Privacy Statement Brand Affairs AG
14th of June 2018
In this data protection declaration, we (Brand Affairs AG) explain how we collect and process personal data. This is not a final description; other data protection declarations (or general terms and conditions, conditions of participation and similar documents) may regulate specific issues. Personal data is understood to mean all information relating to a specific or identifiable person.
If you provide us with personal data of other persons (e.g. family members, data of work colleagues), please ensure that these persons are familiar with this data protection declaration and only provide us with their personal data if you are permitted to do so and if these personal data are correct.
This data protection declaration is based on the EU Data Protection Ordinance (DSGVO). Although the DSGVO is a regulation of the European Union, it is also important for Swiss companies. The Swiss Data Protection Act (DSG) is strongly influenced by EU law, and companies outside the European Union and the EEA must comply with the DSGVO under certain circumstances.
1. Person in Charge
Responsible for the data processing described here is Reto Zangerl, Managing Partner of Brand Affairs AG. If you have any data protection concerns, you can inform us at the following contact address:
Brand Affairs AG
2. Type of data processing
We primarily process the personal data that we receive from our customers and other business partners or that we collect from their users when operating our websites, apps and other applications.
As far as this is permitted, we also take certain data from publicly accessible sources (e.g. land registers, commercial register, press, Internet, debt collection register), from authorities and other third parties. In addition to the data you provide us directly, the categories of personal data we receive about you from third parties include, in particular, information from public registers, information we learn in connection with official and legal proceedings, information relating to their professional functions and activities (so that we can, for example with your help), information about you in correspondence and meetings with third parties, credit information (if we handle transactions with you personally), information about you which persons from your environment (family, consultants, legal representatives, etc.) give us so that we can conclude or process contracts with you or with you (e.g. References, your address for deliveries, authorizations, information on compliance with legal requirements such as the fight against money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of us regarding your use or provision of services (e.g. payments made, purchases made), information from the media and the Internet about you (insofar as this is appropriate in a specific case, e.g.B. in the context of an application, press review, marketing/sales, etc.), your addresses and any interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of your visit, pages and contents accessed, functions used, referring website, location details).
3. Purposes of data processing and legal bases
We use the personal data collected by us primarily to conclude and process our contracts with our customers and business partners, in particular in the context of communication services for our customers (services of Brand Affairs AG) and the purchase of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations at home and abroad. If you work for such a customer or business partner, you can of course also be affected in this function with your personal data.
In addition, we process personal data of you and other persons, to the extent permitted and deemed appropriate, also for the following purposes in which we (and sometimes also third parties) have a justified interest corresponding to the purpose:
- Offer and further development of our offers, services and websites, apps and other platforms on which we are present;
- Communication with third parties and processing of their inquiries (e.g. applications, media inquiries);
- Review and optimization of procedures for needs analysis for direct customer approach and collection of personal data from publicly available sources for customer acquisition;
- Advertising and marketing (including the performance of events), provided that you have not objected to the use of your data (if we send you as an existing customer advertising from us, you can object to this at any time; we will then place you on a blacklist against further advertising mailings);
- Market and opinion research, media observation;
- Enforcement of legal claims and defence in connection with legal disputes and official proceedings;
- Prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analyses to combat fraud);
- Warranties for our operations, especially IT, our websites, apps and other platforms;
- Video surveillance for the protection of house rights and other measures for IT, building and system security and protection of our employees and other persons and assets belonging to or entrusted to us (e.g. access controls, visitor lists, network and mail scanners, telephone recordings);
- Acquisition and sale of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of personal data as well as measures for business management and compliance with legal and regulatory obligations and internal regulations of Brand Affairs AG.
If you have given us your consent to process your personal data for specific purposes (for example when registering to receive newsletters or carrying out a background check), we will process your personal data within the scope of and based on this consent, unless we have another legal basis and require one. A given consent can be revoked at any time, but this has no effect on data processing that has already taken place.
4. Cookies, tracking and other technologies in connection with the use of our website
We typically use “cookies” and similar techniques to identify your browser or device on our websites and apps. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by your web browser when you visit our website or install an app. If you visit this website again or use our app, we can recognize you even if we don’t know who you are. In addition to cookies, which are only used during a session and are deleted after your visit to the website (session cookies), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) (permanent cookies). However, you can set your browser to reject cookies, save them only for one session or otherwise delete them prematurely. Most browsers are preset to accept cookies. We use permanent cookies to better understand how you use our offers and content. Some cookies are set by us, some also by contractual partners with whom we cooperate. If you block cookies, certain functionalities such as language selection, shopping cart and ordering processes may no longer work.
In our newsletters and other marketing e-mails we partly and as far as permitted also include visible and invisible picture elements, by whose retrieval from our servers we can determine whether and when you have opened the e-mail, so that we can also measure here and better understand how you can use our offers and tailor them to you. You can block this in your email program; most are set to do so by default.
By using our websites, apps and consenting to receive newsletters and other marketing emails, you consent to the use of these techniques. If you do not want to do this, you must set your browser or e-mail program accordingly, or uninstall the app, unless this can be adjusted via the settings.
We use Google Analytics (Google LLC USA, www.google.com) to measure and evaluate the use of our websites. For this purpose, permanent cookies are also used, which are set by the service provider. The Service Provider does not receive any personal data from us, but may track your use of the Website, combine this information with data from other websites that you have visited and that are also tracked by Service Providers, and use this information for its own purposes (e.g. control of advertising). If you have registered yourself with the service provider, the service provider also knows you. The processing of your personal data by the service provider is then the responsibility of the service provider in accordance with its data protection regulations. The service provider merely informs us how our respective website is used (no information about you personally).
There are two ways to stop the recording by Google Analytics:
We also use plug-ins from social networks such as Facebook, Twitter, Youtube, Google+, Pinterest or Instagram on our websites. This can be seen for you in each case (typically via corresponding symbols). We have configured these elements to be disabled by default. If you activate them (by clicking), the operators of the respective social networks can register that you are on our site and where and can use this information for their purposes. The processing of your personal data is then the responsibility of this operator according to its data protection regulations. We do not receive any information about you from him.
Personal data transmitted via the contact form will be stored exclusively for the purpose of processing the corresponding customer enquiry, for example to provide further information about our company or to order specific services. The collected data will not be kept longer than necessary for the fulfilment of the order.
5. Data transfer and data transmission abroad
In the course of our business activities and the purposes set out in Section 3, we also disclose various data to third parties, where permitted and deemed appropriate, either because they process it for us or because they wish to use it for their own purposes. In particular, the following posts are concerned:
- Service providers from us (e.g. banks, insurance companies), including order processors (e.g. IT providers);
- Dealers, suppliers, subcontractors and other business partners;
- domestic and foreign authorities, official bodies or courts;
- the public, including visitors to websites and social media;
- competitors, industry organisations, associations, organisations and other bodies;
- Acquirer or interested party in the acquisition of business units, companies or other parts of Brand Affairs AG;
- other parties in possible or actual legal proceedings;
These recipients are partly inland but can be anywhere on earth. If we transfer data to a country without adequate legal data protection, we ensure an appropriate level of protection as provided for by law by using appropriate contracts (namely on the basis of the so-called standard contract clauses of the European Commission, which can be accessed here, here and here) or so-called binding corporate rules or rely on the statutory exceptions of consent, contract execution, the establishment, exercise or enforcement of legal claims, overriding public interests, the published personal data or because it is necessary to protect the integrity of the persons concerned. You can obtain a copy of the mentioned contractual warranties at any time from the contact person named under point 1. unless it can be called up under the above link. However, we reserve the right to black out copies for data protection reasons or reasons of secrecy or to deliver only excerpts.
6. Duration of the storage of personal data
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, processing up to the termination of a contract) as well as beyond that in accordance with the legal storage and documentation obligations. It is possible that personal data may be stored for the period during which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or justified business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or made anonymous as far as possible. For operational data (e.g. system logs), shorter retention periods of twelve months or less generally apply.
7. Data security
We take appropriate technical and organisational security precautions to protect your personal data from unauthorised access and misuse.
8. Obligation to provide personal data
As part of our business relationship, you must provide the personal data that is necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations (as a rule, you do not have a statutory obligation to provide us with data). Without this information, we will generally not be able to enter into or process a contract with you (or the entity or person you represent). Also, the website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.
We process your personal data partially automatically with the aim of evaluating certain personal aspects (profiling). We use profiling in particular to be able to inform and advise you specifically about products. We use evaluation tools that enable us to communicate and advertise as required, including market and opinion research.
As a matter of principle, we do not use fully automated automatic decision making (as regulated, for example, in Art. 22 DSGVO) to establish and carry out the business relationship or otherwise. Should we use such procedures in individual cases, we will inform you of this separately, insofar as this is prescribed by law and will inform you of the associated rights.
10. Rights of the data subject
You have the right to information, correction, deletion, the right to restriction of data processing and otherwise the right to object to our data processing and to the surrender of certain personal data for transmission to another location (so-called data portability) within the scope of the data protection law applicable to you and to the extent provided for therein (such as in the case of the DSGVO). Please note, however, that we reserve the right to enforce the statutory restrictions, for example if we are obliged to store or process certain data, have an overriding interest in it (insofar as we may invoke it) or need it for asserting claims. If there are costs for you, we will inform you in advance. We have already informed you of the possibility of revoking your consent in Section 2. Note that the exercise of these rights can conflict with contractual agreements and this can have consequences such as premature contract termination or cost consequences. In this case we will inform you in advance where this is not already contractually regulated.
The exercise of such rights usually requires that you clearly prove your identity (e.g. by a copy of your identity card, where your identity is otherwise not clear or can be verified). To assert your rights, you can contact us at the address given in paragraph 1.
Furthermore, every data subject has the right to enforce his claims in court or to lodge a complaint with the competent data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
This data protection declaration of Brand Affairs AG is based on DSAT.CH