1 Introduction
Thank you for your interest in Zuercher Technik AG (hereinafter “we”, “us”, “our”) and for visiting our website.
The following information provides you with an overview of the processing of your personal data on our website https://zuercher.com/ (hereinafter “website”).
This data protection policy is based on the requirements of the EU General Data Protection Regulation (“GDPR”), the Swiss Data Protection Act (“DPA”) and the revised Swiss Data Protection Act (“revDPA”). However, the extent to which these laws are applicable depends on the individual case. The controller responsible for processing/handling shall generally be guided by the most stringent standard in each case.
2 Responsibility
Responsible for the data processing is:
Zuercher Technik AG
Neumattstrasse 6
CH-4450 Sissach / Switzerland
Tel.: +41 (0) 61 975 10 10
E‑mail: info@zuercher.com
2.1 Validity
This data protection declaration applies to all locations, branch offices or subsidiaries of the responsible persons in Switzerland. The responsible currently does not have any branch offices or subsidiaries abroad.
3 Data protection officer
If you have any questions regarding data protection, please contact the person responsible.
4 Definitions
For the sake of simplicity, this data privacy policy is based on the terms used in the GDPR. In this section, we will explain in more detail some important terms in this regard and, if applicable, show equivalent terms from the revDPA:
• Personal data: Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Data subject: The data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
• Processing: Processing is any operation or set of operations which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Recipient: A recipient is a natural or legal person, public authority, agency or another body, to which personal data is disclosed, regardless of whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
• Third party: A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
• Consent: Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
5 Origin of the personal data
We can receive personal data in the following ways:
5.1 Information provided by you
You have the opportunity to provide information about yourself on our website (e.g. contact details).
5.2 Automatically collected and generated data
Data is automatically collected and generated through the use of our website. If we have a presence in social and professional networks, we may receive data from you via these networks (e.g. if you contact us via a social or professional network or react to content that we share there).
6 Scope, purpose, legal basis, storage duration and, where applicable, recipients and third-country transfer of the processing of the personal data
6.1 General information
The following section provides an overview of the personal data that we process. We explain to what extent, for what purposes and on which legal basis we process personal data.
We will not pass on your personal data to third parties without your approval unless this is permitted by law (e.g. because it is necessary to perform the contract).
In particular, the processing of your personal data may be based on the following legal basis:
• Art. 6 Para. 1, Section 1 (a) GDPR is the legal basis for any processing for which we have received specific consent.
• If it is necessary to process personal data for the performance of a contract to which you are party, the processing is pursuant to Art. 6 Para. 1 Section 1 (b) GDPR. The same applies to any processing required prior to entering into a contract.
• If the processing of necessary data is necessary for a legal obligation to which we are subject, the processing is pursuant to Art. 6 Para. 1 Section 1 © GDPR.
• The processing may also be pursuant to Art. 6 Para. 1 Section 1 (f) GDPR. This legal basis applies if the processing is necessary to protect a legitimate interest of ours, provided that the interests, fundamental rights and freedoms of the data subject are not overridden.
6.2 Deletion of data
Insofar as no specific storage period is specified within this data protection notice, the data processed by us will be deleted in accordance with the legal requirements as soon as the consent for processing is revoked or other authorisations cease to apply (e.g. if the purpose for which this data is processed no longer exists or it is not required for the purpose). If data is not deleted because it is required for other and legally permissible purposes, the processing of this data will be limited to these purposes i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax law reasons, or the storage is necessary for asserting, exercising or defending legal claims or protecting the rights of another natural person or legal entity.
6.3 Security measures
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access, input, handover, availability of and segregation of the data. Furthermore, we have established procedures that ensure the exercise of data subjects’ rights, the deletion of data, and responses if data is compromised. We also take the protection of personal data into account when developing and selecting hardware, software and processes in accordance with the principle of data protection, through technology design and default data privacy settings.
6.4 Transfer of personal data
In the course of our processing of personal data, the data may be transferred to or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
6.5 Website in general
6.5.1 Provision of the website, server log files
6.5.1.1 Scope of the processing
In order to provide our website, we use memory, computing capacity and software that we rent from a corresponding server provider (web hosting). These services also include the sending, receipt and storage of e‑mails. When you visit our website, data is automatically processed and sent by your browser to our server. This general data and information is saved in log files on the server (so-called “server log files”). The following may be recorded:
• Browser type and browser version
• Operating system used
• Referrer URL (previously visited website)
• Host name of the accessing computer
• Date and time of the server request
• IP address
6.5.1.2 Purpose of the processing
When using this data and information, we do not draw any conclusions about you. The purposes of the processing include the following:
• Providing our website
• Providing our online offer and user-friendliness
• Operating and providing information systems
• Content Delivery Network (CDN)
• Performing contractual services
• Customer service
• Providing e‑mail communication
• Guaranteeing a smooth connection to the website
• Clarifying any attempted misuse or fraud
• Analysing network problems
• Evaluating system security and stability
6.5.1.3 Legal basis
The legal basis for the data processing is our legitimate interest in the sense of Art. 6 Para. 1, Section 1 (f) GDPR. We have a legitimate interest in ensuring that we can provide our website without any technical errors.
6.5.1.4 Receipt of personal data
Your data will be passed on to service providers to the extent required for hosting and content delivery networks (CDN) within the framework of contract processing.
6.5.2 Use of cookies
6.5.2.1 General information
We use cookies on our website.
These are text files that are automatically created by your browser and saved on your IT system when you visit our website. Information flows through cookies to the body that sets the cookie. Cookies cannot be used to execute programmes or transfer viruses onto your end device.
If you do not want cookies to be used, you can deactivate them under the settings.
When you visit our website or a sub-website for the first time and these contain cookies, you will see a “cookie banner”. This provides you with information about the individual cookies that we use. You can find out about the name, provider, purpose of the processing and storage period for each individual cookie. In addition, you can allow us to use non-essential cookies and also reverse this decision there.
From a legal perspective, it is essential to make a distinction between essential and non-essential cookies.
6.5.2.2 Essential cookies
We use essential cookies. These are cookies that are technically necessary to be able to provide all features of our website. The legal basis for the data processing is our legitimate interest pursuant to Art. 6 Para. 1, sentence 1 (f) GDPR. We have an overriding legitimate interest in being able to provide our offer without any technical errors. The legal basis for the use of cookies towards our contractual partners who make use of services contractually owed by us via our website is Art. 6 Para. I (b) GDPR, the provision of our contractual services.
6.5.2.3 Non-essential cookies
We also use non-essential cookies (e.g. analysis and marketing cookies). These are cookies that are not technically necessary. We use these to understand your behaviour on our website and improve our offer. The legal basis for the data processing is your consent pursuant to Art. 6 Para. 1 Section 1 (a) GDPR. The cookies are not set until you have granted your consent via our “cookie banner”.
6.5.2.4 Storage duration
A distinction is made between the following types of cookies in relation to storage duration:
• Temporary cookies (also known as session cookies): Temporary cookies are deleted once a user has left an online offer and closed their end device (e.g. browser or mobile app) at the latest.
• Permanent cookies: Permanent cookies are still stored after the end device has been closed. For example, the log-in status can be saved or preferred content displayed directly when the user visits a website again. The user data collected using cookies can also be used for reach measurement. If we do not provide users with any explicit information on the nature and storage duration of cookies (e.g. when gathering consent), users should assume that cookies are permanent and that the storage duration can be up to two years.
6.5.3 Cookie banner
6.5.3.1 Scope of the processing
Our cookie banner informs you about the specific cookies that we use. We also give you the opportunity to decide whether you want to consent to the setting of non-essential cookies. The processing may cover:
• Usage data (e.g. websites visited, time of access)
• Meta and communication data (e.g. IP address)
6.5.3.2 Purpose of the processing
We process your personal data for the following purposes:
• Informing the user about the cookies we use
• Making it possible to consent to the use of technically non-essential cookies
6.5.3.3 Legal basis for the processing
The legal basis for the use of the cookie banner is Art. 6 Para. 1, Section 1 (f) GDPR. We have an overriding legitimate interest in using the cookie banner, whereby we get the statutory consent for the use of non-essential cookies and comply with our information obligation in relation to the cookies.
6.5.3.4 Storage duration
The cookie banner saves the preferences until they are reset or adjusted by you.
6.5.3.5 Receipt of personal data
Your data will be passed on to a service provider for cookie banners within the scope of contract processing to the extent necessary.
6.6 Contact options
6.6.1 Scope of the processing
You have the opportunity to contact us via e‑mail on our website.
In the course of contacting you and responding to your enquiry, we process the following personal data related to you:
• First name and surname
• E‑mail address
• Telephone number
• Address details
• Date and time of the enquiry
• IP address
• Communication contact (if applicable)
6.6.2 Purpose of the processing
We process your data to respond to your enquiry and the resulting matters.
6.6.3 Legal basis
If your request is related to pre-contractual measures or an existing contract with us, the legal basis is the performance of the contract and the implementation of pre-contractual measures pursuant to Art. 6 Para. 1 Section 1 (b) GDPR.
If your request is made independently of any pre-contractual measures or contracts with us, our overriding legitimate interests pursuant to Art. 6 Para. 1 Section 1 (f) GDPR constitute the legal basis. We have an overriding legitimate interest to offer visitors to our website an opportunity to contact us.
6.6.4 Storage duration
We delete your personal data as soon as it is no longer necessary for achieving the purpose of collection. In the context of contact enquiries, this is generally the case when it is clear from the circumstances that the specific matter has been conclusively processed.
6.6.5 Recipients of personal data
Your data will be forwarded to regional partners of ours who will contact you directly as part of the offer preparation and installation process. Within the context of contract processing, your data will also be passed on to a service provider for customer contact management to the extent necessary.
6.7 Google Tag Manager
6.7.1 Scope and purpose of the processing
We use Google Tag Manager to manage the use of code snippets (“tags”) e.g. tracking code on our website. Google Tag Manager enables us to replace a web surface code quickly and easily on our website without having to interfere with the source code.
We use Google Tag Manager to process the following personal data among others:
• IP address
• Device data such as operating system, browser version, screen resolution
6.7.2 Legal basis
Pursuant to Art. 6 Para. 1 (a) GDPR, the legal basis for the use of Google Tag Manager is the voluntary and revocable consent granted by you. You can withdraw your consent at any time with effect for the future by making the corresponding changes or adjustments to your cookie settings.
6.7.3 Transfer of personal data to third countries
Personal data may be processed in the USA in relation to the use of Google Tag Manager. The lawfulness of the transfer of this data is based on the EU-US Data Privacy Framework or the Swiss-US Data Privacy Framework. Google LLC has an active certification. Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
6.7.4 Storage duration
Google anonymises personal data after 9 months if there are no legal obligations to store it.
6.7.5 Receipt of personal data
Your data will be passed on to the extent necessary to Google Ireland Ltd as part of contract processing.
6.8 Google Analytics
6.8.1 Scope and purpose of the processing
This website uses functions of the web analysis service Google Analytics. We use Google Analytics to analyse your user behaviour in order to make decisions about product and market optimisation based on the results. We use Google Analytics to process the following personal data among others:
• Time of the enquiry
• IP addresses
• Online labels
• Device identification
• Technical features of users (e.g. browser type and version, device type, operating system)
• Measurement of user behaviour (e.g. access to individual pages / content, access to content in various areas, session duration / length of stay, bounce rate
• Use of individual functionalities of the website (e.g. search enquiries, downloads)
• eCommerce activity (e.g. purchase products, revenues)
• Reference URL (the previously visited site)
6.8.2 Legal basis
Pursuant to Art. 6 Para. 1 (a) GDPR, the legal basis for the use of Google Analytics is the voluntary and revocable consent granted by you. You can withdraw your consent at any time with effect for the future by making the corresponding changes or adjustments to your cookie settings.
6.8.3 Transfer of personal data to third countries
Personal data may be processed in the USA in relation to the use of Google Analytics. The lawfulness of the transfer of this data is based on the EU-US Data Privacy Framework or the Swiss-US Data Privacy Framework. Google LLC has an active certification. Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
6.8.4 Storage duration
Google anonymises personal data 14 months after your last activity, provided that there are no legal obligations to store it.
6.9 Google reCAPTCHA
6.9.1 Scope of the processing
We use Google reCAPTCHA on our website to process the following data among others:
• IP address
• Length of time spent by the visitor on the website
• Mouse movements activated by the user
Further information on Google reCAPTCHA and Google’s privacy policy can be found here: https://www.google.com/intl/de/policies/privacy/
6.9.2 Purpose of the processing
reCAPTCHA checks whether data entered on our websites (e.g. in a contact form) comes from a person or an automated programme. reCAPTCHA does this by using various features to analyse the behaviour of the website visitor. This analysis starts automatically as soon the visitor accesses the website.
6.9.3 Legal basis
Pursuant to Art. 6 Para. 1 (f) GDPR, the legal basis for the data processing is our legitimate interest in protecting our web offers against improper automated spying and spam.
6.9.4 Transfer of personal data to third countries
Personal data may be processed in the USA in relation to the use of Google reCAPTCHA. The lawfulness of the transfer of this data is based on the EU-US Data Privacy Framework or the Swiss-US Data Privacy Framework. Google LLC has an active certification. Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
6.10 Incorporation of services and content from third parties
6.10.1 General information
We use content or service offerings from third-party providers within our online offering in order to integrate their content and services (e.g. videos or fonts) (hereinafter uniformly referred to as “content”).
This always requires that the third-party providers of this content are aware of the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavour only to use such content where the respective providers only use the IP address for delivering the content. Third-party providers can also use so-called pixel tags (invisible graphics, also described as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic to the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer. It may also be combined with such information from other sources.
6.10.2 Google Maps
We integrate maps from the Google Maps service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, IP addresses and location data of the users.
Further information can be found in Google’s privacy policy: https://www.google.com/policies/privacy/
6.10.3 Transfer of personal data to third countries
Personal data may be processed in the USA in relation to the use of Google Maps. The lawfulness of the transfer of this data is based on the EU-US Data Privacy Framework or the Swiss-US Data Privacy Framework. Google LLC has an active certification. Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
7 Your rights
In this section, we provide information about your rights in relation to the processing of your data. The precise scope of the stated right can be found in the corresponding article of the GDPR. If you wish to exercise one of your rights, please contact us via e‑mail (dsb@secjur.com).
7.1 Right to confirmation
You have the right to request confirmation from us as to whether we process your personal data.
7.2 Right to information (Art. 15 GDPR)
You have the right to receive from us at any time free information about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.
7.3 Right to rectification (Art. 16 GDPR)
You have the right to request the correction of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
7.4 Right to erasure (Art. 17 GDPR)
You have the right to demand that personal data concerning you is deleted immediately if one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.
7.5 Right to restriction of processing (Art. 18 GDPR)
You have the right to request that we restrict processing if one of the statutory requirements applies.
7.6 Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, to whom the personal data was provided, if the processing is based on consent as per Art. 6 Para. 1, Section 1 (a) GDPR or Art. 9 Para. 2 (a) GDPR or a contract pursuant to Art. 6 Para. 1 Section 1 (b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority transferred to us.
When exercising your right to data portability as per Art. 20 Para. 1 GDPR, you also have the right to have the personal data transmitted directly from one controller to another, where this is technically feasible and does not affect the rights and freedoms of other individuals.
7.7 Right to object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data which is in the public interest as per Art. 6 Para. 1 Section 1 (e) GDPR or based on our legitimate interest pursuant to Art. 6 Para. 1 Section 1 (f) GDPR.
If you raise an objection, we will no longer process your personal data, unless we can demonstrate compelling justified reasons for the processing that override your interests, rights and freedoms, or that the processing is for asserting, exercising or defending legal claims.
7.8 Revocation of consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time with effect for the future.
7.9 Making a complaint to a supervisory authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.
8 Up-to-dateness and changes to the data protection notice
This data protection notice is currently valid and has the following status: February 2024.
If we further develop our website and our offers, or if the statutory or official regulations change, it may be necessary to change this data protection notice. The current data protection notice can be viewed here at any time.
Revision 09/01/2023 (= 01.09.2023)