The data controller within the meaning of data protection regulations, in particular the EU General Data Protection Regulation (GDPR), is:
Phone: +41 56 470 40 40
In cooperation with our hosting providers, we make every effort to protect the database insofar as possible against unauthorized access, loss, misuse or falsification.
We would like to point out that data transmission online (e.g. when communicating via email) may be subject to security lapses. Total protection of the data against access by third parties is not possible.
By using this website, the user consents to the collection, processing and use of data as described below. In principle, this website can be visited without the user having to register on the site. In the process, data such as pages visited or names of file accessed, and date and time are stored on the server for statistical purposes without this data being directly related to the user personally. Personal data, in particular names, addresses or email addresses, are collected on a voluntary basis as far as possible. The data will not be passed on to third parties without the user’s consent.
Processing of personal data
Personal data is any information that relates to an identified or identifiable individual. A data subject is an individual in relation to whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection law. In other respects, we process – to the extent and insofar as the EU GDPR is applicable – personal data in accordance with the following legal bases in connection with Art. 6(1) GDPR:
- Consent (Art. 6(1)(a) GDPR) – the data subject has given consent to the processing of their personal data for one or more specific purposes.
- Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Legal obligation (Art. 6(1)(c) GDPR) – processing is necessary for compliance with a legal obligation to which the controller is subject.
- Protection of vital interests (Art. 6(1)(d) GDPR) – processing is necessary in order to protect the vital interests of the data subject or of another natural person.
- Legitimate interests (Art. 6(1)(f) GDPR) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
- Application procedure as a pre-contractual or contractual relationship (Art. 9(2)(b) GDPR) – Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants in the context of the application procedure so that the controller or the data subject can exercise the rights arising from labor law and social security and social protection law and fulfill their obligations in this regard, they are processed in accordance with Art. 9(2)(b) GDPR. However, in the case of the protection of vital interests of the applicants or other persons in accordance with Art. 9(2)(c) GDPR or for the purposes of preventive healthcare or occupational medicine, for the assessment of an employee’s fitness, to work, for medical diagnostics, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector, they are processed in accordance with Art. 9(2)(h) GDPR. In the case of communication of special categories of data based on voluntary consent, processing is based on Art. 9(2)(a) GDPR.
We process personal data for the duration required for the relevant purpose(s). In the case of longer-term storage obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.
Relevant Legal Bases
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account state of the art, implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence, and the extent of the threat to the rights and freedoms of natural persons.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to compromised data. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes through technology design and data protection-friendly default settings in accordance with the principle of data protection.
Transfer of Personal Data
In the course of processing personal data, the data may be transferred or disclosed to other entities, companies, legally independent organizational units or individuals. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect the user’s data vis-à-vis the recipients of such data.
Data Processing in Third Countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third-party services or the disclosure or transfer of data to other individuals, entities or companies, this will only be done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transfer, we process the data only in third countries with a recognized level of data protection, contractual obligation by so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection rules (Arts. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection).
The cookie types and functions are as follows:
- Temporary cookies (also session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their browser.
- Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when a user visits the website again. Likewise, the interests of users used for reach measurement or marketing purposes may be stored in such a cookie.
- First-party cookies: We use first-party cookies.
- Third-party cookies Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
- Necessary (also essential or vital) cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user input or for security reasons).
Storage period: Unless we provide users with explicit information about the storage period of permanent cookies (e.g. in the context of a cookie opt-in), please assume that this period can last up to two years.
- Types of data processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
- Data subjects: Users (e.g. website visitors, users of online services).
- Legal basis: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as the inquiries users send to us in our capacity as site operator. Users can recognize an encrypted connection by the fact that the browser address bar changes from “http://” to “https://” and via the lock symbol in the browser toolbar.
If SSL or TLS encryption is activated, the data users transmit to us cannot be read by third parties.
The website automatically collects and stores information in server log files, which the user’s browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
This data cannot be assigned to specific individuals. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.
This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos.
These services of the U.S.-based company Google LLC use, inter alia, cookies and, as a result, data is transferred to Google in the USA, although we assume that no personal tracking takes place in this context solely through the use of our website.
Google has committed to ensuring adequate data protection in accordance with the U.S.-European and U.S.-Swiss Privacy Shields.
If inquiries are sent via the contact form, the information provided, including the contact data entered, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without the user’s consent.
For users who would like to receive the newsletter offered on this website, we require an email address as well as data that allows us to verify that the subscriber is the true owner of the email address provided and genuinely wishes to receive the newsletter. No other data is collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.
Users can revoke their consent to the storage of the data, the email address and receipt of the newsletter at any time, for example via the «unsubscribe link» in the newsletter.
Services Incurring Costs
For the provision of services incurring costs, we will ask for additional data such as payment details in order to be able to fulfill orders. We store this data in our systems until the statutory retention periods have expired.
This website uses Google conversion tracking. If a user accesses our website via an ad placed by Google, Google Ads will add a cookie on the user’s computer. The conversion-tracking cookie is added when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we, together with Google, detect that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot be tracked across Google Ads customers’ websites. The information collected using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that could personally identify users.
If a user does not wish to participate, the adding of a cookie required for this can be refused, e.g. by means of a browser setting that generally deactivates the automatic adding of cookies or by setting the browser so that cookies from the domain “googleleadservices.com” are blocked.
Please note that users should not delete the opt-out cookies if they do not want any measurement data to be recorded. If all the cookies in the browser have been deleted, the relevant opt-out cookie should be added again.
Use of Google Remarketing
This website uses Google Inc’s Remarketing function, which is used to present online advertisements to visitors within the Google advertising network. A cookie is stored in the visitor’s browser, which means the visitor can be recognized when visiting websites that belong to Google’s advertising network. On these pages, the visitor may be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google’s Remarketing function.
Use of Google reCAPTCHA
We use «Google reCAPTCHA» (hereinafter «reCAPTCHA») on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter «Google». The purpose of reCAPTCHA is to verify whether data is entered on our websites (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the visitor based on various characteristics. This analysis starts automatically as soon as a user visits the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the visitor on the website, or via mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Visitors are not made aware that such analysis is taking place.
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the data controller on this website is located outside the European Economic Area or Switzerland, Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as «Google».
The statistics obtained enable us to improve our offer and make it more attractive for our users. This website also uses Google Analytics for cross-device analysis of visitor flows, which is performed via a user ID. If a user has a Google user account, the cross-device analysis of the usage in the settings may be deactivated under «personal data» in «My Data».
The legal basis for the use of Google Analytics is Art. 6(1)(f) GDPR. The IP address transmitted by the browser as part of Google Analytics is not merged with other data from Google. We would like to point out that on this website Google Analytics has been extended by the «_anonymizeIp();» code to ensure anonymized collection of IP addresses. This means that IP addresses are processed in an abbreviated form, which means that they cannot be traced back to a specific individual. Insofar as the data collected regarding users is of a personal nature, this is immediately excluded and the personal data immediately deleted.
Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there. On behalf of this website operator, Google will use this information for the purpose of evaluating users’ use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage to the website operator.
Furthermore, users can also prevent the use of Google Analytics by clicking on this link: Deactivate Google Analytics. This saves an opt-out cookie on the user’s data carrier, which prevents the processing of personal data by Google Analytics. Users should note that if all cookies on a terminal device are deleted, these opt-out cookies will also be deleted, i.e. the opt-out cookies should be added again if this form of data collection is to be prevented in future. The opt-out cookies are added to each browser and computer/end device and must therefore be activated separately for each browser, computer or other end device.
This website uses web fonts provided by Google for the uniform display of fonts. When users click on a page, the user’s browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. If the user’s browser does not support web fonts, a default font is used by the user’s computer.
Google Tag Manager
Google Tag Manager is a solution that allows us to manage website tags via an interface and integrate Google Analytics and other Google marketing services into our online offer, for example. The Tag Manager itself which implements the tags does not process any of the user’s personal data. With regard to the processing of users’ personal data, reference is made to the following information on Google services. User guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
This website uses the services of Hotjar to improve the user experience. Hotjar Ltd is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe). Mouse clicks as well as mouse and scroll movements may be recorded. Likewise, keystrokes performed on this website can be recorded. Personalized information is not included in this process. Hotjar uses a tracking code to collect and transmit users’ data. Upon any visit to our website, the Hotjar tracking code automatically collects data based on the user’s activity and stores it on Hotjar servers (in Ireland). In addition, the cookies placed on the user’s computer or device by the website also collect data. For more information on how Hotjar works, users can visit this page: https://www.hotjar.com/privacy.
If users wish to object to the collection of data by Hotjar (opt-out) they should click here: https://www.hotjar.com/opt-out.
We use the marketing services of the social media company LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland («LinkedIn») within the context of our online offer.
For example, this includes information about the operating system, the browser, the website the user previously visited (referrer URL), the offers the user clicked on, and the date and time of the user’s visit to our website.
The information generated by the cookie about the user’s use of this website is transferred pseudonymously to a LinkedIn server in the USA and stored there. Accordingly, LinkedIn does not store the name or email address of each user. Rather, the above data is only assigned to the individual for whom the cookie was generated. This does not apply if the user has allowed LinkedIn to process data without pseudonymization or has their own LinkedIn account.
We use LinkedIn Analytics to analyze and improve the use of our website from time to time. The statistics obtained enable us to improve our offer and make it more attractive for our users. All LinkedIn companies have adopted the standard contractual clauses to ensure that the traffic to the U.S. and Singapore necessary for the development, operation, and maintenance of the Services occurs in a lawful manner. If we ask users for consent, the legal basis for the processing is Art. 6(1)(a) GDPR. Otherwise, the legal basis for the use of LinkedIn Analytics is Art. 6(1)(f) GDPR.
External Payment Service Providers
This website uses external payment service providers through whose platforms users and we can make payment transactions. For example via:
- PostFinance (https://www.postfinance.ch/en/detail/legal-information-and-accessibility.html)
- Visa (https://usa.visa.com/legal/privacy-policy.html)
- Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
- American Express (https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)
- Paypal (https://www.paypal.com/us/webapps/mpp/ua/privacy-full)
- Bexio AG (https://www.bexio.com/de-CH/datenschutz)
- Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
- Apple Pay (https://support.apple.com/en-us/HT203027)
- Stripe (https://stripe.com/ch/privacy)
- Klarna (https://www.klarna.com/en-ch/privacy/)
- Skrill (https://www.skrill.com/en/footer/privacypolicy/)
- Giropay (https://www.giropay.de/rechtliches/datenschutzerklaerung) etc.
In the context of the performance of contracts, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6(1)(b) EU GDPR. In addition, we use external payment service providers on the basis of our legitimate interests pursuant to the Swiss Data Protection Ordinance and where necessary pursuant to Art. 6(1)(f) EU GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, among others, as well as the contract, totals and recipient-related information. The information is necessary to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. As the operator, we do not receive any information about (bank) account or credit card, merely information to confirm (accept) or reject the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection information of the payment service providers.
The terms and conditions and data protection information of the relevant payment service providers apply to the payment transactions, which can be accessed within the relevant website or transaction applications. We also refer to these for further information and assertion of revocation, information and other data subject rights.
«YouTube» service functions are integrated into this website. «YouTube» is owned by Google Ireland Limited, a company incorporated and operated under the laws of Ireland, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the Services in the European Economic Area and Switzerland.
All information on our website has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, accurate and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that we cannot guarantee the completeness, accuracy and timeliness of information, including journalistic and editorial information. Liability claims regarding damage caused by the use of any information provided, including incomplete or incorrect data, will therefore be rejected.
The publisher may amend or delete texts at their own discretion and without notice and is not obliged to update any contents of this website. Use of or access to this website is at the visitor’s own risk. The publisher, its principals or partners are not responsible for any damage, including direct, indirect, incidental, consequential or special damage, alleged to have been caused by a visit to this website and consequently assume no liability for such damage.
The publisher also assumes no responsibility or liability for the content and availability of third-party websites that can be accessed via external links from this website. The operators of the linked pages are solely responsible for their content. The publisher expressly dissociates itself from all third-party content that may infringe under criminal or liability law or that may offend common decency.
Questions for the Data Protection Officer