Privacy Policy

Frontify AG, based in St. Gallen, and its subsidiaries Frontify Deutschland GmbH, based in Frankfurt, and Frontify Inc., based in New York, ("Frontify", "we") is a technology company. Frontify provides a brand management software as a service (“Service”) to private and enterprise customers, and operates frontify.com.

The Service is a customizable scalable solution to fit any company’s specific brand requirements which can include, but are not limited to, Style Guide, Pattern Library, Media Library, Publisher, and Workspace. Although our customers are the main actors involved in the upload and management of all content, including content containing Personal Data, this Privacy Policy describes in detail how your Personal Data is collected and used.

Frontify Cares about Personal Data

Our Privacy Policy fully applies and respects the highest protection standards set by the European Union General Data Protection Regulation ("GDPR") in force since May 25, 2018 that regulates the processing of personal data of natural persons. The geographical scope of application of the GDPR is very broad. The provisions of the GDPR apply, on the one hand within the territory of the EU and, on the other hand to all Controllers and Processors which process personal data of EU citizens (even if they live outside the EU). Accordingly, the GDPR also applies to companies not established in the territory of the EU.

Frontify, as a Swiss company, is therefore also affected by the provisions of the GDPR.

We might also process Personal Data outside the territory of the European Union. Frontify guarantees that Personal Data transferred outside the EU is handled by trustworthy vendors. Vendors are examined regularly and Frontify signs individual Data Processing Agreement to ensure the highest attainable standards of protection.

Thanks to the Swiss-US Privacy Shield established in 2017 that replaced the previous Safe Harbor arrangement, the processing of Personal Data between Swiss and certified US companies guarantees the same standards of protection for the processing of Personal Data in the US territory already ensured by the EU Commission Implementing Decision 2016/1250 (EU-US Privacy Shield). Thus, when transferring Personal Data to the United States, we check the validity of the vendors according to the EU-US as well as to the Swiss-US Privacy Shield. We only use US third parties’ sub-contractors that are Privacy Shield certified.

In all the other cases and if needed, we commit to apply the Standard Contractual Clauses as established by EU Commission Decision 2004/915/EC (EU controller to non-EU or EEA controller) or EU Commission Decision 2010/87/EU (EU controller to non-EU or EEA processor). When transferring Personal Data outside the European Union or the United States, we make sure the vendors signed the Standard Contractual Clauses, if no alternative adequate level of protection applies.

What is Personal Data?

According to art. 4 para. 1 GDPR "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

As we also operate Personal Data of citizens who do not belong and/or do not operate in a territory of the European Union the term Personal Data, for the purposes of this Privacy Policy encompasses both the meaning of article 4 of the GDPR as well as that of Personally Identifiable Information (PII) as it is defined in the US legislation. We make an explicit difference where required.

Frontify is a Data Processor, but Exceptionally Acts as Data Controller

The GDPR differentiates between Data Controller and Data Processor. Controllers are those who determine the purposes and means of the processing of personal data. In case the purposes and means of such processing are determined by European Union Law, the criteria to be identified as Data Controller are determined by European Union Law itself. Processors are those that process Personal Data on behalf of the Controller.

For providing the Service to its customers Frontify acts as a Data Processor in terms of GDPR. Natural Persons or legal entities can purchase a Free-, a Starter-, a Team- or an Enterprise Plan (“Frontify Plan”). In order to provide the Service at all, we need to collect and use certain Personal Data. We process the Personal Data only on behalf, and on instruction of, our customers, and in accordance with the relevant applicable law. For this reason, our customers who purchase a Frontify Plan are primarily responsible for processing the Personal Data of all users (e.g. employees of the customer and/or other natural persons invited by the customer to join the Platform).

Nevertheless, in exceptional circumstances Frontify acts as Data Controller. This occurs in connection to i) those natural persons who materially purchase a Frontify Plan and do not sign in the name of a legal entity; ii) visitors of our website; iii) interested natural persons who consent to provide their Personal Data; and iv) our employees.

Frontify Processes Personal Data

Frontify lawfully “processes” Personal Data in accordance with the meaning given to this term by article 4 of the GDPR.

In addition, article 6 of the GDPR prescribes that the processing is lawful only if and to the extent that at least one of the following applies:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes
  • processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract
  • processing is necessary for compliance with a legal obligation to which the controller is subject
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child

Frontify Limits the Processing

We care about your Personal Data and therefore we limit its processing to the following purposes, and always upon prior explicit and informed consent:

  • fulfill the contract with our customers
  • comply with applicable laws and regulations
  • protect our rights
  • fulfill our own marketing purposes
  • improve our Software and Service

You Come First, thus You Choose You may refuse to provide Personal Data at any time, with the caveat that it may prevent you from engaging in certain website-related activities or limiting you from working with the Service.

You may correct the Personal Data manually in your account using the account settings in our Service.

You may always request us to correct and delete your Personal Data using the contact details below.

Frontify Collects Personal Data

General Individual information: In order to register to our Services, to show interest in getting more insights about our Product, to receive our newsletter, and in general, to be reached out to for marketing purposes, current and future perspective users of Frontify upon prior explicit consent may provide Personal Data in the form of their email address, name and surname, name of the company, job title, or similar.

User Data: Every user of Frontify independently from its peculiar contractual Frontify Plan must register and login to our Platform in order to work on Frontify. Therefore, to sign up and login to Frontify the following Personal Data is mandatory:

  • Name and Surname
  • Email address
  • Password

On the contrary, the following Personal Data is optional:

  • Job Title
  • Profile Picture
  • Company Name

Billing: In order to subscribe for Frontify and purchase a Frontify Plan (except the Enterprise Plan), potential customer must provide credit card information and a billing address. Frontify does not collect nor store any credit card information itself. The process is completely outsourced to our payment service providers (Recurly and Wildcard) that collect and store this information on our behalf.

Browser Data: We may collect standard website visitor information supplied by your browser (e.g., your operating system, the browser you are using, IP addresses, language settings). This information is dependent on the type of device, browser, and the settings you are using.

Other Usage Statistics: Besides browser data, we may collect statistics, usage information, and may record user sessions on how registered users use our Services in order to maintain and improve our Services. This usage data is collected anonymously, and it does not include User Data as described above.

Marketing: We might use the information collected for our own marketing purposes. This includes, but is not limited to: marketing campaigns, marketing events, and newsletters. This information will be used solely for marketing purposes by Frontify and we will not share it with any third parties.

Exclusion of Special Categories of Personal Data: Frontify will never ask its current and perspective potential customers to provide Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, including genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation. In case we might come across any of this data, its use by Frontify is strictly prohibited.

Personal Data of Job Applicants: If you apply for a vacancy at Frontify, we will collect and process information that you voluntarily communicate to us about yourself for purposes related to a potential employment. Additionally, we may collect publicly available information (e.g., your LinkedIn profile). Frontify will store and manage this information with a trusted third-party providing a state-of-the-art solution for recruiting processes. You can request access, correction, or deletion of job applicant information about you at any time using the contact details below.

Personal Data of Children (under the age of sixteen): We do not voluntarily collect information from anyone under the age of sixteen. If we learn that we may have received information from someone under the age of thirteen, we will take immediate action and all reasonable measures to remove the information.

Frontify Uses Personal Data

Frontify will use the collected information to provide the Service to the customer and continuously improve and ameliorates its features in order for you to build powerful brand experiences. Frontify does not resell any Personal Data to any third-party.

Occasionally, we may publicly release aggregated statistics (e.g., by publishing reports on trends in the usage of our Sites).

Nevertheless, any usage information used to monitor the usage of our Sites and improve our Service is encrypted, anonymized and aggregated.

If you are a registered user of a Frontify Site or Service and have supplied your email address, Frontify may occasionally send you an email to communicate the release of new features, solicit your feedback, or just keep you up to date with what’s going on with Frontify and our products. We primarily use our product blog to communicate this type of information, so we keep this type of email to a minimum.

If you send us a request (for example, via a support email or one of our feedback mechanisms), we reserve to use this information in order to help us clarify or respond to your request, or to help us support other users. Frontify takes all measures reasonably necessary to protect against the unauthorized access, use, alteration, or destruction of Personal Data.

Frontify Uses Third-Parties Sub-Processors

Frontify engages the following trusted Third-Parties Sub-Processors which provide parts of the Service on behalf of Frontify in regard to the processing of Personal Data:

Amazon Web Services (AWS) – Location: Frankfurt DE or North Virginia USA (depending on the Frontify Customer Agreement) – Service: Data processing and hosting

Wildbit (Postmark) – Location: Philadelphia USA – Service: Email processing

Algolia – Location: Paris FR – Service: Real-time search

Pusher – Location: London UK – Service: Real-time messaging

Intercom – Location: San Francisco USA – Service: In-app support/chat-system

Frontify Doesn’t Disclose Personal Data

Frontify provides the highest attainable standards of legal protection to Personal Data. Thus, we generally apply a policy of non-disclosure of any Personal Data, and all our employees and third parties are bound by Non-Disclosure Agreements.

In particular circumstances, the disclosure of Personal Data is necessary, but encompasses only our employees, contractors, and affiliated organizations, and is limited to those cases where one of these parties needs to know that information in order to process it on behalf of Frontify, or to provide Services available at Frontify’s Sites.

Our employees, contractors, and affiliated organizations may also be located outside the home country of the user. Thus, by using Frontify’s Site, users consent to the transfer of such information to them.

Other than the case described above, Frontify may need to disclose Personal Data in response to a subpoena, court order, or other governmental request, or when Frontify believes in good faith that disclosure is reasonably necessary to protect the property or rights of Frontify, third parties, or the public at large.

Frontify Uses Cookies

We use technical cookies that are necessary for the functionality and improvement of the Sites to identify visitors, keep preferences, etc. These cookies do not include any cookies set for advertisement purposes and/or for the purpose of tracking the user over multiple websites.

However, by using our Sites, you consent to cookies used for collecting data on the user’s visits and/or for advertisement purposes by the following third-party services:

  • Google Analytics and Google Ads
  • Twitter
  • Vimeo
  • Facebook
  • LinkedIn
  • Bing
  • Hotjar

You can always turn cookies off. The Help feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.

Frontify Might Change

If Frontify, or substantially all of its assets, are acquired, user information would be one of the assets that is transferred or acquired by a third-party. You acknowledge that such transfers may occur, and that any acquirer of Frontify may continue to use your Personal Data as set forth in this Privacy Policy.

Frontify Updates its Privacy Policy

We may update this Privacy Policy from time to time. You can always find the latest version of the Privacy Policy on our Site. We undertake to inform our customers regarding updates of this Privacy Policy in our newsletters.

Frontify Representative in the EU

Frontify Deutschland GmbH is the representative of Frontify AG in the EU. This applies especially in connection to article 9 of the Standard Contractual Clauses, in connection with the Jurisdiction of the legal entity within an EU Member State.

Contact

Please don't hesitate to contact our Data Protection Officer at privacy@frontify.com if you have any questions about our Privacy Policy, regarding other privacy-related manners, or for any request related to the processing of your Personal Data.