Privacy Policy
1. Introduction
The purpose of this privacy policy is to explain how Nezasa collects and uses your personal data, the type of information we collect when you visit our website, how we use the collected information and when this information may be shared.
Privacy laws around the globe require Nezasa to provide you with certain information applicable to our collection of your personal data, which, for the purpose of this privacy policy, refers to any information that used alone or combined allows you to be identified.
Because protecting your privacy is a priority for us, we may update these terms from time to time, so we encourage you to review this policy periodically.
2. Who is Nezasa and who is responsible for Data Processing?
Nezasa is a technology company with offices in Switzerland and Lisbon and legal entities in both countries. Nezasa AG is responsible for this website and is also the data controller and responsible for processing your data.
We develop and market a software solution designed for businesses in the travel industry.
If you wish to contact us to exercise your privacy rights or if you have a specific question about how we process your data, please use the following details:
Attn: Data Protection Officer
NEZASA AG
Legal & Compliance Department
Sihlstrasse 99
8001 Zurich
Switzerland
Email: privacy@nezasa.com
Phone: +41 44 500 34 00
You can also use submit a Privacy & Security request on our support form: Submit a Privacy & Security request
If you have any complaints regarding our compliance with this Privacy Policy, please contact us. You also have the right to file a complaint with a competent data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach such authorities, so please contact us in the first instance.
3. Age restrictions
Nezasa provides a software solution for companies in the travel industry, therefore this website is not designed for children. We do not knowingly collect information from anyone under the age of 16. If you are under 16, we recommend that you leave the website.
4. Data Nezasa collects about you
As a visitor to our website, whether you are a customer, a potential customer, a supplier, a partner or an employee of any of the above, or a job applicant, we may collect and use your personal information to operate our website and to provide you with the information, products or services you have requested.
Depending on how you use our website, we may collect, use, store and transfer different types of personal information, which we describe below:
- Identity Data: may include first name, middle name, last name, username or similar identifier, the name of your current company or employer, job title, industry sector and country of residence or work.
- Contact Data: may include address, email addresses, telephone numbers (mobile and/or landline).
- Technical Data: includes information about how you access and use our websites such as your login data (if applicable), browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites, the pages you have visited on our websites and the links you have followed on them. When you use Nezasa websites, information is collected about your device and your visit including the date, time and duration of visits (including whether it’s a first visit or a repeat visit), browsing, searching and purchasing activity as you interact with our sites; IP (Internet Protocol) address; web addresses of the sites you come from and go to next, including whether you visited the website directly or were referred to it from another website or link; location information consistent with your browser settings; and information about your connection, including your device’s browser, operating system, internet service provider, and platform type.
- Profile Data: includes your interests, preferences (e.g. if you have accepted cookies), feedback and any survey responses.
- Marketing and Communications Data: includes your preferences for receiving marketing communications from us.
- Employment Data: includes your current and past employment experience, qualifications, skills, interests and any other information you provide in connection with an application for a position within Nezasa.
We may gather, utilise, and share aggregated data, such as statistical or demographic information, for any purpose. Aggregated data is derived from your personal information but is not considered personally identifiable as it doesn’t directly or indirectly reveal your identity.
If we combine or link aggregated data with your personal information, making it possible to identify you directly or indirectly, we treat the combined data as personal information and handle it according to this Privacy Policy.
5. How does Nezasa collect your personal data
We may obtain your data in a number of ways, including through:
Direct interactions:
- Through filling forms either on our website or social media channels;
- Through in person interactions where you may give us your name, company, email address, telephone number and other information;
- Through interactions made by telephone, email or direct mail.
This includes personal data you provide when you:
- Fill out a form to request our products or services, a demo or a contact;
- Subscribe to our newsletter;
- Fill out a form to access content produced and facilitated by Nezasa;
- Attend conferences, meetings, webinars and seminars, which may or may not be organised by Nezasa, and give us your details or business card.
- Publicly Available Sources: We may access personal data from publicly available sources, such as business directories, databases. This data may include: name, job title, company affiliation, contact information and other relevant professional information
- Third Party Sources: We may also obtain personal data about you from third party platforms, including social media sites or and professional networking platforms where you may have publicly shared professional information. If you apply for a job we may also receive employment, identity and contact data from third party recruitment agencies
- Cookies and Tracking Technologies: We may use cookies and similar technologies to collect information about your interactions with our website and services, such as technical data about your equipment, browsing actions, traffic origin, pages visited and patterns.
6. How Nezasa uses your personal data
Nezasa uses your personal data for various purposes, including:
- Responding to requests for information, providing our services, activating your account, billing, technical support, product development and payment processing.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
- Where we need to comply with a legal or regulatory obligation
In general, we rely on explicit consent as the legal basis for processing your personal data, except in situations where legitimate interest applies.
We collect and use personal data for specific purposes. The table below sets out for each activity and purpose the type of data involved and the legal basis for that processing.
Please note that:
- In some cases we may have multiple legal justifications for using personal information. If we are required by law or contract to collect information and you don’t give us access, we may not be able to provide the service as expected.
- You may withdraw your consent at any time.
7. How Nezasa uses your data for marketing purposes
Unless you have opted out of receiving marketing communications, you may receive marketing communications from us by email or telephone:
- Provided your consent in direct interactions
- Provided us with your details when you have requested information from us by filling in a form on our website or social media, giving us your consent to send you marketing communications
- Purchased our solutions
We do not sell, rent, lease or otherwise disclose our customer lists to third parties.
8. Opt-Out & Unsubscribe from Nezasa marketing communications
You have the right to request that we stop sending you marketing communications. To opt-out or unsubscribe, i.e. to stop receiving communications from us, you can follow the unsubscribe instructions included in any marketing email or contact us directly using the details provided in Chapter 2.
Please note that unsubscribing from operational communications may result in the loss of important information related to your account, such as service terms and conditions updates and product updates. We recommend that you consider this option carefully to ensure that you remain informed about matters relevant to your service.
If you have any questions or need assistance with opting out, please contact us.
9. Use of Cookies
You can set your browser to refuse cookies or to notify you when they are used. However, disabling cookies may affect your ability to access certain features of the site.
For more details about the specific cookies we use, please see our Cookie Policy.
10. How Nezasa may share your personal data
Where we are the data processor, we may also use sub-processors. A sub-processor is a third party data processor who may access or process your data (which may include your personal data) or your customers’ data where we act as a data processor. Nezasa works with various vendors and partners to assist in the provision, administration, maintenance and billing of our services. We share personal information with these entities as necessary to enable them to perform their functions on our behalf. We require these vendors and partners to safeguard the personal information we share with them and to limit their use of that information solely to the purposes for which it was provided. We do not allow these vendors and partners to use this information for their own marketing purposes.
We may share your personal information with the following entities in order to provide our services:
- Service Providers: We may share Personal Data with our third party service providers who help us in delivering our services, including cloud storage providers, payment processors, fulfilment partners, security vendors, and data analytics vendors. For example, we use service providers for data hosting, application development, marketing, sales support and customer support.
- Marketing Partners: Third parties that help us with marketing and promotional activities, but also third-party analytics partners to analyse website traffic and understand User or customer needs and trends
- Partners and/or Third-Party: Services you choose to integrate with our platform that may access your data.
- Business Partners: Affiliates or partners who provide complimentary services or technology.
- Legal Authorities: Law enforcement or other parties in connection with legal requests, to comply with applicable laws, or to prevent harm.
- Other: relevant third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business.
Where third parties are given access to Personal Data, we will take appropriate and necessary contractual, technical and organisational measures designed to ensure that personal information is processed only to the extent that such processing is necessary, consistent with this Privacy Policy, and in accordance with applicable law.
Our current list of sub-processors is available here.
11. How Nezasa handles international data transfers
Nezasa is a Swiss company that operates globally, processing data for individuals worldwide. To conduct our business, we may need to transfer your personal information outside of your state, province, or country, including to the United States. Additionally our third-party service providers or subprocessors may be located outside the European Economic Area (EEA). When this is the case, their processing of your personal data involves a transfer of data outside the EEA.
This data may be subject to the laws of the countries where we send it. We take steps to protect your information when we send your information across borders. To ensure a consistent level of protection for your personal data, we employ the following safeguards whenever we transfer it outside the EEA:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For more information, please refer to the European Commission’s guidelines on the adequacy of data protection in non-EU countries.
- Where we use certain service providers not under the category above, including those located in the US, we may use specific contracts approved by the European Commission, known as Standard Contractual Clauses (SCCs), which give personal data an equivalent level of protection to which it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
12. Security of Your Personal Data
The security of your personal information is a priority and we’ve put in place appropriate measures to prevent unauthorised access, alteration, disclosure, or loss of your information. Access to your data is restricted to employees, agents, contractors, and third parties who have a legitimate business need to know. These individuals are bound by confidentiality obligations and process your information on our behalf.
We have established procedures to address any suspected data breaches and will notify you and relevant regulators as required by law.
When transmitting sensitive information, such as credit card numbers, we employ encryption protocols like Secure Sockets Layer (SSL) to safeguard your data during transmission.
13. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements.
Retention periods will be determined by factors such as the volume, nature and sensitivity of the data, the risk of harm from unauthorised access, the purposes of the processing, alternative means of performance and legal obligations.
To inquire about retention periods for specific types of data, please contact us using the contact details provided in section 2.
14. Your Legal Rights
You have a range of options regarding your personal data:
- Access Your Data: Request a copy of the information we hold about you to verify its accuracy and processing basis.
- Correct Your Data: Request the correction of any inaccurate or incomplete data we hold about you.
- Delete Your Data: Ask us to delete your information if it’s no longer necessary for the purposes for which it was collected, or if you withdraw your consent. However, in some cases, legal obligations may prevent us from complying with this request.
- Object to Processing: Object to the use of your data for a particular purpose, especially if it affects your privacy. our data being used for a specific purpose, particularly if it impacts your privacy. We’ll weigh your request against the legitimate reasons we have for processing your data.
- Restrict Processing: Request us to temporarily pause processing your data under specific circumstances, such as verifying its accuracy, contesting its use, or needing it for legal reasons.
- Data Portability: Request a transfer of your data to you or a third party in a structured and commonly used format. This applies primarily to automated information you initially consented to us using or data used to fulfil a contract with you.
- Withdraw Consent: You can withdraw your consent for us to process your data at any time. This doesn’t affect the legality of processing done before your withdrawal, and some services may become unavailable.
To exercise any of these rights, contact us at privacy@nezasa.com or use the contact details available in section 2.
When you exercise your legal rights:
- There’s typically no charge for accessing or managing your data. However, excessively repetitive or unfounded requests may incur a reasonable fee, or we may be unable to fulfil them.
- In order to ensure data security, we may ask for specific information. This helps prevent unauthorised access to your data. We might also contact you for additional details to process your request efficiently.
- We aim to respond to all legitimate requests within one month. Complex requests or multiple requests may take longer, but we’ll keep you informed in such cases.
Effective as of 28 October, 2024