General privacy policy of Diaswiss S.A.

Type of personal data

General personal data

We process general personal data about you.

Source of personal data

Transferred data

We process personal data that you provide to us.

Data collected

We process personal data that we collect about you.

Received data

We process personal data that we receive from third parties.

Purpose of processing

Marketing

We use your personal data for marketing and advertising purposes.

Product development

We use your personal data for the development and improvement of products and services.

Disclosure to third parties

Data sharing

We share your personal data with other companies who can decide for themselves on how they use it. Mostly, this is done to comply with legal requirements, when an outstanding debt is transferred to a collection agency, or to detect fraudulent activities.

Place of processing

Worldwide

We also process your personal data outside of Switzerland and the EU.

1. What is this privacy policy about?

Diaswiss S.A. (hereinafter also "we", "us") obtains and processes personal data relating to you or other persons (so-called "third parties"). We use the term "data" here synonymously with "personal data".

Personal data refers to data relating to specific or identifiable persons, i.e., conclusions about their identity are possible on the basis of the data itself or with corresponding additional data. "Particularly protectable personal data" is a category of personal data that is particularly protected by the applicable data protection law. Personal data requiring special protection include, for example, data revealing racial and ethnic origin, health data, information on religious or ideological beliefs, biometric data for identification purposes, and information on trade union membership. In sec. 3 you will find details of the data we process within the scope of this data protection declaration. "Processing" means any handling of personal data, e.g. obtaining, storing, using, adapting, disclosing and deleting.

In this Privacy Policy, we describe what we do with your information when you use the www.diaswiss.ch website (the "Website"), obtain our services or products, otherwise interact with us under a contract, communicate with us, or deal with us in any manner. Where appropriate, we will notify you by timely written notices of additional processing activities not mentioned in this Privacy Policy. In addition, we may inform you separately about the processing of your data, for example in consent forms, contract terms, additional privacy statements, forms, and notices.

If you transmit or disclose data about other persons such as family members, work colleagues, etc., we assume that you are authorised to do so and that this data is correct. You confirm this by submitting data relating to third parties. Please also ensure that these third parties have been informed of this privacy policy.

This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ( "DSG" ) and the revised Swiss Data Protection Act ("revDSG"). However, whether and to what extent these laws are applicable is dependant on an individual case by case basis.

2. Who is responsible for processing your data?

Diaswiss S.A., Route de Saint-Cergue 293, CH-1260 Nyon (the "Diaswiss S.A."), is responsible for the data processing of Diaswiss S.A. as described in this privacy policy, unless otherwise communicated in individual cases, e.g. in further privacy policies, on forms or in contracts .

For each processing of data there is a body which is responsible for ensuring that the processing complies with the requirements of data protection law. This office is called the responsible party. It is responsible, for example, for responding to requests for information (Section 9) or for ensuring that personal data is secured and not used in an unauthorised manner.

You can contact us for your data protection concerns and to exercise your rights under Section 9 as follows:

Diaswiss S.A.

Dr. Stefan Brand
Route de Saint-Cergue 293
CH-1260 Nyon
This email address is being protected from spambots. You need JavaScript enabled to view it.

We have deployed the following additional positions:

Data protection representative in the EU according to Art. 27 GDPR:

DFS-Diamon GmbH

Dr. Stefan Brand
Ländenstraße 1
D-93339 Riedenburg
This email address is being protected from spambots. You need JavaScript enabled to view it.

You may also contact this office for privacy concerns.

3. What data do we process?

We process different categories of data. The main categories are the following:

  • Technical data: When you use our website, we collect the IP address of your terminal device and other technical data to ensure the functionality and security of these offerings. This data also includes logs recording the use of our systems. We generally retain technical data for six months. In order to ensure the functionality of these offers, we may also assign an individual code to you or your end device (e.g. in the form of cookies, see section 11). The technical data in itself does not allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls or the processing of contracts, they can be linked to other data categories (and thus possibly to your person).

Technical data includes, among other things, the IP address and information about the operating system of your terminal device, the date, region, and time of use, and the type of browser you use to access our electronic services. This may help us in providing you with the correct formatting of the website or to show you a customised website depending on your region. Based on the IP address, we know through which provider you access our services (and therefore the region), but we can usually not deduce who you are. Examples of technical data also include logs that are generated in our systems (e.g., the log of user logins to our website).

  • Communication Data: If you are in contact with us via the contact form, e-mail, telephone, mail or other means of communication, we record the data exchanged between you and us, including your contact details and the marginal data of the communication. We generally do not record telephone conversations or video conferences. E-mails in personal mailboxes and written correspondence are generally retained for at least 10 years.

Communication data is your name and contact details, the manner and place and time of communication and usually also its content (i.e. content of e-mails, letters, etc.). This data may also include information about third parties.

  • Master data: We use the term Master Data to refer to the basic data that we require, in addition to the Contract Data (see below), for the processing of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact data and information about, for example, your role and function, your bank account(s), customer history, powers of attorney, signature authorisations and declarations of consent.

We process your master data if you are a customer or other business contact or work for one (e.g. as a contact person of the business partner), or because we want to address you for our own purposes or the purposes of a contractual partner (e.g. as part of marketing and advertising, with invitations to events, etc.). We receive master data from you yourself (e.g. when making a purchase or as part of a registration), from bodies for which you work, or from third parties such as our contractual partners, associations, and from publicly accessible sources such as public registers or the Internet (websites, etc.). We generally keep this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons . For entirely marketing and advertising contacts, the period is usually much shorter, typically no more than two years since the last contact.

Master data includes, for example, data such as name, address, e-mail address, telephone number and other contact details, gender, nationality, details of associated persons, websites; furthermore, details of your relationship with us (customer, supplier, visitor, service recipient, etc.), details of your status with us, allocations, classifications and distributions, details of our interactions with you (if applicable, a history thereof with corresponding entries), reports (e.g. from the media).), information about your status with us, allocations, classifications and distribution lists, information about our interactions with you (if applicable, a history thereof with corresponding entries), reports (e.g. from the media) or official documents (e.g. excerpts from the commercial register, permits, etc.) that concern you. As payment information, we collect, for example, your bank details, account number and credit card data. Consent or blocking notices are also part of the master data, as is information about third parties, e.g. contact persons, recipients of services, advertising recipients or representatives.

In the case of contact persons and representatives of our customers, suppliers and partners, we process as master data e.g. name and address, information on role, function in the company, qualifications and, if applicable, information on superiors, employees and subordinates and information on interactions with these persons.

Master data is not collected comprehensively for all contacts. Which data we collect in detail depends in particular on the purpose of the processing.

                        

  • Contract data: This is data that accrues in connection with the conclusion or processing of a contract, e.g., information about contracts and the services to be provided, as well as data from the commencement to the conclusion of a contract, the information required or used for processing and information about reactions (e.g., complaints or information about satisfaction, etc.). We generally collect this data from you, from contractual partners and from third parties involved in the processing of the contract, but also from third-party sources (e.g. providers of creditworthiness data) and from publicly available sources. We generally retain this data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer, insofar as this is necessary for reasons of evidence or to comply with legal or contractual requirements or is technically required.

Contract data includes information about the conclusion of the contract, about your contracts, e.g., the type and date of the conclusion of the contract, information from the application process (such as an application for our products or services) and information about the contract in question (e.g., its duration) and the processing and administration of the contracts (e.g., information in connection with billing, customer service, assistance with technical matters and the enforcement of contractual claims). Contract data also includes information about defects, complaints, and adjustments to a contract, as well as information about customer satisfaction that we may collect, for example, through surveys. Contractual data also includes financial data such as information on creditworthiness (i.e., information that allows conclusions to be drawn about the likelihood that receivables will be paid), on reminders, and on debt collection. We receive this data partly from you (e.g., when you make payments), but also from credit agencies and debt collection companies and from publicly available sources (e.g., a commercial register).

  • Other data: We also collect data from you in other situations. In connection with official or judicial proceedings, for example, data is collected (such as files, evidence, etc.) that may also relate to you. We may also collect data for health protection reasons (e.g. as part of protection concepts). We may obtain or produce photos, videos and sound recordings in which you may be recognisable (e.g. at events, through security cameras, etc.). We may also collect data on who enters certain buildings or has corresponding access rights and at what time, (incl. in the case of access controls, based on registration data or visitor lists, etc.), who participates in events or campaigns and when, or who uses our infrastructure and systems and when. The retention period of this data depends on the purpose and is limited to what is necessary. This ranges from a few days for many of the security cameras and usually a few weeks for contact tracing data, to visitor data that is usually kept for three months, to reports on events with pictures that can be kept for a few years or longer.

You disclose much of the data mentioned in section 3 yourself (e.g. via forms, by communicating with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g. in the context of binding protection concepts (legal obligations). If you wish to conclude contracts with us or claim services, you must also provide us with data, in particular master data and contract data, as part of your contractual obligation under the relevant contract. When using our website, the processing of technical data is unavoidable. If you wish to gain access to certain systems or buildings, you must provide us with registration data.

 

If you or a person you represent (e.g. your employer) want to conclude or fulfill a contract with us, we must collect the corresponding master, contract and communication data from you. If you do not provide us with the data required for the conclusion and performance of the contract, you must expect that we will refuse to conclude the contract, that you will commit a breach of contract or that we will not perform the contract. In the same way, we can only send you a response to a request if we process the relevant communication data and - if you communicate with us online - possibly also technical data. The use of our website is also not possible without us receiving technical data.

Insofar as this is not inadmissible, we also take data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet) or receive data from authorities and other third parties (such as credit agencies, associations, contractual partners, etc.).

The categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and legal proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, creditworthiness information (insofar as we conduct business with you personally). (e.g. so that we can conclude and process transactions with your employer with your assistance), information about you in correspondence and meetings with third parties, creditworthiness information (insofar as we process transactions with you personally), information about you that people close to you (family, advisors, legal representatives, etc.) give us so that we can conclude or process contracts with you or involving you (e.g. references, your address for deliveries, full addresses, etc.). References, your address for deliveries, powers of attorney, information on compliance with legal requirements such as those relating to fraud, money laundering, terrorism and export restrictions, information from banks, insurance companies and sales and other contractual partners of ours on the use or provision of services by you (e.g. payments, purchases, etc.), information from the media and the internet on the use or provision of services by you (e.g. payments, purchases, etc.).), information from the media and internet about you (if this is appropriate in the specific case, e.g. in the context of an application, marketing/sales, press review, etc.), your address and, if applicable, interests and other sociodemographic data (esp. for marketing and research) and data in connection with the use of third-party websites and online offers where this use can be attributed to you.

4. For what purposes do we process your data?

We process your data for the purposes we explain below. You will find further information for the online area in section 11. These purposes or the underlying objectives represent our legitimate interests and, if applicable, of third parties. You will find further information on the legal basis for our processing in section 5.

We process your data for purposes related to communication with you, in particular to respond to inquiries and assert your rights (section 10) and to contact you in the event of queries. For this purpose, we particularly use communication data and master data and, in connection with offers and services used by you, also registration data. We retain this data to document our communication with you, for training purposes, for quality assurance and for follow-up inquiries.

This concerns all purposes in connection with which you and we communicate, whether in customer service or in consulting. We further process communication data so that we can communicate with you via e-mail and telephone, mail and fax. Communication with you is usually in connection with other processing purposes, for example, so that we can provide services or respond to a request for information. Our data processing also serves to prove the communication and its contents.

We process data for the establishment, administration and processing of contractual relationships.

We conclude contracts of various kinds with our business and private customers, with suppliers, subcontractors or other contractual partners such as partners in projects or with parties in legal disputes. In particular, we process master data, contract data and communication data of the customer or the persons to whom the customer provides a service.

In the context of initiating business, personal data - in particular master data, contract data and communication data - is collected from potential customers or other contractual partners (e.g. in an order form or contract) or results from communication. Also in connection with the conclusion of a contract, we process data to check creditworthiness and for the commencment of the customer relationship. In some cases, this information is checked for compliance with legal requirements.

As part of the processing of contractual relationships, we process data for the administration of the customer relationship, for the provision and collection of contractual services (which also includes the involvement of third parties, such as logistics companies, advertising service providers, banks, insurance companies or credit agencies, which may then in turn provide us with data), for consulting and for customer support. The enforcement of legal claims arising from contracts (collection, legal proceedings, etc.) is also part of the processing, as are accounting, termination of contracts and public communication.

We process data for marketing purposes and for relationship management, e.g. in order to send our customers and other contractual partners personalised advertising on products and services from us and from third parties (e.g. from advertising contractual partners). This may take the form of regular contacts (electronically, by mail, by telephone), via other channels for which we have contact information from you, but also as part of individual marketing campaigns (e.g. events, etc.) and may also include free services (e.g. invitations, etc.). You may refuse such contacts at any time (see at the end of this section 4) or refuse or withdraw your consent to be contacted for advertising purposes. With your consent, we can target our online advertising on the internet more specifically to you (see section 10).

For example, with your consent, we send you information, advertising and product offers from us, in the form of print, electronically or via telephone. For this purpose, we primarily process communication data. Like most companies, we personalise communications so that we can provide you with customised information and offers that meet your needs and interests. To do this, we link data that we process about you with preference data and use this data as the basis for personalisation (see section 3).

Relationship management also includes contacting existing customers and their contacts. In the context of relationship management, we may also operate a customer relationship management system ("CRM") in which we store data on customers, suppliers and other business partners necessary for relationship management, e.g. on contact persons, on the relationship history (e.g. on products and services purchased or supplied, interactions, etc.), interests, wishes, marketing measures and other information.

All of these edits are important to us not only to promote our offerings as effectively as possible, but also to make our relationships with customers and other third parties more personal and positive, to focus on the most important relationships, and to use our resources as efficiently as possible.

We further process your data for market research, to improve our services and operations, and for product development.

We strive to continuously improve our products and services (including our website) and to be able to react quickly to changing needs. We therefore analyse, for example, how you navigate through our website or which products are used by which groups of people and how new products and services can be designed (for further details, see section 10). This gives us an indication of market acceptance of existing products and services and market potential of new ones. To this end, we process master data in particular, but also communication data, and information from customer surveys, polls, studies, and other information, e.g. from the media, the internet and other public sources. As far as possible, we use pseudonymised or anonymised data for these purposes. We may also use media monitoring services or conduct media monitoring ourselves and process personal data throughout the process in order to conduct media work or to understand and respond to current developments and trends.

We may also process your data for security and access control purposes.

We continuously review and improve the appropriate security of our IT and other infrastructure (e.g. buildings). Like all companies, we cannot rule out data security breaches with absolute certainty, but we do our best to reduce the risks. We therefore process data, for example, for monitoring, inspection, analysis, and testing of our networks and IT infrastructure, for system and error checks, for documentation purposes and as for security backups. Access controls include, on the one hand, controlling access to electronic systems (e.g., logging into user accounts), and on the other hand, physical access control (e.g., building access). For security purposes (preventive and incident investigation), we also keep access logs or visitor lists and use surveillance systems (e.g. security cameras).

We process personal data to comply with laws, directives and recommendations from authorities and internal regulations ("Compliance").

This includes, for example, the implementation of health and safety concepts or the legally regulated fight against money laundering and terrorist financing. In certain cases, we may be required to make certain inquiries about customers ("Know Your Customer") or to report to authorities. The fulfillment of disclosure, information or reporting obligations, e.g. in connection with supervisory and tax law obligations, also requires or entails data processing, e.g. the fulfillment of archiving obligations and the prevention, detection and clarification of criminal offenses and other violations. This also includes the receipt and processing of complaints and other reports, the monitoring of communications, internal investigations or the disclosure of documents to an authority if we have sufficient reason to do so or are legally obliged to do so. We may also process personal data about you in the course of external investigations, for example, by a law enforcement or regulatory agency or an appointed private entity. For all these purposes, we process in particular your master data, your contract data and communication data, but also, under certain circumstances, behavioural data and data from the category of other data. The legal obligations may be Swiss law, but also foreign regulations to which we are subject, as well as self-regulations, industry standards, our own "corporate governance" and official instructions and requests.

We also process data for the purposes of risk management and as part of prudent corporate governance, including operational organisation and corporate development .

For these purposes, we process in particular master data, contract data and technical data, but also communication data. For example, as part of financial management, we need to monitor our debtors and creditors, and we need to avoid becoming victims of crime and abuse, which may require the evaluation of data of appropriate patterns . As part of our business development, we may sell or acquire businesses, operations or companies to or from others, or enter into partnerships, which may also result in the exchange and processing of data (including from you, for example, as a customer or supplier or as a supplier representative).

We may process your data for other purposes, e.g. as part of our internal processes and administration.

These further purposes include, for example, administrative purposes (such as the administration of master data, accounting and data archiving, and the testing, administration and ongoing improvement of IT infrastructure), the protection of our rights (e.g., to enforce claims in court, before or out of court, and before authorities in Germany and abroad, or to defend ourselves against claims, for example, by preserving evidence, legal clarifications and participation in court or official proceedings) and the evaluation and improvement of internal processes. The protection of other legitimate interests is also one of the other purposes that cannot be named exhaustively.

5. On what basis do we process your data?

Insofar as we ask you for your consent certain processes (e.g. for the processing of particularly sensitive personal data; for marketing mailings), we will inform you separately about the corresponding purposes of processing. You may withdraw your consent at any time with future effect by notifying us in writing (by post) or, where not otherwise specified or agreed, by email; our contact details can be found in section 2. Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have a legal basis for doing so. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Where we do not ask you for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in doing so, in particular in order to pursue the purposes and related objectives described above under section 4 and to be able to implement appropriate measures. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognised as a legal basis by the applicable data protection law in each case (e.g., in the case of the GDPR, the law in the EEA, and Switzerland). However, this also includes the marketing of our products and services, the interest to better understand our markets and to safely and efficiently manage and develop our business, including operations.

6. Who do we disclose your information to?

In connection with our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes listed in Section 4, we also transfer your personal data to third parties, in particular to the following categories of recipients:

  • Service providers: We work with service providers in Germany and abroad who process data about you on our behalf or in joint responsibility with us or who receive data about you from us in their own responsibility (e.g. IT providers, shipping companies, advertising service providers, banks, insurance companies, debt collection companies or credit agencies).

To enable us to provide our products and services efficiently and to allow us to focus on our core competencies, we procure services from third parties in numerous areas. These services relate, for example, to IT services, the dispatch of information, marketing, sales, communication or printing services, facility management and security, the organisation and hosting of events and receptions, debt collection, credit agencies, anti-fraud measures and services from consulting companies, lawyers, banks, insurers, and telecom companies. In each case, we disclose the data necessary for their services to these service providers, which may include you. These service providers may also use such data for their own purposes, e.g. information about outstanding debts and your payment history in the case of credit agencies or anonymised information to improve services. In addition, we enter into contracts with these service providers that include provisions for the protection of data, to the extent that such protection does not result from the law. Our service providers may also process data about how their services are used and other data that arises in the course of using their service under certain circumstances as independent data controllers for their own legitimate interests (e.g., for statistical evaluations or billing). Service providers provide information about their independent data processing in their own data privacy statements.

 

  • Contractual partners including customers: This initially refers to customers (e.g. service recipients) and other contractual partners of ours, because this data transfer arises from these contracts. If you work for such a contractual partner yourself, we may also transfer data about you to them in this context. The recipients also include contractual partners with whom we cooperate.

If you are acting as an employee for a company with which we have entered into a contract, the performance of that contract may require us to tell the company, for example, how you used our service.

  • Authorities: We may disclose personal data to offices, courts and other authorities in Germany and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities process data about you that they receive from us on their own responsibility.

Cases of application are, for example, criminal investigations, police measures (e.g. health protection concepts, combating violence, etc.), regulatory requirements and investigations, judicial proceedings, reporting obligations and pre- and extrajudicial proceedings, as well as legal obligations to provide information and to cooperate. Data may also be disclosed if we wish to obtain information from public bodies, e.g. in order to justify an interest in information or because we need to declare about whom we require information (e.g. from a register).

  • Other persons: This refers to other cases where the inclusion of third parties arises from the purposes set out in section 4, e.g. service recipients, media, and associations in which we participate, or if you are part of one of our publications.

Other recipients are, for example, delivery addressees or third-party payees specified by you, other third parties also in the context of agency relationships (e.g., if we send your data to your lawyer or your bank) or persons involved in official or legal proceedings. If we cooperate with media and transmit material to them (e.g. photos), you may also be affected by this under certain circumstances. The same applies when we publish content (e.g., photos, interviews, quotes, etc.), for example, on our website or in other publications. In the course of business development, we may sell or acquire businesses, parts of businesses, assets or companies, or enter into partnerships, which may also result in the disclosure of data (including about you, e.g. as a customer or supplier or as a supplier representative) to the persons involved in these transactions. Communications with our competitors, industry organisations, associations and other bodies may also involve the exchange of data that also relates to you.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

7. Does your personal data also end up abroad?

As explained in Section 6, we also disclose data to other entities. These are not only located in Switzerland. Your data may therefore be processed both in Europe and worldwide.

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? ), unless the recipient is already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exception provision.

An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it is a matter of data made generally available by you, the processing of which you have not objected to.

Many countries outside of Switzerland or the EU and EEA currently do not have laws that guarantee an adequate level of data protection from the perspective of the DPA or the GDPR. With the contractual arrangements mentioned, this weaker or missing legal protection can be partially compensated. However, contractual precautions cannot eliminate all risks (namely of government access abroad). You should be aware of these residual risks, even though the risk may be low in individual cases, and we take further measures (e.g., pseudonymisation or anonymisation) to minimise it.

Please also note that data exchanged via the Internet is often routed via third party countries. Your data may therefore end up abroad even if the sender and recipient are in the same country.

8. How long do we process your data?

We process your data for as long as our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes require, or storage is technically necessary. You will find further information on the respective storage and processing periods for the individual data categories in section 3 and for the cookie categories in section 11. If there are no legal or contractual obligations to the contrary, we will delete or anonymise your data after the storage or processing period has expired as part of our normal processes.

Documentation and evidence purposes include our interest in documenting processes, interactions and other facts in case of legal claims, discrepancies, IT and infrastructure security purposes and evidence of good corporate governance and compliance. Retention may be technically necessary if certain data cannot be separated from other data and we therefore need to retain it within them (e.g., in the case of backups or document management systems).

9. How do we protect your data?

We take reasonable security measures to maintain the confidentiality, integrity and availability of your personal information, to protect it against unauthorised or unlawful processing, and to protect against the risks of loss, accidental alteration, unauthorised disclosure or access.

Security measures of a technical nature and of an organisational nature may include, for example, measures such as the encryption and pseudonymisation of data, logging, access restrictions, the storage of backup copies, instructions to our employees, confidentiality agreements, and controls. We protect your data transmitted via our website in transit using appropriate encryption mechanisms. However, we can only secure areas that we control. We also require our contractors to take appropriate security measures. However, security risks cannot generally be completely ruled out; residual risks are unavoidable.

Virus protection/Firewall

A state-of-the-art firewall router is used as the firewall. For virus protection, ESET Endpoint Security is used for the user PCs and ESET Server Security for the servers.

10. What rights do you have?

Applicable data protection law grants you the right to object to the processing of your data in certain circumstances, in particular that for direct marketing purposes, profiling used for direct marketing and other legitimate interests in processing.

To help you control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

  • The right to request information from us as to whether and what data we are processing from you;
  • the right to have us correct data if it is inaccurate;
  • the right to request the deletion of data;
  • the right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
  • the right to withdraw consent, insofar as our processing is based on your consent;
  • the right to receive, upon request, further information necessary for the exercise of these rights;

If you wish to exercise any of the above rights, please contact us in writing, at our premises or, unless otherwise stated or agreed, via e-mail; you will find our contact details in section 2. In order for us to ensure no misuse, we must identify you (e.g. by a copy of your ID card, unless otherwise possible).

Please note that conditions, exceptions or restrictions apply to these rights under applicable data protection law (e.g., to protect third parties or trade secrets). We will inform you accordingly if necessary.

In particular, we may need to further process and store your personal data in order to fulfill a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defense of legal claims, or to comply with legal obligations. To the extent where legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard interests worthy of protection, we may therefore also reject a data subject request in whole or in part (e.g. by blacking out certain content that concerns third parties or our trade secrets).

If you do not agree with our handling of your rights or data protection, please let us know. In particular, if you are in the EEA, the United Kingdom or Switzerland, you also have the right to complain to the data protection supervisory authority in your country.

A list of authorities in the EEA can be found here:

https://edpb.europa.eu/about-edpb/board/members_de.

You can reach the UK regulator here:

https://ico.org.uk/global/contact-us/.

You can reach the Swiss supervisory authority here:

https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/adresse.html.

11. Do we use online tracking and online advertising techniques?

On our website, we use various techniques with which we and third parties engaged by us can recognise you during your use and possibly also track you over several visits. In this section we inform you about it.

In essence, this is so that we can distinguish accesses by you (via your system) from accesses by other users, so that we can ensure the functionality of the website and carry out evaluations and personalisations. We would like to point out that we are not able to deduce your identity in the process. However, the technologies used are designed in such a way that you are recognised as an individual visitor each time you access a page, for example by our server (or the servers of third parties) assigning you or your browser a specific recognition number (so-called "cookie").

Cookies are individual codes (e.g. a serial number) that our server or a server of our service providers or advertising contractors transmits to your system when you connect to our website and that your system (browser, mobile) accepts and stores until the programmed expiration time. With each subsequent access, your system transmits these codes to our or the third party server. This enables you being recognised even if your identity is unknown.

Whenever you access a server (e.g. when using a website or an app or because an image is visibly or invisibly integrated in an email), your visits can therefore be "tracked" (traced). If we integrate offers from an advertising contractor or provider of an analytics tool on our website, they may track you in the same way, even if you cannot be identified in individual cases.

We use such techniques on our website and allow certain third parties to do so as well. You can programme your browser to block, deceive, or delete existing cookies from certain cookies or alternative techniques. You can also enhance your browser with software that blocks tracking by certain third parties. You can find more information about this on the help pages of your browser (usually under the keyword "Privacy") or on the websites of the third parties that we list below.

The following cookies are distinguished (techniques with comparable functionalities such as fingerprinting are included here):

  • Necessary cookies: Some cookies are necessary for the functioning of the website as such or certain functions. For example, they ensure that you can switch between pages without losing information entered in a form. They also ensure that you remain logged in. These cookies only exist temporarily ("session cookies").

If you block them, the website may not work. Other cookies are necessary so that the server can store decisions or entries made by you beyond one session (i.e. one visit to the website), if you request this function (e.g. selected language, given consent, the function for an automatic login, etc.). These cookies have an expiration date of up to 24 months.

  • Performance cookies: In order to optimize our website and corresponding offers and to better adapt them to the needs of the users, we use cookies to record and analyse the use of our website, possibly even beyond the session. We do this through the use of third-party analytics services. We have listed these below. Before we use such cookies, we ask for your consent. You can revoke this at any time via the cookie settings. Performance cookies also have an expiration date of up to 24 months. Details can be found on the websites of the third-party providers.

We currently use offers from the following service providers and advertising contract partners (insofar as they use data from you or cookies set on your computer for advertising purposes):

  • Google Analytics: Google Ireland (based in Ireland) is the provider of the "Google Analytics" service and acts as our order processor. Google Ireland relies on Google LLC (based in the USA) as its order processor (both "Google"). Google thereby tracks the behavior of visitors to our website (duration, frequency of pages viewed, geographic origin of access, etc.) through performance cookies (see above) and creates reports for us about the usage of our website on this basis. We have configured the service so that the IP addresses of visitors are shortened by Google in Europe before being forwarded to the USA and thus cannot be traced. We have turned off the "Data Forwarding" and "Signals" settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can draw conclusions about the identity of visitors from this data for its own purposes, create personal profiles and link this data to the Google accounts of these individuals. If you consent to the use of Google Analytics, you explicitly agree to such processing, which also includes the transfer of personal data (in particular usage data about the website and app, device information and individual IDs) to the USA and other countries. Information on the data protection of Google Analytics can be found here [https://support.google.com/analytics/answer/6004245] and if you have a Google account, you can find further details on processing by Google here [https://policies.google.com/technologies/partner-sites?hl=de].

12. Can this privacy policy be changed?

This privacy policy is not part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.

 

General privecy policy as PDF: click here

PDF download: click here