01

Introduction

With the following privacy policy, we would like to inform our customers and partners about the types of personal data (hereinafter also referred to as “data”) we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in applications and SaaS, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).

As of: July 1, 2024

This is a translation. The version in German is binding.

02

Responsible persons

Sidarion AG
Rikonerstrasse 2
CH-8307 Effretikon
Switzerland

Headquarter:
Lättichstrasse 6
CH-6340 Baar
Switzerland

Phone: +41 43 544 10 66
E-mail: info@sidarion.ch

Authorized representatives:
  • Peter Stiegler, CEO & owner Sidarion AG
  • Roger Granjean, owner Sidarion AG
Contact details of the data protection officer within the meaning of Art. 10 DSG
(Swiss Federal Act on Data Protection):
  • Martin Hagmann, Chief Information Security Officer (CISO) Sidarion AG
03

Overview of processing operations

The following overview summarizes the types of data processed and the purposes for which they are processed, and refers to the data subjects.

Types of data processed
  • Inventory data (e.g., names, addresses)
  • Content data (e.g., entries in online forms)
  • Contact data (e.g., email, phone numbers)
  • Meta/communication data (e.g., device information, IP addresses)
  • Usage data (e.g., websites visited, interest in content, access times)
  • Contract data (e.g., subject matter of the contract, term, customer category)
  • Payment data (e.g., bank details, invoices, payment history)
  • Categories of data subjects
  • Employees (e.g., employees, applicants, former employees)
  • Prospective customers
  • Communication partners
  • Customers
  • Manufacturers/partners
  • Users (e.g., website visitors, users of online services, workshop attendees)
Purposes of processing
  • Provision of our online offering and user-friendliness
  • Office and organizational procedures
  • Direct marketing (e.g., by email or postal mail)
  • Feedback (e.g., collecting feedback via online forms)
  • Marketing
  • Contact requests and communication
  • Profiles with user-related information (creating user profiles)
  • Reach measurement (e.g., access statistics, recognition of returning visitors)
  • Provision of contractual services and customer services
04

Relevant legal basis

Below you will find an overview of the legal basis of the GDPR, which we use as the basis for processing personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations of your or our country of residence or registered office may apply. If, in individual cases, more specific legal bases are relevant, we will inform you of these in the privacy policy.

Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR)

The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes.

Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR)

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR)

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Switzerland:

In addition to the data protection provisions of the General Data Protection Regulation, national data protection regulations apply in Switzerland. These include, in particular, the Federal Act on Data Protection (DSG). The DSG applies in particular if no EU/EEA citizens are affected and, for example, only data of Swiss citizens is processed.

05

Safety measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk. These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the relevant access, input, transfer, security of availability, and separation. Furthermore, we have established procedures to ensure that data subjects’ rights are exercised, data is deleted, and responses are made to threats to data. Furthermore, we take the protection of personal data into account during the development and selection of hardware, software, and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

Our ISMS has been ISO 27001 certified since 2024.

06

Transfer of personal data

In the course of our processing of personal data, it may happen that the data is transferred to other bodies, companies, legally independent organizational units, or persons, or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to ensure that your data is protected.

07

Data processing in third countries

If we process data in a third country (i.e. outside Switzerland) or if processing takes place in connection with the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.
For the processing of data via a SaaS licensed by Sidarion that processes data in third countries, the Data Processing Agreement (DPA) of the respective manufacturer applies.

08

Use of cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie is primarily used to store information about a user during or after their visit to an online offering.

The following types of cookies and functions are distinguished:

  • Temporary cookies (also known as session cookies) are deleted at the latest after a user leaves an online service and closes their browser.
  • Permanent cookies remain stored even after the browser is closed. This allows, for example, the login status to be stored or preferred content to be displayed directly when the user visits a website again. Similarly, the interests of users, which are used for reach measurement or marketing purposes, can be stored in such a cookie.
  • First-party cookies are set by us.
  • Third-party cookies (also known as third-party cookies) are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also known as essential or strictly necessary) cookies may be absolutely necessary for the operation of a website (e.g., to store logins or other user entries or for security reasons).
  • Statistics, marketing, and personalization cookies. Cookies are also generally used for reach measurement and when a user’s interests or behavior (e.g., viewing certain content, using functions, etc.) are stored in a user profile on individual websites. Such profiles are used, for example, to display content to users that corresponds to their potential interests. This process is also referred to as “tracking,” i.e., tracking the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or when obtaining your consent.
Information on legal bases:

The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this applies and you consent to the use of cookies, the legal basis for the processing of your data is your declared consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g., in the commercial operation of our online offering and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.

Storage period:

Unless we provide you with explicit information about the storage period of permanent cookies (e.g., in the context of a so-called cookie opt-in), please assume that the storage period can be up to two years.

General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option of revoking your consent or objecting to the processing of your data by cookie technologies (collectively referred to as “opt-out”) at any time. You can initially declare your objection via your browser settings, e.g., by deactivating the use of cookies (although this may also restrict the functionality of our online offering).

Types of data processed:

Usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

Data subjects:

Users (e.g., website visitors, users of online services).

09

Provision of the online offering

In order to provide our online offering securely and efficiently, we operate our own server infrastructure. For these purposes, we may record infrastructure and platform services, computing capacity, storage space, and database services, as well as security services and technical maintenance services via log data. The data processed in the context of providing the hosting service may include all information relating to users of our online offering that is generated during use and communication. This regularly includes the IP address, which is necessary to deliver the content of online offerings to browsers, and all entries made within our online offering or on websites. Collection of access data and log files: We ourselves collect data on every access to the server (so-called server log files). Server log files may include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to prevent server overload (especially in the event of malicious attacks, known as DDoS attacks) and to ensure server utilization and stability.

Types of data processed:

Content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

Affected persons:

Users (e.g., website visitors, users of online services).

Purposes of processing:

Provision of our online offering and user-friendliness.

Services and service providers used:

We will be happy to provide this information upon request.

010

Special notes regarding computer code created by Sidarion AG in the form of scripts and/or programming languages

We process user data using computer code created by us to the extent necessary to provide users with the application and its functionalities, to monitor its security, and to further develop it. We may also contact users in compliance with legal requirements if communication is necessary for administrative purposes or for the use of the application. For further information on the processing of user data, please refer to the data protection information in this privacy policy.

Legal basis:

The processing of data required for the provision of the application’s functionalities serves to fulfill contractual obligations. This also applies if the provision of the functions requires authorization from the user (e.g., approval of device functions). If the processing of data is not necessary for the provision of the application’s functions but serves the security of the application or our business interests (e.g., collection of data for the purpose of optimizing the application or for security purposes), it is carried out on the basis of our legitimate interests. If users are expressly asked to consent to the processing of their data, the data covered by the consent will be processed on the basis of the consent.

Types of data processed:

Inventory data (e.g., names, addresses), meta/communication data (e.g., device information, IP addresses) and associated payload in network communication, as well as files and their contents.

Purposes of processing:

Provision of contractual services and customer service.

11

Video conferences, online meetings, webinars, and screen sharing

We use platforms and applications from other providers (hereinafter referred to as “conference platforms”) for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter collectively referred to as “conference”). When selecting conference platforms and their services, we comply with legal requirements.

Data processed by conference platforms:

When you participate in a conference, the conference platforms process the personal data of participants as described below. The scope of processing depends on the data required for a specific conference (e.g., login details or real names) and any optional information provided by participants. In addition to processing for the purpose of holding the conference, the conference platforms may also process participant data for security purposes or to optimize their services.

The data processed includes personal data (first name, last name), contact information (email address, telephone number), access data (access codes or passwords), profile pictures, information about professional position/function, the IP address of the Internet access, information about the participants’ end devices, their operating system, the browser and its technical and language settings, information about the content of communication processes, i.e. entries in chats as well as audio and video data, and the use of other available functions (e.g. surveys).

The content of communications is encrypted to the extent technically provided by the conference provider.

If participants are registered as users on the conference platforms, additional data may be processed in accordance with the agreement with the respective conference provider. Logging and recording: If text entries, participation results (e.g., from surveys), and video or audio recordings are logged, participants will be informed of this in advance and, where necessary, asked for their consent.

Data protection measures taken by participants:

Please refer to the data protection information provided by the conference platforms for details on how your data is processed and select the security and data protection settings that are best for you in the conference platform settings. Please also ensure that your data and privacy are protected in the background of your recording for the duration of a video conference (e.g., by informing roommates, locking doors, and using the background blur function, if technically possible). Links to the conference rooms and access data must not be passed on to unauthorized third parties.

Information on legal bases:

If, in addition to the conference platforms, we also process user data and ask users for their consent to the use of the conference platforms or certain functions (e.g., consent to the recording of conferences), the legal basis for the processing is this consent. Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g., in participant lists, in the case of processing meeting results, etc.). Otherwise, user data is processed on the basis of our legitimate interest in efficient and secure communication with our communication partners.

Types of data processed:

Inventory data (e.g., names, addresses), contact data (e.g., email, telephone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

Data subjects:

Communication partners, users (e.g., website visitors, users of online services).

Purposes of processing:

Provision of contractual services and customer service, contact inquiries and communication, office and organizational procedures.

Services used and service providers

We will be happy to provide this information upon request.

12

Cloud Services

We use software services accessible via the Internet and executed on the servers of their providers (so-called “cloud services,” also referred to as “software as a service”). In this context, personal data may be processed and stored on the servers of the providers, insofar as this is part of communication processes with us or is otherwise processed by us as set out in this privacy policy. This data may include, in particular, master data and contact details of users, data on transactions, contracts, other processes and their contents. The providers of cloud services also process usage data and metadata, which they use for security purposes and to optimize their services. If we use cloud services to provide forms or other documents and content for other users or publicly accessible websites, the providers may store cookies on users’ devices for web analysis purposes or to remember user settings (e.g., in the case of media control).

Information on legal bases:

If we ask for consent to use cloud services, the legal basis for processing is consent. Furthermore, their use may be part of our (pre)contractual services if the use of cloud services has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient and secure administrative and collaboration processes).

For the processing of data via a SaaS licensed by Sidarion, the Data Processing Agreement (DPA) of the respective manufacturer applies.

Types of data processed:

Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses), payload from network communication, and files and their contents.

Data subjects:

Customers, employees (e.g., employees, applicants, former employees), interested parties, communication partners.

Purposes of processing:

Office and organizational procedures, provision of services to customers.

Services and service providers used:

We will be happy to provide this information upon request.

13

Newsletters, mailings, and electronic notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletters”) only with the consent of the recipient or with legal permission. If the content of the newsletter is specifically described when registering for it, this description is decisive for the consent of the user. Our newsletters also contain information about our services and about us. To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name so that we can address you personally in the newsletter, or further information if this is necessary for the purposes of the newsletter.

Deletion and restriction of processing:

We may store the email addresses that have been unsubscribed for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently comply with objections, we reserve the right to store the email address in a block list (so-called “block list”) for this purpose only. The registration process is logged on the basis of our legitimate interests for the purpose of proving that it has been carried out properly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.

Information on legal bases:

The newsletter is sent on the basis of the recipient’s consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, insofar as this is permitted by law, e.g. in the case of advertising to existing customers. If we commission a service provider to send emails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests in order to prove that it was carried out in accordance with the law. Content: Information about us, our services, promotions, and offers.

Types of data processed:

Inventory data (e.g., names, addresses), contact data (e.g., email, telephone numbers), meta/communication data (e.g., device information, IP addresses), usage data (e.g., websites visited, interest in content, access times).

Data subjects:

Communication partners.

Purposes of processing:

Direct marketing (e.g., by email or postal mail)

Right to object (opt-out):

You can unsubscribe from our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably email.

14

Web analytics, monitoring, and optimization

Web analysis (also known as “reach measurement”) is used to evaluate visitor flows to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify at what times our online offering or its functions or content are used most frequently or invite reuse. We can also identify areas that require optimization. In addition to web analysis, we may also use test procedures to test and optimize different versions of our online offering or its components. For these purposes, user profiles may be created and stored in a file (known as a “cookie”) or similar procedures with the same purpose may be used. This information may include, for example, content viewed, websites visited and elements used there, and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this may also be processed, depending on the provider. The IP addresses of users are also stored.

Information on legal bases:

If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Types of data processed:

Usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

Data subjects:

Users (e.g., website visitors, users of online services).

Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors), profiles with user-related information (creation of user profiles).

Services and service providers used

We will be happy to provide this information upon request.

15

Online marketing

We process personal data for online marketing purposes, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of its effectiveness. For these purposes, so-called user profiles are created and stored in a file (so-called “cookies”) or similar procedures are used to store information about the user that is relevant for the presentation of the aforementioned content. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this may also be processed. The IP addresses of users are also stored. The information in the profiles is usually stored in cookies or using similar methods. These cookies can later be read on other websites that use the same online marketing method, analyzed for the purpose of displaying content, supplemented with further data, and stored on the server of the online marketing method provider. In exceptional cases, clear data may be assigned to the profiles. This is the case if, for example, users are members of a social network whose online marketing process we use and the network links the user profiles with the aforementioned information. Please note that users may have additional agreements with the providers, e.g., through consent given during registration. We generally only have access to aggregated information about the success of our advertisements. However, we can use conversion measurements to determine which of our online marketing methods have led to a conversion, i.e., for example, to a contract being concluded with us. Conversion measurements are used solely to analyze the success of our marketing measures. Unless otherwise stated, please assume that the cookies used will be stored for a period of two years.

Information on legal bases:

If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Types of data processed:

Usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

Data subjects:

Users (e.g., website visitors, users of online services).

Purposes of processing:

Marketing, profiles with user-related information (creation of user profiles).

Right to object (opt-out):

We refer you to the privacy policies of the respective providers and the options for objecting (known as “opt-out”) specified by the providers. If no explicit opt-out option has been specified, you may be able to disable cookies in your browser settings. However, this may limit the functionality of our online offering.

16

Presence on social media

We maintain online presences within social networks and process user data within this framework in order to communicate with users active there or to provide information about us. We would like to point out that data of users within the European Union may be processed in this context. This may result in risks for users, as it could, for example, make it more difficult to enforce user rights. Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of users. The user profiles can in turn be used, for example, to place advertisements within and outside the networks that are likely to correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data may also be stored in the usage profiles independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them). For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks. In the event of requests for information and the assertion of data subject rights, we would also like to point out that these can be most effectively asserted with the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. However, if you require assistance, please contact us.

Types of data processed:

Contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

Data subjects:

Users (e.g., website visitors, users of online services).

Purposes of processing:

Contact requests and communication, feedback (e.g., collection of feedback via online form), marketing.

Services and service providers used

We will be happy to provide this information upon request.

17

Plugins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include graphics, videos, or city maps (hereinafter referred to collectively as “content”). The integration always requires that the third-party providers of this content process the IP address of the users, as they would not be able to send the content to their browsers without the IP address. The IP address is therefore necessary for the display of this content or these functions. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, time of visit, and other information about the use of our online offering, and may be linked to such information from other sources.

Information on legal bases:

If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Integration of third-party software (scripts or frameworks):

We integrate software into our online offering that we retrieve from servers of other providers (e.g., function libraries that we use for the purpose of displaying or improving the user-friendliness of our online offering). In doing so, the respective providers collect the IP address of the users and may process it for the purpose of transmitting the software to the users’ browsers, for security purposes, and for the evaluation and optimization of their offering.

Types of data processed:

Usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses), inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms).

Data subjects:

Users (e.g., website visitors, users of online services).

Purposes of processing:

Provision of our online offering and user-friendliness, provision of contractual services and customer service.

Services and service providers used:

We will be happy to provide this information upon request.

18

Deletion of data

The data we process will be deleted in accordance with legal requirements as soon as the consent for processing is revoked or other permissions expire (e.g., if the purpose for processing this data no longer applies or it is no longer necessary for the purpose). If the data is not deleted because it is required for other, legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person. Within the scope of our data protection information, we can provide users with further information on the deletion and storage of data that applies specifically to the respective processing process.

19

Changes and updates to this privacy policy

We ask you to regularly review the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification. If we provide addresses and contact information for companies and organizations in this privacy policy, please note that these addresses may change over time and check the information before contacting them.

20

Rights of the persons concerned

As a data subject, you have various rights under Swiss federal data protection law or the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

Right to withdraw consent:

You have the right to withdraw your consent at any time.

Right to information:

You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with the legal requirements.

Right to rectification:

In accordance with the legal requirements, you have the right to request the completion of data concerning you or the rectification of incorrect data concerning you.

Right to erasure and restriction of processing:

In accordance with legal requirements, you have the right to request that data concerning you be deleted immediately or, alternatively, in accordance with legal requirements, to request that the processing of the data be restricted.

Right to data portability:

You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller in accordance with legal requirements.

Complaint to supervisory authority:

In accordance with legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the member state in which you usually reside,

the supervisory authority of your workplace or the place of the alleged infringement, if you believe that the processing of personal data relating to you violates Swiss federal data protection law or the GDPR.

21

Definition of terms

This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined in Article 4 of the GDPR. The legal definitions are binding. The following explanations are intended primarily to aid understanding. The terms are listed in alphabetical order.

  • DPA, Data Privacy Agreement or Data Privacy Addendum:
    A DPA, which is usually provided by the manufacturer, defines the rights and obligations of the parties within the scope of the process, which data is collected, for what purpose and for how long the data is processed, what happens to the data after the end of the contract, and which technical and organizational measures must be observed during data processing.
  • IP masking:
    “IP masking” refers to a method in which the last octet, i.e., the last two numbers of an IP address, is deleted so that the IP address can no longer be used to uniquely identify a person. IP masking is therefore a means of pseudonymizing processing procedures, especially in online marketing.
  • Personal data:
    “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Profiles with user-related information:
    The processing of “profiles with user-related information,” or “profiles” for short, includes any type of automated processing of personal data that consists of using this personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information regarding demographics, behavior, and interests, such as interaction with websites and their content, etc.). Cookies and web beacons are often used for profiling purposes.
  • Reach measurement:
    Reach measurement (also known as web analytics) is used to evaluate the visitor flows of an online offering and may include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, website owners can, for example, identify at what time visitors visit their website and what content they are interested in. This enables them, for example, to better tailor the content of the website to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis to recognize returning visitors and thus obtain more accurate analyses of the use of an online offering.
  • Responsible party:
    The “responsible party” is the natural or legal person, authority, institution, or other body that alone or jointly with others decides on the purposes and means of processing personal data.
  • Processing
    “Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers virtually all handling of data, whether it is collection, evaluation, storage, transmission, or deletion.