Security
Data protection
General information
Data protection is important to us and we only process your data in accordance with the statutory provisions. In this data protection declaration we explain how we collect or otherwise process personal data. Personal data is defined as all information relating to an identified or identifiable person.
Person responsible
Responsible for the data processing shown in this data protection declaration is:
SENATUS AG
Rorschacher Strasse 302
CH – 9016 St.Gallen
backoffice@senatus.ch
Phone: +41 44 442 12 00
If you have any data protection concerns, please contact us at the above address.
Data protection officer
You can reach our data protection officer in accordance with Art. 37 DSGVO at the following contact address:
General principles
Processing of personal data
First and foremost, we process personal data that we collect during the operation of our website or other applications or that we collect from our customers and other business partners in the course of our business relationship with them and other persons involved.
We primarily collect your personal data directly from you. We may also receive personal data about you from third parties. This data may include the following categories:
– Information from publicly available sources (e.g. media, internet).
– Information from public registers (e.g. commercial register, debt collection register, land register)
– Information in connection with official or judicial proceedings
– Information concerning your professional functions and activities
– Information about you in correspondence and meetings with third parties
– Creditworthiness information (insofar as we conduct personal business with you)
– Information about you given to us by people close to you so that we can conclude or process
contracts with you (e.g. references, your address for deliveries, powers of attorney, information
on compliance with legal requirements, information from banks, insurance companies, sales and
other contractual partners)
– Information from the media and the Internet about you (insofar as this is necessary in the specific
case, e.g. in the context of an application, press review, marketing, sales, etc.).
– Data in connection with the use of the website (e.g. IP address, MAC address of the smartphone
or computer, details of your device and settings, cookies, date and time of visit, pages and
content accessed, functions used, referring websites, location details)
Purposes and legal basis of data processing
We process your data only for specified purposes and only in legally permissible cases. You will find below the individual data processing operations on our website, with the purposes and legal bases for data processing.
The following are possible legal grounds:
– Your consent;
– The execution of a contract or pre-contractual measures;
– The fulfilment of legal requirements;
– Our legitimate interests, provided your interests or fundamental rights are not overridden;
– To safeguard vital interests of you or another person or to perform a task in the public interest;
– Other relevant statutory legal grounds.
You will find a reference to the legal bases in the respective processing operations.
If you have given us consent to process your personal data for specific purposes, we will process your data within the scope of this consent unless we have another legal basis. You can revoke your consent at any time. Data processing that has already taken place is not affected by this.
Data transfer
In the course of providing our services and making our website available, we may be dependent on the services of third parties. In this context, it may happen that we commission third parties to process your personal data. In this case, we contractually ensure that these third parties comply with the requirements of data protection. We may also be obliged to disclose your data to authorities or other third parties.
We only pass on your personal data if one of the following conditions is met:
– Your consent has been given;
– there is a legal obligation;
– if this is necessary to enforce our rights, in particular to enforce claims arising from the
contractual relationship;
– if this is necessary for the fulfilment of the contract or the implementation of pre-contractual
measures;
– if we have a legitimate interest in doing so and your interests to the contrary do not outweigh
ours;
– if another legal permission exists.
Under certain circumstances, your personal data may also be transferred to companies abroad within the scope of commissioned processing. These companies are obligated to data protection to the same extent as we ourselves are. If the level of data protection in the country in which data is transferred does not correspond to that in Switzerland or the European Union, we contractually ensure that the same level of protection is guaranteed as in Switzerland or the European Union. This can be done through standard data protection clauses of the European Commission or a supervisory authority or approved and authorised codes of conduct together with binding and enforceable obligations of the recipient or approved certification mechanisms together with binding and enforceable obligations of the recipient.
If there is a transfer of data to a company in the USA, we ensure that this company is certified in accordance with the Swiss or EU-US Privacy Shield Agreement, thus ensuring that the level of data protection in the EU is complied with. In the absence of certification, we obtain the necessary guarantees by contract.
Retention period
We only store personal data for as long as is necessary to fulfil the individual purposes for which the data was collected. We store contractual data for longer, as we are obliged to do so by legal regulations. Such retention obligations result from regulations on registration law, on accounting and from tax law. According to these regulations, business communication, concluded contracts and accounting vouchers must be stored for up to 10 years. If we no longer need such data from you for the performance of services, the data will be blocked. In this case, we will only use the data for accounting and tax purposes.
Data security
We take data security very seriously and use appropriate technical and organisational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction or against unauthorised access by third parties. We continuously improve our security measures in line with technological developments.
Within our website, we use the SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the lock symbol in the status bar of your browser.
Obligation to provide certain personal data
You may be required to provide us with certain personal information in order to do business with us. This includes personal data that is necessary for the establishment and performance of a business relationship and the fulfilment of the corresponding contractual obligations. Without such data, we will not normally be able to enter into a contract with you (or the entity or person you represent).
The website also cannot normally be used if certain traffic security details (such as IP address) are not disclosed.
Profiling
In some cases, your personal data is processed automatically in order to evaluate certain personal aspects (so-called profiling). Profiling is used by us in particular to be able to inform and advise you in a targeted manner about certain services or products of ours. For this purpose, we use evaluation tools, thanks to which we can communicate in a needs-based manner and take appropriate advertising measures, including market and opinion research.
Your rights
You have the right to obtain information from us about what personal data is stored about you. In addition, you can request the correction of incorrect data or the deletion of personal data, provided that there are no legal obligations to retain data or a legal permissible circumstance that allows processing. Furthermore, you may, under certain circumstances, have the processing of your personal data restricted or object to it. You also have the right to demand that we return the data you have provided to us (right to data portability). You have the right to receive the data in a common file format. We have already informed you about the possibility of revoking your consent at the beginning and in the corresponding data processing procedures.
Please note that the exercise of your rights may be subject to legal restrictions. We reserve the right to assert these, e.g. if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require them for the assertion of claims. Please note that the exercise of your rights may, under certain circumstances, conflict with contractual agreements and may have corresponding effects on the performance of the contract (e.g. premature termination of the contract or cost consequences). Where this is not already contractually regulated, we will inform you in advance.
The exercise of your rights requires that you prove your identity (e.g. by means of a copy of your identity card if your identity cannot be established in any other way). If you incur costs, we will inform you in advance.
If you are affected by the processing of personal data, you have the right to enforce your rights in court or to file a complaint with the competent supervisory authority.
Changes
We are entitled to amend this privacy policy at any time without prior notice. The current version published on our website applies.
Provision of the website and creation of log files
When you access our website, the provider of the pages automatically collects and stores information in so-called server log files, which your browser transmits to us. These are:
– Server name
– IP address
– Operating system
– Device type
– Browser name and version
– Date and time of server request
This data cannot be assigned to a specific person and there is no consolidation of this data with other data sources. The log files are stored in order to guarantee the functionality of the website and to ensure the security of our information technology systems. This is our legitimate interest according to Art. 6 Para. 1 lit. f DSGVO.
The data is only stored for as long as is necessary to achieve the purpose for which it was collected. Accordingly, the data is deleted after the end of each session. The storage of the log files is absolutely necessary for the operation of the website, you therefore have no possibility to object to this.
Use of cookies
Our website uses cookies. Cookies are text files that are stored on the operating system of your device with the help of your browser when you visit our website. Cookies do not harm your computer and do not contain viruses.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit. This allows us to save certain settings (such as language settings or location information) so that you do not have to re-enter them when you return to the website.
We use cookies to make our website more user-friendly, effective and secure. The use of cookies and the processing of your data in this regard is based on the legal basis of our legitimate interests in the aforementioned purposes pursuant to Art. 6 (1) lit. f DSGVO.
Right of objection
The cookies are stored on your computer. You therefore have full control over the use of the cookies. You can delete them completely or deactivate or restrict their transmission by changing the settings in your browser. If you deactivate cookies for our website, it may no longer be possible to use all the functions of the website to their full extent.
Use of Google Analytics
Our website uses Google Analytics, a service provided by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google uses cookies, which are stored on your device and enable an analysis of the website by you. The information generated by the cookie about your use of the website, such as browser type, operating system used, referrer URL (the page previously visited), IP address and time of server request will be transmitted to and stored by Google on servers in the United States. The IP address transmitted by your browser in this context will not be merged with other Google data. We have also added the code “anonymizeIP” to Google Analytics on this website. This ensures that all data is collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. The Privacy Shield agreement applies to the USA. Google is certified in accordance with this agreement.
In the case of Google Analytics, Google uses the data on our behalf to evaluate your use of the website, to compile reports on website activities and to provide us with other services related to website and internet use. Google Analytics is used on the legal basis of our legitimate interests in analysing customer behaviour on our website, which enables us to improve our services, and is based on Art. 6 (1) lit. f DSGVO.
Right of objection
You can prevent the storage of cookies by adjusting the settings in your browser accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also deactivate Google Analytics by downloading and installing the browser add-on at http://tools.google.com/dlpage/gaoptout?hl=de.
More information on the handling of user data by Google Analytics can be found in Google’s privacy policy at https://support.google.com/analytics/answer/6004245?hl=de.
We use Google Analytics with the functions of Universal Analytics on our website. This allows us to analyse the activities of our website across devices (e.g. if access is made by laptop and later by smartphone). This is made possible by a pseudonymous assignment of a user ID to a user. This happens, for example, when you register for a customer account or log in to your customer account. No personal data is forwarded to Google. The additional functions of Universal Analytics do not restrict the previously mentioned data protection measures such as anonymising the IP address or the possibility of objecting to the use of Google Analytics.
The data collected as part of Google Analytics is stored for as long as is necessary for the analysis of the website. After a period of 50 months at the latest, the data is automatically deleted.
Use of Hotjar
We use Hotjar on our website, an analytics software provided by Hotjar Ltd. (“Hotjar”) (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). Hotjar allows us to measure and analyse usage behaviour on our website in the form of clicks, mouse movements, scrolling heights, etc.
The following information is collected by Hotjar:
– The IP address of your device (collected and stored in an anonymised format).
– Your email address, including your first and last name, if you have provided it to us via our
website
– Screen size of your device
– Device type and browser information
– Geographical location (country only)
– The preferred language to display our website
In addition, the following data is logged on our server when Hotjar is used:
– Referencing domain
– Visited pages
– Geographical location (country only)
– The preferred language to display our website
– Date and time of access to the website
The information generated by the “tracking code” and the “cookie” is transmitted to and stored on Hotjar servers in Ireland.
Hotjar uses this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. Hotjar also uses third-party services, such as Google Analytics and Optimizely, to provide its services. These third parties may store information that your browser sends as part of the website visit, such as cookies or IP requests. For more information on how Google Analytics and Optimizely store and use data, please refer to their respective privacy statements.
The use of Hotjar is based on the legal basis of our legitimate interests in analyzing customer behavior on our website, which enables us to improve our services and is based on Art. 6 (1) lit. f DSGVO.
The cookies that Hotjar uses have different storage periods. Some remain stored for up to 365 days, some only remain valid during the current visit.
Right to object
You can prevent the collection of data by Hotjar by clicking on the following link and following the instructions there: https://www.hotjar.com/opt-out.
Use of Facebook Pixel
Our website uses the visitor action pixel from Facebook, Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) to measure conversions.
This allows the behaviour of site visitors to be tracked after they have been redirected to our website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.
The data collected is anonymous for us as the operator of this website. We cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy. This enables Facebook to display advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.
You can find further information on protecting your privacy in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.Sie can also deactivate the “Custom Audiences” remarketing function in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook. To do this, you must be logged in to Facebook.
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
Use of Google Remarketing
Our website uses the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. For this purpose, we work with Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for this purpose. With this function, the advertising target groups created with Google Analytics Remarketing can be linked with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC). A link between your web and app browsing history and your Google account is only made for this purpose if you have given the corresponding consent.
To support this feature, Google Analytics collects Google-authenticated IDs of users, which are temporarily linked to our Google Analytics data. This allows us to define and create target groups for cross-device ad advertising.
The aggregation of the collected data in your Google account is based on the legal basis of your consent, which you can give or revoke at Google, and is therefore based on Art. 6 (1) lit. a DSGVO. In the case of data collection processes that are not aggregated in your Google account (e.g. because you do not have a Google account or have objected to the aggregation), the collection of data is based on our legitimate interest in anonymised analysis of user behaviour and the display of user-related advertising and is based on Art. 6 (1) lit. f DSGVO.
Right of objection
You can prevent the storage of cookies by adjusting the settings in your browser accordingly. In addition, you can object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account under the following link (https://www.google.com/settings/ads/onweb/).
Further information and the data protection provisions can be found in Google’s data protection declaration at https://www.google.com/policies/technologies/ads/.
Circulars
Via our website you have the possibility to register for a free newsletter. With the newsletter you will receive information about news, events and offers. When you register for the newsletter, the data you enter in the input mask, such as your e-mail address, is transmitted to us and stored.
Registration for our newsletter only takes place after you have received an e-mail in which you confirm your e-mail address by clicking on the link. In this way, we ensure that no one can register with a foreign e-mail address.
Your e-mail address is collected for the purpose of sending the newsletter. Any additional personal data is used to prevent misuse of the services or the e-mail address used. By sending the newsletter registration, you give your consent to the data processing within the scope of the newsletter dispatch. You agree that a newsletter may be sent regularly to the specified e-mail address and that, if necessary, the usage behavior may be statistically evaluated to optimize the newsletter. The legal basis is therefore your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. We are entitled to pass on your data to third parties for the purpose of the technical processing of the newsletter.
The data that you have provided to us in connection with your subscription to the newsletter will be stored for the duration for which you are subscribed to the newsletter. If you unsubscribe from our newsletter, your data will continue to be stored for as long as is necessary for the registration of your subscription.
Right of objection
You can revoke your consent to receive the newsletter at any time with effect for the future and unsubscribe via the link in the newsletter. This will prevent you from receiving further newsletter emails.
Contact
Contact form
On our website you can contact us via an electronic contact form. The data you enter in the input mask, such as name, e-mail address, etc., will be transmitted to us and stored.
The data you provide is used solely for the purpose of dealing with your enquiry. The legal basis for this is the implementation of pre-contractual measures in accordance with Art. 6 Para. 1 lit. b DSGVO as well as our legitimate interests in dealing with the enquiry in accordance with Art. 6 Para. 1 lit. f DSGVO.
We only store your data for as long as is necessary to deal with your enquiry or for as long as we are obliged to do so by law.
You have the possibility to contact us by e-mail. If you contact us by e-mail, the following data will be processed:
– E-mail address
– Content of your e-mail
– Subject of your e-mail
– Date
– Contact details provided by you (e.g. name, surname, telephone number, address, if applicable).
Your details will be stored by us for the purpose of processing your enquiry and in case of follow-up questions. The legal basis is pre-contractual measures according to Art. 6 para. 1 lit. b DSGVO or our legitimate interests in the completion of the enquiry according to Art. 6 para. 1 lit. f DSGVO.
We only store your data as long as this is necessary to complete your enquiry or as long as we are obliged to do so by law.
We would like to point out that e-mails can be read or changed unauthorised and unnoticed on the transmission path. The spam filter can reject e-mails if they have been identified as spam by certain characteristics.
You have the option of registering on our website and creating a login. In this case, we collect the data provided by you in the input mask, such as name, e-mail address, etc., and store this data. The purpose of registering for the login area is to provide you with password-protected direct access to your basic data stored with us. In addition, you can access our services in the login area and use the corresponding functions (e.g. viewing your orders or managing your personal data).
The legal basis for the use of your data within the scope of the login is your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. Data processing carried out until your revocation is not affected by the revocation.
We are entitled to inform you about news, offers or events. The legal basis for this is our legitimate interests according to Art. 6 para. 1 lit. f DSGVO. You can object to receiving such information at any time with effect for the future.
Google Web Fonts
We use so-called web fonts on our website for the uniform display of fonts, which are provided by Google (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). When you call up one of our pages, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using establishes a connection to Google’s servers. This enables Google to know that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This is our legitimate interest, which serves as the legal basis for data processing in accordance with Art. 6 (1) f DSGVO. The Privacy Shield agreement applies to the transfer of data to the USA.
If your browser does not support web fonts, a standard font from your computer will be used.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.
Google Maps
Our website uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Your IP address is stored for the purpose of using the Google Maps functions. This is usually transmitted to a Google server in the USA. We have no influence on this data transmission.
Google Maps is used in the interest of an attractive presentation of our online offers and to make it easy to find the places we indicate on the website. This is also our legitimate interests according to Art. 6 para. 1 lit. f DSGVO, which serve as the legal basis for data processing. The Privacy Shield agreement applies to data transfers to the USA.
More information on the handling of user data can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.