Our online offer is subject to Swiss data protection law and any applicable foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law guarantees adequate data protection.
Responsibility for the online offer:
2. Processing of personal data
Personal data is all information that relates to a specific or identifiable person. A data subject is a person about whom personal data is processed. Processing includes all handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, collection, deletion, storage, modification, destruction and use of personal data.
2.2 Legal basis
We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (DSG) and the Ordinance on the Federal Data Protection Act (VDSG).
If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:
- Art. 6 para. 1 lit. b GDPR for the processing of personal data required to fulfill a contract with the data subject and to carry out pre-contractual measures.
- Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data in order to safeguard the legitimate interests of us or of third parties, provided that the fundamental freedoms and rights and interests of the person concerned do not prevail. Legitimate interests are in particular our interest in making our online offer permanent, user-friendly, secure and reliable and being able to advertise it if necessary, information security and protection against misuse and unauthorized use, the enforcement of our own legal claims and compliance with Swiss law.
- Art. 6 para. 1 lit. c GDPR for the processing of personal data required to fulfill a legal obligation to which we are subject in accordance with any applicable law of member states in the European Economic Area (EEA).
- Art. 6 para. 1 lit. e GDPR for the processing of personal data required to perform a task that is in the public interest.
- Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
- Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data in order to protect the vital interests of the data subject or another natural person.
2.3 Nature, scope and purpose
We process the personal data that is required to provide our online offer in a permanent, user-friendly, secure and reliable manner. Such personal data can fall into the categories of inventory and contact data, content data, metadata or marginal data as well as usage data, location data, contract data and payment data.
We process personal data for the duration that is required for the respective purpose or purposes or by law. Personal data that are no longer required to be processed are anonymized or deleted.
In principle, we only process personal data with the consent of the person concerned, unless the processing is permitted for other legal reasons, for example to fulfill a contract with the person concerned and for corresponding pre-contractual measures in order to safeguard our overriding legitimate interests because the processing is evident from the circumstances or after prior information.
In this context, we process information that a data subject voluntarily transmits to us when contacting us – for example by post, e-mail, contact form, social media or telephone – or when registering for a user account. We can save such information, for example, in an address book, in a customer relationship management system (CRM system) or with comparable tools. If you transmit personal data to us via third parties, you are obliged to guarantee data protection vis-à-vis such third parties and to ensure the accuracy of such personal data.
We also process personal data that we receive from third parties, obtain from publicly available sources or collect when making our online offer available, provided and insofar as such processing is permitted for legal reasons.
2.4 Processing of personal data by third parties, including abroad
We can have personal data processed by third parties, in particular order processors, or process them together with third parties and with the help of third parties or transmit them to third parties. Such third parties are in particular providers whose services we make use of. We also guarantee adequate data protection for such third parties.
Such third parties are generally located in Switzerland and in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein. Such third parties can also be located in other countries on earth and elsewhere in the universe, provided that their data protection law is in the opinion of the Federal Data Protection and Information Commissioner (FDPIC) and – if and insofar as the General Data Protection Regulation (GDPR) is applicable – according to the assessment of European Commission – ensures adequate data protection, or if for other reasons, such as a corresponding contractual agreement, in particular on the basis of standard contractual clauses, or a corresponding certification, adequate data protection is guaranteed. For third parties in the United States of America (USA), certification in accordance with the Privacy Shield can guarantee adequate data protection. As an exception, such a third party can be located in a country without adequate data protection, provided that the data protection requirements such as the express consent of the person concerned are met.
3. Data Subject Rights
Data subjects whose personal data we process have the rights under Swiss data protection law. This includes the right to information and the right to correct, delete or block the personal data processed.
Affected persons whose personal data we process can – if and insofar as the General Data Protection Regulation (GDPR) applies – a free confirmation as to whether we are processing their personal data and, if so, request information about the processing of their personal data, restrict the processing of their personal data exercise your right to data portability and have your personal data corrected, deleted (“right to be forgotten”), blocked or completed.
Affected persons, whose personal data we process, can – if and to the extent that the GDPR is applicable – revoke their consent at any time with effect for the future and object to the processing of their personal data at any time.
Affected persons, whose personal data we process, have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
4. Data security
We take appropriate and suitable technical and organizational measures to ensure data protection and, in particular, data security. However, the processing of personal data on the Internet can always have security gaps despite such measures. We cannot therefore guarantee absolute data security.
Our online offer is accessed using transport encryption (SSL / TLS with HTTPS).
Access to our online offering is subject – as is fundamentally the case with all Internet use – to mass surveillance without any suspicion and other surveillance by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and others States. We cannot have any direct influence on the processing of personal data by secret services, police stations and other security authorities.
5. Use of the website
When you visit our website, cookies can be temporarily stored in your browser as “session cookies” or for a certain period of time as so-called permanent cookies. “Session cookies” are automatically deleted when you close your browser. Permanent cookies make it possible in particular to recognize your browser the next time you visit our website and thus, for example, to measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.
In the case of cookies that are used to measure success and reach or for advertising, a general objection (“opt-out”) via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices ( European Interactive Digital Advertising Alliance, EDAA).
5.2 Server log files
We can collect the following information for every access to our website, provided this is transmitted from your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP- Status code), operating system including user interface and version, browser including language and version, individual pages of our website called up including the amount of data transferred, last website called up in the same browser window (referer or referrer).
We store such information, which can also represent personal data, in server log files. The information is required in order to make our online offer permanent, user-friendly and reliable and to ensure data security and, in particular, the protection of personal data – also by third parties or with the help of third parties.
5.3 Tracking pixels
We can use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – also from third parties whose services we use – are small images that are automatically retrieved when you visit our website. With tracking pixels, the same information can be recorded as in server log files.
6. Notifications and communications
We can send notifications and communications such as newsletters by email and other communication channels such as instant messaging.
6.1 Success measurement and reach measurement
Notifications and messages can contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked on. Such web links and tracking pixels can also record the use of notifications and messages on a personal basis. We need this statistical recording of the usage for the success and reach measurement in order to be able to offer notifications and messages based on the needs and reading habits of the recipients effectively and user-friendly as well as permanently, securely and reliably.
6.2 Consent and Objection
In principle, you must expressly consent to the use of your e-mail address and other contact addresses, unless the use is permitted for other legal reasons. We use “double opt-in” for any consent to receive e-mails, which means that you will receive an e-mail with a web link that you have to click to confirm, so that no misuse by unauthorized third parties can occur. We can log such consents including the Internet Protocol (IP) address as well as the date and time for reasons of evidence and security.
In principle, you can unsubscribe from notifications and communications such as newsletters at any time. Notifications and notifications that are absolutely necessary for our online offer are reserved. By unsubscribing, you can, in particular, object to the statistical recording of usage for success and reach measurement.
7. Social Media
We use the social network “LinkedIn” to contact and communicate with our customers and interested parties, to provide you with current information about our company, to inform you about our events, to advertise our products and services, to provide you with contributions on industry-related topics In the course of using LinkedIn, we and LinkedIn process personal data about visitors to our fan page.
7.1 Processing personal data on LinkedIn
We offer you the opportunity to contact us via LinkedIn. This can be done, for example, by sending messages or leaving comments or contributions. In order to be able to answer your request, we process your user name as well as the information you provided about your request in your request. We only process your personal data to the extent necessary to process your request. Depending on the content of your request, the processing serves to carry out (pre-) contractual measures (on the basis of Art 6 Paragraph 1 lit b GDPR) or our legitimate interest (on the basis of Art 6 Paragraph 1 lit f GDPR) to serve our interested parties and customers in the best possible way supervise.
b) Transfer of data to internal databases
Insofar as this is necessary for the purpose of processing (e.g. to process your request) or to standardize and simplify our activities, we will transfer the data collected on LinkedIn to our internal databases. If further processing is necessary to fulfill (pre-) contractual measures, this is done on the legal basis of Art 6 Paragraph 1 lit b GDPR. Any further processing takes place on the basis of our legitimate interest (Art 6 Paragraph 1 lit f GDPR) in an efficient, centralized and standardized processing of our business activities.
c) Passing on your Data
It may be that we are obliged by law to pass on your personal data to authorities, courts or other public bodies. When we pass on data to third parties, we always make sure that all data protection regulations that affect us are complied with. We would like to point out that the data collected on LinkedIn can also be processed by LinkedIn and are located on its servers.
7.2 Information about the social we use – LinkedIn
7.3 Retention period of your data relating to LinkedIn
In principle, we only store your data for as long as is necessary to fulfill the purpose of processing, due to legal obligations or to defend against possible liability claims. We have no influence on the deletion periods set by LinkedIn. You can find information on this in the LinkedIn data protection declaration linked above; Please address any queries in this regard directly to LinkedIn.
8. Third party services
We can use services from third parties to make our online offer permanent, user-friendly, secure and reliable. Such services also serve to be able to embed content in our online offer. Such services – for example hosting and storage services, video services and payment services – require your Internet Protocol (IP) address, since such services cannot otherwise transmit the corresponding content. Such services can be located outside Switzerland and the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein, provided that adequate data protection is guaranteed.
For their own security-relevant, statistical and technical purposes, third parties whose services we use can also process data in connection with our online offer and from other sources in an aggregated, anonymized or pseudonymized manner – including with cookies, log files and tracking pixels. Such data is not used to get directly to data subjects in connection with our online offer.
We use Google Maps to be able to embed maps in our website. Cookies are also used for this. Google Maps is a service of the American Google LLC. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. Further information on the type, scope and purpose of data processing can be found in the principles for data protection and security and in the data protection declaration from Google, in the guidelines for data protection in Google products (including Google Maps), in the information on how Google data from websites used on which Google services are used and in the information about cookies at Google. It is also possible to object to personalized advertising.
We use Google Fonts to be able to embed selected fonts in our website. No cookies are used for this. It is a service provided by the American Google LLC, which is offered independently from other Google services. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. Further information on the type, scope and purpose of data processing can be found in the principles of data protection and security as well as in Google’s data protection declaration.
8.3 Success and reach measurement
8.3.1 Google Analytics
We use Google Analytics to analyze how our website is used, whereby we can also measure, for example, the reach of our website and the success of third-party links to our website. It is a service provided by the American Google LLC. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland.
Google also tries to record individual visitors to our website when they use different browsers or devices (cross-device tracking). Cookies are also used for this. Your Internet Protocol (IP) address is required for Google Analytics, but it will not be merged with other Google data.
In any case, we will have your Internet Protocol (IP) address anonymised by Google before analysis. As a result, your full IP address is generally not transmitted to Google in the USA.
Further information on the type, scope and purpose of data processing can be found in the principles for data protection and security and in the data protection declaration from Google, in the guidelines for data protection in Google products (including Google Analytics), in the information on how Google data from websites used on which Google services are used and in the information about cookies at Google. There is also the option of using the “browser add-on to deactivate Google Analytics” and objecting to personalized advertising.
8.3.2 Google Tag Manager
We use Google Tag Manager to integrate and manage services for analytics or advertising from Google and third parties in our website. It is a service of the American Google LLC. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. No cookies are used for this, but cookies can be used as part of the services integrated and managed with them. We provide information on the processing of personal data by such services in this data protection declaration.
With such advertising, we would particularly like to reach people who are interested in our online offer or who are already using our online offer. For this purpose, we transmit corresponding – possibly also personal – information to Google (remarketing). We can also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).
Further information on the type, scope and purpose of data processing can be found in the principles for data protection and security and in the data protection declaration from Google, in the information on how Google uses data from websites on which Google services are used and in the information about Google cookies. It is also possible to object to personalized advertising.
8.5 Protection of the website
9. Final provisions
We have created this data protection declaration with the data protection generator from data protection partners, an offer from the Swiss Papiertiger GmbH.
We can adapt and supplement this data protection declaration at any time. We will inform you about such adjustments and additions in a suitable form, in particular by publishing the current data protection declaration on our website.