Privacy policy - REGO-FIX AG

Privacy policy - REGO-FIX AG

An overview of data protection

The protection of your privacy is an important concern for us. In this privacy policy, we, REGO-FIX AG, explain how we collect and otherwise process personal data. This is not an exhaustive description; if necessary, other data protection declarations or general terms and conditions, conditions of participation and similar documents regulate specific facts. Personal data means any information that relates to a specific or identifiable person.

If you provide us with personal data of other persons (e.g. family members, data of work colleagues), please make sure that these persons are aware of this privacy policy and only share their personal data with us if you are allowed to do so and if this personal data is correct.

This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ("DPA") and the revised Swiss Data Protection Act ("revDSG"). However, whether and to what extent these laws are applicable depends on the individual case.

1. Responsible party and contact

Responsible for the data processing is REGO-FIX AG, Obermattweg 60, 4456 Tenniken unless otherwise stated in the individual case.

For data protection concerns related to the processing of your data by REGO-FIX AG or one of its companies (indicate, if possible, which company you are referring to), you may contact, enclosing a copy of your ID or passport, by letter or e-mail to the following office: REGO-FIX AG, Data protection, Obermattweg 60, 4456 Tenniken, Switzerland, [email protected]

2. Collection and processing of personal data

We primarily process personal data that we receive from our customers and other business partners in the course of our business relationship with them and other persons involved in it, or that we collect from their users in the operation of our websites, apps and other applications.

In particular, we process personal data in the following categories of processing:

 

/ Customer data of customers for whom we provide or have provided services

/ Personal data obtained indirectly from our customers in the course of the provision of services

/ When visiting our website

/ When using our newsletter

/ When participating in one of our events

/ When we communicate or a visit takes place

/ When we have any other contractual relationship, e.g. as a supplier, service provider or consultant.

/ For applications

/ If we are required to do so for legal or regulatory reasons.

/ When we are exercising our due diligence or other legitimate interests, e.g. to avoid conflicts of interest, to prevent money laundering or other risks, to ensure data accuracy, to check creditworthiness, to ensure security or to enforce our rights.

 

More detailed information can be found in the description of the respective categories of processing in point 5.

3. Categories of personal data

The personal data we process depends on your relationship with us and the purpose for which we process it. In addition to your contact data, we also process other information about you or about persons who have a relationship with you. Under certain circumstances, this information may also be particularly sensitive personal data.

We collect the following categories of personal data, depending on the purpose for which we process it:

 

/ Contact information (e.g. last name, first name, address, phone number, e-mail)

/ Customer information (e.g. date of birth, nationality, marital status, profession, title, job title, passport / ID number, AHV number).

/ Risk assessment data (e.g. credit rating information, commercial register data)

/ Financial information (e.g. data on bank details)

/ Website data (e.g. IP address, device information (UDI), browser information, website usage (analysis and use of plugins, etc.).

/ Application data (e.g. resume, job references)

/ Marketing information (e.g. newsletter registration)

/ Security and network data (e.g. visitor lists, access controls, network and mail scanners, telephone call lists)

 

To the extent permitted, we also take certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, internet) or receive such data from other companies within the REGO-FIX Group, from authorities and other third parties (such as credit agencies, address dealers). In addition to the data about you that you give us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and judicial proceedings, information in connection with your professional functions and activities (so that we can, for example, with your help conclude and process transactions with your employer), information about you in correspondence and meetings with third parties, creditworthiness information (insofar as we process transactions with you personally), information about you, which persons from your environment (family, advisors, legal representatives, etc.) give us so that we can conclude or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney, information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners) from us for the utilization or provision of services by you (e.g. payments made, purchases made, etc.). e.g. payments made, purchases made), information from the media and Internet about you (if this is appropriate in the specific case, e.g. as part of an application, press review, marketing/sales, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, details of your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location information).

4. Purposes of data processing (direct and indirect) and legal basis

We use the personal data we collect primarily to enter into and process contracts with our customers and business partners, in particular in the context of the sale of REGO-FIX products and services with our customers and the purchase of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations at home and abroad. When we provide services to our customers, we may also process personal data that we have not collected directly from the data subjects or personal data from third parties. These third parties are usually employees, contacts, family members or persons who have a relationship with the customers or data subjects for other reasons. We need this personal data to fulfill contracts with our customers. We receive this personal data from our customers or from third parties engaged by our customers. Third parties whose information we process for this purpose are informed by our customers that we process their data. Our customers may refer to this privacy policy for this purpose.

In addition, we also process personal data about you and other individuals, as permitted and as we deem appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest consistent with the purpose:

 

/ Offer and further development of our offers, services and websites, apps and other platforms on which we are present.

/ Communication with third parties and processing of their inquiries (e.g. applications, media inquiries)

/ Reviewing and optimizing procedures for needs analysis for the purpose of directly approaching customers as well as collecting personal data from publicly available sources for the purpose of customer acquisition

/ Advertising and marketing (including the holding of events), insofar as you have not objected to the use of your data (if we send you advertising as an existing customer of ours, you can object to this at any time, we will then put you on a blocking list against further advertising mailings).

/ Market and opinion research, media monitoring

/ Assertion of legal claims and defense in connection with legal disputes and official proceedings

/ Prevention and investigation of criminal offenses and other misconduct (e.g., conducting internal investigations, data analyses to combat fraud).

/ Guarantees of our operations, in particular IT, our websites, apps and other platforms.

/ Video surveillance to maintain house rules and other measures for IT, building and facility security and protection of our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings)

/ Purchase and sale of business units, companies or parts of companies and other transactions under company law and related transfer of personal data as well as measures for business management and as far as for compliance with legal and regulatory obligations as well as internal regulations of REGO-FIX AG.

 

Insofar as you have given us consent to process your personal data for certain purposes (e.g. when you register to receive newsletters or carry out a background check), we process your personal data within the scope of and based on this consent, insofar as we have no other legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.

4.1 Use of our website

No personal data need to be disclosed in order to use our website. However, the server collects a number of user information with each call, which are temporarily stored in the log files of the server.

When using this general information, no assignment to a specific person takes place. The collection of this information or data is technically necessary to display our website and to ensure its stability and security. This information is also collected to improve the website and analyze its use. 

In particular, this involves the following information:

 

/ Contact information (e.g. surname, first name, address, telephone number, e-mail).

/ Other information that you transmit to us via the website.

/ Technical information automatically transmitted to us or our service providers, information on user behavior or website settings (e.g. IP address, UDI, device type, browser, number of clicks on the page, opening of the newsletter, click on links, etc.).

We process this personal data for the described purposes based on the following legal grounds:

/ Safeguarding legitimate interests, (e.g. for administrative purposes, to improve our quality, analyze data or publicize our services).

/ Consent (e.g. to the use of cookies or the newsletter).

 

4.2 Newsletter usage

Insofar as you subscribe to our newsletter, we use your e-mail address and other contact data to send you the newsletter. You can subscribe to our newsletter with your consent. Mandatory data for sending the newsletter are your full name and your e-mail address, which we store after your registration. The legal basis for the processing of your data in connection with our newsletter is your consent to the sending of the newsletter. You can revoke this at any time and unsubscribe from the newsletter.

4.3 Participation in events

If you participate in an event organized by us, we collect personal data in order to organize and conduct the event and, if necessary, to send you additional information afterwards. We also use your information to inform you about other events. You may be photographed or filmed by us at these events and we may publish this footage internally or externally.

In particular, this involves the following information:

/ Contact information (e.g., last name, first name, address, phone number, email).

/ Personal information (e.g. profession, function, title, employer company, eating habits)

/ Pictures or videos

/ Payment information (e.g. bank details).

We process this personal data for the purposes described based on the following legal grounds:

/ Fulfillment of a contractual obligation with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement (enabling participation in the event).

/ Safeguarding of legitimate interests (e.g. holding of events, dissemination of information about our event, provision of services, efficient organization)

/ Consent (e.g. to send them marketing information or to create visual material).

 

4.4 Direct communication and visits

If you contact us (e.g. via telephone, e-mail or chat) or if we contact you, we process the personal data required for this purpose. We also process this personal data when you visit us. In this case, you may be required to leave your contact details before visiting us or at reception. We keep this information for a certain period of time to protect our infrastructure and information.

We use the "Zoom" or "Microsoft Teams" service to conduct conference calls, online meetings, video conferences and/or webinars ("Online Meetings").

In particular, we process the following information:

 

/ Contact information (e.g. surname, first name, address, telephone number, e-mail).

/ Marginal data on communication (e.g. IP address, duration of communication, communication channel)

/ Recordings of conversations, e.g. during video conferences

/ Other information uploaded, provided or created by the user during the use of the video conferencing service, as well as metadata used for the maintenance of the service provided Additional information about the processing of personal data by "Zoom" or Microsoft Teams can be found in their privacy statements.

/ Personal information (e.g., occupation, position, title, employer company)

/ Time and reason for visit

We process this personal data for the described purposes based on the following legal grounds:

/ Fulfillment of a contractual obligation with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement

/ Safeguarding legitimate interests (e.g. security, traceability as well as processing and administration of customer relationships)

 

4.5 Applications

You can submit your application for a position with us by mail or via the e-mail address provided on our website. The application dossier and all personal data disclosed to us with it will be treated in strict confidence, will not be disclosed to any third party and will only be processed for the purpose of handling your application for employment with us. Without your consent to the contrary, your application file will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a legal obligation to retain it. The legal basis for processing your data is your consent, the fulfillment of the contract with you and our legitimate interests.

In particular, we process the following information:

 

/ Contact information (e.g. surname, first name, address, telephone number, e-mail)

/ Personal information (e.g. profession, function, title, employer company)

/ Application documents (e.g. letter of motivation, certificates, diplomas, curriculum vitae)

/ Assessment information (e.g. assessment by personnel consultants, reference information, assessments)

We process this personal data for the purposes described based on the following legal grounds:

/ Safeguarding legitimate interests (e.g. hiring new employees)

/ Consent

 

4.6 Suppliers, service providers, other contractual partners

If we enter into a contract with you to provide a service for us, we process personal data about you or your employees. We need this data to communicate with you and to use your services.

In particular, we process the following information:

 

/ Contact information (e.g. surname, first name, address, telephone number, e-mail)

/ Personal information (e.g. profession, function, title, employer company)

/ Financial information (e.g. data on bank details)

We process this personal data for the purposes described based on the following legal grounds:

/ Conclusion or execution of a contract with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement

/ Safeguarding legitimate interests, (e.g. avoiding conflicts of interest, protecting the company, enforcing legal claims).

 

5. Tracking technologies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our site.

In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we thereby gain direct knowledge of your identity. The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made, so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are necessary for the stated purposes. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

6. Web and newsletter analysis

In order to obtain information about the use of our website, to improve our internet offer and to be able to address you with advertising on third-party websites or on social media, we use the following web analysis tools and re-targeting technologies: Google Analytics, Mailchimp (newsletter).

These tools are provided by third-party providers. As a rule, the information collected for this purpose about the use of a website is transmitted to the third-party provider's server through the use of cookies or similar technologies. Depending on the third-party provider, these servers may be located abroad.

The transmission of the data normally takes place with shortening of the IP addresses, which prevents the identification of individual end devices. A transmission of this information by third-party providers only takes place due to legal regulations or in the context of order data processing.

6.1 Google Analytics

We use Google Analytics, the web analytics service of Google LLC, Mountain View, California, USA, responsible for Europe is Google Limited Ireland ("Google") on our websites. To deactivate Google Analytics, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=de. Google Analytics uses cookies. These are small text files that make it possible to store specific information related to the user on the user's terminal device. These enable an analysis of the use of our website offer by Google. The information collected by the cookie about the use of our pages (including your IP address) is usually transmitted to a Google server in the USA and stored there. We point out that on this website Google Analytics has been extended by the code "gat._anonymizeIp();" to ensure anonymized collection of IP addresses (so-called IP masking). If anonymization is active, Google truncates IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area, which is why no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google may associate your IP address with other data held by Google. For data transfers to the USA, Google has undertaken to sign and comply with the EU standard contractual clauses. 

6.2 Google Maps

On our website we use Google Maps (API) from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Limited Ireland, "Google"). Google Maps is a web service for displaying interactive (land) maps in order to visually present geographical information. By using this service, our location is displayed to you and a possible journey is made easier. Already when calling up those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.

For data transfers to the US, Google has committed to sign and comply with the EU standard contractual clauses.

6.3 Social Media Plugins

So-called social media plugins ("plugins") from third-party providers are used on our website. The plugins are recognizable by the logo of the respective social network. Via the plugins, we offer you the opportunity to interact with the social networks and other users. We use the following plugins on our website: Facebook, Twitter, LinkedIn, YouTube. When you visit our website, your browser establishes a direct connection to the servers of the third-party provider. The content of the plugin (e.g. YouTube videos) is transmitted directly to your browser by the respective third-party provider and integrated into the page.

The data transfer for the display of content (e.g. publications on Twitter) takes place regardless of whether you have an account with the third-party provider and are logged in there. If you are logged in to the third-party provider, the data we collect is also directly assigned to your account with the third-party provider. If you activate the plugins, the information will also be published on the social network and displayed to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by the third-party providers, as well as your rights in this regard and setting options for protecting your privacy, can be found in the data protection notices of the third-party providers. The third-party provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. In particular, such an evaluation is also carried out for non-logged-in users for the display of needs-based advertising and to inform other users of the social network about your activities on our website. If you would like to prevent the third-party providers from assigning the data collected via our website to your personal profile in the respective social network, you must log out of the corresponding social network before visiting our website. You can also prevent the loading of the plugins with specialized add-ons for your browser.

6.4 Newsletter Tracking

For sending our newsletters we use the software Mailchimp. With this software, newsletters can be sent and analyzed. To perform this analysis, we collect device and access data. To collect these, the newsletter contains a pixel. The newsletter or the websites accessible from this newsletter are also tracked with cookies. A pixel is an image file that is stored on the recipient's device.
With the help of these technologies, we receive the information whether the newsletter has arrived, has been opened and which content has been clicked on. We use this information to improve our newsletter and our offers. 
The setting of a pixel can be prevented by deactivating HTML in the mail program (varies depending on the mail program).

7. Data transfer to third parties and data transfer abroad

Within the scope of our business activities and the purposes pursuant to Section 4, we also disclose data to third parties, insofar as this is permitted and appears to us to be appropriate, either because they process it for us or because they want to use it for their own purposes. This concerns in particular the following entities:

 

/ Service providers of us (within the REGO-FIX Group as well as externally, such as banks, insurance companies), including order processors (such as IT providers)

/ Dealers, suppliers, subcontractors and other business partners

/ Customers

/ Domestic and foreign authorities, government agencies or courts of law

/ Media

/ The general public, including visitors to websites and social media

/ Competitors, industry organizations, associations, organizations and other bodies

/ Acquirers or parties interested in acquiring business units, companies or other parts of the REGO-FIX Group

/ Other parties in possible or actual legal proceedings 

/ Other companies of the REGO-FIX Group

 

These recipients are partly domestic, but may also be located anywhere in the world. In particular, you must expect the transmission of your data to all countries where REGO-FIX Group is represented by group companies, branches or other offices, as well as to other countries in Europe and the USA, where the service providers we use are located (such as Microsoft, IFS). Not all personal data is transmitted encrypted by default.
If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it is a matter of data made generally available by you, the processing of which you have not objected to.

8. Duration of storage of personal data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e., for example, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond that in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against our company and insofar as we are otherwise legally obligated to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as a matter of principle and to the extent possible. For operational data (e.g. system logs, logs), shorter retention periods of twelve months or less apply in principle.

9. Data security  

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, controls.

10. Obligation to provide personal data

In the context of our business relationship, you must provide those personal data that are necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations (you usually do not have a legal obligation to provide us with data). Without this data, we will generally not be able to enter into or perform a contract with you (or the entity or person you represent). Also, the Website cannot be used if certain traffic-securing information (such as IP address) is not disclosed.

11. Profiling and automated decision making

We process your personal data partly automatically with the aim of evaluating certain personal aspects (profiling). We use profiling in particular to be able to inform and advise you about products in a targeted manner. In doing so, we use evaluation tools that enable us to provide needs-based communication and advertising, including market and opinion research.

For the establishment and implementation of the business relationship and also otherwise, we generally do not use fully automated automatic decision-making (as regulated, for example, in Art. 22 DSGVO). Should we use such procedures in individual cases, we will inform you separately about this, insofar as this is required by law, and inform you about the associated rights.

12. Your rights

You have the following rights in connection with our processing of personal data:

 

/ Right to information about personal data stored by us about you, the purpose of processing, the origin and about recipients or categories of recipients to whom personal data are disclosed.

/ Right to rectification if your data is incorrect or incomplete.

/ Right to restrict the processing of your personal data.

/ Right to request the deletion of the processed personal data.

/ Right to data portability

/ Right to object to data processing or to withdraw consent to the processing of personal data at any time without giving reasons.

/ Right to lodge a complaint with a competent supervisory authority, if provided for by law.

 

To exercise these rights, you should contact us at the address given in Section 1. The exercise of such rights usually requires that you clearly prove your identity (e.g. by means of a copy of your ID card, where your identity is otherwise not clear or cannot be verified).

Please note, however, that we reserve the right to assert the restrictions provided for by law on our part, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require it for the assertion of claims. If costs are incurred by you, we will inform you in advance.

In addition, every data subject has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority.  The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

13. Changes

We expressly reserve the right to change this privacy policy at any time. The current version published on our website applies.