Data protection

This website is offered by Schaerer AG, Niedermattstrasse 3b, Postfach 336, 4528 Zuchwil, Schweiz, E-Mail: [email protected] (hereinafter “Schaerer”) as the controller as defined in the EU General Data Protection Regulation (hereinafter the “GDPR”). The processing of your data is subject to the GDPR. You can contact our data protection officer using the contact form available under Send Inquiry to the Data Protection Officer or at our postal address marked Attention: Data Protection Officer.

Within the framework of our business relationships, we may forward or disclose your personal data to third-party companies. They can be located outside of the European Economic Area (EEA), which means in third countries. Such processing exclusively occurs for the performance of contractual and business obligations and to maintain your business relationship with us (legal basis is section 6(1)(b) or (f), in combination with section 44 ff. GDPR). We are providing you with information on the details of the forwarding in the following in the relevant places.

The European Commission certifies for some third countries by way of so-called adequacy decisions that the data protection is comparable to that of the EEA standard (a list of these countries and a copy of the adequacy decisions are provided here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). In other third countries, to which personal data may be transmitted, the data protection level may not be continuously high under certain circumstances due to the lack of legal requirements. Where this is the case, we are making sure that data protection is adequately ensured. Please contact our Data Protection Officer for more information.

The conclusion of contracts with us is not contingent upon your provision of personal data. You, the customer, are not legally or contractually obligated at any time to provide us with your personal data. However, it is possible that we can provide certain offers only with restrictions or not at all if you do not provide the subsequently required data. Should this be the case as an exception for the products offered by us, you will be notified accordingly.

Under certain circumstances, we may be subject to a particular statutory or legal obligation to provide the legitimately processed personal data to third parties, particularly public bodies (section 6(1)(1)(c) GDPR).

a. Right of access

You have the right to request information about the personal data concerning you that we process in accordance with Article 15 of the GDPR.

b. Right to object

You have the right to object on compelling legitimate grounds. Pursuant to Article 6(1)(f) of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. The controller will then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. The collection of data for the provision of the website and the storage of log files are essential for the operation of the website.

c. Right to rectification

If the information concerning you is no longer accurate, you can request a correction in accordance with Art. 16 of the GDPR. If your data is incomplete, you can request that it be completed.

d. Right to erasure

You can request the erasure of your personal data in accordance with Art. 17 of the GDPR.

e. Right to restriction of processing

According to Art. 18 GDPR, you have the right to request a restriction of the processing of your personal data.

f. Right to lodge a complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Article 77 (1) GDPR. This also includes the data protection supervisory authority responsible for the controller.

g. Right to data portability

In the event that the conditions of Art. 20 (1) GDPR are met, you have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract delivered to yourself or to third parties. The collection of data for the provision of the website and the storage of log files are essential for the operation of the website. They are therefore not based on consent pursuant to Article 6(1)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, but are justified pursuant to Article 6(1)(f) of the GDPR. The requirements of Article 20(1) of the GDPR are therefore not met in this respect.

We are using suitable technical and organisational security measures to protect your data from incidental or intentional manipulations, partial or complete loss, destruction or unauthorised access by third parties (e.g. TLS encryption for our website) under consideration of the state of the art, implementation costs and the nature of the scope, context and purpose of processing as well as the existing risks of a data breach (including its probability and effects for the affected person. We are continuously improving our security measures according to the technological development.

We will be happy to provide you with further information upon request. Please contact our Data Protection Officer.

a. What data is processed and for what purpose?

Every time the website content is accessed, data that may possibly allow identification is temporarily stored. The following data is collected in this process:

• Date and time of access

• IP address

• Host name of the accessing computer

• Website from which the website was accessed
  Websites accessed via the website

• Page visited on our website

• Protocols and status code

• Amount of data transferred

• Information about the browser type and version used

• Operating system

• User agent

• Log data (directory protection user, referrer, host name accessed)

The IP addresses are anonymized and stored. The temporary storage of data is necessary for the process of a website visit to enable delivery of the website. Further storage in log files is done to ensure the functionality of the website and the security of the information technology systems.

During anonymization, all data relating to the sender/recipient, etc. is removed. Only the data regarding the time of sending and information on how the e-mail was processed (queue ID or not sent) is retained.

These purposes also include our legitimate interest in data processing.

b. On what legal basis is this data processed?

The data is processed on the basis of Article 6(1)(f) of the GDPR.

c. Are there other recipients of personal data in addition to the controller?

We are using Amazon Web Services (AWS) - as the hosting provider for our websites. AWS is acting as processor and located at Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxemburg

Cloudflare - Cloudflare’s global cloud platform delivers a range of network services to businesses of all sizes around the world—making them more secure while enhancing the performance and reliability of their critical Internet properties. Cloudflare is acting as processor and located at Cloudflare Inc., 101 Townsend St San Francisco, CA, 94107, USA. https://www.cloudflare.com/privacypolicy/ https://www.cloudflare.com/cookie-policy/ Website: https://aws.amazon.com/

Privacy Policy: https://aws.amazon.com/privacy/

GDPR compliance information: https://aws.amazon.com/compliance/gdpr-center/

DPA: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Storyblok - Storyblok and its Affiliates offer a SaaS-based headless content management system (including the Storyblok APIs and Documentation) and a digital experience platform (DXP) with a visual editor, that allows customers to upload, manage and publish Customer Content by using Storyblok APIs (the “Storyblok Services”). Storyblok is acting as processor and located at Storyblok Solutions GmbH is registered in Austria, FN 608512x, ATU79663909, Loquaiplatz 12/1, 1060 Vienna, Austria. (https://www.storyblok.com/terms)

d. How long is the data stored?

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected, but no later than one day after collection. The cookies for the purpose of providing evidence of consent and the cookie for the watch list are stored for at least one month. The anonymized IP addresses are stored for 60 days. Information on the directory protection user employed is anonymized after one day. The mail logs for sending e-mails from the web environment are anonymized after one day and then stored for 60 days. Error logs, which log incorrect page views, are deleted after seven days. Access via FTP is logged with anonymized information about the user name and IP address and stored for 60 days. Mail logs for sending via our mail servers are deleted after four weeks. The retention period is necessary to ensure the functionality of the mail services and to combat spam.

A) Scope of the processing

We use the consent management tool from OneTrust to manage your consent to the processing of personal data on our website. The following data is processed:

• Consent details (yes/no)

• Time of the consent

• IP address

• Browser information

• Device information

• Websites visited

B) Purpose of the processing

The Consent Management Tool is used for the purpose of:

• Management and documentation of your consent to data processing

• Compliance with the legal requirements of the General Data Protection Regulation (GDPR)

• Ensuring transparent and comprehensible data processing

• Optimising the user experience on our website

C) Legal basis

We process this data on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest).

D) Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

E) Recipient of the data

The data collected is passed on to our service provider OneTrust, which supports us in managing the consents. OneTrust receives the above-mentioned data as a processor.

Registered office: OneTrust LLC, 1200 Abernathy Rd, Suite 600, Atlanta, Georgia 30328, USA

Website: https://www.onetrust.com/de

Data protection information: https://www.onetrust.com/de/privacy-notice/

a. What data is processed for what purpose?

When you use the contact form, the data categories transmitted thereby are: “contact form data”:

• personal and contact data

• address data

• possibly order and product data

• and the time of transmission

• as well as possibly voluntarily given data on the location and telephone data.

The purpose of the processing is to contact you if you have questions about our products and services and to provide assistance if necessary.

b. On what legal basis is this data processed?

We process this data on the basis of Art. 6 (1) (b) for the purpose of contract initiation or fulfillment.

c. Are there other recipients of personal data in addition to the controller?

Sendgrid

d. How long is the data stored?

The data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the contact form, this is usually the case after it has been sent to us. However, it may be stored for up to ten years due to legal obligations. As a rule, the storage period is three years.

We offer you the opportunity to subscribe to our newsletter. If you register for our newsletter, we will process the following “newsletter data”:

• IP address (truncated – a personal reference can be created)

• Page from which the page was requested (so-called referrer URL)

• Date and time of access

• Information about the browser type and the version used

• E-mail address

• Date and time of registration and confirmation

The purpose of the processing is to send you the newsletter and to inform you about current products, product developments and promotions, as well as to fulfill our accountability obligations and, if necessary, to clarify any possible misuse of your personal data.

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the sent e-mails contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. For the evaluations, we link the data mentioned in 2.A.a. and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters and which links you click on in them, and from this we deduce your personal interests. We link this data to the actions you take on our website.

You can opt out of this tracking at any time by clicking on the separate link provided in each e-mail or by contacting us through another channel. The information is stored for as long as you are subscribed to the newsletter. After you unsubscribe, we store the data in a purely statistical and anonymous form. Furthermore, such tracking is not possible if you have disabled the display of images by default in your e-mail program. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the tracking described above will take place.

a. On what legal basis is this data processed?

By registering for our newsletter, you consent to the processing of your personal data (legal basis is Art. 6 para. 1 lit. a DS-GVO). We use the so-called double opt-in procedure for registering for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter.

b. Are there other recipients of the personal data besides the controller?

XQueue GmbH, Christian-Pless-Str. 11-13, 63069 Offenbach, is used to process the newsletter procedure. XQueue GmbH receives the above-mentioned data as a processor.

c. How long is the data stored?

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the newsletter, this is the case when you unsubscribe from the newsletter. Due to obligations to provide evidence, the data may be stored for up to three years after you unsubscribe.