privacy statement

This privacy policy explains how we process your personal data in conjunction with our www.gressel.ch website and our other online pages.

Special, supplementary or further privacy policies and other legal documents such as General Terms and Conditions (GTC), conditions of use and conditions of participation may also apply to individual or additional products and services.

Our online pages are subject to Swiss data protection law and all applicable foreign data protection law such as that of the European Union's (EU) General Data Protection Regulation (GDPR).The EU acknowledges that Swiss data protection law provides an appropriate level of data protection.

1. Contact addresses

1.1 Responsibility for our online pages

GRESSEL AG
Schützenstrasse 25
8355 Aadorf

info[at]gressel.ch

1.2 Data Protection Officer

The Data Protection Officer named below is available as our point of contact for data subjects and is the contact person for supervisory authorities on all matters regarding data protection:

Jörg Maier
GRESSEL AG
Schützenstrasse 25
8355 Aadorf

info[at]gressel.ch

2. Processing of personal data

2.1 Definition of terms

Personal data is any information that relates to an identified or identifiable living individual. A data subject is a person whose personal data are being processed. Processing includes any action performed on personal data, irrespective of the means or methods used, and in particular the retention, disclosure, procurement, collection, deletion, storage, modification, destruction and utilisation of personal data.

2.2 Legal bases

We process personal data in accordance with Swiss data protection law including, in particular, the Federal Act on Data Protection (DSG) and the Ordinance to the Federal Act on Data Protection (VDSG).

If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:

  • Art. 6(1)b GDPR for the processing of personal data necessary for the performance of a contract with the data subject or in order to take steps prior to entering into a contract.
  • Art. 6(1)f GDPR for the processing of personal data necessary for the purpose of the legitimate interests pursued by us or by third parties, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Legitimate interests are in particular our interest in providing our online pages in a sustainable, user-friendly, secure and reliable manner and being able to advertise them when required, data security including protection against misuse and unauthorised use, the enforcement of our own legal claims and compliance with Swiss law.
  • Art. 6(1)c GDPR for the processing of personal data necessary for compliance with a legal obligation to which we are subject in accordance with any applicable law of the EU or of member states in the European Economic Area (EEA).
  • Art. 6(1)e GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.
  • Art. 6(1)a GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6(1)d GDPR for the processing of personal data necessary in order to protect the vital interests of the data subject or of another natural person.

2.3 Nature, scope and purpose

We process any personal data that are necessary to provide our online pages in a sustainable, user-friendly, secure and reliable manner. Such personal data may fall into the categories of user and contact data, content data, usage data, marginal data as well as order and payment data.

We process personal data for any duration required for the respective purpose or purposes or by law. Any personal data the processing of which is no longer necessary will be anonymised or deleted.

In principle, we process personal data only after the consent of the data subject has been given unless processing is permissible on other legal grounds, for example for the performance of a contract to which the data subject is party or in order to take steps prior to entering such a contract or to safeguard our overriding legitimate interests, because such processing is apparent from the circumstances or from prior information.

Within this framework, we process, in particular, information transferred by a data subject to us voluntarily and by himself/herself upon establishment of contact, for example by letter, e-mail, contact form, social media or telephone, or upon registration for a user account. We may store such information, for example, in an address book or by other similar means. If you transfer personal data of third parties to us, you are obliged to guarantee data protection towards such third parties and to ensure the accuracy of such personal data.

We also process personal data we have obtained from third parties, from publicly accessible sources, or from our online pages, if and to the extent that such processing is legally permissible.

Personal data resulting from applications for employment are processed only to the extent that they relate to eligibility for an employment relationship or are necessary for the later implementation of an employment contract. Personal data required for an application for employment arise from the requested or imparted information, for example within the scope of the job description. Applicants are able to volunteer further information for their applications.

2.4 Processing of personal data by third parties including in other countries

We may have personal data processed by third parties, in particular, by contractors, or work together with third parties, or have third parties assist us, or transmit personal data to third parties. These third parties are generally suppliers or service providers whose services we use. We also ensure and guarantee appropriate data protection if data are processed by third parties.

Generally, these third parties are located in Switzerland or the European Economic Area (EEA) including the European Union (EU). These third parties may, however, also be located in other countries or anywhere as long as the data protection law there ensures adequate data protection in the view of the Swiss Federal Data Protection and Information Commissioner (EDÖB) and, – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – ensures adequate data protection in the view of the European Commission – , or appropriate data protection is ensured by other means, such as through an appropriate contractual agreement, in particular on the basis of standard clauses within the contract, or through appropriate certification. In the case of third parties that are in the United States of America (USA), certification under the Privacy Shield can ensure appropriate data protection. In exceptional cases, a third party may be in a country without adequate data protection, provided the data protection requirements, such as the explicit consent of the data subject, are fulfilled.

3. Rights of data subjects

Data subjects whose personal data we process have certain rights under Swiss data protection law. These rights include the right to information and the right to correction, deletion or blocking of the personal data that are processed.

Data subjects whose personal data we process, may – if and to the extent that the General Data Protection Regulation (GDPR) applies – request free-of-charge a confirmation of whether we process their personal data and, if yes, demand information about the processing of their personal data, place restrictions on the processing of their personal data, safeguard their right to data portability and have their personal data corrected, erased ("right to be forgotten"), blocked or made complete.

Data subjects whose personal data we process may – if and to the extent that the GDPR applies – at any time revoke a previously granted consent with effect for the future and may at any time raise an objection to the processing of their personal data.

Data subjects whose personal data we process have a right to lodge a complaint with a supervisory authority. The supervisory authority for data protection in Switzerland is the Swiss Federal Data Protection and Information Commissioner (EDÖB).

4. Data security

We take appropriate and suitable technical and organisational measures to ensure data protection and, in particular, data security. However, despite such measures, the processing of personal data on the Internet can always have security loopholes. For this reason, we cannot guarantee absolute data security.

Access to our web pages takes place by means of transport encryption (SSL/TLS with HTTPS).

Access to our online pages is – as is generally the case with any Internet use – subject to groundless, “suspicion-free” mass monitoring as well as other means of surveillance by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We have no direct influence on the processing of personal data by intelligence services, police forces and other security agencies.

5. Use of the website

5.1 Cookies

We may use cookies for our website. Cookies – including those from third parties whose services we use (third-party cookies) – are data in the form of text files that are stored in your browser. Cookies cannot execute programs or transmit malicious software such as trojans and viruses.

When you visit our website, cookies can be stored temporarily in your browser as “session cookies” or as permanent cookies for a certain period. Session cookies are automatically deleted when you close your browser. Permanent cookies allow our website to recognise your browser the next time you visit it. This allows us to measure, for example, the outreach of our website. Permanent cookies can also be used, for example, for online marketing.

You can deactivate or delete cookies, in whole or in part, in your browser settings at any time. Without cookies, the full extent of our online pages may not be available to you. We ask for your consent to use such cookies, if and to the extent necessary.

For cookies used for success and outreach measurement or for advertising, there is a general objection (“opt-out”) for many services via the Networking Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 Log files

We may collect the data listed below every time you access our website if these are transmitted by your browser to our server infrastructure or they can be identified by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual page and transmitted data volume, last accessed website (referrer).

We store this information, which can also be personal data, in log files. We require this information for the provision of our online pages in a sustainable, user-friendly and reliable manner, as well as to safeguard data security – also via third parties or with the help of third parties – and, in particular, to ensure the protection of personal data.

5.3 Tracking pixels

We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels – including those of third parties whose services we use – are small images that are retrieved when you visit our website. The same information can be recorded using tracking pixels as with server log files.

6. Notifications and messages

We may send notifications and messages such as newsletters by e-mail and via other communication channels such as instant messaging.

6.1 Success and outreach measurements

Notifications and messages can contain weblinks or tracking pixels that indicate whether an individual message has been opened and which weblinks were clicked (success measurement). These weblinks and tracking pixels can also record the use of notifications and messages. We require this statistical record of use including success and outreach measurement to offer notifications and messages based on the needs and reading habits of the receivers in an effective, user-friendly, sustainable, secure and reliable manner.

6.2 Consent and objection

In principle, you have to give your express consent for your e-mail address and your other contact addresses to be used, unless their use is permitted on other legal grounds. For any consent in the case of e-mails, we use a "double opt-in" procedure, i.e. you receive an e-mail with a weblink, which you then have to click. This prevents misuse by unauthorised third parties. We can record these consents including Internet Protocol (IP) addresses, dates and times for evidential and security reasons.

In principle, you can unsubscribe from notifications and messages, such as newsletters, at any time. This does not apply to notifications and messages that are absolutely necessary for our online pages. When unsubscribing, you can also object in particular to the recording of your use for statistical purposes, including for success and outreach measurement.

7. Social media

We are present on social media and other online platforms to communicate with interested persons and inform people about our online pages. Our General Terms and Conditions (GTC), Privacy Policy and other conditions of individual operators also apply to these online platforms.

For our social media presence on Facebook, we are, if and to the extent that GDPR applies, responsible together with Facebook for "Page Insights", which give information about how visitors interact with our Facebook page. We use Page Insights to provide our social media presence on Facebook in an effective and user-friendly manner. Facebook has published an addendum concerning the responsibility for Page Insights.

8. Third-party services

We may use third-party services to provide our online pages in a sustainable, user-friendly, secure and reliable manner. These services also allow us to embed contents in our online pages. These services – for example hosting and storage services, video services and payment services – require your Internet Protocol (IP) address, otherwise these services cannot transfer the relevant content. These services may be located outside Switzerland and the European Economic Area (EEA) including the European Union (EU) if adequate data protection is guaranteed.

Third-party services may also process data in aggregated, anonymised or pseudoanonymised form, including with cookies, log files and tracking pixels, in connection with our online pages and from other sources for their own security-relevant, statistical and technical purposes. These data are not used to directly contact data subjects in connection with our online pages.

8.1 Maps

We use Google Maps to embed maps in our website. This also involves the use of cookies. Google Maps is a service of the American Google LLC. The Irish company Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. For more details on the nature, scope and purpose of data processing see Google's Principles for Privacy and Security and its Privacy Policy, and the Google product privacy guide (including Google Maps), which contains information about how Google uses data from sites or apps that use Google services and about how Google uses cookies. You also have the right to object to receiving personalised advertising.

8.2 Entertainment

8.2.1 We use Vimeo to embed videos in our website. This also involves the use of cookies. Vimeo is a service of the US-American company Vimeo Inc. Further information about the nature, scope and purpose of data processing can be found in the questions and answers about data protection section at Vimeo and in the Vimeo Privacy Policy.

8.2.2 We use YouTube to embed videos in our website. This also involves the use of cookies. YouTube is a service of the US-American company Google LLC. The Irish company Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. For more details on the nature, scope and purpose of data processing, see Google's Principles for Privacy and Security and its Privacy Policy, and the Google product privacy guide (including YouTube), which contains information about how Google uses data from sites or apps that use Google services and about how Google uses cookies. You also have the right to object to receiving personalised advertising.

8.3 Success and outreach measurement

8.3.1 Google Analytics

We use Google Analytics to analyse how our website is used, for example by measuring the outreach of our website and the success of third-party links on our website. This is a service of the US-American company Google LLC. The Irish company Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland.

Google attempts to collect data on individual visitors to our website even when they use different browsers or devices (cross-device tracking). This also involves the use of cookies. Google Analytics requires your Internet Protocol (IP) address, but it will not be merged with other Google data.

We always have your Internet Protocol (IP) address anonymised prior to analysis by Google. As a result, your full IP address is generally not transmitted to Google in the USA.

For more details on the nature, scope and purpose of data processing, see Google's Principles for Privacy and Security and its Privacy Policy, and the Google product privacy guide (including Google Analytics), which contains information about how Google uses data from sites or apps that use Google services and about how Google uses cookies. You also have the option to use the Browser add-on for de-activating Google Analytics to opt out and the right to object to receiving personalised advertising.

8.3.2 Google Tag Manager

We use Google Tag Manager to incorporate and manage services for analytics or advertisements from Google and from third parties in our website. This is a service of the US-American company Google LLC. The Irish company Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. This does not use cookies, but cookies may be used within the incorporated and managed services. We inform you about the processing of personal data by these services in this Privacy Policy.

9. Website extensions

We use jQuery, which is a free JavaScript library provided by the JS Foundation. We connect to the library via the Content Delivery Network (CDN) Google Hosted Libraries (Domain name ajax.googleapis.com) to increase the speed of our website. This involves the use of cookies only to help prevent misuse and for security-relevant purposes. It is a service of the US-American company Google LLC and is provided independently of other Google services. The Irish company Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland.

For more details on the nature, scope and purpose of data processing, see Google's Principles for Privacy and Security, its Privacy Policy and the Google Hosted Libraries Terms of Service.

10. Final provisions

We have created this privacy policy using the Data Protection Generator from Datenschutzpartner, a service of the Swiss company Papiertiger GmbH.

We may amend and supplement this privacy policy at any time. We will inform you about any such amendments and supplements in a suitable manner, particularly through publishing the current privacy policy on our website.