PRI­VA­CY POLICY

We are very deligh­ted that you have shown inte­rest in our enter­pri­se. Data pro­tec­tion is of a par­ti­cu­lar­ly high prio­ri­ty for the manage­ment of the Zuer­cher Tech­nik AG. The use of the Inter­net pages of the Zuer­cher Tech­nik AG is pos­si­ble without any indi­ca­ti­on of per­so­nal data; howe­ver, if a data sub­ject wants to use spe­cial enter­pri­se ser­vices via our web­site, pro­ces­sing of per­so­nal data could beco­me necessa­ry. If the pro­ces­sing of per­so­nal data is necessa­ry and the­re is no sta­tu­to­ry basis for such pro­ces­sing, we gene­ral­ly obtain con­sent from the data sub­ject. The pro­ces­sing of per­so­nal data, such as the name, address, e‑mail address, or tele­pho­ne num­ber of a data sub­ject shall always be in line with the Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR), and in accordance with the coun­try-spe­ci­fic data pro­tec­tion regu­la­ti­ons app­li­ca­ble to the Zuer­cher Tech­nik AG . By means of this data pro­tec­tion decla­ra­ti­on, our enter­pri­se would like to inform the gene­ral public of the natu­re, scope, and pur­po­se of the per­so­nal data we collect, use and pro­cess. Fur­ther­mo­re, data sub­jects are infor­med, by means of this data pro­tec­tion decla­ra­ti­on, of the rights to which they are enti­t­led. As the con­trol­ler, the Zuer­cher Tech­nik AG has imple­men­ted nume­rous tech­ni­cal and orga­niz­a­tio­nal mea­su­res to ensu­re the most com­ple­te pro­tec­tion of per­so­nal data pro­ces­sed through this web­site. Howe­ver, Inter­net-based data trans­mis­si­ons may in princip­le have secu­ri­ty gaps, so abso­lu­te pro­tec­tion may not be gua­ran­te­ed. For this rea­son, every data sub­ject is free to trans­fer per­so­nal data to us via alter­na­ti­ve means, e.g. by telephone. 

1. Defi­ni­ti­ons

The data pro­tec­tion decla­ra­ti­on of the Zuer­cher Tech­nik AG is based on the terms used by the Euro­pean legis­la­tor for the adop­ti­on of the Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR). Our data pro­tec­tion decla­ra­ti­on should be legi­ble and under­stand­a­ble for the gene­ral public, as well as our cus­to­mers and busi­ness part­ners. To ensu­re this, we would like to first exp­lain the ter­mi­no­lo­gy used. In this data pro­tec­tion decla­ra­ti­on, we use, inter alia, the fol­lowing terms: 

a) Per­so­nal data

Per­so­nal data means any infor­ma­ti­on rela­ting to an iden­ti­fied or iden­ti­fia­ble natu­ral per­son (“data sub­ject”). An iden­ti­fia­ble natu­ral per­son is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in par­ti­cu­lar by refe­rence to an iden­ti­fier such as a name, an iden­ti­fi­ca­ti­on num­ber, loca­ti­on data, an online iden­ti­fier or to one or more fac­tors spe­ci­fic to the phy­si­cal, phy­sio­lo­gi­cal, gene­tic, men­tal, eco­no­mic, cul­tu­ral or social iden­ti­ty of that natu­ral person. 

b) Data subject

Data sub­ject is any iden­ti­fied or iden­ti­fia­ble natu­ral per­son, who­se per­so­nal data is pro­ces­sed by the con­trol­ler respon­si­ble for the processing.

c) Pro­ces­sing

Pro­ces­sing is any ope­ra­ti­on or set of ope­ra­ti­ons which is per­for­med on per­so­nal data or on sets of per­so­nal data, whe­ther or not by auto­ma­ted means, such as collec­tion, record­ing, orga­ni­sa­ti­on, struc­tu­ring, sto­rage, adap­t­ati­on or alte­ra­ti­on, retrie­val, con­sul­ta­ti­on, use, dis­clo­sure by trans­mis­si­on, dis­se­mi­na­ti­on or other­wi­se making avail­ab­le, align­ment or com­bi­na­ti­on, restric­tion, era­su­re or destruction.

d) Restric­tion of processing

Restric­tion of pro­ces­sing is the mar­king of stored per­so­nal data with the aim of limi­t­ing their pro­ces­sing in the future.

e) Pro­filing

Pro­filing means any form of auto­ma­ted pro­ces­sing of per­so­nal data con­sis­ting of the use of per­so­nal data to eva­lua­te cer­tain per­so­nal aspects rela­ting to a natu­ral per­son, in par­ti­cu­lar to ana­ly­se or pre­dict aspects con­cer­ning that natu­ral person’s per­for­mance at work, eco­no­mic situa­ti­on, health, per­so­nal pre­fe­ren­ces, inte­rests, relia­bi­li­ty, beha­viour, loca­ti­on or movements.

f) Pseud­ony­mi­sa­ti­on

Pseud­ony­mi­sa­ti­on is the pro­ces­sing of per­so­nal data in such a man­ner that the per­so­nal data can no lon­ger be attri­bu­t­ed to a spe­ci­fic data sub­ject without the use of addi­tio­nal infor­ma­ti­on, pro­vi­ded that such addi­tio­nal infor­ma­ti­on is kept sepa­r­ate­ly and is sub­ject to tech­ni­cal and orga­ni­sa­tio­nal mea­su­res to ensu­re that the per­so­nal data are not attri­bu­t­ed to an iden­ti­fied or iden­ti­fia­ble natu­ral person.

g) Con­trol­ler or con­trol­ler respon­si­ble for the processing

Con­trol­ler or con­trol­ler respon­si­ble for the pro­ces­sing is the natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body which, alo­ne or joint­ly with others, deter­mi­nes the pur­po­ses and means of the pro­ces­sing of per­so­nal data; whe­re the pur­po­ses and means of such pro­ces­sing are deter­mi­ned by Uni­on or Mem­ber Sta­te law, the con­trol­ler or the spe­ci­fic cri­te­ria for its nomi­na­ti­on may be pro­vi­ded for by Uni­on or Mem­ber Sta­te law. 

h) Pro­ces­sor

Pro­ces­sor is a natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body which pro­ces­ses per­so­nal data on behalf of the controller.

i) Reci­pi­ent

Reci­pi­ent is a natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or ano­t­her body, to which the per­so­nal data are dis­c­lo­sed, whe­ther a third par­ty or not. Howe­ver, public aut­ho­ri­ties which may recei­ve per­so­nal data in the frame­work of a par­ti­cu­lar inqui­ry in accordance with Uni­on or Mem­ber Sta­te law shall not be regar­ded as reci­pi­ents; the pro­ces­sing of tho­se data by tho­se public aut­ho­ri­ties shall be in com­pli­an­ce with the app­li­ca­ble data pro­tec­tion rules accord­ing to the pur­po­ses of the processing. 

j) Third party

Third par­ty is a natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or body other than the data sub­ject, con­trol­ler, pro­ces­sor and per­sons who, under the direct aut­ho­ri­ty of the con­trol­ler or pro­ces­sor, are aut­ho­ri­sed to pro­cess per­so­nal data.

k) Con­sent

Con­sent of the data sub­ject is any free­ly given, spe­ci­fic, infor­med and unam­bi­guous indi­ca­ti­on of the data subject’s wis­hes by which he or she, by a state­ment or by a clear affir­ma­ti­ve action, signi­fies agree­ment to the pro­ces­sing of per­so­nal data rela­ting to him or her.

2. Name and Address of the controller

Con­trol­ler for the pur­po­ses of the Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR), other data pro­tec­tion laws app­li­ca­ble in Mem­ber sta­tes of the Euro­pean Uni­on and other pro­vi­si­ons rela­ted to data pro­tec­tion is:

Zuer­cher Tech­nik AG
Neu­matt­stras­se 6
4450 Sissach / Schweiz
Tel.: +41 61 975 10 10
E‑Mail: info@zt-bug.wps-projects.ch
Web­site: www.zuercher.com

3. Coo­kies

Die Inter­net­sei­ten der Zuer­cher Tech­nik AG ver­wen­den Coo­kies. Coo­kies sind Text­da­tei­en, wel­che über einen Inter­net­brow­ser auf einem Com­pu­ter­sys­tem abge­legt und gespei­chert wer­den.
The Inter­net pages of the Zuer­cher Tech­nik AG use coo­kies. Coo­kies are text files that are stored in a com­pu­ter sys­tem via an Inter­net brow­ser. Many Inter­net sites and ser­vers use coo­kies. Many coo­kies con­tain a so-cal­led coo­kie ID. A coo­kie ID is a uni­que iden­ti­fier of the coo­kie. It con­sists of a cha­rac­ter string through which Inter­net pages and ser­vers can be assi­gned to the spe­ci­fic Inter­net brow­ser in which the coo­kie was stored. This allows visi­ted Inter­net sites and ser­vers to dif­fe­ren­tia­te the indi­vi­du­al brow­ser of the data sub­ject from other Inter­net brow­sers that con­tain other coo­kies. A spe­ci­fic Inter­net brow­ser can be reco­gni­zed and iden­ti­fied using the uni­que coo­kie ID.
Through the use of coo­kies, the Zuer­cher Tech­nik AG can pro­vi­de the users of this web­site with more user-friend­ly ser­vices that would not be pos­si­ble without the coo­kie set­ting.
The Inter­net pages of the Zuer­cher Tech­nik AG use coo­kies. Coo­kies are text files that are stored in a com­pu­ter sys­tem via an Inter­net brow­ser. Many Inter­net sites and ser­vers use coo­kies. Many coo­kies con­tain a so-cal­led coo­kie ID. A coo­kie ID is a uni­que iden­ti­fier of the coo­kie. It con­sists of a cha­rac­ter string through which Inter­net pages and ser­vers can be assi­gned to the spe­ci­fic Inter­net brow­ser in which the coo­kie was stored. This allows visi­ted Inter­net sites and ser­vers to dif­fe­ren­tia­te the indi­vi­du­al brow­ser of the data sub­ject from other Inter­net brow­sers that con­tain other coo­kies. A spe­ci­fic Inter­net brow­ser can be reco­gni­zed and iden­ti­fied using the uni­que coo­kie ID. Through the use of coo­kies, the Zuer­cher Tech­nik AG can pro­vi­de the users of this web­site with more user-friend­ly ser­vices that would not be pos­si­ble without the coo­kie set­ting. By means of a coo­kie, the infor­ma­ti­on and offers on our web­site can be opti­mi­zed with the user in mind. Coo­kies allow us, as pre­vious­ly men­tio­ned, to reco­gni­ze our web­site users. The pur­po­se of this reco­gni­ti­on is to make it easier for users to uti­li­ze our web­site. The web­site user that uses coo­kies, e.g. does not have to enter access data each time the web­site is acces­sed, becau­se this is taken over by the web­site, and the coo­kie is thus stored on the user’s com­pu­ter sys­tem. Ano­t­her examp­le is the coo­kie of a shop­ping cart in an online shop. The online store remem­bers the arti­cles that a cus­to­mer has pla­ced in the vir­tu­al shop­ping cart via a coo­kie. The data sub­ject may, at any time, pre­vent the set­ting of coo­kies through our web­site by means of a cor­re­spon­ding set­ting of the Inter­net brow­ser used, and may thus per­ma­nent­ly deny the set­ting of coo­kies. Fur­ther­mo­re, alrea­dy set coo­kies may be dele­ted at any time via an Inter­net brow­ser or other soft­ware pro­grams. This is pos­si­ble in all popu­lar Inter­net brow­sers. If the data sub­ject deac­ti­va­tes the set­ting of coo­kies in the Inter­net brow­ser used, not all func­tions of our web­site may be ent­i­re­ly usable. 

4. Collec­tion of gene­ral data and information

The web­site of the Zuer­cher Tech­nik AG collects a seri­es of gene­ral data and infor­ma­ti­on when a data sub­ject or auto­ma­ted sys­tem calls up the web­site. This gene­ral data and infor­ma­ti­on are stored in the ser­ver log files. Collec­ted may be (1) the brow­ser types and ver­si­ons used, (2) the ope­ra­ting sys­tem used by the acces­sing sys­tem, (3) the web­site from which an acces­sing sys­tem reaches our web­site (so-cal­led refer­rers), (4) the sub-web­sites, (5) the date and time of access to the Inter­net site, (6) an Inter­net pro­to­col address (IP address), (7) the Inter­net ser­vice pro­vi­der of the acces­sing sys­tem, and (8) any other simi­lar data and infor­ma­ti­on that may be used in the event of attacks on our infor­ma­ti­on tech­no­lo­gy sys­tems. When using the­se gene­ral data and infor­ma­ti­on, the Zuer­cher Tech­nik AG does not draw any con­clu­si­ons about the data sub­ject. Rather, this infor­ma­ti­on is nee­ded to (1) deli­ver the con­tent of our web­site cor­rect­ly, (2) opti­mi­ze the con­tent of our web­site as well as its adver­ti­se­ment, (3) ensu­re the long-term via­bi­li­ty of our infor­ma­ti­on tech­no­lo­gy sys­tems and web­site tech­no­lo­gy, and (4) pro­vi­de law enfor­ce­ment aut­ho­ri­ties with the infor­ma­ti­on necessa­ry for cri­mi­nal pro­se­cu­ti­on in case of a cyber-attack. The­re­fo­re, the Zuer­cher Tech­nik AG ana­ly­zes anony­mous­ly collec­ted data and infor­ma­ti­on sta­tis­ti­cal­ly, with the aim of incre­a­sing the data pro­tec­tion and data secu­ri­ty of our enter­pri­se, and to ensu­re an opti­mal level of pro­tec­tion for the per­so­nal data we pro­cess. The anony­mous data of the ser­ver log files are stored sepa­r­ate­ly from all per­so­nal data pro­vi­ded by a data subject. 

5. Regis­tra­ti­on on our website

The data sub­ject has the pos­si­bi­li­ty to regis­ter on the web­site of the con­trol­ler with the indi­ca­ti­on of per­so­nal data. Which per­so­nal data are trans­mit­ted to the con­trol­ler is deter­mi­ned by the respec­ti­ve input mask used for the regis­tra­ti­on. The per­so­nal data ent­e­red by the data sub­ject are collec­ted and stored exclu­si­ve­ly for inter­nal use by the con­trol­ler, and for his own pur­po­ses. The con­trol­ler may request trans­fer to one or more pro­ces­sors (e.g. a par­cel ser­vice) that also uses per­so­nal data for an inter­nal pur­po­se which is attri­bu­ta­ble to the con­trol­ler. By regis­tering on the web­site of the con­trol­ler, the IP address—assigned by the Inter­net ser­vice pro­vi­der (ISP) and used by the data subject—date, and time of the regis­tra­ti­on are also stored. The sto­rage of this data takes place against the back­ground that this is the only way to pre­vent the misu­se of our ser­vices, and, if necessa­ry, to make it pos­si­ble to inves­ti­ga­te com­mit­ted offen­ses. Inso­far, the sto­rage of this data is necessa­ry to secu­re the con­trol­ler. This data is not pas­sed on to third par­ties unless the­re is a sta­tu­to­ry obli­ga­ti­on to pass on the data, or if the trans­fer ser­ves the aim of cri­mi­nal pro­se­cu­ti­on. The regis­tra­ti­on of the data sub­ject, with the vol­un­ta­ry indi­ca­ti­on of per­so­nal data, is inten­ded to enab­le the con­trol­ler to offer the data sub­ject con­tents or ser­vices that may only be offe­red to regis­tered users due to the natu­re of the mat­ter in ques­ti­on. Regis­tered per­sons are free to chan­ge the per­so­nal data spe­ci­fied during the regis­tra­ti­on at any time, or to have them com­ple­te­ly dele­ted from the data stock of the con­trol­ler. The data con­trol­ler shall, at any time, pro­vi­de infor­ma­ti­on upon request to each data sub­ject as to what per­so­nal data are stored about the data sub­ject. In addi­ti­on, the data con­trol­ler shall cor­rect or era­se per­so­nal data at the request or indi­ca­ti­on of the data sub­ject, inso­far as the­re are no sta­tu­to­ry sto­rage obli­ga­ti­ons. The ent­i­re­ty of the controller’s employees is avail­ab­le to the data sub­ject in this respect as con­ta­ct persons. 

6. Con­ta­ct pos­si­bi­li­ty via the website

The web­site of the Zuer­cher Tech­nik AG con­tains infor­ma­ti­on that enab­les a quick elec­tro­nic con­ta­ct to our enter­pri­se, as well as direct com­mu­ni­ca­ti­on with us, which also inclu­des a gene­ral address of the so-cal­led elec­tro­nic mail (e‑mail address). If a data sub­ject con­ta­cts the con­trol­ler by e‑mail or via a con­ta­ct form, the per­so­nal data trans­mit­ted by the data sub­ject are auto­ma­ti­cal­ly stored. Such per­so­nal data trans­mit­ted on a vol­un­ta­ry basis by a data sub­ject to the data con­trol­ler are stored for the pur­po­se of pro­ces­sing or con­ta­c­ting the data sub­ject. The­re is no trans­fer of this per­so­nal data to third parties. 

7. Comments func­tion in the blog on the website

The Zuer­cher Tech­nik AG offers users the pos­si­bi­li­ty to lea­ve indi­vi­du­al comments on indi­vi­du­al blog con­tri­bu­ti­ons on a blog, which is on the web­site of the con­trol­ler. A blog is a web-based, publicly-acces­si­ble por­tal, through which one or more peop­le cal­led blog­gers or web-blog­gers may post arti­cles or wri­te down thoughts in so-cal­led blog­posts. Blog­posts may usual­ly be com­men­ted by third par­ties. If a data sub­ject lea­ves a com­ment on the blog publis­hed on this web­site, the comments made by the data sub­ject are also stored and publis­hed, as well as infor­ma­ti­on on the date of the com­men­ta­ry and on the user’s (pseud­onym) cho­sen by the data sub­ject. In addi­ti­on, the IP address assi­gned by the Inter­net ser­vice pro­vi­der (ISP) to the data sub­ject is also log­ged. This sto­rage of the IP address takes place for secu­ri­ty rea­sons, and in case the data sub­ject vio­la­tes the rights of third par­ties, or posts ille­gal con­tent through a given com­ment. The sto­rage of the­se per­so­nal data is, the­re­fo­re, in the own inte­rest of the data con­trol­ler, so that he can excul­pa­te in the event of an infrin­ge­ment. This collec­ted per­so­nal data will not be pas­sed to third par­ties, unless such a trans­fer is requi­red by law or ser­ves the aim of the defence of the data controller. 

8. Rou­ti­ne era­su­re and blo­cking of per­so­nal data

The data con­trol­ler shall pro­cess and store the per­so­nal data of the data sub­ject only for the peri­od necessa­ry to achie­ve the pur­po­se of sto­rage, or as far as this is gran­ted by the Euro­pean legis­la­tor or other legis­la­tors in laws or regu­la­ti­ons to which the con­trol­ler is sub­ject to.
If the sto­rage pur­po­se is not app­li­ca­ble, or if a sto­rage peri­od pre­scri­bed by the Euro­pean legis­la­tor or ano­t­her com­pe­tent legis­la­tor expi­res, the per­so­nal data are rou­ti­nely blo­cked or era­sed in accordance with legal requirements.

9. Rights of the data subject

a) Right of confirmation

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to obtain from the con­trol­ler the con­fir­ma­ti­on as to whe­ther or not per­so­nal data con­cer­ning him or her are being pro­ces­sed. If a data sub­ject wis­hes to avail hims­elf of this right of con­fir­ma­ti­on, he or she may, at any time, con­ta­ct any employee of the controller. 

b) Right of access

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to obtain from the con­trol­ler the con­fir­ma­ti­on as to whe­ther or not per­so­nal data con­cer­ning him or her are being pro­ces­sed. If a data sub­ject wis­hes to avail hims­elf of this right of con­fir­ma­ti­on, he or she may, at any time, con­ta­ct any employee of the con­trol­ler.
● the pur­po­ses of the pro­ces­sing;
● the cate­go­ries of per­so­nal data con­cer­ned;
● the reci­pi­ents or cate­go­ries of reci­pi­ents to whom the per­so­nal data have been or will be dis­c­lo­sed, in par­ti­cu­lar reci­pi­ents in third coun­tries or inter­na­tio­nal orga­ni­sa­ti­ons;
● whe­re pos­si­ble, the envi­sa­ged peri­od for which the per­so­nal data will be stored, or, if not pos­si­ble, the cri­te­ria used to deter­mi­ne that peri­od;
● the exis­tence of the right to request from the con­trol­ler rec­ti­fi­ca­ti­on or era­su­re of per­so­nal data, or restric­tion of pro­ces­sing of per­so­nal data con­cer­ning the data sub­ject, or to object to such pro­ces­sing;
● the exis­tence of the right to lodge a com­p­laint with a super­vi­so­ry aut­ho­ri­ty;
● whe­re the per­so­nal data are not collec­ted from the data sub­ject, any avail­ab­le infor­ma­ti­on as to their source;
● the exis­tence of auto­ma­ted decisi­on-making, inclu­ding pro­filing, refer­red to in Arti­cle 22(1) and (4) of the GDPR and, at least in tho­se cases, mea­ning­ful infor­ma­ti­on about the logic invol­ved, as well as the signi­fi­can­ce and envi­sa­ged con­se­quen­ces of such pro­ces­sing for the data sub­ject. Fur­ther­mo­re, the data sub­ject shall have a right to obtain infor­ma­ti­on as to whe­ther per­so­nal data are trans­fer­red to a third coun­try or to an inter­na­tio­nal orga­ni­sa­ti­on. Whe­re this is the case, the data sub­ject shall have the right to be infor­med of the appro­pria­te safe­guards rela­ting to the trans­fer.
If a data sub­ject wis­hes to avail hims­elf of this right of access, he or she may, at any time, con­ta­ct any employee of the controller.

c) Right to rectification

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to obtain from the con­trol­ler without undue delay the rec­ti­fi­ca­ti­on of inac­cu­ra­te per­so­nal data con­cer­ning him or her. Taking into account the pur­po­ses of the pro­ces­sing, the data sub­ject shall have the right to have incom­ple­te per­so­nal data com­ple­ted, inclu­ding by means of pro­vi­ding a sup­ple­men­ta­ry state­ment. If a data sub­ject wis­hes to exer­cise this right to rec­ti­fi­ca­ti­on, he or she may, at any time, con­ta­ct any employee of the controller. 

d) Right to era­su­re (Right to be forgotten)

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to obtain from the con­trol­ler the era­su­re of per­so­nal data con­cer­ning him or her without undue delay, and the con­trol­ler shall have the obli­ga­ti­on to era­se per­so­nal data without undue delay whe­re one of the fol­lowing grounds app­lies, as long as the pro­ces­sing is not necessa­ry:
● The per­so­nal data are no lon­ger necessa­ry in rela­ti­on to the pur­po­ses for which they were collec­ted or other­wi­se pro­ces­sed.
● The data sub­ject with­draws con­sent to which the pro­ces­sing is based accord­ing to point (a) of Arti­cle 6(1) of the GDPR, or point (a) of Arti­cle 9(2) of the GDPR, and whe­re the­re is no other legal ground for the processing. 

● The data sub­ject with­draws con­sent to which the pro­ces­sing is based accord­ing to point (a) of Arti­cle 6(1) of the GDPR, or point (a) of Arti­cle 9(2) of the GDPR, and whe­re the­re is no other legal ground for the processing. 

● The per­so­nal data have been unlaw­ful­ly processed.

● The per­so­nal data must be era­sed for com­pli­an­ce with a legal obli­ga­ti­on in Uni­on or Mem­ber Sta­te law to which the con­trol­ler is subject.

● The per­so­nal data have been collec­ted in rela­ti­on to the offer of infor­ma­ti­on socie­ty ser­vices refer­red to in Arti­cle 8(1) of the GDPR. 

If one of the afo­re­men­tio­ned rea­sons app­lies, and a data sub­ject wis­hes to request the era­su­re of per­so­nal data stored by the Zuer­cher Tech­nik AG, he or she may, at any time, con­ta­ct any employee of the con­trol­ler. An employee of Zuer­cher Tech­nik AG shall prompt­ly ensu­re that the era­su­re request is com­plied with immedia­te­ly. Whe­re the con­trol­ler has made per­so­nal data public and is obli­ged pur­suant to Arti­cle 17(1) to era­se the per­so­nal data, the con­trol­ler, taking account of avail­ab­le tech­no­lo­gy and the cost of imple­men­ta­ti­on, shall take rea­son­ab­le steps, inclu­ding tech­ni­cal mea­su­res, to inform other con­trol­lers pro­ces­sing the per­so­nal data that the data sub­ject has reques­ted era­su­re by such con­trol­lers of any links to, or copy or repli­ca­ti­on of, tho­se per­so­nal data, as far as pro­ces­sing is not requi­red. An employee of the Zuer­cher Tech­nik AG will arran­ge the necessa­ry mea­su­res in indi­vi­du­al cases. 

e) Right of restric­tion of processing

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to obtain from the con­trol­ler restric­tion of pro­ces­sing whe­re one of the fol­lowing app­lies:
● The accu­ra­cy of the per­so­nal data is con­tes­ted by the data sub­ject, for a peri­od enab­ling the con­trol­ler to veri­fy the accu­ra­cy of the per­so­nal data.
● The pro­ces­sing is unlaw­ful and the data sub­ject oppo­ses the era­su­re of the per­so­nal data and requests ins­tead the restric­tion of their use ins­tead.
● The con­trol­ler no lon­ger needs the per­so­nal data for the pur­po­ses of the pro­ces­sing, but they are requi­red by the data sub­ject for the estab­lish­ment, exer­cise or defence of legal claims.
● The data sub­ject has objec­ted to pro­ces­sing pur­suant to Arti­cle 21(1) of the GDPR pen­ding the veri­fi­ca­ti­on whe­ther the legi­ti­ma­te grounds of the con­trol­ler over­ri­de tho­se of the data subject. 

If one of the afo­re­men­tio­ned con­di­ti­ons is met, and a data sub­ject wis­hes to request the restric­tion of the pro­ces­sing of per­so­nal data stored by the Zuer­cher Tech­nik AG, he or she may at any time con­ta­ct any employee of the con­trol­ler. The employee of the Zuer­cher Tech­nik AG will arran­ge the restric­tion of the processing. 

f) Right to data portability

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor, to recei­ve the per­so­nal data con­cer­ning him or her, which was pro­vi­ded to a con­trol­ler, in a struc­tu­red, com­mon­ly used and machi­ne-read­a­ble for­mat. He or she shall have the right to trans­mit tho­se data to ano­t­her con­trol­ler without hin­dran­ce from the con­trol­ler to which the per­so­nal data have been pro­vi­ded, as long as the pro­ces­sing is based on con­sent pur­suant to point (a) of Arti­cle 6(1) of the GDPR or point (a) of Arti­cle 9(2) of the GDPR, or on a con­tract pur­suant to point (b) of Arti­cle 6(1) of the GDPR, and the pro­ces­sing is car­ri­ed out by auto­ma­ted means, as long as the pro­ces­sing is not necessa­ry for the per­for­mance of a task car­ri­ed out in the public inte­rest or in the exer­cise of offi­cial aut­ho­ri­ty ves­ted in the controller. 

Fur­ther­mo­re, in exer­cis­ing his or her right to data por­ta­bi­li­ty pur­suant to Arti­cle 20(1) of the GDPR, the data sub­ject shall have the right to have per­so­nal data trans­mit­ted direct­ly from one con­trol­ler to ano­t­her, whe­re tech­ni­cal­ly fea­si­ble and when doing so does not adver­se­ly affect the rights and free­doms of others. In order to assert the right to data por­ta­bi­li­ty, the data sub­ject may at any time con­ta­ct any employee of the Zuer­cher Tech­nik AG. 

g) Right to object

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to object, on grounds rela­ting to his or her par­ti­cu­lar situa­ti­on, at any time, to pro­ces­sing of per­so­nal data con­cer­ning him or her, which is based on point (e) or (f) of Arti­cle 6(1) of the GDPR. This also app­lies to pro­filing based on the­se pro­vi­si­ons. The Zuer­cher Tech­nik AG shall no lon­ger pro­cess the per­so­nal data in the event of the objec­tion, unless we can demons­tra­te com­pel­ling legi­ti­ma­te grounds for the pro­ces­sing which over­ri­de the inte­rests, rights and free­doms of the data sub­ject, or for the estab­lish­ment, exer­cise or defence of legal claims. 

If the Zuer­cher Tech­nik AG pro­ces­ses per­so­nal data for direct mar­ke­ting pur­po­ses, the data sub­ject shall have the right to object at any time to pro­ces­sing of per­so­nal data con­cer­ning him or her for such mar­ke­ting. This app­lies to pro­filing to the extent that it is rela­ted to such direct mar­ke­ting. If the data sub­ject objects to the Zuer­cher Tech­nik AG to the pro­ces­sing for direct mar­ke­ting pur­po­ses, the Zuer­cher Tech­nik AG will no lon­ger pro­cess the per­so­nal data for the­se pur­po­ses. In addi­ti­on, the data sub­ject has the right, on grounds rela­ting to his or her par­ti­cu­lar situa­ti­on, to object to pro­ces­sing of per­so­nal data con­cer­ning him or her by the Zuer­cher Tech­nik AG for sci­en­ti­fic or his­to­ri­cal rese­arch pur­po­ses, or for sta­tis­ti­cal pur­po­ses pur­suant to Arti­cle 89(1) of the GDPR, unless the pro­ces­sing is necessa­ry for the per­for­mance of a task car­ri­ed out for rea­sons of public inte­rest. In order to exer­cise the right to object, the data sub­ject may con­ta­ct any employee of the Zuer­cher Tech­nik AG. In addi­ti­on, the data sub­ject is free in the con­text of the use of infor­ma­ti­on socie­ty ser­vices, and not­with­stan­ding Direc­ti­ve 2002/58/EC, to use his or her right to object by auto­ma­ted means using tech­ni­cal specifications. 

h) Auto­ma­ted indi­vi­du­al decisi­on-making, inclu­ding profiling

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor not to be sub­ject to a decisi­on based sole­ly on auto­ma­ted pro­ces­sing, inclu­ding pro­filing, which pro­du­ces legal effects con­cer­ning him or her, or simi­lar­ly signi­fi­cant­ly affects him or her, as long as the decisi­on (1) is not is necessa­ry for ent­e­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and a data con­trol­ler, or (2) is not aut­ho­ri­sed by Uni­on or Mem­ber Sta­te law to which the con­trol­ler is sub­ject and which also lays down sui­ta­ble mea­su­res to safe­guard the data subject’s rights and free­doms and legi­ti­ma­te inte­rests, or (3) is not based on the data subject’s expli­cit con­sent. If the decisi­on (1) is necessa­ry for ent­e­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and a data con­trol­ler, or (2) it is based on the data subject’s expli­cit con­sent, the Zuer­cher Tech­nik AG shall imple­ment sui­ta­ble mea­su­res to safe­guard the data subject’s rights and free­doms and legi­ti­ma­te inte­rests, at least the right to obtain human inter­ven­ti­on on the part of the con­trol­ler, to express his or her point of view and con­test the decisi­on. If the data sub­ject wis­hes to exer­cise the rights con­cer­ning auto­ma­ted indi­vi­du­al decisi­on-making, he or she may, at any time, con­ta­ct any employee of the Zuer­cher Tech­nik AG. 

i) Right to with­draw data pro­tec­tion consent

Each data sub­ject shall have the right gran­ted by the Euro­pean legis­la­tor to with­draw his or her con­sent to pro­ces­sing of his or her per­so­nal data at any time. If the data sub­ject wis­hes to exer­cise the right to with­draw the con­sent, he or she may, at any time, con­ta­ct any employee of the Zuer­cher Tech­nik AG. 

10. Data pro­tec­tion for app­li­ca­ti­ons and the app­li­ca­ti­on procedures

The data con­trol­ler shall collect and pro­cess the per­so­nal data of app­li­cants for the pur­po­se of the pro­ces­sing of the app­li­ca­ti­on pro­ce­du­re. The pro­ces­sing may also be car­ri­ed out elec­tro­ni­cal­ly. This is the case, in par­ti­cu­lar, if an app­li­cant sub­mits cor­re­spon­ding app­li­ca­ti­on docu­ments by e‑mail or by means of a web form on the web­site to the con­trol­ler. If the data con­trol­ler con­clu­des an employ­ment con­tract with an app­li­cant, the sub­mit­ted data will be stored for the pur­po­se of pro­ces­sing the employ­ment rela­ti­ons­hip in com­pli­an­ce with legal requi­re­ments. If no employ­ment con­tract is con­clu­ded with the app­li­cant by the con­trol­ler, the app­li­ca­ti­on docu­ments shall be auto­ma­ti­cal­ly era­sed two mon­ths after noti­fi­ca­ti­on of the refu­sal decisi­on, pro­vi­ded that no other legi­ti­ma­te inte­rests of the con­trol­ler are oppo­sed to the era­su­re. Other legi­ti­ma­te inte­rest in this rela­ti­on is, e.g. a bur­den of pro­of in a pro­ce­du­re under the Gene­ral Equal Tre­at­ment Act (AGG).

11. Legal basis for the processing

Art. 6(1) lit. a GDPR ser­ves as the legal basis for pro­ces­sing ope­ra­ti­ons for which we obtain con­sent for a spe­ci­fic pro­ces­sing pur­po­se. If the pro­ces­sing of per­so­nal data is necessa­ry for the per­for­mance of a con­tract to which the data sub­ject is par­ty, as is the case, for examp­le, when pro­ces­sing ope­ra­ti­ons are necessa­ry for the sup­ply of goods or to pro­vi­de any other ser­vice, the pro­ces­sing is based on Arti­cle 6(1) lit. b GDPR. The same app­lies to such pro­ces­sing ope­ra­ti­ons which are necessa­ry for car­ry­ing out pre-con­trac­tu­al mea­su­res, for examp­le in the case of inqui­ries con­cer­ning our pro­ducts or ser­vices. Is our com­pa­ny sub­ject to a legal obli­ga­ti­on by which pro­ces­sing of per­so­nal data is requi­red, such as for the ful­fill­ment of tax obli­ga­ti­ons, the pro­ces­sing is based on Art. 6(1) lit. c GDPR. In rare cases, the pro­ces­sing of per­so­nal data may be necessa­ry to pro­tect the vital inte­rests of the data sub­ject or of ano­t­her natu­ral per­son. This would be the case, for examp­le, if a visi­tor were inju­red in our com­pa­ny and his name, age, health insuran­ce data or other vital infor­ma­ti­on would have to be pas­sed on to a doc­tor, hos­pi­tal or other third par­ty. Then the pro­ces­sing would be based on Art. 6(1) lit. d GDPR. Final­ly, pro­ces­sing ope­ra­ti­ons could be based on Arti­cle 6(1) lit. f GDPR. This legal basis is used for pro­ces­sing ope­ra­ti­ons which are not cove­r­ed by any of the abo­ve­men­tio­ned legal grounds, if pro­ces­sing is necessa­ry for the pur­po­ses of the legi­ti­ma­te inte­rests pur­sued by our com­pa­ny or by a third par­ty, except whe­re such inte­rests are over­rid­den by the inte­rests or fun­da­men­tal rights and free­doms of the data sub­ject which requi­re pro­tec­tion of per­so­nal data. Such pro­ces­sing ope­ra­ti­ons are par­ti­cu­lar­ly per­mis­si­ble becau­se they have been spe­ci­fi­cal­ly men­tio­ned by the Euro­pean legis­la­tor. He con­si­de­red that a legi­ti­ma­te inte­rest could be assu­med if the data sub­ject is a cli­ent of the con­trol­ler (Reci­tal 47 Sen­tence 2 GDPR). 

12. The legi­ti­ma­te inte­rests pur­sued by the con­trol­ler or by a third party

Whe­re the pro­ces­sing of per­so­nal data is based on Arti­cle 6(1) lit. f GDPR our legi­ti­ma­te inte­rest is to car­ry out our busi­ness in favor of the well-being of all our employees and the shareholders. 

13. Peri­od for which the per­so­nal data will be stored

The cri­te­ria used to deter­mi­ne the peri­od of sto­rage of per­so­nal data is the respec­ti­ve sta­tu­to­ry reten­ti­on peri­od. After expi­ra­ti­on of that peri­od, the cor­re­spon­ding data is rou­ti­nely dele­ted, as long as it is no lon­ger necessa­ry for the ful­fill­ment of the con­tract or the initia­ti­on of a contract. 

14. Pro­vi­si­on of per­so­nal data as sta­tu­to­ry or con­trac­tu­al requi­re­ment; Requi­re­ment necessa­ry to enter into a con­tract; Obli­ga­ti­on of the data sub­ject to pro­vi­de the per­so­nal data; pos­si­ble con­se­quen­ces of fail­u­re to pro­vi­de such data

We cla­ri­fy that the pro­vi­si­on of per­so­nal data is part­ly requi­red by law (e.g. tax regu­la­ti­ons) or can also result from con­trac­tu­al pro­vi­si­ons (e.g. infor­ma­ti­on on the con­trac­tu­al part­ner). Some­ti­mes it may be necessa­ry to con­clu­de a con­tract that the data sub­ject pro­vi­des us with per­so­nal data, which must sub­se­quent­ly be pro­ces­sed by us. The data sub­ject is, for examp­le, obli­ged to pro­vi­de us with per­so­nal data when our com­pa­ny signs a con­tract with him or her. The non-pro­vi­si­on of the per­so­nal data would have the con­se­quence that the con­tract with the data sub­ject could not be con­clu­ded. Befo­re per­so­nal data is pro­vi­ded by the data sub­ject, the data sub­ject must con­ta­ct any employee. The employee cla­ri­fies to the data sub­ject whe­ther the pro­vi­si­on of the per­so­nal data is requi­red by law or con­tract or is necessa­ry for the con­clu­si­on of the con­tract, whe­ther the­re is an obli­ga­ti­on to pro­vi­de the per­so­nal data and the con­se­quen­ces of non-pro­vi­si­on of the per­so­nal data. 

15. Exis­tence of auto­ma­ted decision-making

As a respon­si­ble com­pa­ny, we do not use auto­ma­tic decisi­on-making or profiling.

Your Zuer­cher Tech­nik AG

Zuer­cher Tech­nik AG, Rev. 3, 01 / 2022