Data Protection Declaration
1. General terms
This data protection declaration explains how we process personal data.
“Personal data“ means all details related to a specific or identifiable natural or legal person. „Processing“ means all ways of dealing with personal data, irrespective of the means and procedures used, in particular procuring, storing, using, revising, disclosing, archiving and destroying of personal data.
In connection with specific kinds of data processing, e.g. the entry into contracts, additional provisions might apply. Such provisions are available in the respective contracts.
2. Data security
We undertake to protect your privacy in accordance with the applicable laws, especially the code of conduct and data protection law. For this reason, we take a number of precautions, such as implementing technical and organizational security measures (e.g. access restrictions, firewalls, personal passwords such as encryption and authentication technologies, staff training).
3. Categories of personal data
We can process the following categories of personal data while limiting the processing to the necessary minimum.
Client data such as:
4. Origin of personal data
For the purposes of section 5, we can collect personal data from the following sources:
5. Purposes of data processing
We can process personal data for the provision of own services and for own or legally prescribed purposes. In particular, the purposes of our data processing are the following:
6. Disclosure to third parties, categories of recipients
We may disclose client data to the following third parties in the following cases:
In particular in connection with certain products or services, personal data must also be disclosed to third parties domiciled in countries which do not have an appropriate level of data protection (e.g. the United States). If data has to be transferred to such a country, we will take measures for a continuous appropriate protection of personal data.
7. Outsourcing of business units or services
We are outsourcing certain business units and services, wholly or partially, to third parties, in particular to Aquila AG (such as legal and compliance, accounting, CRM system, IT).
We carefully select any contractors who process personal data on our behalf. Where possible, we use service providers domiciled in Switzerland. The service providers might be entitled to outsource certain services to other third parties.
The services providers are only permitted to process the data received to the extent that we do ourselves. Additionally, they are contractually required to guarantee confidentiality and the security of personal data.
8. Automated individual decisions in specific cases, including profiling
We reserve the right to process client data in the future in an automated manner, in particular to identify significant personal characteristics of the clients, to predict developments and to create client profiles.
This is used, in particular, to review and develop our offering and to improve our services.
Client profiles may, in the future, also lead to automated individual decisions (e.g. automated receipt and execution of client orders in our CRM system).
We ensure that a suitable contact person is available to the client if the client wishes to express a view on any automated individual decision where such opportunity to express a view is required by law.
When a person is visiting our website, our web server automatically records certain details of the visit (e.g. the website the person is visiting us from, the visitor’s IP address, the specific areas of the website the person is visiting, including the date and duration of the visit). Such tracking data is used to optimize our website and provide information on how the visitor of the website learns about our products and services and how he/she uses them. However, it does not allow the identification of the visitor. In so far, no personal data is being processed in this respect.
When visiting our website, the visitor’s data is transmitted over the internet, an open network accessible to everyone. The electronic transmission of data (including via email) prohibits an effective protection of the data against third party interventions. This bears the risk that the data is being disclosed or altered, that the identity of the sender (e.g. email address) or the content of the data is imitated or otherwise manipulated by unauthorized third parties, that viruses are released, that technical transmission errors, delays or interruptions occur, that information is transmitted abroad including countries whose data protection laws are not comparable to those of Switzerland etc.
When visiting our website, the visitor explicitly agrees to this data protection declaration and the mentioned risks.
This data protection declaration only applies to data we receive due to visits of our website. It is not applicable to third party websites (including linked websites). The content and privacy practices of any (linked) third party website is beyond our control and responsibility.
10. Duration of storage
The duration of storage for personal data depends on the purpose of the data processing and/or statutory storage provisions (depending on the applicable legal basis, five, ten or more years).
11. Rights of the affected persons
You can ask us whether personal data about you is being processed. You have the right to object to the data processing, the right to restriction of processing, and, if applicable, the right to data portability. You also have the right of rectification and, provided that there are no compelling statutory or regulatory requirements (such as storage provisions) or technical barriers, the right to erasure. The erasure of your personal data may lead to the result that we cannot provide certain services any longer. Furthermore, if applicable, there is also a right to lodge a complaint with an appropriate data privacy supervisory authority. Where we process personal data based on your granted consent, you may revoke your consent at any time.
To help us reply to your request, please send us a clear message. We will examine your issue and reply in good time.
12. Contact data
We are responsible for the processing of personal data. If you have any questions relating to data protection, please contact the following address: