Data Privacy Statement

April 24, 2019, Version 1.0
14.01.2019, Swiss Infosec AG, RZ/BEO
Version 1.0, K_Federtechnik_Datenschutzerklärung_00.docx

The protection of your personal data and respecting your privacy is important to us. You can expect us to handle your data sensitively and carefully and to ensure a high level of data security.

We naturally comply with the provisions of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA) and other applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR).

In this Data Privacy Statement, we inform you about the most important aspects of data processing in our company and the data protection rights to which you are entitled. This Data Privacy Statement covers the collection of personal data both online and offline.

1. Responsible party

The responsible party within the context of data protection law is:

Federtechnik Kaltbrunn AG

Benkenstrasse 54
8722 Kaltbrunn
Switzerland
Tel.: 055 293 20 20
E-mail: info@federtechnik.ch
Website: www.federtechnik.ch

2. Legal basis

The legal basis for the processing of your personal data depends on the purpose of the data processing in each individual case. The following are possible:

Your consent, which you may revoke at any time. All you need to do is send us an informal e-mail. The legality of the data processing that has already taken place remains unaffected by the cancellation;
the conclusion or execution of a contract with you or the implementation of pre-contractual measures;
the protection of our legitimate interests, provided that your interests or fundamental rights and liberties do not prevail;
a legal obligation that authorises us to process the data.

3. Collection, processing and use of personal data

3.1 Visiting our website

When you access our website, the browser used on your device will automatically send data to the server of our website. This data is temporarily stored in a log file, the so-called server log files. This data includes, in particular, the IP address, the operating system used, the date and time of access, the type of browser you use to access our website and similar information. This is exclusively information that does not allow any conclusions to be drawn about you individually.

This data is processed for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability in the long term and enabling the optimisation of our website as well as for internal statistical purposes, i.e. on the basis of our legitimate interests. This data is not passed on to third parties or otherwise analysed. A personalised user profile is not created.

This data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected.

3.2 Newsletter

If you would like to subscribe to the newsletter offered on our website, we require a valid e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. This data is used only for the purpose of sending our newsletter. With this newsletter we inform you about us and our offers.

The basis for the processing of your personal data after subscribing to our newsletter is the existence of your consent. We therefore obtain your consent for the processing of your personal data as part of the registration process.

We use the so-called double opt-in procedure for the newsletter registration. This means that after you have entered your e-mail address, we will send you a confirmation e-mail to the address you have provided, in which we ask you to confirm that you wish to receive the newsletter. You confirm this by clicking on an activation link contained in the confirmation e-mail.

You can unsubscribe from the newsletter at any time and revoke your consent. To do this, click on the corresponding button (link) in the newsletter sent to you. You will find the link to unsubscribe from the newsletter at the end of each newsletter. Alternatively, you have the option of sending your cancellation to the following email address:
info@federtechnik.ch.

For sending the newsletter we use the service provider indual GmbH.

3.3 Making contact

If you contact us by e-mail or via a form, the information you provide will be processed for the purpose of handling your enquiry. The data to be collected in the case of a contact form can be determined from the respective contact form. The information marked with * or framed in red is required. All other information is voluntary and the person making the enquiry can choose whether or not to enter such information.

The basis for processing your personal data is our legitimate interest in handling your enquiry. If contacting us serves the fulfilment of a contract to which you are a party or the implementation of pre-contractual measures, this is an additional basis for the processing of your personal data.

You can object to this data processing at any time. Please send your objection to the following e-mail address: info@federtechnik.ch. In such a case, your enquiry will no longer be processed.

Your personal data will be deleted as soon as your enquiry has been dealt with. This is the case if it can be determined from the circumstances that the matter in question has been conclusively clarified and the deletion does not conflict with any statutory retention obligations.

3.4 Online applications

If you apply for a job with us, we process the personal data that we receive from you as part of the application procedure. In addition to your personal details, education, work experience and skills, this includes the usual correspondence data such as postal address, e-mail address and telephone number. In addition, all documents submitted by you in connection with the application, such as a cover letter, CV and references, will be processed. Applicants can also provide us with additional information, should they choose to do so. This data will only be stored, analysed, processed or forwarded internally as part of your application. It may also be processed for statistical purposes (e.g. reporting). In this case, it is not possible for conclusions to be drawn about individuals.

Processing may also be carried out by other electronic means. This is particularly the case if you send us the corresponding application documents electronically, for example by e-mail.

The basis for processing your personal data is our legitimate interest in processing your application.

You can object to this data processing at any time and withdraw your application. Please send your objection to the individual named as the contact person in the job posting or to the e-mail address: bewerbung@federtechnik.ch.

If we conclude an employment contract with you, the data transmitted will be stored for the purpose of fulfilling the employment relationship in accordance with the statutory provisions.

If the application procedure ends with no employment being offered, your personal data will be deleted unless you have given us your consent to use your details for any further application procedures with us and to contact you again if necessary. You have the option to revoke this consent at any time by using the e-mail address info@federtechnik.ch or the e-mail address provided in the job posting.

3.5 Online shop

If you wish to place orders in our online shop, for concluding the contract we require certain personal data from you that is necessary for processing your order. The data to be collected in the case of an order can be determined from the respective order form. The information marked with * or framed in red is required. The required information is required to process your order, deliver the ordered products and ensure correct payment. All other information is voluntary and the person placing the order can choose whether or not to enter such information.

As part of the order processing, the service providers we use (such as carriers, logistics companies and payment service providers like Mastercard, Visa, PayPal) receive the necessary data for the ordering process and the execution of the order. The payment service provider you select is responsible for your payment data. You can find more information on data protection with these providers on their respective websites.

The basis for the processing of your personal data in the online shop is your and our mutual legitimate interest in processing your order. If the order serves the fulfilment of a contract to which you are a party or the implementation of pre-contractual measures, this is an additional basis for the processing of your personal data.

To prevent unauthorised access to your personal data by third parties, data transmission to the online shop is encrypted using TLS/HTTPS technology.

3.6 Downloads

We do not require you to provide any personal data for the download.

4. Cookies

We use cookies on our website on the basis of our legitimate interests. Cookies are small text files that are placed and stored on your end device with the help of the browser. Cookies do not cause any damage to your end device. They cannot execute programmes or transfer viruses to your computer. Cookies are used to make our website more user-friendly and effective on the whole and to make your visit to our website as convenient as possible.

Most of the cookies we use are so-called session cookies. These are automatically deleted when you log out or close the browser. Other cookies remain stored on your computer beyond the respective usage process and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit. To the extent that other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are treated separately in this Data Privacy Statement.

Most internet browsers are regularly set to accept cookies. If you do not want this, you can set up your browser to inform you about the setting of cookies and, for certain situations, you can allow the acceptance of cookies only for individual cases or generally exclude them. You can also activate the automatic deletion of cookies when you close your browser. In addition, you can delete cookies that have already been set at any time via an internet browser or other software programmes.

The procedure for checking and deleting cookies depends on the browser you are using. You can find more information in the help menu of your browser. Please note that individual functions of our website may not work if you deactivate the use of cookies.

5. Google services

Based on our legitimate interests in the analysis, optimisation and economic operation of our website, we use various services of the American company Google LLC ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA:

Google Analytics
Google Maps
YouTube

Google uses so-called cookies. The cookies used by Google enable us to analyse your use of our website. The information generated by the cookie regarding your use of our website (including your IP address) is transmitted to a Google server in the USA and stored there.

Google is certified under the EU-US and Swiss-US Privacy Shield agreements and thus offers a guarantee of compliance with European and Swiss data protection law. Further information in this context can be found at: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

5.1. Google Analytics

For the purpose of needs-based design and continuous optimisation, we use the web analytics service of Google Analytics.

In this context, pseudonymised user profiles are created and cookies are used to evaluate the use of our website, to compile reports on website activity and to provide other services related to website and internet usage. This information may also be transmitted to third parties if this is required by law or if third parties process this data on our behalf. However, under no circumstances will your IP address be merged with other Google data.

We use Google Analytics only with activated IP anonymisation. This means that your IP address is truncated by Google within the EU/EEA or Switzerland. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information in connection with Google Analytics can be found in the Google Analytics help centre, for example at support.google.com/analytics/answer/6004245.

Further information on the terms of use and data protection can be found at www.google.com/analytics/terms/de.html or at www.google.de/intl/de/policies/.

5.2 Google Maps

Google Maps is integrated in our contact page to show our location.

When you visit our website, data (such as your IP address) is transmitted to a Google server in the USA and stored there. Google stores this data as usage profiles for the purposes of customising its services, advertising and market research. If you are logged into Google, this data is assigned directly to your account. If you do not want this to happen, you need to log out beforehand. You can prevent the use of Google Maps by deactivating JavaScript in your browser settings. However, this may result in functional limitations in the use of the website in individual cases.

Further information on data processing and notes on data protection by Google Maps can be found at http://www.google.com/intl/de_de/help/terms_maps.html and http://www.google.de/intl/de/policies/privacy.

5.3 YouTube

On some of our pages we use the provider YouTube for the integration of videos.

We use YouTube videos in the so-called "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you activate the videos is such data transmission started, on which we have no influence. You can prevent YouTube from saving cookies by using the appropriate settings in your browser software. You will then still be able to use the website. In individual cases, this may result in functional limitations in the use of the website.

Without this "extended data protection", a connection to the YouTube servers is established as soon as you visit one of our web pages featuring a YouTube video. In the process, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

Further information on data processing and notes on data protection by YouTube can be found at https://www.youtube.com/t/terms and http://www.google.de/intl/de/policies/privacy.

6. Social plugins

We use social plugins ("plugins") from the following social networks on our website on the basis of our legitimate interests:

Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
LinkedIn Inc., 2029 Stierlin Ct, Mountain View, CA 94043, USA
Xing SE, Dammtorstrasse 30, 20354 Hamburg, Deutschland

For reasons of data protection, we have deliberately decided against integrating plugins directly on our website. Instead, plugins are only integrated via a link. Therefore, when you visit our website, no data is automatically transmitted to social networks such as Facebook, LinkedIn or XING. Only if you actively click on one of the plugins listed on the website will a connection be established between your browser and the server of the relevant social network and data will be transmitted to the respective provider. We have no influence on the type and scope of the data that is then collected by the social networks.

For further information on the purpose and scope of data collection and the further processing and use of the data by social networks, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information of the respective networks:

7. Social media presence

We maintain social media profiles on Facebook, YouTube, LinkedIn and Xing.

The data you enter on our social media profiles will be published by the social media platform and will not be used or processed by us for any other purpose at any time. However, we reserve the right to delete content should this be necessary. We may communicate with you via the social media platform. This is based on your and our legitimate interest in communicating with each other in this way.

Please be aware that the social media platform uses web tracking methods. Web tracking on which we have no influence may also take place regardless of whether you are logged in or registered with the social media platform.

More detailed information on data processing by the social media platform can be found in the privacy policy of the respective provider:

8. Passing on personal data

We treat your personal data confidentially and only pass it on if you have expressly consented to this, if we are obliged to do so by law or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we will pass on your personal data to third parties if this is necessary in the context of using the website or for the provision of any services requested by you (including outside the website).

Furthermore, we also pass on your personal data to third parties abroad (e.g. to contracted service providers or subsidiaries), insofar as this is relevant for the data processing described in this data protection declaration. Naturally, the legal regulations on the transfer of personal data to third parties are complied with. If we use contracted processors to provide our services, we take suitable legal precautions and appropriate technical and organisational measures to ensure the protection of your personal data in accordance with the relevant statutory provisions.

If the level of data protection in a country in which the data is processed does not comply with the applicable data protection regulations, we contractually ensure that the protection of your personal data corresponds to the level of protection in Switzerland or the European Economic Area (EEA) at all times.

9. Duration of storage

We process and store your personal data only for as long as is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing and in accordance with the statutory retention periods. As soon as your personal data is no longer required for the above-mentioned purposes, or a stipulated retention period expires, your personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Special deletion periods are explicitly mentioned in this Data Privacy Statement.

10. Data security

We take technical and organisational security precautions to protect your personal data against manipulation, loss, deletion or access by unauthorised persons. This includes the use of recognised encryption methods (e.g. SSL encryption). Our security measures are continuously improved in line with technological developments.

We also take our own internal data protection seriously. Our employees and the service providers commissioned by us are obliged to maintain confidentiality and to comply with data protection regulations. Furthermore, they are only granted access to your personal data to the extent necessary.

11. Links to websites of other providers

Our website may contain links to websites of other providers that are not covered by this Data Privacy Statement. After clicking on the link, we no longer have any influence on the processing of any data transmitted to third parties (such as the IP address or the URL), as the behaviour of third parties is naturally beyond our control. We can therefore accept no responsibility for the processing of your personal data by third parties. If the collection, processing or use of your personal data is associated with the use of the websites of other providers, please refer to the data protection information of the respective providers.

Illegal content was not recognisable at the time of linking. Permanent monitoring and examination of the content of the linked pages without concrete evidence of an infringement is not reasonably feasible. If we become aware of any legal infringements, such links will be removed immediately.

12. Use of the website by minors

The website is aimed at an adult audience. Minors, in particular children under the age of 16, are prohibited from transmitting personal data to us or registering for a service without the consent of their parents or legal guardians. If we establish that such data has been transmitted to us, it will be deleted. The parents (or legal guardians) of the child can contact us and request the deletion or deregistration. To do this, we require a copy of an official document that identifies you as the parent or legal guardian.

13. Your rights

Right to information
You have the right to request information from us as to whether we process your personal data and, if so, which data we process.

Right to rectification
You have the right to request the correction of your incorrect personal data and, if necessary, the completion of incomplete personal data in our systems.

Right to deletion
You have the right to request that your personal data be deleted, for example if the data is no longer required for the purposes pursued. However, if we are obliged or authorised to retain your personal data due to legal or contractual obligations, we can thus only restrict or block your personal data to the extent permitted in these cases.

Right to limitation of processing
You have the right to demand that we limit the processing of your personal data.

Right to data portability
Where applicable, you have the right to receive your personal data, which we process automatically on the basis of your consent or to fulfil a contract, in a structured, commonly used and machine-readable format or to request the transfer of this data to a third party. If you request the direct transfer of personal data to another party, this will only take place if it is technically feasible.

Right to object
You have the right to object to the processing of your personal data at any time in accordance with the legal requirements. You especially have the right to object to the processing of your personal data for the purpose of direct marketing.

Revocation of consent
You have the right to withdraw your consent to the processing of your personal data at any time, in principle with effect for the future.

Right to appeal
If applicable, you have the right to appeal to a competent supervisory authority if you believe that the processing of your personal data violates data protection regulations.

For questions in connection with our handling of data protection and for information regarding your rights and how to assert them, you can contact us using the contact details provided in section 1 of this Data Privacy Statement. If necessary, we reserve the right to request your identification in an appropriate manner for the processing of enquiries.

14. Changes to the Data Privacy Statement

We expressly reserve the right to amend or change this Data Privacy Statement at any time. All changes and additions are at the sole discretion of the company.

The current status is April 2019.