Privacy Policy
Urban Sympheny AG („Sympheny“), based in Winterthur is a technology company. Sympheny provides a energy systems optimization software as a service (“Service”) to private and enterprise customers, and operates sympheny.com.​ Although our customers are the main actors involved in the upload and management of all content, including content containing Personal Data, this Privacy Policy describes in detail how your Personal Data is collected and used.​Our Privacy Policy fully applies and respects the highest protection standards set by the European Union General Data Protection Regulation ("GDPR") in force since May 25, 2018 that regulates the processing of personal data of natural persons. The geographical scope of application of the GDPR is very broad. The provisions of the GDPR apply, on the one hand within the territory of the EU and, on the other hand to all Controllers and Processors which process personal data of EU citizens (even if they live outside the EU). Accordingly, the GDPR also applies to companies not established in the territory of the EU. Sympheny, as a Swiss company, is therefore also affected by the provisions of the GDPR.
What is Personal Data?
According to art. 4 para. 1 GDPR "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
As we also operate Personal Data of citizens who do not belong and/or do not operate in a territory of the European Union the term Personal Data, for the purposes of this Privacy Policy encompasses both the meaning of article 4 of the GDPR as well as that of Personally Identifiable Information (PII) as it is defined in the US legislation. We make an explicit difference where required.
The GDPR differentiates between Data Controller and Data Processor. Controllers are those who determine the purposes and means of the processing of personal data. In case the purposes and means of such processing are determined by European Union Law, the criteria to be identified as Data Controller are determined by European Union Law itself. Processors are those that process Personal Data on behalf of the Controller.
For providing the Service to its customers Sympheny acts as a Data Processor in terms of GDPR. Natural Persons or legal entities can purchase a subscription (“Sympheny Plan”). In order to provide the Service at all, we need to collect and use certain Personal Data. We process the Personal Data only on behalf, and on instruction of, our customers, and in accordance with the relevant applicable law. For this reason, our customers who purchase a Sympheny Plan are primarily responsible for processing the Personal Data of all users (e.g. employees of the customer and/or other natural persons invited by the customer to join the Platform).
Nevertheless, in exceptional circumstances Sympheny acts as Data Controller. This occurs in connection to i) those natural persons who materially purchase a Sympheny Plan and do not sign in the name of a legal entity; ii) visitors of our website; iii) interested natural persons who consent to provide their Personal Data; and iv) our employees.
Sympheny Processes Personal Data
Sympheny lawfully “processes” Personal Data in accordance with the meaning given to this term by article 4 of the GDPR.
In addition, article 6 of the GDPR prescribes that the processing is lawful only if and to the extent that at least one of the following applies:​
the data subject has given consent to the processing of his or her personal data for one or more specific purposes​
processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract​
processing is necessary for compliance with a legal obligation to which the controller is subject
​processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller​
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child
Sympheny Collects Personal Data
General Individual information: In order to register to our Services, to show interest in getting more insights about our Product, and in general, to be reached out to for marketing purposes, current and future perspective users of Sypmheny upon prior explicit consent may provide Personal Data in the form of their email address, name and surname, name of the company, job title, or similar.
User Data: Every user of Sympheny independently from its peculiar contractual Sympheny Plan must register and login to our Platform in order to work on Sympheny. Therefore, to sign up and login to Sympheny the following Personal Data is mandatory:​
- Name and Surname​
- Email address​
- Password
Billing: In order to subscribe for Sympheny and purchase a Sympheny Plan , potential customer may need to provide credit card information and a billing address. Sympheny does not collect nor store any credit card information itself.
Browser Data: We may collect standard website visitor information supplied by your browser (e.g., your operating system, the browser you are using, IP addresses, language settings). This information is dependent on the type of device, browser, and the settings you are using.
Other Usage Statistics: Besides browser data, we may collect statistics, usage information, and may record user sessions on how registered users use our Services in order to maintain and improve our Services.
Marketing: We might use the information collected for our own marketing purposes. This includes, but is not limited to: marketing campaigns, marketing events, and newsletters. This information will be used solely for marketing purposes by Sympheny and we will not share it with any third parties.
Exclusion of Special Categories of Personal Data: Sympheny will never ask its current and perspective potential customers to provide Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, including genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation. In case we might come across any of this data, its use by Sympheny is strictly prohibited.
Personal Data of Job Applicants: If you apply for a vacancy at Sympheny, we will collect and process information that you voluntarily communicate to us about yourself for purposes related to a potential employment. Additionally, we may collect publicly available information (e.g., your LinkedIn profile). Sympheny will store and manage this information with a trusted third-party providing a state-of-the-art solution for recruiting processes. You can request access, correction, or deletion of job applicant information about you at any time using the contact details below.
Personal Data of Children (under the age of sixteen): We do not voluntarily collect information from anyone under the age of sixteen. If we learn that we may have received information from someone under the age of thirteen, we will take immediate action and all reasonable measures to remove the information.
Sympheny Uses Personal Data
Sympheny will use the collected information to provide the Service to the customer and continuously improve the product and its features. Sympheny does not resell any Personal Data to any third-party.
Occasionally, we may publicly release aggregated statistics (e.g., by publishing reports on trends in the usage of our Sites).
Nevertheless, any usage information used to monitor the usage of our Sites and improve our Service is anonymized and aggregated.
If you are a registered user of a Sympheny Site or Service and have supplied your email address, Sympheny may occasionally send you an email to communicate the release of new features, solicit your feedback, or just keep you up to date with what’s going on with Sympheny and our products.
If you send us a request (for example, via a support email or one of our feedback mechanisms), we reserve to use this information in order to help us clarify or respond to your request, or to help us support other users. Sympheny takes all measures reasonably necessary to protect against the unauthorized access, use, alteration, or destruction of Personal Data.
Sympheny Uses Third-Parties Sub-Processors
Sympheny engages the following trusted Third-Parties Sub-Processors which provide parts of the Service on behalf of Sympheny in regard to the processing of Personal Data:
- Amazon Web Services (AWS) – Location: Stockholm,SE – Service: Data processing and hosting
- SalesForce – Location: Frankfurt,DE – Service: Customer information hosting
Sympheny Doesn’t Disclose Personal Data
Sympheny provides the highest attainable standards of legal protection to Personal Data. Thus, we generally apply a policy of non-disclosure of any Personal Data, and all our employees and third parties are bound by Non-Disclosure Agreements.
In particular circumstances, the disclosure of Personal Data is necessary, but encompasses only our employees, contractors, and affiliated organizations, and is limited to those cases where one of these parties needs to know that information in order to process it on behalf of Sympheny, or to provide Services available at Sympheny's Sites.
Our employees, contractors, and affiliated organizations may also be located outside the home country of the user. Thus, by using Sympheny's Site, users consent to the transfer of such information to them.
Other than the case described above, Sympheny may need to disclose Personal Data in response to a subpoena, court order, or other governmental request, or when Sympheny believes in good faith that disclosure is reasonably necessary to protect the property or rights of Sympheny, third parties, or the public at large.
Sympheny Uses Cookies
We use technical cookies that are necessary for the functionality and improvement of the Sites to identify visitors, keep preferences, etc. These cookies do not include any cookies set for advertisement purposes and/or for the purpose of tracking the user over multiple websites.
However, by using our Sites, you consent to cookies used for collecting data on the user’s visits and/or for advertisement purposes by the following third-party services:​
- Google Analytics and Google Ads​
- Twitter​
- Vimeo​
- Facebook​
- LinkedIn​
- Bing
You can always turn cookies off. The Help feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.
Sympheny Might Change
If Sympheny, or substantially all of its assets, are acquired, user information would be one of the assets that is transferred or acquired by a third-party. You acknowledge that such transfers may occur, and that any acquirer of Sympheny may continue to use your Personal Data as set forth in this Privacy Policy.
Sympheny Updates its Privacy Policy
We may update this Privacy Policy from time to time. You can always find the latest version of the Privacy Policy on our Site. We undertake to inform our customers regarding updates of this Privacy Policy in our newsletters.
Contact
Please don't hesitate to contact us at support@sympheny.com if you have any questions about our Privacy Policy, regarding other privacy-related manners, or for any request related to the processing of your Personal Data.