Last updated on 24.08.2023
1) Personal data that we collect
1.1) Website visitors
- Usage data (e.g. web pages visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
1.2) Customers / Suppliers / Interested Parties:
- Contact information (name, address, email address, phone number)
- Content data (e.g. text inputs, attachments, photographs)
- Service agreement
2) Legal basis and purposes of processing
2.1) Purposes of processing
We use the collected data for the following purposes:
- Fulfillment of our service agreement and provide you with customer service and support.
- Analyze, improve, personalize and monitor the use of our services.
- Responding to contact requests and communicating with users.
2.2) Legal basis
We rely on the following legal bases:
- Obtaining consent (Art 6 Abs 1 lit a GDPR)
- Contract fulfillment (Art 6 Abs 1 lit b GDPR)
- Legitimate interests (Art 6 Abs 1 lit f GDPR)
3) Data retention, storage and transmission
3.1) Retention periods
Please note that we also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, unless such data is used to improve the security or functionality of our services or we are required by law to retain such data for a longer period of time.
3.2) Data transfers
If we process data outside Switzerland or the European Union or do so in the context of using third-party services, this will only be done for the purpose of fulfilling our contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. We process or allow the processing of data in a third country only if the special requirements of Art. 44 GDPR are met. This means that the processing is carried out for example on the basis of special guarantees, such as level of data protection officially recognized by the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
4) Security measures
We have implemented organizational and technical measures to ensure a level of protection appropriate to the risk in accordance with Art. 32 GDPR, taking into account the current available technologies, costs of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
4.1) Organizational measures
The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling access to the data, as well as disclosure of the data.
4.2) Technical measures
We take into account the protection of personal data already during development, the selection of hardware and software as well as procedures, according to the principle of privacy by design and by default (Art. 25 GDPR). The security measures include in particular the encrypted transmission (SSL) of data between your browser and our server.
4.3) Evaluation measures and data protection management
We have established procedures to ensure the exercise of data subjects' rights, deletion of data, and response to data compromise. These personal data processing procedures are regularly reviewed and our security measures are continuously adapted in line with technological developments.
4.4) Data protection impact assessment
No data protection impact assessment has been carried out. According to Art. 35 GDPR, a data protection impact assessment must be carried out if the intended and/or ongoing data processing involves a higher-than-average risk of a violation of data subjects' rights. Such a risk does not exist in the specific case, especially since no data within the meaning of Art. 9 GDPR are processed. Furthermore, the data processing does not take place to any particular extent or scope and no special forms or ways of data collection are used. In addition, according to Art. 35 GDPR, it is not the processor itself but the controller who is obliged to carry out a data protection impact assessment, if such an assessment would be necessary.
5) Cookies policy
Our website uses so-called cookies and related tracking technologies.
5.1) What are cookies?
Cookies help us provide you with the best possible user experience and provide insights on how to improve our service. They are text files that are downloaded to your computer or mobile device when you visit a website and allow us to recognize you on your next visit.
Cookies do no harm your device. Some of them are technically necessary for the website to function properly and for us to enable you to use certain features (e.g., saving your input when you fill out a form so that you do not have to enter the same information each time you revisit a website).
Other cookies are used to evaluate user behavior and thus optimize our services and website, and enable the use of online marketing services.
5.2) Cookie consent
You can restrict or disable the storage of cookies in your web browser at any time. You can delete cookies that have already been stored. When disabling cookies, the functionality of this website may be limited.
In addition, our website uses a cookie consent widget to obtain your consent to store certain cookies in your browser. A cookie statement is provided where you can find a list of all cookies used with important details such as storage duration, purpose and the indication of origin.
5.3) Which tracking technologies do we use?
5.3.1) Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC ("Google"), on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 lit. f. GDPR).
Google Analytics enables us to measure and evaluate the use of our website (on an anonymous basis). The service providers do not receive any personal data from us, such as name or address, but they can track your usage and behavior on the website.
We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
5.3.2) Google Tag Manager
This website uses Google Tag Manager. This service allows to manage website tags. No cookies are set and no personal data is collected. Google Tag Manager triggers other tags, which in turn may record data. However, Google Tag Manager does not access this data. If tags have been disabled at the domain or cookie level, this will remain the case for all tracking tags when implemented with Google Tag Manager. For more information about Google Tag Manager, see the following link: https://www.google.com/analytics/terms/tag-manager/
6) Rights of the data subjects
You have a right of information about your stored data and, if applicable, a right to correction or deletion of this data.
Responsible party in the sense of the data protection laws:
Rychenbergstrasse 35, 8400 Winterthur