xorlab Data Privacy Policy

This Data Privacy Policy (“Policy”) provides an overview of how xorlab AG (“xorlab”, “we”, “our”), via our websites, products and services, handle privacy, and how we protect your Personal Data.

Data and its protection belong to the core of our business. xorlab as well as our employees, contractors and service providers are committed to providing you with transparency and choice when it comes to Personal Data. We thereby define Personal Data as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

We aim to process Personal Data in accordance with applicable legislation, while considering and transparently balancing the relevant interests of our customers, ourselves and other stakeholders.

We invite you to carefully read this Data Privacy Policy, which sets out in which context we are processing your Personal Data and explains your rights and our obligations when doing so. Certain products and services provided by xorlab may have additional specific privacy notices that describe how we handle Personal Data for those products and services. If any other privacy notice conflicts with this Data Privacy Policy, such specific notice will take precedence.

We may update this Data Privacy Policy from time to time. If we modify our Data Privacy Policy, we will post the revised version on this website, with an updated revision date. You agree to visit these pages periodically to be aware of and review any such revisions. If we make material changes to our Data Privacy Policy, we may also notify you by other means prior to the changes taking effect, such as by posting a notice on our websites or sending you a notification. By continuing to use our website or our products and services after such revisions are in effect, you accept and agree to the revisions and to abide by them.

A. What this Data Privacy Policy covers

This Data Privacy Policy describes the following general aspects of our collection and processing of Personal Data concerning you.

  • What Personal Data we collect;
  • On what grounds and how we process your Personal Data;
  • Marketing and Community Networking
  • How we protect your Personal Data;
  • How we disclose your Personal Data;
  • Your privacy rights;
  • Contact us.

Please refer to our complementary product and service privacy notices for additional detail specific to those products and services.

B. What Personal Data we collect

a. General

When you visit and use our websites, products and services, we may collect data or ask you to provide certain data, including Personal Data, about you as you use our websites, products and services and interact with us, for the purpose of helping us manage our relationship with you. “Personal Data” is any data relating to an identified or identifiable individual. If we link other data with your Personal Data, we will treat that linked data as Personal Data. We also collect Personal Data from trusted third-party sources and engage third-parties to collect Personal Data to assist us. Personal Data may include:

  • Contact details, such as name, mailing address, email address and phone number;
  • Shipping and billing data, including credit card and payment data;
  • Your transaction history;
  • Data you provide to us to receive technical assistance or during customer service interactions;
  • Data about your computer or device, including browser type and settings, IP address and traffic data relating to your Internet connection;
  • Product performance data and details about how you use our products and services.

We collect Personal Data for a variety of reasons, such as:

We and the third parties we engage may combine the information we collect from you over time and across our websites and Products and Services with information obtained from other sources. This helps us improve its overall accuracy and completeness, and also helps us better tailor our interactions with you.

If you choose to provide xorlab with a third party’s personal information, you represent that you have the third party’s permission to do so.

b. Website

Most of our services provided on our websites do not require any form of registration, allowing you to visit our website without telling us who you are. However, some services may require you to provide us with Personal Data, which may include your direct identifiers, such as name, birth date, email address or telephone number. We may collect and use Personal Data to provide you with products or services, answer your inquiries, to bill you for products and services you request, to market products and services which we think may be of interest to you, or to communicate with you for other purposes which are evident from the circumstances or about which we inform you when we collect Personal Data from you.

We may collect and process information about your visit to our websites, such as the pages you visit, the website you came from and some of the searches you perform. Such information is used by us to help improve the contents of the website and to compile aggregate statistics using our site for internal, market research purposes. In doing this, we may install “cookies” (see further below) that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access.

D. Marketing and Community Networking

xorlab has a legitimate interest in promoting our commercial offerings and to optimize the delivery of communications to that effect to our customers and audiences that are most likely to find them relevant. We will therefore collect and process data to that end as explained below. However, where we are legally required to obtain your consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such consent from you. If you do not want to continue receiving any marketing materials from us, you can click on the unsubscribe function in the communication or e-mail.

a. Cookies

Cookies help to make your visit of our website easier, more enjoyable, and more efficient.

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain Personal Data, but Personal Data that we store about you may be linked to the information stored in and obtained from cookies.

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. Browsers regularly allow you to set your browser to notify you when you receive a “cookie”, this will enable you to decide if you want to accept it or not. You may also deactivate Cookies. However, if you do not accept our Cookies, you may not be able to use all functionalities of your browser software.

In addition, you may prevent or stop the installation and storage of cookies by your browser settings by downloading and installing the free Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout?hl=en.

If you do not accept cookies, you may not be able to fully experience all functions of our website.

d. Legitimate interest (in accordance with Recital 47 of the GDPR)

When delivering our products, services and communications to you as well as to our other customers and partners, we may process Personal Data of you to:

  • communicate commercial promotions, updates and upgrades of products and services;
  • provide quotes for our products and services;
  • research and implement product improvements;
  • evaluate and improve the performance and quality of our products, services and websites;
  • provide you with a customized experience when you visit our websites;
  • allow interoperability within our applications;
  • secure our systems and applications;
  • allow for the provisioning of services;
  • prevent fraud;
  • enforce our legal rights;
  • share your data with partners for sales conversions and lead generation.

e. Legitimate interest (in accordance with Recitals 39 and 49 and Article 32 of the GDPR)

Some of our products and services support organizations to comply with Recital 39 and Article 32 of the GDPR, ensuring that Personal Data is processed in a manner that ensures appropriate security and confidentiality, including for preventing unauthorized access to or use of Personal Data and the equipment used for processing.

  • sender email addresses (e.g., of sources of Spam);
  • recipient email addresses (e.g., of victims of targeted email cyberattacks);
  • reply-to email addresses (e.g., as configured by cybercriminals sending malicious email);
  • filenames and execution paths (e.g., of malicious or otherwise harmful executable files attached to emails);
  • URLs and associated page titles (e.g., of web pages broadcasting or hosting malicious or otherwise harmful contents);
  • IP addresses (e.g., of web servers and connected devices involved in the generation, distribution, conveyance, hosting, caching or other storage of cyber-threats such as malicious or otherwise harmful contents).

Depending on the context in which such data is collected, it may contain Personal Data concerning you or any other data subjects. However, in such cases, we will process the data concerned only to the extent strictly necessary and proportionate to the purposes of detecting, blocking, reporting (by removing any personally identifiable elements) and mitigating the cyber-threats of concern to you, and to all organizations relying on our products and services to secure their networks and systems. When processing Personal Data in this context, we will not seek to identify a data subject unless strictly indispensable to the remediation of the cyber-threats concerned, or required by law.

F. How we disclose your Personal Data

a. General

We do not sell, lease, rent or give away your Personal Data. We may share your Personal Data with third parties for the purposes of operating our business, delivering, improving, and customizing our solutions, sending marketing and other communications related to our business, and for other legitimate purposes permitted by applicable law or otherwise with your consent.

b. Business Partners

We may provide your Personal Data to our business partners for the purpose of allowing them to conduct business. This may include:

  • so that these business partners may share information with you about their products or services;
  • to provide a requested product, solution, service or transaction;
  • in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or to another company.

G. Your Privacy Rights

Whenever we process Personal Data, we take reasonable steps to ensure that your Personal Data is kept accurate and up-to date for the purposes for which it was collected. We will provide you with the ability to exercise the following rights under the conditions and within the limits set forth in the law:

  1. to ask us to provide you with information regarding the Personal Data we process concerning you (Article 15 of the GDPR);
  2. to rectify, update or complement inaccurate or incomplete Personal Data concerning you (Article 16 of the GDPR);
  3. to delete or request the erasure of Personal Data concerning you (Article 17 of the GDPR);
  4. in certain circumstances to obtain of us that we restrict the way in which we process Personal Data concerning you (Article 18 of the GDPR);
  5. to obtain of us the portability of Personal Data concerning you which we process using automated means on the basis of your consent or of a contract you have entered into with us (Article 20 of the GDPR);
  6. to object to our processing of Personal Data concerning you on the basis of our, or of third-parties’ legitimate interests (Article 21 of the GDPR);
  7. in the European Economic Area, to lodge a privacy complaint with a supervisory authority if you are unhappy with the way we have handled your Personal Data or any privacy query or request that you have raised with us (Article 77 of the GDPR).

In addition, you may at any time withdraw any consent you may have given for us to process Personal Data concerning you.

If you believe that your Personal Data was unduly collected or is unduly processed by xorlab for purposes relating to network and information security, please be aware that if it is determined that Personal Data concerning you is processed by xorlab because it is necessary for the detection, blocking or mitigation of convicted cyber-threats, in line with Article 21 (1) GDPR, objection, rectification or erasure requests may be rejected. It is our compelling legitimate interests to protect xorlab and our customers from cyber threats, and therefore our interest may override your objection, rectification or erasure requests until you demonstrate the measures necessary to dissociate your Personal Data from any identified cyber-threat.

Where your exercise of any of the rights above is dependent on xorlab’s action, we will abide by our legal obligation to take reasonable measures to ascertain your identity and the legitimacy of your request and may ask you to disclose to us any information necessary for that purpose. We will respond to legitimate request within 1 (one) calendar month. In certain limited circumstances, we may need to extend our response period as permitted by applicable law. Pursuant to any such requests, we may retain certain data necessary to prevent fraud or future abuse or as otherwise required or permitted by law, including to comply with legal obligations we are subject to, as well as to establish, exercise and defend our legal claims.

H. Contact us

xorlab AG ∙ Compliance ∙ Hohlstrasse 515 ∙ 8048 Zurich ∙ contact at xorlab . com

By contacting us, please note the name of the website, product or service related to your request, your relationship and/or interactions with us (as applicable), as well as the specifics of the information you would like us to provide.

In addition, you may at any time withdraw any consent you may have given for us to process Personal Data concerning you.