At One Step Beyond, we are committed to preserving the confidentiality and security of your personal data. We make it a priority to fully respect the fundamental rights and privacy of all individuals involved in our activities.

To ensure full transparency regarding the processing, collection, and protection of your personal data, this Privacy Policy has been established. Its primary purpose is to present the definitions, principles, and rights related to data protection. This policy applies to all personal data we collect on our websites, our support portal, our managed services, as well as during our business interactions and events that we organize.

In this Privacy Policy, any reference to “One Step Beyond,” “OSB,” “we,” “our,” or “us” refers to One Step Beyond SA.

By sharing your personal data with us and continuing to use our websites, support portal, managed services, or participating in our events, you confirm that you have read and understood the terms of this Privacy Policy.

In compliance with our legal obligations, we implement the necessary technical and organizational measures to protect your personal data. You always retain control over your personal data.

If you have any questions or comments regarding any aspect of this Privacy Policy or how we handle your information, please do not hesitate to contact us by email at: info@osb.group.

Your trust is invaluable, and we are here to answer any questions you may have regarding the management of your personal data.

 

PURPOSE OF THE DATA PROTECTION

Given technological and digital developments, data protection is a major issue in our society. Data protection arises from the fundamental right to privacy and is protected by our Swiss Federal Constitution.

Since September 1, 2023, Switzerland has adopted a revised law (Federal Data Protection Act, FDPA – link to FDPA) and ordinances to align with European data protection standards, particularly the General Data Protection Regulation (GDPR).

These legislative developments aim to establish secure data processing that respects privacy, providing individuals with increased protection of their personal data by creating new institutions and legal pathways, as well as enhancing control over their personal data while fostering the trust needed for the digital economy to continue growing.

OSB is committed to protecting your privacy, individual freedoms, and fundamental rights. This Privacy Policy aims to strengthen the trust of users of our website regarding the processing of their personal data by ensuring transparency and clarity about its collection, use, storage, or deletion.

 

DEFINITIONS

The definitions related to data protection are based on the applicable Swiss legislation. They are as follows:a. Personal data: any information relating to an identified or identifiable natural person.b. Data subject: the natural person whose personal data is being processed.c. Sensitive personal data:i. Data on religious, philosophical, political, or trade union opinions or activities;ii. Data on health, private life, or racial or ethnic origin;iii. Genetic data;iv. Biometric data identifying a natural person uniquely;v. Data on criminal and administrative proceedings or sanctions;vi. Data on social welfare measures.d. Processing: any operation related to personal data, regardless of the means and methods used, including collection, recording, storage, use, modification, communication, archiving, deletion, or destruction of data.e. Communication: the act of transmitting personal data or making it accessible.f. Profiling: any form of automated processing of personal data used to evaluate certain personal aspects of a natural person, such as analyzing or predicting work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.g. High-risk profiling: any profiling that poses a high risk to the personality or fundamental rights of the data subject because it involves data matching that allows the assessment of a natural person’s essential characteristics.h. Data security breach: any security violation that accidentally or unlawfully results in the loss, modification, deletion, or destruction of personal data, its unauthorized disclosure, or access.i. Federal authority: the federal authority, federal service, or person responsible for a public task of the Confederation.j. Data controller: the private person or federal authority who, alone or jointly with others, determines the purposes and means of data processing.k. Processor: the private person or federal authority that processes personal data on behalf of the data controller.

For the remainder:l. Anonymization: a data processing method that makes it impossible to identify a person from a data set, thus respecting privacy. Anonymous data is not subject to the FDPA because it is not personal data.m. Pseudonymization: a data processing method in which personal data can no longer be attributed to a specific person without additional information. Pseudonymized data is subject to the FDPA because it remains personal data.n. Minors and children: both terms are used synonymously to refer to any natural person under the age of 18.o. Capacity of judgment: defined as the ability to act reasonably and refers to the capacity to understand information, act freely, and form one’s own will and opinions. It is assessed case by case, according to the level of development and maturity, without a legally fixed age limit.

 

DATA PROTECTION PRINCIPALS

The principles outlined below summarize our approach to managing your personal data, as detailed in this Privacy Policy. They reflect our commitment to protecting your personal data optimally.At OSB, we are committed to adhering to the following principles, notably drawn from the FDPA and GDPR:

  • Accountability Principle: The data controller and its processors undertake to take all necessary measures to proactively comply with the law.
  • Purpose Principle: Each data processing, throughout its entire lifecycle, must be carried out for a clear, defined, lawful purpose and clearly communicated from the outset to the data subject.
  • Legitimacy Principle: All processing must be based on a legitimate basis (legal basis, legitimate public or private interest, such as a contract and/or free and informed consent).
  • Proportionality Principle: Only the data appropriate and necessary to achieve the intended purpose can be processed. Unnecessary collection should be avoided, and processing minimized to the bare minimum necessary for the intended purposes.
  • Transparency Principle: Both the purpose and collection must be recognizable and clearly communicated to the data subject.
  • Good Faith Principle: Data processing should not be carried out without the knowledge or against the will of the data subject.
  • Security Principle: Confidentiality and protection of data must be ensured against unauthorized processing by appropriate technical and organizational measures.
  • Recognizability Principle: Both the collection of data and its purposes must be recognizable and communicated to the data subject.
  • Accuracy Principle: Data must be complete and up-to-date.
  • Data Protection by Design and by Default Principle: All data protection requirements must be respected throughout the entire data lifecycle (from collection, processing in the narrow sense, including archiving, to deletion).

These principles form the foundation of our commitment to protecting your privacy. If you have any questions or concerns regarding the application of these principles or the management of your personal data, please do not hesitate to contact us. Your trust is our priority.

COLLECTION OF PERSONAL DATA

We commit to collecting only the personal data necessary for the fulfillment of our services and compliance with our legal and contractual obligations, in accordance with applicable laws, including the GDPR and the DPA. Personal data is defined as information that can be used to identify you directly or indirectly.

METHODS OF DATA COLLECTION

We collect your personal data in various ways. In this section, we explain the different methods of collecting your personal data as well as how we use it. For more details on how we use your personal data, please see the section “How Do We Use Your Personal Data?”

INFORMATION SHARED BY YOU

We collect personal data when you contact or interact with us through our website, support portal, managed services, business transactions, and events we organize. For example, you provide us with data when you contact our sales or support teams, place orders, register support tickets, subscribe to our newsletter or an event, respond to surveys, or update your preferences and account data. In these interactions, you may share information such as your name, address, email address, phone number, and company name. In some cases, additional information may be necessary to provide you with the services or products you requested, such as bank data for product purchases or shipping information. If you share personal data of others with us, it is your responsibility to inform them of this Privacy Policy and obtain their authorization.

INFORMATION FROM YOUR ONLINE INTERACTIONS

We collect and store limited personal data and aggregated anonymous statistics from all visitors to our websites and users of our services, whether you actively provide this information or simply browse our websites or use our services. This information may include the IP address of the device you use, the search engine you used, your operating system, the date and time of your access, the internet address of the site from which you accessed ours, and data on how you use our websites and applications. We use this information to ensure the proper functioning of our websites and applications, monitor their use, and improve the quality of our services.

USE OF COOKIES

Our websites use cookies, which are small text files stored on your device via your internet browser. Some of these cookies collect personal data. We use this data in accordance with our privacy policy. By continuing to use our websites and services, you consent to the use of cookies. Please note that we do not respond to “Do Not Track” (DNT) signals.

GOOGLE ANALYTICS

Our website integrates Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies, which are text files placed on your computer, to conduct a thorough analysis of site usage by users. The data generated by these cookies, including your IP address, is transmitted to and stored by Google on servers in the United States. Google uses this information to evaluate your site use, generate reports on site activity for the site operator, and provide various other services related to website activity and internet usage. Google may disclose this data to third parties, including the publisher of this site, if required by law or if such third parties process the data on Google’s behalf. Please note that Google will not combine your IP address with any other data held by them.You can disable the use of cookies by adjusting the appropriate settings in your browser. However, note that this may affect your access to certain features of the site.Google is responsible for processing your personal data and will use it in accordance with the details specified in its privacy policy, which you can consult here: Google Partner Sites.Your privacy is essential to us, and we are committed to protecting your personal data when using Google Analytics.

LINKS TO THIRD- PARTY WEBSITES

We provide links to other websites not managed or controlled by OSB. We do not exercise any control over these sites and disclaim any responsibility for their content or the data collection and usage practices implemented by the third parties responsible for these sites. No endorsement or representation binds these third-party websites to our company.Third-party websites usually have their own privacy policies detailing their data collection and sharing methods. We strongly encourage you to carefully review their privacy policies before using these sites to ensure that you agree with their terms for collecting and sharing your personal data.

EMAIL COMMUNICATIONS

As a customer or user of our services, we will send you emails about our services, security solutions, cybersecurity news, and events, unless you opt out. We collect information on how you handle our emails, such as delivery, opening, content viewing, and unsubscribing. This information is collected in accordance with applicable laws, including the GDPR and the DPA.

SOCIAL MEDIA

We are active on several social networks, and you can contact us through these platforms. We monitor public social networks and websites to better understand opinions about us, our products, technologies, and services and to help customers who prefer to contact us this way. We ensure that any information collected from social networks is properly credited or anonymized. Please review the privacy policies of these websites and social networks to understand how your personal data is collected and shared.

MANAGED SERVICES

We collect and store limited personal data and some aggregated anonymous statistics from all users of our managed services, whether you actively provide this information or simply use our services. The information we collect may include your names, identifiers, email addresses, company name, IP addresses of the device you use, your operating system, browser type, date and time of access, geolocation data indicating the origin of the connection to our services, and resources of the managed service used. We use this information solely to provide the requested managed services, with the ultimate goal of enhancing the quality of our managed services.

EVENTS ORGANIZED BY ONE STEP BEYOND

The personal data we collect during your registration or participation in one of our events, such as names, surnames, phone numbers, email addresses, and companies, is used for the following purposes:

  • Confirmation and Communication: We use your personal data to send you confirmation messages about your event registration and keep you informed of important event details, such as date, time, location, and other logistical information.
  • Event Reminders: We may send you reminders before the event to ensure you remember your participation, contributing to better event organization.
  • Feedback Requests: After the event, we may solicit your feedback or comments on your experience to improve the quality of our future events. Your responses may be used to assess participant satisfaction, identify strengths, and highlight areas for improvement.
  • Event-Related Communication: Your personal data may also be used to send you important information about last-minute changes, program updates, or other information necessary for proper event organization.
  • Experience Personalization: Some of your event-related preferences provided during registration may be used to personalize your experience, such as adapting content or sessions based on your specific interests.At our events, we may record, film, or photograph speakers, the audience, and all activities that are part of this occasion. These contents may be shared on platforms such as our website and social media through One Step Beyond’s official account, with your consent. By participating in our events, you agree to appear in a non-targeted manner on some of these media.Additionally, please note that we transmit some of your data to event sponsors for marketing fund justification purposes. The data transmitted to our sponsors includes the names, surnames, emails, companies, and countries of participants. It is important to note that our sponsors have received strict instructions from us regarding the use and retention of this data. They are not authorized to use or retain this data for any purposes other than those specifically related to justifying their marketing support for the event.If you wish to withdraw or delete personal data concerning you from these contents, please refer to the section below entitled “Control the Use of Your Personal Data.”

HOW DO WE PROCESS COLLECTED PERSONAL DATA?

We highly value the protection of your personal data. Here is how we process your data:

  • Compliance with Applicable Laws: We process your personal data in strict compliance with applicable laws, including the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA). We ensure that all legal requirements regarding data protection are met.
  • Response to Your Questions and Requests: Your data is used to respond to your questions and requests, whether about our products, technical support, or any other inquiries you may have.
  • Support and Services: We use your data to provide you with personalized support and services related to our solutions. Our goal is to ensure your satisfaction and meet your needs effectively.
  • Contract Management: Your data is processed as part of the execution of our contracts with you, whether at the pre-contractual, pre-sales, order, contract execution, or product/service delivery phases.
  • Relationships with Our Suppliers: As part of our relationships with suppliers such as publishers, distributors, and third-party services, we may also process personal data for exchanges necessary for executing our contracts.
  • Communication with You: We use your data to communicate with you, whether for important notifications, updates, or any other information related to our products and services.
  • Customer Satisfaction Surveys: We may solicit you for customer satisfaction surveys to gather your feedback and suggestions to improve our services.
  • Updates and Notifications: Your data is used to inform you of any changes in our policies, terms, and conditions, so you stay informed of significant developments.
  • Promotion of Our Solutions and Services: If you have given your consent, we may inform you about other solutions and services that may interest you.
  • Seminars and Events: If you have registered for participation in seminars or events, your data may be used for event organization and related communication.
  • Service Alerts and Updates: If you have subscribed to alerts or updates regarding our services, your data is used to provide you with timely notifications.
  • Content Personalization: Your data helps us tailor content and services to your specific needs and preferences.
  • Statistical Analysis: Aggregated and anonymized data may be used for statistical purposes to better understand the use of our products and services, enabling us to improve them.
  • Security and Fraud Prevention: Your data is used to ensure the security of our services and prevent any fraudulent activities, safeguarding your information from potential threats.
  • Optimization of Our Services: We may use your data to optimize the performance and functionality of our solutions and services to deliver a high-quality experience to our customers.We guarantee that your personal data will only be processed for specific, lawful purposes, in compliance with applicable regulations. Your privacy and the protection of your data are our priority.

WHAT IS THE LEGAL BASIS FOR THE PROCESSING OF YOUR DATA?

The processing of your personal data is legally based on several criteria, including:

  • Contract Performance: Processing necessary for the execution of a contract to which the data subject is a party or to take pre-contractual measures at the data subject’s request.
  • Legitimate Interests: Processing necessary for our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
  • Legal Obligation: Processing necessary to comply with our legal obligations.
  • Consent: Processing based on the data subject’s explicit consent. We will always inform you of the specific legal basis for processing your data at the time of collection and when you make a data-related request.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We retain your personal data only for the duration necessary to fulfill the purposes for which it was collected, in accordance with applicable laws and our internal retention policies. Here are the main criteria we consider to determine the retention period for your personal data:

  • The nature of your relationship with One Step Beyond, for example, if you are a customer, supplier, partner, or event participant.
  • The type of data, for example, whether it is a communication or order data.
  • The period during which we need your data to comply with our legal, contractual, or regulatory obligations.
  • The period during which we have legitimate interests in retaining the data.
  • Your explicit consent regarding data retention, where applicable. When the retention period has expired, we securely delete or anonymize your personal data so it can no longer be associated with you, in accordance with applicable legal requirements.

CONTRE THE USE OF YOUR PERSONAL DATA

In accordance with applicable data protection laws, you have rights concerning the personal data we hold about you:

  • Right to Access: You have the right to request access to the personal data we hold about you and to obtain information about its processing.
  • Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data.
  • Right to Erasure (“Right to Be Forgotten”): You have the right to request the deletion of your personal data, subject to certain conditions.
  • Right to Restrict Processing: You have the right to request the restriction of the processing of your personal data under certain circumstances.
  • Right to Data Portability: You have the right to request the transfer of your personal data to another organization or yourself in a structured, commonly used, and machine-readable format, where technically feasible.
  • Right to Object: You have the right to object to processing based on legitimate interests, direct marketing, or automated processing, including profiling.
  • Right to Withdraw Consent: If you have given your consent to process your data, you can withdraw it at any time.To exercise your rights, please contact us using the contact details in the “How to Contact Us” section below. We will respond to your requests within the legal timeframe and will take reasonable steps to confirm your identity before disclosing any personal data to you. If you are dissatisfied with our response or believe your personal data has not been processed in compliance with applicable laws, you have the right to lodge a complaint with the competent supervisory authority, such as the CNIL.

HOW DO WE PROTECT YOUR PERSONAL DATA?

We take data security seriously and use appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption: We use encryption to protect data in transit and at rest.
  • Access Controls: We limit access to your personal data to authorized personnel only.
  • Data Minimization: We limit the amount of personal data we collect to what is necessary for the intended purpose.
  • Security Audits: We regularly review and update our security measures to ensure data protection.
  • Employee Training: We provide regular training to our employees on data protection and privacy best practices.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

In some cases, we may transfer your personal data outside the European Economic Area (EEA) to provide our services. When we do so, we ensure that appropriate safeguards are in place to protect your data, such as standard contractual clauses, binding corporate rules, or other mechanisms approved by the European Commission.

CHILDREN’S PROVACY

Our services are not directed at children under 16, and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will delete it immediately unless we are legally obliged to retain it.

CHANGES TO THIS PRIVACY POLICY

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal obligations. We will notify you of any significant changes by posting a notice on our website or by other means. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

HOW TO CONTACT US

If you have any questions or concerns about this privacy policy or our data protection practices, please contact us at:

One Step Beyond

Email: info@osb.group

Phone: +41 22 995 96 12,

Address: Route de Cité Ouest 2, 1196 Gland

This privacy policy aims to provide you with a comprehensive understanding of how One Step Beyond handles your personal data. We are committed to protecting your privacy and ensuring the security of your personal data in all circumstances.

 

en_US