Privacy Policy
Effective: 01.09.2025
This Privacy Policy supersedes all prior Phoenix privacy statements.
Introduction
Phoenix Technologies AG ("Phoenix", "we", "our") is committed to protecting the privacy of its customers, users, and website visitors. This Privacy Policy explains how we collect, use, and protect personal data in connection with our Services. It must be read together with our Terms of Service ("ToS") and Data Processing Agreement ("DPA"), which govern the legal framework and data protection commitments. To avoid duplication or conflict, this Privacy Policy cross‑references those documents.
1. Scope
This Privacy Policy applies to personal data processed by Phoenix when providing our Services (IaaS, PaaS, SaaS, including AI model services), when you interact with our websites, and when we communicate with you. It does not cover third‑party services or integrations (see ToS Section 1.6).
2. Information We Collect
The categories of personal data processed depend on your use of the Services and may include identifiers (e.g., name, business email), account and usage data, support interactions, prompts/inputs, and model outputs where these relate to an identifiable person. Full details are described in DPA Section 2 and Annex A.
3. How We Use Personal Data
We use personal data only as necessary to provide, secure, and support the Services, as further described in ToS Section 6 and DPA Section 1. We do not use Customer Content, including personal data, to train or fine‑tune models unless expressly agreed in a Sub‑Annex to the DPA (see DPA Section 3.2).
4. Legal Bases for Processing
We process personal data on the basis of: (a) contractual necessity (providing the Services under the ToS); (b) compliance with legal obligations (e.g., tax, accounting, security reporting); and (c) legitimate interests such as improving security and providing support, balanced against your rights. Where consent is required, we will obtain it explicitly.
5. Sharing of Data
Phoenix does not sell or rent personal data. We may share personal data only: (a) with authorised sub‑processors bound by contractual safeguards (see DPA Section 6 and Annex C); (b) with professional advisors or auditors bound by confidentiality; or (c) where required by law. Phoenix remains responsible for sub‑processors as set out in the DPA.
6. International Data Transfers
All processing of personal data occurs in Switzerland by default. Phoenix does not transfer customer personal data outside Switzerland, unless expressly agreed in writing and subject to equivalent safeguards (see DPA Section 10).
7. Data Retention
Phoenix adheres to documented retention and disposal schedules consistent with legal, regulatory, and business requirements (see DPA Section 7). We do not unilaterally erase customer data. Upon request or termination, personal data may be returned or securely erased, subject to applicable law.
8. Security
Phoenix maintains an ISO 27001‑aligned Information Security Management System and employs technical and organisational measures, including encryption, access controls, logging, and confidential computing options (see ToS Section 10 and DPA Section 5). These measures protect data in transit, at rest, and in use.
9. Your Rights
Under applicable laws (nFADP, GDPR), you have rights to access, correct, erase, or restrict processing of your personal data, and to data portability. Requests should be directed to your employer or service provider (the Customer), who controls the data. Phoenix supports Customers in responding to these requests (see DPA Section 8).
10. Cookies and Website Data
Our websites use cookies and similar technologies for functionality, analytics, and security. You can control cookies through your browser settings. For more details, see our cookie notice (if applicable).
11. Children’s Data
The Services are intended for business and professional users. We do not knowingly collect personal data from individuals under 18 years of age (see ToS Section 2.1).
12. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the portal or by email, consistent with ToS Section 14. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.
13. Contact Us
If you have questions about this Privacy Policy, please contact: legal@phoenix-technologies.ch. Customers may also contact their designated Data Protection Officer as listed in DPA Annex D.