Data Protection & Privacy Policy

Last Updated January 2025

1. Introduction

thirty3 ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in compliance with the Swiss Data Protection Act (DSG) and the General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for processing your personal data is:

thirty3 AG

Data Protection Officer: Michael Zurbrügg

Address: Theaterstrasse 10, 8001 Zürich

Email: support@thirty3.ch

We will notify individuals in cases where different controllers are responsible for specific data processing activities.

3. Definitions and Legal Basis

3.1 Definitions

• Personal Data refers to any information relating to an identified or identifiable natural person.

• Processing includes any operation performed on personal data, such as collection, storage, use, or deletion.

• European Economic Area (EEA) covers the EU member states, Liechtenstein, Iceland, and Norway.

3.2 Legal Basis

We process personal data under the following legal bases:

• Contract Performance (Art. 6(1)(b) GDPR / Art. 31(2)(a) DSG)

• Legitimate Interests (Art. 6(1)(f) GDPR / Art. 31(1) DSG)

• Legal Obligations (Art. 6(1)(c) GDPR / Art. 31(2)(c) DSG)

• Consent (Art. 6(1)(a) GDPR / Art. 31(1) DSG), where required

• Public Interest (Art. 6(1)(e) GDPR)

• Vital Interests (Art. 6(1)(d) GDPR)

4. Type, Scope, and Purpose of Processing

We process personal data necessary for our activities, including:

• Identity & Contact Information (name, email, phone, company details)

• Technical Data (IP address, browser type, operating system, log files)

• Communication & Usage Data (messages, website interactions, marketing preferences)

• Contract & Payment Data (services requested, financial transactions)

Personal data is retained only as long as necessary or legally required. Data that is no longer required is deleted or anonymized.

5. Data Transfers and Third Parties

We may share data with:

• Service providers (hosting, payment, analytics, CRM tools)

• Legal authorities as required by law

• Third parties with explicit consent

Cross-border data transfers comply with GDPR, DSG, and EU adequacy decisions. If necessary, we rely on Standard Contractual Clauses (SCCs) or other safeguards.

6. Data Subject Rights

You have the right to:

• Access your personal data

• Rectify inaccurate information

• Erase your personal data ('right to be forgotten')

• Restrict processing under certain conditions

• Portability of data in a structured format

• Object to data processing

• Withdraw consent at any time

• Lodge a complaint with a data protection authority

Requests can be sent to support@thirty3.ch. We may request verification of identity before processing requests.

7. Security Measures

We implement technical and organizational measures to protect data against unauthorized access, modification, and destruction. Access to our website is secured via SSL/TLS encryption.

8. Data Breach Notification

In the event of a data breach, we will notify affected individuals and authorities in accordance with GDPR (Art. 33, 34) and DSG requirements.

9. Website Usage and Cookies

We use cookies and similar tracking technologies on our website to enhance functionality, analyze user behavior, and provide personalized experiences. Cookies are small text files stored on your device that help us improve our services and user experience.

9.1 Types of Cookies We Use

Essential Cookies: Necessary for the website to function properly (e.g., session management, security).

• Performance & Analytics Cookies: Help us analyze how visitors use the website (e.g., Google Analytics).

• Functional Cookies: Enable personalized settings (e.g., language preferences, saved login details).

• Advertising & Tracking Cookies: Used to deliver targeted ads and track user interactions with marketing content.

9.2 Managing Cookies

Users can control and manage cookie settings via their browser preferences. Most browsers allow you to:

• Block or delete specific cookies

• Enable notifications before storing cookies

• Disable cookies entirely (which may affect website functionality)

For more details on managing cookies, please visit your browser’s help section. Additionally, you can opt out of Google Analytics tracking by using the Google Analytics Opt-out Add-on.

By continuing to use our website, you consent to the use of cookies as described in this policy. We use cookies and tracking technologies for:

• Enhancing user experience

• Analyzing website performance

• Providing targeted advertising

Users can adjust cookie preferences via browser settings. Third-party services, such as Google Analytics, may collect additional data. Opt-out options are available.

10. Communications and Notifications

We send marketing emails and newsletters with explicit consent.

• Users can unsubscribe from communications at any time.

• Emails may contain tracking mechanisms to analyze engagement.

11. International Data Transfers

We primarily process data within Switzerland and the EEA but may transfer it globally under data protection safeguards. Users may request details on data transfer mechanisms.

12. Social Media and Third-Party Services

We maintain social media profiles for engagement. Data processed on these platforms follows their respective privacy policies. Our website may embed third-party content (e.g., YouTube, LinkedIn), which may collect user data.

13. Applicant Data Processing

We process job application data solely for recruitment purposes, based on Art. 9(2)(b) GDPR.

14. Amendments to this Policy

We may update this policy periodically. The latest version is always available on our website.

15. Contact Information

For any privacy-related inquiries, contact:

Email: support@thirty3.ch

Address: Theaterstrasse 10, 8001 Zürich