For individual or additional offers and services, special, supplementary or further data privacy statements as well as other legal documents such as general terms and conditions (GTCs), conditions of use or conditions of participation can apply.
Responsible for the processing of personal data:
We will point out if, in individual cases, other persons/companies are responsible for the processing of personal data.
Processing of personal data
Personal data is all the information relating to a specific or an identifiable person. A data subject is a person whose personal data is being processed. Processing includes all handling of personal data, irrespective of the means and processes employed, in particular the storage, disclosure, procurement, collection, deletion, filing, amendment, destruction and use of personal data.
We process personal data in compliance with Swiss data protection legislation, in particular the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (DPO).
Type, scope and purpose
We process only personal data that is required for us to be able to provide an offer that is sustainable, user-friendly, secure and reliable. Such personal data may fall in particular into the categories of inventory and contact data, browser and device data, content data, meta data as well as usage data, location data, sales, contract and payment data.
We process personal data for the duration that is necessary for the relevant purpose(s) or as specified by law. Personal data that no longer needs to be processed is either anonymised or erased. Those people whose data we process have a fundamental right to erasure.
We fundamentally process personal data only once we have received the consent of the data subject unless the processing is authorised for other legal reasons, for example for the fulfilment of a contract with the data subject and for corresponding pre-contractual measures, in order to protect our overriding legitimate interests, for purposes evident from the circumstances or in accordance with prior information.
Within this context, we in particular process information that the data subject has provided voluntarily themselves when contact was established with us, for example by letter, email, contact form, social media or telephone, or when registering for a user account. We can store such information in an address book, in a customer relationship management system (CRM system) or in comparable tools. Insofar as you provide us with data of third parties, you are obliged to comply with the data protection laws where these persons are concerned and to vouchsafe the correctness of such personal data.
In addition, we process personal data that we receive from third parties or from publicly accessible sources or that we collect during the course of making our offer available, insofar as such processing is admissible for legal reasons.
Personal data from job applications is only processed insofar as it is required for an assessment of the suitability of the applicant for an employment relationship or for the later conclusion of an employment contract. Personal data that is required for the processing of an application comprises the information that is supplied/requested as part of the job advertisement, for example. Applicants have the option of providing additional information on a voluntary basis regarding their application.
Processing of personal data by third parties, including third parties abroad
We can have personal data processed by authorised third parties or together with third parties, as well as with the help of third parties, or we can transfer data to third parties. Such third parties are, in particular, suppliers whose services we use. We guarantee adequate data protection for such third parties too.
Such third parties are generally located in Switzerland as well as in the European Economic Area (EEA). Such third parties, can, however, also be based in other states and territories in the world as well as elsewhere in the universe, provided that their data protection standards, according to the assessment of the Federal Data Protection and Information Commissioner (FDPIC) guarantee an appropriate level of protection, or adequate data protection is guaranteed for other reasons, such as a corresponding contractual agreement, in particular on the basis of standard contractual clauses, or corresponding certification. By way of exception, such a third party can also be located in a country without adequate data protection, provided that the data protection requirements, such as the express consent of the data subject, are fulfilled.
Rights of data subjects
Data subjects whose personal data we process have rights under Swiss data protection legislation. This includes the right to receive information as well as the right to request the correction, erasure or blocking of the personal data being processed.
Data subjects whose personal data we process have the right to lodge a complaint with the competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
We take appropriate and suitable technical and organisational measures to guarantee data protection and data security, in particular. However, the processing of personal data via the internet is always subject to security breaches despite such measures. We therefore cannot guarantee absolute data security.
Our online offer is accessed via transport encryption (SSL / TLS, in particular Hypertext Transfer Protocol Secure, HTTPS for short). Most browsers identify transport encryption with a padlock in the address bar.
Access to our online offer is subject – just as fundamentally all use of the internet – to unfounded and suspicion-free mass surveillance as well as other surveillance by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We have no direct influence on the corresponding processing of personal data by the intelligence services, police services or other security services.
Use of the website
When you visit our website, cookies can be stored on a temporary basis as session cookies or for a specific period as permanent cookies. Session cookies are automatically deleted when you close your browser. Permanent cookies have a specific storage period. In particular, they make it possible to recognise your browser when you next visit our website and thus allow us to measure the reach of our website, for example. Permanent cookies can also be used for marketing purposes.
For cookies that are used for success and reach measurement or for advertising, a general opt-out is available for numerous services via Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
Server log files
We can record the following information every time our website is accessed, insofar as this is transmitted from your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, separate sub-pages of our website accessed including the data volume transmitted, the last website accessed in the same browser window (referrer).
We store such information, which could also be personal data, in server log files. This information is required for us to make available our online offer on a permanent, user-friendly and reliable basis as well as for us to guarantee data security and in particular the protection of personal data – also by third parties or with the help of third parties.
We can use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – also from third parties whose services we use – are small, generally invisible images that are automatically retrieved with a visit to our website. The same information can be stored with tracking pixels as in the server log files.
Notifications and communications
We send notifications and communications such as our newsletter via email and other communication channels, e.g. instant messaging.
Success and reach measurement
Notifications and communications can contain web links or tracking pixels that record whether the individual communication was opened and which web links were clicked. Such web links and tracking pixels can also record the use of notifications and communications on a personal basis. We require these statistics to measure success and reach and in order to offer such notifications and communications effectively and in a user-friendly fashion and based on the needs and reading habits of the recipients as well as on a sustainable, secure and reliable basis.
Consent and objection
You must expressly agree to the use of your email address and your other contact details, unless the use thereof is permissible for other legal reasons. When obtaining consent to the receipt of emails, we use the double opt-in procedure whenever possible, i.e. you receive an email with a web link that you must click for confirmation in order to prevent misuse through the actions of unauthorised third parties. We can log such consent, including your Internet Protocol (IP) address and the date and time, for evidentiary and security reasons.
You can unsubscribe from notifications and communications such as newsletters at any time. By unsubscribing you can in particular oppose the statistical recording of your data for success and reach measurement purposes. Notifications and communications that are absolutely necessary for our offer remain reserved.
Service providers for notifications and communications
We send notifications and communications via the services of third parties or with the help of service providers. Cookies may be used in this regard.
In particular we use:
- CleverReach: email marketing platform; provider: CleverReach GmbH & Co. KG (Deutschland); information regarding data privacy: General Privacy Statement.
We are present on social media and other online platforms in order to communicate with interested parties and to provide information about our offer. This means that personal data can also be processed outside of Switzerland and the European Economic Area (EEA).
The general terms and conditions (GTC) and conditions of use as well as the data privacy statements and other provisions of the individual providers of such online platforms also apply in every case. These provisions provide information on the rights of the data subjects, which includes in particular the right to receive information.
Services of third parties
We use the services of third parties to enable us to provide an offer that is sustainable, user friendly, secure and reliable. Such services can also serve to embed content in our website. Such services – for example hosting and storage services, video services and payment services – require your Internet Protocol (IP) address, since these services can otherwise not transmit the corresponding contents.
For their own security-relevant, statistical and technical purposes, third parties whose services we employ can also process your data in connection with our offer as well as from other sources by using cookies, log files and tracking pixels, on an aggregated, anonymised or pseudonymised basis.
We use the services of third parties in order to take advantage of the necessary digital infrastructure for our offer. This includes hosting and storage services of specialist providers.
In particular we use:
- Cyon: hosting; provider: Cyon LLC (Switzerland); information regarding data privacy: Datenschutzerklärung
We use the services of third parties to enable the direct use of audiovisual media on our website such as music or videos.
In particular we use:
- Vimeo: videos; provider: Vimeo Inc. (USA); information regarding data privacy: “Data Protection”, Privacy Statement.
Success and reach measurement
We use services and programs to analyse how our online offer is being used. In this context we can measure the success and reach of our online offer as well as the impact of linked third parties on our website. In addition, we can test and compare how different versions of our online offer or parts of our online offer are being used, (A/B test method). Based on the results of the success and reach measurement, we can resolve problems, enhance popular contents or in particular introduce improvements to our online offer.
When using services and programs to measure success and reach, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are fundamentally abbreviated in order to comply with the principle of data economy via pseudonymisation and to improve the data privacy of our website users (IP masking).
When using services and programs to measure success and reach, cookies may be used and user profiles set up. User profiles include, for example, the pages visited or the contents read on our website, information on the size of the screen or the browser window and the location – or at least its rough coordinates. Fundamentally, user profiles are set up exclusively in anonymised form. We do not use user profiles to identify the individual users of our website. Individual services for which you as a user are registered can at most attribute the use of our online offer to your profile, whereby you generally have to give your prior consent before this can be done.
In particular we use:
- Matomo: success and reach measurement; provider: Matomo (free open-source software); information regarding data privacy: Use of own server infrastructure with pseudonymised Internet Protocol (IP) addresses, List of all Matomo Features.
We can amend and supplement this data privacy statement at any time. We will inform you of such amendments and supplements in an appropriate form, in particular by publication of the currently valid data privacy statement on our website.