1. Introduction

In the following we inform you about, among other things, who is responsible for processing your data, what data we collect in relation with your visit to our website and the use of our services, for what purposes we process this data and to whom we may disclose this data. We also inform you about the duration of the processing of your data, the legal basis (if necessary) for the processing and what rights you have in relation to us with regard to the processing of your data. This Privacy Policy applies to all data relating to you that we have already collected or will collect in the future. Please note that we may amend the Privacy Policy from time to time. The latest version as published on our website is applicable.

Personal data is all information relating to an identified or identifiable person (hereinafter referred to as “personal data”). This includes, in particular, information such as name, address, telephone number, email address, and in some cases also IP addresses and device IDs. In addition to personal data, the generic term “data” in this Privacy Policy also includes non-personal and anonymised data. Processing refers to any handling of data, irrespective of the means and procedures used, in particular the collection, storage, use, modification, disclosure, archiving or deletion of data (hereinafter referred to as “processing”).

If you provide us with the personal data of other persons, please ensure that they are aware of this Privacy Policy. You should only share their personal data with us if you are entitled to do so under the applicable data protection legislation.

2. Name and address of the responsible party

The responsible party for data processing in accordance with this Privacy Policy is:

3. Categories of processed data

We collect specific data when you visit our website, use our services and contact us. In principle, we collect this data directly from you. Personal data that we process may include the following:

• Data collected or disclosed when you visit our website or use our services. This includes but is not limited to the IP and MAC address or device ID of the device used, cookies, pages accessed and search terms entered, dialogue box entries, time and duration of visits, clicks, referring and exit URLs, information about the time of use, browser and device type, operating system and Internet service provider used and the amount of data transferred.
• Data exchanged when contacting us or in relation to being in contact with us, e.g. communication by letter, telephone, email, etc. (in particular name, contact information, gender, date of birth, language).

The above data does not always constitute personal data. As a rule, we cannot associate data that is generated when using our services with an individualised person without registering (e.g. for a newsletter). In individual cases, however, this may be possible in combination with other data.

4. Purpose of data processing

We process personal data to the extent permitted by applicable legislation, and for the following purposes in particular:

• to offer, develop and improve our services, develop new services, operate, maintain, optimise and safeguard the security of our services and infrastructure;
• to manage the users of our services; to maintain, manage and develop our customer relationships and communicate with customers and third parties; for advertising and marketing;
• for quality control, compilation of statistics;
• to comply with legal and regulatory obligations and internal rules, law enforcement, civil, administrative and criminal proceedings, complaints, measures; to combat abuse; for investigations and responses to enquiries from public authorities and government agencies.

5. Legal basis

We use the personal data for the above purposes on the basis of the following legal grounds insofar as such is required under applicable data protection legislation:

• contractual fulfilment;
• compliance with legal obligations;
• consent given to us or to third parties;
• legitimate interests of us and of third parties, in particular:
  • the offer and provision of services;
  • advertising and marketing;
  • contact maintenance and communication with users;
  • user management;
  • compliance with legal and regulatory obligations, law enforcement, civil, administrative and criminal proceedings, complaints, investigations and responses to enquiries from public authorities.

6. Publication and disclosure of data

We may publish and share information as follows:

Contract data processors

We may commission third parties to provide specific services (e.g. in the area of IT, operation of applications, administration, shipping, etc.) and to process and store data (so-called “contract data processors”). Contract data processors may have access to personal data and may process it on our behalf. Thereby, we oblige the contract data processors to comply with the data protection legislation and to only process data in the same manner as we do ourselves. Contract data processors are predominantly in Switzerland but may be located in any country.

Contractual partners

We may share data with contractual partners (e.g. sales partners, service providers, etc.). This is done, for example, to fulfil contractual obligations, to offer certain services, for collection and marketing purposes or to analyse the use and operation of our services, systems and infrastructure. Contractual partners may gain access to personal data and process it for their own purposes (e.g. for the implementation of a contract or to fulfil their own legal obligations). Thereby, they are obliged to comply with applicable data protection legislation. Contractual partners are predominantly in Switzerland but may be located in any country.

Disclosure to public authorities

In certain situations, we may disclose information to public authorities, government agencies and other third parties. We do so in cases where we are required to do so by public authorities or official agencies or are, according to our assessment, obliged to do so.

7. Retention period

We store personal data for as long as this is necessary for the purpose for which the data has been collected. Specific personal data is also subject to legally binding retention obligations of ten or more years, which we comply with. We may also store personal data for at least the duration of the applicable limitation periods, which in many cases is five or ten years. Personal data that is collected in relation to the use of our services (e.g. protocols, logs, analyses, etc.) and which are not subject to such retention or limitation periods are generally deleted earlier as soon as it is deemed that there is no further purpose in the processing of the data. Data may also be stored in anonymised form for longer periods of time. Subject to an express contractual agreement, we are not obliged to store data for a specific period of time.

8. Data security

We use the widespread SSL (Secure Sockets Layer) procedure within the website visit. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the address bar of your browser.

In addition, we apply further suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

9. Your rights (rights of the data subject)

Every data subject has the right of access to personal data concerning them. In addition, they have the right to request that we rectify, erase and restrict personal data concerning them and to object to such processing of personal data. The exercise of such rights usually requires the data subject to be able to clearly prove their identity. If the processing of personal data is based on consent, the data subject may withdraw their consent at any time. In EU and EEA countries, the data subject has the right in certain cases to receive the data generated when using online services in a structured, common and machine-readable format that allows further use and transmission. Enquiries relating to these rights should be directed to the above address. We reserve the right to restrict the rights of the data subject within the scope of applicable legislation and, for example, to not provide complete information or to not delete data. We would also like to draw your attention to the fact that if your personal data is deleted, services may no longer be usable/available or only partially usable/available.

Every data subject has the right to lodge a complaint with the competent data protection authority. In the case of a responsible party in Switzerland, this is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

10. Cookies

We use a variety of common technologies to collect, store and evaluate data when you visit our website and use our services. In particular, these include cookies that can be used to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored by your web browser on your computer or mobile device when you access one of our services. When you access a service again, it can recognise your browser or device using the cookie. Cookies can store user settings and other information. We only use session cookies. These are necessary in order to be able to perform the basic functions of the services and are deleted automatically after a visit to our services.

You can block the use of cookies in your browser settings or delete them from there. Please note that if cookies are not permitted, it may not be possible to use all of the functions of a service to their full extent and that if cookies are deleted, any opt-out cookies you may have set will also be deleted. Such opt-out cookies would then have to be reactivated when you visit the corresponding service on another occasion. Otherwise, you will be recognised as a new user and your data will be collected again.