activities and operations, including the ordering possibility for digital debt register
extracts on our
1. Contact Addresses
Responsible for the processing of personal data:
We will inform you if there are other data controllers for specific cases.
2. Definitions and Legal Bases
Personal data refers to all information relating to a specific or identifiable natural person. An affected person is a person about whom we process personal data.
Processing includes any handling of personal data, regardless of the means and methods used, including querying, comparing, adapting, archiving, retaining, extracting, disclosing, obtaining, recording, collecting, deleting, disclosing, ordering, organizing, storing, modifying, distributing, linking, destroying, and using personal data.
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, including the Federal Data Protection Act (Datenschutzgesetz, DSG) and the Data Protection Ordinance (Datenschutzverordnung, DSV).
3. Type, Scope, and Purpose
We process personal data that is necessary to permanently, user-friendly, securely, and reliably carry out our activities and operations.
Such personal data can fall into categories including inventory and contact data, browser and device data, identity data, content data, metadata or peripheral data, and usage data, register data, location data, sales data, as well as contract and payment data.
We process personal data for the duration that is necessary for the respective purpose(s) or as required by law. Personal data that is no longer required for processing will be anonymized or deleted.
We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit it to third parties. These third parties are typically specialized service providers whose services we use. We ensure data protection even with such third parties.
We process personal data only with the consent of the affected individual, unless processing is permissible for other legal reasons. Processing without consent may be permissible, for example, to fulfill a contract with the affected person, for corresponding pre-contractual measures, to protect our overriding legitimate interests, because processing is apparent from the circumstances, or after prior notification.
Within this framework, we process, in particular, information that an affected person voluntarily provides to us when contacting us – for example, by postal mail, email, instant messaging, contact forms, social media, or telephone, when placing an order, or when registering for a user account. We may store such information, for example, in an address book, a Customer Relationship Management (CRM) system, or similar tools. When we receive data about other individuals, the transmitting individuals are obliged to ensure data protection for these individuals and to ensure the accuracy of this personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect during the exercise of our activities and operations, to the extent and insofar as such processing is permissible for legal reasons.
4. Job Applications
We process personal data about job applicants as far as necessary for the assessment of suitability for an employment relationship or for the subsequent execution of an employment contract. The necessary personal data can be derived in particular from the information provided, for example, in the context of a job advertisement. Furthermore, we process personal data that job applicants provide or publish voluntarily, in particular as part of cover letters, resumes, and other application documents, as well as online profiles.
5. Personal Data Abroad
We primarily process personal data in Switzerland. However, we may also disclose or export personal data to other countries, especially to process it there or have it processed.
We may disclose personal data to all states and territories on Earth as well as elsewhere in the Universe, provided that the local law, as per the decision of the Swiss Federal Council, ensures adequate data protection.
We may disclose personal data to states whose law does not ensure adequate data protection if suitable data protection is ensured for other reasons. Suitable data protection can be ensured, for example, through appropriate contractual agreements, based on standard data protection clauses, or through other suitable guarantees. In exceptional cases, we may export personal data to states without adequate or suitable data protection if the special data protection requirements are met, such as the explicit consent of the affected individuals or a direct connection to the conclusion or execution of a contract. Upon request, we will provide affected individuals with information about any guarantees or provide a copy of such guarantees.
6. Rights of Affected Individuals
6.1 Data Protection Claims
We grant affected individuals all claims under the applicable data protection law. Affected individuals have the following rights in particular:
- Information: Affected individuals can request information about whether we process personal data about them and, if so, which personal data. Affected individuals will also receive the information necessary to assert their claims under Swiss data protection law. This includes, among other things, the processed personal data as such. This also includes information about the purpose of processing, the duration of retention, any disclosure or export of data to other states, and the source of personal data.
- Correction and Restriction: Affected individuals can correct incorrect personal data and have the processing of their data restricted.
- Deletion and Objection: Affected individuals can have personal data deleted ("right to be forgotten") and object to the processing of their data.
- Data Disclosure and Data Portability: Affected individuals can request the disclosure of personal data or the transfer of their data to another data controller.
We may, within the legally permissible framework, delay, restrict, or refuse the exercise of the rights of affected individuals. We may inform affected individuals of any conditions that may need to be met to exercise their data protection rights. For example, we may partially or completely refuse to provide information citing business secrets or the protection of other individuals. We may also partially or completely refuse the deletion of personal data citing legal retention obligations, for example.
We may, exceptionally, impose costs for the exercise of rights. We will inform affected individuals in advance of any potential costs.
We are obligated to identify affected individuals who request information or exercise other rights with appropriate measures. Affected individuals are obligated to cooperate.
6.2 Recht auf Beschwerde
Affected individuals have the right to enforce their data protection claims through legal means or to file a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (EDÖB).
7. Data Security
We implement appropriate technical and organizational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security.
Access to our website is via transport encryption (SSL / TLS, especially with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock icon in the address bar.
8. Website Usage
Cookies can be stored in the browser temporarily as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies, in particular, allow recognizing a browser on the next visit to our website, thereby, for example, measuring the reach of our website. However, permanent cookies can also be used for online marketing.
For cookies used for success and reach measurement or advertising, a general objection ("Opt-out") is possible for numerous services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
8.2 Server Log Files
We may collect the following information for each access to our website, to the extent that it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of our website accessed including data volume transferred, last website visited in the same browser window (referer or referrer).
We store such information, which may also represent personal data, in server log files. The information is necessary to permanently, user-friendly, and reliably provide our website and to ensure data security and thus, in particular, the protection of personal data, also through third parties or with the help of third parties.
8.3 Tracking Pixels
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. With tracking pixels – including those from third parties whose services we use – these are small, usually invisible images that are automatically retrieved when visiting our website. Tracking pixels can collect the same information as in server log files.
9. Notifications and Messages
We send notifications and messages by email and through other communication channels such as instant messaging or SMS.
9.1 Success and Reach Measurement
Notifications and messages may contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked. Such web links and tracking pixels can also capture the use of notifications and messages on a personal basis. We require this statistical data collection of use for success and reach measurement to effectively and user-friendly send notifications and messages based on the needs and reading habits of recipients, as well as to provide them permanently, securely, and reliably.
9.2 Consent and Objection
You must generally explicitly consent to the use of your email address and other contact information, unless the use is permissible for other legal reasons. Whenever possible, we use the "Double Opt-in" procedure for consent, meaning you will receive an email with a web link that you must click to confirm, to prevent misuse by unauthorized third parties. We may log such consents, including the Internet Protocol (IP) address, date, and time, for evidentiary and security reasons.
You can generally object to receiving notifications and messages such as newsletters at any time. With such an objection, you can also object to the statistical data collection for success and reach measurement. Necessary notifications and messages related to our activities and operations remain reserved.
10. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland.
11. Third-Party Services
We use services from specialized third parties to carry out our activities and operations permanently, user-friendly, securely, and reliably. With such services, we can embed features and content into our website. For technical reasons, when embedding, the services used may temporarily capture the Internet Protocol (IP) addresses of users.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data to provide the respective service.
We use, in particular:
11.1 Digital Infrastructure
We use services from specialized third parties to be able to access the required digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.
We use, in particular:
We use specialized service providers to securely and reliably process payments from our customers. For payment processing, the legal texts of the individual service providers such as terms and conditions or privacy policies also apply.
We use, in particular:
- PostFinance: E-payment solutions; Provider: PostFinance AG (Switzerland); Data protection information: "Legal Notices and Accessibility", "Data Protection" (including privacy policies).
We use the opportunity to display advertisements for our activities and operations with third parties such as social media platforms and search engines.
With such advertising, we aim to reach individuals who are already interested in or could be interested in our activities and operations (Remarketing and Targeting). To do this, we may transmit relevant – possibly also personal – information to third parties that enable such advertising. We can also determine whether our advertising is successful, including whether it leads to visits to our website (Conversion Tracking).
Third parties where we advertise and where you, as a user, are logged in, may potentially associate the use of our online offering with your profile there.
We use, in particular:
- Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: Advertising based on search queries, using various domain names, including doubleclick.net, googleadservices.com, and googlesyndication.com, for Google Ads, "Advertising" (Google), "Why am I seeing a particular ad?".
12. Website Extensions
We use extensions for our website to enable additional features.
We use, in particular:
- Google reCAPTCHA: Spam protection (distinguishing between desired comments from humans and unwanted comments from bots and spam); Provider: Google; Google reCAPTCHA-specific information: "What is reCAPTCHA?".
13. Success and Reach Measurement
We use services and programs to determine how our online offering is used. In this context, we can measure the success and reach of our activities and operations, as well as the impact of third-party links to our website. We can also experiment with and compare different versions of our online offering or parts of our online offering using the "A/B-test" method. When using services and programs for success and reach measurement, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are generally shortened ("IP masking") to follow the principle of data minimization and thus improve the data protection of users through pseudonymization.
When using services and programs for success and reach measurement, cookies may be used, and user profiles may be created. User profiles may include, for example, the pages visited or content viewed on our website, information about screen size or browser window, and – at least approximately – location. User profiles are generally created in a pseudonymized form only. We do not use user profiles to identify individual users. Some third-party services where users are logged in may potentially associate the use of our online offering with the user's account or profile at that respective service.
We use, in particular:
- Google Analytics: Success and reach measurement; Provider: Google; Google Analytics-specific information: Measurement across different browsers and devices (Cross-Device Tracking) and with pseudonymized Internet Protocol (IP) addresses, which are only exceptionally transferred in full to Google in the United States, "Privacy", "Browser Add-on to Disable Google Analytics".
- Google Tag Manager: Integration and management of other services for success and reach measurement, as well as other services from Google and third parties; Provider: Google; Google Tag Manager-specific information: "Data Collected with Google Tag Manager"; additional data protection information can be found with the individual integrated and managed services.
14. Final Provisions