Data Policy

A. General information
B. Supplementary information on data processing on the website
C. Supplementary information on data processing on our social media company pages
D. Supplementary information for business partners and interested parties
E. Supplementary information for applicants
F. Supplementary information for participants in events

A. General information

1. Responsible

Responsible for the processing of personal data is:

Wüest Partner AG
Bleicherweg 5
8001 Zürich, Schweiz

2. Data Protection Officer

Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

Wüest Partner AG     
 Data Protection Officer       
 Bleicherweg 5
 CH-8001 Zurich       
 Tel: +41 44 289 90 00       
 E-mail: datenschutzbeauftragter@wuestpartner.com

3. Disclosure of data to third parties

Your personal data will only be passed on to third parties if this is permitted by data protection law, in particular if you have consented to the transfer, if the transfer is necessary for the purpose of contract processing or in order to provide you with a requested service.

Categories of recipients of personal data who are not bound by instructions are: Video service providers.

Categories of service providers bound by instructions and obligated in accordance with the provisions of data protection law, who may not use the data for any other purpose, are: Providers for analysis services, for feedback and referral services, for the provision of contact forms, for the dispatch of the newsletter and for the support and hosting of the website.

4. Third country transfer

On our website, services of providers based in the USA or relations to the USA are integrated. If you consent to data processing by one of these providers, it cannot be ruled out that US authorities will have unrestricted access to the data processed about you. You also have no legal recourse against this. Specifically, these providers are:

1. Service: Google Analytics, Google Tag Manager, YouTube
   Provider: Google Ireland Limited, Ireland    
   Parent company: Google LLC, USA
2. Service: LinkedIn Marketing Solutions       
   Provider: LinkedIn Ireland Unlimited Company, Ireland.   
   Parent company: LinkedIn Corp, USA.
3. Service: Instagram Social Plugins   
   Provider: Facebook Ireland Limited, Ireland 
   Parent company: Facebook Inc. , USA.
4. Service: Twitter Social Plugins        
   Provider: Twitter International Company, Ireland   
   Parent company: Twitter, Inc., USA.

It is not excluded that the companies or the respective parent companies and/or U.S. authorities access personal data that is processed to provide the services.

The legal basis for the transfer of personal data to the USA was the certification of the providers or the parent companies of the providers in accordance with the EU-US Privacy Shield. However, this agreement was declared invalid by the European Court of Justice in July 2020. Negotiations are being conducted between the USA and the EU on a successor agreement to the Privacy Shield. However, it is not foreseeable when these will be concluded.

For this reason, standard data protection clauses pursuant to Art. 46 (2) c of the GDPR (SCCs) are currently regularly agreed as the legal basis for the transfer of personal data to the USA. However, a third-country transfer on the basis of SCCs is only permissible if the agreements can actually be complied with by the providers in the third country. In particular, this would require that unrestricted access to the data by U.S. authorities can be ruled out, which is not the case according to current knowledge.

Although we conclude the standard data protection clauses with the companies, we therefore only use the aforementioned services with your prior express consent and expressly point out the following regarding the risks of transferring data to one of the above-mentioned service providers:

Due to the powers of the U.S. intelligence agencies and the legal situation in the U.S., U.S. government surveillance measures are disproportionate and, from the EU’s perspective, there is no adequate level of government data protection for personal data. In particular, Sec. 702 of the U.S. Foreign Intelligence Surveillance Act (FISA) provides no limits on the intelligence agencies’ surveillance measures and no safeguards for non-U.S. citizens. Moreover, Presidential Policy Directive 28 (PPD-28) does not provide affected individuals with effective remedies against measures taken by U.S. authorities and does not provide any barriers to ensuring proportionate measures. In addition, U.S. authorities can demand that a U.S. company hand over all stored data on the basis of the U.S. Cloud Act, even if this data is located on servers within the EU.

5. Storage duration

The personal data processed by us will be stored by us for as long as is necessary for the respective purpose – in particular the processing of your request or your order – in compliance with the statutory retention periods. Storage beyond the statutory retention periods is possible if you have consented to this or the purpose of the data processing has not yet ceased.

6. Your rights

a) Disable and delete cookies

Some of the processing operations explained above use cookies. You can deactivate the storage of cookies on your terminal device in your browser settings. In addition, you can delete cookies stored in your browser settings at any time. However, in this case you may not be able to use all functions of our website to their full extent.

b) Right of withdrawal

Some of the processing operations explained above are only carried out with your consent. You can revoke your consent to the performance of these processing operations at any time with effect for the future. You can exercise your right of revocation via the Consent Management Tool (CMT). In this way, you can also consent again to individual data processing operations.

c) Right of objection

You may object to the use of personal data for direct marketing purposes at any time; you may also object to the use of personal data on the basis of our overriding interest for reasons arising from your particular situation at any time with effect for the future. For the objection, only the transmission costs according to the prime rates are incurred.

d) Right of access, rectification, erasure or restriction and portability

Under certain conditions, you have the right to receive information free of charge about the data we have stored about you, to have incorrect data corrected and to request the deletion or restriction of processing as well as the transferability of your personal data. In some cases, however, we are not allowed to delete user data completely due to legal retention obligations.

e) Right of appeal

You have a right of appeal to a supervisory authority.

B. Supplementary information on data processing on the website

In addition to our General Information (please refer to section A), we provide information here on how personal data is collected from visitors to our website and for what purposes it is processed and on what legal basis. We also provide information about which third-party services we have integrated and for what purpose.

I. Data processing strictly necessary for the provision of the website

In some cases, the processing of data is absolutely necessary in order to be able to provide our website without technical or functional restrictions and in accordance with legal requirements. In these cases, data processing also takes place if you have refused any additional data processing via the Consent Management Tool (CMT).

1. Log file

When a website is accessed, the server automatically creates a so-called “log file”. This contains, among other things, the date and time of access, browser type and version, operating system and version, IP address, accessed domain and the previously visited website.

The data processing is absolutely necessary to ensure the retrievability and correct display of our websites on your end device. In addition, the log files can be used to identify cyber attacks and thus ensure the accessibility of our websites. This data processing takes place in Switzerland and the EU.

2. Consent Management Tool

To obtain and document your consent to data processing by various services, we have included a Consent Management Tool (“CMT”).

When you open our website, you can submit declarations of consent for individual data processing via the CMT, which will be stored by the CMT. For this purpose, the CMT stores a cookie, i.e. a small text file, on your terminal device. In this way, when you open the website again, it can be traced to which data processing by which services you have consented or not consented. This means that you do not have to make your settings for consenting to individual data processing operations again each time you visit the site. Of course, you can also change your selection subsequently via the settings.

We are required by law to obtain and document your consent. In order to comply with this legal obligation, the CMT is absolutely necessary. This data processing takes place in Switzerland and in the EU.

II. Data processing after consent via the CMT

We have integrated the services listed below into our website for various purposes. Data processing by these services only takes place if you have consented via the Consent Management Tool (CMT). You can use the CMT to revoke your consent at any time, please also read section A 6b).

1. Google services

Our website includes services provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland (“Google”). The data processing takes place in the UK, the EU and Switzerland, possibly also in the USA (for more information, see section A.4).

a) General about Google services, legal basis

To provide the services, Google accesses information that is stored on your terminal device. In addition, Google may store information and, in particular, cookies on your terminal device in order to provide the services. Details on this can be found below for the respective service. The legal basis for accessing information and storing information and cookies is your consent).

Google processes the information on the one hand to provide the services. On the other hand, Google processes the information according to its own information in order to continuously improve and further develop its services. The legal basis for the processing of personal data for these purposes is your consent.

It cannot be ruled out that data collected by Google services will also be transmitted to and stored on a Google server in a third country, in particular a server of Google’s parent company, Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, California, USA. To safeguard the third-country transfer, we have agreed EU standard data protection clauses with Google. According to its own information, Google ensures compliance with the data protection agreements. Nevertheless, a transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by Google services therefore only takes place with your express consent. For more information on third country transfers, please refer to para. A.4.

If you are logged into your Google account, Google may add processed information to your account depending on your account settings and treat it as personal data, cf. in particular https://www.google.de/policies/privacy/partners. We do not obtain knowledge of the data collected in this way and how it is used.

You can obtain further information on data processing by Google at:

• https://policies.google.com/privacy (“Google Privacy Policy”)
• https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when you use our partners’ websites or apps”).
• http://www.google.com/policies/technologies/ads (“Data use for advertising purposes”)

b) Google Tag Manager

On our website, the service Google Tag Manager (GTM) is integrated to reload additional services. Due to this technical implementation, Google obtains knowledge that the website was called up with the IP address of your end device when you call up a website. In addition, Google can track which functions and tools are reloaded via the GTM.

You have the option of deactivating the service and thus preventing the transfer of data to the provider by deactivating JavaScript via your browser settings. However, we would like to point out that in this case you will not be able to use all functions of the website.

For more information on data processing by GTM, please visit: https://support.google.com/tagmanager/answer/6102821?hl=en.

c) Google Analytics

The Google Analytics service is integrated on our website. The service evaluates your surfing behavior across all websites. For this purpose, the service stores cookies, i.e. small text files, on your terminal device:

These are the following cookies:

• _ga: Counts and tracks page views; the storage period is 2 years; Google gets access to the processed data.
• _gid: Counts and tracks page views; the storage period is 1 year; Google gets access to the processed data.

On our behalf, Google processes the collected data to provide us with pseudonymous profiles of individual visitors and general statistics about the use of our website. We use this information to improve our offer and make it more interesting for you as a user.

We use the “Google Optimize” function of Google Analytics. Google Optimize analyzes the use of different variants of our website (so-called “A/B tests”) and thus helps us to improve the user experience according to the behavior of our users on the website.

We use the “demographic characteristics” function of Google Analytics. By evaluating your surfing behavior, Google can make statistical statements about the demographic characteristics and interests (e.g. age, gender, affinity categories, segments with target groups willing to buy) of visitors to our website. However, we cannot assign this data to any specific person. We use the demographic information to improve our offer and to make it more interesting for you as a user. For more information on data processing by “demographic characteristics” of Google Analytics, please visit: https://support.google.com/analytics/answer/2799357?hl=de.

IP anonymization has been activated on this website so that your IP address is shortened by Google Analytics before it is stored. According to Google, only in exceptional cases will the full IP address be transmitted to a Google LLC server in the USA and shortened there. According to Google, the shortened IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Under the following link you can download and install a plug-in for the browser you use to deactivate Google Analytics across websites: http://tools.google.com/dlpage/gaoptout?hl=de.

For more information on data processing by Google Analytics, please visit: https://support.google.com/analytics/answer/6004245?hl=de%20.

d) Youtube

Videos are embedded on this website via YouTube.

The embedding of the service is linked to your settings in our Consent Management Tool (CMT). Thus, you will initially only be shown a preview image on our website. In this case, you cannot use the service and data processing by the provider does not take place. Only after you have activated the service via the settings in the CMT, a connection to the provider is established and you can use the service. As a result, your IP address is forwarded to the provider’s servers and the provider is thus informed that our website was visited with your IP address.

You also have the option to prevent the integration of YouTube videos and thus the data transfer to the provider by deactivating JavaScript in your browser settings. However, we would like to point out that in this case you will not be able to use the video function.

For more information about YouTube, please visit: https://www.youtube.com/t/terms (YouTube Terms of Use).

2. Linkedin Marketing Solutions

The LinkedIn Marketing Solutions service is integrated on our website. The provider of the service is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). Data processing by the service only takes place after you have consented to this via the CMT. Data processing takes place in the UK, the EU and Switzerland, possibly also in the USA (for more information, see section A.4).

The service collects this information about your terminal device and your visit to our website: Your Google Ad ID (if you access our website with an Android terminal device), cookies already stored in your browser, operating system of your terminal device, device brand and model name of your terminal device, IP address, date and time of your visit to our website, and the page URL.

The data collection takes place by means of some code lines provided by LinkedIn, which we have integrated into our website, the so-called “LinkedIn Insight Tag”. According to LinkedIn’s own information, the collected data is deleted again after 90 days. The legal basis for access to stored information as well as the storage of information on your end device by the service is your consent.

We may run ads on LinkedIn to draw attention to our offerings. In doing so, we only want to place ads that are attractive to you. For this purpose, LinkedIn analyzes your surfing behavior on our website based on the information collected and provides us with statistics on visitors to our website and on which content they interact with particularly frequently on our behalf. The legal basis for the further processing of the collected data is your consent.

If an ad is placed for you by us on LinkedIn and you click on it, you may be redirected to our website. In this case, LinkedIn can track that you clicked on our ad and were redirected to our website. In this way, LinkedIn can provide us with a statistical evaluation of the effectiveness of our advertising measures on our behalf (so-called “conversion tracking”). Conversion tracking is also carried out by means of the so-called “LinkedIn Insight Tag”. The legal basis for the further processing of the collected data is your consent.

If you are logged into LinkedIn with your profile, LinkedIn can add the collected data to your user profile. The legal basis for the further processing of the collected data is your consent.

It cannot be ruled out that data collected by the service may also be transmitted to a server of the provider in a third country – in particular in the USA – and stored there. We have agreed on EU standard data protection clauses with the provider to safeguard the transfer of data to third countries. According to its own information, the provider ensures compliance with the data protection agreements. Nevertheless, a transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by the service therefore only takes place with your express consent. You can find more detailed information on third country transfers in section A.4.

You can object to the analysis of your usage behavior by LinkedIn as well as the display of individualized ads by clicking on this link (“Opt-Out”): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

You have the option of deactivating the service and thus preventing the transfer of data to the provider by deactivating JavaScript in your browser. However, we would like to point out that in this case you may not be able to use all functions of the website.

For more information on data processing by the Service, please visit:

• https://www.linkedin.com/legal/privacy-policy
• https://business.linkedin.com/de-de/marketing-solutions
• https://www.linkedin.com/help/linkedin/answer/111735

3. Facebook Pixel

The Facebook Pixel service is integrated on our website. The provider of the service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). Data processing by the service only takes place after you have consented to this via the CMT. The data processing takes place in the UK, the EU and Switzerland, possibly also in the USA (for more information, see section A.4).

The service assigns you a unique visitor identifier and collects this information about your terminal equipment and your visit to our website: Device information and location.

The legal basis for the access to stored information as well as the storage of information on your terminal device by the Service is your consent.

We can place ads on Facebook to draw attention to our offers. In doing so, we only want to place ads that are attractive to you. For this purpose, Facebook analyzes your surfing behavior on our website based on the information collected. The legal basis for the further processing of the collected data is your consent.

If an ad is placed for you by us on Facebook and you click on it, you may be redirected to our website. In this case, Facebook may store so-called tracking pixels on your end device. The legal basis for storing information on your end device is your consent.

Using the tracking pixel, Facebook can track that you clicked on our ad and were redirected to our website. In this way, Facebook can provide us with a statistical evaluation of the effectiveness of our advertising measures (so-called “conversion tracking”). The legal basis for conversion tracking is your consent.

If you are logged into Facebook with your profile, Facebook may add the collected data to your user profile. In addition, Facebook may use the collected data for its own advertising purposes in accordance with the Facebook Data Use Policy. The legal basis of this data processing is your consent.

It cannot be ruled out that data collected by the service may also be transmitted to a server of the provider in a third country – in particular in the USA – and stored there. We have agreed on EU standard data protection clauses with the provider to safeguard the transfer of data to third countries. According to its own information, the provider ensures compliance with the data protection agreements. Nevertheless, a transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by the service therefore only takes place with your express consent. You can find more detailed information on third country transfers in section A.4.

Users who are logged in to Facebook can customize their ad settings at: www.facebook.com/ads/preferences.

For more information on data processing by the Service, please visit:

• https://www.facebook.com/policy.php
• https://m.facebook.com/policies/cookies

4. Social plugins

For the distribution of our content in social networks, social plugins are integrated on our website. Provider of the respective service is:

• Facebook: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
• Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
• Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
• LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
• YouTube: Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland

The respective service may collect this information about your terminal device and your visit to our website: Date and time of your visit, website visited before and after, operating system of your terminal device, device recognition and functions of your terminal device, browser used and browser add-ons installed, cookie ID, internet or mobile service provider as well as your location (if you access our website with a mobile device).

The legal basis for accessing stored information as well as storing information on your terminal device by the Service is your consent. The data processing takes place in the UK, in the EU and in Switzerland, possibly also in the USA (please refer to section A.4).

The embedding of the service is linked to your settings in our Consent Management Tool (“CMT”). Thus, you will initially only be shown a preview image on our website. In this case, you cannot use the service and no data processing by the provider takes place. Only after you have activated the service via the settings in the CMT, a connection to the provider is established and you can use the service. Thereby, the specified information is collected and forwarded to servers of the respective provider.

According to their own statements, the providers process the information collected in order to further develop their services. If you are logged in to one of the above-mentioned social media platforms with the browser you are using to view our website, the respective provider can assign your visit to our website to your user account. We do not obtain knowledge of the data collected in this way and how it is used. The legal basis for the further processing of the collected data is your consent.

It cannot be ruled out that data collected by the service will also be transmitted to a server of the provider in a third country – in particular in the USA – and stored there. We have agreed on EU standard data protection clauses with the provider to safeguard the transfer of data to third countries. According to its own information, the provider ensures compliance with the data protection agreements. Nevertheless, a transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by the service therefore only takes place with your express consent. You can find more information on third country transfers in section A.4.

For more information on data processing through social plugins and the respective platform operators, please visit:

• Facebook: https://de-de.facebook.com/policy.php
• Instagram: https://help.instagram.com
• Twitter: https://twitter.com/privacy
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• YouTube: https://www.google.de/intl/de/policies/privacy

III: Data processing when contacting us and using functions on our website

Read here what data is processed when you contact us or use functions of the website.

1. Contact

A contact form is integrated on our website, which is provided by the provider ClickDimensions LLC, 5901 Peachtree Dunwoody Road, Atlanta, GA 30328, USA (“ClickDimensions”). Data collected via the contact form is stored by ClickDimensions on our behalf exclusively on servers within the EU or Switzerland.

We collect via the contact form or in the context of any other contact only the personal data that you provide to us. Insofar as certain input fields are marked as “mandatory data”, we collect with these fields the data that are required for the implementation of the desired measure. Of course, you can provide us with further data if you wish.

The processing of this data is based on pre-contractual measures, insofar as this is necessary for the implementation of a measure requested by you. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us.

2. Registration and login

You can register a password-protected free customer account with us. Within the scope of the registration, the data marked as “mandatory data” will be collected. With the “mandatory data” we collect the data that is required for the purpose of implementing the user relationship established by the registration. Of course, you can provide us with further data if you wish. You can delete your personal user account at any time.

In order to technically enable access to password-protected areas, it is absolutely necessary that these cookies are stored on your terminal device:

• wordpress_sec: Used to identify and authenticate the logged in user. Function duration: 1 year. No personal data is processed or transmitted to third parties.
• wordpress_logged_in: Used to identify and authenticate the logged in user. Function duration: 1 year. No personal data is processed or transmitted to third parties.

3. Orders

You can place orders with us. During the ordering process, the data marked as “mandatory data” are collected. With the “mandatory data” we collect the data that are required to process the order. Of course, you can provide us with additional data if you wish.

For a more convenient purchase in our online store, you can also register or log in with us, read also point B. III. 2.

In order to technically enable the shopping cart function and the execution of the further order process, it is absolutely necessary that these cookies are stored on your terminal device:

• woocommerce_cart_hash: Helps WooCommerce detect when cart content/data changes. Function duration: Session. No data is transmitted to third parties.
• Woocommerce_items_in_card: Helps WooCommerce detect when cart content/data changes. Function duration: Session. No data is transmitted to third parties.
• Wp_wocommerce_session: Contains a unique code for each customer, so that he knows where to find the shopping cart data in the database for each customer. Function duration: 2 days. No data is transmitted to third parties.
• Wocommerce_recently_viewed: Enables the “Recently viewed products” widget. Function duration: Session. No data is transmitted to third parties.
• Store_notice (notice id): Allows clients to discard the store notice. Function duration: Session. No data is transmitted to third parties.

4. Payment processing

For the processing of payments we have integrated the service “Datatrans Payment Gateway”. The provider of the service is Datatrans AG, Kreuzbühlstr. 26, CH-8008 Zurich (“Datatrans”).

In order to process your order, the service collects all absolutely necessary information and passes it on to the payment provider selected by you (Art. 6 para. 1 p. 1 lit. b DSGVO).

We have no influence on the data processing that subsequently takes place at the payment provider selected by you. Rather, this is governed by the provisions of the respective provider. We are no longer responsible for the protection and handling of the data collected by Datatrans and the respective provider. For more information on data processing by Datatrans, please visit: https://www.datatrans.ch/en/privacy-policy/.

The data processing takes place in Switzerland.

5. Advertising measures

We have a legitimate interest in using your data for direct marketing purposes.

Insofar as you have consented to this, we also use your data for sending an e-mail newsletter. When you register for the newsletter, we store the IP address of the computer system used by you at the time of registration as well as the date and time of registration. The collection of this data is necessary in order to be able to trace a possible misuse of the e-mail address at a later date. The newsletter is technically designed with counting pixels so that we can track whether you have opened it. In particular, information on opening and click-through rates is stored and processed. The information obtained is used to make the newsletter even more attractive to you in the future. Your consent also refers to this tracking.

You can revoke your consent to the sending of the newsletter as well as to the newsletter tracking at any time via the link provided for this purpose in every e-mail newsletter or by sending a message to the contact details given above. In addition, you can object to the processing of your personal data for advertising purposes with effect for the future in writing, by fax, by e-mail or by telephone. For the objection, only the transmission costs according to the prime rates are incurred. The lawfulness of the data processing operations already carried out remains unaffected by this.

The newsletter is sent by the service provider ClickDimensions LLC, 5901 Peachtree Dunwoody Road, Atlanta, GA 30328, USA (“ClickDimensions”). The usage information generated is transferred on our behalf from ClickDimensions’ servers in the Netherlands to our servers in Germany and stored there for statistical usage analyses. The results help us to continuously improve the content of our newsletters and to make the information offered on our websites more interesting for you. If you do not agree with the storage and analysis of this data, you can unsubscribe via the link at the end of each newsletter.

Data processing takes place in the EU and Switzerland, possibly also in the USA (for more information, see section A.4).

IV. Data processing when using the Wüest Hub (Customer Support Hub)

The following text details what data is processed when you use our Wüest Hub (Customer Support Hub).

1. Registration and login

Upon request, we provide selected customers with a free user account for the Wüest Hub (Customer Support Hub) platform. As part of the registration process, we collect the data required to implement the user relationship established by the registration (Art. 6 para. 1 p. 1 lit. b DSGVO). The personal user account can be deleted at any time.

In order to technically enable access to password-protected areas, it is absolutely necessary that cookies are stored on your terminal device. No other third-party tracking tools (pixels or snippets) are used.

2. Contributions

As a registered user, you can post contributions on the platform and exchange information with other users. To enable an open and chronological exchange, we store the user name as well as the date and time your posts are published (Art. 6 para. 1 p. 1 lit. b DSGVO).

3. Deletion of user account and content

In addition to A.5, the following applies: Your user account and all its stored content will be deleted as soon as it is no longer required to fulfill the purpose of the contract. The obligation to delete does not apply to data that we are legally obliged to store (Art. 6 para. 1 p. 1 lit. c DSGVO) or for which we have a legitimate interest in retaining (Art. 6 para. 1 p. 1 lit. f DSGVO). A legitimate interest may be, among other things, to prevent access after a user has been justifiably blocked. In addition, we may continue to use content you have uploaded even after the deletion of your account if it was co-created with other users and can still be utilized by others.

4. Embedded training videos

Training videos are embedded via the video platform Vimeo (New York City, USA). When embedding the videos, all tracking features are disabled, and therefore no user information is recorded.

C. Supplementary information on data processing on our social media company pages

We operate a so-called “company page” on these social media platforms:

• Facebook: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
• Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
• Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
• LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
• YouTube: Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland
  
  1. General about company pages, legal basis

As the owner of an online presence on one of the social media platforms, we process personal data when you write to us directly via the platform (in a personal message or via the public comment function). The data that is collected depends on the information you provide and the contact details you provide or release. The processing of this data is based on pre-contractual measures, insofar as this is necessary for the implementation of a measure requested by you. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us.

When visiting a company page, the respective provider collects information that enables it to recognize users and comprehensively analyze user behavior. Based on the data collected in this way, the operator of the social media platform can also create user profiles. If you are logged in with your corresponding social media account when visiting a company page, the respective provider can also assign this visit to your account.

The respective provider merely provides us with an anonymized statistical evaluation of the use of our company website on the basis of the information obtained. This enables us to make our contributions even more targeted in the future. In this respect, we have a legitimate interest in collecting and processing this information. In addition, we have a legitimate interest in being able to use as many communication options as possible and thus reach as many interested parties personally as possible.

We do not ourselves pass on to third parties any personal data that we collect via our company pages. However, we can neither influence nor exclude the possibility that the named providers transmit the collected data to third parties – in particular to their partner companies, which may also be based in other EU countries. In many third countries outside the EU, there is currently no level of data protection equivalent to that in the EU.

You can assert your data subject rights (see also under A.6) with regard to data processing by our company websites can generally be asserted both against us and against the respective provider. However, we would like to point out that these rights can most effectively be asserted against the respective provider. This is because only the respective provider has access to the users’ data and can take appropriate measures and provide information directly.

Further information on data processing, including the place of processing, by the respective provider can be found at:

Facebook: en.facebook.com/about/privacy

LinkedIn: https://www.linkedin.com/legal/privacy-policy

Instagram: https://help.instagram.com

Twitter: https://twitter.com/privacy

YouTube: https://www.google.de/intl/de/policies/privacy

2. Agreements jointly responsible

We have entered into a shared responsibility agreement with Facebook and LinkedIn in which the data protection obligations arising from the operation of our corporate site are divided between us and the respective provider. The providers have thereby assumed a large part of the data protection obligations, such as the fulfillment of data subject rights, the obligation to provide suitable technical and organizational measures to protect the security of personal data, and the reporting and notification obligations in the event of a data protection breach. If you contact us regarding your data subject rights, we will immediately forward your request to the respective provider. We are obligated to do so under the agreement with the respective provider.

For more information on the agreement between us and the respective provider, please see:

• https://www.facebook.com/legal/terms/page_controller_addendum
• https://www.linkedin.com/help/linkedin/answer/124838?lang=de
• https://legal.linkedin.com/pages-joint-controller-addendum

D. Supplementary information for business partners and interested parties

In addition to our General Information (please refer to section A), we provide information here on how the personal data of our business partners and interested parties is collected and for what purposes it is processed and on what legal basis. We also inform about to whom the data of our business partners and interested parties are passed on and for what purpose.

1. Purpose and legal basis of the processing of personal data of our business partners and interested parties

We process personal data that is required for the fulfillment of obligations in the context of a possible contract initiation and from the contractual relationships with our business partners. This includes in particular first name, last name, a valid e-mail address, address, telephone number (landline and/or mobile) and account details.

We may process personal data of our existing customers for the purpose of sending information about our services (e.g. product information, special offers or event invitations). We have a legitimate interest in this. You can object to this processing at any time. For the objection, only the transmission costs according to the prime rates will be incurred (read section B.III4).

2. Disclosure of personal data of our business partners and interested parties to third parties

Your personal data will only be passed on to third parties if this is permitted by data protection law, in particular if you have consented to the transfer or if this is necessary for the purpose of processing the contract.

Categories of recipients of personal data not bound by instructions are: Payment processing provider (datatrans).

E. Supplementary information for applicants

In addition to our General Information (please refer to section A), we provide information here on how personal data of our applicants is collected and for what purposes it is processed and on what legal basis. We also provide information on when applicant data is deleted again.

1. Purpose and legal basis of the processing of personal data of our applicants

The personal data that you voluntarily provide to us as part of the application process – such as, in particular, your first and last name, address, e-mail address, date of birth, place of birth, occupation, curriculum vitae, certificates and special categories of personal data (e.g. information on your religious beliefs or health data) – will therefore be stored and processed in Switzerland. During the application process, additional data relevant to the application may arise, which will also be stored and processed. Your personal data will only be processed for the purpose of carrying out the application procedure. In the event of a successful application, the data will be transferred to your personnel file for the purpose of implementing the employment relationship.

2. Deletion of applicant data

If your application is not successful, your personal data will be deleted no later than four months after the end of the application process, unless the processing of your data is necessary for the assertion, exercise or defense of legal claims.

Your data will only be processed beyond the specific application procedure if you have expressly consented to your data remaining stored in our database even after the end of the respective application procedure, so that you can be contacted by us at a later date for vacancies if necessary. If you no longer want us to contact you, you can revoke your consent at any time with effect for the future in writing, by e-mail or by telephone. Otherwise, we will delete your data after one year. In the event of renewed contacts that are specifically related to the establishment of an employment relationship, the storage period will be extended by four months in each case.

3. Applications via Smartrecruiters platform

Applications can also be submitted via the Smartrecruiters platform. The provider of the platform is Smartrecruiters GmbH, Wilhelmstrasse 118, 10963 Berlin (“Smartrecruiters”).

To submit an application via the platform, you must first register there for a free profile. After registration, you can edit or delete this profile yourself at any time. Smartrecruiters uses order processors for the technical provision of the platform and the administration of applications received via the platform and, according to its own information, ensures compliance with all data protection requirements. Smartrecruiters is solely responsible for the processing of your personal data in connection with the registration and management of your profile.

Insofar as we have advertised a job on the platform and you apply for it via the platform, Smartrecruiters will act on our behalf in managing your application.

For more information on data processing on the Platform, please visit: https://www.smartrecruiters.com/legal/general-privacy-policy.

F. Supplementary information for participants in events

In addition to our General Information, we provide information here on how personal data of participants in our events is collected and for what purposes it is processed and on what legal basis.

1. Purpose and legal basis of the processing of personal data of participants in our events

We process personal data that is marked as “mandatory data” within the scope of the registration for an event for the processing of the registration for the event and for the implementation and handling of the event, in particular for correspondence and the transmission of the confirmation of participation.

In addition, we process your personal data on the basis of our legitimate interests, among other things, to compile statistics about the event.

We may also process your personal data for our own advertising purposes, in particular in terms of information for upcoming events. This is a legitimate interest; you can object to this processing at any time.

2. Recipient categories

Your personal data will only be passed on to third parties, for example to the respective lessor of the event rooms or to speakers, insofar as this is necessary for the implementation and processing of your participation.

3. Note on the production and publication of photographs and film recordings of the event

During our event, photographs and film recordings may be made for internal documentation purposes, for editorial purposes and for the purpose of advertising the current and future events.

We intend to use and publish the photo and film recordings in particular on our websites and on our social media channels.

We would like to point out that information on the Internet is accessible worldwide, can be found using search engines and can be linked to other information, from which personality profiles can be created under certain circumstances. Information posted on the Internet, including photos, can be easily copied and redistributed, and there are specialized archiving services whose goal is to permanently document the state of certain websites at specific dates. This can mean that information published on the Internet can still be found elsewhere even after it has been deleted from the original site.

We would also like to point out that according to the information currently known, photos and data cannot be deleted from Facebook at all, but only no longer shown publicly. There is currently insufficient information about Facebook’s internal use of photos and data – for example, to create personality profiles.

By participating, you consent to the publication by us of photographs and film footage of the event in which you are also depicted. If you do not agree to this, please inform the photographer or one of our employees. Even if you revoke your consent at a later date, photographs that have already been published may continue to be published and displayed for reporting purposes if the event itself is recognizably in the foreground on the photographs.

Legal notice

The English text of the Privacy Policy is a machine translation. The authoritative source text can be found here: Datenschutz