Data privacy statement
1. What is this data privacy statement about?
“Personal data” refers to all information that can be associated with a specific individual and “process” means any handling of it, e.g. obtaining, using and disclosing it. We therefore process personal data very often. This data privacy statement explains how we do this primarily within the course of our business activities and in connec-tion with our website and webshop. If you would like further information on our data processing, please contact us (Item 2).
2. Who is responsible for processing your data?
The following company is the “responsible party”, i.e. the party primarily responsible under data protection law (also “we”) for data processing pursuant to this data privacy statement:
Telefon +41 62 767 87 87
If you have any questions regarding data protection, please feel free to contact us at the above postal address with the note “Data protection” or at the following e-mail address: firstname.lastname@example.org
It may happen that you provide us with data that also relates to other individuals (e.g. an employee in your company). If you do so, we understand this as confirmation that this data is correct. As we often do not have direct contact with these third parties, we ask you to inform them about our processing of their data (e.g. by referring to this data privacy statement).
3. How do we process data in connection with our products and services?
If you use our products and services (together “services”), we process data for the preparation of the conclusion of the contract and for the performance of the corresponding contract:
- We may advertise our services, e.g. through newsletters. You can find more information on this under Item 4.
- If we are in contact with you in relation to a contract, we will process data, e.g. when you contact the contact persons indicated in our price lists. This mainly concerns data that you send us, e.g. name, contact details, details of requested services and the contact date.
- When we conclude a contract with you, we will process the data from the preliminary stages of contract conclusion (see above) and information on the contract conclusion itself (e.g. conclusion date and subject matter of the contract).
- We will also process personal data during and after the term of the contract. This concerns, for example, information on the purchase of services, but also on payments, contacts with customer service, reciprocal claims, complaints, defects, returns, data on the termination of the contract and – should disputes arise in connection with the contract – also about these and corre-sponding processes. We use these data because we cannot execute contracts without them.
- We also process the above data for statistical evaluations. Such evaluations support the improvement and development of products and business strategies. We may also use them specific to the individual for marketing purposes; you can find more information on this in Item 4.
For contractual partners who are companies we process less personal data because data protection law only covers data of natural persons (i.e. humans). However, we do process data of the contact persons we are in contact with, e.g. name, contact details, professional details and details from communication, and information on management members etc. as part of the general information about companies with which we work.
4. How do we process data in connection with advertising?
We also process personal data in order to promote our services:
- Newsletter: We send electronic newsletters that contain advertising for our offers, but also for those of other companies that we cooperate with. We ask for your consent beforehand, except when we promote specific offers to existing customers. In addition to your name and e-mail address, we will in this context also process information about the services you have already used, whether you open our newsletter and which links you click on. For this purpose, our email delivery service provider offers a function that essentially works with invisible image data that is loaded from a server via an encoded link and thereby transmits the relevant information. This is a common method that allows us to assess the effect of newsletters and to optimise our newsletters. You can avoid this measurement by setting your e-mail programme accordingly (e.g. by switching off the automatic loading of image files).
- Online advertising: We use data to ensure that our advertisements on thirdparty sites and platforms are displayed only to users who are likely to be interested in them. For further details, please refer to Item 7.
- Market research: We also process data to improve services and develop new products, e.g. information on your purchases or your reaction to newsletters or information from customer surveys and polls or from social media, media monitoring services and public sources.
5. How do we cooperate with service providers?
We use various services from third parties, in particular IT services (examples are providers of hosting and data analysis services), shipping and logistics services and services from banks, postal service, consultants, etc. You will find details of service providers for our website in Item 8. In doing so, these service providers may also process personal data to the extent necessary.
6. Can we disclose data abroad?
The recipients of data are located not only in Switzerland. That concerns certain service providers (especially IT service providers). These have locations both within the EU or the EEA, but also in other countries around the word, e.g. in the USA. We may also transfer data to authorities and other persons abroad if we are legally obliged to do so or, for example, in the context of a company sale or legal proceedings (see Item 9). Not all of these states have adequate data protection. We compensate for the lower protection through appropriate contracts, especially the socalled standard contractual clauses of the European Commission, which are available here. In certain cases, we may transfer data in accordance with data protection requirements even without such contracts, e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the execution of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.
7. How do we process data in connection with our website?
For technical reasons, certain data is collected every time you use our website and stored temporarily in log files (log data), in particular the IP address of the end device, information about the Internet service provider and the operating system of your end device, information about the referring URL, information about the browser you use, the date and time of access and the content accessed while visiting the website. We use this data to enable the use of our website, to ensure system security and stability, to optimise our website and for statistical purposes.
You can configure your browser in the settings so that it will block certain cookies or similar technologies or delete cookies and other stored data. You can find out more about this in the help pages of your browser (usually with the keyword “Data protection”).
These cookies and other technologies may also come from third party companies that provide us with certain features. These may also be located outside of Switzerland or the EEA (see Item 7 for details). For example, we use analytics services so that we can optimise our website. The respective thirdparty providers may record the use of the website for this purpose and combine their recordings with further information from other websites. This allows them to record user behaviour across several websites and end devices in order to provide us with statistical evaluations on this basis. Providers may also use this information for their own purposes, e.g. for personalised advertising on their own website or other websites. If a user is registered with the provider, the provider can assign the usage data to the respective person.
Two of the most important thirdparty providers are Google and Facebook. You can find further details on these below. Other thirdparty providers usually process personal and other data in a similar way.
- On our website, we use Google Analytics; an analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd (Google Building Gordon House, Barrow St, Dublin 4, Ireland). Google collects certain information about the behaviour of users on the website and about the end devices they use. The IP addresses of visitors are shortened in Europe before being forwarded to the USA. Google provides us with analyses based on the recorded data, but also processes certain data for its own purposes. You can find information on Google Analytics data protection here, and if you have a Google account, you can find additional information here.
- Our website also uses the “Facebook pixel” and similar technologies of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This enables us to ensure that our ads on Facebook and its partners (“Audience Network”) are shown only to users who are likely to be interested in those ads. This also allows us to measure the effectiveness of ads on Facebook for statistical and market research purposes. You can find additional information here. We share responsibility with Facebook for sharing data that Facebook receives as a result, displaying personalised ads, improving ad delivery and personalising content. Users can send requests for information and other requests in this context directly to Facebook.
For more information, see the “About Hotjar” section on Hotjar's help page.
- On our website, we use Google Tag Manager from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd. (Google Building Gordon House, Barrow St, Dublin 4, Ireland). Google Tag Manager allows us to centrally incorporate and manage sections of code from various tracking tools that we use on our website. It is an organisational tool with which the website tags can be integrated and managed centrally and via a user interface. Tag is the term for a small section of code that, for example, records (tracks) your activity on our website. These tags take on different tasks. They may collect browser data, feed data to marketing tools, embed buttons and set cookies. We use Google Tag Manager to optimise our website for the best possible user experience.
8. How do we process data via social media?
We operate our own presences on social networks and other platforms (Facebook, LinkedIn, Instagram and YouTube). If you communicate with us there or comment on or disseminate content, we collect information for this purpose, which we use primarily for communication with you, for marketing purposes and for statistical evaluations (see Items 4 and 9 on this). Please note that the provider of the platform also collects and uses data (e.g. on user behaviour) itself, possibly in combination with other data known to it (e.g. for marketing purposes or to personalise the platform content). Insofar as we are jointly responsible with the provider, we shall enter into a corresponding agreement, about which you can obtain information from the provider.
9. Is there any other processing performed?
Yes, because very many processes are not possible without processing personal da-ta, including common and even unavoidable internal processes. This cannot always be precisely determined in advance, nor can the amount of data processed in the process. But you will find details of typical (though not necessarily frequent) cases below:
- Communication: When we are in contact with you (e.g. when you call customer service or when you communicate with us on a social media platform), we process communication content information about the nature, timing and location of the communication. We may also process proof of identity details for your identification.
- Compliance with legal requirements: We may disclose data to authorities as part of legal obligations or authorisations and to comply with internal regulations.
- Prevention: We process data for the prevention of criminal offences and other violations, e.g. within the context of fraud prevention or internal investigations.
- Legal procedures: Insofar as we are involved in legal proceedings (e.g. court or administrative proceedings), we process data e.g. on parties to the proceedings and other persons involved such as witnesses or respondents and disclose data to such parties, courts and authorities, possibly also abroad.
- IT security: We also process data for monitoring, controlling, analysing, securing and checking our IT infrastructure, but also for backups and archiving data.
- Competition: We process data about our competitors and the market environment in general (e.g. the political situation, the association landscape, etc.). We may also process data about key individuals, in particular name, contact details, role or function and public statements.
- Transactions: If we sell or acquire receivables, other assets, business units or companies, we process data to the extent necessary for the preparation and execution of such transactions, e.g. information on customers or their contact persons or employees, and also disclose corresponding data to buyers or sellers.
- Other purposes: We process data to the extent necessary for other purposes such as training and education, administration (e.g. contract management, accounting, enforcing and defending claims, evaluating and improving internal processes, compiling anonymous statistics and evaluations; acquiring or disposing of receivables, businesses, parts of businesses or companies and safeguarding other legitimate interests.
10. How long do we process personal data?
We will process your personal data for as long as it is necessary for the purpose of processing (in the case of contracts, generally for the duration of the contractual relationship), for as long as we have a legitimate interest in storing it (e.g. in order to enforce legal claims, for archiving and or to ensure IT security) and for as long as data is subject to a statutory retention obligation (for example, a tenyear retention period applies to certain data). After these periods have expired, we will delete or anonymise your personal data.
11. Are there any other issues that need to be considered?
Depending on the applicable law, data processing is permitted only if the applicable law specifically allows it. This does not apply under the Swiss Data Protection Act, but does e.g. apply under the GDPR insofar as it is applied (which can be determined only on a casebycase basis). In this case, we base the processing of your personal data on the fact that it is required for the preparation and execution of contracts (Item 3), that it is necessary for the legitimate interests of us or third parties, e.g. for statistical evaluations (Item 3) or marketing purposes (Item 4), that it is required or permitted by law or that you have separately consented to the processing. You will find the relevant provisions in Sections 5 and 8 of the GDPR.
Incidentally, you are not obligated to disclose data to us, subject to individual cases (e.g. if you have to fulfil a contractual obligation and this involves disclosing data to us). However, we need to process data for legal and other reasons when we conclude and execute contracts. The use of our website is also not possible without data processing (see Item 7 on this).
12. What are your rights?
You have certain rights under applicable data protection law so that you can obtain further information about and act on our data processing:
- You can request additional information on our data processing. We will be happy to assist you in this. You can also submit a socalled information request if you want more information and a copy of your data;
- You can object to our data processing, especially in connection with direct marketing;
- You can have incorrect or incomplete personal data corrected or completed or amended with a note of dispute;
- You also have the right to receive the personal data you have provided in a structured, current and machinereadable format, insofar as the corresponding data processing is based on your consent or is necessary for contractual performance;
- insofar as we process data on the basis of your consent, you can revoke your consent at any time. Revocation applies only to the future and we reserve the right to continue to process data on a different basis in the event of a revocation.
If you wish to exercise such a right, please feel free to contact us (Item 2). As a rule, we have to check your identity (e.g. by means of a copy of your identification papers). You are also free to file a complaint against our processing of your data with the competent supervisory authority, in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).