Effective Date: June 1st, 2020

Cortexia SA (“we”, “us”, “our”) operates the website www.cortexia.ch (hereinafter referred to as the “Service”).

This page explains our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices available to you regarding such data.

We use your data to provide and improve the Service. By using the Service, you consent to the collection and use of information in accordance with this policy Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meaning as in our Terms and Conditions which are available at https://www.cortexia.ch

Definitions

• Service Service means the website www.cortexia.ch operated by Cortexia SA.
• Personal data Personal Data means data about a living individual who can be identified from such data (or from such data and other information in our possession or likely to come into our possession).
• Use Data Usage Data is collected automatically and is generated either by the use of the Service or by the infrastructure of the Service itself (for example, the duration of a page consultation).
• Cookies Cookies are small files stored on your device (computer or mobile device).
• Data Controller Controller means the natural or legal person (alone, or jointly or in common with others) who determines the purposes and manner in which all personal data are or shall be processed. For the purposes of this Privacy Policy, we are a Data Controller of your personal data.
• Subcontractors (or Service Providers) The term Subprocessor (or Service Provider) refers to any natural or legal person who processes data on behalf of the Data Controller. We may use the services of more than one Service Provider in order to process your data more efficiently.
• Person Concerned (or User) A Concerned Person is any living person who uses our Service and is the subject of Personal Data.

Data Collection and Use

We collect several types of data for different purposes in order to provide you with our Service and to improve it.

Types of Data Collected

Personal Data

When you use our Service, we may ask you to provide us with certain personally identifiable information that may be used to contact or identify you (“Personal Information”). Personally Identifiable Information may include, but is not limited to:

• Email address
• First and last name
• Phone number
• Address, town, canton, postal code
• Cookies and Usage Data

We may use your Personal Data to send you newsletters, marketing communications or promotions and other information that may be of interest to you. You can choose not to receive any communications from us or to receive only certain communications by clicking on the unsubscribe link or by following the instructions in each of the emails we send.

Usage Data

We may also collect information relating to how you access and use the Service (“Usage Data”). This Usage Data may include information such as the Internet Protocol address (i.e., IP address) of your computer, browser type, browser version, the pages of our Service that you visit, the date and time of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Location data

We may use and store data about your location if you authorise us to do so (“Location Data”). We use this data to provide the functionality of our Service and to improve and customize our Service.

When you use our Service, you may enable or disable Location Data services at any time using your device settings.

Tracking and Cookie Data

We use cookies and other similar tracking technologies to track activity in our Service, and we retain certain information.

Cookies are small data files that may contain an anonymous unique identifier. Cookies are sent to your browser from a website and are stored on your device. Other tracking technologies such as pixels, tags and scripts are also used to collect and track information and to improve and analyze our Service.

You can set your browser to refuse all cookies or to notify you when a cookie is being sent. . However, if you do not accept cookies, you may not be able to use certain elements of our Service.

Examples of cookies we use:

• Session Cookies: We use Session Cookies to operate our Service.
• Preferences Cookies: We use preference cookies to remember your preferences and settings.
• Security Cookies. We use Security Cookies for security reasons.
• Advertising Cookies: Cookies allow us to show you advertisements that we think you might be interested in and that match your interests.

Use of Data

Cortexia SA uses the collected data for various purposes:

• To provide and ensure our Service
• To let you know about changes to our Service
• To allow you to use the interactive features of our Service whenever you want to do so
• To ensure customer support
• To collect valuable data or analysis that will allow us to improve our Service
• To control the use of our Service
• To detect, prevent and solve technical problems
• To let you know about news, special offers and general information about other goods, services and events we offer that are similar to those you have already purchased or inquired about, unless you have already indicated that you do not wish to receive such information.

Legal basis for the processing of personal data under the General Data Protection Regulations (GDPR)

If you reside in the European Economic Area (EEA), the legal basis of Cortexia SA with regard to the collection and use of Personal Data described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

Cortexia SA peut traiter vos Données à Caractère Personnel:

• Because we need to perform a contract with you
• Because you authorized us to do so
• Because we have a legitimate interest in carrying out this processing and your rights do not take precedence over this legitimate interest
• To respect the law.

Data Retention

Cortexia SA will only keep your Personal Data as long as necessary for the purposes stated in this Privacy Policy. We will retain and use your Personal Data only to the extent necessary for us to fulfil our legal obligations (for example, to comply with applicable law), to resolve disputes and to enforce our agreements and policies.

Cortexia SA will also retain the Usage Data for internal analysis purposes Usage Data is generally kept for a shorter period of time, except when this data is used to enhance the security or improve the functionality of our Service, or if we are legally obliged to keep this data longer.

Data transfer

Information about you, including your Personal Data, may be transferred from your region, province, country, or other territorial division to and stored on computers located in a place where data protection laws differ from the jurisdiction in which you reside.

If you reside outside of Switzerland and choose to provide information to us, please be aware that we transfer data, including Personal Data, to and from Switzerland and process it there.

By accepting this Privacy Policy and submitting this information, you consent to this transfer.

Cortexia SA will take all reasonably necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy and your Personal Data will not be transferred to any organisation or country unless adequate controls are in place, in particular with regard to the security of your data and other personal data.

Disclosure of Data

Commercial operation

If Cortexia SA is involved in a merger, acquisition or sale of assets, your Personal Data may be transferred. Before your Personal Data is transferred and becomes subject to a different Privacy Policy, we will notify you.

Disclosure of Data to Law Enforcement Agencies

Under certain circumstances, Cortexia SA may be required to disclose your Personal Data if required by law or in response to valid requests from public authorities (e.g. a court or government agency).

Legal requirements

Cortexia CH may disclose your Personal Data if it believes in good faith that this is necessary to:

• Fulfill a legal obligation
• To protect and defend the rights or property of Cortexia SA.
• Preventing or investigating possible wrongdoing within the Service
• To ensure the personal safety of users of the Service or the public
• Protecting yourself against civil liability

Data security

The security of your data is important to us. However, please keep in mind that no method of data transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable methods to protect your Personal Information, we cannot guarantee its absolute security.

Data protection rights granted to you by the General Data Protection Regulations (GDPR)

If you live in the European Economic Area (EEA), you have certain data protection rights. Cortexia SA intends to take reasonable steps to enable you to correct, amend, delete or limit the use of your Personal Data.

If you wish to know what Personal Data we hold about you and would like it deleted from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

• The right to access, update or delete the information we hold about you. Where this option is provided, you can view or update your Personal Data or request its deletion in the settings section of your account. If you are unable to perform these actions yourself, please contact us for assistance.
• Right of correction. You have the right to have your data corrected if it is inaccurate or incomplete.
• Right of opposition. You have the right to object to our processing of your Personal Data.
• Right of limitation. You have the right to ask us to limit the processing of your Personal Data.
• Right to data portability. You have the right to receive a copy of the information we hold about you in a commonly used, structured and machine-readable format.
• Right to withdraw consent. You also have the right to withdraw your consent at any time if Cortexia SA AG has relied on your consent to process your personal data.

Please note that we may ask you to prove your identity before responding to such requests.

You have the right to complain to a data protection authority about our collection and use of your Personal Data. For further details, please contact your nearest data protection authority in the European Economic Area (EEA).

Service Providers

We may use third party companies and third parties to facilitate the provision of our Service (“Service Providers”), to provide the Service on our behalf, to provide services related to the Service or to assist us in analyzing how our Service is used.

These third parties only have access to your Personal Information to perform these tasks on our behalf and are prohibited from disclosing or using it for any other purpose.

Analyses

We may use third party Service Providers to monitor and analyze the use of our Service.

• Google Analytics Google Analytics is a web analytics service offered by Google that tracks and reports on website traffic Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the data collected to contextualize and customize ads from its own advertising network. You can prevent your activities within the Service from being made available to Google Analytics by installing the Google Analytics Opt out browser add-on plug-in. This plug-in prevents the Google Analytics JavaScript code (ga.js, analytics.js, and dc.js) from sharing information about visit-related activities with Google Analytics. For more information about Google’s privacy practices, please visit the Google Privacy and Terms webpage: https://policies.google.com/privacy?hl=en.
• For more information about Google’s privacy practices, please visit the Google Privacy and Terms webpage: https://policies.google.com/privacy?hl=en

Emailing

We may use third party Service Providers to monitor and analyze the use of our Service.

• Marketing automation and emailing service provided bySendinblue For more details on Sendinblue’s privacy practices, please see the Sendinblue Platform Privacy Policy web page: https://fr.sendinblue.com/rgpd/

Advertising

We may use Third Party Service Providers to present advertisements to you to help support and maintain our Service.

• Google AdSense et cookie DoubleClick: As a third party provider, Google uses cookies to serve ads on our Service. Google’s use of the DoubleClick cookie enables Google and its partners to serve ads to our users based on their visits to our Service or other websites. You can refuse the use of the DoubleClick cookie for interest-based advertising by visiting the Google Ads Settings web page: http://www.google.com/ads/preferences/. http://www.google.com/ads/preferences/
• The AdMob by Google service is provided by Google You may opt out of the AdMob by Google service by following the instructions provided by Google https://support.google.com/ads/answer/2662922?hl=en
• For more information on how Google uses the data collected, please see “How Google uses data when you use our partners’ sites or app” http://www.google.com/policies/privacy/partners/ or see the Google Privacy Policy: http://www.google.com/policies/privacy/

Behavioural Remarketing

Cortexia SA uses remarketing services to present you with advertisements on third party sites after you have consulted our Service. We and our third-party suppliers use cookies to shape, optimise and deliver ads based on your previous visits to our Service.

• Google Ads (AdWords):The Google Ads (AdWords) remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
• Google also recommends installing the Google Analytics Opt-out Browser Add-on plug-in – https://tools.google.com/dlpage/gaoptout – in your web browser. The Google Analytics Opt-out Browser Add-on plug-in allows visitors to prevent Google Analytics from collecting and using their data.
• For more information about Google’s privacy practices, please visit Google’s Privacy Policy and Terms and Conditions: https://policies.google.com/privacy?hl=en
• Twitter:The Twitter remarketing service is provided by Twitter Inc. You can opt out of Twitter’s interest-based ads by following Twitter’s instructions: https://support.twitter.com/articles/201704
• To learn more about Twitter’s privacy practices and policies, please visit their privacy policy page:https://twitter.com/privacy
• Facebook:The Facebook remarketing service is provided by Facebook Inc. You can learn more about interest-based Facebook ads by visiting this page https://www.facebook.com/help/164968693837950
• To opt-out of interest-based Facebook Ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217Facebook adheres to the Principles of Self-Regulation for Online Behavioral Advertising established by the Digital Advertising Alliance. You may also opt out of Facebook and other participating companies through the Digital Advertising Alliance in the United States http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canadahttp://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europehttp://www.youronlinechoices.eu/, or by using your mobile device .
• For more information about Facebook’s privacy practices, please see Facebook’s data policy: https://www.facebook.com/privacy/explanation

Payments

We may offer paid products and/or services as part of the Service. In such cases, we will use third party services for payment processing (i.e., payment processing companies). We will not collect or retain your payment card information

Wewill not collect or retain your payment card information This data is directly communicated to the third party payment processing companies, which companies use your personal data in accordance with their privacy policy. These payment processors comply with the PCI-DSS standard managed by the PCI Security Standards Council, which is a collaborative effort between brands such as Visa, MasterCard, American Express and Discover. The PCI-DSS requirements help ensure the secure processing of payment information.

The payment processing companies we work with are:

– Apple Store In-App Payments Their privacy policy is available at https://www.apple.com/legal/privacy/en-ww/

– Google Play In-App Payments: Their privacy policy is available at https://www.google.com/policies/privacy/

– Stripe: Their privacy policy is available at https://stripe.com/us/privacy

– PayPal/Braintree: Their privacy policy is available at https://www.paypal.com/webapps/mpp/ua/privacy-full

Links to other sites

Our Service may contain links to other sites that we do not operate. If you click on a third party link, you will be redirected to that third party’s site. We strongly recommend that you review the privacy policy of each and every site you visit.

We have no control over the content, policies or privacy practices of third party sites or services and assume no responsibility or liability for them.

Children’s Privacy

Our Service is not intended for persons under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from persons under the age of 18. If you are a parent or guardian and you know that your Child has provided us with Personal Information, please contact us. If we learn that we have collected Personal Information from children without verifying parental consent, we will take steps to delete this information from our servers.

Processing of personal data that can be carried out by the CORTEXIA boxes equipped with cameras.

In the context of the use of its artificial intelligence software solution, the Cortexia Box, which aims to improve urban cleanliness and is installed on its customers’ municipal utility vehicles (e.g. sweepers, bicycles, etc.), CORTEXIA may inadvertently collect personal data about you. CORTEXIA and its customer, i.e. the legal entity operating the municipal vehicles, are jointly responsible for the processing. The Cortexia Box is not a video surveillance system, as it is in no way intended for surveillance, nor does it operate in the same way as such a system.

What personal data can we possibly collect?

In order to analyse the litter on the ground, the Cortexia-Box is equipped with a camera that is pointed at the ground and can only inadvertently capture images of your face or your vehicle’s number plate if you are too close to it (e.g. if you crouch down next to one of the commercial vehicles equipped with a Cortexia-Box). No personal data is intentionally collected by CORTEXIA via the Cortexia box.

For what purposes do we process your personal data?

In operational mode, the Cortexia box immediately processes the collected images, which are transformed into digital cleanliness metadata (type and amount of waste detected, timestamp) to create urban cleanliness graphs and schemes for CORTEXIA’s clients. Thus, beyond the initial collection, no images that could unintentionally contain personal data about you (e.g. face or car registration number) are stored, used and/or forwarded (or processed in a broader sense).

To ensure the quality of the image processing by the Cortexia Box, CORTEXIA uses a sample of a few images per day. As part of this processing, no images containing personal data are intentionally transmitted to CORTEXIA and consequently processed by CORTEXIA, its client or any of its subcontractors. The Cortexia box independently identifies images that may contain personal data and does not allow the transmission of these images.

On what legal basis do we process images containing personal data that we may collect?

The unintended processing of your personal data in the context of the operation of the Cortexia Box is based on the legitimate interest of CORTEXIA and its client.

Do we share images that may contain your personal data?

At no time does CORTEXIA share images that may contain your personal data. This is because, as explained earlier, the images are not stored but immediately converted into digital metadata for cleanliness by the Cortexia box. Furthermore, only images that do not contain personal data are shared with CORTEXIA and its subcontractors for quality control purposes.

Do we store images that may contain your personal data?

As explained above, no images that may contain personal data about you are recorded and, therefore, kept.

What measures do we take to guarantee the security of the Cortexia-Boxes?

CORTEXIA has put in place organisational and technical measures to guarantee the security of the Cortexia-boxes (e.g. regular maintenance, use of a private APN network for the computer channels).

What are your rights?

You have the following rights in relation to images that may contain your personal data (face and/or number plate):

Right of access: i.e. the right to obtain confirmation that inadvertently captured images containing your personal data are or are no longer being processed and, where they are, access to such data, as well as various information including the purposes of the processing, the category of personal data, the recipient(s) of the personal data etc.

Right to erasure: i.e. the right to request the erasure of inadvertently collected images containing your personal data, even if, as indicated above, none of these images are recorded and therefore retained by CORTEXIA.

Right to object to the processing of your personal data based on a legitimate interest, unless there are compelling legitimate grounds that override your interests.

Right to lodge a complaint with the personal data protection authority in your country (in France this is the CNIL).

The right to lodge a complaint with the personal data protection authority in your country (in France this is the CNIL).

Right to lodge a complaint with the personal data protection authority in your country (in France this is the CNIL).

In addition, you may have the right to rectification and portability of your personal data and the right to establish post-mortem policies.

To exercise your rights, you can contact CORTEXIA directly.

By email: contact@cortexia.ch

by mail: CORTEXIA SA, Route De Vevey, 1618 Châtel-St-Denis, SWITZERLAND.

You may be asked for proof of identity if CORTEXIA has doubts about your identity.

We also inform you that CORTEXIA is responsible for informing and managing the response to the exercise of a data subject’s rights under the joint responsibility agreement between CORTEXIA and each of its customers, in accordance with Article 26 of the GDPR.

Changes to this Privacy Policy

We reserve the right to update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

Before the change takes effect, we will notify you by e-mail and/or by placing a prominent notice on our Service and we will update the “effective date” at the top of this Privacy Policy.

You should check this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

How to contact us

If you have any questions about this Privacy Policy, please contact us:

• By email: info@cortexia.ch or by clicking on this link.