1 General information on data processing and legal bases
1.1 Scope of application
1.2 Definitions of terms
For definitions of terms such as “personal data” or “processing”, please refer to the definitions set out in Article 4 GDPR (General Data Protection Regulation).
1.3 Data categories
The personal data processed by ALFA Klebstoffe AG includes user data (e.g. names and addresses), contact data (e.g. email and telephone numbers), content data (e.g. text input), contract data (e.g. payment information and customer categories), usage data (e.g. access time and visited websites), meta/ communication data (i.e. IP addresses) and applicant data (e.g. contact details and application documents).
We process personal data in strict compliance with applicable data protection laws and regulations. This means that we will only process user data with the user’s consent, or if required to so by law, i.e. where the processing is necessary to provide our contractual services (e.g. order processing) or required by law, the data subject has given consent to the processing, or the processing is necessary to pursue our legitimate interests (i.e. analysis, optimisation and economic operation and security of our websites in the meaning of Article 6 (1) (f) GDPR, in particular when collecting access data and using the services of third-party providers).
1.6 Legal notice
Please note that the legal basis for consent is Article 6 (1) (a) and Article 7 GDPR, the legal basis for the performance of contract and the implementation of pre-contractual measures is Article 6 (1) (b) GDPR, the legal basis for processing necessary for compliance with a legal obligations Article 6 (1) (c) GDPR, and the legal basis for processing necessary to pursue our legitimate interests is Article 6 (1) (f) GDPR.
2 Protection measures
We take organisational, contractual and technical protection measures based on the latest technology standards to ensure compliance with data protection laws and regulations to protect the personal data we process against accidental or deliberate manipulation, loss, destruction or access by unauthorised persons.
The security measures include, in particular, the encrypted transmission of data between your browser and our servers.
3 Transfers of data to third parties
We will only pass data on to third parties if we are required to do so by law. We will only pass user data on to third parties if it is necessary for the performance of a contract in accordance with Article 6 (1) (b) GDPR or for the purposes of the legitimate interests of efficient and effective business operations in accordance with Article 6 (1) (f) GDPR.
Where we use subcontractors to provide our services, we will take appropriate legal, technical and organisational measures to protect personal data in accordance with applicable laws and regulations.
3.3 Third countries
4 Provision of contractual services
We process user data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of meeting our contractual obligations and the provision of services in accordance with Article 6 (1) (b) GDPR.
When users contact us (by email, post, in person or by telephone) we collect user information to process the contact request in accordance with Article 6 (1) (b) GDPR.
User information can be stored in our customer relationship management system (“CRM system”).
5.3 CRM system
We run the software and store data on our own servers in Switzerland. We protect these servers.
6 Collection of access data and log files
On the basis of our legitimate interests in the meaning of Article 6 (1) (f) GDPR, our website operator (Hostpoint AG, Switzerland) collects data about each access to its servers on which our web service is located (so-called server log files). The access data include the name of the accessed website, file, date and time of access, amount of data transferred, notification on successful access, browser type plus version, the operating system of the user, referrer URL (previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. to investigate abusive or fraudulent activities) for a maximum of 1 month and then erased (by log rotation). Data which needs to be stored to provide evidence are exempt from erasure until the relevant incident has been resolved.
ALFA Klebstoffe AG is not in the position to identify users based on the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the operating system of the user, referrer URL (previously visited website), IP address and the accessing provider. This reflects the type and core competences of the company. Articles 15-20 GDPR, therefore, do not apply to website-related data collection carried out by Hostpoint AG, Switzerland except where the data subject, for the purpose of exercising his or her rights under Articles 15-20 GDPR, provides additional information enabling his or her identification.
Cookies are information packets sent by our or third-party web servers to user web browsers, where they are stored for later retrieval. Cookies can be small files or other types of stored information.
You can prevent cookies from being stored on your computer by deactivating the relevant option in your browser settings. You can also delete previously stored cookies in the system settings of your browser. Please note that if you block cookies, this may limit the functionality of our website.
The purpose of this information is to provide you with details about the content of our newsletter, the subscription, distribution and statistical analysis procedures as well as your right to object. By subscribing to our newsletter, you consent to receiving the newsletter and the procedures described.
We send newsletters, emails and other electronic communications containing promotional information (hereinafter referred to as the “newsletter”) only with the consent of the recipient or where we are permitted to do so by law. If subscription to the newsletter involves a concrete description of its content, then this description shall form the basis on which the user agrees to receive the newsletter. Our newsletters contain information about our products, offers, promotions, trade shows and our company.
8.3 Double opt-in
The subscription to our newsletter takes place in a so-called double opt-in procedure. This means that upon subscription, you will receive an email requesting confirmation of the subscription. This confirmation is necessary to prevent anyone using third-party addresses to subscribe to the newsletter. In addition, the newsletter subscriptions are logged to provide documentary evidence of compliance with legal requirements. In particular, the time and date of the subscription and confirmation are stored. These data are logged by our mailing provider.
8.4 Mailing provider
8.5 Use of data
The mailing provider may use this data in pseudonymised form, i.e. without attributing it to a specific user, to optimise or improve their own services, e.g. for technical optimisation of the mailing process and the presentation of the newsletter or for statistical purposes, to determine the countries of origin of the recipients. However, the mailing provider does not use the data of our newsletter recipients to contact them or to pass their details on to third parties.
8.6 Subscription data
To sign up for the newsletter, it is sufficient to provide your email address and the topics you are interested in. All other information is voluntary and helps us to tailor the newsletter to your individual interests.
8.7 Statistical collection and analysis
The legal basis for the use of the mailing provider, the implementation of statistical surveys and analyses as well as the logging of the subscription process is Article 6 (1) (f) GDPR. Our objective is to use a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of our users.
8.8 Cancellation / withdrawal
You can cancel your subscription, i.e. withdraw your consent, to our newsletter at any time. At the same time, this will also have the effect of withdrawing your consent to mailing the newsletter by the mailing provider and the statistical analyses. It is not possible to withdraw your consent separately to mailing by the mailing provider or the statistical analysis. A subscription cancellation link is provided at the end of each newsletter. If you have only subscribed to the newsletter and you have cancelled your subscription, your personal data will be erased.
9 Incorporation of third-party services and content
9.1 Use of Content
On our website we use content or services from third-party providers on the basis of our legitimate interests (i.e. our interest in the analysis, optimisation and economical operation of our website within the meaning of Article 6 (1) (f) of the GDPR) in order to incorporate the content and services of these third-party providers, such as videos or fonts (collectively referred to hereinafter as “Content”). This always means that the third-party providers of this Content must be able to see the IP address of the users as, without this IP address, they would not be able to send the Content to the users’ browsers. The IP address is therefore necessary for the presentation of this Content. We do our best to use only Content where the provider in question uses the IP address only to deliver Content. Furthermore, third-party providers may use what are known as pixel tags (invisible graphics, also called “web beacons”) for statistical or marketing purposes. “Pixel tags” allow the evaluation of information, such as visitor traffic on the pages of this website. Furthermore, the pseudonymous information in cookies can be stored on the users’ device and, among other things, contain technical information regarding the browser and the operating system, referring websites, the visit time as well as further information concerning the use of our website and can also be combined with such information from other sources.
The following list provides an overview of third-party providers and their content as well as links to other data privacy statements containing further information on the processing of data and possibilities for objection (known as opt-outs), some of which have already been mentioned here:
- External fonts from Google, Inc., https://www.google.com/fonts (“Google Fonts”). Google Fonts are incorporated by accessing a Google server (usually in the USA).
Data privacy statement: https://www.google.com/policies/privacy
- Maps from the “Google Maps” service of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Data privacy statement: https://www.google.com/policies/privacy
- Videos from the “YouTube” platform of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Data privacy statement: https://www.google.com/policies/privacy
10 Rights of users
Users may exercise their right to be provided with free information on request concerning the personal data we store. The following email address can be used for this purpose: firstname.lastname@example.org.
Users may likewise exercise their right to the correction of incorrect data, the restriction of its processing and the erasure of their personal data and to data portability where appropriate. The following email address can be used for this purpose: email@example.com. If any unlawful data processing is suspected, users have the right to lodge a complaint with the responsible supervisory authority.
10.3 Withdrawal of consent
Users may also exercise their right to withdraw the consent they have given, always with effect for the future. The following email address can be used for this purpose: firstname.lastname@example.org.
11 Deletion of data
The data we store is deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing deletion. If the user data is not deleted because it is required for other, lawful purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for instance, to user data that has to be retained for commercial or tax reasons.
11.2 Legal requirements
According to the legal requirements, the retention period is 10 years for trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, accounts, drawings, management reports, accounting vouchers, commercial and business letters and documents relevant for taxation etc. in accordance with Article 957 of the Swiss Code of Obligations (CO).
12 Right of objection
Users may object at any time to the future processing of their personal data, as provided for by law. The objection may particularly be made against processing for purposes of direct advertising.
13 Amendments to the data privacy statement
We reserve the right to amend the data privacy statement in order to adapt it to changes in the legal situation or in the case of changes to the services and the data processing. If any consent should be required from users or if parts of the data privacy statement should contain provisions regulating the contractual relationship with users, the changes will only be made with the users’ consent.
13.2 Informing oneself
Users are requested to regularly inform themselves about the contents of the data privacy statement.
In the case of inconsistencies between different translations, the German version shall prevail.
V 1.0 | 24.05.2018