Data Protection

Protecting your personal data (hereinafter also referred to as “data”) and ensuring your privacy is respected is important to us. Accordingly, we adhere to the Federal Act on Data Protection (FADP), the Data Protection Ordinance (DPO) and other applicable legal provisions regarding data protection, such as the EU General Data Protection Regulation (GDPR) as a matter of course when processing your personal data.

Personal data is information that identifies you or allows you to be identified, including your first name, surname, address and email address. When we talk about processing your personal data in this Privacy Policy, we mean every time this personal data is handled in any way. This includes saving, processing, utilizing or deleting your data.

When we collect your personal data, we are transparent about doing so and adhere to the principles of proportionality and earmarking. Data is only processed to the extent and for the duration necessary to carry out our tasks and duties.

In this Privacy Policy, we will inform you about what we do with your data when you visit our website, purchase services or otherwise interact with us under contract, communicate with us or have any other dealings with us. In addition, we may inform you separately about the processing of your data, e.g., in declarations of consent, contract terms, additional privacy policies, forms or notices.

The applicable version of any document is always the most recent version at the time of use. We reserve the right to review and edit the Privacy Policy at any time.

1. Who is the data controller responsible for data processing?

The data controller responsible for data processing as described in this Privacy Policy is:

swissstaffing
Stettbachstrasse 10
8600 Dübendorf
Switzerland
Tel.: 044 388 95 40
E-Mail: dataprotection@swissstaffing.ch

2. What personal data do we process?

We process the following categories of data as standard on our website:

• Member and contact details: These include surname, first name, email address, postal address and telephone numbers,
• Data from online forms: This includes contact details,
• Authentication details: These include your username and password for the online portal and members’ area,
• Content: This includes any text entered,
• User data: This includes websites visited, access times, click behavior, interest in content,
• Payment information: This includes bank details and payment history,
• Information on creditworthiness: This includes contact details, payment records and court, debt collection and insolvency data,
• Metadata/communications data: This includes IP address, date, time, sites visited, device details,
• Meeting metadata: This includes participant IP addresses and information on devices/hardware,
• Server log files: These include browser type and version, operating system used, referrer URL, hostname of the accessing device and time of server request,
• Marketing data: This includes whether you are subscribed to or unsubscribed from the newsletter, and marketing communications sent,
• Newsletter data: This includes email address, form of address, first name, surname, gender, date of birth, telephone number, recipient status (e.g., unsubscribed, active, blacklisted), groups, events, gift code, address number, form of address in a letter, contact person, customer number, membership number, location, language, title, company, form of address, open rates and link clicks,
• Candidate data: Alongside information about you as a person, your education, work experience, skills and abilities, comments on your past work history, and your availability and notice period, this also includes contact details such as postal address, email address and telephone number.

In addition, we also process the following data as part of the business relationship:

• Contract data: This includes consumption groups, consumption types, services used, payment information,
• Customer data: This includes personal information, customer number, customer type, customer history, information on goods or services purchased, order information, payment information,
• Personal data relating to course registration: This includes the choice of course, personal information and contact details.

3. Where do we get your personal information?

In principle, we obtain your personal data from you directly. The majority of the data we process is provided by you (or your device) yourself (e.g., in connection with our services, the use of our website and apps, or any communication with us). We are not obligated to disclose your data, with some individual exceptions (e.g., legal obligations). However, in some circumstances, such as if you wish to form a contract with us or make use of our services, you need to provide us with certain specific data. It is also not possible to use our website without some data processing taking place.

We may also take personal data from public sources (e.g., debt enforcement registers, land registers, trade registers, media or the internet, including social media) or obtain it from (i) public authorities, (ii) your employer or contracting entity with whom we have either a business relationship or other dealings, or (iii) other third parties (e.g., clients, counterparties, legal costs insurance, commercial credit agencies, list brokers, associations, contractual partners or internet analysis services). This includes, specifically, the data we process in the course of initiating, concluding and processing contracts, as well as data from correspondence and discussions with third parties, but also all other categories of data.

4. For what purposes do we process your personal data?

We process data for the following purposes on our website and in order to provide our services:

• Visiting our website
• Initiating contact
• Online forms
• Communication
• Membership
• Events
• Business partner and customer relations
• Advertising
• Newsletter
• Evaluations and satisfaction surveys
• Marketing
• Security

5. What is the legal basis on which we process personal data?

We regularly use the following as a legal basis for processing your personal data:

• Forming or fulfilling a contract with you or a prior request from you for us to do so,
• Your consent, which can be withdrawn at any time,
• A balance of interests in our favor, which you can contest under certain circumstances,
• A legal obligation, which may also impact the balance of interests.

If we have an overriding interest in processing your personal data, this also constitutes a legal basis for processing this data. An overriding interest might include:

• Providing customer care for members and customers and maintaining our business relationships (e.g., cultivating contacts, communicating with our business partners),
• Advertising and marketing activities,
• Getting to know the users of our website and online services better,
• Improving and developing our products and services (e.g., IT security in connection with the use of our website, improving our online services offering).

If you provide your consent electronically by activating a checkbox, we record this declaration of consent at our end; this involves us storing information such as your username, the location on the website, and the date and time.

Any objection to this can be sent to the contact details provided in Section 1.

6. Scope and purpose of data processing in detail

6.1 Visiting our website

It is possible to visit our website without having to provide any personal information. Our website is accessed via transport encryption (SSL), but it is also possible to access some microsites without transport encryption.

When you visit our website, our server automatically stores the following information temporarily in our server log file:

• Browser type / version
• Operating system used
• Referrer URL (the website visited before ours)
• Hostname of the accessing device (IP address)
• Date and time of the server request
• Name of retrieved file
• Volume of data transferred
• Notification of successful retrieval

Further information (in German) can be found at https://www.metanet.ch/de/ueber-metanet/datenschutzerklaerung under the heading “Anonyme Datenerhebung” (“anonymous data collection”).

This data is processed in order to enable the use of our website (establishing a connection), ensure system security and stability in the long term, and optimize our offerings; it is also used internally for statistical purposes. This does not create a personal user profile.

The legal basis for processing your personal data is our overriding interest in processing this data.

Finally, when you visit our websites, we use cookies as well as applications and tools that are based on the use of cookies. Further information on this can be found under Section ‎7 “What are cookies and when are they used?”

6.2 Initiating contact

You have the option of contacting us via email, contact form, social media or telephone. In order for us to process your request via email, you need to provide your email address and message. We have an overriding interest in processing this data for the purposes of corresponding with you and/or dealing with and resolving your request.

You can object to this processing at any time. If you object, we will no longer process your personal data for this purpose. Any objection to this can be sent to the contact details provided in Section 1.  

6.3 Online forms

We offer the option for you to download swissstaffing brochures on our website.

You must provide your personal details (company, form of address, surname, street, house number, zip code, city, email address, membership details, brochure details) in order to use the online form and enable us to process your request.

We have an overriding interest in processing this data for the purposes of corresponding with you and/or dealing with and resolving your request.

You can object to this processing at any time. If you object, we will no longer process your personal data for this purpose. Any objection to this can be sent to the contact details provided in Section 1.

6.4 Communication

We use various collaboration tools for telephone conferences, online meetings and videoconferences (hereinafter referred to generally as “online meetings”). Various types of data are processed when using these tools. The scope of data depends on what data is provided before or during an online meeting. This could include:

• First name and surname, participant names if applicable, company email address,
• Meeting metadata: e.g., date, time, meeting ID, telephone numbers, location,
• Audio, video or chat contents,
• Name of the meeting and, if applicable, password to allow meeting participation,
• Profile picture if applicable,
• Any other personal data provided by the data subject(s) during the meeting.

If online meetings are going to be recorded, participants will be informed of this in a transparent manner and, if necessary, asked for permission. Any objection to this can be sent to the contact details provided in Section 1.

We have an overriding interest in processing this data. Here, our overriding interest consists of the need to effectively carry out these meetings. Apart from this, the legal basis for data processing when conducting online meetings is the contract if the meetings are conducted within the context of a contractual relationship.

6.5 Membership

For individual memberships, we collect the following personal data:

• Title,
• First name/surname,
• Private address,
• Date of birth,
• Date,
• Email address,
• Phone number, language.

For corporate membership, we collect the following personal data:

• Company name,
• Email address,
• Company phone number,
• Language, as well as contact person and user information (title, first name/surname, email address, phone number of contact person, language).

This data is processed for the purposes of member management and administration, to safeguard members’ rights and ensure adherence to members’ duties, and ensure quality in accordance with the Articles of Association.

The relevant people at each member company receive regular newsletters and invitations to events as laid out in the Articles of Association. You can unsubscribe from receiving this information at any time. You can let us know if that you wish to unsubscribe via the contact details provided in Section 1.

The legal basis for processing is our contractual and pre-contractual obligations as part of this membership service and our legitimate interest in processing your membership.

6.6 swissstaffing events

Photos and/or videos of participants are taken at our events and may be published in the following places:

• On the swissstaffing website,
• In swissstaffing publications (including print publications),
• On swissstaffing’s social media pages.

We will request your consent for this when you sign up for each event. Consent is optional and can be withdrawn at any time, with future effect, by contacting swissstaffing. If the photos or videos have been published online, they will be removed if possible. Please let us know if you withdraw your consent via the contact details provided in Section 1.

After swissstaffing events, participants will also receive newsletters looking back at the event and providing information on future events. You can unsubscribe from receiving this information at any time. You can let us know if that you wish to unsubscribe via the contact details provided in Section 1.

6.7 Business partner and customer relations

We process personal data to the extent required to perform contractual or pre-contractual services for you and carry out any other work requested by you. The data we process, as well as the type, scope, purpose and necessity of processing, is determined by the underlying contractual relationship.

The personal data we process includes:

• Core data: This includes your name and address,
• Contact details: This includes your email address and telephone number,
• Contract details: These include the services requested, the object of the contract, contractual communications, the name of the contact persons,
• Payment information: This includes bank details and payment history.

We may process the data in order to carry out our offers and services as well as for our own purposes or legally required purposes. If our contractual partners are given access to our personal data in the course of their work for us (e.g., IT companies, printing companies, etc.), this is carried out within the framework of a Commissioned Data Processing Contract and a Data Protection Agreement.

The legal basis for this data processing is our contractual and pre-contractual obligations in connection with initiating or executing the contract.

6.8 Advertising

If you apply for a job with us, we process the personal data that we receive from you as part of the application process. Alongside information about you as a person, your education, work experience, skills and abilities, comments on your past work history, and your availability/notice period, this also includes contact details such as postal address, email address and telephone number. We also process all the documents submitted in connection with your application, such as cover letter, CV, references, certificates, diplomas and any other documents you provide. In addition to that, you can always provide us with further information.

This data will be stored, evaluated, processed or forwarded exclusively within the context of your application. We may also process your personal data for statistical purposes (e.g., reporting). However, data processed for this purpose will not allow conclusions to be drawn about any individual person.

Application data will remain in the system for six months after the application, in case of any further questions. After that, your content data will be automatically deleted or anonymized. Your applicant data will be stored separately from your regular user data and will not be merged with it.

The legal basis for processing your applicant data is our contractual and pre-contractual obligations as part of the application process and our legitimate interest in processing your application.

You can object to the use of your data for the aforementioned purposes at any time. Please send any objections to the contact information provided in Section 1.

If we conclude an employment contract with you, the data provided will be processed for the purpose of handling the employment relationship in compliance with legal regulations.

6.9 Sending newsletters

Our website gives you the option to subscribe to our newsletter. Our newsletter provides you with information on our products, offers, initiatives and our company in general. If you sign up to our newsletter, we use your email address to inform you about us and what we offer. Providing any other information is optional.

We use a double opt-in process for our newsletter subscriptions. This means that after you have clicked the checkbox to subscribe, you will receive an email with a link you need to click to confirm your subscription.

The newsletter contains something called a web beacon, which is a pixel-sized file that is retrieved from the server of the email distributor when the newsletter is opened. When it is retrieved, technical information such as information about your browser and system, as well as your IP address and the time of retrieval, is collected. This information is used to make technical improvements to our services based on the technical data or the target groups and their reading behavior, which is identified using the retrieval locations (which can be determined by means of the IP address) or access times. It also allows us to determine whether the newsletter was opened, when it was opened, and which links were clicked on. This information can be attributed to individual newsletter recipients for technical purposes, but neither we nor our email distributor has any desire to monitor individual users. Instead, these analyses serve to inform us about the reading habits of our users and adapt our content accordingly or tailor the content we send to the different interests of our users.

You are free to unsubscribe from the newsletter and withdraw your consent at any time. Click on the button (link) in one of our newsletters to do so. You will find this link to cancel your subscription at the end of every newsletter. Any objection to this can be sent to the contact details provided in Section 1.

6.10 Evaluations and satisfaction surveys

We occasionally carry out surveys on our products and services to improve the customer experience and respond to customers’ needs. For this, we need you to give us a name or pseudonym, which will be displayed alongside your country of origin.

We have an overriding interest in processing data in this way.

You can object to this processing at any time. If you object, we will no longer use your personal data for this purpose. Please send any objections to the contact information provided in Section 1.

6.11 Marketing

We also use your personal data for the following purposes:

• To keep in contact with you,
• To inform you about specific services,
• To recommend you services that you might find interesting,
• For statistical purposes.

We have an overriding interest in processing data in this way.

You can object to this processing at any time. If you object, we will no longer use your personal data for this purpose. Please send any objections to the contact information provided in Section 1.

6.12 Security

We obtain and process personal data to ensure our IT systems and other infrastructure (e.g., buildings) are sufficiently secure and are constantly improving. This involves monitoring and checking electronic access to our IT systems, analyzing and testing our IT infrastructure, and carrying out system and defect inspection.

7. What are cookies and when are they used?

We use cookies and similar technologies (hereinafter all referred to under the umbrella term “cookies”) on our website and in conjunction with other digital offerings. We may also use cookies or similar technologies (e.g., pixel tags or fingerprints) to recognize repeat users of our website, evaluate their behavior and identify their preferences. A cookie is a small file transmitted between the server and your system, which enables a specific device or browser to be recognized.

We distinguish between the following types of cookies (this also includes technologies with comparable functions such as fingerprinting):

• Essential cookies: Some cookies are necessary for the website to operate as a whole or to run specific functions. For example, they ensure that you can switch between pages without losing information entered in a form. They also make sure you stay logged in. These cookies only exist temporarily (“session cookies”). If you block them, the website might not work at all. Other cookies are necessary to allow the server to store certain decisions or entries you make beyond one session (i.e., one website visit) if you activate this function (e.g., language selected, consent given, automatic login, etc.).
• Performance cookies: These cookies collect information on how a website is being used, such as how users came to our website, which pages users open most frequently, how users navigate our website during their visit, and whether they receive any error messages. We may also use these cookies to collect certain statistical and analytical information, such as how many visitors have come to our website. These cookies are used to monitor the extent of activity on our website and improve our website's performance.
• Marketing or targeting cookies: These cookies enable us or third party providers to place personalized ads on our website or third-party websites. They may also be used to evaluate how effective advertising and sales promotion efforts are.

In general, neither technical data nor cookies contain any personal data. However, personal data about you that is stored by us or by third parties commissioned by us (e.g., if you create a user account with us or another provider) may be linked to the technical data or the information stored in and obtained from cookies, and may thus be linked to you individually.

Most internet browsers are set up to accept cookies as standard. If you do not want your browser to do this, you can change the settings in your browser so that it informs you of the use of cookies and allows you to accept them in individual cases only or shut them off altogether. You can also change the settings so cookies are automatically deleted when you close your browser. Moreover, you can delete existing cookies at any time via your internet browser or other software program. The process for checking and deleting cookies depends on which browser you use.

You can reject the use of cookies by changing the settings in your browser. However, you should bear in mind that this might impact how you can use our website. Further information regarding cookies, including managing, rejecting and deleting them, can be found at https://allaboutcookies.org/.

The following links contain information about how to manage cookies on the most commonly used browsers:

• Microsoft Edge
• Firefox
• Google Chrome
• Safari
• Opera

8. How do we use marketing and analytics services?

We use the following services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if your place of habitual residence is in the European Economic Area (EEA) or in Switzerland, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (or simply “Google”):

• Google Analytics 4
• Google Tag Manager
• reCAPTCHA
• Google Maps
• Google Fonts
• Google Ads
• Google Marketing Platform

Google usually uses cookies. The cookies used by Google allow us to analyze how our website is being used. The information generated by the cookies about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in Ireland or the USA.

According to Google’s own statements, it may process personal information for marketing products in any country in which Google or its subprocessors has premises. Information about the location of Google’s data centers can be found at www.google.com/about/datacenters/locations/ abgerufen werden.

For Google Tag Manager, Google Analytics and Google Ads, the following subcontractors may be used: https://business.safety.google/adssubprocessors/. Google attests that it ensures an adequate level of data protection by relying on the EU standard contractual clauses (cf. https://business.safety.google/processorterms/).

Further information about Google's personal data processing and privacy settings can be found in its Privacy Policy or the information on its Datenschutzeinstellungen privacy controls.

8.1 Google Analytics 4

We use Google Analytics 4 on our website, a web analysis service offered by Google that enables us to analyze how our website is used.

Google Analytics uses cookies stored on a device (laptop, tablet, smartphone, etc.) to enable the program to analyze how you use our website. This allows us to evaluate user behavior on our website and use the statistics/reports provided to make our offering more interesting.

Google Analytics 4 anonymizes IP addresses as standard. This means your IP address is shortened by Google within Switzerland or the EU/EEA before it is transmitted. Only in exceptional cases is the full IP address sent to a Google server before being shortened.

We have concluded a commissioned processing agreement with Google to ensure the data of our site visitors is protected and is not passed on to third parties without authorization. For the transfer of data to the USA, Google invokes the standard contractual clauses of the European Commission, which are intended to ensure compliance with the level of data protection within the EU. Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found here.

Demographics: Google Analytics 4 uses a special “demographics” function and can generate statistics that provide information about the age, gender and interests of a website’s visitors. This is done by analyzing advertising and information from third party providers. It allows target groups to be identified for marketing activities. However, the data collected cannot be attributed to a specific person and is stored for two months before being deleted.

Google Signals: In addition to Google Analytics 4, Google Signals may be used on the website to create cross-device reports. If you have activated personalized ads and linked your devices via a Google account, Google can analyze your usage behavior across different devices for the purposes of Google Analytics 4 and generate database models on things like cross-device conversions. We only receive statistics from Google, not personal data. If you want to stop cross-device analysis, you can deactivate the “Personalized ads” function in your Google account settings. This page provides instructions on how to do this.

User IDs: In addition to Google Analytics 4, the “User ID” function may be used on the website. If you log into this account on multiple devices, your activity, including conversions, can be analyzed across different devices.
Google uses this information to evaluate your [pseudonymous] use of our websites, compile reports on website activity, and provide us with other services related to website and internet use. According to Google, the IP address transmitted by your browser in the context of Google Analytics is not combined with other Google data. When you visit our websites, your user behavior in the form of events (such as page views, purchase activities including revenue amounts, interaction with the website or your “click path”) and other data such as your approximate location (country and city), technical information about your browser and the devices you use or the referrer URL, i.e., what website / advert brought you to our website, is recorded.

You can prevent the data generated by cookies that relates to your use of our website (including your IP address) from being collected and transmitted to Google, as well as the processing of this data by Google, by downloading and installing the browser add-on that deactivates Google Analytics. If you wish to object to personalized advertising by Google, you can use Google settings and opt-out options.

If you allow cookies, Google Analytics will store your data for two months. Data that has reached the end of this retention period is automatically deleted. For an overview of how data is used in Google Analytics and the steps Google has taken to protect your data, please see the Google Analytics-Hilfe.

8.2 Google Tag Manager

We use Google Tag Manager to integrate Google analysis and marketing services into our website and to maintain and manage them. Google Tag Manager is a tag management system that generates and monitors tags on a user interface without having to write new code every time. The tagging tool itself is a cookie-less domain and does not collect personal data. However, the tool does trigger other tags that collect data under certain circumstances. But Google Tag Manager itself does not access this data.

If you have deactivated settings at domain or cookie level, this applies to all tracking tags implemented with Google Tag Manager.

Further information about Google Tag Manager can be found in Google’s use policy.

8.3 reCAPTCHA

CAPTCHA is the acronym for Completely Automated Public Turing Test To Tell Computers and Humans Apart. This is a test designed to tell humans and machines/robots (or “bots”) apart.

reCAPTCHA is a CAPTCHA service by Google that attempts to determine whether a particular action on the internet has been carried out by a human or computer program. reCAPTCHA is used as part of the double opt-in process of subscribing to our newsletter.

Further information on data processing and data protection by reCAPTCHA can be found under: Google Terms of Service – Privacy Policy & Terms of Service – Google.

8.4 Google Maps

Google Maps is integrated into our website. This allows us to display interactive maps directly in our website and enables convenient use of the map function.

When you use Google Maps, information about your use of our website (including your IP address) may be transmitted to and stored on a Google server in Ireland or the USA. Google may store this data as usage profiles for the purpose of tailoring services, advertising and market research. If you are registered with Google, your data will be allocated directly to your account. To avoid this, you need to sign out of your Google account beforehand. If you do not consent to your data being processed, it is possible to deactivate Google Maps to prevent data being transmitted to Google. To do this, you need to deactivate the JavaScript function in your browser. However, please note that you will not be able to use Google Maps in this case, or only to a limited extent.

This data processing is carried out on the basis of our legitimate interests (i.e., our interest in the analysis, optimization and financial operation of our services).

8.5 Google Fonts

In order to display our content correctly and in a graphically appealing way across all browsers, we sometimes use script and/or font libraries (Google Fonts) on our website to display fonts. Google Fonts are transferred to your browser’s cache to avoid pages loading multiple times. If your browser does not support Google Fonts or prohibits access to them, content will be displayed in the default font.

Using script or font libraries automatically establishes a connection to the library operator. It is theoretically possible for Google to collect personal data as part of this (e.g., IP address) and transmit it to a server in Ireland or the USA.

Further information on Google Fonts can be found under Frequently Asked Questions | Google Fonts | Google Developers and in Google’s privacy policy: Privacy Policy – Privacy Policy & Terms of Service – Google.

You can prevent Google Fonts from processing data by deactivating JavaScript in your browser or installing a JavaScript blocker. Please note that this will cause some functionality to be lost.

8.6 Google Ads

On the basis of our legitimate interest, we use the online advertising program Google Ads, which is part of Google’s marketing services and is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if your place of habitual residence is in the European Economic Area (EEA) or in Switzerland, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”):

Google Ads places a cookie on your device (known as a “conversion cookie”) if you used a Google advertisement to navigate to our website. These cookies stop being valid after 30 days, do not contain any personal data, and do not allow you to be personally identified. If you visit certain pages of our website and the cookie has not yet expired, we and Google can recognize that you clicked on the ad and were brought to our website. Each Google Ads customer receives a different cookie. This ensures that it is not possible to track cookies via Ads customers’ websites. The information collected using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. We do not receive any information that would allow you to be personally identifiable.

The information collected by the cookie about your use of our website is usually transmitted to and stored on a Google server in the USA or Ireland. Based on the information collected, your browser is assigned categories relevant to your interests. These categories are used to place personalized ads. Using Google Ads allows us to reach users that have already visited our website. This allows us to show our advertisements to target groups who are already interested in our products or services.

It is also possible to reject personalized Google ads. To do this, you need to click on the following link: https://myadcenter.google.com via each of the web browsers you use and change the settings accordingly. Further information on the terms of service and data protection in the context of Google AdWords can be found via this Link.

8.7 Google Marketing Plattform

Google Marketing Platform (GMP) is a marketing tool provided by Google that places and displays personalized ads to visitors of our website and the websites of third parties. In the process, a pseudonymous identification number (ID) is assigned to your browser in order to check which ads have been displayed in your browser and which ads have been selected. The use of GMP cookies allows Google to place ads on the basis of previous visits to our website or other websites.

You can prevent the cookies this tool uses from being stored by deactivating JavaScript in your browser settings or installing a tool such as “NoScript”. You can also prevent the data generated by cookies that relates to your use of the website (including your IP address) from being processed by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/plugin?hl=de.

9. What is CDN and how is it used?

We use the Content Delivery Network (CDN) provided by Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany (Cloudflare), or Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter just “Cloudflare”) to increase our website’s security and performance. This is based on a legitimate interest. A CDN is a distributed [global] network of servers capable of delivering optimized content to website users. Cloudflare may process personal data in server log files for this purpose. Please see the explanations under “Hosting”.

Cloudflare is a recipient of your personal data and acts on our behalf as a subprocessor. Cloudflare is given full access to the data traffic between its customers and their website visitors. This means that the provider receives information on the following:

• The website accessed,
• The browser type used,
• The operating system,
• The referrer URL,
• The IP address and
• The requesting provider.

Cloudflare is a recipient of your personal data and acts on our behalf as a subprocessor.

You have the right to object to data processing at any time. Please send any objections to the contact information provided in Section 1.

Further information can be found here: https://www.cloudflare.com/en-gb/cloudflare-customer-scc/

10. How do we process personal data on our social media and how are social media plugins used?

We run pages and other online presences on social media and other platforms operated by third parties, and we process data about you in this context. This involves receiving data from you (e.g., when you communicate with us or comment on our content) and from the platforms (e.g., statistics).

We use plugins (plugins) from various social media sites. These plugins allow you to do things like share content or recommend products.

They include the following:

• The use of the bookmarking service “AddThis”: This website contains “AddThis” plugins (AddThis), which allow you to create bookmarks and share interesting website content. Using AddThis also involves the use of cookies. The data that this generates (e.g., time of usage and browser language) is transmitted to and processed by AddThis LLC in the USA. Further information on how AddThis LLC processes data and the data protection measures that AddThis LLC has put in place can be found at www.addthis.com/privacy.
• YouTube: We display some videos from the “YouTube” platform. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://policies.google.com/privacy?hl=de,
• Vimeo: For the purposes of analysis, optimization and the financial operation of our online offerings, we have incorporated plugins from the video platform Vimeo from Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA into our website. Privacy policy: https://vimeo.com/privacy,
• Facebook: Our online offering may incorporate some functions and content from Facebook. This may include content such as images, videos, text and buttons, which can be used to share our content on Facebook. If users are members of the Facebook platform, Facebook can assign the selected content and functions, as specified above, to their profile on there. A list of Facebook plugins and what they look like can be found here: developers.facebook.com/docs/plugins/; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook Inc., 1601 Willow Avenue, Menlo Park, CA 94025, USA; Privacy policy: www.facebook.com/privacy.
• Instagram: Our online offering may incorporate some functions and content from Instagram. This may include content such as images, videos, text and buttons, which can be used to share our content on Instagram. If users are members of the Instagram platform, Instagram can assign the selected content and functions, as specified above, to their profile on there. Service provider: Meta Platforms, Inc., D/B/A Instagram, 1 Hacker Way Building 14, First Floor Menlo Park, CA 94025, USA. Privacy policy: Instagram Privacy Policy | Instagram Help.
• Twitter: Our online offering may incorporate some functions and content from Twitter. This may include content such as images, videos, text and buttons, which can be used to share our content on Twitter. If users are members of the Twitter platform, Twitter can assign the selected content and functions, as specified above, to their profile on there. Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy policy: twitter.com/de/privacy,
• LinkedIn: Our online offering may incorporate some functions and content from LinkedIn. This may include content such as images, videos, text and buttons, which can be used to share our content on LinkedIn. If users are members of the LinkedIn platform, LinkedIn can assign the selected content and functions, as specified above, to their profile on there. Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, parent company: LinkedIn Corporation, 1000 W. Maude Avenue Sunnyvale, CA 94085, USA; Privacy policy: LinkedIn Privacy Policy; Cookie-Policy: Cookie Policy | LinkedIn,
• Xing: Our online offering may incorporate some functions and content from Xing. This may include content such as images, videos, text and buttons, which can be used to share our content on Xing. If users are members of the Xing platform, Xing can assign the selected content and functions, as specified above, to their profile on there. Service provider: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany; Privacy policy: https://privacy.xing.com/en/privacy-policy,
• Facebook Pixel, Custom Audiences and Facebook Conversion: Our website uses a technology called the “Facebook pixel”, developed by the social media platform Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if your place of habitual residence is in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The Facebook pixel enables Facebook to allocate our website visitors into target groups so that they can be shown advertisements (“Facebook ads”). We use the Facebook pixel accordingly to display our Facebook ads only to the Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g., are interested in certain topics or products judging by the websites they have visited) that we transmit to Facebook (“custom audiences"). We also use the Facebook pixel to ensure that our Facebook ads correspond to users’ potential interests and do not annoy or bother them. In addition, the Facebook pixel allows us to assess how effective our Facebook ads are for statistical and market research purposes, by seeing whether users navigate to our website after clicking on a Facebook ad (“conversion”). Data processing by Facebook is underpinned by its data policy. General information on how Facebook ads are displayed can be found in Facebook’s data policy: https://www.facebook.com/policy.php. Specific information and details on the Facebook pixel and how it works can be found in Facebook’s help center: https://www.facebook.com/business/help/651294705016616.

Our website only offers these plugins as external links.

If you visit our website and activate one of our social media plugins, a direct connection will be made between your browser and the server of the relevant social media platform. The content of the plugin will be transmitted directly to your browser by the social media site and integrated into the website by the browser. This tells the social media platform that you have visited our site. If you are logged into the social media platform, it will attribute this website visit to your account. If you interact with the plugins, the relevant information will be transmitted from your browser directly to the social media platform and stored there.

Even if you are not logged into the social media site while you visit our website, data can be sent to these platforms from websites with active social media plugins. Active plugins send a cookie with an identifier each time the website is opened. Since your browser transmits this cookie without being asked every time you connect to a server belonging to the respective social media site, the site could, in theory, use it to create a profile showing which websites the associated user has visited. It might then be possible to assign this identifier to a person again later – for example, when logging in to the social media site at a later point.

11. Is data passed on to third parties?

We only pass on your data if you have explicitly consented to this, if we are legally obligated to do so, or if this is necessary to exercise our rights, particularly when it comes to enforcing claims arising from the contractual relationship. In addition, we pass on your data to third parties if we are authorized to do so and it is necessary or expedient to do so to enable the use of our website or provide services, if applicable.

We pass on your personal data to the following categories of recipients:

• Service providers that process personal data on our behalf and at our behest (commissioned processors or subprocessors) including IT providers and newsletter distribution service providers,
• Other service providers such as collections agencies, credit reference agencies, address checkers or consulting firms,
• Trade organizations, associations and other bodies,
• Acquirers or parties interested in acquiring business units, the Company or other parts of the Group,
• Courts, arbitration boards, law enforcement agencies, regulators, lawyers and other parties in potential or actual legal proceedings, if this is necessary to comply with law or to establish, exercise or defend rights or legal claims.

With your consent, we may also pass on your personal data to other third parties, including the following categories of recipients: Public authorities and social security funds.

We choose our partners and subprocessors carefully and only trust them if we are sufficiently convinced that they have the appropriate technical and organizational measures in place to comply with legal requirements. Our subprocessors may only process personal data if they have received documented instruction from us to do so. They are all subject to confidentiality obligations and may use your personal data only to the extent necessary to fulfill the purpose for which your personal data was collected, unless required by law to do otherwise.

12. Is there any disclosure of data abroad?

We process and store personal data primarily in Switzerland and the European Economic Area (EEA), but we may potentially do so in any country in the world, depending on the circumstances – for example, via subcontractors of our service providers or as part of proceedings before foreign courts or authorities.

In the event that we disclose your personal data to third parties abroad (i.e., outside Switzerland or the European Economic Area (EEA)), these third parties are bound by the same scope of data protection compliance that we are. If the relevant country does not have a sufficient level of data protection but there is no suitable alternative, we will ensure that your data is protected to that level.

We ensure this by having the relevant companies agree to the standard data protection clauses of the EU Commission (available here) and/or with other guarantees that comply with the applicable data protection law. If this is not possible, we only disclose data where disclosure is necessary for the fulfillment of the contract.

13. How long is data stored?

We only process and store your data for the duration required to achieve the stated purpose, or if it is required by any laws or regulations to which we are subject. If the purpose of storage no longer exists or the prescribed retention period has elapsed, we delete the data or make it unavailable as a matter of routine, in line with legal requirements. In addition to this, we also delete data if you ask us to and if there is no legal reason or other retention or security obligation why we would need to keep this data.

If we are storing the data on the basis of a contractual relationship with you, this data will remain stored for at least as long as the contractual relationship exists and at most as long as limitation periods for possible claims from our side are in effect or we are subject to statutory or contractual retention obligations.

14. What data security measures have been taken?

We take technical and organizational security precautions to protect your personal data from being manipulated, lost, destroyed or accessed by unauthorized persons and to ensure that your rights are protected and that we are complying with the applicable data protection laws. The measures we take are designed to safeguard the confidentiality and integrity of your data and ensure our systems and services that process your data are available and resilient in the long term. They are also designed to ensure your data is quickly restored and accessible again in the event of a physical or technical incident. We also encrypt your data as part of our security measures. All information you provide online is transmitted via an encrypted transmission route. This means that this information cannot be viewed by unauthorized third parties at any time. We are continuously adapting our data processing and security measures in line with technological developments.

We also take our own internal data protection very seriously. Our employees and the service providers commissioned by us are subject to strict confidentiality and compliance with data protection law. Moreover, they are only granted access to personal data to the extent necessary.

15. What are your rights?

You have the following rights with regard to your personal data:

• Right of access: You have the right to know what personal data we process, what happens to it and how long it is stored,
• Right to blocking and rectification: You have the right to supplement, correct or block your personal data at any time,
• Right to erasure: You have the right to request the erasure of your personal data at any time,
• Right to have your data disclosed and communicated to you: You have the right to request all your personal data from the data controller and to transfer it in full to another data controller,
• Right to object: You have the right to object to the processing of your personal data. We will comply with this unless there are legitimate reasons for processing,
• Right to withdraw consent: If you give your consent to the processing of your personal data, you have the right to withdraw this consent at any time and request the deletion of your personal data.

To prevent fraudulent requests, we will need to request identification from you (via an ID document, if necessary).

Please note that these rights are subject to certain conditions, exceptions and limitations (for example, to protect third parties or trade secrets, or due to our professional confidentiality or retention obligations).

You can contact us about your rights via the contact information provided in Section 1.

In addition, you can lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) if you believe that the processing of your personal data violates data protection law.