Privacy policy
Data protection policy, data security and the responsible handling of personal data are strong concerns and we, at FIRMENNAME, FIRMENADRESSE ("FIRMENNAME", "we", "us") take very seriously. In most cases, the provisions of the Swiss Data Protection (DSG) and the associated Ordinance (DSV) apply to our processing of personal data. For some processing that happens occasionally, the regulations of the EU General Data Protection Regulation (GDPR) may also apply directly.
In this privacy policy, we describe how we collect and process personal data (information that relates to and directly or indirectly identifies an individual) when you visit our website, use our apps, comment on our blog posts, enter into contracts with us, use our services or otherwise deal with us in a business or personal way.
In some cases, we process personal data on behalf of our clients and/or partners. In this context, we are considered exclusively as an order processor; our customers/partners are responsible for the lawful processing of data. If you have any questions about processing your data or wish to assert your rights under data protection law, please contact our customers/partners or consult their data protection policy.
If you have any questions about the data processing described in this privacy policy, you can contact us using the contact form at the following link: CONTACT FORM
If you would like to exercise your applicable data protection rights or have general questions about our data protection, please contact
We process different categories of personal data about you. The most important categories are the following:
Master data
This is the base data such as name, contact details, personal data, photos, customer history, powers of attorney, consent forms, your relationship with us (e.g. customer, supplier, partner) as well as information about third parties (e.g. contact persons).
Contract data
This is data that arises in the context of the provision of our services (e.g. services or when you buy our products in the webshop) and in the conclusion and processing of contracts (both with customers, suppliers, service providers, partners, etc.), such as contractual services that we owe you, or you owe us, data concerning the provision of services, data from the run-up to the conclusion of the contract (e.g. references), information about reactions (e.g. information about satisfaction) and financial data (e.g. payment information but also creditworthiness data).
Communication data
This is data that arises in connection with communications between you and us and with third parties (e.g. by email, telephone, letter or other means of communication), such as the content of emails, letters or your comments on our blog posts, your contact details and marginal data of the communication. It also includes audio recordings of telephone calls.
Registration data
This data accumulates in the context of a registration (e.g. online, app, newsletter), in competitions, or when redeeming vouchers with us, or that you provide to us (e.g. user name, e-mail). It also includes access data within the scope of access controls.
Technical data
This data accumulates in the context of the usage of our electronic offers (e.g. website), such as IP address, information about the operating system of your end device, the region and the time of use. Isolated technical data do not allow any conclusions to be drawn about your identity.
Behavioural and preference data
This is data about your behaviour and preferences, such as responses to electronic communications, navigation on the website, interactions with our social media profiles, participation in competitions or events, etc.), supplemented where necessary with information from third parties (including publicly available sources). Regarding tracking, see chapter "10. Use of cookies, tracking technologies and social media plugins".
Other data
In particular, this includes data arising in connection with official or judicial proceedings (e.g. files, evidence, etc.), data collected on the basis of health protection (e.g. protection concepts), access data or rights (e.g. visitor lists), and attendance at events.
From you
You disclose much of the data above to us yourself (e.g. in connection with our services for you or your employees or clients or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you want to conclude contracts with us or use our services, you must provide us with specific data.
From third parties
We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, the media or the internet, including social media) or from authorities and other third parties (e.g. credit agencies, address dealers, associations, contractual partners, internet analysis services). In particular, this includes the following categories: Master data, contract data and other data, but also all other categories of data described above, as well as data from correspondence and discussions with third parties. If you work for an employer, client or someone else in business or other relationship with us, they may also provide us with data about you.
In principle, we may obtain and process your personal data in particular for the following purposes:
Operation of our website
You can visit our website and find out about our services without telling us who you are. However, in order to operate our website in a secure and stable manner, we collect technical data that at least allows us to recognise you. In addition, we use cookies and similar technologies (see below).
Recording, administration and processing of contracts
We process personal data in connection with the provision of our services (e.g. when you use registration, order or contact forms on our website, order something via our webshop, enquire about our offers and services by telephone or via communication apps or contact our support via our own communication services or those of third-party providers). This applies not only in connection with the conclusion and processing of contracts with our customers, but also with our suppliers, service providers, project partners and others. This also includes, among other things, processing for the purpose of checking creditworthiness, for advisory services, for customer support and for the provision and collection of contractual services (which also includes the involvement of third parties). It also includes the enforcement of legal claims arising from contracts (debt collection, legal proceedings, etc.), accounting, termination of contracts and public communication.
Communication
We process your data in order to be able to communicate with you (e.g. to answer enquiries within the scope of consultation as well as the processing of contracts). If we need or want to establish your identity, we request additional data (e.g. a copy of an identity document).
Marketing purposes and relationship management
We process data for marketing purposes and to maintain relationships. For example, we send our customers, other contractual partners, other interested parties personalised advertising (e.g. by e-mail or other electronic channels) about products, services and other news from us in connection with free services (e.g. test access, invitations, vouchers) or as part of individual marketing campaigns. You may refuse such contacts or withdraw consent to be contacted for promotional purposes at any time by notifying us at the address or unsubscribe link shown at the end.
Market research, improvement of our services and operations, and product development
in order to continuously improve our products and services (including our website and other electronic offers), we analyse, for example, how you navigate through our website or which products are used by which groups of people and in what way.
Registration
In order to use certain offers and services (e.g. login areas, newsletter), you must register (directly with us or via our external login service providers). We process data for this purpose. Furthermore, we may also collect further personal data about you during the use of the offer or service.
Security purposes and technical and physical access controls
In order to continuously improve the appropriate security of our events and our other infrastructure (e.g. buildings), we process data about you. This is done, for example, for monitoring, analyses and tests of our infrastructures, for system and error checks, for documentation purposes and as part of security copies. Access controls include, on the one hand, controlling access to electronic systems (e.g. logging into user accounts), but also physical access control. For security purposes (preventive and to clarify incidents), we keep access logs or visitor lists where we document the name of the visitor and the time of the visit.
Adherence to laws, directives and recommendations of authorities and internal regulations ("Compliance")
We may process personal data as part of our compliance with the law (e.g. combating money laundering, tax law obligations or for the implementation of health and safety concepts). In addition, data processing may take place in the course of internal investigations, as well as external investigations (e.g. by a law enforcement or supervisory authority or an appointed private body). The legal obligations may be Swiss law, but also foreign regulations to which we are subject, as well as self-regulation, industry standards, our own "corporate governance" and official instructions and requests.
Risk management and corporate governance
We may process personal data in the context of risk management (e.g. to protect against tortious activities) and corporate governance, including our business organisation (e.g. resource planning) and corporate development (e.g. acquisition and sale of business units or companies).
Other purposes:
These other purposes include, for example, training, educational and administrative purposes (e.g. accounting), safeguarding our rights and evaluating and improving internal processes. We may record telephone calls for training and quality assurance purposes. In such cases, we will inform you separately (e.g. by an appropriate announcement before the telephone call), and you are free to end the communication. Such recordings may only be made and used by our internal guidelines. The protection of other legitimate interests is also one of the other purposes that cannot be named exhaustively.
If the GDPR applies, we base the processing of your data on the following principles, depending on the situation and the purpose of the processing:
Vertrag
Insofar as we process data for the conclusion and performance of contracts which we conclude or have concluded for you or with you or your employer, client or other persons for whom you work, this is also the legal basis on which we process your data.
Legal obligation
We may also process your data based on applicable legal, regulatory and professional requirements with which we must comply.
Legitimate interest
We may process your data based on our legitimate interest or the legitimate interest of a third party. This applies in particular to achieving the purposes and objectives set out in chapter "3. Purpose of collecting and processing your data" and for carrying out related measures. Among other things, we have a legitimate (and overriding) interest in marketing our products and services as well as in gaining a better understanding of the markets relevant to us and our activities (in particular, in the efficient and secure handling of our processes and the further development of our activities), in the efficient and effective management of our company and in safeguarding the security of our systems and our interests vis-à-vis third parties.
Consent
If we ask you for your consent to process your data, this is the legal basis on which we process your data. We will inform you of the purpose of the processing. You may withdraw your consent at any time by notifying us in writing (by post or, unless otherwise stated or agreed, by email) with effect for the future. Once we have received and processed the notice of withdrawal of your consent, we will no longer process your data for the purposes to which you initially consented (unless further processing may be carried out based on another legal basis).
Other legal bases
In specific cases, we may also carry out data processing based on other legal bases. If this is the case, we will inform you in each individual case.
We assess certain of your characteristics for the purposes set out in chapter "3. Purpose of collecting and processing your data" using your data in an automated manner ("profiling") to determine preference data and to carry out statistical evaluations. We may also create profiles for the same purposes.
We collect and process your data in a trustworthy and responsible manner. To this end, we take appropriate security measures to safeguard the confidentiality, integrity and availability of your data to protect it against unauthorised or unlawful processing and to counteract the risks of loss, unintentional modification, unintentional disclosure or unauthorised access. However, security risks cannot be eliminated in general - a certain residual risk is unavoidable.
We only store personal data for as long as is necessary to fulfil the purposes for which the personal data was collected, we have a legitimate interest in keeping it or are legally obliged to do so, or storage is technically necessary (e.g. in the case of backups or document management systems). If there are no laws or agreements that say otherwise, we remove or make your data anonymous once we're done storing or using it, as part of our regular procedures.
In the interest of confidentiality, integrity and contractual availability of personal data, we take appropriate technical and organisational measures. In accordance with our risk assessment, we implement in particular access controls, access controls, as well as procedures for the regular review, assessment and evaluation of the effectiveness of the measures.
Insofar as no legal storage regulations exist in individual cases, we generally process personal data for the duration of the business relationship or contract term and then, depending on the applicable legal basis, for a further five, ten or more years. This corresponds to the period within we can assert legal claims against third parties or third parties. Ongoing or anticipated legal proceedings may result in processing beyond this duration.
In order to fulfil a contract, protect our interests or to comply with legal requirements, it may be necessary for us to disclose your data to the following categories of recipients: Group companies, contractual partners, registrars, registration partners, SSL providers, third-party service providers, credit agencies, address management companies, debt collection companies, communication service providers or courts and authorities as well as other persons if this is necessary for the fulfilment of the purposes described above, such as third parties in the context of agency relationships (e.g., your lawyer or your bank).
For the purposes described above, we may also share your personal data with our third party service providers who process data about you on our behalf or in joint responsibility with us or who receive data about you from us in their own responsibility.
For address verification, credit assessment or debt collection, we may pass on your personal data to credit agencies, address management companies or debt collection companies insofar as necessary and as described above.
If we are requested to do so by courts or authorities and are legally obliged to do so, we will disclose your data to them or other third parties.
We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but in exceptional cases - for example, via subcontracted processors of our service providers - potentially in any country in the world.
If a recipient is in a country without adequate data protection, we contractually oblige the recipient to comply with an appropriate level of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? are retrievable;including the supplements required for Switzerland), unless it is already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply namely in the case of legal proceedings abroad, but also in cases of overriding public interests, if the performance of a contract which is in your interest requires such disclosure (e.g., if we disclose data to our correspondence offices), if you have given your consent or it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if it concerns data that you have made generally accessible and you have not objected to the processing of this data.
You have certain rights in connection with our data processing. Depending on the applicable law, you may, in particular, request information about the processing of your data, have incorrect personal data corrected, request the deletion of personal data, object to data processing (whereby this right to object applies in particular, but not exclusively, to data processing for direct marketing), request the surrender of specific personal data in a standard electronic format or its transfer to other data controllers or revoke consent, insofar as our processing is based on your consent.
Please note that exceptions or limitations apply to these rights. In particular, we may need to process and store your data to fulfil a contract with you, to protect our legitimate interests, such as the assertion, exercise or defence of legal claims, or to comply with legal obligations. To the extent permitted by law, in particular, to protect the rights and freedoms of other data subjects and to protect our legitimate interests (e.g. secrecy and security interests as well as the consideration of our operational resources and possibilities), therefore, we may also refuse or only comply with your data protection-related requests, e.g. requests for information and deletion, in a limited manner. However, you have the right to file a complaint with a competent supervisory authority.
If you wish to exercise your data protection rights as a user of a website or application of one of our customers, please do so directly towards the respective operator of the website or application. This is because we are only a processor in this respect. The customer responsible for the processing must protect data protection rights.
When using our website (including newsletter and other digital offers), data is generated that is stored in logs (in particular technical data). In addition, we may use cookies and similar techniques (e.g. pixel tags or fingerprints) to recognise website visitors, evaluate their behaviour and recognise preferences. A cookie is a small file that is transmitted between the server and your system and enables the recognition of a specific device or browser.
You can set your browser to automatically reject, accept or delete cookies. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in the help menu of your browser.
Both the technical data collected by us and cookies do not generally contain any personal data. However, personal data that we or third-party providers commissioned by us store from you (e.g. if you have a user account with us or these providers) may be linked to the technical data or the information stored in and obtained from cookies and thus possibly to your person.
We also use social media plug-ins, which are small pieces of software that create a connection between your visit to our website and a third-party provider. The social media plug-in tells the third-party provider that you have visited our website and may send the third-party provider cookies that they have previously placed on your web browser. For more information on how these third-party providers use your personal data collected through their social media plug-ins, please refer to their respective privacy statements.
In addition, we use our own tools, as well as services of third-party providers (which may in turn use cookies) on our website, in particular, to improve the functionality or content of our website (e.g. integration of videos or maps), to compile statistics and to display advertisements.
At present, we may in particular use offers from the following service providers and advertising partners, whereby their contact details and further information on the individual data processing can be found in the respective data protection declaration:
- Google Analytics
Provider: Google Irland Ltd.
Datenschutzerklärung: https://support.google.com/analytics/answer/6004245
Some of the third-party providers we use may be located outside Switzerland. Information on data disclosure abroad can be found in chapter "8. Transferring your personal data abroad" In terms of data protection law, they are in part "only" order processors of us and in part responsible bodies. Further information on this can be found in the data protection declarations.
We operate on social networks and other platforms operated by third parties, pages and other online presences and process data about you in this context. In doing so, we receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms may analyse your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms) and act as their own data controllers for this purpose. For more information on processing by platform operators, please refer to the privacy statements of the respective platforms.
We currently use the following platforms, whereby the identity and contact details of the platform operator are available in the privacy policy in each case:
- Facebook
www.facebook.com
Datenschutzerklärung: www.facebook.com/privacy/policy - Twitter
www.twitter.com
Datenschutzerklärung: https://twitter.com/privacy - Instagram
www.instagram.com
Datenschutzerklärung: https://privacycenter.instagram.com/policy - Tiktok
www.tiktok.com
Datenschutzerklärung: https://www.tiktok.com/legal/privacy-policy - Mastodon
www.mastodon.social
Datenschutzerklärung: https://mastodon.social/privacy-policy - LinkedIn
www.linkedin.com
Datenschutzerklärung: https://www.linkedin.com/legal/privacy-policy
We reserve the right to change this privacy policy at any time. The version published on our website at the time shall apply.
CITY, September 2023