Thank you for visiting our website. The following outlines the personal data we collect, how we use it and for what purpose.
Information on Data Protection for Website Visitors
Information on Data Protection for Customers, Suppliers, and Partners
Information on Data Protection for Applicants and Employees
Data Protection for Website Visitors
1. Owner and Privacy Officer
1.1 Owner
Owner and Privacy Officer is the company:
FROX AG
Seestrasse 88
CH-8712 Stäfa
E-mail: datenschutz@frox.ch
Phone: +41 55 254 12 54
1.2 Data Protection Officer
Our Data Protection Officer can be contacted at the above address.
1.3 EU representative
Should we require an EU representative, the following company has been commissioned:
Bucher & Suter AG
Stubenwald-Allee 19
D-64624 Bensheim
E-mail: info@bucher-suter.de
Phone: +49 6251 8622 500
2. Purposes of Data Processing and Legal Basis
2.1 When visiting our website
When you visit our website www.frox.ch the browser you use automatically sends information to the server of our website. This information is temporarily stored in a so-called logfile. The following information is collected and stored until deleted automatically:
- IP address
- Browser
- Operating system and its interface
- Browser software language and version
- Date and time of the query
- Time zone difference to Greenwich Mean Time (GMT)
- Country
- Content of the request (specific page)
- Access status / HTTP status code
- Transferred amount of data
- Website from where the request originates
We process the above data to establish a smooth connection and make our website user-friendly, maintain network and information security, evaluate system security and stability and for administrative purposes. Furthermore, user data is evaluated anonymously. This enables us to adapt our contents and products and services to suit user needs.
You are not legally or contractually obliged to provide us with personal data. However, we do use the data you provide for the purpose of using our website.
The legal basis for data processing is the protection of our legitimate interest. Our legitimate interest follows from the data collection purposes listed above. We do not use the collected data for the purpose of drawing conclusions about you. In addition, we use cookies and tracking tools on our website. Further information can be found under Section 4 of this Privacy Statement.
2.2 Signing up for our newsletter
If you have consented to receive our newsletters, invitations to events and other relevant information, we use your name and e-mail address to send you information electronically.
We send newsletters and other e-mails (information on technologies, projects, events, etc.) using our customer management system. The service provider of our customer management system has access to collected data from abroad. Our service provider needs this access to provide their service. Further information on the international transfer of personal data can be found under Section 3.2. The customer management system records data such as “opening rate”, “click rate”, “delivered”, (“successful delivery”, “bounces”, “unsubscribe”, “spam reports”), “HTML Clickmap”, “most frequently clicked links”, “contacts with the most interactions”, “time spent viewing the e-mail” (“read”, “skimmed”, “viewed briefly”), “interaction over the course of time”, and “opened according to e-mail client”.
You can withdraw your consent at any time in the future and unsubscribe our newsletters and e-mails by either using the link at the end of each newsletter or e-mail or alternatively the e-mail address of the Data Protection/Privacy Officer mentioned above (Section 1). This means that we will no longer process data based on this consent and it will be deleted provided no other legal basis exists (e.g., a contract concluded between us) or statutory retention obligations exist.
2.3 When using our contact form
For questions of any kind, we offer you the option to contact us via a form provided on our website. You will need to provide us with details such as your first name, last name, and a valid e-mail address (mandatory fields marked with an asterisk) so that we know who sent the request (and from where) and to enable us to respond accordingly. Further details such as company and phone number can be provided voluntarily.
Data processing for the purpose of contacting us is based on your consent.
The personal data we collect for the contact form is stored in our customer management system and passed on to the responsible department to ensure that your request is dealt with quickly and professionally. After your request for the purpose of which you contacted us has been dealt with, the information you provide will be deleted unless there is a new legal basis for processing your data.
3. Disclosure of Personal Data
3.1 Disclosure of personal data within the EU/EEA
We only share your personal data with third parties if:
- you have given your consent;
- disclosure is required for the assertion, exercise or defence of legal claims or protection of our legitimate interests and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your information;
- disclosure is a legal obligation; and
- it is legally permissible and required for the fulfilment of our contractual obligations with you including the data processing aspects mentioned in this privacy statement.
For processing your data, we use the professional support of external service providers. This applies especially to the operation of our website, dealing with your contact requests, in particular through the customer management system, sending our newsletters and other e-mails as well as providing maintenance and support services. Our service providers have been carefully selected and commissioned by us and are bound by our instructions.
3.2 International transfer of personal data
Our contractual partners, with whose help we operate our website and process associated personal data, may be based in Switzerland or other countries (also countries outside Europe, e.g., USA).
We allow your data to be processed abroad when suitable guarantees are in place for their adequate protection, e.g., through the conclusion of so-called standard contractual clauses. Further information, in particular regarding the guarantees available in case of international transfer as well as copies, can be obtained from the Data Protection/Privacy Officer (Section 1).
4. Cookies and Tracking Tools
The tracking measures we use allow us to ensure a needs-based design as well as the continuous optimization of our website. We also use tracking measures to statistically record the use of our website and evaluate the resulting data for the purpose of optimizing our products and services. The mentioned tracking measures are legitimate interests and are therefore the required legal basis for data processing. You can adjust your browser settings to disable tracking by choosing the “Do not track” function on your browser. In our Cookie Policy, we inform you about how and for what purposes we use cookie technologies and what choices you have.
5. Social Media Plugins
It is in our legitimate interest to use Social Media plugins on our website for advertising purposes. The responsibility for data protection compliant operation must be ensured by the individual provider. The integration of these plugins by us takes place by the so-called two-click method to offer visitors to our website the best possible protection. The plugins are initially activated by clicking on the corresponding buttons. If these are greyed, the plugins are inactive. You have the option of activating the plugins once or permanently.
The plugins establish a direct connection between your browser and the servers of the respective social networks (LinkedIn, Twitter, Facebook, XING, YouTube, etc.). This initially takes place after activating the plugin. We have no influence on the nature and amount of data the plugin sends to the server of the social network.
The plugin informs the respective network that you have visited our website as a user. It is possible that your IP address is stored. Once you are logged in to your respective network account (LinkedIn, Twitter, Facebook, XING, YouTube, etc.) when you visit our website, the mentioned information is linked with the same. If you do not wish the network provider to link the data via the activated plugin with your stored member data, you must log out from your network account before activating the plugin.
If you are not a member of the respective network, it is still possible that the platform is able to identify and store your IP address.
5.1 LinkedIn
Our website uses buttons of the service LinkedIn of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). You recognize LinkedIn plugins by the LinkedIn logo or “Recommend/Share” button. Information on all LinkedIn plugins can be found under: https://www.linkedin.com/developers/products. With the aid of the buttons, it is possible to share an article or a page from our website on LinkedIn or to follow us on LinkedIn. LinkedIn receives information on visits by users and interactions with services provided by third parties when users login via LinkedIn and use the LinkedIn Share button. Detailed information on how LinkedIn uses your data can be found in the privacy statement of LinkedIn under: https://www.linkedin.com/legal/privacy-policy.
5.2 Twitter
Our website uses buttons of the service Twitter of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). You recognize Twitter plugins by the Twitter logo or terms such as “Twitter” or “Follow”. Information on all Twitter plugins can be found under: https://developer.twitter.com/en/docs/twitter-for-websites. With the aid of the buttons, it is possible to share an article or a page from our website on Twitter or to follow us on Twitter. Twitter receives information on visits by users and interactions with services provided by third parties when users login via Twitter and use the Twitter Share button. Detailed information on how Twitter uses your data can be found in the privacy statement of Twitter under: https://twitter.com/privacy.
5.3 Facebook
Our website uses buttons of the service Facebook of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (“Facebook”). You recognize Facebook plugins by the Facebook logo, the term “Like”, “Thumbs up” symbol or the addition “Facebook Social Plugin”. Information on all Facebook plugins can be found under: https://developers.facebook.com/docs/plugins/. With the aid of the buttons, it is possible to share an article or a page from our website on Facebook or to follow us on Facebook. Facebook receives information on visits by users and interactions with services provided by third parties when users login via Facebook and use the Facebook Share button. Information on how social plugins function on Facebook can be found under: https://www.facebook.com/help/203587239679209.
Detailed information on how Facebook uses your data can be found in the privacy statement of Facebook under: https://www.facebook.com/about/privacy/.
5.4 XING
Our website uses buttons of the service XING of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany (“XING”). You recognize XING plugins by the XING logo or “Share” button. Information on all XING plugins can be found under: https://dev.xing.com/. With the aid of the buttons, it is possible to share an article or a page from our website on XING or to follow us on XING. XING receives information on visits by users and interactions with services provided by third parties when users login via XING and use the XING Share button. Detailed information on how XING uses your data can be found in the privacy statement of XING under: https://privacy.xing.com/de/datenschutzerklaerung.
5.5 YouTube
Our website uses buttons of the service YouTube of Google LLC, D/B/A YouTube, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”). You recognize YouTube plugins by the YouTube logo. Information on all YouTube plugins can be found under: https://developers.google.com/youtube. With the aid of the buttons, it is possible to follow us on YouTube. YouTube receives information on visits by users and interactions with services provided by third parties when users login via YouTube. Detailed information on how YouTube uses your data can be found in the privacy statement of the YouTube operator Google under: https://policies.google.com/privacy.
6. Rights of the Data Subject
In accordance with data protection law concerning your personal data and its processing, you have the following rights as a data subject:
- To request information about the personal data we have processed.
- To request that inaccurate or incomplete personal data we have stored is corrected or completed without delay.
- To request the deletion of the personal data we have stored, provided the processing of this data is not essential in exercising the right to freedom of expression and information, in fulfilling a legal obligation, for reasons of public interest, or for the assertion, exercise or defence of legal claims.
- To request that a restriction be placed on the processing of the personal data provided: a) you contest the accuracy of the data; b) processing is unlawful, yet you refuse deletion of the data; c) we no longer require the data, yet you require the data for the assertion, exercise or defence of legal claims; or d) you have filed an objection against the processing of the data.
- To withdraw the consent given to us by you at any time, which means that we may no longer carry out any data processing activities in the future based on this consent.
- To file an objection against the processing of your personal data provided it is processed based on legitimate interests and if there are grounds that arise from your particular situation or the objection is against direct advertising, whereby in the latter case you have a general right to object, which we shall respect without the assertion that a particular situation exists.
- To receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request that it is transferred to another party provided the conditions for this are met.
- To file a complaint with the responsible supervisory authority.
If you have any questions regarding the existence or exercise of these rights, you can contact the Data Protection/Privacy Officer mentioned under Section 1 at any time.
7. Data Security
During your website visit, we use the SSL (Secure Socket Layer) method together with the highest encryption level supported by your browser. Generally this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can ascertain whether a specific page on our website is transmitted in encrypted form by the closed image of the key or lock symbol in the bottom status bar of your browser. We also use suitable technical (e.g., IT system security and building protection) and organizational (e.g., internal guidelines, training, directives) security measures to protect your data from accidental or malicious manipulation, partial or complete loss, and destruction and to prevent unauthorized access by third parties. Our security measures are improved on an ongoing basis as technological development advances.
8. Topicality and Amendment of our Privacy Statement
This Privacy Statement is currently valid and was issued in February 2021. It may be necessary to amend this Privacy Statement due to the development of our website and products and services or based on amended statutory or official requirements. We therefore recommend that this Privacy Statement is reviewed at regular intervals.
Data Protection for Customers, Suppliers, and Partners
FROX AG is part of the Noser Group. You are receiving this information because you are a (potential) customer, supplier or partner of FROX AG or the Noser Group or you work for a (potential) customer, supplier or partner of FROX AG or the Noser Group. In this capacity and as part of our business relationship, you provide us with various personal data. FROX AG and the Noser Group attach great importance to the transparent handling of your data and respectful collaboration. We would therefore like to inform you how we manage your personal data. At the same time, we fulfil with this information our legal obligations insofar as they affect us.
Where the terms “we” or “us” are used in this information, this refers to FROX AG.
If you require information on using our website or relating to our newsletters and other e-mails, please contact the Data Protection/Privacy Officer mentioned under Section 1.
1. Owner and Privacy Officer
1.1 Owner
The following company is responsible for your data:
FROX AG
Seestrasse 88
CH-8712 Stäfa
E-mail: datenschutz@frox.ch
Phone: +41 55 254 12 54
1.2 Data Protection Officer
Our Data Protection Officer can be contacted at the above address.
1.3 EU representative
Should we require an EU representative, the following company has been commissioned:
Bucher & Suter AG
Stubenwald-Allee 19
D-64624 Bensheim
E-mail: info@bucher-suter.de
Phone: +49 6251 8622 500
2. What Categories of Personal Data Are Processed by Us?
2.1 Processing of personal data
We mainly process the following personal data:
- Master data (e.g., name, if necessary date of birth), contact data (e.g., phone number, e-mail address, place of work, business card), signatures you have provided, and submitted powers of attorney
- User accounts for using our systems
- Data required for granting access to our business premises
- Your position and employer and, if relevant for the business relationship, your professional activities, experience and qualifications, references as well as information on the services you have provided to us
- In certain cases (e.g., as part of cooperation with financial institutions), and only if lawful, we will also receive from you information relating to debt enforcement or criminal records (e.g., if the project in which you are involved requires such proof and we are the person responsible for this information)
- Information about you in correspondence, e-mails and meetings, your opinions, feedback, and statements submitted and gathered as part of business activities
- Data of consultants and partners of your and, if necessary, their employees
- In certain cases, also financial data such as bank account details for payment purposes or data from your insurance company for the purpose of claims management
- Information in the context of judicial and extrajudicial proceedings
- Data available to the public
2.2 From whom do we receive your data?
We receive your data from you directly or from the company that employs you. We also retrieve data from public registers or databases such as the commercial register or the Internet. Insofar as permitted, we also receive such data from other companies of the Noser Group, from authorities and other third parties.
2.3 Obligation to share your data
In most cases, you are not legally obliged to share your personal data with us. Nonetheless, it is possible that you will have to provide this data on the basis of a contract with you or with the company for which you work (e.g., this is the case if you are mentioned as a contact person in a contract or are required to provide certain data, such as a statement of debt collection, references, etc., based on a contractual agreement). Certain data must also be provided for the purpose of concluding a contract (e.g., name, address, bank details). In some cases, failure to provide the data may lead to a breach of contract.
3. Purposes of Data Processing and Legal Basis
3.1 Use of personal data
We use collected personal data to carry out our business activities, in particular for the purpose of:
- concluding and managing contracts, including correspondence, invoicing, contract management, project development and management as well as safeguarding and management of contractual claims;
- establishing and maintaining business relationships, including marketing (e.g., provision of information about our products and services, invitation to events), maintaining contacts, correspondence, customer management, and customer satisfaction surveys;
- managing authorizations and use of our IT systems and internal tools;
- settling claims and insurance cases;
- carrying out of restructurings, company acquisitions and sales;
- supporting our operations, managing our group, and ensuring sustainability, e.g., retention, accounting, consulting with specialists on business incidents, fulfilling obligations to inform administrative bodies and authorities, ensuring compliance, and secure access to buildings and systems.
3.2 Legal basis for processing your data
The legal basis for processing your data is primarily the implementation of contractual measures and fulfilment as well as the management of contracts concluded with you. In addition, we are legally obliged to collect and process certain data, e.g., for the purpose of bookkeeping and accounting. Furthermore, it may be necessary to process your data to protect our legitimate interests. This is the case, for example, if we:
- approach our existing customers, partners, and new customers as part of marketing campaigns;
- uphold and enforce our legal rights;
- ensure the security and availability of our IT systems and other infrastructures;
- carry out or optimize business processes (including management and administration of the company and the Noser Group) as well as company acquisitions and restructurings;
- share data with our service providers for the purpose of performing certain tasks for us.
Before we process data on the basis of our legitimate interests, we ensure that your privacy rights do not outweigh our legitimate interests. If you do not agree to the processing on this basis and certain conditions are met, you can file an objection. An objection against direct advertising can be filed at any time. Further information regarding your rights can be found under Section 6. We also process on rare occasions personal data you have provided to us voluntarily and without the existence of the aforementioned legal basis. With regard to such data, you may withdraw your consent at any time, which means that we may no longer use the data and it will be deleted. This does not affect already processed data.
4. Disclosure of Personal Data
The disclosure of data constitutes data processing. We therefore only pass on your personal data to third parties if there is a legal basis for doing so (as described in Section 3 our legal bases are usually a contract concluded with you, legal obligations, legitimate interests, or your consent). As far as permissible, personal data is shared with other companies of the Noser Group for the purpose of administration and management of the Group including service providers who take over certain functions on our behalf and support us in our activities. In addition, your data may also be shared with partners and customers, if required by the business relationship, the project or usual market practices. Your personal data will also be shared with the following service providers, companies, and authorities:
- Companies that provide services on our behalf on a contractual basis such as IT hosting and maintenance providers, including Cloud service providers (e.g., Salesforce, Microsoft, Atlassian, Cisco), marketing agencies, consultants, banks, insurance companies, postal shipping, etc., including data processors. Other subcontractors and business partners, whose services we may lawfully obtain or with whom we have joint business relations.
- Authorities, law enforcement bodies, courts, if required for the purposes listed above, if required by law or for the legal protection of our legitimate interests in compliance with applicable legislation.
- Counterparties in company acquisitions.
The third parties listed above, to whom we may possibly transfer personal data, may be based in Switzerland or in other countries, also in countries outside Europe, e.g., the USA. If we process personal data abroad or do so in the context of using third-party services or disclosing or transferring data to third parties, this will only take place if there are appropriate guarantees for adequate protection of the transferred data, e.g., by concluding the so-called standard contractual clauses, adequacy decisions, etc. You can request detailed information on this, and in particular, a copy of the specific guarantees in place at any time from the Data Protection/Privacy Officer mentioned under Section 1.
5. Duration of Storage of Your Data
Your data will be stored: (i) as long as required for the purpose of processing; and/or (ii) as long as data storage is based on a legal obligation, e.g., legal retention obligations for business records; and/or (iii) as long as storage is necessary for the assertion, exercise or defence of legal claims. Once we no longer require your personal data for any of the above purposes, it will be deleted or anonymized as far as practically possible.
6. Rights of the Data Subject
In accordance with data protection law concerning your personal data and its processing, you have the following rights as a data subject:
- To request information about the personal data we have processed.
- To request that inaccurate or incomplete personal data we have stored is corrected or completed without delay.
- To request the deletion of the personal data we have stored, provided the processing of this data is not essential in exercising the right to freedom of expression and information, in fulfilling a legal obligation, for reasons of public interest, or for the assertion, exercise or defence of legal claims.
- To request that a restriction be placed on the processing of the personal data provided: a) you contest the accuracy of the data; b) processing is unlawful, yet you refuse deletion of the data; c) we no longer require the data, yet you require the data for the assertion, exercise or defence of legal claims; or d) you have filed an objection against the processing of the data.
- To withdraw the consent given to us by you at any time, which means that we may no longer carry out any data processing activities in the future based on this consent.
- To file an objection against the processing of your personal data provided it is processed based on legitimate interests and if there are grounds that arise from your particular situation or the objection is against direct advertising, whereby in the latter case you have a general right to object, which we shall respect without the assertion that a particular situation exists.
- To receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request that it is transferred to another party provided the conditions for this are met.
- To file a complaint with the responsible supervisory authority.
If you have any questions regarding the existence or exercise of these rights, you can contact the Data Protection/Privacy Officer mentioned under Section 1 at any time.
7. Data Security
We also use suitable technical (e.g., IT system security and building protection) and organizational (e.g., internal guidelines, training, directives) security measures to protect your data from accidental or malicious manipulation, partial or complete loss, and destruction and to prevent unauthorized access by third parties. Our security measures are improved on an ongoing basis as technological development advances.
8. Topicality and Amendment of our Privacy Statement
This Privacy Statement is currently valid and was issued in February 2021. It may be necessary to amend this Privacy Statement due to the development of our website and products and services or based on amended statutory or official requirements. We therefore recommend that this Privacy Statement is reviewed at regular intervals.
Information on data protection for applicants and employees
Data protection is an important corporate goal for the Noser Group. In this information, Noser Group (as well as “we”, “us”) should be understood to mean the relevant Noser Group company with which you are applying for a position or with which you are currently employed. For a list of Noser Group companies, seehttps://noser-group.ch/firmen-der-noser-gruppe. With this notice we want to inform you – as an employee, learner, job applicant of the Noser Group or, where applicable, contractor who provides services to the Noser Group – about how we process your personal data. You can find more information on the subject of data protection in our privacy policy.
1. Controller
1.1 The person responsible for your personal data is the company that employs you or the company with which you are applying for employment or the company with which you have been employed under a contract (see the list of Noser companies above).
1.2 If you have any questions in connection with this notice, you can contact your responsible human resources department at any time. In the privacy policy you will find the details and contact details of the person responsible for data protection matters for your company (also the details of a data protection officer, if applicable).
2. Purpose of data processing and legal basis
2.1 Human Resources
In order to fulfill our employment contract with you or to carry out the application process, we process the following personal data to the extent permitted by local law:
- Personal master data and identification data such as name, date of birth, gender, signature, residence status and data contained in the identity documents
- Income tax data, social security card; we may collect information about religious affiliation, which we will only process for church tax purposes
- sick leave, disabilities
- Changes in personal circumstances affecting the employment relationship, e.g. B. Marriage, divorce or similar.
- Department, function, activity, phone number, picture if applicable
- Private email address, emergency contacts
- Birthday and anniversary dates
- attendance and absence times
- Marital status, information about family members, including minors, to the extent necessary for the award of applicable benefits, securities or relocation assistance
- Training, course and further education data and measures, skills and professional experience
- Information in connection with benefits in kind and work equipment of the company, such as
e.g. B. Business expenses (e.g. cash expenses, company credit cards, cell phones and company cars or private cars if compensation is claimed for them), the benefits you sign up for, your use of Company equipment and tools, travel preferences, details of the beneficiaries - Qualifications, assessments
- capital accumulation benefits
- pension funds
- Information about violations of law or company policy or criminal convictions if you have consented to a background check or if we are authorized/required by law to do so.
- In certain cases and only with your consent, we also process behavioral profile analysis (VPA).
We process the aforementioned data for the following purposes:
- Selection and Recruitment Procedures
- Electronic time recording
- Birthday and Anniversary Directory
- Payroll accounting system (payroll, allowance, expense accounting)
- Personnel file/electronic personnel file
- HR administration
- Special payments, provision of benefits in kind and work equipment
- vacation planning
- Creation of professional profiles (specialist knowledge, qualifications and skills) that are required for assignments with customers or partners
- Fulfillment of legal and contractual storage and proof obligations
2.2 IT and communication management, business process
In connection with IT and communication management and in the ordinary course of business, we process the following personal data:
- Contact details of all participants in the e-mail procedure
- Business email traffic and internal instant messaging traffic
- Contact details (business email, telephone, location of employment), name, position and, if applicable – with your consent – picture
- User profiles for internal applications and IT services
We process the aforementioned data for the following purposes:
- Ensuring the proper course of business
- Ensuring internal and external communication (e.g. through internal contact lists and databases)
- Sending internal newsletters
2.3 Building and Security Management
In the area of building and security management, we process the following personal data:
- Key and Badge Users
- issue and return dates
- Information about the persons responsible for security (names and contact details)
- key management
- access control
- Ensuring the security concept
2.3 Fleet Management
In connection with fleet management, we process the following personal data:
- Name, trip details
We process this data for the following purposes:
- Trip and vehicle management
- GPS monitoring system, navigation system
2.5
The legal basis for the processing of the data categories listed above is the fulfillment of a contract with you or the implementation of the related pre-contractual measures or the fulfillment of a legal obligation, e.g. B. Deducting wages for tax and social security purposes, submitting information to tax and social security authorities, administering legal claims, etc.
2.6
We also process any other information that you voluntarily provide to us (including where this is done in the course of correspondence with us), such as B. Photographs, opinions, your location if you choose to share it on a Company device, and any other information you provide. The legal basis for the processing of this data is basically your consent, unless there is another legitimate legal reason. In some cases, with your express consent, a behavioral profile analysis can be created, which we can take into account as an aid in appraisal interviews or when assembling internal teams.
2.7
In certain cases, the processing of your personal data can also be carried out on the basis of our legitimate interests which outweigh your data protection interests, e.g. B. if data processing is necessary for the management and development of our staff, the organization of business trips, the protection of our legal interests and rights, ensuring compliance, IT security or the proper course of business, etc.
2.8
In some cases, we receive personal information about you from third parties, such as B. from training, recruitment, employment or coaching companies. Such data typically concerns certification or training you have received and feedback or references regarding your performance or personality.
2.9
From time to time we may receive personal information from social security companies or other private third parties regarding your insurance coverage, medical condition or disability. This type of personal data is only processed for the purpose of fulfilling legal obligations.
3. Disclosure of Personal Data
3.1 We will only pass on your personal data to third parties if
- you have given us your consent,
- disclosure is necessary to assert, exercise or defend legal claims or to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
- the disclosure is a legal obligation and
- this is legally permissible and necessary for the implementation of contractual or pre-contractual relationships with you.
3.2
Personal data is passed on to the Noser Group companies and other service providers who perform certain functions for us and who are based in Switzerland and other countries , including outside the European Economic Area. Personal data is stored and processed manually and electronically for the above purposes via global systems and tools.
3.3
To protect this data, the Noser Group takes appropriate security measures and ensures that when the data is transmitted abroad, adequate data protection is guaranteed in the third country or that the transmission is legally permissible for other reasons (by means of an adequacy decision, standard contractual clauses Privacy Shield rules, etc.).
3.4
We share some of your personal data with other members of the Noser Group for the purpose of administering and managing the group, including evaluating your performance and the performance of the Noser companies. We also share your personal information with any other Noser company that you apply to and are associated with.
3.5
Your personal data may also be shared with the following service providers and authorities:
- Companies that provide services to Noser Group on a contract basis such as IT hosting and maintenance suppliers
- Cloud service providers (like Salseforce, Microsoft, Atlassian, Cisco etc.). In certain cases, your application documents will be stored and processed on such cloud services.
- Third-party service providers, such as B. for the purpose of accessing health insurance, childcare vouchers and other applicable service providers, as well as consultants, insurance brokers and payroll service providers
- Public authorities and/or law enforcement bodies, if necessary for the purposes set out above, where required by law or where necessary for the legal protection of our legitimate interests in compliance with applicable law
3.6
Depending on which function you perform, your professional profile, e.g. B. Data about your qualifications, specialist knowledge, training and skills, professional experience and other necessary data such as name, work permit, etc., are passed on to internal or external customers or partners. This transfer only takes place to the extent required for your official use.
3.7
If the company with which you are associated is sold or integrated into another company, your personal data may be made available to our advisors and the advisors of any potential buyer, in accordance with applicable law, and transferred to the new owners of the business
4. Rights of data subjects
4.1
Where we have asked for your consent, you can withdraw that consent at any time. If you withdraw consent to Noser Group processing your personal data, this will not affect any processing that has already taken place at that time. Even after you have withdrawn your consent, the Noser Group may be entitled to continue processing the relevant data if there is another legal basis for the processing.
4.2
In accordance with the Federal Data Protection Act (“DSG”) applicable in Switzerland, you have the right to information. The scope of the right to information is defined by the DSG and basically concerns the information about the data processed by you in certain data collections, the origin of the data, the purpose and the legal basis of the processing, the categories of those involved in the processing, etc.
4.3
Where the EU General Data Protection Regulation (“GDPR”) applies to us, you have the following rights:
- In accordance with Art. 15 DS-GVO, to request information about your personal data processed by us, in particular about the processing purposes, the categories of personal data, the categories of recipients to whom your data was disclosed, the planned storage period, the existence of a right to Correction, deletion and restriction of processing or objection, the existence of a right of appeal, the origin of your data if they were not collected from us, and the existence of automated decision-making including profiling
- According to Art. 16 DS-GVO, to immediately request the correction of incorrect or completion of your personal data stored by us
- Pursuant to Art. 17 DS-GVO, to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend of legal claims is required
- Pursuant to Art. 18 DS-GVO, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need them to assert them , exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 DS-GVO
- According to Art. 20 DS-GVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible
- In accordance with Art. 7 Para. 3 DS-GVO, you can revoke your consent at any time with effect for the future and
- According to Art. 77 DS-GVO to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our headquarters.
- If your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, insofar as this There are reasons that arise from your particular situation.
4.4
The GDPR is binding for those Noser Group companies that are based in the EU.
5. Storage of Data
Your data will be stored at Noser Group for as long as (i) it is necessary for the purpose of the processing and/or (ii) the storage of the data is based on a legal obligation, e.g. B. statutory retention requirements for business documents, and/or (iii) the storage is required for the assertion, exercise or defense of legal claims.
6. Update of data
It is important that we keep your personal data up to date. Please inform your Human Resources Manager or the persons responsible for human resources matters in your respective company immediately of any changes to your personal data as soon as they occur, e.g. B. changing your postal address, your marital status or your emergency addresses. From time to time we may ask you to complete a new Personal Information Data Sheet to ensure that our held information is up to date.
7. Data Security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
8. Updates to this Privacy Notice
This data protection information may be updated periodically. We will change the date stated at the beginning of this data protection notice accordingly and the current version will be available at all times on the intranet site. In some cases, we may also actively notify you of specific data processing activities or significant changes to this privacy policy if required by applicable law.