14th of June 2018
In this data protection declaration, we (Brand Affairs AG) explain how we collect and process personal data. This is not a final description; other data protection declarations (or general terms and conditions, conditions of participation and similar documents) may regulate specific issues. Personal data is understood to mean all information relating to a specific or identifiable person.
If you provide us with personal data of other persons (e.g. family members, data of work colleagues), please ensure that these persons are familiar with this data protection declaration and only provide us with their personal data if you are permitted to do so and if these personal data are correct.
This data protection declaration is based on the EU Data Protection Ordinance (DSGVO). Although the DSGVO is a regulation of the European Union, it is also important for Swiss companies. The Swiss Data Protection Act (DSG) is strongly influenced by EU law, and companies outside the European Union and the EEA must comply with the DSGVO under certain circumstances.
We primarily process the personal data that we receive from our customers and other business partners or that we collect from their users when operating our websites, apps and other applications.
As far as this is permitted, we also take certain data from publicly accessible sources (e.g. land registers, commercial register, press, Internet, debt collection register), from authorities and other third parties. In addition to the data you provide us directly, the categories of personal data we receive about you from third parties include, in particular, information from public registers, information we learn in connection with official and legal proceedings, information relating to their professional functions and activities (so that we can, for example with your help), information about you in correspondence and meetings with third parties, credit information (if we handle transactions with you personally), information about you which persons from your environment (family, consultants, legal representatives, etc.) give us so that we can conclude or process contracts with you or with you (e.g. References, your address for deliveries, authorizations, information on compliance with legal requirements such as the fight against money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of us regarding your use or provision of services (e.g. payments made, purchases made), information from the media and the Internet about you (insofar as this is appropriate in a specific case, e.g.B. in the context of an application, press review, marketing/sales, etc.), your addresses and any interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of your visit, pages and contents accessed, functions used, referring website, location details).
3. Purposes of data processing and legal basesWe use the personal data collected by us primarily to conclude and process our contracts with our customers and business partners, in particular in the context of communication services for our customers (services of Brand Affairs AG) and the purchase of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations at home and abroad. If you work for such a customer or business partner, you can of course also be affected in this function with your personal data.
We typically use "cookies" and similar techniques to identify your browser or device on our websites and apps. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by your web browser when you visit our website or install an app. If you visit this website again or use our app, we can recognize you even if we don't know who you are. In addition to cookies, which are only used during a session and are deleted after your visit to the website (session cookies), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) (permanent cookies). However, you can set your browser to reject cookies, save them only for one session or otherwise delete them prematurely. Most browsers are preset to accept cookies. We use permanent cookies to better understand how you use our offers and content. Some cookies are set by us, some also by contractual partners with whom we cooperate. If you block cookies, certain functionalities such as language selection, shopping cart and ordering processes may no longer work.
In our newsletters and other marketing e-mails we partly and as far as permitted also include visible and invisible picture elements, by whose retrieval from our servers we can determine whether and when you have opened the e-mail, so that we can also measure here and better understand how you can use our offers and tailor them to you. You can block this in your email program; most are set to do so by default.
By using our websites, apps and consenting to receive newsletters and other marketing emails, you consent to the use of these techniques. If you do not want to do this, you must set your browser or e-mail program accordingly, or uninstall the app, unless this can be adjusted via the settings.
We use Google Analytics (Google LLC USA, www.google.com) to measure and evaluate the use of our websites. For this purpose, permanent cookies are also used, which are set by the service provider. The Service Provider does not receive any personal data from us, but may track your use of the Website, combine this information with data from other websites that you have visited and that are also tracked by Service Providers, and use this information for its own purposes (e.g. control of advertising). If you have registered yourself with the service provider, the service provider also knows you. The processing of your personal data by the service provider is then the responsibility of the service provider in accordance with its data protection regulations. The service provider merely informs us how our respective website is used (no information about you personally).
There are two ways to stop the recording by Google Analytics:
5. Data transfer and data transmission abroad
In the course of our business activities and the purposes set out in Section 3, we also disclose various data to third parties, where permitted and deemed appropriate, either because they process it for us or because they wish to use it for their own purposes. In particular, the following posts are concerned:
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, processing up to the termination of a contract) as well as beyond that in accordance with the legal storage and documentation obligations. It is possible that personal data may be stored for the period during which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or justified business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or made anonymous as far as possible. For operational data (e.g. system logs), shorter retention periods of twelve months or less generally apply.
We take appropriate technical and organisational security precautions to protect your personal data from unauthorised access and misuse.
As part of our business relationship, you must provide the personal data that is necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations (as a rule, you do not have a statutory obligation to provide us with data). Without this information, we will generally not be able to enter into or process a contract with you (or the entity or person you represent). Also, the website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.
We process your personal data partially automatically with the aim of evaluating certain personal aspects (profiling). We use profiling in particular to be able to inform and advise you specifically about products. We use evaluation tools that enable us to communicate and advertise as required, including market and opinion research.
As a matter of principle, we do not use fully automated automatic decision making (as regulated, for example, in Art. 22 DSGVO) to establish and carry out the business relationship or otherwise. Should we use such procedures in individual cases, we will inform you of this separately, insofar as this is prescribed by law and will inform you of the associated rights.
You have the right to information, correction, deletion, the right to restriction of data processing and otherwise the right to object to our data processing and to the surrender of certain personal data for transmission to another location (so-called data portability) within the scope of the data protection law applicable to you and to the extent provided for therein (such as in the case of the DSGVO). Please note, however, that we reserve the right to enforce the statutory restrictions, for example if we are obliged to store or process certain data, have an overriding interest in it (insofar as we may invoke it) or need it for asserting claims. If there are costs for you, we will inform you in advance. We have already informed you of the possibility of revoking your consent in Section 2. Note that the exercise of these rights can conflict with contractual agreements and this can have consequences such as premature contract termination or cost consequences. In this case we will inform you in advance where this is not already contractually regulated.
The exercise of such rights usually requires that you clearly prove your identity (e.g. by a copy of your identity card, where your identity is otherwise not clear or can be verified). To assert your rights, you can contact us at the address given in paragraph 1.
Furthermore, every data subject has the right to enforce his claims in court or to lodge a complaint with the competent data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
This data protection declaration of Brand Affairs AG is based on DSAT.CH