DATA PRIVACY

Protecting your personal data (hereinafter also: “data”) and respecting your privacy is important to us. Consequently, when processing your personal data, we consider it a matter of course to comply with the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPA) and other data protection regulations that may be applicable, such as the EU General Data Protection Regulation (GDPR).
Personal data is any information that identifies you or makes you identifiable, such as your last name, first name, address or e-mail address.
When we talk about processing your personal data in this Privacy Policy, we mean any handling of your personal data. This includes in particular the storage, processing, use and deletion of the data.
We collect personal data in a transparent manner and in compliance with the principles of proportionality and purpose limitation. The data is only processed to the extent and for as long as necessary for our tasks and responsibilities.
In this Privacy Policy we tell you what we do with your data when you visit our website, obtain services from us or otherwise have dealings with us under a contract, via communication or in any other way. In addition, we may inform you separately about the processing of your data, e.g. in consent forms, contract terms, additional privacy statements, forms and notices.
The most current version at the time of use is always applied. We reserve the right to revise the Privacy Policy at any time.

 

1. Who is responsible for data processing?

The Data Controller responsible for the data processing described in this Privacy Policy is:  
G. BOPP + CO. AG
Bachmannweg 21
CH-8046 Zurich
Switzerland
 
044 377 66 66
info@bopp.ch
 
If you have any questions in connection with data protection or would like information about your rights and how to exercise them, please contact our Data Protection Office at: datenschutz@bopp.ch

 

2. What personal data do we process?

On our website, the categories of data processed by us include the following:

  • Contact details: this includes last name, first name, e-mail address, postal address and telephone numbers
  • Details in online forms: this includes contact details and other information that is requested
  • Content data: this includes text entries
  • Usage data: this includes websites visited, access times, click behaviour, interest in content
  • Payment details: this includes bank details, payment history
  • Creditworthiness data: this includes contact details, payment history and court, debt collection and insolvency data
  • Metadata/communication data: this includes IP address, date, time, pages visited, device details
  • Meeting metadata: this includes subscriber IP addresses, device/hardware information
  • Server log files: this includes browser type and version, operating system used, referred URL, host name of the accessing computer and time of the server request
  • Marketing data: this includes lead (contact/sales opportunities), subscribe/unsubscribe newsletter, marketing messages sent
  • Newsletter data: this includes personal details and e-mail address, subscription and unsubscription data and opening rates
  • Applicant data: in addition to your personal details, education, work experience, skills, comments on previous employment, availability and period of notice, this includes the usual correspondence data such as postal address, e-mail address and telephone number

Furthermore, we process the following additional data within the scope of customer and business relationships:

  • Contract data: this includes services used, payment information
  • Customer data: this includes personal details, customer reference number, type of customer, customer history, data on purchased goods or services, order data, payment data
  • Personal data for course registration: this includes course selection, personal details and contact details

 

3. From whom do we receive your personal data?

In principle, we collect personal data directly from you. The majority of the data we process is provided by you (or your terminal device, e.g. in connection with our services, the use of our website and apps, or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you wish to conclude contracts with us or use our services, for example, you must provide us with certain data. Also, the use of our website is not possible without data being processed.
We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, the media or the internet including social media) or receive such data from (i) public authorities, (ii) your employer or client who either has a business relationship with us or is otherwise involved with us, as well as from (iii) other third parties (e.g. clients, counterparties, legal protection insurers, credit reference agencies, address dealers, associations, contractual partners, internet analysis services). This includes, in particular, the data that we process in the course of initiating, concluding and processing contracts, as well as data from correspondence and discussions with third parties, but also all other categories of data.

 

4. For what purposes do we process the data?

On our website and in order to provide our services, we process your data in particular for the following purposes:

  • Website visits
  • Making contact
  • Online forms
  • Communication
  • Microsoft Teams
  • Customer and business relations
  • Job application procedure
  • Competitions
  • Product reviews and satisfaction surveys
  • Marketing measures
  • Security purposes and access controls
  • Risk management and corporate governance

 

5. On what legal basis do we process personal data?

We regularly use the following as a general legal basis for processing your personal data:

  • the conclusion or performance of a contract with you or your request to do so in advance
  • your consent, which you can revoke at any time
  • a balancing of interests, which you can, however, object to under certain circumstances
  • a legal obligation that can also be incorporated in the context of a balancing of interests

Another legal basis for the processing of your personal data is our overriding interests in the processing of this data. Our overriding interests include:

  • our customer care and the maintenance of our business relationships (e.g. maintaining contacts, communication with our business partners)
  • our advertising and marketing activities
  • the opportunity to get to know the users of our website and online services better
  • the improvement and further development of our products and services (e.g. IT security in connection with the use of our website, improvement of our range of online services)
  • the Group’s internal administration

We obtain your consent where necessary. Add or adapt if necessary: If you have given your consent electronically by activating a checkbox, the declaration of consent is logged by us; in doing so, we store, for example, the user account name, the relevant location on the website and also the date and time.
You have the option to withdraw your declaration of consent or to object to processing at any time. No particular form is required for this withdrawal. Send your objection to the contact shown under 1 or to the following e-mail address: datenschutz@bopp.ch.
 

 

6. SCOPE AND PURPOSE OF THE PROCESSING OF PERSONAL DATA IN DETAIL


6.1. Visiting our website

In principle, you can visit our website without having to provide any personal details. Our website is accessed using transport encryption (SSL), but some microsites may be accessed without transport encryption.
When you visit our website, our servers automatically save the following data temporarily in a log file, the so-called server log file:

  • IP address of the requesting computer
  • referrer website (website from which you arrived at our website)
  • browser settings
  • language and version of the browser software
  • date and time of access/retrieval
  • name and URL of the retrieved file
  • your computer’s operating system and the browser you used
  • country from which access is made
  • name of your internet access provider
  • time zone difference from Greenwich Mean Time (GMT)
  • content of the request (specific page)
  • access status/http status code
  • data volume transferred in each case
  • last website visited
  • activated browser plug-ins

 

The purpose of processing this data is to enable the use of our website (establish a connection), to ensure system security and stability on a permanent basis and to optimise our offerings; it is also used for internal statistical purposes. No personal user profile is created.
The legal basis for processing your personal data is our overriding interest in processing this data.
Finally, when you visit our website, we use cookies, and also applications and tools which are based on the use of cookies. You can find more information on this under 7 “What are cookies and when are they used”?


6.2 Making contact 

You have the option of contacting us by e-mail, contact form, social media or telephone. In order to be able to process your enquiry by e-mail, it is necessary to enter your e-mail address and your message. The provision of further data is voluntary.

The processing of this data is in our overriding interest in engaging in correspondence with you or for the purpose of processing your enquiry and handling it.
You may object to the processing of this data at any time. If you object, we will no longer process your personal data for this purpose. Send your objection to the contact shown under 1 or to the following e-mail address datenschutz@bopp.ch


6.3 Online forms

We offer you the option to contact us via various online forms on our website (e.g. notification of relocation, notification of meter readings). In order to use the online form and for us to be able to process your enquiry, it is mandatory to enter your contact details (title, first name, last name, street, house number, postcode, town, e-mail address, telephone, your message); depending on the form, other details such as successor owner, new address, customer reference number, object and product are required. Further information is voluntary. 
The processing of this data is in our overriding interest in engaging in correspondence with you or for the purpose of processing your enquiry and handling it.
You may object to the processing of this data at any time. If you object, we will no longer process your personal data for this purpose. Send your objection to the contact shown under 1 or to the following e-mail address: datenschutz@bopp.ch.


6.4. Communication

We use various collaboration tools for conference calls, online meetings and video conferences (summarised below under the term “online meetings”). When using these tools, different types of data are processed. The scope of the data depends, among other things, on the data provided before or during participation in an online meeting. This might include the following:

  • first and last name, participant name if applicable, company e-mail address
  • meeting metadata: e.g. date, time, meeting ID, phone numbers, location
  • audio, video or chat content
  • name of the meeting and, if applicable, password for meeting participation
  • profile picture, where applicable
  • where applicable, other personal data provided by the data subjects during the meeting

If online meetings are to be recorded, this is transparently communicated in advance and consent is requested where necessary. Send your objection to the contact shown under 1 or to the following e-mail address: datenschutz@bopp.ch.
The processing of this data is in our overriding interest. Our overriding interest in these cases is in the effective conduct of the meetings. In addition, the legal basis for data processing when conducting online meetings is the contract insofar as the meeting is conducted within the framework of contractual relationships.


6.5 Microsoft Teams

We use the tool “Microsoft Teams” to conduct conference calls, online meetings, video conferences and/or online seminars (hereinafter collectively referred to as “online meetings”). Microsoft Teams is a product of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
When using Microsoft Teams, different types of data are processed. The scope of the data depends, among other things, on the data provided before or during participation in an online meeting. This might include the following:

  • User details: e.g. display name, e-mail address where applicable, profile picture (optional), preferred language
  • Meeting metadata: e.g. date, time, meeting ID, phone numbers, location
  • Text, audio and video data: in an online meeting, it is possible to use the chat function. In this respect, the text entries made by the respective user are processed in order to display them in the online meeting. For the purpose of video display or audio playback, the corresponding data is processed by the microphone or any video camera of your terminal device for the duration of the meetings. The camera or microphone can be switched off or muted by the user at any time via the Microsoft Teams application.

If online meetings are to be recorded, this is transparently communicated in advance and consent is requested where necessary. Send your objection to the contact shown under 1 or to the following e-mail address: datenschutz@bopp.ch.
Chat content is logged when using Microsoft Teams. If it is necessary for the purposes of logging the outcomes of an online meeting, we will log the chat content.
The processing of this data is in our overriding interest. Our overriding interest in these cases is in the effective conduct of online meetings.
For further information regarding data processing by MS Teams, please see the privacy policy relating to this tool.


6.6 Customer and business relations

We process personal data to the extent necessary in each case to provide you with our contractual or pre-contractual services and to carry out other services requested by you. The data processed in this context as well as the type, scope, purpose and necessity of its processing are determined by the underlying contractual relationship.
The personal data processed includes:

  • Master data: this includes, for example, name, address
  • Contact details: this includes, for example, e-mail address, telephone number
  • Contract data: this includes, for example, services used, subject matter of the contract, contractual communication, names of contact persons
  • Payment data: this includes bank details and payment history

The data is processed in particular for the following purposes:

  • engineering and consulting
  • manufacture and processing
  • logistics
  • expert reports and certificates
  • customer service

The legal basis of data processing for these purposes is the fulfilment of a contract or preliminary contract.
The data is deleted when it is no longer required to fulfil contractual or legal obligations, whereby the necessity of retaining the data is reviewed at irregular intervals. Otherwise, the statutory limitation periods apply.


6.7. Job application procedure

If you apply for a job with us, we process the personal data that we receive from you as part of the application process. In addition to your personal details, education, work experience, skills, comments on previous employment, availability and period of notice, this includes the usual correspondence data such as postal address, e-mail address and telephone number. In addition, we process all documents submitted by you in connection with the application, such as covering letters, CVs, references, certificates, diplomas and other documents provided by you. Furthermore, you can voluntarily provide us with additional information.

This data is stored, evaluated, processed or passed on solely in connection with your application. Furthermore, we may process your personal data for statistical purposes (e.g. reporting). In this case, however, no conclusions can be drawn about the identity of an individual person.

In the case of applications, we use a service provider for the processing of the application which guarantees secure and confidential processing of the personal data. For this purpose, you are required to create a user account and enter your e-mail address and a password. If you do not log into your user account for more than six months, we irrevocably delete it and all the data it contains.

 

Data from applications remain in the system for six months after the application in case any queries arise. Afterwards, your content data (but not your user account) is automatically anonymised. Your applicant data is stored separately from other user data and is not merged with it.
Your applicant data is processed on the legal basis of our contractual or precontractual obligations within the application process as well as our legitimate interests in processing your application.
You can object to this data processing at any time and withdraw your application. To do this, send your objection to the contact shown under 1
If we conclude an employment contract with you, the transferred data is processed for the purpose of handling the employment relationship in compliance with the statutory provisions.
If you have given us permission to store your details for further application procedures with us and to contact you again if necessary, we will delete this data after three years. You have the option to withdraw this consent at any time. The withdrawal must be sent to the contact shown under 1 or to the e-mail address stated in the job advertisement.


6.8. Competitions

When you enter competitions, we collect the personal data necessary to be able to hold the competition. This data is usually your name and contact details. We may share your personal data with our competition partners, for example in order to send you a possible prize. Participation in a competition and the collection of data that this involves is of course voluntary. You will find detailed information in our conditions of entry for the respective competition.
The legal basis of data processing for these purposes is the fulfilment of a contract or preliminary contract.
You can object to the use of the data for the aforementioned purpose at any time. The objection should be sent to the contact shown under 1 or to the following e-mail address datenschutz@bopp.ch.


6.9. Product reviews and satisfaction surveys

We conduct surveys on our products and services from time to time to improve the customer experience and address customer needs. In order to do this we need your name or a pseudonym, which is displayed together with your country of origin.
The legal basis for data processing for these purposes lies in our overriding interest in optimising our offerings.
You can object to the use of the data for the aforementioned purpose at any time. The objection should be sent to the contact shown under 1 or to the following e-mail address: datenschutz@bopp.ch.

We also use your contact details for the following purposes:

  • to maintain contact with you
  • to inform you about certain service
  • to recommend services that may be of interest to you
  • for statistical purposes

The processing of your personal data is in our overriding interest.

You may object to the processing of this data at any time. If you object, we will no longer process your personal data for the aforementioned purposes. The objection should be sent to the contact shown under 1 or to the following e-mail address: datenschutz@bopp.ch.


6.11. Security purposes and access controls

We obtain and process personal data to ensure and continuously improve the appropriate security of our IT and other infrastructure (e.g. buildings). This includes, for example, monitoring and controlling electronic access to our IT systems as well as physical access to our premises (also by means of procedures involving the processing of biometric data), analyses and tests of our IT infrastructures, system and error checks and the creation of security copies. For documentation and security purposes (preventive and incident investigation), we also keep access logs or visitor lists in relation to our premises and use surveillance systems (e.g. security cameras). We draw your attention to surveillance systems at the relevant locations by means of appropriate signs.


6.12. Risk management and corporate governance

Risk management and corporate governance: We obtain and process personal data as part of risk management (e.g. to protect against criminal activities) and corporate governance. This includes, among other things, our business organisation (e.g. resource planning) and corporate development (e.g. acquisition and sale of business units or companies).


6.13. What are cookies and when are they used?

On our website and in connection with other digital offerings, we use cookies and similar technologies (hereinafter all these are summarised under the term “cookies”). We may also use cookies and similar technologies (e.g. pixel tags or fingerprints) to recognise website visitors, analyse their behaviour and identify preferences. A cookie is a small file that is transferred between the server and your system and enables the recognition of a specific device or browser. ..
The following cookies (techniques with comparable functions such as fingerprinting also fall under this category) are distinguished:

  • Necessary cookies:Some cookies are necessary for the functioning of the website as such or for certain functions. For example, they ensure you can switch between pages without losing the information entered in a form. They also ensure you remain logged in. These cookies only exist temporarily (session cookies). If you block them, the website may not work. Other cookies are necessary in order for the server to be able to store your decisions or details entered by you after a session (i.e. a visit to the website) if you use this function (e.g. language chosen, consent given, automatic login function, etc.).
  • Performance cookies:These cookies are used to collect information about how a website is used – for example, how visitors came to our website, which pages a visitor opens most often, how visitors navigated our website during their visit and whether they received any error messages. We may also use these cookies to collect certain statistical and analytical information, such as how many visitors have come to our website. These cookies are used to monitor the level of activity on the website and improve website performance.
  • Advertising or targeting cookies:These cookies enable us or a third party provider to place individualised advertisements on our website or on third party websites. They can also be used to evaluate the effectiveness of advertising or to promote sales

Both the technical data we collect and the cookies generally do not contain any personal data. However, personal data that we or third-party providers commissioned by us store about you (e.g. if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.
Most internet browsers are set such that they accept cookies by default. If you do not want this to happen, you can set your browser to notify you whenever cookies are installed so that you can choose when to accept cookies or generally exclude them. You can also activate the automatic deletion of cookies when closing the browser. What is more, you can delete cookies that have already been set at any time via an internet browser or other software programmes. The procedure for checking and deleting cookies depends on the browser you are using.
You can refuse the use of cookies by selecting the appropriate settings in your browser. However, please note that this may affect your ability to use our website. For more information regarding cookies, including their management, rejection or deletion, please see: https://allaboutcookies.org/.
You can use the following links to find out how to handle cookies for the most commonly used browsers:

 

7. HOW ARE MARKETING AND ANALYSIS SERVICES USED?

7.1. Google services

We use the following services provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or, if you have your habitual residence in the European Economic Area (EEA) or in Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google” for short):

  • Google Analytics 4
  • Google Tag Manager,
  • Google Maps.

Google usually uses cookies. The cookies used by Google enable us to analyse use of our website. The information generated by the cookies about your use of the website (including your IP address) is transferred to a Google server in Ireland or in the USA and stored there.
According to Google, it can process personal data for advertising products in any country where Google or Google’s subcontractors maintain facilities. For information about the locations of Google’s data centres, see www.google.com/about/datacenters/locations/.
For further information about the processing of personal data by Google and about privacy settings, see the Google privacy policy and privacy settings.


7.1.1 Google Analytics 4

On our website we use Google Analytics 4, a web analysis service provided by Google which enables your use of our website to be analysed.
Google Analytics uses cookies that are stored on your terminal device (laptop, tablet, smartphone or similar) and enable your use of our website to be analysed. This enables us to evaluate usage behaviour on our website and make our offering more interesting based on the statistics/reports obtained.
In Google Analytics 4, the anonymisation of IP addresses is activated by default. This means that your IP address is shortened by Google in Switzerland or the EU/EEA before it is transferred. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
We have concluded an order processing contract with Google which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties. For the transfer of data to the USA, Google refers to standard contractual clauses of the European Commission which are intended to ensure compliance with the European level of data protection. For further legal information on Google Analytics 4 including a copy of the aforementioned standard contractual clauses, see here.
Demographic characteristics: Google Analytics 4 uses the special “demographic characteristics” function and can use this to create statistics that make statements about the age, gender and interests of website visitors. This is done by analysing advertising and information from third-party providers. It allows target groups to be identified for marketing activities. However, the collected data cannot be assigned to a specific person and is deleted after being stored for a period of two months.
 
Google Signals: As an extension to Google Analytics 4, Google Signals can be used on the website to have cross-device reports generated. If you have enabled personalised ads and have linked your devices to your Google Account, Google may analyse your usage behaviour across devices to use Google Analytics 4 and create database models, also relating to cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can deactivate the “Personalised advertising” function in the settings of your Google account. To do this, follow the instructions on this page.
 
UserIDs: As an extension to Google Analytics 4, the “UserIDs” function can be used on the website. If you log in with this account on different devices, your activities, including conversions, can be analysed across devices.
Google uses this information to analyse your [pseudonymous] use of our website, to compile reports on website activity and to provide other services for us related to the use of the website and the internet. According to Google, the IP address sent by your browser in connection with Google Analytics is not combined with other data by Google. When you visit our websites, your user behaviour is recorded in the form of events (such as page views, purchase activities incl. sales, interaction with the website or your “click path”) as well as other data such as your approximate location (country and city), technical information about your browser and the end devices you use or the referrer URL, i.e. via which website/advertising material you came to our website.

You can prevent the collection and transfer of the data generated by the cookie and related to your use of our web pages (incl. your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser add-on to deactivate Google Analytics. If you wish to object to interest-based advertising by Google, you can use the settings and opt-out options provided by Google.

If you allow cookies to be stored, Google Analytics retains your data for two months. Data for which the end of this retention period has been reached is automatically deleted. For an overview of the use of data by Google Analytics and the measures taken by Google to protect your data, see Google Analytics Help Center


7.1.2. Google Tag Manager

We use Google Tag Manager to integrate Google’s analysis and marketing services in our website and to manage them. Google Tag Manager is a tag management system that allows tags to be created and monitored in a user interface without having to write new code every time. The tool that implements the tags is a cookieless domain and does not collect any personal data, but it does trigger other tags which may themselves capture data. Google Tag Manager itself does not access this data, however.

If anything has been disabled at domain or cookie level, it stays in place for all tracking tags which are implemented using the Google Tag Manager.

For further information relating to Google Tag Manager, see the Google Terms of Service   .


7.1.3 Google Maps

We integrate Google Maps on our website. This allows us to show you interactive maps directly on our website, providing you with a convenient way to use the map function.

By using Google Maps, information about your use of our website (including your IP address) may be transferred to and stored by Google on servers in Ireland or the United States. Google may store this data as usage profiles for the purpose of customising services, advertising and market research. If you are logged into Google, your data is linked directly to your account. If you do not wish this to happen, you must first log out of your Google Account. If you do not agree to the processing of your data, you have the option of deactivating Google Maps and thus preventing the transfer of data to Google. In order to do this, you must deactivate the JavaScript function in your browser. However, we would like to point out that in this case you will not be able to use Google Maps, or only to a limited extent.

The processing of your personal data is based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our offering).


7.2. KnowBe4, Switzerland

We use KnowBe4. The provider is KnowBe4, Inc, 33 N Garden Avenue, Suite 1200, Clearwater, FL 33755, USA. KnowBe4 uses common information collection tools such as usage-based collection tools, cookies, web beacons and similar technologies that automatically analyse information when you navigate the website, use our subscription services or send e-mail requests.
KnowB4 processes the following personal data:

  • Business contact information: first name, last name, employer, title, city, state, country, phone number, IP address and business e-mail address
  • Automatically collected information: this is the information collected via cookies and web beacons, including IP addresses, browser names, operating system details, domain name, date of visit, time of visit and pages visited and similar information
  • Information on the console: simulated phishing, security awareness testing and training results, security assessment results and information uploaded to the subscription service

Personal data is collected and processed by KnowBe4 when it is submitted to KnowBe4 by your organisation’s account administrator (“Account Admin”) at your organisation’s discretion. KnowBe4 collects and processes only the minimum amount of personal data necessary for the functioning of the subscription service.
See here for more information on how KnowBe4 processes your personal data: https://www.knowbe4.de/datenschutzerklaerung.

 

8. How do we process personal data on our social networks and how are social media plugins used?

We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. In doing so, we receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics).
The social plugins (plugins) of various social networks are used on our website. You can use these plugins to share content or recommend products, for example.
These are as follows:

  • YouTube
    We integrate videos from the platform “YouTube”. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://policies.google.com/privacy?hl=de,
  • Vimeo
    For the purpose of analysing and optimising our online offering and operating it economically, we have integrated plugins from the video portal Vimeo, operated by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA, on our website. Privacy policy: com/privacy,
  • LinkedIn
    Functions and content of the service LinkedIn may be integrated in our website. This may include, for example, content such as images, videos or texts and buttons which enable users to share content from this website on LinkedIn. If users are members of the LinkedIn platform, LinkedIn can assign the retrieval of the above-mentioned content and functions to the user’s profile on that platform. Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland, parent company: LinkedIn Corporation, 1000 W. Maude Avenue Sunnyvale, CA 94085, USA; privacy policy: LinkedIn Privacy Policy; cookie policy: Cookie Policy | LinkedIn

These plugins are only integrated in our website as an external link.

When you visit our website and one of the social plugins listed on the website is activated, a direct connection is established between your browser and the server of the social network concerned. The social network sends the content of the plug-in directly to the browser which incorporates it in the website. This provides the network with the information that you have visited our website. If you are logged in to the social network, it can assign the visit to your account. When you interact with the plugins, the corresponding information is transferred from the browser directly to the social network and stored there.
Even if you are not logged into the social networks while visiting our website, data may be sent to the networks by websites with active social plugins. An active plug-in sets a cookie with an identifier each time the website is accessed. Since your browser sends this cookie as well without being requested every time you connect to a server of the respective networks, the social networks could in principle use it to create a profile of which websites the user belonging to the identifier has accessed. It would then potentially be possible to assign this identifier to a person again later – for example when logging into the social network at a later stage.

 

9. Is personal data passed on to third parties?

We disclose your personal data if you have expressly consented to the disclosure of the data, if we are legally obliged to do so or if this is necessary in order to enforce our rights, in particular to enforce claims arising from the contractual relationship.
In addition, we pass on your personal data to third parties insofar as we are entitled to do so and insofar as this is necessary or expedient in connection with the use of the website or for the possible provision of the services.

We disclose your personal data to the following categories of recipients:

  • Service providers who process the personal data on our behalf and on our instructions (so-called contract data processors, such as IT providers)
  • Other service providers such as debt collection companies, credit agencies, address checkers or consultancies
  • Customers, partners, suppliers, insurance companies and other business partners
  • Acquirers or parties interested in acquiring business units, the company or other parts of the Group
  • Courts, arbitration bodies, law enforcement agencies, regulatory authorities, lawyers and other parties in potential or actual legal proceedings where necessary to comply with the law or to establish, exercise or defend rights or legal claims

With your consent, the following categories of persons, among others, may also be recipients of personal data: Authorities and social insurance organisations
We select our partners and contract data processors carefully and entrust them only with sufficient assurance that they have appropriate technical and organisational measures in place in accordance with legal requirements. Our contract data processors can only process personal data on documented instructions from us. They are all subject to confidentiality obligations and may only use your personal data to the extent necessary to fulfil the purpose for which your personal data was collected and unless otherwise required by law.

 

10. Does data disclosure take place abroad?

We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the individual case, for example through subcontracted data processors of our service providers or in proceedings before foreign courts or authorities.
If we also disclose your personal data to third parties abroad (i.e. outside Switzerland or the European Economic Area (EEA)), third parties are obliged to comply with data protection to the same extent as we ourselves are. If the level of data protection in the country concerned is not adequate but there is no suitable alternative for us, we ensure that the protection of your personal data is at this level.
We ensure this in particular by concluding so-called standard data protection clauses of the EU Commission (available here) with the companies concerned and/or through the existence of other guarantees that comply with the applicable data protection law. Where this is not possible, we base the disclosure of the data on the necessity of the disclosure for the fulfilment of the contract.

 

11. How long is data stored for?

We only process and store your personal data for the period of time necessary to achieve the stated purpose, or if this is provided for in laws or regulations to which we are subject. If the purpose of storage no longer applies or a prescribed retention period expires, your data is routinely blocked or deleted in accordance with the statutory provisions. In addition, we delete your data if you request us to do so and we have no legal or other obligation to retain or safeguard this personal data.
 

In addition, we delete your data if you request us to do so and we have no legal or other obligation to retain or safeguard this personal data.

When the data is stored on the basis of a contractual relationship with you, this data remains stored for at least as long as the contractual relationship exists and at the latest until the expiry of the limitation periods relevant to any potential claims on our part or as long as legal or contractual retention obligations apply.

 

12. What measures have been taken for data security?

We take technical and organisational security precautions to protect your personal data against manipulation, loss, destruction or access by unauthorised persons and to ensure the protection of your rights and compliance with applicable data protection laws.
The measures taken are intended to ensure the confidentiality and integrity of your data and to ensure the availability and resilience of our systems and services in processing your data on an ongoing basis. They are also designed to ensure rapid restoration of the availability of your data and access to it in the event of a physical or technical incident. Our security measures also include the encryption of your data. All information you enter online is transferred via an encrypted transmission path. This means that this information cannot be viewed by unauthorised third parties at any time. Our security measures are adapted in line with technological developments on an ongoing basis.
We also take our own in-house data protection very seriously. We have obliged our employees and contracted service providers to maintain secrecy and adhere to data protection legislation. Moreover, they are only granted access to personal data to the extent necessary.

 

13. What are your rights?

You have the following rights in relation to your personal data:

  • Right to information:You have the right to know what personal data we process, what happens to it and how long it is kept
  • Right to blocking and rectification:You have the right to amend, correct or block your personal data at any time
  • Right to erasure:You have the right to request the erasure of your personal data at any time
  • Right to surrender and transfer your data:You have the right to request all your personal data from the Data Controller and to transfer it in full to another data controller
  • Right to object:You have the right to object to the processing of your data. We adhere to this unless there are legitimate reasons for processing
  • Right to withdraw consent:If you give us your consent to process your personal data, you have the right to withdraw this consent and have your personal data erased

 In order for us to rule out misuse, we must identify you (e.g. with a copy of your identification document, if necessary).
Please note that conditions, exceptions or limitations apply to these rights (e.g. for the protection of third parties or business secrets or due to our professional duty of confidentiality).
In connection with your rights, please get in touch with the contact shown under 1 or the following e-mail address: datenschutz@bopp.ch.
You can also lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) if you believe that the processing of your personal data violates data protection law.