ISO 14001 Zertifizierung

Data protection declaration and consent
Contents
1. Objectives and responsible body
2. Basic information concerning the data processing
3. Processing of personal data
4. Gathering of access data
5. Cookies and bandwidth measurement
6. Google Analytics
7. Google Remarketing services
8. Facebook social plugins
9. Facebook Remarketing
10. Newsletter
11. Integration of third-party services and content
12. Rights of the user and deletion
13. Changes to the data protection declaration

Objectives and responsible body
This data protection declaration clarifies the type, scope and purpose of the processing of personal data in connection with our online service or websites, functions and contents connected to it – hereinafter referred to jointly as “online service” or “website” (including the gathering, processing and use and the obtaining of consent). The data protection declaration applies regardless of the domains, systems, platforms and devices used (for example desktop or mobile) on which the online service is provided.

Responsible for data Protection is Ms. Bank,

The term “user” includes all customers and visitors to our online service. The terms such as “user” are gender neutral.

Basic information concerning the data processing
We only process personal data of the user in compliance with the applicable data protection provisions in accordance with the principles of data economy and data avoidance. This means that the data of the user will only be processed if permitted by law, in particular if the data is necessary in order to provide our contractual services, is mandated by law or the user has issued his or her consent.

We take organisational, contractual and technical security measures in accordance with the latest technology in order to ensure that the regulations of the data protection laws are complied with and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.

Should content, work tools or other equipment of other providers (hereinafter referred to jointly as “third-party providers”) be used in this data protection declaration and should their named places of business be abroad, it must be assumed that a data transfer to the countries of the places of business of the third-party providers will take place. The transfer of data to third countries takes place either on the basis of legal permission, consent issued by the user or special contractual clauses which ensure the security of the data which is required by law.

Processing of personal data
Alongside the use which is expressly mentioned in this data protection declaration, the personal data is processed for the following purposes on the basis of legal permission or consent of the user:
– the provision, performance, management, optimisation and security of our services and user benefits;
– ensuring effective customer service and technical support.

We only transfer the data of the user to third parties if this is necessary for billing purposes (for example to a payment service provider) or for other purposes, should this be necessary in order to fulfil our contractual obligation in relation to the user (for example notification of addresses to suppliers).

When getting in touch with us (by means of the contact form or by e-mail), the information of the user will be saved for the purpose of processing the enquiry, as well as in case of any follow up questions.
Personal data will be deleted once they have served their purpose and provided that no retention obligations prevent the deletion.

Gathering of access data
We gather data relating to each access to the server on which this service is located (so-called server logfiles). The access data includes the name of the website accessed, file, date and time of the access, transferred data quantity, report of successful access, browser type and version, the operating system of the user, referrer URL (previously visited site), IP address and the requesting provider.

We use the protocol data without assignment to the person of the user or other creation of profiles in accordance with the statutory provisions and only for statistical evaluations for the purpose of operation, security and optimisation of our online service. However, we reserve the right to subsequently check the protocol data if concrete suspicions of unlawful use exist.

Cookies and bandwidth measurement
Cookies are information which is transferred to the web browser of the user by our webserver or webservers of third parties and which are saved there for subsequent access. The user is informed of the use of cookies within the framework of pseudonymised bandwidth measurement in this data protection declaration.

It is also possible to view this online service without the use of cookies. Should the user not wish cookies to be saved on his or her computer, he or she is requested to de-activate these in the system settings of their browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online service.

It is possible to administer several online display cookies of companies on the US side: http://www.aboutads.info/choices the EU side http://www.youronlinechoices.com/uk/your-ad-choices/.

Google Analytics
We use Google Analytics, a web analysis service of Google Inc (“Google”). Google uses cookies. The information concerning use of the online service which is generated by the cookie is, as a rule, transferred to a Google server in the USA and saved there.

Google will use this information on our behalf in order to evaluate the use of our online service by the user, to compile reports concerning the activities within the online service and to provide additional services connected to the use of this online service and the use of the Internet. Thereby usage profiles of the user can be created from the processed data in the form of pseudonymns.

We only use Google Analytics with activated IP anonymisation. This means that the IP address of the user is shortened in advance by Google within Member States of the European Union or in other Member States of the European Economic Area Treaty. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.

The IP address transferred by the browser of the user is not combined with other data by Google. In addition, the user can prevent the saving of the cookies by setting their browser software accordingly; the user can also prevent the recording of the data generated by the cookie and which relates to his or her use of the online service by Google, as well as the processing of this data by Google by downloading and installing the browser plugin which is available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information concerning the use of data for advertising purposes by Google, settings and objection options can be found on the Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Data protection by Google when you use websites or apps of our partners”)http://www.google.com/policies/technologies/ads (“Data protection for advertising purposes”) http://www.google.de/settings/ads (“Manage information which Google uses in order to display advertising to you“) and http://www.google.com/ads/preferences (“Decide which advertising is displayed to you by Google”)

Google (Re-)marketing Services
We use the marketing and remarketing services (in abbreviated form “Google marketing services”) of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The Google marketing services enable us to display adverts for and on our website in a targeted manner in order to only show adverts to the user which potentially correspond to his or her interests. Should the user be shown adverts for products in which he or she has shown interest on other websites for example, this is called “remarketing”. For these purposes, when accessing our website and other websites on which Google marketing services are active, a code is carried out directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. With the assistance of these, an individual cookie is saved on the device of the user, i.e., a small file (comparable technologies can also be used in place of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file, it is noted which website the user accesses, which content interests him or her and what services he or she has clicked on, plus technical information concerning the browser and operating system, referring websites, duration of visit and other information concerning the use of the online service. The IP address of the user is also recorded, whereby within the framework of Google Analytics we notify that the IP address is shortened in Member States of the European Union or other Member States of the European Economic Area and only in exceptional cases is this transferred in full to a server of Google in the USA and shortened there. The IP address is not combined with data of the user by Google in other services. The information given above can also be combined with such information from other sources. Should the user then visit other websites, he or she can be shown adverts which are tailored to his or her interests.

The data of the user is processed within the framework of the Google marketing services in the form of a pseudonym. This means that Google does not save and process the name or e-mail address of the user, but processes the relevant data generated by the cookie within user profiles in the form of pseudonyms. This means that from the point of view of Google, the adverts are not managed for and displayed to a concrete identified person, but for the owner of the cookie, regardless of who the owner of the cookie is. This does not apply if a user has expressly permitted Google to process the data without the pseudonymisation. The information concerning the user which is collected by “DoubleClick” is transferred to Google and saved on Google’s servers in the USA.

The Google marketing services used by us include the online advertising program “Google AdWords” amongst others. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be traced via the websites of AdWords customers. The purpose of the information obtained with the assistance of the cookie is to create conversion statistics for AdWords customers who have chosen conversion tracking. The AdWords customers are informed of the total number of users who have clicked on their advert and who were redirected to a site which contains a conversion tracking tag. However, they do not receive any information which could personally identify users.

On the basis of the “DoubleClick” Google marketing service, we integrate third-party adverts. DoubleClick uses cookies, by means of which Google and its partner websites are able to display adverts on the basis of the visits of user to this website and other websites on the Internet.

We also integrate third-party adverts on the basis of the Google marketing service “AdSense”. AdSense uses cookies, by means of which Google and its partner websites are able to display adverts on the basis of the visits of user to this website and other websites on the Internet.

Another Google marketing service used by us is the “Google Tag Manager”, with the assistance of which additional Google analysis and marketing services can be integrated into our website (for example “AdWords”, “DoubleClick” or “Google Analytics”).

Further information concerning the use of data by Google for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads, the data protection declaration of Google can be accessed at https://www.google.com/policies/privacy.

Should you wish to object to the recording by Google marketing services, you can use the setting and opt out options provided by Google: http://www.google.com/ads/preferences.

Facebook social plugins
Our online service uses social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can be recognised by one of the Facebook logos (white “f” on a blue button, the terms “like” or a “thumbs up” sign) or are identified by the additional text “Facebook social plugin”. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Should a user access a function of this online service which contains such a plugin, his or her device establishes a direct connection to the servers of Facebook. The contents of the plugin are transferred directly to the device of the user by Facebook and incorporated by it into the online service. Thereby usage profiles of the user can be created from the processed data. Therefore, we have no control over the scope of the data which Facebook gathers with the assistance of this plugin and are informing the user in accordance with the state of our knowledge.

By means of the incorporation of the plugin, Facebook is informed that a user has accessed the corresponding page of the online service. Should the user be logged into Facebook, it can assign the visit to his or her Facebook account. Should the user interact with the plugins, for example by clicking the “like” button or submitting a commentary, the corresponding information is transferred to Facebook directly by his or her browser and saved there. Should a user not be a member of Facebook, it is still possible for Facebook to be informed of his or her IP address and to save it. According to Facebook, only an anonymised IP address is saved in Germany.

The purpose and scope of the data gathering and the further processing and use of the data by Facebook, as well as the rights and setting options for the protection of the private sphere of the user in this respect can be found in the data protection notices of Facebook: https://www.facebook.com/about/privacy/.

Should a user be a member of Facebook and not wish for Facebook to collect data relating to him or her via this online service and combine this with his or her member data saved by Facebook, he or she must log out of Facebook and delete his or her cookies before using our online service. Further settings and objections to the use of data for advertising purposes are available in the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the American site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings take place independently of platform type, i.e., they are implemented for all devices, such as desktop computers or mobile devices.

Facebook Remarketing
So-called “Facebook pixels” of the social network Facebook which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025 USA or, should you be located in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) are used in our online service. With the assistance of the Facebook pixel, it is possible for Facebook to identity the visitors to our service as the target group for the display of adverts, so-called “Facebook ads”. Accordingly, we use the Facebook pixel in order to display the Facebook ads created by us only to Facebook users who have also shown an interest in our Internet service. This means that with the assistance of the Facebook pixels, we wish to ensure that our Facebook ads correspond to the potential interest of the user and do not cause a nuisance. With the assistance of the Facebook pixel, we can also assess the effectiveness of the Facebook adverts for statistical and market research purposes, as we see whether users were redirected to our website after clicking on a Facebook advert.

The Facebook pixel is integrated directly by Facebook when accessing our websites and can save a so-called cookie, i.e., a small file on your device. Should you then log in to Facebook or visit Facebook while you are logged in, the visit to our service is noted in your profile. The data gathered about you is anonymous for us, i.e., it does not allow us to trace the user. However, the data is saved and processed by Facebook, so that a connection to the respective user profile is possible. The processing of the data by Facebook takes place in accordance with the data usage guidelines of Facebook. Accordingly, you can obtain further information as to how the remarketing pixel works and about the display of Facebook ads generally in the data processing policy of Facebook: https://www.facebook.com/policy.php.

You can object to the recording by the Facebook pixel and the use of your data to display Facebook ads. In order to do so, you can access the page set up by Facebook and follow the settings instructions for use-based advertising: https://www.facebook.com/settings?tab=ads or raise the objection via the American site: http://www.aboutads.info/choices/ or the EU site: http://www.youronlinechoices.com/. The settings take place independently of platform type, i.e., they are implemented for all devices, such as desktop computers or mobile devices.

Newsletter
With the information below, we wish to inform you of the content of our newsletter and the registration, dispatch and statistical evaluation processes, as well as your rights of objection. By subscribing to our newsletter, you are declaring your agreement to its receipt and the procedure which is described.

Content of the newsletter: We send out newsletters, e-mails and other electronic messages with advertising information (hereinafter referred to as “newsletter”) only with the consent of the recipient or legal permission. Should this content be rewritten within the framework of the registration for the newsletter, this is decisive for the consent of the user. Otherwise, our newsletters contain the following information: our products, services, campaigns and our company.

Double opt in and recording: for the registration for our newsletter, we use the so-called double opt in procedure. This means that following registration, you receive an e-mail in which you are requested to confirm your registration. This confirmation is necessary, so that it is not possible to register with the e-mail address of another person. Registrations for the newsletter are recorded, so that the registration process can be proven in accordance with the legal requirements. This includes saving the time of registration and confirmation, as well as the IP address. The changes to your data which are saved by the sending provider are also recorded.

Sending provider: the newsletter is sent by X (hereinafter referred to as “sending provider”). The data protection provisions of the sending provider can be viewed here: …

The e-mail addresses of our newsletter recipients, as well as their other data which is described in this notice are saved on the servers of the sending provider. The sending provider uses this information to send the newsletter and to evaluate it on our behalf. In addition, the sending provider can use this data according to its own information to optimise or improve its own services, for example for technical optimisation of the sending and display of the newsletter or the economic purposes, in order to determine which countries the recipients come from. The sending provider does not however use the data of our newsletter recipients in order to contact them itself and does not pass this data on to third parties.

Registration data: in order to register for the newsletter, it suffices for you to provide your e-mail address.

Statistical gathering and analysis – the newsletters contain a so-called “web beacon”, i.e., a pixel-sized file, which is accessed by the server of the sending provider when opening the newsletter. During the course of this access, technical information is initially gathered, such as information relating to the browser and your system, as well as your IP address and the time of the access. This information is used for technical improvement of the services on the basis of the technical data or the target groups and their reading behaviour on the basis of the accessing location (which can be determined by the IP address) or the access times. The statistical gathering also includes information as to whether the newsletter is opened, when it is opened and what links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, neither we ourselves nor the sending provider wish to observe individual users. The purpose of the evaluation is to allow us to obtain knowledge of the reading habits of our users and to adjust our content to these, or to send differing content according to the interests of our users.

Termination – revocation – you can terminate the receipt of our newsletter at any time, i.e., i.e., you can revoke your consent. By means of this, your consent to the sending of the newsletter by the sending provider and the statistical analysis is also withdrawn. Unfortunately, it is not possible to separately revoke the consent to the sending by the sending provider or to the statistical analysis. You can find a link to terminate the newsletter at the end of every newsletter.

Integration of third-party services and content
It may be the case that content or services of third-party providers, such as city maps or fonts of other websites are integrated into our online service. The integration of content of the third-party providers is always subject to the third-party providers being informed of the IP address of the user, as without the IP address they cannot send the content to the browser of the user. The IP address is therefore necessary in order to display this content. In addition, the providers of the third-party content can set their own cookies and use the data of the user for their own purposes. Thereby usage profiles of the user can be created from the processed data. As far as possible, we will use this content in accordance with the principles of data economy and data avoidance and we will select third-party providers who are reliable as far as data security is concerned.

The following text provides an overview of third-party providers, as well as their content together with links to their data protection declarations, which contain information concerning the processing of data and opt-out procedures which are named here in part:

–External fonts of Google, Inc., https://www.google.com/fonts (“Google Fonts”). The integration of Google Fonts takes place by means of accessing the Google server (as a rule in the USA). Data protection declaration: https://www.google.com/policies/privacy/,

opt-out: https://www.google.com/settings/ads/.

– Maps of the service “Google Maps” of the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Data protection declaration: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.

– Videos of the platform “YouTube” of the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Data protection declaration: https://www.google.com/policies/privacy/,

opt-out: https://www.google.com/settings/ads/.

Rights of the users and data deletion
Users have the right on request to receive free-of-charge information concerning the data relating to them which is saved by us.
In addition, users have the right to have incorrect data corrected, to revoke consent which is issued, to have their personal data blocked and deleted and the right to complain to the competent supervisory authority, should they be of the opinion that their data has been processed unlawfully.

The data saved by us will be deleted once it has served its purpose and provided that no statutory retention obligations prevent the deletion.

Changes to the data protection declaration
We reserve the right to alter the data protection declaration, in order to adjust it to changing legal positions, or in case of changes to the service or data processing. However, this only applies in relation to data processing declarations. Should consent of the user be necessary or should parts of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only take place with the agreement of the users.
Users are requested to keep themselves familiar with the contents of the data protection declaration.

How to contact us
If you have any questions or comments about this Privacy Statement, would like to exercise any of your rights under applicable data protection law, or believe that Oskar Rüegg AG has not adhered to this Privacy Statement, please e-mail our Data Protection Officer sekretariat@oskar-ruegg.com. Additionally individuals can contact :
Oskar Rüegg AG
Ms. Nadine Bank
Buechstrasse 18
CH-8645 Jona
Switzerland

As at: 23.05.2018 18:20