Privacy Policy

With this Privacy Policy, we inform you about the personal data we process in connection with our activities and operations, including our swissindoorsbasel.ch website. We specifically inform you about what, how, and where we process which personal data. We also inform you about the rights of individuals whose data we process.

Additional privacy policies and other legal documents such as Terms and Conditions (T&Cs), Terms of Use, or Participation Conditions may apply to specific or additional activities and operations.

We are subject to Swiss data protection law and any applicable foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law provides adequate data protection.

1. Contact Addresses

Responsibility for the processing of personal data:

Swiss Indoors AG
Bettenstrasse 73
4123 Allschwil
Switzerland

[email protected]

We point out if there are other responsible parties for the processing of personal data in individual cases.

2. Definitions and Legal Bases

2.1 Definitions

Personal data are all details relating to a specific or identifiable natural person. An affected person is a person whose personal data we process.

Processing includes any handling of personal data, irrespective of the means and methods used, such as querying, comparison, adaptation, archiving, storage, reading, disclosure, procurement, collection, deletion, disclosure, arrangement, organization, storage, modification, dissemination, linking, destruction, and use of personal data.

The European Economic Area (EEA) includes the Member States of the European Union (EU) as well as Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personally identifiable data.

2.2 Legal Bases

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

We process – if and to the extent that the General Data Protection Regulation (GDPR) applies – personal data according to at least one of the following legal bases:

• Art. 6 Para. 1 lit. b GDPR for the necessary processing of personal data for the fulfillment of a contract with the affected person and for carrying out pre-contractual measures.
• Art. 6 Para. 1 lit. f GDPR for the necessary processing of personal data to protect the legitimate interests of us or third parties, unless the fundamental freedoms and rights and interests of the affected person prevail. Legitimate interests are, in particular, our interest in being able to carry out our activities and operations permanently, user-friendly, securely, and reliably and to be able to communicate about them, ensuring information security, protection against abuse, assertion of our own legal claims, and compliance with Swiss law.
• Art. 6 Para. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under any applicable law of Member States in the European Economic Area (EEA).
• Art. 6 Para. 1 lit. e GDPR for the necessary processing of personal data to perform a task in the public interest.
• Art. 6 Para. 1 lit. a GDPR for the processing of personal data with the consent of the affected person.
• Art. 6 Para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the affected person or another natural person.

3. Type, Scope, and Purpose

We process those personal data that are necessary to carry out our activities and tasks in a sustainable, user-friendly, secure, and reliable manner. Such personal data can particularly fall into the categories of inventory and contact data, browser and device data, content data, meta or edge data, usage data, location data, sales data, as well as contract and payment data.

We process personal data for the duration that is necessary for the respective purpose or purposes or is legally required. Personal data whose processing is no longer necessary will be anonymized or deleted.

We may have personal data processed by third parties. We can also process personal data together with third parties or transfer it to third parties. Such third parties are particularly specialized providers whose services we use. We also ensure data protection with such third parties.

We generally process personal data only with the consent of the affected individuals. If and insofar as processing is permitted for other legal reasons, we can dispense with obtaining consent. For example, we may process personal data without consent in order to fulfill a contract, to comply with legal obligations, or to protect overriding interests.

In this context, we specifically process information that an affected person voluntarily submits to us when making contact— for example by regular mail, email, instant messaging, contact form, social media, or telephone. We may, for example, store such information in an address book, in a Customer-Relationship-Management system (CRM system), or with comparable tools. If we receive data about other persons, the transmitting persons are obliged to ensure data protection for these persons and to ensure the accuracy of this personal data.

We also process personal data that we obtain from third parties, acquire from publicly accessible sources, or collect during the exercise of our activities and tasks, if and insofar as such processing is legally permissible.

4. Applications

We process personal data of applicants to the extent that it is necessary for assessing their suitability for employment or for the subsequent implementation of an employment contract. The necessary personal data primarily arise from the requested information, for example within the framework of a job posting. We also process personal data that applicants voluntarily communicate or publish, especially as part of cover letters, resumes, and other application documents as well as online profiles.

We process— if and insofar as the General Data Protection Regulation (GDPR) applies— personal data of applicants in particular according to Art. 9 Para. 2 lit. b GDPR.

We may allow applicants to store their information in our Talent Pool in order to consider them for future job openings. We may also use such information to maintain contact and inform about news. If we believe that an applicant may be suitable for an open position based on the information provided, we may inform the applicant accordingly.

5. Personal Data Abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, particularly for processing or having it processed there.

We may export personal data to all states and territories on Earth as well as elsewhere in the Universe, if the local law ensures adequate data protection according to the resolution of the Swiss Federal Council and— if and insofar as the General Data Protection Regulation (GDPR) applies— according to the decision of the European Commission.

We may transmit personal data to countries whose law does not ensure adequate data protection, provided that data protection is ensured for other reasons, particularly based on standard data protection clauses or other appropriate guarantees. Exceptionally, we may export personal data to countries without adequate or suitable data protection, if the specific data protection requirements are met, for example the explicit consent of the affected individuals or a direct connection with the conclusion or the execution of a contract. We will gladly provide information about any guarantees upon request or provide a copy of any guarantees.

6. Rights of Affected Individuals

6.1 Data Protection Claims

We grant affected individuals all claims according to the applicable data protection laws. Affected individuals have, in particular, the following rights:

• Information: Affected individuals can request information on whether we process personal data about them and, if so, which personal data is being processed. Affected individuals also receive further information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data as such, but also, among other things, details about the purpose of processing, the duration of storage, any disclosure or potential export of data to other countries, and the origin of the personal data.
• Correction and Restriction: Affected individuals can correct inaccurate personal data, complete incomplete data, and request the restriction of the processing of their data.
• Deletion and Objection: Affected individuals can request the deletion of personal data ("Right to be Forgotten") and object to the processing of their data for future effect.
• Data Release and Data Transfer: Affected individuals can request the release of personal data or the transfer of their data to another responsible party.

We may defer, limit, or deny the exercise of the rights of affected individuals within the legally permissible scope. We may inform affected individuals about any conditions that need to be met for the exercise of their data protection claims. For example, we may wholly or partly refuse to provide information referring to trade secrets or the protection of other persons. Similarly, we may wholly or partly refuse the deletion of personal data, citing legal storage obligations.

We may exceptionally impose charges for the exercise of these rights. We will inform affected individuals in advance about any potential costs.

We are obligated to identify affected individuals who request information or assert other rights with appropriate measures. Affected individuals are required to cooperate.

6.2 Right to Lodge a Complaint

Affected individuals have the right to enforce their data protection claims through legal means or file a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for private entities and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Affected individuals have—where and to the extent that the General Data Protection Regulation (GDPR) applies—the right to file a complaint with a competent European data protection supervisory authority.

7. Data Security

We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security.

Access to our website is via transport encryption (SSL / TLS, in particular with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.

Our digital communication is subject—like essentially all digital communication—to mass surveillance without cause or suspicion as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the respective processing of personal data by intelligence services, police agencies, and other security authorities.

8. Use of the Website

8.1 Cookies

We may use cookies. Cookies - our own cookies (First-Party-Cookies) as well as cookies from third parties whose services we use (Third-Party-Cookies) - are data stored in the browser. Such stored data are not limited to traditional cookies in text form.

Cookies can be temporarily stored in the browser as "Session Cookies" or for a specific period as so-called permanent cookies. "Session Cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies allow us, in particular, to recognize a browser on the next visit to our website and thereby, for example, to measure the reach of our website. Permanent cookies can also be used for online marketing.

Cookies can be fully or partially disabled and deleted in the browser settings at any time. Without cookies, our website may not be fully functional. We request - at least if and to the extent necessary - active explicit consent for the use of cookies.

For cookies used for performance and reach measurement or for advertising, a general objection ("Opt-out") is possible for numerous services via the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

8.2 Server Log Files

We may collect the following information for each access to our website, provided this is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the individual sub-page of our website accessed including the amount of data transferred, last webpage accessed in the same browser window (referrer).

We store such data, which may also include personal data, in server log files. This data is necessary to permanently, user-friendly, and reliably provide our website as well as to ensure data security, particularly the protection of personal data - even by third parties or with the help of third parties.

8.3 Pixel Counters

We may use pixel counters on our website. Pixel counters are also known as web beacons. Pixel counters - also from third parties whose services we use - are small, usually invisible images that are automatically retrieved when visiting our website. With pixel counters, the same information as in server log files can be collected.

9. Notifications and Announcements

We send notifications and announcements via email and other communication channels such as instant messaging or SMS.

9.1 Performance and Reach Measurement

Notifications and announcements may contain web links or pixel counters that capture whether an individual message has been opened and which web links were clicked on. Such web links and pixel counters can also capture the use of notifications and announcements in a personalized manner. We need this statistical capture of use for performance and reach measurement, to send notifications and announcements effectively and user-friendly, as well as securely and reliably, based on the needs and reading habits of the recipients.

9.2 Consent and Objection

You must generally give explicit consent for the use of your email address and your other contact addresses, unless use is permissible for other legal reasons. For any consent, we use the "Double Opt-in" procedure whenever possible, meaning you will receive an email with a web link that you must click to confirm, to prevent misuse by unauthorized third parties. We may log such consents including Internet Protocol (IP) address as well as date and time for evidential and security reasons.

You can generally object to receiving notifications and announcements such as newsletters at any time. With such an objection, you can simultaneously object to the statistical capture of use for performance and reach measurement. Exceptions are required notifications and announcements related to our activities and tasks.

10. Social Media

We are present on social media platforms and other online platforms to communicate with interested parties and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The general terms and conditions (GTC), terms of use, as well as privacy policies and other provisions of the individual operators of such platforms also apply. These provisions particularly inform about the rights of affected persons directly with respect to the respective platform, which includes, for example, the right to information.

For our Social Media presence on Facebook, including the so-called Page Insights, we are — to the extent that the General Data Protection Regulation (GDPR) applies — jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). The Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to effectively and user-friendly maintain our social media presence on Facebook.

Further information on the type, scope, and purpose of data processing, information on the rights of affected persons, as well as the contact details of Facebook and its data protection officer can be found in the Facebook Privacy Policy. We have concluded a so-called "Addendum for Controllers" with Facebook and have particularly agreed that Facebook is responsible for ensuring the rights of affected persons. Relevant information on Page Insights can be found on the page "Information on Page Insights" including "Information on Page Insights Data".

11. Services from Third Parties

We use services from specialized third parties to permanently, user-friendly, securely and reliably carry out our activities and operations. With such services, we can, among other things, embed functions and content into our website. For technical reasons, the services used at least temporarily collect the Internet Protocol (IP) addresses of users.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may aggregate, anonymize, or pseudonymize data related to our activities and operations. Examples include performance or usage data needed to provide the respective service.

We specifically use:

• Services from Google: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: "Principles of Data Protection and Security", Privacy Policy, "Google is committed to compliance with applicable data protection laws", "Guide to Privacy in Google Products", "How we use data from websites or apps that use our services", "Types of cookies used by Google", "Personalized Advertising".
• Services from Microsoft: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), United Kingdom and Switzerland; General information on data protection: "Privacy at Microsoft", "Privacy and Trust Center", Privacy Policy, Privacy Dashboard (Data and Privacy Settings).

11.1 Digital Infrastructure

We use services from specialized third parties to be able to utilize the necessary digital infrastructure in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.

We specifically use:

• Cloudflare: Content Delivery Network (CDN); Cloudflare Inc. (USA); Information on data protection: "Privacy", Privacy Policy, Cookie Policy.

11.2 Contact Options

We use services from selected providers to better communicate with third parties such as potential and existing customers.

We specifically use:

• bexio: Business software; bexio AG (Switzerland); Information on data protection: "Data Protection", Privacy Policy.

11.3 Audio and Video Conferences

We use specialized services for audio and video conferences to communicate online. With these services, we can hold virtual meetings or conduct online classes and webinars. Additional legal texts of the individual services, such as privacy policies and terms of use, apply to participation in audio and video conferences.

We recommend, depending on the situation, to mute the microphone by default when participating in audio or video conferences, and to blur the background or allow a virtual background to be displayed.

We specifically use:

• Microsoft Teams: Platform for audio and video conferences; Provider: Microsoft; Teams-specific information: "Privacy and Microsoft Teams".

11.4 Map Material

We use third-party services to embed maps into our website.

We specifically use:

• OpenStreetMap (OSM): Map service; Provider: OpenStreetMap Foundation (United Kingdom); Privacy information: Privacy Policy.

11.5 Digital Audio and Video Content

We use services from specialized third parties to enable direct playback of digital audio and video content, such as music or podcasts.

We specifically use:

• YouTube: Video platform; Provider: Google; YouTube-specific information: "Privacy and Security Center", "My Data on YouTube".

12. Success and Reach Measurement

We try to determine how our online offering is being used. In this context, we can, for example, measure the success and reach of our activities and the effectiveness of third-party links to our website. We may also test and compare how different parts or versions of our online offering are being used ("A/B Testing"). Based on the results of success and reach measurement, we can fix errors, strengthen popular content, or make improvements to our online offering.

For success and reach measurement, in most cases, the Internet Protocol (IP) addresses of individual users are stored. In this case, IP addresses are generally shortened ("IP masking") to adhere to the principle of data minimization.

During the success and reach measurement, cookies may be used and user profiles created. Any created user profiles generally include visited individual pages or viewed content on our website, information about screen size or browser window, and—at least approximately—the location. In principle, any user profiles are created pseudonymously and are not used to identify individual users. Specific third-party services where users are registered may attribute the use of our online offering to the user's account or profile on that service.

We specifically use:

• Google Analytics: Success and reach measurement; Provider: Google; Google Analytics-specific information: Measurement also across different browsers and devices (Cross-Device Tracking) as well as with pseudonymized Internet Protocol (IP) addresses, which are only exceptionally transmitted in full to Google in the USA, "Privacy", "Browser Add-on for Disabling Google Analytics".
• Google Tag Manager: Integration and management of other services for success and reach measurement as well as other services from Google and third parties; Provider: Google; Google Tag Manager-specific information: "Data collected by Google Tag Manager"; further privacy information can be found in the individual integrated and managed services.

13. Final Provisions

We have created this privacy policy using the Privacy Policy Generator from Datenschutzpartner.

We may update and supplement this privacy policy at any time. We will inform about such updates and supplements in an appropriate manner, particularly by publishing the current privacy policy on our website.