Data protection policy
1. Data protection at a glance
1.1 General information
The following information gives a simple overview of what happens to your personal data when you visit our website. Personal data is data that can be used to identify you personally. Detailed information on data protection can be found in our data protection policy below.
1.2 Data collection on our website
Who is responsible for data collection on this website?
The data collected on this website is processed by the website operator. The operator’s contact details can be found in point 2.2.
How do we collect your data?
Your data will be collected when you communicate it to us. As an example, this could be data you enter on a contact form.
Other data is automatically collected by our IT systems when you visit the website. This data is primarily technical data (e.g. web browser, operating system or time you accessed the page). Data is collected automatically as soon as you access our website.
What rights do you have regarding your data?
Analytics tools and tools from third-party providers
2. General information and mandatory information
2.1 Data protection
We take the protection of your personal data very seriously. We treat your personal data confidentially, in compliance with legal data protection provisions and this data protection policy.
If you use this website, various pieces of personal data will be collected. Personal data is data that can be used to identify you personally. It is generally possible to use our website without providing personal data. If our website asks for personal data (e.g. name, address or email address), this is always provided on a voluntary basis. Some of this data may be shared with third parties in line with this data protection policy.
This data protection policy explains which data we collect and what we use it for. It also explains how and for what purposes this is carried out.
Please note that the security of data transmitted via the internet (e.g. email communication) may be compromised. It is not possible to completely protect data against third-party access.
2.2 Controller information
If you have any questions about data protection, please contact firstname.lastname@example.org.
2.3 Data protection officer
You may also contact our data protection officer with any questions about data protection at any time.
Data protection officer for Germany: email@example.com
Data protection officer for Switzerland: firstname.lastname@example.org
2.4 Relevant legal bases
The legal basis for processing your personal data in individual cases depends on the purpose. More specifically, this may be:
- your explicit consent (if required by law), which you can withdraw at any time;
- the conclusion or the performance of a contract with you or the implementation of pre-contractual measures;
- the safeguarding of our legitimate interests, unless these are overridden by your interests or fundamental rights and freedoms;
- the fulfilment of legal obligations.
2.5 Sharing personal data
We treat your personal data as strictly confidential and share it only if you have given your explicit consent, if we are legally obliged or entitled to do so (e.g. as part of commissioned data processing) or if it is necessary in order to enforce our rights, particularly claims as part of the contractual relationship. In addition, we share your personal data with third parties as far as this is necessary or appropriate in the context of website use or to provide services you have requested. Of course, the legal regulations for sharing personal data with third parties are observed.
To provide our services, comply with contractual or legal regulations or for other purposes set out in this data protection policy, it may be necessary for us to disclose your personal data to the following categories of recipients:
- Group companies
- Business partners
- Service providers
- Logistics partners
- Debt collection partners
- Service companies
- Marketing services
Of course, the legal regulations for sharing personal data with third parties are observed. If we use third parties to provide our services, we take suitable legal precautions and corresponding technical and organisational measures to ensure the protection of your personal data in line with the applicable legal regulations.
Sharing generally takes place within Switzerland or with recipients in member states of the EU or the EEA, or in other states with appropriate data protection legislation. We share data with recipients in other countries only if this is based on recognised guarantees (particularly contractual agreements) or your consent, which we obtain on a case-by-case basis.
2.6 Storage period
Unless otherwise explicitly stated in this data protection policy, we process and store your personal data only for as long as it is necessary in order to fulfil our contractual and legal obligations, or for the purposes pursued by the processing, e.g. for the duration of the entire business relationship (from initiation to execution to termination of the contract and the warranty period and a subsequent support phase), and in line with statutory retention and documentation periods. Personal data may also be stored for a longer period of time in which claims may be asserted against us, insofar as we are otherwise legally obliged to do so or legitimate business interests require us to do so (e.g. for evidence and documentation purposes).
As soon as your personal data is no longer required for the above-mentioned purposes, or if the set retention period passes, your personal data is erased or suppressed if possible.
2.7 Data security
The security of your personal data is important to us. We take appropriate and suitable technical and organisational measures to ensure the security of your personal data and to protect it against unjustified or unlawful processing and/or unintentional loss, alteration, disclosure or access. Among other things, this includes the use of recognised encryption methods (e.g. SSL encryption). We grant access to your personal data exclusively to employees, service providers or partners who require access to fulfil a business purpose or to carry out their duties.
We also take internal company data protection very seriously. Our employees and service providers commissioned by us are obliged to maintain secrecy and to comply with data protection regulations. Access to your personal data is granted only as far as this is necessary.
2.8 Links to third-party websites
Our website may contain links to other websites that are not operated by us and to which this data protection policy does not apply. We have no control over whether these operators comply with data protection regulations and as such accept no responsibility for the accuracy, completeness or topicality of the information provided there.
3. Data collection on our website
3.1 Overview of processing
The following overview summarises the types of data processed and the purposes for which it is processed, and refers to data subjects.
- Master data (e.g. names and addresses, gender and insurance)
- Content data (e.g. input into online forms)
- Contact details (e.g. email, phone numbers)
- Meta data/communications data (e.g. device information, IP addresses)
- Usage data (e.g. websites visited, interest in content, access times)
- Location data (information on the geographical position of a device or person)
- Contract data (e.g. object of the contract, term, customer category)
- Payment details (e.g. bank details, invoices, payment history)
Categories of data subjects
- Employees (e.g. employees, applicants, former employees).
- Business and contracting partners
- Interested parties
- Communication partners
- Users (e.g. website users, users of online services)
- Provision of online services and user-friendliness.
- Evaluation of user actions
- Click tracking
- Cross-device tracking (cross-device processing of user data for marketing purposes)
- Direct marketing (e.g. by email or post).
- Feedback (e.g. collection of feedback via an online form)
- Interest-based and behaviour-based marketing
- Contact requests and communication
- Conversion measurement (measurement of effectiveness of marketing measures)
- Profiling (creation of user profiles)
- Reach measurement (e.g. access statistics, recognition of repeat visitors).
- Security measures
- Server monitoring and error detection
- Provision of contractual services and customer service
- Management and response to requests
- Target groups (determination of target groups relevant to marketing purposes, or other content output)
3.2 Server log files
The website provider collects and saves information in ‘server log files’ that are sent to us automatically by your browser. This information includes:
- IP address
- browser type and version
- operating system used
- referrer URL
- host name for the accessing computer
- time of the server request
This data is collected and processed exclusively for the purpose of use of our website (establishing a connection), ensuring long-term system security and stability, optimisation of our online offering and for internal statistical purposes. This also includes our legitimate interest in data processing. This data is not merged with other data sources. In addition, this data cannot be traced back to individual persons. We reserve the right to review this data if we note any specific indications of unlawful use.
You may contact us via the contact form, by email, telephone or social media. In this case, the information you provide will be stored for the purpose of processing your request. The information collected through a contact form can be seen when using the contact form in question. Fields marked with an asterisk (*) are mandatory fields. Any additional information is provided by the person making the request on a voluntary basis.
Responses to contact requests within the context of contractual or pre-contractual relationships are given to fulfil our contractual obligations, for the purpose of responding to (pre-)contractual requests, and also on the basis of the legitimate interests in response to the requests.
We store the data provided by you via the contact form and keep it until you request that it is erased, until you withdraw your consent to storage of data, or until the purpose for storage no longer applies (e.g. if a request has been processed). Mandatory legal provisions – with particular reference to retention periods – remain unaffected.
If you wish to subscribe to our newsletter, we require an email address and information that allows us to verify that you are the owner of the email address provided and that you consent to receipt of the newsletter. We use this data only to send the information requested and do not share it with third parties.
Any data you enter into the contact form is processed exclusively with your consent. You can withdraw your consent to storage of data, the email address and their use to send newsletters at any time – e.g. by clicking on the ‘Unsubscribe’ link in the newsletter. This does not affect the lawfulness of any data processing carried out before withdrawal.
Newsletter registration follows a ‘double opt-in’ process. This means that when you register, you receive an email that asks you to confirm your registration. This confirmation is necessary so that registration with someone else’s email address is not possible. Newsletter registration is recorded as evidence that the registration process complies with legal requirements. This includes storage of the time of registration and confirmation, and the IP address. Changes to your data stored by MailChimp are also recorded.
Your personal data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected. Your registration details are stored until you unsubscribe from the newsletter.
Our company works with the e-recruiting solution from Ostendis AG, which assumes data storage of application documents and offers procedures for processing this data within the meaning of commissioned data processing. Here, personal data is not analysed in depth by a machine (profiling) and automated data processing operations are not used for decision making (matching). The data is stored by Ostendis AG in a data centre belonging to the Swiss company Datawire AG (www.datawire.ch), Steinhausen, Switzerland, using Ostendis AG’s infrastructure. You can find more information and Ostendis AG’s data protection policy at: https://www.ostendis.com/de/privacy.
We use ‘cookies’ in certain cases. Cookies are small text files saved on your computer via the browser. Cookies are not harmful to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Most cookies used by us are ‘session cookies’. These are deleted automatically after your visit. Other cookies are saved on your end device until you delete them. These cookies allow us to recognise your browser when you visit us again. You can change your browser settings so that you are notified about stored cookies on your device and are able to accept or reject cookies in certain cases or in general, and activate the automatic deletion of cookies when you close your browser. Disabling cookies may restrict the functionality of this website. If cookies are necessary to allow electronic communications or to provide certain features you wish to use, these are saved. We have a legitimate interest in saving cookies to provide our services in a way that is free from technical errors and functions optimally. If other cookies (e.g. cookies used to analyse your browsing behaviour) are saved, these are detailed separately in this data protection policy.
4. Analytics, marketing and tracking services
We use various services for website analysis, marketing and tracking on our website, which we explain in further detail below. If we ask you for your consent to the use of third-party providers, the legal basis for this form of data processing is consent. If we do not obtain your consent, your data will be processed on the basis of our legitimate interests (i.e. for optimisation and marketing purposes and the design of our website). Third-party providers can also use permanent cookies, pixel tags or similar technologies for this purpose. Third-party providers do not receive any personal data from us, but can track your use of our website and merge this information with data from other websites you may have visited and which the third-party provider also tracks, and use this knowledge for its own purposes (e.g. to manage advertising). The responsibility for third-party provider processing of your personal data thus lies with the service provider, in line with its data protection regulations.
4.1 Google Analytics
Your consent is the basis for use of the mentioned analytics tools. We have concluded a commissioned data processing contract with Google and implement fully the strict requirements of the EU General Data Protection Regulation when using Google Analytics.
4.2 Google Ads
As an Ads customer, we also use Google conversion tracking, which is an analysis service provided by Google. If you are directed to our website via a Google ad, Google Ads will save a cookie on your device (‘conversion cookie’). These cookies have limited validity, do not contain any personal data and therefore cannot be used for personal identification. If the user visits certain pages on this website and the cookie has not yet expired, the fact that a user has clicked on the advert and has been directed to the page via an advert can be recognised by us and by Google. Each Google Ads customer has a different cookie. Cookies cannot therefore be tracked via the Ads customer’s website. The information obtained by the conversion cookie is used to compile conversion statistics for Ads customers that have opted for conversion tracking. Customers can find out the total number of users that have clicked on their advertisements and have been directed to the page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not want to take part in tracking, you can reject the cookies required; for example, via a browser setting that generally disables cookies. You can also object to interest-based ads from Google Ads by changing the settings at https://adssettings.google.de. Please note that in this case you may be unable to use all of this website’s functions. Find out more about Google’s data protection regulations at https://policies.google.com/privacy?gl=de.
4.3 Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution that allows us to manage website tags via a single interface, thus allowing us to integrate Google Analytics and other Google marketing services into our website. The tool itself does not collect any personal data. The tool triggers other tags, which in turn may collect data in certain circumstances. Google Tag Manager does not access this data. If disabled at domain or cookie level, it remains in use for all tracking tags implemented by Google Tag Manager. You can generally object to interest-based ads from Google. To do so, click on the following link: https://adssettings.google.de and change the settings available. More information about Google Tag Manager can be found via: https://www.google.com/intl/de/tagmanager/faq.html and https://policies.google.com/privacy
The website uses the ‘Custom Audiences’ remarketing feature from Facebook Inc., 1601 Willow Avenue, Menlo Park, CA 94025, USA, or if you have your usual place of residence in the European Economic Area (EEA) or Switzerland, the provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This allows website users to see interest-based ads (‘Facebook ads’) when visiting the social network Facebook or other websites that also use the process. We are interested in showing you ads that might be of interest to make the website more interesting for you. Due to the marketing tools used, your browser will automatically establish a direct connection with the Facebook server. We have no control over the scope and further use of data collected by Facebook through the use of this tool, and therefore wish to note that the information we provide to you is based on our level of knowledge. The integration of Facebook Custom Audiences means that Facebook is notified that you have accessed the corresponding web page on our website or have clicked on one of our ads. If you are registered with a Facebook service, Facebook can associate your visit to our website with your account. Even if you are not registered with Facebook or are not signed in, it is possible that the provider may obtain and store your IP address and other identifiers. It is possible to disable ‘Facebook Custom Audiences’ here; users that are signed in can do so at https://www.facebook.com/settings/?tab=ads#_. More information about data processing by Facebook can be found at https://www.facebook.com/about/privacy.
Newsletters are sent using MailChimp, a newsletter mailing platform, from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. MailChimp is a service used to organise and analyse newsletter mailing. The data you enter to subscribe to a newsletter (e.g. email address) is transferred to MailChimp’s servers in the US and stored there. MailChimp uses this information to send and statistically evaluate the newsletter on our behalf. For the analysis, the emails sent contain ‘web beacons’ or ‘tracking pixels’, which are one-pixel image files that are stored on our website. This allows us to determine if a newsletter message has been opened and which links, if any, have been clicked on. Technical information (e.g. time of access, IP address, browser type and operating system) is also collected. The data is collected in pseudonymous form and is not linked to your personal data; direct association with information relating to your personal identity is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of this analysis can be used to ensure that the content of future newsletters is better tailored to recipients’ interests. In addition, MailChimp may use this data itself on the basis of its own legitimate interest in the needs-based design and optimisation of the service and for market research purposes – e.g. to determine which countries recipients come from. However, MailChimp does not use newsletter recipients’ data to approach you directly, nor does it share data with third parties. If you wish to object to the analysis of this data for statistical analysis purposes, you must unsubscribe from the newsletter. MailChimp’s data protection policy can be viewed at https://mailchimp.com/legal/privacy/.
We use the Mapbox map service from Mapbox Inc. to provide an interactive map on our website that shows you how you can find us and our partners. This service allows us to show you maps loaded by an external server. The following data is transferred to the Mapbox server when maps are displayed: pages on our site you visited and your end device’s IP address. The legitimate interest is based on our need to present our services, products and partners, and ease of search for places indicated on our website. More information about data protection at Mapbox can be found at: https://www.mapbox.com/legal/privacy.
If you have completed and sent forms included on this website, you may receive emails from us at regular intervals; e.g. newsletters or notifications. We use the service SendGrid to evaluate your data with respect to mailings. SendGrid is a customer communications platform for transaction and marketing emails and is based mainly in the US. SendGrid’s data protection regulations can be found here: https://sendgrid.com/policies/privacy/. The servers on which SendGrid processes data are located mainly in the US; i.e. your email address will be transmitted to the corresponding US server. Find out what SendGrid does to comply with the data protection regulations applicable in the EU (GDPR) and Switzerland here > https://sendgrid.com/policies/privacy/privacy-shield-certification/.
We use DigitalOcean (DigitalOcean LLC, 101 Avenue of the Americas, 10th Floor, New York, NY 10013), which has a server in the EU (Frankfurt), as a cloud computing platform to host this website. For optimal performance, website content is provided via a content delivery network. DigitalOcean is subject to the US-EU ‘Privacy Shield’ data protection agreement. More information on data security can be found on DigitalOcean’s website: https://www.digitalocean.com/security/gdpr/
5. Social media
In addition to this website, we also have a social media presence, which you can view by clicking on the corresponding buttons on our website. If you visit such an online presence, personal data may be transmitted to the provider of the social network. We would like to point out that user data is also transmitted to a server in a third country and may therefore be processed outside Switzerland or the EU/EEA. Furthermore, data from users of social networks is usually processed for marketing and advertising purposes. For these purposes, cookies are usually stored on the user’s device, where the user’s usage behaviour and interests are stored. Furthermore, data may also be stored in user profiles regardless of the device used by the user (in particular if the user is a member of the respective platform and is signed in). For a detailed description of the forms of processing and opt-out options, please see the data protection policies and information provided by the operators of the respective networks.
6. Your rights
Right of access
You have the right to request confirmation from us as to whether we process your personal data and if so, what personal data we process.
Right to rectification
You have the right to request the rectification of your incorrect personal data and if necessary the completion of incomplete personal data in our systems.
Right to erasure
You have the right to request that your personal data is erased; for example, if the data is no longer required for the purposes pursued. However, if we are obliged or entitled to retain your personal data due to legal or contractual obligations, we may restrict or suppress your personal data only as far as is necessary in these cases.
Right to restriction of processing
If certain conditions are met, you have the right to request that the processing of your personal data is restricted.
You also have the right to request that you receive personal data concerning you, which you have provided us, in a structured, commonly used and machine-readable format, or that this data is transmitted to another controller.
Right to object
You have the right to object to the processing of your personal data at any time in accordance with legal provisions. In particular, you have the right to object to the processing of your personal data for direct marketing purposes.
Withdrawal of consent
You have the right to withdraw consent you have previously given to the processing of your personal data at any time with future effect. The lawfulness of processing previously carried out on the basis of consent is not affected by the withdrawal of consent.
Right to object
You have the right to lodge a complaint with a competent supervisory authority if you are of the opinion that the processing of your personal data infringes data protection regulations.
Please note that exceptions apply to these rights. In particular, we may have to further process and store your personal data to fulfil a contract with you, to protect our own compelling interests, such as the assertion, exercise or defence of legal claims, or to comply with legal obligations. If permitted by law, we can therefore reject your requests relating to data protection, e.g. requests for information and erasure, or comply with them only to a limited extent.
7. Cookie banner
8. Changes to the data protection policy
We explicitly reserve the right to change or add to this data protection policy at any time at our dis-cretion. The current version published on our website always applies.