We are subject to Swiss data protection law and any applicable foreign data protection law, especially that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
Responsibility for the processing of personal data:
We indicate if there are other responsible parties for the processing of personal data in individual cases.
Personal data are all details that refer to a specific or identifiable natural person. An affected person is someone whose personal data we process.
Processing encompasses every handling of personal data, regardless of the methods and means used, such as querying, matching, adapting, archiving, storing, reading, disclosing, acquiring, capturing, collecting, deleting, revealing, sorting, organizing, storing, changing, distributing, linking, destroying, and using personal data.
The European Economic Area (EEA) comprises the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personally identifiable information.
We process personal data in accordance with Swiss data protection law, in particular, the Federal Data Protection Act (Datenschutzgesetz, DSG) and the Data Protection Ordinance (Datenschutzverordnung, DSV).
We process – provided and as far as the General Data Protection Regulation (GDPR) is applicable – personal data according to at least one of the following legal bases:
We process those personal data that are necessary to carry out our activities and operations continuously, user-friendly, safely, and reliably. Such personal data can especially fall into the categories of inventory and contact data, browser and device data, content data, meta or ancillary data and usage data, location data, sales data, as well as contract and payment data.
We process personal data for the duration required for the respective purpose or purposes or as required by law. Personal data that is no longer required to be processed will be anonymized or deleted.
We may have personal data processed by third parties. We can process personal data together with third parties or transfer it to third parties. Such third parties are especially specialized providers whose services we use. We also ensure data protection with such third parties.
We generally process personal data only with the consent of the affected persons. If and insofar as processing is permitted for other legal reasons, we may refrain from obtaining consent. For example, we can process personal data without consent to fulfill a contract, to comply with legal obligations, or to safeguard overriding interests.
In this context, we process in particular information that an affected person voluntarily transmits to us when making contact – for example, by regular mail, email, instant messaging, contact form, social media, or telephone – or when registering for a user account. We may, for example, store such details in an address book, in a Customer-Relationship-Management system (CRM system), or with similar tools. If we receive data about other people, the transmitting persons are obliged to ensure data protection towards these people and to ensure the accuracy of these personal data.
We also process personal data that we obtain from third parties, procure from publicly accessible sources, or collect during our activities and operations, provided and insofar as such processing is legally permissible.
We process personal data of applicants to the extent necessary to assess their suitability for an employment relationship or for the subsequent execution of an employment contract. The necessary personal data primarily results from the requested information, for instance, as part of a job advertisement. Furthermore, we process those personal data that applicants voluntarily communicate or publish, especially as part of cover letters, resumes, and other application documents, as well as online profiles.
If and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data of applicants especially according to Art. 9 Para. 2 lit. b GDPR.
We may allow applicants to store their details in our Talent Pool so that we can consider them for future vacancies. We may also use such details to maintain contact and inform about news. If we believe an applicant might be suitable for an open position based on their details, we may inform the applicant accordingly.
We use third-party services to advertise positions through E-Recruitment and to facilitate and manage applications.
We process personal data primarily in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, especially to process or have it processed there.
We can export personal data to all countries and territories on Earth and elsewhere in the universe, provided the local law ensures adequate data protection according to a decision of the Swiss Federal Council and – if and as long as the General Data Protection Regulation (GDPR) is applicable – according to a decision of the European Commission.
We can transfer personal data to countries whose law does not ensure adequate data protection, provided other reasons guarantee data protection, especially based on standard data protection clauses or other appropriate guarantees. Exceptionally, we can export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, for example, the explicit consent of the affected persons or a direct connection with the conclusion or execution of a contract. Upon request, we will gladly inform affected persons about possible guarantees or provide a copy of any guarantees.
We grant affected individuals all rights in accordance with applicable data protection law. Affected individuals especially have the following rights:
We can postpone, restrict, or deny the exercise of the rights of affected individuals within the legally permissible framework. We can point out to affected individuals any prerequisites for asserting their data protection rights. For example, we can partially or wholly deny information, citing trade secrets or the protection of other individuals. Similarly, we can partially or wholly deny the deletion of personal data, citing statutory retention obligations.
We can exceptionally charge for the exercise of rights. We will inform affected individuals in advance about any costs.
We are obligated to identify affected individuals who request information or assert other rights using appropriate measures. Affected individuals are required to cooperate.
Affected individuals have the right to legally enforce their data protection rights or file a complaint with a responsible data protection supervisory authority.
The supervisory authority for private entities and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Affected individuals – if and insofar as the General Data Protection Regulation (GDPR) applies – have the right to file a complaint with a responsible European data protection supervisory authority.
We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security.
Access to our website is via transport encryption (SSL / TLS, especially with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.
Our digital communication is – as is fundamentally the case with all digital communication – subject to mass surveillance without reason or suspicion and other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the respective processing of personal data by intelligence agencies, police stations, and other security authorities.
Cookies can be stored temporarily as "session cookies" in the browser or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specified storage duration. Cookies especially allow a browser to be recognized when visiting our website again, thereby, for example, measuring the reach of our website. Permanent cookies can also be used for online marketing.
For cookies used for success and reach measurement or advertising, a general objection (opt-out) is possible for numerous services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
We can record the following details for each access to our website, provided they are transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of our website accessed including the amount of data transferred, and the last website accessed in the same browser window (referrer).
We store such details, which may also be personal data, in server log files. This information is necessary to permanently, user-friendly, and reliably provide our website and to ensure data security, especially the protection of personal data – even by third parties or with the help of third parties.
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are small, typically invisible images that are automatically retrieved when visiting our website. Tracking pixels can capture the same information as server log files.
We are present on social media platforms and other online platforms to communicate with interested parties and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
For our social media presence on Facebook, including the so-called page insights, we are – if and to the extent the General Data Protection Regulation (GDPR) applies – jointly responsible with Meta Platforms Ireland Limited (Ireland). The Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). The page insights provide information on how visitors interact with our Facebook presence. We use page insights to effectively and user-friendly offer our social media presence on Facebook.
We use services from specialized third parties to permanently, user-friendly, securely, and reliably carry out our activities and operations. With such services, we can embed functions and content into our website. When embedding, the services used technically necessarily capture at least temporarily the Internet Protocol (IP) addresses of users.
For necessary security-relevant, statistical, and technical purposes, third parties whose services we use can process data related to our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data to be able to offer the respective service.
We use in particular:
We use services from specialized third parties to be able to make use of the necessary digital infrastructure in connection with our activities and tasks. This includes, for example, hosting and storage services from selected providers.
We recommend that, depending on the situation, you mute your microphone by default when participating in audio or video conferences, blur the background, or use a virtual background.
We especially use:
We use services from third parties to embed maps into our website.
We especially use:
We use services from specialized third parties to allow the direct playback of digital audio and video content, such as music or podcasts.
We especially use:
We aim to determine how our online services are used. In this context, we can, for example, measure the success and reach of our activities and operations as well as the impact of third-party links on our website. We can also test and compare how different parts or versions of our online service are used (the "A/B test" method). Based on the results of the success and reach measurement, we can particularly fix errors, strengthen popular content, or make improvements to our online service.
For the success and reach measurement, in most cases, the Internet Protocol (IP) addresses of individual users are stored. In this case, IP addresses are generally shortened ("IP-masking") to follow the principle of data minimization through appropriate pseudonymization.
In the success and reach measurement, cookies may be used, and user profiles created. Any user profiles created might, for instance, include the individual pages visited or content viewed on our website, information about the size of the screen or browser window, and the - at least approximate - location. Generally, any user profiles are exclusively pseudonymized and not used to identify individual users. Some third-party services where users are registered can possibly assign the use of our online service to the user account or user profile of the respective service.
We particularly use:
We can adjust and supplement this privacy statement at any time. We will inform about such adjustments and supplements in an appropriate manner, especially by publishing the respective current privacy statement on our website.