Privacy Policy
1. Scope and Applicability
Threatray ag (the “Company”) owns and operates this website (the “Website”). This privacy policy (the “Privacy Policy”) sets out how the Company uses and protects any information that you (the “User” or “you”) provide to the Company when you use this Website. The Company is responsible for processing your personal data. The Company reserves the right to amend this Privacy Policy at any time without prior notice. Only the current Privacy Policy shall apply.
2. Basis of Data Processing
The Company processes your personal data based on various bases:
- To safeguard the Company’s legitimate interests (the legal basis under the GDPR – if applicable – is article 6 para. 1 f). If you have any questions, please get in touch with the relevant contact referred to below;
- To meet legal obligations (the legal basis under GDPR – if applicable – is article 6 para. 1 c);
- Based on the User’s express consent, insofar as this is legally required (the legal basis under GDPR – if applicable – is article 6 para. 1 a).
3. Purpose of Data Processing
The Company processes your personal data for the following purposes:
- To communicate news and promotions that may be of interest to you;
- For the safe and stable operation of this Website;
- To improve the offered services.
4. Collection, Storage and Use of Personal Data
4.1 When Visiting the Website
When you visit our Website, your browser automatically sends information to our Website server. This information is temporarily stored in a log file. The following information is logged without your intervention and stored until it is automatically deleted:
- name of the page or file you accessed;
- date and time of the access;
- transferred data volume;
- indication whether the request was successful;
- description of the web browser used;
- operating system used;
- page visited previously;
- provider;
- your IP address.
We process these data for the following purposes:
- To ensure smooth Website connection;
- to ensure user-friendly interaction with our Website;
- evaluation of system security and stability; and
- other administrative purposes.
The legal basis for data processing under GDPR – if applicable – is article 6 para. 1 f. Our legitimate interest follows from the data collection purposes listed above. We do under no circumstances use the collected data for the purpose of drawing conclusions about you personally. In addition, we use cookies and analysis and marketing services when you visit our Website. Further information can be found in clause 5 of this Privacy Policy.
4.2 When Using Our Contact Form
f you have any questions, we offer you the opportunity to contact us via a contact form provided on the Website. In order for us to reply, it is necessary for you to provide your and your company’s name, contact details (email address) and a message. The provision of further information is optional. Data processing for the purpose of establishing contact is based on article 6 para. 1 b GDPR and your specific request.
4.3 When Registering For Our Newsletter
Our Website offers a newsletter subscription option. We use the newsletter to inform you about offers that may be of interest to you.
The registration to our newsletter is based on the double-opt-in procedure. This means that, after your initial registration, we will send a message to the email address you provided. The message will ask you to confirm your email address. If you do not confirm your registration within 24 hours, the information you provided will be locked and automatically deleted after one month. In addition to the email address you provide, we also store your IP address and the times of your registration and confirmation for the purpose of verifying your registration, in order to prevent possible misuse of your personal data.
The legal basis for data processing within the scope of the GDPR is your consent based on article 6 para. 1 a. You can revoke this consent at any time (and with effect for the future) by clicking the unsubscribe link in the newsletter.
5. Cookies
We typically use cookies and similar techniques on our Website to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our Website. When you visit the Website again, we can recognise you, although we don’t know who you are. In addition to cookies that are only used during a session and are deleted after your visit to the Website (“session cookies”), cookies can also be used to store user settings and other information for a certain period of time, e.g. two years (“permanent cookies”). However, you can set your browser to reject cookies, to save them only for one session or to delete them early. Most web browsers automatically accept Cookies.
5.1 Necessary Cookies
We use technically necessary cookies in some sections of our Website. Such file elements allow your computer to be identified as a technical unit during your visit to the Website in order to enable you to use our services. However, you usually have the option of setting your internet browser to inform you about the use of cookies so that you can allow or exclude them or delete existing cookies. Please use the help function of your internet browser to obtain information on how to change these settings. Please note that certain functions of our Website may not work properly if you have deactivated technically necessary cookies. Cookies do not allow a server to read private data from your computer or the data stored by another server. They do not damage your computer and do not contain viruses. Our use of technically necessary cookies is based on article 6 para. 1 f GDPR, i.e. the processing is carried out to enable the functioning of our Website. It is therefore necessary to protect our legitimate interests.
5.2 Additional Cookies
In addition, we use the following cookies to understand how you use our services and to be able to present you with other marketing offers that may be of interest to you. The cookies described below are only used if you have given your prior consent (within the scope of the GDPR in accordance with article 6 para. 1 a).
Use of Google Tag Manager
We use Google Tag Manager. This is a management system that allows us to integrate the other services shown below into our Website. Google Tag Manager itself does not process any personal data. This is only done through the Google services described below and in the manner described there.
Use of Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies, which are text files stored on your computer that enable an analysis of your use of the Website. The information generated by the cookie about your use of this Website is usually transferred to a Google server in the USA and stored there. However, since IP anonymisation is enabled on our Website, your IP address will be shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. Google uses this information on our behalf to evaluate your use of the Website, to compile reports on Website activities and to provide us with further services related to Website and internet use.
The IP address transmitted by your browser within the scope of Google Analytics is not merged with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to benefit from the full functionality of our Website. You can also prevent the collection of data generated by the cookie and related to your use of the Website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available via the following link (http://tools.google.com/dlpage/gaoptout?hl=en).
Please note that on this Website Google Analytics has been extended with the code “gat._anonymizeIp();” in order to guarantee anonymised collection of IP addresses (referred to as IP masking). In addition, you can prevent Google Analytics from collecting data by clicking this link. An opt-out cookie is then set to prevent further collection of your information when you visit this Website. This procedure is particularly recommended when accessing our site via mobile devices. For more information on terms of use and data protection, please visit www.google.com/analytics/terms or https://policies.google.com/privacy. Our use of the aforementioned analysis tool is based on your consent (article 6 para. 1 a GDPR).
Google Web Fonts
The Website uses so-called web fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. To do this, the browser you are using must connect to Google’s servers. This enables Google to know that our Website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If your browser does not support Web Fonts, a standard font from your computer will be used. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in the Google data protection declaration: https://www.google.com/policies/privacy/.
6. Your Rights
In connection with the processing of your personal data, you are entitled by law to various rights, but please note that their existence and scope may vary depending on the applicable data protection legislation:
- Information: You have the right to ask the Company which, if any, of your personal data it processes. If required, please submit a request for information.
- Rectification: Should your personal data be incorrect, you have a legal right to its correction.
- Withdrawal of consent: Processing of your personal data is in general not based on your consent, which is separate from the contractual relationship. If this should nevertheless be the case in exceptional cases, you can revoke your consent at any time. The revocation is only valid for the future and does not affect any other basis for data processing.
- Objection: Insofar as the processing of your personal data is based on the legitimate interest of the Company, you may object to the use of your personal data. However, this is only the case if you are in such a special situation that your personal interest is in conflict with the use of your personal data. The Company reserves the right to provide compelling, overriding reasons. Furthermore, you may at any time object to the use of your personal data for direct marketing purposes. Processing based on other factors remains unaffected by the objection.
- Restriction: Under certain circumstances, you may request that the processing of your data be restricted. This may be the case if you doubt the accuracy of your data. Please note that any processing restriction may limit the scope of our services or make the service unavailable.
- Data portability: If provided for under applicable data protection law, you may request the personal data you have provided us with in the form required by law and – subject to important conflicting interests – continue to use it.
- Right of deletion: See Clause 9 below.
- Complaints: Depending on the applicable data protection legislation, you may have a legal right of appeal to the relevant data protection authority; if processing takes place within the EU, this right may extend to the EU.
7. Other Recipients of Your Personal Data
When processing your personal data, the Company may use third parties to carry out the data processing on behalf of the Company. In particular, this may be the case for handling commercial and administrative services and in connection with IT services. Your privacy is always ensured.
Please note that the passing on of anonymised data remains possible regardless of the above.
8. Place of Data Processing
Your personal data is generally processed in Switzerland. If your personal data is disclosed abroad, this will only take place to countries that have a recognised equivalent data protection standard or where specific guarantees have been given.
If you have any questions, please get in touch with the relevant contact referred to below.
9. Storage Duration / Deletion of Personal Data
We generally delete your data from the time at which the purpose for processing no longer applies. In the event of an objection to processing on the basis of a legitimate interest or consent, we will delete your data from this point in time, unless another permission for processing continues to exist, for example in the case of legal storage obligations, a legitimate interest to enforce our own legal positions, etc.
10. Contact Details
In case of questions or requests relating to the Company’s usage of your personal data, you may contact the Company by writing an e-mail to info@threatray.com We are happy to answer your request.
Mathias Wegmüller
Matthias is a highly accomplished entrepreneur, board member and investor. He has multi-year expertise in digital transformation, facilitating the effective execution of digital engagement initiatives. A passionate, action-oriented and motivational team leader, Mathias Co-founded Qumram in 2011 and led it in different roles until the successful exit and trade-sale in November 2017 to Dynatrace.
Pierre Noel
Pierre has over 30 years of international experience in Information Security, Data Privacy, and Enterprise Risk Management. He is in charge of the nation-wide Swiss Finance Service cybersecurity information sharing program. Previously, Pierre was the Chief Security Officer for Microsoft, covering the wide Asian region and the Chief Security & Privacy Officer (CSPO) for Huawei Worldwide He designed, built, and operated complete Security and Enterprise Risk Management environments for Governments, Finance, Transport, and large conglomerate industries over the World. Pierre was the advisor to three large nations in Australasia, working directly with their ministers or presidential offices in building nationwide cybersecurity & privacy programs. He is a member of the board of advisors of Airbus Industries and also sits on the board of several established and start-up organizations in the field of CyberSecurity and Privacy.
Thomas Dübendorfer
Thomas Dübendorfer holds a Ph.D. in computer science from ETH Zurich and is the president of the Swiss ICT Investor Club (SICTIC). He has worked at HP Research Labs in Silicon Valley and seven years at Google on security engineering projects. He is an angel investor in more than twenty tech startups in Switzerland. UBS, Nasdaq, Lufthansa, Adobe, Swiss Re and many other highly ranked companies are customers of tech startups that he co-founded. He was honoured as “Top 100 Digital Shapers of Switzerland” in 2016 and 2018 and as “Top 200 most prominent persons of Zurich, Switzerland” in Who Is Who in Zürich 2019. He has published a paper on Web browser security that got downloaded more than 100’000 times and that proved Web browsers with silent security update mechanisms to protect their users significantly better from vulnerabilities than others.
Peter Stalder
After studying Computer Science at the ETH in Zurich, Peter worked as a software developer, system technician, consultant and project lead in multiple industry projects. He was the CTO of Finnova, a leading banking software in Switzerland, for 20 years. At Finnova, he was responsible for the System- and Software Architecture, as well as the development of its core technologies. In 2015, Peter transitioned to independent consulting and now supports startups with his experience.
Ariel F. Lüdi
As the CEO of Hybris Software, Ariel was instrumental to make Hybris become the global leader in omnichannel commerce and the sale to SAP in 2013 for around 1.5 B USD. Since then, Ariel is investing in and coaching innovative IT start-ups. Prior to joining Hybris, he held senior positions at Salesforce.com, BroadVision and Oracle. Ariel studied Physics at ETH in Zurich.
Jonas Wagner
CTO and Co-Founder
Jonas is founder and CTO of Threatray
Jonas has over 10 years of professional experience in software engineering, with a focus on machine learning and cyber security data analysis. He holds a M.Sc. in Computer Science from the Bern University of Applied Sciences, where he spent years researching and developing the core algorithms that now power Threatray.
Endre Bangerter
CEO and Co-Founder
Endre Bangerter is founder and CEO of Threatray.
Endre has over 20 years of experience in Information Security and Cyber Defense. He has been serving as a malware analyst for the government and as a technical consultant for Accenture and IBM. Endre has rich experience in developing novel IT security technologies gained while working at IBM Research in Zurich and as a professor and lab director at Bern University of Applied Sciences. He has a Ph.D. in IT security from the Horst Görtz Institute For IT-security at the University of Bochum in Germany.
