This is not a comprehensive description; at best, other privacy policies (e.g. general terms and conditions of sale) deal with specific subject matters. Personal data are all details that relate to a specific or identifiable person.
The person who is responsible for the data processing we carry out here is Gifas-Electric, Markus Eigenmann, Head of Finance and Human Resources, Dietrichstrasse 2, CH-9424 Rheineck, Switzerland. If you have any concerns or requests relating to data protection, please notify us at the following contact address: Markus Eigenmann, Head of Finance and Human Resources, Dietrichstrasse 2, CH-9424 Rheineck; email: firstname.lastname@example.org, for all companies of Gifas-Electric Switzerland.
We process primarily the personal data we receive in the course of our business relationship with our client and other business partners from the latter and other persons involved, or which we collect during the operation of our websites, apps, and other applications from their users.
Insofar as it is permitted, we also gather certain data from publicly accessible sources (e.g. debt collection register, land registers, Commercial Register, press, internet) or receive such data from other companies within the Gifas Group, from authorities, and other third parties (such as, for example, debt-collection agencies).
Apart from your data you disclose to us directly, the categories of personal data we receive about you by third parties include, in particular, details from public registers, details we discover in connection with official and court procedures, details in connection with your occupational functions and activities (so that we can, for example, with your help conclude and process transactions with your employer), details about you in correspondence and discussions with third parties, credit checks (insofar as we are processing transactions with you personally), details about you given to us by people close to you (family, advisor, legal representative, etc.), so that we can enter into or execute contracts with you or with your involvement (e.g. references, your address for deliveries, authorisations, details on the compliance with legal requirements such as, for instance, for combating money laundering and export restrictions, details of our banks, insurance companies, sales partners, and other contractual partners for the use or performance of services by yourself (e.g. payments made, purchases made), details from media and internet about your person (insofar as this is appropriate in the specific case, e.g. during the course of an application, press review, marketing/sales, etc.), your addresses and, where appropriate, further socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, details about your device and settings, cookies, date and time of the visit, clicked pages and contents, functions used, referring website, and location details.
We use the personal data collected by us primarily to conclude and implement our contracts with our clients and business partners, thus, in particular, in the course of sales activities with our clients and the purchase of products and services from our suppliers and subcontractors, as well as to meet our legal obligations in Switzerland and abroad. If you work for such a client or business partner, you and your personal data may obviously also be affected in this capacity. Furthermore, we process personal data from you and other persons, to the extent permitted and deemed appropriate by us, also for the following purposes in which we (and from time to time third parties) have a legitimate interest corresponding to the purpose:
Where you have granted us consent to process your personal data for specific purposes (e.g. when you sign up to receive newsletters or when you subscribe to receive newsletters or submit to a background check), we process your personal data within the scope of and based on this consent, insofar as we have no other legal basis and where we require such a basis. Consent may be revoked at any time, but this has no effect on data processing that has already taken place.
We commonly use "cookies" and similar technologies on our websites which enable your browser or device to be identified. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser used when you visit our website. If you visit this website again, we can recognise you through this, even if we do not know who you are. Apart from cookies, which are only used during one session and deleted again after your visit to the website (“Session Cookies”), cookies may also be used to store user settings and other information for a specific time (e.g. two years) (“Permanent Cookies”).
You may, however, set your browser to reject cookies, only store them for one session, or otherwise delete them earlier. Most browsers are preset to accept cookies. We use Permanent Cookies to save user settings (e.g. language, auto login), so that we can better understand how you use our offerings and content, to enable us to display offers and advertisements tailored to you (which may also happen on websites of other companies; however, they will not obtain information from us about who you are, assuming we know this in the first place, because they only see that the same user is on their website who was also on a particular webpage with us). We place certain cookies, and certain cookies are also placed by contractual partners with whom we collaborate. If you block cookies, certain functionalities (such as language selection, shopping cart, and order processes) may no longer work.
We also include visible and invisible elements of images in our newsletters and other marketing emails, in part and to the extent permitted, which enable us, by retrieving them from our servers, to determine whether and when you have opened the email. This enables us to measure and better understand how you use our services and tailor them to you. You can block this in your email programme; most are set to do this by default. By using our websites and consenting to receive newsletters and other marketing emails, you consent to the use of these technologies. If you do not wish for this to happen, you must set your browser or your email programmes accordingly, unless this can be adjusted via the settings.
From time to time, we use Google Analytics or similar services on our websites. This is a service provided by third parties, who may be located in any country of the world (in the case of Google Analytics it is Google Ireland (registered in Ireland), Google Ireland uses Google LLC (based in the USA) as processor (both “Google”), www.google.com), with which we can measure and evaluate the use of the website (not personalised). For this purpose, Permanent Cookies are also used, placed by the service provider. We have configured the service in such a way that the IP addresses of the visitors of Google in Europe are truncated before they are transmitted to the USA and can therefore not be traced. We have turned off the settings “Data transmission” and “Signals”.
Although we can assume that the information we share with Google is not personal data from Google’s perspective, it is possible that Google may draw conclusions about the identity of visitors from this data for its own purposes, create personal profiles, and link this data to the Google accounts of these individuals. Provided that you have registered with the service provider, the service provider will also know you. The processing of your personal data by the service provider then takes place at the responsibility of the service provider in accordance with its data protection regulations. The service provider only tells us how our respective website is being used (no information about you personally).
We also rely on our websites on so-called plug-ins of social networks such as Facebook, Twitter, YouTube, Pinterest, or Instagram. This is apparent for you in each case (usually by way of corresponding symbols). We have configured these elements in such a way that they are deactivated by default. If you activate them (by clicking them), the operators of the respective social networks can register that you are visiting our website, and they can use this information for their purposes. The processing of your personal data then takes place at the responsibility of this operator in accordance with its data protection regulations. We do not receive any information about you from the operator.
In the course of our business activities and for the purposes set out in section 3, we also disclose information to third parties insofar as this is permitted and appears to us to be appropriate, either because they process the data for us or because they want to use such data for their own purposes. This relates, in particular, to the following:
These recipients are partly in Switzerland but can be anywhere in the world. You should in particular expect your data to be transferred to all countries in which the Gifas Group is represented by group companies, branches, or other offices (currently Switzerland and Sweden) as well as to other countries in Europe and the USA where the service providers we use are located (as, for example, Microsoft, Comarch, Google).
If a recipient is located in a country without appropriate legal data protection, we contractually obligate the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be retrieved here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply, in particular, to legal proceedings abroad, but also in cases of prevailing public interests or if the implementation of a contract requires such disclosure, if you have given your consent or if the data in question has generally been made accessible by you and you have not objected to the processing of such data.
We process and store your personal data, as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, which means, for example, for the duration of the entire business relationship (from the initiation, processing, to the termination of a contract) as well as beyond that in accordance with the legal retention and documentation obligations. In this context, personal data may be retained for the period in which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or made anonymous as a matter of principle and as far as possible. For operational data (e.g. system protocols, logs), shorter retention periods of twelve months or less normally apply.
We take appropriate technical and organisational safety precautions to protect your personal data from unauthorised access and improper use, such as issuing instructions, IT and network security solutions, access controls and access restrictions, encryption of data carriers and transmissions, pseudonymisation, and controls.
As part of our business relationship, you must provide the personal data that is required for the establishment and implementation of a business relationship and the fulfilment of the associated contractual obligations (you generally do not have a legal obligation to provide data to us). Without this data we usually will not be able to enter into a contract with you (or with the body or person you represent) or to implement it. Also, the website cannot be used if certain information to secure the data communication (such as IP address) is not disclosed.
As a matter of principle, we do not use fully automated decision-making for the establishment and implementation of the business relationship or otherwise (such as regulated in Art. 22 GDPR). If we use such procedures in individual cases, we will inform you of this specifically, insofar as this is required by law, and we will explain to you the rights associated with this.
Within the scope of the data protection law applicable to you and where provided for in that law (such as in the case of the GDPR), you have the right of access, right to rectification, right to erasure, the right to restriction of data processing, and otherwise the right to object to our data processing, in particular processing for purposes of direct marketing, profiling for the purpose of direct advertisement, and other legitimate interests in the processing as well as to the release of certain personal data for the purpose of transmission to another body (so-called data portability).
Please note, however, that we reserve the right to assert the restrictions that are provided by law, for example, if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this), or if we require this data for the assertion of claims. We will inform you in advance if there are any costs to be borne by you. We have already informed you in Section 3 about the option to withdraw your consent. Please note that the exercise of these rights may conflict with contractual arrangements and may have consequences such as early termination of the contract or cost implications. We will inform you beforehand of such a circumstance where this is not already contractually regulated.
The exercise of such rights usually requires that you positively prove your identity (e.g. by means of a copy of your identity card, where otherwise your identity is unclear or cannot be verified). To assert your rights, you can contact us at the address provided in Section 1.
Furthermore, every data subject has the right to enforce his or her claims in court or file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).