(revised September 2023)
We are subject to Swiss data protection law.
Responsibility for the processing of personal data:
We point out if there are other responsible parties for the processing of personal data in individual cases.
2. Terms and Legal Foundations
Personal data are all details that relate to a specific or identifiable natural person. An affected person is a person about whom we process personal data.
Processing includes any handling of personal data, regardless of the means and methods used, such as querying, comparing, adapting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, disclosing, arranging, organizing, saving, modifying, disseminating, linking, destroying, and using personal data.
The European Economic Area (EEA) includes the Member States of the European Union (EU) and the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.
2.2 Legal Foundations
We process personal data in accordance with Swiss data protection law, such as the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).
3. Type, Scope, and Purpose
We process the personal data necessary to carry out our activities and tasks in a permanent, user-friendly, safe, and reliable manner. Such personal data may fall into the categories of inventory and contact data, browser and device data, content data, meta or margin data, usage data, location data, sales data, contract, and payment data.
We process personal data for the duration required for the respective purpose or purposes or as required by law. Personal data whose processing is no longer necessary are anonymized or deleted.
We can have personal data processed by third parties. We can process personal data together with third parties or transfer it to third parties. Such third parties are specialized providers whose services we use. We also ensure data protection with such third parties.
We only process personal data with the consent of the affected person unless the processing is permitted for other legal reasons. Processing without consent can be permissible, for example, to fulfill a contract with the affected person and for corresponding pre-contractual measures, to safeguard our predominant legitimate interests because the processing is apparent from the circumstances or after prior information.
In this context, we process, in particular, information that an affected person voluntarily communicates to us when making contact – for example, by mail, email, instant messaging, contact form, social media, or telephone – or when registering for a user account. We can store such information in an address book, in a Customer Relationship Management System (CRM system), or with similar tools. If we receive data about other people, the transmitting persons are obliged to ensure data protection towards these persons and ensure the accuracy of this personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the exercise of our activities and tasks, provided and to the extent that such processing is legally permissible.
We process personal data about applicants insofar as it is necessary for assessing suitability for employment or for the subsequent execution of an employment contract. The necessary personal data results, in particular, from the information requested, for example, as part of a job advertisement. We also process those personal data that applicants voluntarily communicate or publish, especially as part of cover letters, resumes, and other application documents, and from online profiles.
5. Personal Data Abroad
We process personal data primarily in Switzerland and the European Economic Area (EEA). We can also export or transmit personal data to other states, especially to process or have them processed there.
We can export personal data to all states and territories on Earth, provided that local law, according to a decision by the Swiss Federal Council, guarantees adequate data protection.
We can transmit personal data to states whose law does not guarantee adequate data protection if data protection is ensured for other reasons, in particular, based on standard data protection clauses or other appropriate guarantees. Exceptionally, we can export personal data to states without adequate or suitable data protection if the particular data protection requirements are met, such as the explicit consent of the affected persons or a direct connection with the conclusion or execution of a contract. We will gladly provide information to affected persons upon request about any guarantees or supply a copy of any guarantees.
6. Rights of Affected Persons
6.1 Data Protection Claims
We grant affected persons all claims in accordance with applicable data protection law. Affected persons have the following rights, in particular:
Information: Affected persons can request information about whether we process personal data about them, and if so, what personal data is involved. Affected persons also receive the information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data as such, but also details on the purpose of processing, the duration of storage, any disclosure or possible export of data to other countries, and the origin of the personal data.
Correction and Restriction: Affected persons can correct incorrect personal data, complete incomplete data, and request a restriction on the processing of their data.
Deletion and Objection: Affected persons can request the deletion of personal data ("right to be forgotten") and object to the processing of their data with effect for the future.
Data Release and Data Transfer: Affected persons can request the release of personal data or the transfer of their data to another controller.
We can postpone, restrict or deny the exercise of the rights of affected persons within the legally permissible framework. We can also inform affected persons of any conditions that must be met in order to exercise their data protection claims. For example, we can partially or completely refuse to provide information by referring to trade secrets or the protection of other people. We may also partially or completely refuse to delete personal data, citing statutory retention obligations.
We may exceptionally provide for costs for exercising the rights. We will inform affected persons in advance of any costs.
We are obligated to identify affected persons who request information or assert other rights using appropriate measures. Affected persons are obligated to cooperate.
6.2 Right to Complain
Affected persons have the right to enforce their data protection claims through legal means or to file a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
7. Data Security
We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security.
Access to our website is via transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark transport encryption with a padlock in the address bar.
Our digital communication is subject to mass surveillance without cause or suspicion, as well as other monitoring by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police stations, and other security authorities.
8. Use of the Website
Cookies can be stored in the browser temporarily as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies allow us to recognize a browser when our website is visited again, thereby measuring the reach of our website. Permanent cookies can also be used for online marketing.
8.2 Server Log Files
We may record the following information for each access to our website, provided that it is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website including the amount of data transmitted, last webpage called up in the same browser window (referer or referrer).
We store such information, which may also include personal data, in server log files. The information is necessary to provide our website in a permanent, user-friendly and reliable manner, and to ensure data security and thus in particular the protection of personal data - also by third parties or with the help of third parties.
8.3 Tracking Pixels
We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels – also from third parties whose services we use – are small, usually invisible images that are automatically retrieved when visiting our website. With tracking pixels, the same information as in server log files can be collected.
We allow you to post comments on our website. In this context, we process in particular the information that a commenting person submits to us, but also the Internet Protocol (IP) address used, as well as the date and time. This information is needed to enable the publication of comments and to ensure protection against abuse, which is in our overriding legitimate interest.
9. Notifications and Communications
We send notifications and messages via email and other communication channels, such as instant messaging or SMS.
9.1 Success and Reach Measurement
Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked on. Such web links and tracking pixels may also personally record the use of notifications and messages. We need this statistical recording of usage for success and reach measurement, to send notifications and messages effectively and user-friendly, as well as permanently, securely, and reliably, based on the needs and reading habits of the recipients.
9.2 Consent and Objection
You must generally expressly consent to the use of your email address and other contact addresses, unless the use is permitted for other legal reasons. For any possible consent, we use the "double opt-in" process whenever possible, i.e., you will receive an email with a web link that you must click to confirm, to prevent unauthorized third parties from abusing it. We may log such consents, including Internet Protocol (IP) address, as well as date and time, for evidence and security reasons.
You can generally object to receiving notifications and messages, such as newsletters, at any time. With such an objection, you can also object to the statistical recording of usage for success and reach measurement. This does not include required notifications and messages related to our activities and tasks.
9.3 Service Providers for Notifications and Messages
We send notifications and messages with the help of specialized service providers.
We use in particular:
10. Third-Party Services
We use services from specialized third parties to carry out our activities and tasks permanently, user-friendly, securely, and reliably. With such services, we can embed functions and content into our website, for example. When embedding, the services used necessarily capture at least temporarily the Internet Protocol (IP) addresses of users for technical reasons.
For required security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and tasks in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data, to be able to offer the respective service.
We use in particular:
10.1 Digital Infrastructure
We use services from specialized third parties to utilize the required digital infrastructure in connection with our activities and tasks. These include, for example, hosting and storage services from selected providers.
We use in particular:
10.2 Contact Options
We use services from selected providers to better communicate with third parties, such as potential and existing customers.
10.3 Audio and Video Conferences
We recommend, depending on the life situation, to mute the microphone by default when participating in audio or video conferences and to blur the background or allow a virtual background to be displayed.
We use in particular:
10.4 Digital Audio and Video Content
We use services from specialized third parties to enable the direct playback of digital audio and video content, such as music or podcasts.
We use in particular:
11. Final Provisions