A. Controller and Responsibility
The responsible for the processing of personal data and therefore the controller in accordance with this data protection declaration is IFBC AG, Riedtlistrasse 19, 8006 Zürich, Switzerland (“IFBC”). The data protection officer at our company can be reached at the aforementioned postal address, by e-mail to firstname.lastname@example.org or by telephone at +41 43 255 14 55.
B. Personal data and terminology
Personal data is all information relating to a specific or identifiable (i.e., identified or identifiable) natural person such as name, address, telephone number, e-mail address, date of birth, etc. (“personal data”).
Processing means any operation with personal data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of data (“processing” or processed”).
Any natural or legal person, public authority, agency or other entity which processes personal data on behalf of the controller is a processor.
C. Collection of personal data
You or the persons concerned provide us with some of the personal data yourself by making it available to us, using our services or contacting us by e-mail or telephone. This includes, for example, name, contact data, date of birth, professional function, etc. We also process personal data that we receive from applicants for jobs. We may also collect personal data ourselves, e.g., if you or the company for which you work use our services, or we obtain data (e.g. information from media and Internet, credit information, your addresses and possibly interests and other socio-demographic data) from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, press, internet, media, social media). Furthermore, we may collect data from other companies, from authorities and other third parties (credit agencies, address dealers) or your personal surroundings, or if you use our website (see section I). We collect this data for the purposes laid down in section D, unless otherwise referred to.
If you have given us consent to process your personal data for specific purposes (for example, when you register to receive newsletters), we will collect your personal data within the scope set and based on this consent. We may also base the collecting and processing of personal data on other legal grounds, if at all necessary. These include the fulfillment of a contract, the implementation of pre-contractual measures or the protection of other legitimate interests (see section D).
D. Purposes of processing
We use personal data in particular to fulfill the purposes of our organization, to provide our services and to initiate and execute agreements with our customers and business partners, as well as to comply with our legal obligations. If you work for our customers or business partners, your personal data may also be affected in this function.
In addition, we also process personal data about you and other individuals, to the extent permitted and as we deem appropriate, for the following purposes:
- providing and developing our products, services and websites and other platforms, on which we are active;
- communication with third parties and processing of their inquiries (e.g., job applications, media inquiries);
- purpose of customer acquisition;
- credit or creditworthiness checks;
- advertising and marketing (including the organization of events);
- market and opinion research, media monitoring;
- assertion of legal claims and defense in connection with legal disputes and official proceedings;
- prevention and investigation of crime and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);
- guarantees of our operations, in particular IT, our websites, apps and other platforms.;
- purchase and sale of business units, companies or parts of companies and other transactions under company law and related transfer of personal data.
E. Duration of retention
F. Rights of the Data Subject
Consent given can be revoked at any time, without affecting the lawfulness of the data processing carried out already. In addition, depending on the circumstances and the applicable data protection law you may have the right to Information, correction, deletion, or restriction of the processing of your personal data, the right to object to the processing and the right to data portability. Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as the premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated. We are also entitled to make use of the statutory restrictions on your rights, for example if we are obliged to retain or process certain data, have an overriding interest in doing so, or require it for the assertion of claims.
In addition, every data subject has the right to enforce his or her claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC/EDÖB).
Regarding your rights as well as further questions, suggestions, and comments on the subject of data protection, please contact the person responsible for data protection at the contact data mentioned at the beginning (see section A).
We take appropriate measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. For this purpose, we use appropriate technical and organizational measures. However, we cannot guarantee the absolute security of the data.
Unless otherwise agreed, we do not accept any liability for breaches of these safety regulations unless they are intentional or due to gross negligence.
H. Data transfer
Within the scope of our business activities and the purposes mentioned in section D, we also disclose personal data to third parties, insofar as this is permissible and appears to us to be appropriate, either because they process data for us or because they use the data for their own purposes. This concerns in particular the following entities:
- service providers of us (e.g., banks, insurance companies), including order processors (such as IT providers or operators of data rooms);
- dealers, suppliers, subcontractors and other business partners;
- members or customers;
- domestic and foreign authorities, agencies or courts;
- the public, including website and social media visitors;
- industry organizations, associations, organizations and other bodies;
- other parties in possible or actual legal proceedings.
In this context, your personal data may be stored in Switzerland as well as in other countries in Europe and the United States where the service providers we use are located (such as Micro-soft). If personal Data is processed outside of Switzerland or the European Economic Area, we will take the steps required by applicable data protection law to ensure that your personal Data is treated as securely and safely as it is in Switzerland or within the European Economic Area, unless we can rely on an exception clause. An exception may apply in the case of legal proceedings abroad, but also in cases of prevailing public interests, if the performance of a contract requires such disclosure or if you have consented.
I. Data processing through use of the website
During your visit to the website, general information is automatically collected (e.g., date of your visit, time zone, type of web browser and its settings, version and language, your IP address, MAC address of the terminal device (e.g., computer or cell phone), the operating system used, content retrieved and the domain name of your internet service provider). We use this data for marketing and administrative purposes as well as to ensure the functionality of the website. This data is also necessary to correctly operate and optimize the content of the website, to ensure the long-term functionality of our IT systems and the website, and to provide law enforcement authorities with the information they need to prosecute in the event of a cyber-attack.
This website uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”.
The provider of this website automatically collects and stores information in so-called “server log files”, which your browser automatically transmits to us. In particular, the information listed at the beginning under section I is transmitted.
Cookies are small files that are stored on your terminal device when you use our website.
3.2 Essential and non-essential cookies
Essential cookies are files that are sent to the browser on your computer’s hard drive to ensure the functionality of the website and to enable us to provide you with certain features. They do not require the consent of the users of the website.
3.3 Session-cookies and persistent cookies
So-called “session cookies” are automatically deleted after the end of your visit. For example, we may use session cookies to store already completed online forms or language settings across different pages of an internet session. In addition, we also use persistent cookies. These remain stored on your terminal device after the end of the browser session until you delete them. When you visit our website again, it will then automatically recognize which inputs and settings you prefer. Depending on the type of cookie, these cookies remain stored for a defined period of time (e.g., two years) on your terminal device and are automatically deactivated after the programmed time has expired. They serve to make our website more user-friendly, more effective and more secure. Thanks to these cookies, you will, for example, be shown information on the page that is specifically tailored to your interests.
3.4 Activation, deactivation, and deletion of cookies
3.5 Cookies and personal data
With the cookies we use, no personal data is stored apart from IP addresses (which do not necessarily represent personal data even in complete form). The cookies we use are not assigned to a specific person. When a cookie is activated, it is assigned an identification number. However, personal data that we or third-party providers commissioned by us store from you (e.g., if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.
4. Integration of Google services
On our website we use the following services from Google: Maps, Fonts and Analytics. Google is based in Ireland. Google Ireland relies on Google LLC (based in the USA) as a sub-processor (both “Google”). Although we can assume that the data Google retrieves and stores when our website is used is not personal data, it is possible that Google may draw conclusions about the identity of visitors from this data in conjunction with data collected by Google itself for its own purposes and may link this data to the Google accounts of these persons. If you have registered with Google yourself, Google may also be able to recognize you. The processing of your personal data by Google then takes place under its responsibility in accordance with its data protection provisions. For further information on data protection (in particular the scope, nature and purpose of data processing), please refer to the relevant Google data protection statement.
When using Google Analytics, we can measure and evaluate the use of the website (not person related). For this purpose, permanent cookies are used, which Google itself sets. For Google Analytics, we have configured the service in a way that the IP addresses of visitors are shortened by Google in Europe before any forwarding to the USA and thus cannot be traced. We have switched off the “Data forwarding” and “Signals” settings. Google only tells us how our respective website is used (no information about you personally).
5. Links to other Websites
The website contains links to other websites. We have no influence on whether their operators comply with the applicable data protection provisions. We exclude any responsibility or liability for websites of third parties that can be accessed via the links.
6. Plugins and -Social-Media-presence
Our website contains social media plugins, among others, from LinkedIn, Vimeo or Instagram. These are usually embedded on the website as graphic files. We have configured these elements to be disabled by default. If you activate them (by clicking on them), the operators of the respective social networks are able to register that you are on our website and where and may use this information for their own purposes. Such processing of your personal data is then the responsibility of the respective operators in accordance with their data protection provisions. We do not receive any information about you from them.
For further information on data protection (in particular on the scope, type and purpose of data processing), please refer to the data protection statements of each plugin provider. In there you will also find further information on your rights and settings options for protecting your privacy.
By logging out of the pages of each plugin provider beforehand and deleting cookies that have been set (see section 3.4 above), you can prevent the third-party providers from collecting information about you during your visit.
We may operate online presences on social networks and other platforms operated by third parties. We receive data from you and the platforms when you get in contact with us via our online presence on the respective platforms (e.g., when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms (e.g., about your behavior and preferences). They also process this data for their own purposes under their own responsibility, in particular for branding purposes and to control their platforms (e.g., which content they provide to you).
Content published by you (e.g., comments) may be redistributed by us (e.g., in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or to you in accordance with the usage guidelines (e.g., inappropriate comments).
For further information on the processing of the platform operators, please refer to the data protection notices of the respective platforms. In there you will also find out in which countries they process your data, what rights you have to information, deletion or other data subject rights and how you can exercise these or obtain further information. We currently use the following platforms:
J. Final provisions