Data Protection

Data Protection 2018-06-07T15:20:49+00:00

ALFA Klebstoffe AG
Vor Eiche 10
CH-8197 Rafz

T +41 43 433 30 30
F +41 43 433 30 33
privacy@alfa.swiss

Privacy policy

General information

This privacy policy applies to ALFA Klebstoffe AG.

1 General information on data processing and legal bases

1.1 Scope of application

The purpose of this privacy policy is to provide you with information about the nature, scope and purpose of processing of personal data in our company and the websites and content offered. The privacy policy applies irrespective of the domains, systems, platforms and devices used to display the websites.

1.2 Definitions of terms

For definitions of terms such as “personal data” or “processing”, please refer to the definitions set out in Article 4 GDPR (General Data Protection Regulation).

1.3 Data categories

The personal data processed by ALFA Klebstoffe AG includes user data (e.g. names and addresses), contact data (e.g. email and telephone numbers), content data (e.g. text input), contract data (e.g. payment information and customer categories), usage data (e.g. access time and visited websites), meta/ communication data (i.e. IP addresses) and applicant data (e.g. contact details and application documents).

1.4 Definition

The term “user” covers all categories of data subjects. These include our business partners, customers, prospective customers and other users of our websites. The terms used in this privacy policy, e.g. “user”, are not gender-specific.

1.5 Processing

We process personal data in strict compliance with applicable data protection laws and regulations. This means that we will only process user data with the user’s consent, or if required to so by law, i.e. where the processing is necessary to provide our contractual services (e.g. order processing) or required by law, the data subject has given consent to the processing, or the processing is necessary to pursue our legitimate interests (i.e. analysis, optimisation and economic operation and security of our websites in the meaning of Article 6 (1) (f) GDPR, in particular when collecting access data and using the services of third-party providers).

1.6 Legal notice

Please note that the legal basis for consent is Article 6 (1) (a) and Article 7 GDPR, the legal basis for the performance of contract and the implementation of pre-contractual measures is Article 6 (1) (b) GDPR, the legal basis for processing necessary for compliance with a legal obligations Article 6 (1) (c) GDPR, and the legal basis for processing necessary to pursue our legitimate interests is Article 6 (1) (f) GDPR.

2 Protection measures

2.1 Measures

We take organisational, contractual and technical protection measures based on the latest technology standards to ensure compliance with data protection laws and regulations to protect the personal data we process against accidental or deliberate manipulation, loss, destruction or access by unauthorised persons.

2.2 Encryption

The security measures include, in particular, the encrypted transmission of data between your browser and our servers.

3 Transfers of data to third parties

3.1 Requirements

We will only pass data on to third parties if we are required to do so by law. We will only pass user data on to third parties if it is necessary for the performance of a contract in accordance with Article 6 (1) (b) GDPR or for the purposes of the legitimate interests of efficient and effective business operations in accordance with Article 6 (1) (f) GDPR.

3.2 Subcontractors

Where we use subcontractors to provide our services, we will take appropriate legal, technical and organisational measures to protect personal data in accordance with applicable laws and regulations.

3.3 Third countries

Where content, tools or other resources are used by other providers (hereinafter collectively referred to as “third party providers”) in accordance with this privacy policy and their registered office is located in a third country, it can be assumed that data will be transferred to the countries of domicile of third party providers. Third countries are defined as countries in which the GDPR is not directly applicable, i.e. in principle, countries outside the EU or the European Economic Area. Data will only be transferred to third countries if they offer adequate level of data protection, the user has given consent or where this is otherwise required by law.

4 Provision of contractual services

4.1 Processing

We process user data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of meeting our contractual obligations and the provision of services in accordance with Article 6 (1) (b) GDPR.

5 Communication

5.1 Processing

When users contact us (by email, post, in person or by telephone) we collect user information to process the contact request in accordance with Article 6 (1) (b) GDPR.

5.2 Storage

User information can be stored in our customer relationship management system (“CRM system”).

5.3 CRM system

We run the software and store data on our own servers in Switzerland. We protect these servers.

6 Collection of access data and log files

6.1 Collection

On the basis of our legitimate interests in the meaning of Article 6 (1) (f) GDPR, our website operator (Hostpoint AG, Switzerland) collects data about each access to its servers on which our web service is located (so-called server log files). The access data include the name of the accessed website, file, date and time of access, amount of data transferred, notification on successful access, browser type plus version, the operating system of the user, referrer URL (previously visited page), IP address and the requesting provider.

6.2 Storage

Log file information is stored for security reasons (e.g. to investigate abusive or fraudulent activities) for a maximum of 1 month and then erased (by log rotation). Data which needs to be stored to provide evidence are exempt from erasure until the relevant incident has been resolved.

6.3 Notice

ALFA Klebstoffe AG is not in the position to identify users based on the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the operating system of the user, referrer URL (previously visited website), IP address and the accessing provider. This reflects the type and core competences of the company. Articles 15-20 GDPR, therefore, do not apply to website-related data collection carried out by Hostpoint AG, Switzerland except where the data subject, for the purpose of exercising his or her rights under Articles 15-20 GDPR, provides additional information enabling his or her identification.

7 Cookies

7.1 Definition

Cookies are information packets sent by our or third-party web servers to user web browsers, where they are stored for later retrieval. Cookies can be small files or other types of stored information.

7.2 Use

Our websites are configured not to place cookies on the computers of regular users (except for administrators). At present, the only cookie we place is to store users’ acceptance with our cookie policy. This acceptance cookie will be valid for 2 (“two”) days.

7.3 Prevention

You can prevent cookies from being stored on your computer by deactivating the relevant option in your browser settings. You can also delete previously stored cookies in the system settings of your browser. Please note that if you block cookies, this may limit the functionality of our website.

8 Newsletter

8.1 General

The purpose of this information is to provide you with details about the content of our newsletter, the subscription, distribution and statistical analysis procedures as well as your right to object. By subscribing to our newsletter, you consent to receiving the newsletter and the procedures described.

8.2 Content

We send newsletters, emails and other electronic communications containing promotional information (hereinafter referred to as the “newsletter”) only with the consent of the recipient or where we are permitted to do so by law. If subscription to the newsletter involves a concrete description of its content, then this description shall form the basis on which the user agrees to receive the newsletter. Our newsletters contain information about our products, offers, promotions, trade shows and our company.

8.3 Double opt-in

The subscription to our newsletter takes place in a so-called double opt-in procedure. This means that upon subscription, you will receive an email requesting confirmation of the subscription. This confirmation is necessary to prevent anyone using third-party addresses to subscribe to the newsletter. In addition, the newsletter subscriptions are logged to provide documentary evidence of compliance with legal requirements. In particular, the time and date of the subscription and confirmation are stored. These data are logged by our mailing provider.

8.4 Mailing provider

The newsletter will be emailed by Mailingwork GmbH, Birkenweg 7, 09569 Oederan, Germany, hereinafter referred to as the “mailing provider”. For information about the privacy policy of the mailing provider, please refer to: https://mailingwork.de/datenschutz

8.5 Use of data

The mailing provider may use this data in pseudonymised form, i.e. without attributing it to a specific user, to optimise or improve their own services, e.g. for technical optimisation of the mailing process and the presentation of the newsletter or for statistical purposes, to determine the countries of origin of the recipients. However, the mailing provider does not use the data of our newsletter recipients to contact them or to pass their details on to third parties.

8.6 Subscription data

To sign up for the newsletter, it is sufficient to provide your email address and the topics you are interested in. All other information is voluntary and helps us to tailor the newsletter to your individual interests.

8.7 Statistical collection and analysis

The legal basis for the use of the mailing provider, the implementation of statistical surveys and analyses as well as the logging of the subscription process is Article 6 (1) (f) GDPR. Our objective is to use a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of our users.

8.8 Cancellation / withdrawal

You can cancel your subscription, i.e. withdraw your consent, to our newsletter at any time. At the same time, this will also have the effect of withdrawing your consent to mailing the newsletter by the mailing provider and the statistical analyses. It is not possible to withdraw your consent separately to mailing by the mailing provider or the statistical analysis. A subscription cancellation link is provided at the end of each newsletter. If you have only subscribed to the newsletter and you have cancelled your subscription, your personal data will be erased.

9 Incorporation of third-party services and content

9.1 Use of Content

On our website we use content or services from third-party providers on the basis of our legitimate interests (i.e. our interest in the analysis, optimisation and economical operation of our website within the meaning of Article 6 (1) (f) of the GDPR) in order to incorporate the content and services of these third-party providers, such as videos or fonts (collectively referred to hereinafter as “Content”). This always means that the third-party providers of this Content must be able to see the IP address of the users as, without this IP address, they would not be able to send the Content to the users’ browsers. The IP address is therefore necessary for the presentation of this Content. We do our best to use only Content where the provider in question uses the IP address only to deliver Content. Furthermore, third-party providers may use what are known as pixel tags (invisible graphics, also called “web beacons”) for statistical or marketing purposes. “Pixel tags” allow the evaluation of information, such as visitor traffic on the pages of this website. Furthermore, the pseudonymous information in cookies can be stored on the users’ device and, among other things, contain technical information regarding the browser and the operating system, referring websites, the visit time as well as further information concerning the use of our website and can also be combined with such information from other sources.

9.2 List

The following list provides an overview of third-party providers and their content as well as links to other data privacy statements containing further information on the processing of data and possibilities for objection (known as opt-outs), some of which have already been mentioned here:

10 Rights of users

10.1 Information

Users may exercise their right to be provided with free information on request concerning the personal data we store. The following email address can be used for this purpose: privacy@alfa.swiss.

10.2 Correction

Users may likewise exercise their right to the correction of incorrect data, the restriction of its processing and the erasure of their personal data and to data portability where appropriate. The following email address can be used for this purpose: privacy@alfa.swiss. If any unlawful data processing is suspected, users have the right to lodge a complaint with the responsible supervisory authority.

10.3 Withdrawal of consent

Users may also exercise their right to withdraw the consent they have given, always with effect for the future. The following email address can be used for this purpose: privacy@alfa.swiss.

11 Deletion of data

11.1 General

The data we store is deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing deletion. If the user data is not deleted because it is required for other, lawful purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for instance, to user data that has to be retained for commercial or tax reasons.

11.2 Legal requirements

According to the legal requirements, the retention period is 10 years for trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, accounts, drawings, management reports, accounting vouchers, commercial and business letters and documents relevant for taxation etc. in accordance with Article 957 of the Swiss Code of Obligations (CO).

12 Right of objection

12.1 General

Users may object at any time to the future processing of their personal data, as provided for by law. The objection may particularly be made against processing for purposes of direct advertising.

13 Amendments to the data privacy statement

13.1 General

We reserve the right to amend the data privacy statement in order to adapt it to changes in the legal situation or in the case of changes to the services and the data processing. If any consent should be required from users or if parts of the data privacy statement should contain provisions regulating the contractual relationship with users, the changes will only be made with the users’ consent.

13.2 Informing oneself

Users are requested to regularly inform themselves about the contents of the data privacy statement.

In the case of inconsistencies between different translations, the German version shall prevail.

V 1.0  |  24.05.2018