Privacy Policy
Henri Grandjean & Cie SA
- 1. What does this privacy policy cover?
- 2. Who is the data controller?
- 3. What data do we process?
- 4. Why do we process your data?
- 5. On what basis do we process your data?
- 6. What are the applicable rules regarding profiling and automated individual decision-making?
- 7. Who do we share your data with?
- 8. Is your personal data transferred abroad?
- 9. How long do we process your data?
- 10. How do we protect your data?
- 11. What are your rights?
- 12. Do we use online tracking and online advertising techniques?
- 13. What data do we process on our social media pages?
- 14. Can we update this privacy policy?
1. What does this privacy policy cover?
Henri Grandjean & Cie SA (hereinafter also referred to as "we", "our") collects and processes personal data relating to you and to other individuals ("third parties"). We use the term "data" interchangeably with "personal data" in this context.
In this privacy policy, we describe what we do with your data when you use www.henri-grandjean.com, when you purchase our products and services, when you are in contact with us in connection with a contract, when you communicate with us or deal with us in any other way. Where necessary, we will inform you via a separate statement of any processing activities not covered by this privacy policy. We may also inform you separately about the processing of your data, for example in consent forms, terms and conditions, supplementary statements, forms and other notices.
If you provide us with data or share data with us concerning other people, such as family members, work colleagues, etc., we assume that you are authorised to do so and that the data in question is accurate. When you share data with us concerning other people, you confirm the above. Please ensure that these individuals have been made aware of this privacy policy.
This privacy policy is aligned with the EU General Data Protection Regulation ('GDPR') and the Swiss Federal Data Protection Act ('FADP'). However, the specific application of these laws depends on the individual case.
2. Who is the data controller?
Henri Grandjean & Cie SA is the data controller under this privacy policy, unless we inform you otherwise in a specific case, for example in supplementary privacy policies, in a form or in a contract.
You can contact us regarding data protection matters and to exercise your rights under section 11 as follows:
Henri Grandjean & Cie SA
Rue du Rhône 29
CH - 1204 Geneva
dataprotection@henri-grandjean.com
3. What data do we process?
We process various categories of data relating to you. The main categories are as follows:
Technical data: When you use our website or other online services, we collect the IP address of the device you are using (terminal) and other technical data in order to ensure the functionality and security of these services. This data includes system logs. We generally retain technical data for 12 months. In order to ensure the functionality of these services, we may also assign you an individual code or assign a code to your device (for example in the form of a cookie, see section 12). Technical data as such does not allow conclusions to be drawn about your identity. However, technical data may be linked to other categories of data (and potentially to you personally) in the context of user accounts, registrations, access controls or the performance of a contract.
Technical data includes the IP address and information about the operating system of your device, the date, region, time of use and the type of browser you use to access our online services. This information enables us to provide an appropriate website layout or, for example, to display a website tailored to your region. We know which provider you are using to access our services (and therefore also the region) via the IP address, but this does not generally allow us to identify you. However, this changes, for example, when you create a user account, as personal data can then be linked to technical data (for example, we can identify the browser you are using to access an account via our website). Examples of technical data include logs generated in our systems (for example, the log of user connections to our website).
Registration data: Certain offers and services (e.g. the sending of newsletters) can only be used with a user account or following registration, which can be done directly with us or via our third-party login service providers. In this context, you must provide us with certain data, and we collect data on your use of the offer or service. If you redeem a voucher issued by us, we may ask you for certain data at the time of redemption. If we issue a voucher in your name for one of our contractual partners, we may share or receive some of your registration data from the relevant contractual partner (see section 7). Access controls to certain facilities may require registration data. We generally retain registration data for 12 months from the end of service use or the closure of the user account.
Registration data includes the information you provide when you create an account on our website (e.g. username, password, name and email address). It also includes the data we may ask you to provide before you can use certain free services, such as redeeming vouchers, in which case this includes: name, address, contact details and the time of redemption. You must also register if you wish to subscribe to our newsletter. As part of access controls, we may need to register you using your data (access codes on badges, biometric data for identification) (see the 'other data' category).
Communication data: When you contact us via the contact form, by email, by telephone, by post or by any other means of communication, we collect the data you exchange with us, including your contact details and the communication metadata. If we record or listen in on telephone conversations or video conferences, for example for training and quality assurance purposes, we will inform you specifically. Such recordings may only be made and used in accordance with our internal policies. You will be informed if and when such recordings take place, for example by a notification during the video conference in question. If you do not wish to be recorded, please let us know or leave the (video) conference. If you simply do not wish your image to be recorded, please switch off your camera. If we need to verify your identity, for example in connection with a request for information, a press access request, etc., we will collect data that enables us to identify you (for example, a copy of an identity document). We generally retain this data for 12 months from our last communication with you. This period may be longer if necessary for evidential purposes, to comply with legal or contractual requirements, or for technical reasons. Emails in the personal inbox and written correspondence are generally retained for at least 10 years. Recordings of (video) conferences are generally retained for 12 months.
Communication data includes your name and contact details, the method, location and time of the communication, and generally also its content (i.e. the content of emails, letters, chats, etc.). This data may also include information relating to third parties. We may also process, for identification purposes, your passport or ID card number, a password you have set, or your press card. To ensure secure identification, the following information must be provided for media enquiries: publisher, name of the publication, title, first name, surname, postal address, email address and telephone number of the journalist.
Master data: By 'master data', we mean the basic data we require, in addition to contractual data (see below), for the performance of our contractual and other business relationships or for marketing and promotional purposes, such as your name and contact details, as well as information concerning, for example, your role and position, your bank details, your date of birth, your customer history, your powers of attorney, your signing authorisations and your declarations of consent. We process your master data if you are a customer or other business contact, or if you work for one of them (for example, as a business partner's contact person), or because we wish to contact you for our own purposes or those of a contractual partner (for example, in connection with marketing and advertising, invitations to events, vouchers, newsletters, etc.). We receive master data from you (for example, when you make a purchase or as part of a registration), from people you work for, or from third parties such as contractual partners, associations and address brokers, as well as from public sources such as public registers or the internet (websites, social media, etc.). We may also collect master data from our shareholders and investors. We generally retain basic data for 10 years from our last interaction with you or the end of the contract. This period may be longer if necessary for evidential purposes, to comply with legal or contractual requirements, or for technical reasons. For contacts used solely for marketing and advertising purposes, the retention period is generally much shorter, usually no more than 2 years from the last contact.
Basic data includes information such as name, address, email address, telephone number and other contact details, gender, date of birth, nationality, details of related individuals, websites, social media profiles, photos and videos, and copies of identity documents; in addition, details of your relationship with us (customer, supplier, visitor, service recipient, etc.), details of your status, entitlements, classifications and mailing lists, details of our interactions with you (where applicable, a history of these with corresponding entries), reports (e.g. from the media) or official documents (e.g. extracts from the commercial register, licences, etc.) relating to you. As payment information, we collect, for example, your bank details, your account number and your credit card details. Declarations of consent and information relating to unsubscribing from a service are also part of the basic data, as is information concerning third parties, for example contact persons, service recipients, recipients of advertising or representatives.
With regard to contact persons and representatives of our customers, suppliers and partners, basic data includes, for example, name and address, information on their role or position within the organisation, qualifications and (where applicable) information on line managers, colleagues and subordinates, as well as information on interactions with these individuals.
Master data is not collected exhaustively for all contacts. The data collected in individual cases depends primarily on the purpose of the processing.
Contractual data: This refers to data collected in connection with the conclusion or performance of a contract, for example information on contracts and the services provided or to be provided, as well as data relating to the period prior to the conclusion of a contract, information required or used for the performance of a contract, and customer feedback (e.g. complaints, customer satisfaction data, etc.). We generally collect this data from you, from contractual partners and third parties involved in the performance of the contract, as well as from third-party sources (e.g. credit reference agencies) and public sources. We generally retain this data for 10 years from the last contractual activity or the end of the contract. This period may be longer where necessary for evidential purposes, to comply with legal or contractual requirements, or for technical reasons.
Contractual data includes information relating to the conclusion of the contract and your contracts, such as the type of contract and the date of conclusion, information from the application process (such as requests for our products or services) and information about the relevant contract (e.g. its duration), the performance and administration of contracts (e.g. information relating to invoicing, customer service, technical support and the handling of contractual claims). Contractual data also includes information on defects, complaints and amendments to a contract, as well as information on customer satisfaction that we may collect, for example in the context of surveys. Contractual data also includes financial data, such as credit information (i.e. information that allows us to draw conclusions about the likelihood of payment of claims), information regarding payment reminders and debt collection. We receive this data partly from you (for example, when you make payments), but also from credit agencies, debt collection agencies and public sources (for example, a commercial register).
Behavioural and preference data: Depending on the relationship we have with you, we aim to get to know you better and tailor our products, services and offers to your needs. To this end, we collect and process data relating to your behaviour and preferences. We do this by analysing information regarding your behaviour on our website, and we may also supplement this information with data from third parties, including public sources. Based on this data, we can, for example, determine the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose is either already known to us (for example, where and when you use our services), or we collect it by recording your behaviour (for example, how you navigate our website). We anonymise or delete this data when it is no longer relevant to the purposes for which it was collected, i.e. – depending on the type of data – between 1 month (for movement profiles) and 24 months (for product and service preferences). This period may be longer where necessary for evidential purposes, to comply with legal or contractual requirements, or for technical reasons. We describe how online tracking works on our website in section 12.
Behavioural data refers to information relating to certain actions, such as your response to electronic communications (for example, whether and when you opened an email) or your location, as well as your interaction with our social media pages and your participation in prize draws, competitions and similar events. We may, for example, collect your location data when you use our website.
Preference data tells us what your needs are, which products or services might interest you, or when and how you are likely to respond to our messages. We obtain this information by analysing existing data, such as behavioural data, in order to get to know you better, tailor our advice and offers more precisely to your needs and, more generally, improve our offerings. To improve the quality of our analyses, we may combine this data with other data that we also obtain from third parties.
Behavioural and preference data may be analysed on a personal and identifiable basis (for example, to send you personalised adverts), but also on a non-identifiable basis (for example, for market research or product development). Behavioural and preference data may also be combined with other data (for example, movement data may be used for contact tracing as part of a health protection scheme).
Other data: We also collect data about you in other situations. For example, we process data that may relate to you (such as files, evidence, etc.) in the context of administrative or legal proceedings. We may also collect data for health protection purposes (for example, as part of health protection measures). We may obtain or create photographs, videos and audio recordings in which you may be identifiable (for example, at events, via security cameras, etc.). We may also collect data on people who enter certain buildings and at what time, or on people who have access rights (including as part of access controls, based on registration data or visitor lists, etc.), on people who take part in events or campaigns (e.g. competitions), and on people who use our infrastructure and systems and when. Furthermore, in addition to basic data, we collect and process data on our shareholders and other investors, including information for registers, in connection with the exercise of their rights or in connection with events (e.g. general meetings). The retention period for this data depends on the purpose of the processing and is limited to what is necessary. It ranges from a few days for many security cameras, to a few weeks for contact tracing and screening, and for visitor data, which is generally retained for 12 months, to several years or more for event reports containing images. Data relating to you as a shareholder or investor is retained in accordance with company law and, in any event, for as long as you hold them in that capacity.
Most of the data mentioned in this Section 3 is provided to us directly by you (via forms, when you contact us, when entering into a contract, when you use the website, etc.). You are not obliged or required to provide us with any data, except in certain cases, for example in connection with mandatory health protection measures (legal obligations). If you wish to enter into contracts with us or use our services, you must also provide us with certain data, including basic data, contractual data and registration data, as part of your contractual obligations under the relevant contract. Furthermore, it is not possible to avoid the processing of technical data when using our website. If you wish to access certain systems or buildings, you must also provide us with registration data. However, in the case of behavioural and preference data, you generally have the option to object or withhold your consent.
We provide certain services to you only if you provide us with registration details, because we or our contractual partners wish to know who is using our services or has accepted an invitation to an event, because it is a technical requirement, or because we wish to communicate with you. If you or the person you represent (e.g. your employer) wish to enter into or perform a contract with us, we must collect basic data, contractual data and communication data, and we process technical data if you wish to use our website or other electronic services for this purpose. If you do not provide us with the data necessary for the conclusion and performance of the contract, you must expect that we may refuse to conclude the contract, that you may be in breach of contract, or that we may not perform the contract. Similarly, we can only respond to an enquiry from you if we process communication data and – if you contact us online – possibly also technical data. Furthermore, it is not possible to use our website without us receiving technical data.
Where it is not unlawful to do so, we also collect data from public sources (such as debt collection registers, land registers, commercial registers, the media or the internet, including social media) or receive data from other companies within our group, public authorities and other third parties (such as credit agencies, address brokers, associations, contractual partners, internet analytics services, etc.).
The categories of personal data we receive about you from third parties include, in particular, information from public registers, information we receive in the course of administrative and legal proceedings, information relating to your professional roles and activities (so that we can, for example, enter into and carry out transactions with your employer with your support), information about you contained in correspondence and meetings with third parties, creditworthiness information (where we deal with you in a personal capacity), information about you that persons related to you (family members, advisers, legal representatives, etc.) share with us so that we can enter into or perform contracts with you or concerning you (for example, your references, your delivery address, your powers of attorney, information regarding compliance with legal requirements such as those relating to fraud prevention and the fight against money laundering and terrorist financing, export restrictions, information from banks, insurance companies, vendors and other contractual partners regarding your use of our services or your provision of services (e.g. payments, purchases, etc.), information from the media and the internet regarding your use of our services or the provision of our services (e.g. payments made, purchases made, etc.), information from the media and the internet concerning you (where applicable in a specific case, e.g. in connection with an enquiry, marketing/sales, press review, etc.), your address, your potential interests and other socio-demographic data (in particular for marketing and research purposes), as well as data relating to the use of third-party websites and online services, insofar as such use can be attributed to you.
4. Why do we process your data?
We process your data for the purposes set out below. You can find further information in sections 12 and 13 for online services. These purposes and their objectives serve our interests and, where applicable, those of third parties. You can find further information on the legal basis for our processing in section 5.
We process your data for the purpose of communicating with you, in particular to respond to your enquiries and to enable you to exercise your rights (section 11) and to allow us to contact you in the event of any queries. For this purpose, we use, in particular, communication data and master data, as well as registration data relating to the offers and services you use. We retain this data to document our communication with you, for training, quality assurance and the follow-up of enquiries.
The above covers all the purposes for which we communicate with you, whether in the context of customer service or advisory services, authentication when using the website, and for training and quality assurance (for example, in the context of customer service). We also process communication data to enable us to communicate with you by email and telephone, as well as via messaging services, chat, social media, letters and fax. Our communication with you generally takes place in connection with other processing purposes, for example so that we can provide services or respond to a request for access. Our processing also serves to document the communication and its content.
We process data for the conclusion, administration and performance of contractual relationships.
We enter into various contracts with our business and private customers, our suppliers, our subcontractors and other parties, such as project partners or parties to legal proceedings. In particular, we process master data, contractual data and communication data and, depending on the circumstances, registration data relating to the customer or to the persons for whose benefit the customer has received a service. This includes, for example, recipients of our products or services, who receive vouchers and related invitations from our own customers and may become our customers when they redeem them. In this case, we process the data in order to fulfil the contract with these recipients, but also with the contractual partners who invited them.
When establishing a business relationship, personal data – in particular master data, contractual data and communication data – is collected from potential customers or other contractual partners (for example, via an order form or a contract) or is obtained in the course of communication. When concluding a contract, we process data to assess a person's creditworthiness and to enter into a customer relationship. In certain cases, this information is reviewed to ensure compliance with legal requirements.
In the course of fulfilling our contractual obligations, we process data for the purposes of customer relationship management, to provide and fulfil contractual services (which includes the involvement of third parties, such as logistics companies, security service providers, advertising service providers, banks, insurance companies or credit reference agencies, who may in turn provide us with data), for advisory services and for customer support. The enforcement of legal claims arising from contracts (debt collection, legal proceedings, etc.) also forms part of these services, as do accounting, contract termination and public communication.
We process data for marketing and relationship management purposes, for example to send our customers and other contractual partners personalised advertisements for products and services offered by us or by third parties (such as advertising partners). This may take the form of newsletters and other regular communications (electronically, by email or by telephone), via other channels for which we hold your contact details, but also as part of marketing campaigns (e.g. events, competitions, etc.) and may also include free services (e.g. invitations, vouchers, etc.), for example. You may object to such communications at any time (see the end of this section 4) or refuse or withdraw your consent for us to contact you for marketing purposes. With your consent, we may target our online advertising on the internet more specifically to you (see section 12). Finally, we also wish to allow our contractual partners to contact our customers and other contractual partners for marketing purposes (see section 7).
For example, if you consent, we may send you information, advertising and product offers from us and from third parties within and outside the group (such as advertising partners), in the form of printed materials, electronically or by telephone. To this end, we process, in particular, communication and registration data. Like most companies, we personalise communications so that we can provide you with tailored information and offers that meet your needs and interests. Consequently, we combine the data we process about you with preference data and use this data as the basis for personalisation (see section 3). We also process data in connection with competitions, contests and similar events.
Relationship management involves communicating with existing customers and their contacts, potentially in a personalised manner based on behavioural and preference data. As part of relationship management, we may also use a customer relationship management ('CRM') system in which we store data on customers, suppliers and other business partners necessary for managing the relationship, for example data on contact persons, relationship history (e.g. information on products and services purchased or provided, interactions, etc.), interests, marketing activities (newsletters, invitations to events, etc.) and other information.
All of these processing activities are important to us, not only to promote our offerings as effectively as possible, but also to make our relationships with customers and other third parties more personal and positive, to focus on the most important relationships, and to use our resources as efficiently as possible.
We also process your data for market research purposes, to improve our services and business activities, and for product development.
We are committed to continuously improving our products and services (including our website) and responding swiftly to changing needs. To this end, we analyse, for example, how you navigate our website, which products are used by which groups of people and in what way, and how new products and services can be designed (for further details, see section 12). This helps us to understand market acceptance of existing products and services and the market potential of new products and services. To this end, we process, in particular, basic data, behavioural data and preference data, as well as communication data and information from customer surveys, polls and studies, and other information from, for example, the media, social media, the internet and other public sources. Where possible, we use pseudonymised or anonymised data for these purposes. We may also use media monitoring services or carry out media monitoring ourselves and process personal data in order to monitor the media or to understand and respond to current developments and trends.
We use anonymised location data, for example to provide our contractual partners with recommendations to avoid peak times. With your prior consent, we use non-anonymised location data to notify you of interesting offers and products in your vicinity (based on your location), to determine your interests based on location data (time spent in a location), and to inform you about products and services that other contractual partners with similar interests have used.
We may also process your data for security and access control purposes.
We continuously review and improve the security of our IT and other infrastructure (such as our buildings). Like any company, we cannot rule out data security breaches with absolute certainty, but we do our utmost to minimise the risks. For example, we process data for the purposes of monitoring, inspecting, analysing and testing our networks and IT infrastructure, system and error checks, as well as for documentation purposes and as part of backups. Access controls include electronic access controls to systems (e.g. logging into user accounts), as well as physical access controls (e.g. access to buildings). For security purposes (to prevent and investigate incidents), we also maintain access logs and visitor lists and use surveillance systems (e.g. security cameras). We will inform you of the surveillance systems in place at the relevant locations by means of appropriate signage.
We process personal data to comply with laws, guidelines and recommendations from authorities, and internal regulations ('compliance with legal requirements').
This includes, for example, the implementation of health and safety measures or the regulated fight against money laundering and terrorist financing. In certain cases, we may also be required to carry out certain checks on our customers ('Know Your Customer') or to make reports to the authorities. Obligations to provide information or make declarations, for example in connection with supervisory and tax obligations, also require or entail the processing of data, such as archiving obligations and the prevention, detection and investigation of criminal offences and other breaches. This also includes receiving and processing complaints and other reports, monitoring communications, conducting internal investigations, or disclosing documents to an authority if we have sufficient grounds to do so or are legally obliged to do so. We may also process your personal data in the context of external investigations, for example by a law enforcement or supervisory authority or by a private entity commissioned for this purpose. Furthermore, we process data in order to serve our shareholders and other investors and to fulfil our obligations in this regard. For these purposes, we process, in particular, master data, contractual data and communication data and, in certain circumstances, behavioural data and data in the 'other data' category. Legal obligations may arise from Swiss law, but also from foreign regulations to which we are subject, as well as from self-regulation, industry standards, our own "corporate governance" and instructions and requests from the authorities.
We also process data as part of our risk management and corporate governance, including business organisation and development.
For these purposes, we process, in particular, master data, contractual data, registration data and technical data, as well as behavioural and communication data. For example, as part of our financial management, we need to monitor our accounts receivable and accounts payable, and we must guard against becoming victims of crime and abuse, which may lead us to analyse data to identify relevant patterns of such activities. We may also carry out profiling and create and process profiles for these purposes and to protect you and us from criminal or abusive activities (see also section 6). As part of our resource planning and the organisation of our business activities, we may need to evaluate and process data relating to the use of our services and other offerings, or share this information with others (e.g. subcontracting partners), which may also include your data. The same applies to services provided to us by third parties. As part of the development of our business, we may sell businesses, parts of businesses or companies to third parties, or acquire them from third parties, or enter into partnerships, which may also involve the exchange and processing of data (including data relating to you, for example as a customer, supplier or representative of a supplier).
We may process your data for other purposes, for example as part of our internal processes and administration, or for quality assurance and training purposes.
These other purposes include, for example, training and educational purposes, administrative purposes (such as master data management, accounting and data archiving, as well as the testing, management and continuous improvement of IT infrastructure), the protection of our rights (for example, to assert claims in court or out of court, and before authorities in Switzerland and abroad, or to defend ourselves against claims made against us, for example by preserving evidence, conducting legal analyses and participating in judicial or administrative proceedings), and the evaluation and improvement of internal processes. We may use recordings of (video) conferences for quality assurance and training purposes. These other purposes also include the safeguarding of other legitimate interests which cannot be listed exhaustively.
5. On what basis do we process your data?
When we seek your consent for certain processing activities (for example, for marketing activities, personalised movement profiles, and for the management of advertising and analysis of website behaviour), we will inform you separately of the relevant processing purposes. You may withdraw your consent at any time with future effect by sending us written notice (by post) or, unless otherwise stated or agreed, by sending us an email; you will find our contact details in section 2. To withdraw your consent to online tracking, see section 12. If you have a user account, you can also withdraw your consent or contact us via the website or the service in question. As soon as we have received notification of the withdrawal of consent, we will no longer process your information for the purpose(s) to which you consented, unless we have another legal basis for doing so. However, the withdrawal of consent does not affect the lawfulness of processing based on consent given prior to the withdrawal.
Where we do not seek consent for the processing, the processing of your personal data is based on the necessity of the processing to enter into or perform a contract with you (or the entity you represent) or on our legitimate interest or that of a third party in the processing in question, in particular in pursuit of the purposes and objectives set out in section 4 and in the implementation of related measures. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognised as a legal basis under applicable data protection legislation (for example, in the case of the GDPR, the laws within the EEA, and in the case of the FADP, Swiss law). This also includes the marketing of our products and services, our desire to better understand our markets, and the management and development of our business, including its operations, in a secure and efficient manner.
If we receive sensitive personal data (for example, data relating to health, data revealing political opinions, religious or philosophical beliefs, as well as biometric data for the purpose of uniquely identifying a natural person), we may process your data on other legal grounds; for example, in the event of a dispute, for the purposes of a potential dispute, or for the enforcement or defence of legal claims. In certain cases, other legal bases may apply and, where applicable, we will inform you of this separately.
6. What are the applicable rules regarding profiling and automated individual decision-making?
We may automatically evaluate personal aspects relating to you ('profiling') on the basis of your data (section 3) for the purposes set out in section 4, when we wish to establish preference data, as well as to detect misuse and security risks, to carry out statistical analyses and for business planning. We may also create profiles for these purposes, which means that we may combine behavioural and preference data, as well as basic data, contractual data and technical data relating to you, in order to better understand you as a person – with your various interests and other characteristics.
If you are our customer, we may, for example, use 'profiling' to determine which other products you might be interested in based on your purchases. We may also use profiling to assess your creditworthiness before offering you the option to pay for a purchase by invoice. Furthermore, automated data analysis may determine, for your own protection, the likelihood that a transaction is fraudulent. This allows us to suspend the transaction pending clarification of the situation. 'Profiles' should be distinguished from 'profiling'. 'Profiles' refer to the linking of different data in order to draw conclusions about key aspects of your personality (for example, what you like, how you behave in certain situations) based on the entirety of this data. Profiles may also be used for marketing purposes, for example, or for security purposes.
We ensure that the results are proportionate and reliable, and take measures against the misuse of these profiles or profiling. If these automated individual decisions may have legal consequences for you or otherwise affect you in a significant way, we generally ensure that the decision is reviewed by a human being.
7. Who do we share your data with?
In connection with our contracts, website, products and services, legal obligations, the protection of our legitimate interests, and the other purposes set out in section 4, we may disclose your personal data to third parties, including the following categories of recipients:
Service providers: We work with service providers in Switzerland and abroad who process your data on our behalf or as joint controllers with us, or who receive data about you from us as independent controllers (e.g. IT service providers, transport companies, advertising service providers, connectivity service providers, cleaning companies, security firms, banks, insurance companies, debt collection agencies, credit reference agencies or address verification providers).
In order to provide our products and services efficiently and focus on our core competencies, we engage third parties in various areas. These include, for example, IT services, data transmission, marketing, sales, communications and printing, facilities management, security and cleaning, the organisation and hosting of events and receptions, debt collection, credit agencies, address verification providers (for example, to update address lists in the event of a move), fraud prevention measures, and the services of consultancy firms, lawyers, banks, insurers and telecommunications companies. In each case, we provide these service providers with the data they require for their services, which may also relate to you. These service providers may also use this data for their own purposes, for example information on outstanding debts and your payment history in the case of credit reference agencies, or anonymised data to improve their services. Furthermore, we enter into contracts with these service providers that include provisions to protect data, where such protection is not provided for by law. In certain cases, our service providers may also process data on how their services are used and other data generated in the course of using their services as independent data controllers for their own legitimate interests (for example, for statistical analysis or billing purposes). These service providers provide information about their independent data processing activities in their own privacy policies.
Contractual partners, including customers: This refers to customers and our other contractual partners, insofar as the disclosure of data arises from these contracts. If you work for one of these contractual partners, we may also disclose data about you to them. These recipients also include contractual partners with whom we cooperate or who advertise on our behalf, and to whom we may therefore disclose data about you for analysis and marketing purposes.
If you are acting as an employee of a company with which we have entered into a contract, the performance of that contract may require us to inform the company, for example, of how you have used our service. We share selected basic data, contractual data, behavioural data and preference data with our cooperation partners and advertising partners so that they can, on the one hand, carry out non-personal analyses within their own areas (for example, regarding the number of our customers who have viewed their advertisement) and, on the other hand, use the data for advertising purposes (including to target you). Advertising partners must, for example, be able to communicate with some of our customers and send them advertising.
Authorities: We may disclose personal data to agencies, courts and other authorities in Switzerland and abroad if we are legally obliged or authorised to do so, or if it appears necessary to protect our interests. These authorities act as independent data controllers. This includes, for example, criminal investigations, police measures (e.g. health protection measures, measures to combat violence, etc.), regulatory requirements and investigations, legal proceedings, reporting obligations and pre-litigation and out-of-court proceedings, as well as legal obligations to provide information and cooperate. Data may also be disclosed if we wish to obtain information from public bodies, for example to substantiate a request for information or because we need to identify the persons about whom we require information (e.g. from a register).
Other parties: These are other instances where interactions with third parties fall within the scope of the purposes set out in section 4, for example service users, the media and associations in which we participate, or if you are featured in one of our publications.
Other recipients include, for example, the recipients of the delivery or third-party debtors specified by you, other third parties in the context of a mandate (for example, if we share your data with your solicitor or bank), or persons involved in administrative or legal proceedings. If we cooperate with the media and share material with them (e.g. photos), this may, where applicable, also concern you. The same applies if we publish content (e.g. photos, interviews, quotes, etc.) on our website or in our other publications. As part of the development of our business, we may sell businesses, parts of businesses or companies to third parties, or acquire them from third parties, or enter into partnerships, and these activities may also involve the disclosure of data (including yours, for example as a customer, supplier or representative of a supplier) to those involved in such transactions. In the context of communication with competitors, industry organisations, associations and other bodies, data relating to you may be exchanged.
All these categories of recipients may involve third parties, meaning that your data may also be disclosed to them. We may restrict processing by certain third parties (e.g. IT service providers), but not by others (e.g. authorities, banks, etc.).
8. Is your personal data transferred abroad?
As explained in section 7, we share data with other parties. Not all of these are located in Switzerland. Your data may therefore be processed both in Europe and in other non-European countries.
If a recipient is located in a country without adequate legal data protection recognised under Article 8(1) and Annex 1 of the Data Protection Ordinance (OPDo), we require the recipient to undertake to comply with the applicable data protection legislation, unless the recipient is already subject to a set of legally accepted rules designed to ensure data protection or we can invoke an exception. An exception applies, for example, in the case of legal proceedings abroad, in the case of an overriding public interest, or where the performance of a contract requires the disclosure of data, as well as if you have consented to the transfer of data or if the data has been made generally available by you directly and you have not objected to the processing.
Many countries outside Switzerland or the EEA do not currently have legislation guaranteeing an adequate level of data protection under the FADP or the GDPR. The contractual provisions mentioned above compensate to some extent for this limited or lacking legal protection. However, the contractual provisions cannot eliminate all risks (in particular the risk of access by foreign governments). You should be aware of these residual risks, even if they are low in this specific case, and we are taking measures to minimise them.
Please note that data exchanged via the internet often passes through third countries. Your data may therefore be sent abroad even if the sender and recipient are located in the same country.
9. How long do we process your data?
We process your data for as long as required by our processing purposes, statutory retention periods and our legitimate interests in documentation and the preservation of evidence, or where retention is a technical requirement. You can find further information on the respective retention and processing periods for the various categories of data in section 3, and for cookies in section 12. In the absence of any conflicting legal or contractual obligations, we will delete or anonymise your data once the retention period has expired or processing has ceased as part of our standard processes.
Documentation and evidence purposes include our interest in documenting processes, interactions and other facts in relation to legal claims, inconsistencies, IT and infrastructure security requirements, and to demonstrate good corporate governance and compliance with legal requirements. Data retention may be a technical requirement where certain data cannot be separated from other data and we must therefore retain them together (for example, in the case of backups or document management systems).
10. How do we protect your data?
We take appropriate security measures to ensure the necessary security of your personal data and to guarantee the confidentiality, integrity and availability of your data, to protect it against unauthorised or unlawful processing, and to minimise the risk of loss, accidental alteration, unauthorised disclosure or access.
Technical and organisational security measures may include data encryption and pseudonymisation, logging, access restrictions, the retention of backup copies, instructions given to our employees, the conclusion of confidentiality agreements and monitoring. We protect your data sent via our website in transit using appropriate encryption. However, we can only secure the areas under our control. We also require our processors to implement appropriate security measures. However, security risks can never be completely ruled out; residual risks always remain.
11. What are your rights?
Applicable data protection laws give you the right to object to the processing of your data in certain circumstances, including processing for direct marketing purposes, profiling for direct marketing purposes, and other legitimate interests in the processing.
To help you control the processing of your personal data, you have the following rights in relation to our processing of your data, in accordance with applicable data protection legislation:
- The right to ask us for information about whether we are processing data relating to you and, if so, what data;
- The right to request that we correct the data if it is inaccurate;
- The right to request the erasure of data;
- The right to request that we provide certain personal data in a commonly used electronic format or that we transfer it to another data controller;
- The right to withdraw your consent, where our processing is based on your consent;
- The right to receive, upon request, further information relevant to the exercise of these rights;
If you wish to exercise the above rights in relation to us, you may contact us in writing at our address or, unless otherwise stated or agreed, by email; you will find our contact details in section 2. In order to prevent any misuse, we must verify your identity (for example, by means of a copy of your identity card, if identification is not otherwise possible).
Please note that conditions, exceptions and restrictions may apply when exercising these rights in accordance with applicable data protection legislation (for example, to protect third parties or trade secrets). Where applicable, we will inform you of this.
In particular, we may continue to process your data and retain your personal data in order to perform a contract with you, to protect our own legitimate interests, for example by asserting contractual claims, exercising or defending legal claims, or complying with legal obligations. To the extent permitted by law, in particular to protect the rights and freedoms of other data subjects and to safeguard legitimate interests, we may also reject a data subject's request in whole or in part (for example, by redacting content relating to third parties or our trade secrets).
If you disagree with the way we handle your requests to exercise your rights or with our data protection practices, you can let us know (see section 2). If you are located in the EEA, the UK or Switzerland, you also have the right to lodge a complaint with the relevant data protection supervisory authority in your country.
12. Do we use online tracking and online advertising techniques?
We use various techniques on our website that enable us – and third parties we engage – to recognise you when you use our website, and potentially to track you across multiple visits. This section provides information on this.
In essence, we wish to distinguish between your access (via your device) and access by other users, so that we can ensure the website functions properly and carry out analyses and personalisation. We do not intend to identify you, although it may be possible for us or for third parties we engage to identify you by linking this information to registration data. However, even in the absence of registration data, the technologies we use are designed so that you are recognised as an individual visitor each time you access the website; for example, our server (or third-party servers) assigns a specific identification number to you or your browser (known as a 'cookie').
Cookies are individual codes (e.g. a serial number) that our server or a server belonging to our service providers or advertising partners transmits to your system when you connect to our website, and which your system (browser, mobile phone) accepts and stores until the end of the set expiry period. Your device transmits these codes to our server or the third-party server each time you visit. In this way, you can be recognised even if your identity is unknown.
Every time you access a server (for example, when you use a website or an app, or when an email contains a visible or invisible image), your visits can be 'tracked'. If we integrate offers from an advertising partner or an analytics tool provider on our website, they may track you in the same way, even if you cannot be identified in that specific instance.
We use these technologies on our website and may allow certain third parties to do so as well. You can also configure your browser to block or disable certain types of cookies or alternative technologies, or to delete existing cookies. You can also add software to your browser to block certain third-party tracking. You can find further information on your browser's help pages (usually under the heading 'data protection') or on the third-party websites listed below.
We distinguish between the following categories of 'cookies' (including technologies that work in the same way, such as fingerprinting):
- Necessary cookies: Some cookies are necessary for the website to function or for certain features. For example, they ensure that you can navigate from one page to another without losing information entered into a form. They also ensure that you remain logged in. These cookies are only temporary ('session cookies'). If you block them, the website may not function properly. Other cookies are required for the server to store options or information (which you have entered) beyond a single session (i.e. a visit to the website) if you use this function (e.g. language settings, consents, the auto-login feature, etc.). These cookies have an expiry date of up to 24 months.
- Performance cookies: In order to optimise our website and related services and better tailor them to users' needs, we use cookies to record and analyse how our website is used, potentially beyond a single session. We use third-party analytics services for this purpose. We ask for your consent before using these cookies. Performance cookies also have an expiry date of up to 24 months. You can find details on the websites of the third-party analytics services.
We currently use the following third-party analytics service: Google Analytics.
13. What data do we process on our social media pages?
We may operate pages and other online presences ('fan pages', 'channels', 'profiles', etc.) on social media and other platforms operated by third parties and collect data as described in section 3 and below. We receive this data from you and from the platforms when you interact with us via our online presence (for example, when you communicate with us, comment on our content or visit our online presence). These platforms also analyse your use of our online presence and combine this data with other data they hold about you (for example, behavioural and preference data). They also process this data for their own purposes, including for marketing and market research (for example, to personalise advertising) and to manage their platforms (for example, what content they show you) and, for this purpose, they act as independent data controllers.
We receive data about you when you contact us via our online presence, view our content on the relevant platforms, or visit or interact with our online presence (for example, by posting content or submitting comments). These platforms collect, in particular, technical data, registration data, communication data, behavioural data and preference data from you or about you (see section 3 for definitions of these terms). These platforms generally carry out a statistical analysis of how you interact with us, how you use our online presence and our content or other parts of the platform (what you view, comment on, 'like', follow, etc.) and link this data to other information about you (for example, information about your age and gender and other demographic information). They use this data and these profiles to display personalised adverts and other content to you on the platform and to manage the platform's content, as well as for market research and usage statistics.
For further information on data processing by platform operators, please consult the relevant privacy policies. There you will also find information on the countries in which they process your data, your rights to access and erasure of data and other data subject rights, as well as how you can exercise these rights or obtain further information. We currently use the following platforms: Facebook, Instagram and LinkedIn.
14. Can we update this privacy policy?
This privacy policy is not part of a contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.
Last updated: May 2026