2. Data protection

Data protection

Header Datenschutz

Privacy policy

1. what is this privacy statement about?
"Personal data" is any information that can be associated with a specific individual, and "process" means any handling of it, such as obtaining, using and disclosing it. We therefore process personal data very often. We explain in this privacy statement how we do this, primarily in the course of our business and in connection with our website. If you would like more information about our data processing, please contact us (section 2).

2 Who is responsible for processing your data?
The following company is the "responsible party", i.e. the party primarily responsible under data protection law (also "we"), for data processing in accordance with this data protection declaration:

swisspor AG
Bahnhofstrasse 50
CH-6312 Steinhausen
info@swisspor.com
Phone +41 56 678 98 98
Fax +41 56 678 98 99

If you have any questions regarding data protection, please feel free to contact us at the above postal address with the note "data protection" or at the following e-mail address:

datenschutz@swisspor.com

You may provide us with data that also relates to other individuals (e.g., an employee in your company). If you do so, we will take this as confirmation that this data is correct. Since we often have no direct contact with these third parties, we ask you to inform them about our processing of their data (e.g., by referring them to this privacy statement).

3. how do we process data in connection with our products and services?
If you use our products and services (together "services"), we process data for the preparation of the conclusion of the contract and for the performance of the corresponding contract:

We may advertise our services, e.g. through newsletters. For this purpose, you will find further details under section 4.
If we are in contact with you with regard to a contract, we process data, e.g. if you contact the contact persons specified in our price lists. This mainly concerns data that you send us, e.g. name, contact details, information about services requested and the date of contact.
If we conclude a contract with you, we process the data from the run-up to the conclusion of the contract (see above) and information on the conclusion of the contract itself (e.g. the conclusion date and the subject of the contract).
We also process personal data during and after the term of the contract. This concerns, for example, information on the purchase of services, but also on payments, contacts with customer service, mutual claims, complaints, defects, returns, data on the termination of the contract and - if disputes arise in connection with the contract - also on these and corresponding procedures. We use this data because we cannot process contracts without it.
We also process the aforementioned data for statistical evaluations. Such evaluations support the improvement and development of products and business strategies. We may also use them on a personal basis for marketing purposes; please refer to Section 4 for further details.

In the case of contractual partners that are companies, we process less personal data because data protection law only covers data of natural persons (i.e., people). However, we do process data of the contact persons with whom we are in contact, e.g. name, contact details, professional details and details from communication, and details of management persons etc. as part of the general information about companies with which we cooperate.

4. how do we process data in connection with advertising?

We also process personal data in order to advertise and our services:

Newsletters: We send electronic newsletters that include advertising for our offers, but also for offers from other companies with which we cooperate. We ask for your consent beforehand, except when we promote certain offers to existing customers. In this context, in addition to your name and e-mail address, we also process information about which services you have already used, whether you open our newsletters and which links you click on. For this purpose, our e-mail dispatch service provider provides a function that essentially works with invisible image data that is loaded from a server via a coded link and thereby transmits the relevant information. This is a common method that helps us assess the effect of newsletters and optimize our newsletters. You can avoid this measurement by setting your e-mail program accordingly (e.g. by switching off the automatic loading of image files).
Online advertising: We use data to ensure that our advertisements on third-party sites and platforms are displayed only to those users who are likely to be interested in them. You can find more information about this in section 8.
Market research: We also process data to improve services and develop new products, e.g. information about your purchases or your reaction to newsletters or information from customer surveys and polls or from social media, media monitoring services and public sources.

5. How do we work together in the Group?
We are part of the Swisspor Group under the umbrella of swisspor Holding AG. We therefore procure certain services from the Group, e.g. accounting and IT services (further details on service providers can be found in section 6). However, the Group companies also support each other in other matters and may exchange personal data for this purpose. Group companies may also use data they receive from other Group companies for their own further purposes, analogous to section 10 below. We assume that such disclosures do not conflict with any confidentiality interests unless you inform us otherwise. We often work with group companies under joint responsibility for data protection purposes. For your data protection rights, you are welcome to contact us (we coordinate with other group companies in this case), but you can also contact them directly. You can find a list of the group companies here.

6. how do we work with service providers?
We use various services from third parties, especially IT services (examples are providers of hosting data analysis services), shipping and logistics services and services from banks, the post office, consultants, etc.. You will find information on service providers for our website under section 8. These service providers may also process personal data to the extent necessary.

7. can we disclose data abroad?
The recipients of data are not only located in Switzerland. This applies in particular to group companies and certain service providers (especially IT service providers). These have locations both within the EU or the EEA (e.g. the group companies in Poland, Austria and Romania), but also in other countries worldwide, e.g. in the USA. We may also transfer data to authorities and other persons abroad if we are legally obliged to do so or, for example, in the context of a company sale or legal proceedings (see section 10). Not all of these countries have adequate data protection. We compensate for the lower level of protection through appropriate contracts, especially the so-called standard contractual clauses of the European Commission, which can be accessed here. In certain cases, we may transfer data in accordance with data protection requirements even without such contracts, e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the performance of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.

8. How do we process data in connection with our website?
Every time you use our website, certain data is collected for technical reasons and temporarily stored in log files (log data), in particular the IP address of the end device, information about the Internet service provider and about the operating system of your end device, information about the referring URL, information about the browser used, date and time of access, and content accessed when visiting the website. We use this data so that our website can be used, to ensure system security and stability and to optimize our website, and for statistical purposes.

Our website also uses cookies, which are files that your browser automatically stores on your terminal device. This allows us to distinguish individual visitors, but usually without identifying them. Cookies may also contain information about pages accessed and the duration of the visit. Certain cookies ("session cookies") are deleted when the browser is closed. Others ("persistent cookies") remain stored for a certain duration so that we can recognize visitors on a subsequent visit.  We may also use other technologies, e.g. for storing data in the browser, but also for recognition, e.g. pixel tags. Pixel tags are invisible images or a program code that are loaded from a server and thereby transmit certain information (similar to the newsletters already mentioned in section 4).

You can configure your browser in the settings to block certain cookies or similar technologies or to delete cookies and other stored data. You can find out more about this in the help pages of your browser (usually under the heading "Privacy").

These cookies and other technologies may also come from third-party companies that provide us with certain functions. These may also be located outside of Switzerland and the EEA (see Section 7 for details). For example, we use analytics services so that we can optimize our website. The relevant third-party providers may record the use of the website for this purpose and combine their recordings with further information from other websites. In this way, they can record user behavior across multiple websites and end devices in order to provide us with statistical evaluations on this basis. The providers may also use this information for their own purposes, e.g. for personalized advertising on their own website or other websites. If a user is registered with the provider, the provider can assign the usage data to the relevant person.

Two of the most important third-party providers are Google and Facebook. You can find more information about them below. Other third-party providers generally process personal and other data in a similar way.

We use Google Analytics on our website, an analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd (Google Building Gordon House, Barrow St, Dublin 4, Ireland). Google collects certain information about the behavior of users on the website and about the terminal device used. The IP addresses of visitors are shortened in Europe before being forwarded to the USA. Google provides us with evaluations based on the recorded data, but also processes certain data for its own purposes. Information on the data protection of Google Analytics can be found here, and if you have a Google account yourself, you can find further details here.
Our website also uses the "Facebook Pixel" and similar technologies from Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This allows us to ensure that our ads on Facebook and partners of Facebook ("Audience Network") are only displayed to users who are likely to be interested in these ads. We can thus also measure the effectiveness of the ads on Facebook for statistical purposes and market research. You can find more details about this here. We are jointly responsible with Facebook for the exchange of data that Facebook thereby obtains for the display of personalized ads, the improvement of ad delivery and the personalization of content. We have therefore entered into a corresponding supplemental agreement with Facebook. Users can address requests for information and other inquiries in this context directly to Facebook.
We use Hotjar to better understand the needs of our users and to optimize the offer and experience on this website. Using Hotjar's technology, we get a better understanding of our users' experiences (e.g., how much time users spend on which pages, which links they click, what they like and don't like, etc.) and this helps us tailor our offerings to our users' feedback. Hotjar works with cookies and other technologies to collect data about our users' behavior and about their devices, in particular IP address of the device (collected and stored only in anonymized form during your website use), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), language preferred to view our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.
For more information, see the 'about Hotjar' section on Hotjar's help page.

9. How do we process data via social media?
We operate our own presences on social networks and other platforms (Facebook, LinkedIn, Instagram and YouTube). If you communicate with us there or comment on or disseminate content, we collect data for this purpose, which we use primarily for communication with you, for marketing purposes and for statistical evaluations (see sections 4 and 10). Please note that the provider of the platform also collects and uses data (e.g. on user behavior) itself, possibly together with other data known to it (e.g. for marketing purposes or to personalize the platform content). Insofar as we are jointly responsible with the provider, we enter into a corresponding agreement, about which you can obtain information from the provider.

10. are there any other processing operations?
Yes, because very many processes are not possible without processing personal data, including usual and even unavoidable internal processes. It is not always possible to determine this precisely in advance, nor the extent of the data processed in the process, but you will find details of typical (although not necessarily frequent) cases below:

  • Communication: When we are in contact with you (e.g., when you call customer service or communicate with us on a social media platform), we process communication content information about the nature, timing, and location of the communication. For your identification, we may also process information about proof of identity.
  • Compliance with legal requirements: As part of legal obligations or powers and to comply with internal regulations, we may disclose data to authorities.
  • Prevention: we process data to prevent crimes and other breaches, for example, as part of fraud prevention or internal investigations.
  • Legal proceedings: Insofar as we are involved in legal proceedings (e.g., a court or administrative proceedings), we process data e.g., about parties to the proceedings and other persons involved, such as witnesses or respondents, and disclose data to such parties, courts and authorities, possibly also abroad.
  • IT security: We also process data for monitoring, controlling, analyzing, securing and reviewing our IT infrastructure, as well as for backups and archiving data.
  • Competition: We process data about our competitors and the market environment in general (e.g. the political situation, the association landscape, etc.). In doing so, we may also process data about key individuals, especially name, contact details, role or function and public statements.
  • Transactions: If we sell or acquire receivables, other assets, business units or companies, we process data to the extent necessary to prepare and execute such transactions, e.g. information about customers or their contact persons or employees, and also disclose corresponding data to buyers or sellers.
  • Other purposes: We process data to the extent necessary for other purposes such as training and education, administration (e.g. contract management, accounting, enforcement and defense of claims, evaluation and improvement of internal processes, preparation of anonymous statistics and evaluations; acquisition or disposal of receivables, businesses, parts of businesses or companies and protection of other legitimate interests.

11. how long do we process personal data?
We process your personal data as long as it is necessary for the purpose of processing (in the case of contracts, usually for the duration of the contractual relationship), as long as we have a legitimate interest in storing it (e.g. if in order to enforce legal claims, for archiving and or to ensure IT security) and as long as data is subject to a statutory retention obligation (for certain data, for example, a ten-year retention period applies). After these periods have expired, we delete or anonymize your personal data.

12.Are there any other points that need to be considered?
Depending on the applicable law, data processing is only permitted if the applicable law specifically allows it. This does not apply under the Swiss Data Protection Act, but does apply under the GDPR, for example, to the extent that it applies (which can only be determined on a case-by-case basis). In this case, we base the processing of your personal data on the fact that it is necessary for the preparation and execution of contracts (section 3), that it is necessary for legitimate interests of us or third parties, e.g. for statistical analysis (section 3) or for marketing purposes (section 4), that it is required or permitted by law, or that you have separately consented to the processing. You will find the relevant provisions in Art. 6 and 9 of the DSGVO.

Incidentally, you are not obliged to disclose data to us, subject to individual cases (e.g. if you have to fulfill a contractual obligation and this results in data being disclosed to us). However, we must process data for legal and other reasons when we conclude and execute contracts. The use of our website is also not possible without data processing (see section 8).

13. what are your rights?
You have certain rights under applicable data protection law to obtain further information about our data processing and to act on it:

  • You can request further information about our data processing. We are at your disposal for this purpose. You can also submit a so-called information request if you wish to receive further information and a copy of your data;
  • You can object to our data processing, especially in connection with direct marketing;
  • You can have inaccurate or incomplete personal data corrected or completed or supplemented by a note of denial;
  • You also have the right to receive the personal data you have provided to us in a structured, common and machine-readable format, insofar as the corresponding data processing is based on your consent or is necessary for the performance of a contract;
  • insofar as we process data on the basis of your consent, you may revoke your consent at any time. The revocation is only valid for the future, and we reserve the right to continue to process data based on another basis in the event of a revocation.

If you wish to make use of such a right, please feel free to contact us (item 2). As a rule, we will have to verify your identity (e.g. by means of a copy of your ID card). You are also free to file a complaint against our processing of your data with the competent supervisory authority, in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).