en
elnlde

Privacy Policy – Page Ltd.

  1. INTRODUCTION

Page Ltd. is a specialized consultancy firm committed to advancing Human Resourcing Practices and Diversity, Equity, and Inclusion (DE&I) in organizations. We provide tailored services and concrete HR solutions that embed DE&I across key people processes — including inclusive recruitment, employee engagement, culture development, and data-driven HR decision-making.

Our approach is practical and results-oriented, fostering inclusion and wellbeing while driving measurable improvements in organizational performance, including financial results and operational efficiency. Through diagnostics, consultancy and training we collaborate with clients to embed DE&I into everyday business practices.

Company details: Page Ltd. Baarerstrasse 71 6300 Zug, Switzerland UID Registry: CHE 318.516.256 Tel: +41 41 728 72 20

The protection of your privacy is an absolute priority for us. With this privacy policy, we explain how we collect, process, and protect your personal data when you visit our website, use our online services, or engage with us through other means (surveys (part A), workshops, training).

This policy is compliant with:

  • For residents and/or clients of the European Union: General Data Protection Regulation (GDPR – Regulation EU 2016/679)
  • For residents and/or clients in Switzerland: Swiss Federal Act on Data Protection (FADP) and the revised New Federal Act on Data Protection (nFADP)
  • For residents and/or clients outside Europe: the national laws of the country involved.

We handle all personal data carefully, restrict processing to lawful purposes, and retain data only as long as necessary. Our systems are designed to prevent unauthorized access, data loss, misuse, and counterfeiting.

  1. PARTIES CONCERNED BY THE COLLECTION AND PROCESSING OF PERSONAL DATA

This policy applies to all internal and external stakeholders Page Ltd. engages with. The following definitions are used throughout:

  • Prospect: A potential client (organization/company) or interested party
  • Client: A company or organization that acquires products or services from Page Ltd.
  • User: Any person who visits the Page Ltd. website or interacts with its digital platforms
  • Data Recipient: Page Ltd.
  • Data Processor: Page Ltd.
  1. PERSONAL DATA

3.1. PURPOSE OF DATA COLLECTION

Personal data are collected to support:

  1. Marketing and Communications
    • Including prospecting activities, advertising of services, and newsletter distribution
  2. Service Delivery and Client Engagement
    • Covering workshop, training, event, and consultancy management

3.2. TYPES OF DATA PROCESSED

Data processed may include:

  • Full name, professional title, work address
  • Contact details: email, phone, social media identifiers
  • Payment information: bank or credit card details, transaction numbers
  • Contractual history and client correspondence
  • Publicly sourced information from trusted databases (e.g. company registries, online publications)

3.3. PERSONAL DATA COLLECTED PER DATA PROVIDER CATEGORY

Depending on the category of Data Provider, the following personal data may be collected:

Prospects

  • Surname and first name
  • Email address
  • Requests for services and/or documentation

Clients

  • Personal identifiers (e.g. name, job title)
  • Means of contact (telephone, email)
  • Preferred communication channel
  • Contractual history
  • Consent records, where applicable
  • Professional role and employment status

Technical Data (All Users)

  • IP address
  • Browser type and device metadata
  • Navigation activity and page visits
  • Interaction metrics and engagement patterns
  • Cookie preferences and related tracking details

3.4. ORIGIN OF DATA

Personal data is collected via:

  • Interaction with forms and browsing on www.di-navigator.com
  • Account or profile creation on Page Ltd.’s websites or applications
  • Submission of orders for Page Ltd. services

3.5. REQUIRED DATA

Only data necessary for the specific purpose or process will be collected and retained.

  1. TRANSFER OF DATA TO THIRD PARTIES

Personal data will not be disclosed, sold, or transferred to third parties unless:

  • It is necessary for contract fulfillment
  • It is required by law or enforceable court/administrative orders
  • You have provided explicit consent

Page Ltd. may work with third-party vendors to enhance its services. These third parties are obligated to act on Page Ltd.’s instructions and process your data solely for contractual purposes—unless you have expressly allowed them to use your data for their own purposes.

  1. WHY DO WE COLLECT THESE DATA?

5.1. LEGAL BASIS

Data is processed under the following legal justifications:

  • Contractual Necessity: Where processing is required to enter or fulfill service agreements
  • Legitimate Interest of our clients: For workshops, surveys (part A), and training, to help clients enhance D&I or HR performance
  • Explicit Consent: For marketing and newsletter communications. Consent can be withdrawn at any time via the unsubscribe link in our communications

5.2. PURPOSES

Personal data may be used to support:

  • Prospecting, advertising, and newsletter distribution
  • Relationship and account management with Prospects and Clients
  • Purchase and billing administration
  • User account setup and access to Member Area and related digital tools
  • Mailing list management for targeted communication
  • Video and web conferencing facilitation
  • Delivery of surveys (part A), workshops, courses, or training
  • IT security (e.g. firewall and antivirus systems)
  • Partner and vendor relationship management
  • Statistical reporting and performance analysis

5.3. DATA RETENTION

Page Ltd. retains personal data only for as long as necessary to fulfill the purpose for which it was collected, in accordance with GDPR Article 5(1)(e) and other applicable legal or contractual obligations.

Where no explicit retention obligation exists, data is retained based on:

  • The nature and category of the data
  • The operational needs of Page Ltd.
  • The risk level associated with continued storage
  • Legitimate business interests (e.g. auditability, legal defense)

After expiry of the defined retention periods, data is securely deleted or irreversibly anonymized.

Data category Retention period
Workshops/events/certifications Duration of activity + certification period
Log data 6 months
Prospecting and marketing 1 year after last contact
Cookies 13 months
General + Purchasing contacts 5 years
Billing and third-party payment data 5 years or until dispute is resolved
Results of surveys (anonymized) Indefinite

 

  1. DATA SUBJECT RIGHTS AND SAFEGUARDS

In accordance with the General Data Protection Regulation (GDPR) and other applicable laws, Data Providers have the following rights with respect to their personal data:

6.1. Exercising Your Rights

You may exercise your rights by contacting us at dataprotection@di-navigator.com, with the subject line “Personal Rights”, and attaching a valid proof of identity. These rights are strictly personal and may only be exercised by the individual to whom the data relates.

6.2. Right of Access

You have the right to request a copy of your personal data held by Page Ltd., except where disclosure would violate the rights and freedoms of others or where legal exemptions apply.

6.3. Right to Rectification

If your data is incorrect or incomplete, you may request that it be corrected or updated. Such requests will be handled by our data team, and confirmation will be provided upon completion.

6.4. Right to Erasure (“Right to Be Forgotten”)

You may request the deletion of your personal data. Page Ltd. will assess the request and determine whether erasure is appropriate. Deletion may not apply when:

  • Data must be retained to comply with legal obligations
  • The data is necessary for contractual or billing purposes (e.g., payment tracking)
  • We rely on another lawful basis for continued processing

If processing is based on consent, you may withdraw that consent at any time.

6.5. Right to Restriction and Control of Use

You may request restrictions on how your data is used, including:

  • Limiting communication channels (e.g., opting out of email or SMS contact)
  • Restricting processing for direct marketing purposes
  • Requesting postmortem data handling via advance directives (email subject: “Data Protection – Post-Mortem”, with proof of identity)

6.6. Right to Object to Processing

You may object to the processing of your personal data when it is based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

6.7. Right to Lodge a Complaint

You may lodge a complaint with your local or national data protection authority if you believe your rights under data protection laws have been violated. You also have the right to seek legal recourse before a competent court.

6.8. Data Breach Notification

In the event of a personal data breach, affected individuals will be notified within 48 hours of discovery (or as soon as reasonably possible). Notification will include:

  • A summary of the breach
  • Recommended actions
  • Measures taken by Page Ltd. or its sub-processors to mitigate the issue
  1. SECURITY

Page Ltd. applies appropriate technical and organizational security measures to protect personal data against unauthorized access, accidental or unlawful alteration, disclosure, loss, or destruction. These measures are tailored to the nature of the data and the level of risk associated with processing activities.

Security measures are reviewed and updated regularly in light of technological developments and operational changes. Page Ltd. takes both preventive and corrective actions to ensure the continued protection of personal data, in close collaboration with its hosting and IT service providers.

Examples of Implemented Security Measures Include:

  • Physical and Infrastructure Controls • Restricted access to facilities and server rooms managed by Page Ltd.’s IT suppliers • Redundant systems and backups managed through a secure data center • Control over workstations authorized to access the internal network
  • Network and System Protection • Filtered, encrypted internet access using SSL/TLS protocols • Secured interconnections with remote sites and hosted services • Regularly replicated backups stored in a protected backup data center
  • Access and Usage Controls • Specific user accounts for hardware, servers, and applications • Regular credential reviews and permission audits • Accreditation procedures limiting data access to authorized personnel only
  • Administrative and Organizational Measures • Internal data protection policies, user access guidelines, and formal instructions • Mandatory staff training on data security and confidentiality • Use of pseudonymization and, where relevant, encryption of data at rest and in transit

Page Ltd. takes seriously its responsibility to implement measures that are proportional, risk-based, and forward-looking, ensuring data confidentiality, integrity, and availability at all times.

  1. DATA PROTECTION OFFICER

Page Ltd. has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with applicable data protection laws and monitoring internal practices related to the collection and processing of personal data.

Any concerns, questions, or complaints related to personal data may be addressed to the DPO at:

📧 dataprotection@di-navigator.com

  1. CHANGES TO THIS POLICY

Page Ltd. reserves the right to amend or update this policy at any time, particularly in response to evolving legislation, regulatory guidance, court decisions, or industry practices.

The most recent version will always be available upon request or via our official communication channels. We encourage Users to review this policy periodically to stay informed of any changes.

  1. COPYRIGHT NOTICE

All materials appearing on the website of the Diversity and Inclusion Navigator® (www.di-navigator.com), or distributed by Page Ltd., the legal owner of the Diversity and Inclusion Navigator®, including but not limited to images, photos, texts, logos, and other digital content (collectively referred to as the “Content”), are protected under European Union copyright legislation (EU Copyright Rules – Shaping Europe’s Digital Future).

The following actions are strictly prohibited without prior written permission from Page Ltd.:

  • Copying, reproducing, modifying, publishing, transmitting, distributing, displaying, or performing the Content
  • Creating derivative works or compiling any part of the Content into databases
  • Sharing the Content via any network, including local area networks
  • Using the Content for commercial purposes or resale
  • Altering or removing any copyright or proprietary notice from any copies of the Content

For any request to use Content, regardless of format, purpose, or channel, please contact:

📧 info@di-navigator.com

 

 

 

Part A: Surveys using the Diversity and Inclusion Navigator®

  1. INTRODUCTION

Page Ltd. offers organizations the opportunity to conduct internal surveys focused on Diversity and Inclusion (D&I) using the interactive Diversity and Inclusion Navigator®, a digital assessment platform hosted on Page Ltd.’s secure servers.

Prior to the initiation of any survey, the client organization must enter into the following agreements with Page Ltd.:

  • A service contract or collaboration agreement
  • A non-disclosure agreement (NDA)
  1. ANONYMIZATION OF E-MAIL ADDRESSES

To ensure the anonymity of individual participants, employee email addresses are encrypted prior to survey deployment. This encryption ensures that responses—including views on D&I and any collected demographic information—cannot be traced back to individual employees at any point during processing or analysis.

The client may select one of the following anonymization methods:

Option 1: Encryption by Page Ltd.

  • The client securely transmits a list of employee email addresses (e.g., in Excel format) to Page Ltd.
  • Page Ltd. encrypts the email addresses using a randomized encryption key
  • The original file is immediately returned to the client; no copies are retained
  • The encryption is irreversible, ensuring no email address can be reconstructed
  • Alternatively, the client may carry out the encryption internally using a unique code provided by Page Ltd., ensuring Page Ltd. never sees the email addresses

Option 2: Anonymous Survey Link

  • Page Ltd. generates a unique survey access link
  • The client distributes this link internally to its employees
  • No email addresses are shared or accessed by Page Ltd. under this method
  1. ADDITIONAL ANONYMIZATION SAFEGUARDS

To ensure participant confidentiality and prevent data from being traced to individuals, Page Ltd. implements the following measures:

  • Minimum Reporting Threshold: Results are only reported for organizational units with at least 15 respondents, ensuring adequate aggregation
  • Pre-Publication Review: Before survey results are shared, Page Ltd. performs a risk assessment to ensure no data can be linked to specific individuals. If needed, response categories (e.g., age or department) are generalized or combined

Confidential Report Delivery: Each organization’s data and reports are delivered exclusively to that organization, in aggregated and anonymized form.

Skip to content