Special, supplementary or further privacy policies and other legal documents such as General Terms and Conditions (GTC), conditions of use and conditions of participation may also apply to individual or additional products and services.
Our online pages are subject to Swiss data protection law and all applicable foreign data protection law such as that of the European Union's (EU) General Data Protection Regulation (GDPR).The EU acknowledges that Swiss data protection law provides an appropriate level of data protection.
The Data Protection Officer named below is available as our point of contact for data subjects and is the contact person for supervisory authorities on all matters regarding data protection:
Personal data is any information that relates to an identified or identifiable living individual. A data subject is a person whose personal data are being processed. Processing includes any action performed on personal data, irrespective of the means or methods used, and in particular the retention, disclosure, procurement, collection, deletion, storage, modification, destruction and utilisation of personal data.
We process personal data in accordance with Swiss data protection law including, in particular, the Federal Act on Data Protection (DSG) and the Ordinance to the Federal Act on Data Protection (VDSG).
If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:
We process any personal data that are necessary to provide our online pages in a sustainable, user-friendly, secure and reliable manner. Such personal data may fall into the categories of user and contact data, content data, usage data, marginal data as well as order and payment data.
We process personal data for any duration required for the respective purpose or purposes or by law. Any personal data the processing of which is no longer necessary will be anonymised or deleted.
In principle, we process personal data only after the consent of the data subject has been given unless processing is permissible on other legal grounds, for example for the performance of a contract to which the data subject is party or in order to take steps prior to entering such a contract or to safeguard our overriding legitimate interests, because such processing is apparent from the circumstances or from prior information.
Within this framework, we process, in particular, information transferred by a data subject to us voluntarily and by himself/herself upon establishment of contact, for example by letter, e-mail, contact form, social media or telephone, or upon registration for a user account. We may store such information, for example, in an address book or by other similar means. If you transfer personal data of third parties to us, you are obliged to guarantee data protection towards such third parties and to ensure the accuracy of such personal data.
We also process personal data we have obtained from third parties, from publicly accessible sources, or from our online pages, if and to the extent that such processing is legally permissible.
Personal data resulting from applications for employment are processed only to the extent that they relate to eligibility for an employment relationship or are necessary for the later implementation of an employment contract. Personal data required for an application for employment arise from the requested or imparted information, for example within the scope of the job description. Applicants are able to volunteer further information for their applications.
We may have personal data processed by third parties, in particular, by contractors, or work together with third parties, or have third parties assist us, or transmit personal data to third parties. These third parties are generally suppliers or service providers whose services we use. We also ensure and guarantee appropriate data protection if data are processed by third parties.
Generally, these third parties are located in Switzerland or the European Economic Area (EEA) including the European Union (EU). These third parties may, however, also be located in other countries or anywhere as long as the data protection law there ensures adequate data protection in the view of the Swiss Federal Data Protection and Information Commissioner (EDÖB) and, – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – ensures adequate data protection in the view of the European Commission – , or appropriate data protection is ensured by other means, such as through an appropriate contractual agreement, in particular on the basis of standard clauses within the contract, or through appropriate certification. In the case of third parties that are in the United States of America (USA), certification under the Privacy Shield can ensure appropriate data protection. In exceptional cases, a third party may be in a country without adequate data protection, provided the data protection requirements, such as the explicit consent of the data subject, are fulfilled.
Data subjects whose personal data we process have certain rights under Swiss data protection law. These rights include the right to information and the right to correction, deletion or blocking of the personal data that are processed.
Data subjects whose personal data we process, may – if and to the extent that the General Data Protection Regulation (GDPR) applies – request free-of-charge a confirmation of whether we process their personal data and, if yes, demand information about the processing of their personal data, place restrictions on the processing of their personal data, safeguard their right to data portability and have their personal data corrected, erased ("right to be forgotten"), blocked or made complete.
Data subjects whose personal data we process may – if and to the extent that the GDPR applies – at any time revoke a previously granted consent with effect for the future and may at any time raise an objection to the processing of their personal data.
Data subjects whose personal data we process have a right to lodge a complaint with a supervisory authority. The supervisory authority for data protection in Switzerland is the Swiss Federal Data Protection and Information Commissioner (EDÖB).
We take appropriate and suitable technical and organisational measures to ensure data protection and, in particular, data security. However, despite such measures, the processing of personal data on the Internet can always have security loopholes. For this reason, we cannot guarantee absolute data security.
Access to our web pages takes place by means of transport encryption (SSL/TLS with HTTPS).
Access to our online pages is – as is generally the case with any Internet use – subject to groundless, “suspicion-free” mass monitoring as well as other means of surveillance by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We have no direct influence on the processing of personal data by intelligence services, police forces and other security agencies.
When you visit our website, cookies can be stored temporarily in your browser as “session cookies” or as permanent cookies for a certain period. Session cookies are automatically deleted when you close your browser. Permanent cookies allow our website to recognise your browser the next time you visit it. This allows us to measure, for example, the outreach of our website. Permanent cookies can also be used, for example, for online marketing.
You can deactivate or delete cookies, in whole or in part, in your browser settings at any time. Without cookies, the full extent of our online pages may not be available to you. We ask for your consent to use such cookies, if and to the extent necessary.
For cookies used for success and outreach measurement or for advertising, there is a general objection (“opt-out”) for many services via the Networking Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
We may collect the data listed below every time you access our website if these are transmitted by your browser to our server infrastructure or they can be identified by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual page and transmitted data volume, last accessed website (referrer).
We store this information, which can also be personal data, in log files. We require this information for the provision of our online pages in a sustainable, user-friendly and reliable manner, as well as to safeguard data security – also via third parties or with the help of third parties – and, in particular, to ensure the protection of personal data.
We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels – including those of third parties whose services we use – are small images that are retrieved when you visit our website. The same information can be recorded using tracking pixels as with server log files.
We may send notifications and messages such as newsletters by e-mail and via other communication channels such as instant messaging.
Notifications and messages can contain weblinks or tracking pixels that indicate whether an individual message has been opened and which weblinks were clicked (success measurement). These weblinks and tracking pixels can also record the use of notifications and messages. We require this statistical record of use including success and outreach measurement to offer notifications and messages based on the needs and reading habits of the receivers in an effective, user-friendly, sustainable, secure and reliable manner.
In principle, you have to give your express consent for your e-mail address and your other contact addresses to be used, unless their use is permitted on other legal grounds. For any consent in the case of e-mails, we use a "double opt-in" procedure, i.e. you receive an e-mail with a weblink, which you then have to click. This prevents misuse by unauthorised third parties. We can record these consents including Internet Protocol (IP) addresses, dates and times for evidential and security reasons.
In principle, you can unsubscribe from notifications and messages, such as newsletters, at any time. This does not apply to notifications and messages that are absolutely necessary for our online pages. When unsubscribing, you can also object in particular to the recording of your use for statistical purposes, including for success and outreach measurement.
For our social media presence on Facebook, we are, if and to the extent that GDPR applies, responsible together with Facebook for "Page Insights", which give information about how visitors interact with our Facebook page. We use Page Insights to provide our social media presence on Facebook in an effective and user-friendly manner. Facebook has published an addendum concerning the responsibility for Page Insights.
We may use third-party services to provide our online pages in a sustainable, user-friendly, secure and reliable manner. These services also allow us to embed contents in our online pages. These services – for example hosting and storage services, video services and payment services – require your Internet Protocol (IP) address, otherwise these services cannot transfer the relevant content. These services may be located outside Switzerland and the European Economic Area (EEA) including the European Union (EU) if adequate data protection is guaranteed.
Third-party services may also process data in aggregated, anonymised or pseudoanonymised form, including with cookies, log files and tracking pixels, in connection with our online pages and from other sources for their own security-relevant, statistical and technical purposes. These data are not used to directly contact data subjects in connection with our online pages.
8.3.1 Google Analytics
We use Google Analytics to analyse how our website is used, for example by measuring the outreach of our website and the success of third-party links on our website. This is a service of the US-American company Google LLC. The Irish company Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland.
We always have your Internet Protocol (IP) address anonymised prior to analysis by Google. As a result, your full IP address is generally not transmitted to Google in the USA.
8.3.2 Google Tag Manager