Privacy policy

We respect your identity and privacy and ensure that they are protected and that your personal data is processed in accordance with the applicable laws. Furthermore, we only collect information that is essential for delivering our services to you in a proper way and follow a minimalistic approach to the collection of any kind of personal data.

Personal data includes all the details and information that refer to a specific or identifiable person.

This Privacy Policy is our way of informing you which of your data we process, why we require this data and how you can object to your data being collected.

When we refer to the processing of your personal data in this Privacy Policy, we mean all the ways in which your personal data is handled. This includes data storage, processing, use, deletion, etc.

Who is responsible for data processing?

foorilla LLC, headquartered in Zurich, Switzerland, is responsible for processing your data.

If you have any questions or comments regarding data protection please do not hesitate to contact our in-house data protection officer via data@changestack.io.

Why do we collect personal data?

Data is only ever processed for specific purposes. This could be out of technical necessity or due to contractual requirements, legal provisions, overriding interest, i.e. for legitimate reasons, or if you have granted your express consent. We collect, store and process personal data where necessary. This includes for the purposes of managing customer relationships, providing our products and services, processing orders and contracts, making sales and issuing invoices, responding to questions and concerns, preparing information on and marketing our products and services, assisting with technical issues and evaluation and further developing products and services.

What data is processed when our websites are used?

You can visit our websites without having to provide any personal information as a matter of principle. When you create an account, we need to collect some personal information, such as your e-mail address. When you visit our websites, our servers temporarily store each access in a log file. The following technical data is collected in the process and stored until it is automatically deleted after nine months at the latest:

  • IP address of the computer requesting access
  • The date and time of access
  • The website from which our website is being accessed, including the search term where applicable
  • The name and URL of the file being requested
  • Any search queries performed (webpage’s general search function, products, etc.)
  • The operating system on your computer (provided by the user agent)
  • The browser you are using (provided by the user agent)
  • The type of device when accessed via mobile phone
  • The transmission protocol being used

This data is processed and collected for the purposes of system security and stability and for analysing errors and performance as well as for internal statistical purposes. It enables us to optimise our website.

The IP address is also analysed together with other data when there is an attempt to access the network infrastructure or in the event of other unauthorised or improper use of our websites for information and defence purposes and, where applicable, is used for the purposes of identification during criminal proceedings and in civil and criminal procedures against the data subject.

With your authorization we may also obtain information about you from other sources. For example, if you create or log into your account through GitHub, GitLab or Bitbucket we may receive information from that service (such as your username and e-mail address). The information we receive depends on which services you authorize and any options that are available.

Finally, when you visit our websites, we use cookies and other applications and tools which are based on cookies. You can find further details below in this Privacy Policy.

What data is collected when services are purchased?

For contractual reasons, we require personal data for online orders and the purchase of certain products and services in order to carry out our services and to conduct the contractual relationships concluded in this connection.

When services are purchased, we collect (depending on the product or service) the following data, among others:

  • The name and e-mail address
  • Other details such as a billing address
  • The type of product or service being purchased
  • The price

What are cookies and when are they used?

We only use cookies in cases where they are necessary for our website to function properly, for example to authenticate a user after logging in. Cookies are small files that are stored on your computer or mobile device when you visit or use our websites. Cookies store certain settings via your browser and data about the exchange with the website via your browser. When a cookie is activated, it can be given an identification number via which your browser is identified and via which the information contained in the cookie can be used.

How are tracking tools used?

We use our own internal web analytics tools for the purposes of designing and continuously optimising our services.

In addition to the data listed above (see “What data is processed when our websites are used?”), we receive the following information as part of the process:

  • The navigation path via which the visitor is accessing the website
  • The length of time spent on the webpage or subpage
  • The subpage from which the visitor leaves the website
  • The country, region or city from which the visitor accesses the website
  • The device (type, version, colour depth, resolution, width and height of the browser window)
  • Returning or new visitors

This information is used to evaluate a visitor’s use of our websites.

How long will your data be stored for?

Your data will be deleted once it is no longer required for the purpose for which it was collected (e.g. as part of a contractual relationship). If there are legal or factual obstacles that prevent us from deleting the data (e.g. legal obligation of safekeeping), it will be made unavailable instead.

What rights do you have in relation to your personal data?

You have the following rights in relation to your personal data:

  • You can request information about the personal data we have stored
  • You can request for your personal data to be rectified, supplemented, blocked or deleted
  • If you have set up a user account, you can delete this or have it deleted
  • You can object to your data being used for marketing purposes

To exercise these rights, simply write an e-mail to: data@changestack.io

Will data be disclosed to third parties?

Your personal data will not be disclosed, sold or transmitted in any other way to third parties outside our services unless this is necessary for the purposes of executing a contract or you have granted your express consent.

External service providers (for example payments or accounting firms) that process data on our behalf are under strict obligations as regards the Swiss Federal Act on Data Protection. Under data protection law, these external service providers are therefore not considered third parties.

Will your personal data be transmitted abroad?

We are also authorised to transmit your personal data to third parties (for example external service providers) abroad. These are obliged to comply with data protection law to the same extent as we are. If the level of data protection in a country does not match that in Switzerland, we shall contractually ensure that your personal data is protected to the same level as in Switzerland at all times.

Data security

We employ suitable technical and organisational security measures to protect the personal data we store from manipulation, partial or total loss and unauthorised access by third parties. Our security measures are continuously improved in line with technological development.

We also take data protection within changestack.io very seriously. Our staff and the external service providers working on our behalf are committed to maintain confidentiality and to comply with data protection provisions.

We will take appropriate precautionary measures to protect your data. However, the transmission of information over the Internet and other electronic means always carries certain security risks and we cannot offer any guarantee as regards the security of information transmitted in this way.

Amendments to this Privacy Policy

We reserve the right to amend or supplement this Privacy Policy at any time at our discretion. Please consult this Privacy Policy regularly.

Effective date: April 1, 2021