Our offer is subject to Swiss data protection law and any applicable foreign data protection law, in particular that of the European Union (EU) with its General Data Protection Regulation (GDPR). The European Commission recognises that Swiss data protection law ensures adequate data protection.
1. Contact addresses
Controller for processing personal data is
We will point it out if, in individual cases, there are other controllers for processing personal data.
2. Processing of personal data
Personal data means any information relating to an identified or identifiable natural person. A data subject is a person whose personal data is processed. Processing means any operation or set of operations which is performed on personal data, regardless of the means and procedures used, especially the storage, disclosure, retrieval, collection, erasure, saving, alteration, destruction or use of personal data.
The European Economic Area (EEA) consists of the European Union (EU) and the principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) describes the processing of personal data as handling personal data.
2.2 Legal basis
We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Bundesgesetz über den Datenschutz) (DSG) and the regulation relating to the Federal Act on Data Protection (Verordnung zum Bundesgesetz über den Datenschutz (VDSG).
We process – if and insofar as the General Data Protection Regulation (GDPR) is applicable – personal data pursuant to at least one of the following legal bases:
6 (1) letter b GDPR for the necessary processing of personal data in order to perform a contract with the data subject and to take steps prior to entering into the contract.
6 (1) letter f GDPR for the necessary processing of personal data in order to safeguard the legitimate interests of ourselves or of third parties, except where such interests are overridden by the fundamental rights and freedoms and interests of the data subject. Legitimate interests include, in particular, our interest in being able to provide our services in a permanent, user-friendly, secure and reliable manner and to advertise them as required, as well as information security and protection against misuse and unauthorised use, the enforcement of our own legal rights, and compliance with Swiss law.
6 (1) letter c GDPR for the necessary processing of personal data in order to comply with a legal obligation to which we are subject pursuant to any applicable law of a member state of the European Economic Area (EEA).
6 (1) letter e GDPR for the necessary processing of personal data, in order to perform a task carried out in the public interest.
6 (1) letter a GDPR for the processing of personal data with the consent of the data subject.
6 (1) letter a GDPR for the processing of personal data with the consent of the data subject.
2.3 Type, extent and purpose
We process those personal data that are necessary in order to provide our offer in a permanent, user-friendly, secure and reliable manner. Such personal data may belong to the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales, contract and payment data.
We process personal data for the duration which is necessary for the respective purpose(s) or is required by law. Personal data whose processing is no longer necessary is anonymised or deleted. Persons whose data we process have a fundamental right to have their data deleted.
We generally only process personal data with the data subject’s consent, except where the processing is permitted for other legal reasons, for example in order to fulfil a contract with the data subject and to take appropriate steps prior to entering into the contract, in order to safeguard our overriding legitimate interests, because the processing is obvious from the circumstances, or after prior information.
Within this framework, we process in particular information provided voluntarily by data subjects themselves when contacting us – for example by letter, e-mail, contact form, social media or telephone – or when registering for a user account. We may, for example, store such information in an address book or by similar means. If you transmit personal data about third parties to us, you are obliged to guarantee data protection vis-à-vis such third parties and to ensure the accuracy of such personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect when providing our services, if and to the extent that such processing is permitted by law.
Personal data from applications is only processed insofar as such data if required to assess the applicant’s suitability for an employment relationship or for the subsequent execution of an employment contract. The personal data required to carry out an application procedure is derived from the information requested or communicated, for example, in the context of a job description. Applicants have the opportunity to provide additional information for their respective applications voluntarily.
2.4 Processing of personal data by third parties, also in foreign countries
We may have personal data processed by commissioned third parties or may process personal data together with third parties or with the help of third parties or transmit personal data to third parties. Such third parties are in particular providers whose services we use. We safeguard an adequate level of data protection with regard to such third parties as well.
Such third parties are generally located in Switzerland and in the European Economic Area (EEA). Such third parties can however also be located in other states and territories on earth or elsewhere in the universe, if their data protection law safeguards an adequate level of data protection according to the estimate of the Federal Data Protection and Information Commissioner(FDPIC) and – if and to the extent that the General Data Protection Regulation (GDPR) applies – of the European Commission, or if an adequate level of data protection is otherwise safeguarded, for example by means of a contractual agreement to that effect, in particular on the basis of standard clauses, or by means of a corresponding certification. In the case of third parties in the United States of America (USA), certification pursuant to the Privacy Shield can safeguard an adequate level of data protection. By way of exception, such a third party may be located in a country without an adequate level of data protection, insofar as the conditions of data protection law, for example, the express consent of the data subject, are fulfilled.
3. Rights of data subjects
Data subjects whose personal data we process have the rights granted in accordance with Swiss data protection law. These include the right of access and the right to rectify, erase or block the personal data processed.
Data subjects whose personal data we process can – if and to the extent that the General Data Protection Regulation (GDPR) applies – be sent confirmation, free of charge, as to whether we are processing their personal data and, if so, demand access to the personal data we are processing, have the processing of their personal data restricted, exercise their right to data portability and have their personal data rectified, erased (“right to forget”), blocked or completed.
Data subjects whose personal data we process can – if and to the extent that the GDPR applies – revoke their consent at any time with effect for the future and object to the processing of their personal data at any time.
Data subjects whose personal data we process have the right to complain to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
4. Data security
We take appropriate and suitable technical and organisational measures to ensure data protection and, in particular, data security. However, despite such measures, the processing of personal data on the Internet may always involve security risks. We cannot therefore guarantee absolute data security.
Our online offer is accessed by means of transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, HTTPS for short). Most browsers indicate transport encryption with a padlock in the address bar.
Access to our online offer is – the same as generally every use of the Internet –
subject to mass surveillance without cause or suspicion and other monitoring by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We cannot exert any direct influence on the relevant processing of personal data by secret services, police authorities and other security agencies.
5. Use of the website
When you visit our website, cookies can be stored temporarily in your browser as “session cookies” or for a certain period of time as so-called permanent cookies. “Session cookies” are automatically deleted when you close your browser. Permanent cookies in particular make it possible to recognise your browser the next time you visit our website and thus to measure the reach of our website, for example.
Permanent cookies can, however, also be used for online marketing, for example.
In the case of cookies used for success and reach measurement or for advertising purposes, with regard to many services a general objection (“opt-out”) is possible via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
5.2 Server log-files
For every access to our website we may collect the following information if your browser transmits it to our server infrastructure or if it can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-pages of our website accessed including the amount of data transmitted, last website accessed in the same browser window (referrer).
We store such information, which may also include personal data, in server log-files. We require such information in order to provide our online services in a permanent, user-friendly and reliable manner and to ensure data security and thus, in particular, the protection of personal data – also by means of third parties or with the help of third parties.
5.3 Tracking pixels
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – also those of third parties whose services we use – are small, usually invisible images which are automatically generated when you visit our website. With tracking pixels, the same data can be recorded as in server log-files.
6. Third-party services
We use services provided by third parties, in order to provide our offer in a permanent, user-friendly, secure and reliable manner. We also use such services in order to be able to embed content into our website. Such services – for example host and storage services, video services and payment services – require your Internet Protocol (IP) address, otherwise they cannot transmit the corresponding content. Such services can be located outside of Switzerland and the European Economic Area (EEA), as long as an adequate level of data protection is guaranteed.
For their own security-related, statistical and technical purposes, third parties whose services we use may also process data in connection with our offer and from other sources – including cookies, log-files and tracking pixels – in an aggregated, anonymised or pseudonymised form.
6.2 Success and reach measurement
6.2.1 Google Analytics
We use Google Analytics in order to analyse how our website is used. In so doing, we can also measure the reach of our website and the success of links from third parties to our website, for example. The service is provided by the American Google LLC. The Irish Google Ireland Limited is responsible for users within the European Economic Area (EEA) and in Switzerland.
In any case, we have your Internet Protocol (IP) address anonymised by Google before the analysis. As a result, your complete IP address is generally not forwarded to Google in the USA.
6.2.2 Google Tag Manager
7. Erweiterungen für die Website
8. Final provisions