We process your data for the purposes we explain below. You can find further information for the online area in sections 12 and 13. These purposes or the objectives underlying them represent legitimate interests of ours and, if applicable, of third parties. You can find further information on the legal bases for our processing in section 5.

We process your data for purposes related to your communication with us, particularly to respond to inquiries and assert your rights (Section 11) and to contact you for follow-up questions. For this purpose, we primarily use communication data and master data, and in connection with offers and services you use, we also use registration data. We retain this data to document our communication with you, for training purposes, quality assurance, and for follow-up inquiries.

This covers all purposes related to communication between you and us, whether in customer service or consultation, for authentication when using the website, or for training and quality assurance (e.g., in customer service). We process communication data further so that we can communicate with you via email, telephone, messenger services, chat, social media, letter, and fax. Communication with you usually occurs in connection with other processing purposes, e.g., so that we can provide services or respond to information requests. Our data processing also serves to document the communication and its contents.
We process data for the initiation, management, and execution of contractual relationships.

We enter into various types of contracts with our business and private customers, suppliers, subcontractors, or other contractual partners such as project partners or parties in legal disputes. In doing so, we primarily process master data, contract data, and communication data, and depending on the circumstances, also registration data of the customer or the persons to whom the customer provides a service.

In the context of business initiation, personal data – especially master data, contract data, and communication data – of potential customers or other contractual partners (e.g., in an order form or contract) are collected or result from communication. Also in connection with the conclusion of contracts, we process data to check creditworthiness and to establish the customer relationship. Some of this information is verified to comply with legal requirements.

In the context of managing contractual relationships, we process data for the administration of the customer relationship, for the provision and enforcement of contractual services, for consultation, and for customer care. The enforcement of legal claims from contracts (debt collection, court proceedings, etc.) is also part of the processing, as well as bookkeeping, termination of contracts, and public communication.

We process data for marketing purposes and for relationship management, e.g., to send our customers and other contractual partners personalized advertising for our products and services. This can occur, for example, in the form of newsletters and other regular contacts (electronically, by mail, by telephone), through other channels for which we have contact information from you, but also as part of individual marketing actions (e.g., events, competitions, etc.) and may include free services (e.g., invitations, vouchers, etc.). You can reject such contacts at any time (see the end of this Section 4) or refuse or revoke consent for contact for advertising purposes. With your consent, we can target our online advertising on the internet more specifically to you (see Section 12 for this).

For example, with your consent, we send you information, advertising, and product offers from us, as printed material, electronically, or by telephone. For this, we primarily process communication and registration data. Like most companies, we personalize communications so that we can provide you with individual information and offers that match your needs and interests. To do this, we link data that we process about you, determine preference data, and use this data as a basis for personalization (see Section 3).
Relationship management also includes the personalized approach to existing customers and their contacts, which may be based on behavioral and preference data. As part of relationship management, we may also operate a Customer Relationship Management system ('CRM') in which we store the data necessary for maintaining relationships with customers, suppliers, and other business partners, e.g., about contact persons, relationship history (e.g., about products and services purchased or supplied, interactions, etc.), interests, wishes, marketing measures (newsletters, invitations to events, etc.), and other information.

All these processes are important for us not only to advertise our offers as effectively as possible but also to make our relationships with customers and other third parties more personal and positive, to focus on the most important relationships, and to use our resources as efficiently as possible.

We further process your data for market research, for improving our services and operations, and for product development.

We strive to continuously improve our products and services (including our website) and to respond quickly to changing needs. We therefore analyze, for example, how you navigate through our website or which products are used by which groups of people in which way and how new products and services can be designed (for further details, see section 12). This gives us information about the market acceptance of existing products and services and the market potential of new ones. For this purpose, we primarily process master data, behavioral and preference data, as well as communication data and information from customer surveys, polls, studies, and other sources. Whenever possible, we use pseudonymized or anonymized data for these purposes. We may also use media monitoring services or conduct our own media monitoring and process personal data in doing so to conduct media work or to understand and respond to current developments and trends.

We may also process your data for security purposes and for access control.
We continuously review and improve the appropriate security of our IT and other infrastructure (e.g., buildings). Like all companies, we cannot completely rule out data security breaches, but we do our best to reduce the risks. We therefore process data, for example, for monitoring, controls, analyses, and tests of our networks and IT infrastructures, for system and error checks, for documentation purposes, and as part of security backups. Access controls include, in particular, the control of access to electronic systems (e.g., logging into user accounts)

We process personal data for compliance with laws, directives and recommendations from authorities and internal regulations ('Compliance').

This includes, for example, the implementation of health and safety concepts or the legally regulated fight against money laundering and terrorist financing. In certain cases, we may be obliged to carry out specific checks on customers ('Know Your Customer') or to report to authorities. The fulfillment of information, disclosure or reporting obligations, for example in connection with supervisory and tax law obligations, also requires or entails data processing, such as the fulfillment of archiving obligations and the prevention, detection and investigation of criminal offenses and other violations. This also includes the receipt and processing of complaints and other reports, the monitoring of communication, internal investigations or the disclosure of documents to an authority if we have sufficient reason to do so or are legally obliged to do so. In the case of external investigations, e.g., by a law enforcement or supervisory authority or a commissioned private entity, personal data about you may also be processed under certain circumstances. For all these purposes, we primarily process your master data, your contract data and communication data, but in some cases also behavioral data and data from the category of other data. The legal obligations may involve Swiss law, but also foreign provisions to which we are subject, as well as self-regulations, industry standards, our own 'Corporate Governance' and official instructions and requests.

We also process data for the purposes of our risk management and as part of prudent corporate governance, including operational organization and business development.
For these purposes, we primarily process master data, contract data, registration data, and technical data, as well as behavioral and communication data. For example, as part of our financial management, we must monitor our debtors and creditors, and we must avoid becoming victims of crimes and abuses, which may require the analysis of data for corresponding patterns. We may also conduct profiling and create and process profiles for these purposes and for your and our protection against criminal or abusive activities (see also section 6). As part of planning our resources and organizing our operations, we must evaluate and process data on the use of our services and other offerings or exchange information about them with others (e.g., outsourcing partners), which may also include your data. The same applies to services provided to us by third parties. As part of business development, we may sell or acquire businesses, parts of operations, or companies to or from others, or enter into partnerships, which may also lead to the exchange and processing of data (including yours, e.g., as a customer or supplier or supplier representative).

We may process your data for additional purposes, e.g., as part of our internal processes and administration or for training and quality assurance purposes.

These additional purposes include, for example, training and educational purposes, administrative purposes (such as managing master data, accounting and data archiving, and testing, managing and continuously improving IT infrastructure), safeguarding our rights (e.g., to enforce claims judicially, pre-judicially or extra-judicially and before authorities at home and abroad, or to defend ourselves against claims, for instance through preservation of evidence, legal clarifications and participation in judicial or official proceedings) and the evaluation and improvement of internal processes. We may use recordings of (video) conferences for training and quality assurance purposes. The protection of other legitimate interests is also among the additional purposes that cannot be exhaustively listed.

Where we ask for your consent for certain processing, we will inform you separately about the relevant purposes of the processing. You can revoke consent at any time by written notice (by post) or, unless otherwise stated or agreed, by e-mail to us with effect for the future; you can find our contact details in section 2. For revoking your consent for online tracking, see section 12. Where you have a user account, a revocation or contact with us may also be possible via the relevant website or other service. As soon as we receive the notification of your revocation of consent, we will no longer process your data for the purposes you originally agreed to, unless we have another legal basis for doing so. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in doing so, in particular to pursue the purposes described above in section 4 and related objectives and to be able to carry out corresponding measures. Our legitimate interests also include compliance with legal regulations, insofar as these are not already recognized as a legal basis by the applicable data protection law (e.g., in the case of the GDPR, the law in the EEA and Switzerland).

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool "Real Cookie Banner". Details on how "Real Cookie Banner" works can be found at https://devowl.io/rcb/data-processing/.
The legal basis for the processing of personal data in this context are Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

If we receive sensitive data, we may also process your data based on other legal grounds, e.g., in the case of disputes due to the necessity of processing for any legal process or the enforcement or defense of legal claims. In individual cases, other legal grounds may apply, which we will communicate to you separately if necessary.

We may automatically evaluate certain personal characteristics based on your data (Section 3) for the purposes mentioned in Section 4 ('Profiling'), when we want to determine preference data, but also to detect misuse and security risks, perform statistical evaluations, or for operational planning purposes. For the same purposes, we may also create profiles, i.e., we may combine behavioral and preference data, as well as master and contract data and technical data assigned to you, to better understand you as a person with your various interests and other characteristics. However, we may also create anonymous and - with your consent - personalized movement profiles of you.

If you are a customer of ours, we can, for example, use 'Profiling' to determine which other products you are likely to be interested in based on your purchases. We can also use this to check your creditworthiness before offering you a purchase on account. An automated evaluation of data can also check, for your protection, the probability that a particular transaction is fraudulent. This allows us to stop the transaction for clarification. This is to be distinguished from 'profiles'. This refers to the linking of various data to obtain information about essential aspects of your personality from the totality of this data. Profiles can also be used, for example, for marketing, but also for security purposes.

In all cases, we pay attention to the proportionality and reliability of the results and take measures against misuse of these profiles or profiling. If these can have legal effects or significant disadvantages for you, we generally provide for a manual review.

In connection with our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes listed in Section 4, we also transmit your personal data to third parties, in particular to the following categories of recipients:

Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or in joint responsibility with us or receive data about you from us on their own responsibility (e.g., IT providers, shipping companies, advertising service providers, login service providers, cleaning companies, security companies, banks, insurance companies).
So that we can provide our products and services efficiently and focus on our core competencies, we obtain services from third parties in numerous areas. These services concern, for example, IT services, the dispatch of information, marketing, sales, communication or printing services, building management, security and cleaning, organization and implementation of events and receptions, and services from consulting companies, lawyers, banks, insurers, and telecommunications companies. We disclose to these service providers the data necessary for their services, which may also concern you. These service providers may also use such data for their own purposes. We also conclude contracts with these service providers that provide for data protection provisions, insofar as these do not result from the law. Our service providers may process data on how their services are used and other data that arises in the context of using their service, under certain circumstances also as independent controllers for their own legitimate interests (e.g., for statistical evaluations or for billing). Service providers inform about their independent data processing in their own privacy policies.

Contractual partners including customers: This primarily refers to the customers (e.g., service recipients) and other contractual partners of ours, as this data transmission results from these contracts. If you yourself are working for such a contractual partner, we may also transmit data about you to them in this context. Recipients also include contractual partners with whom we cooperate.
If you act as an employee for a company with which we have concluded a contract, the execution of this contract may result in us informing the company, for example, how you have used our service.

Authorities: We may disclose personal data to offices, courts, and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities process data about you that they receive from us on their own responsibility.

Application cases include criminal investigations, regulatory requirements and investigations, legal proceedings, reporting obligations, and pre-trial and out-of-court proceedings, as well as statutory information and cooperation obligations. Data disclosure can also occur when we want to obtain information from public authorities, e.g., to justify a request for information or because we need to specify about whom we need information (e.g., from a registry).

Other persons: This refers to other cases where the involvement of third parties results from the purposes according to section 4.

Other recipients include, for example, delivery addresses or payment recipients different from you, other third parties also in the context of representation relationships (e.g., when we send your data to your lawyer or your bank), or persons involved in administrative or court proceedings. If we collaborate with media and transmit material to them (e.g., photos), you may also be affected under certain circumstances. The same applies to the publication of content (e.g., photos, interviews, quotes, etc.) on our website or in other publications. As part of business development, we may sell or acquire businesses, parts of operations, assets, or companies, or enter into partnerships, which may also result in the disclosure of data (including yours, e.g., as a customer or supplier or as a supplier representative) to the persons involved in these transactions. In the context of communication with our competitors, industry organizations, associations, and other bodies, there may also be an exchange of data that may concern you.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can limit the processing by certain third parties (e.g., IT providers), but not that of other third parties (e.g., authorities, banks, etc.).

We reserve the right to make these data disclosures even when they concern confidential data (unless we have expressly agreed with you not to disclose this data to certain third parties, except where we are legally obliged to do so). Notwithstanding this, your data continues to be subject to adequate data protection in Switzerland and the rest of Europe even after disclosure. For disclosure to other countries, the provisions of section 8 apply. If you do not want certain data to be shared, please let us know so that we can check whether and to what extent we can accommodate you (section 2).

In many cases, the disclosure of even confidential data is necessary to process contracts or provide other services. Non-disclosure agreements usually do not exclude such data disclosures, nor does disclosure to service providers. However, depending on the sensitivity of the data and other circumstances, we ensure that these third parties handle the data appropriately. We cannot comply with your objection to data sharing where the relevant data disclosures are necessary for our activities.

As explained in section 7, we also disclose data to other entities. Wherever possible, these are located only in Switzerland. However, your data may be processed in Europe as well as in Ireland or the USA; in exceptional cases, in any country in the world.

If a recipient is in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless they are already subject to a legally recognized framework for ensuring data protection and we cannot rely on an exception provision. An exception may apply in particular to legal proceedings abroad, but also in cases of overriding public interest, or if contract execution requires such disclosure, if you have consented, or if it concerns data that you have made generally accessible and to whose processing you have not objected.

Many countries outside Switzerland or the EU and EEA currently do not have laws that ensure an adequate level of data protection from the perspective of the DSG or GDPR. The mentioned contractual precautions can partially compensate for this weaker or missing legal protection. However, contractual precautions cannot eliminate all risks (especially of governmental access abroad). You should be aware of these residual risks, even if the risk in individual cases may be low and we take further measures (e.g., pseudonymization or anonymization) to minimize it.

Please note that data exchanged over the Internet is often routed through third countries. Your data can therefore reach foreign countries even if the sender and recipient are in the same country.

We process your data for as long as our processing purposes, legal retention periods, and our legitimate interests in processing for documentation and evidence purposes require, or as long as storage is technically necessary. You can find further information on the respective storage and processing periods for each data category in section 3 and for cookie categories in section 12. If there are no legal or contractual obligations to the contrary, we delete or anonymize your data after the storage or processing period has expired as part of our usual procedures.

Documentation and evidence purposes include our interest in documenting processes, interactions, and other facts in case of legal claims, discrepancies, IT and infrastructure security purposes, and proof of good corporate governance and compliance. Storage may be technically necessary if certain data cannot be separated from other data and we must therefore retain it with that data (e.g., in the case of backups or document management systems).

We take appropriate security measures to maintain the confidentiality, integrity, and availability of your personal data, to protect it against unauthorized or unlawful processing, and to counter the risks of loss, unintended alteration, unwanted disclosure, or unauthorized access.

Security measures of a technical and organizational nature may include, for example, measures such as encryption and pseudonymization of data, logging, access restrictions, storage of backup copies, instructions to our employees, confidentiality agreements, and controls. We protect your data transmitted via our website during transport through appropriate encryption mechanisms. However, we can only secure areas that we control. We also require our processors to take appropriate security measures. Security risks generally cannot be completely eliminated; residual risks are unavoidable.

The applicable data protection law grants you, under certain circumstances, the right to object to the processing of your data, particularly for direct marketing purposes, profiling carried out for direct advertising, and other legitimate interests in processing.
To facilitate your control over the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

– The right to request information from us about whether and which data we process about you;
– The right to have us correct data if it is incorrect;
– The right to request the deletion of data;
– The right to request from us the release of certain personal data in a common electronic format or its transfer to another controller;
– The right to withdraw consent, insofar as our processing is based on your consent;
– The right to receive, upon request, further information necessary for exercising these rights;

If you wish to exercise the above-mentioned rights with us, please contact us in writing, in person, or, unless otherwise specified or agreed, by email; you can find our contact details in Section 2. To prevent misuse, we need to identify you (e.g., with a copy of your ID, if not possible otherwise).

Please note that these rights are subject to conditions, exceptions, or limitations under applicable data protection law (e.g., to protect third parties or trade secrets). We will inform you accordingly if necessary.

In particular, we may need to continue processing and storing your personal data to fulfill a contract with you, to protect our own legitimate interests, such as asserting, exercising, or defending legal claims, or to comply with legal obligations. To the extent legally permissible, especially to protect the rights and freedoms of other affected persons and to safeguard legitimate interests, we may therefore reject a data subject request in whole or in part (e.g., by redacting certain content that concerns third parties or our trade secrets).

If you are not satisfied with how we handle your rights or data protection, please let us know (Section 2).

The applicable data protection law grants you, under certain circumstances, the right to object to the processing of your data, particularly for direct marketing purposes, profiling carried out for direct advertising, and other legitimate interests in processing.

To facilitate your control over the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:
– The right to request information from us about whether and which data we process about you;
– The right to have us correct data if it is incorrect;
– The right to request the deletion of data;
– The right to request from us the release of certain personal data in a common electronic format or its transfer to another controller;
– The right to withdraw consent, insofar as our processing is based on your consent;
– The right to receive, upon request, further information necessary for exercising these rights;

If you wish to exercise the above-mentioned rights with us, please contact us in writing, in person, or, unless otherwise specified or agreed, by email; you can find our contact details in Section 2. To prevent misuse, we need to identify you (e.g., with a copy of your ID, if not possible otherwise).

Please note that these rights are subject to conditions, exceptions, or limitations under applicable data protection law (e.g., to protect third parties or trade secrets). We will inform you accordingly if necessary.

In particular, we may need to continue processing and storing your personal data to fulfill a contract with you, to protect our own legitimate interests, such as asserting, exercising, or defending legal claims, or to comply with legal obligations. To the extent legally permissible, especially to protect the rights and freedoms of other affected persons and to safeguard legitimate interests, we may therefore reject a data subject request in whole or in part (e.g., by redacting certain content that concerns third parties or our trade secrets).

If you are not satisfied with how we handle your rights or data protection, please let us know (Section 2).

We may operate pages and other online presences on social networks and other third-party platforms ('fan pages', 'channels', 'profiles', etc.) and collect the data about you described in Section 3 and below. We receive this data from you and the platforms when you contact us through our online presence (e.g., when you communicate with us, comment on our content, or visit our presence). At the same time, the platforms evaluate your use of our online presences and link this data with other information about you known to the platforms (e.g., about your behavior and preferences). They also process this data for their own purposes under their own responsibility, particularly for marketing and market research purposes (e.g., to personalize advertising) and to manage their platforms (e.g., which content they show you).

We receive data about you when you communicate with us via online presences or view our content on the corresponding platforms, visit our online presences, or are active in them (e.g., publish content, leave comments). These platforms also collect from you or about you, among other things, technical data, registration data, communication data, behavioral and preference data (for definitions, see Section 3). These platforms regularly statistically evaluate how you interact with us, how you use our online presences, our content, or other parts of the platform (what you look at, comment on, 'like', share, etc.) and link this data with other information about you (e.g., information about age and gender and other demographic information). In this way, they also create profiles about you and statistics on the use of our online presences. They use this data and profiles to display our or other advertising and other content on the platform to you in a personalized manner and to control the behavior of the platform, but also for market and user research and to provide us and other entities with information about you and the use of our online presence. We can partially control the evaluations that these platforms create regarding the use of our online presences.

We process this data for the purposes described in Section 4, in particular for communication, marketing purposes (including advertising on these platforms, see Section 12), and market research. You can find information on the corresponding legal bases in Section 5. We may further distribute content published by you (e.g., comments on an announcement) ourselves (e.g., in our advertising on the platform or elsewhere). We or the platform operators may also delete or restrict content from or about you in accordance with the terms of use (e.g., inappropriate comments).

For further information on the processing by the platform operators, please refer to the privacy notices of the platforms. There you can also find out in which countries they process your data, what rights you have to access, delete, and other data subject rights, and how you can exercise these or obtain further information. We currently use the following platforms:

To be announced

This privacy policy is not part of a contract with you. We may adjust this privacy policy at any time. The version published on this website is the current version.

Last Update: 1.11.2024