NUMIA GmbH
1. Introduction
Numia GmbH ("Numia", "we", "our" or "us") is committed to protecting the privacy and personal data of our customers, website visitors, and other data subjects ("you"). This Privacy Policy explains how we collect, use, disclose, transfer, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Swiss data protection laws.
2. Data Controller
Numia GmbH
Bahnhofstrasse 20, 6300 Zug, Switzerland
Email: support@numia.com
Data Protection Officer (DPO): support@numia.com
3. Scope
This Policy applies to all personal data processed by Numia in connection with:
Use of our website and online services (including our blockchain and e-commerce services)
Provision of our SaaS analytics and inventory synchronization services.
Employment or contractual relationships with Numia.
4. Personal Data We Collect
We collect the following categories of personal data:Blockchain Services Contact Data: email address. Sources: Our web app when you log in (app.numia.xyz) Account Data: Login credentials and usage logs. Sources: Our application and system logs. Payment Data: Billing address and invoice details for our paying customers. From our customers' internal teams. Technical Data: IP address, device identifiers, and browser type. Sources: Automated via cookies and analytics, like Google Analytics. |
|---|
E-commerce Services
Stores Product Data: Product inventory numbers. Sources: ERPs and E-comemrce platforms
Payment Data: Billing address and invoice details for our paying customers. From our customers' internal teams.
Consent: Where you have given clear consent.
Contractual necessity: To perform our services or enter into a contract with you.
Legal obligation: To comply with applicable laws.
Legitimate interests: For our business operations, provided your rights do not override those interests.
6. Purposes of Processing
We use personal data to:
Provide, maintain, and improve our services.
Manage customer accounts and billing.
Communicate with you about products, updates, and support.
Ensure security, fraud prevention, and system integrity.
Comply with legal and regulatory obligations.
Conduct recruitment and HR administration.
7. Data Retention
We retain personal data only as long as necessary for the purposes set out in this Policy, subject to legal retention requirements:
Customer and account data: up to 7 years after contract termination.
Technical and usage data: up to 3 years.
Employment data: up to 7 years after end of employment.
8. Data Sharing and Transfers
Service providers: We may share data with subprocessors (e.g. cloud hosts, payment processors) under written agreements and GDPR-compliant safeguards.
Third-party integrations: With your consent or where necessary for performance.
Legal compliance: When required by law, court order, or regulatory request.
International transfers: Transfers outside the EEA (e.g. to the U.S.) are protected by Standard Contractual Clauses or adequacy decisions.
9. Security Measures
We implement appropriate technical and organizational measures to protect personal data, including:
Encryption in transit (TLS 1.2+) and at rest (AES-256).
Access controls, role-based permissions, and multi-factor authentication.
Regular vulnerability assessments, penetration tests, and audits.
10. Your Rights under GDPR
You have the right to:
Access: Request a copy of your personal data.
Rectification: Correct inaccurate or incomplete data.
Erasure: Request deletion of your data (“right to be forgotten”).
Restriction of processing: Suspend processing in certain circumstances.
Data portability: Receive your data in a structured, machine-readable format.
Object: Object to processing based on legitimate interests or direct marketing.
Withdraw consent: Where processing is based on consent.
Complaint: Lodge a complaint with a supervisory authority (e.g., the Swiss FDPIC or EU DPAs).