Cookie Policy

1. Introduction

In this privacy policy we describe how we collect and process personal data. The protection of personal data is very important to ECOFACT. As the controller of your personal data in dealings with us, we therefore comply with all applicable data protection regulations. We are primarily subject to the Swiss Federal Act on Data Protection (FADP), and in certain cases we also comply with the EU General Data Protection Regulation (GDPR) or other data protection laws. This privacy policy is not necessarily a comprehensive description of our data processing. It is possible that other data protection statements or general terms and conditions, or similar documents, apply to specific circumstances

2. Definitions

In this privacy policy:

“Personal data” means any information relating to an identified or identifiable person or entity. If you provide us with the personal data of other persons (such as employees or work colleagues), please make sure the persons concerned are aware of this privacy policy. You should provide us with their data only if you are permitted to do so and that personal data is correct.

“Data subject” means a person or entity whose personal data is processed.

“Processing” means any handling of personal data, irrespective of the means and procedures used. In particular it refers to the collection, storage, keeping, use, modification, disclosure, archiving, deletion or destruction of data.

“Controller”means a person or entity that, alone or jointly with others, determines the purpose and the means of processing personal data.

“Processor” means a person or entity that processes personal data on behalf of the controller.

“Recipient” in the context of this privacy policy refers in particular to our service providers, including processors (such as IT providers), traders, suppliers, subcontractors and other business partners. Certain recipients may be within Switzerland or the USA (e.g. Google), but they may also be located in any country around the world.

3. Controller / contact information

The controller of data processing as described in this privacy policy is

ECOFACT AG
Birmensdorferstrasse 67
8004 Zurich
Switzerland

Website: https://www.ecofact.com
Email: info@ecofact.com

You may notify us of any data protection-related concerns using the above contact details.

4. What personal data do we collect, and on what legal grounds?

We primarily process personal data that we obtain from our clients, other business partners, and other individuals in the context of our business relationships with them. The information we collect usually includes the name of the organization, first and last names of individuals, telephone numbers, email, and addresses, and in some cases passwords. In the case of our website users, we collect and process analytical information, in particular information related to web visitor activity. For further information, see section 4 below and our cookie policy. We also use a customer relations management tool to collect contact information from clients and prospective clients. This tool records certain written communications with them.

5. Why do we process your data?

We primarily use collected data to conclude and process contracts with our clients and business partners, as well as to comply with our domestic and foreign legal obligations. You may be affected by our data processing in your capacity as an employee of such a client or business partner. In these cases we process your data based on our legitimate interest.

In addition, in line with applicable law and where appropriate, we may process personal data for the following purposes, which are in our legitimate interest or that of third parties. Examples of legitimate interests are:

• providing and developing our products, services and website;
• producing distribution lists for communication with our clients;
• managing client projects;
• advertising and marketing (including organizing events and webinars), unless you have objected to the use of your data for this purpose. If you belong to our client base and you receive our communications, you may object at any time and we will place you on an exclusion list so you do not receive any more advertising mailings;
• asserting legal claims and in defense in legal disputes and official proceedings, when legally required;
• preventing and investigating criminal offenses and other misconduct. One example is conducting internal investigations or data analysis to combat fraud;
• ensuring our business operations, including our IT, websites, apps and other applications;
• business transactions and the related transfer of personal data, as well as business management and compliance with legal and regulatory obligations, including internal regulations.

If you have given us your consent to process your personal data for certain purposes (when you registered for our newsletter, for example), we will do so within the scope of and based on this consent, unless we have another legal basis, if we require one. You can withdraw your consent with effect for the future at any time by contacting us using the information given in section 3.

6. Our cookie usage and tracking software, and how you can manage them

Our hosting provider stores general information about web access on our server. This standard procedure covers only non-identifying information for general access analysis and statistics. The access log exists for our main website only.

The websites of our Policy Outlook and Exchange tools, which are separate from our main website, employ certain tracking functions. Session cookies are used to keep account holders logged in. However, they are used only on our own server and do not track users across the web. We actively track all activities by account holders in our own tools, including information such as IP addresses, to learn what our users are interested in and how they use those tools. This information is used to optimize the user experience. We also store all the preferences that account holders set, such as watchlists, in our database. This is required for our tools to operate correctly with all the features we offer. For more information about our use of cookies and tracking software, and how you can manage them please go to our cookie policy.

7. Do we share personal data with anyone? Which countries are the recipients in?

In the context of our business activities, and in line with the purposes of the data processing set out in section 5, we may transfer data to third parties. We do this only if we are permitted to do so and we believe it is appropriate for them to process data for us or for their own purposes. Third parties are informed of the appropriate way in which your personal data must be handled. We do not rent or sell your personal data to third parties.

If a recipient is located in a country without adequate statutory data protection, we require that recipient to comply with suitable data protection regulations. For this purpose, we use the European Commission’s revised standard contractual clauses, which can be accessed here, including the necessary Swiss local law amendments for data transfers from Switzerland. This separate commitment to protecting your data must be given unless the recipient is subject to an accepted set of rules to ensure data privacy, and where we are unable to rely on an exception.

8. How long do we store your data?

We process and retain your personal data for as long as required to fulfill its set purpose, and to comply with statutory and document retention obligations.

9. Data security

We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse. These measures include internal policies, IT and network security solutions, access controls and restrictions, and the encryption of data carriers and transmissions.

10. Your rights

In accordance with and to the extent provided by applicable law, you have the following rights: (1) to access your data; (2) to have it rectified or erased; (3) to restrict the way in which it is processed; and (4) to object to our data processing, in particular for direct marketing purposes, for profiling carried out for direct marketing purposes and for other legitimate interests in processing. In addition, you have the right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (where we may invoke those interests), or require the data to enforce claims. If exercising certain rights will incur costs for you, we will notify you of this in advance. We have already informed you of the option of withdrawing consent in section 5 above. Please further note that the exercise of these rights may conflict with your contractual obligations, and this may result in consequences such as premature contract termination, or involve costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon.

To assert these rights, please contact us at the address provided in section 3 above.

In addition, every data subject has the right to assert their rights in court or to lodge a complaint with the competent data protection authority, which in Switzerland is the Federal Data Protection and Information Commissioner.

11. Amendments to this privacy policy

This privacy policy was last updated on April 4, 2025.

We may amend this privacy policy at any time without prior notice. The current version, as published on our website, applies at any given time.