Data Protection Statement
Thank you very much for your interest in our company. Data protection is of particular importance to the management of OrSuisse AG. Generally, the use of the Internet pages of OrSuisse AG is possible without any disclosure of personal data. However, if a person involved (hereafter referred to as data subject) wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, it is our standard practice to obtain the consent of the data subject.
The processing of personal data, for example the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the applicable national and international data protection legislation, in particular the Federal Act on Data Protection (Bundesgesetz über den Datenschutz) DSG and the General Data Protection Regulation of the EU GDPR. By means of this Data Protection Statement, our company aims to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this Data Protection Statement informs the data subjects about their due rights.
As the data controller, OrSuisse AG has implemented numerous technical and organisational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle be subject to security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to communicate personal data to us by alternative means, such as telephone.
Among others, we shall use the following terms in this data protection declaration:
a) Personal Data ‘Personal data’ means any information relating to an identified or identifiable natural person (hereafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
b) Data Subject
‘Data subject’ means any identified or identifiable natural or legal person whose personal data are processed by the controller.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, query, use, disclosure by transmission, circulation or otherwise making available, alignment or combination, restriction, erasure or destruction;
d) Restriction of Processing
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
g) Controller or Controller of Processing
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients;
j) Third Party
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
2. The Name and Address of the Controller
The controller, as according to data protection legislation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature, is:
OrSuisse AG, Rathausplatz 7, 6460 Altdorf UR, Schweiz
Tel.: +41 (0)41 511 53 88, Fax: +41 (0)41 511 71 27
E-Mail: firstname.lastname@example.org, Website: www.orsuisse.ch
The data subject can at any time bar cookies coming from our website by means of an appropriate setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
4. Scope, purpose, etc. of data processing
a) Collection of general data and information on the website in particular
The website of OrSuisse AG collects a series of general data and information each time it is accessed by a data subject or by an automated system. These general data and information are stored in the log files of the server. The following can be recorded: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system is directed to our website (so-called referrer), (4) the sub-sites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that will serve to avert dangers in the event of attacks on our information technology systems.
When using this general data and information, the company does not draw any conclusions about the data subject. This information is in fact needed to (1) correctly deliver the content of our website, (2) optimize the content and advertising of our website, (3) ensure the enduring functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. These anonymously collected data and information are therefore evaluated by OrSuisse AG both statistically and with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by the data subject.
b) Scope of Data Processing within the Context of Order Placement
When the order is placed, OrSuisse AG records customer data, either as part of a contract initiation in direct contact or online. These are in particular:
– personal details (name, place of residence, etc.)
– copy of identity card or excerpt from commercial register
– payment information
c) Purpose of Data Processing
The data collected by OrSuisse AG will only be used for the purpose of comprehensive customer service and the specific fulfillment of contracts, in particular
– contract processing and support;
– product improvement;
– quality management;
– technical support;
– IT Development;
– establishing contact with customers within the context of order processing.
In addition, the company is entitled to also use the data for information purposes about other products.
d) Transfer of Data to Third Parties, to Third Parties Abroad
OrSuisse AG may share information with third parties that provide services to OrSuisse AG, such as website support and improvement, website promotion, payment processing and/or order fulfillment, data systems, backup, contacting customers etc. These service providers will only have access to the information necessary to carry out these limited functions on the part of OrSuisse AG and required in order to protect and secure the information.
OrSuisse AG is also entitled to transfer personal data to third companies (contracted service providers) abroad in case this is advisable for the data processing described in this data protection statement. An transmission is currently being made to the European Union, Great Britain, and California, USA. These third companies are obliged to protect data to the same extent as OrSuisse AG itself. If the level of data protection in a country does not correspond to the Swiss or EU standard, OrSuisse AG will contractually ensure that the protection of personal data corresponds to that in Switzerland or the EU standard at all times. This will be ensured by one or more of the following measures:
– by establishment of EU Model Clauses with the contracted service providers, cf. https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts- transfer-personal-data-third-countries_de;
– by ensuring that the commissioned service providers are Swiss-US or EU-US Privacy Shield certified (if the data recipient is based in the USA or stores the data there), cf. https://www.privacyshield.gov/;
– by the implementation of Binding Corporate Rules (BCR), recognised by a European data protection authority, by the contracted service providers, cf. https://ec.europa.eu/info/law/law- topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_en.
e) Payment method: Data protection regulations applicable when choosing Bitcoin Suisse AG as a payment method
The person responsible for data processing has integrated Bitcoin Suisse AG components on this website for the provision of payment options. Bitcoin Suisse AG is a Swiss financial service provider specialising in crypto assets based in Zug, Switzerland.
The operating company is Bitcoin Suisse AG, Grafenauweg 12, 6300 Zug, Switzerland.
When paying via Bitcoin Suisse AG, the data of the person involved is automatically transmitted to Bitcoin Suisse AG. By selecting this payment option, the person involved agrees to the transfer of any personal data required to process the invoice amount.
The personal data transmitted to Bitcoin Suisse AG is usually the invoice and client reference number as well as any other data necessary to process an invoice. Personal data related to the respective client order is also required to process the invoice.
The primary aims of such transmission of data are: to verify the identity of the person involved, to facilitate payment administration, and to prevent fraud. In particular, the person responsible for data processing will transmit personal data to Bitcoin Suisse AG only when there is a legitimate interest in such transmission.
The applicable data protection regulations for Bitcoin Suisse AG can be found at https://files.bitcoinsuisse.com/assets/pdf/20210609_Data%20Protection%20Policy%20-%20BTCS_EN.pdf.
f) Data protection regulations and use of a Compliance Check Tool
To fulfil the legal obligation demanded within the framework of compliance clarifications, the person responsible for data processing uses the services of Refinitiv Limited, Five Canada Square, Canary Wharf, London E14 5AQ, United Kingdom. Relevant data for the person involved is transmitted for the purpose of carrying out a compliance check. The information required includes the client’s personal data, such as name, date and place of birth, nationality, country of residence and gender. Further information can be found at https://www.refinitiv.com/en/policies/privacy-statement.
5. Contact Option via Website
Due to legal requirements, the OrSuisse AG website contains information that enables immediate electronic contact with our company and direct communication with us, which also includes a general address for so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted voluntarily by a data subject to the data controller will be stored for the purposes of processing or contacting the data subject. These personal data will not be passed on to third parties.
6. Routine Deletion and Blocking of Personal Data
The controller shall process and store the personal data of the data subject only for the period of time necessary to achieve the storage purpose or where provided for by the European directive and regulatory authority or another legislator in laws or regulations to which the controller is subject.
If the storage purpose no longer applies or if a storage period required by the European Directive and Regulation Body or another appropriate legislator expires, the personal data shall be blocked or deleted routinely and in accordance with the legal provisions.
7. Rights of the Data Subject
a) Right to confirmation
Any data subject shall have the right to obtain confirmation from the controller as to whether personal data relating to him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may at any time contact a member of staff of the controller.
b) Right to Information
Granted by the European directive and regulatory authority, any data subject concerned by the processing of personal data has the right to obtain from the controller, at any time and free of charge, information on the storage of personal data relating to him or her, as well as a copy of that information. The data subject shall have access, inter alia, to the following information:
– the purposes of processing;
– the categories of personal data processed;
– the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
– where possible, the expected period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
– the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
– where the personal data are not collected from the data subject, any available information as to their source;
– the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Furthermore, the data subject has the right to know whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right of information, he or she may at any time contact an employee of the controller for this purpose.
c) Right to Rectification
Every data subject concerned by the processing shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right of rectification, he or she may at any time contact a member of staff of the controller.
d) Right to Erasure (Right to be Forgotten)
Every data subject concerned by the processing shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and insofar the processing is not requisite:
– the personal data were collected or otherwise processed in relation to purposes for which they are no longer necessary;
– the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
– the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
– the personal data have been unlawfully processed;
– the personal data have to be erased for compliance with a legal obligation according to applicable law (e.g. Union or Member State law) to which the controller is subject.
If one of the above reasons applies and a data subject wishes to have personal data stored at OrSuisse AG deleted, he or she can contact an employee of the data controller at any time. The employee of OrSuisse AG shall ensure that the request for deletion is complied with immediately.
If OrSuisse AG has made the personal data public and is, as controller, obliged to erase the personal data, OrSuisse AG, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, insofar as processing is not required. The employee of OrSuisse AG will take the necessary steps in the individual case.
The data subject must be aware that even after a request to block or delete his personal data these must be retained in part within the framework of legal or contractual obligation for retention (e.g. for accounting purposes, compliance, money laundering legislation, etc.). Furthermore, the deletion of data may result in certain services, products, etc. no longer being able to be purchased or used from OrSuisse AG.
e) Right to Restriction of Processing
Any data subject concerned by the processing of personal data shall have the right to obtain from the controller restriction of processing where one of the following applies:
– the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
– the processing is unlawful, the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
– the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
– the data subject has objected to the processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the above conditions applies and a data subject wishes to request the restriction of personal data stored at OrSuisse AG, he or she can contact an employee of the data controller at any time. The employee of OrSuisse AG will arrange for the processing to be restricted.
f) Right to Data Portability
Any data subject concerned by the processing of personal data shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. Furthermore, the data subject shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, where processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided the rights and freedoms of others will not be adversely affected.
In order to assert the right to data transferability, the person concerned may contact an employee of OrSuisse AG at any time.
g) Right to Object
Any data subject concerned by the processing of personal data shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on:
– the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
– safeguarding the legitimate interests of the data controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.
This also applies to profiling based on these provisions.
OrSuisse AG will no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where OrSuisse AG processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This will include profiling to the extent that it is related to such direct marketing. If the data subject objects to OrSuisse AG processing data for the purposes of direct marketing, OrSuisse AG will no longer process the personal data for these purposes.
Moreover, where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, the data subject may directly contact any employee of OrSuisse AG or another employee.
h) Automated Individual Decision-Making, including Profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision is not (1) necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is based on the data subject’s explicit consent, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to exercise rights in relation to automated decisions, he or she may at any time do so by contacting an employee of the controller.
i) Right to revoke consent according to data protection law
Any data subject concerned by the processing of personal data has the right to revoke consent to the processing of personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may at any time do so by contacting an employee of the controller.
8. Data protection for job applications and in the application process
The data controller collects and processes the personal data of applicants for the purpose of handling the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents electronically to the data controller, for example by e-mail or via a web form on the website. If the data controller enters into an employment contract with an applicant, the data transmitted will be stored for the purpose of fulfilling the employment relationship in compliance with the statutory provisions. If the data controller does not enter into an employment contract with the applicant, the application documents shall be automatically deleted two months after notification of the rejection decision, provided that there are no other legitimate interests of the data controller which would prevent such deletion.
The controller has integrated Facebook components on this website. Facebook is a social network.
A social network is an Internet-based social meeting place, an online community that usually enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the Internet community to provide personal or company-related information. For instance, Facebook enables users of the social network to create private profiles, upload photos and network via friendship requests.
The operating company of Facebook is Facebook, Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. The data controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland if a data subject lives outside the USA or Canada.. On every access of one of the individual pages of this website, which is operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject will be automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_DE. As part of this technical process, Facebook will obtain information about which specific subpage of our website is visited by the data subject.
If the data subject is logged into Facebook at the same time, Facebook will recognize which specific subpage of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of the data subject’s stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks one of the Facebook buttons integrated on our website, for example the “Like” button, or if the data subject submits a comment, Facebook will assign this information to the personal Facebook user account of the data subject and save this personal data.
Facebook will receive information through the Facebook component that the data subject has visited our website whenever the data subject is logged in to Facebook at the same time as accessing our website, regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transferred to Facebook in this way, he or she can prevent the transfer by logging out of his or her Facebook account before accessing our website.
Facebook’s published data policy, which is available at https://www.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which settings Facebook offers to protect the privacy of the data subject. In addition, different applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.
The data controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the gathering, accumulation and evaluation of data on the behavior of visitors to websites. A web analysis service collects data on, among other things, from which website a data subject came to a website (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and to analyse the costs and benefits of Internet advertising.
Operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition “_gat._anonymizeIp” for the web analysis via Google Analytics. This addition is used by Google to shorten and anonymise the IP address of the Internet connection of the data subject if access to our Internet pages is gained from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services in connection with the use of our website.
Google Analytics places a cookie on the information technology system of the data subject. What cookies are has already been explained above. Placing the cookie enables Google to analyze the use of our website. Each time you access one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission statements to be prepared.
The cookie is used to store personal information, such as the access time, the location from which an access originated and the frequency of visits to our website by the data subject. Each time the data subject visits our website, this personal data, including the IP address of the Internet connection used, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through this technical process to third parties.
The controller has integrated components by YouTube on this website. YouTube is an Internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them, all of the aforementioned free of charge. YouTube permits the publication of all kinds of videos, which is why complete film and television programs, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
On every access of any individual page of this website, which is operated by the controller and in which a YouTube component (YouTube video) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be obtained at www.youtube.com/intl/en/yt/about/. As part of this technical process, YouTube and Google will gain knowledge of which specific subpage of our website is visited by the data subject.
If the data subject is logged in to YouTube at the same time, YouTube will recognize which specific subpage of our website the data subject is visiting when accessing a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website whenever the data subject is logged into YouTube at the same time as accessing our website, regardless of whether the data subject clicks on a YouTube video or not. If such transmission of this information to YouTube and Google is not desired by the data subject, the data subject may prevent the transmission by logging out of his or her YouTube account before accessing our website.
The data protection regulations published by YouTube, which are available at www.google.de/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
d. Data protection provisions about the application and use of Facebook pixels
The person responsible for this processing has integrated the “Facebook pixel” component from Facebook Inc. (“Facebook”) on this website. This allows the user to be shown interest-related advertisements (“Facebook Ads”) when visiting the website, the social network Facebook, and other websites which also use this procedure. This Facebook pixel enables the user’s browser to automatically establish a direct connection with the Facebook server. The person responsible for processing cannot influence the scope and further use of the data collected by Facebook via the use of this tool and therefore provides information based on current understandings about this process: By integrating the Facebook pixel, Facebook gathers information that a user has clicked on an advertisement or contacted a corresponding link to this website. If the user concerned is registered with a Facebook service, Facebook can assign such visits to their account. Even if the user concerned is not registered with Facebook, or has not logged in, it is possible that provider may still discover and save the IP address and other identifying features.
By using Facebook pixels, the person responsible for processing is pursuing the purpose of only displaying ads placed by Facebook to Facebook users who have also shown an interest in a current Internet offer. With the help of Facebook pixels, the person responsible for processing intends to ensure Facebook ads correspond to the potential interests of the user and are not irritating. Furthermore, the person responsible for processing can also use Facebook pixels for statistical purposes to understand the effectiveness of Facebook ads, which reveal whether or not users have been redirected after clicking on a Facebook ad on this website. The legal basis for this use of Facebook pixels is Article 6 (1) (f) GDPR.
When visiting this website for the first time, the user consents to the use of Facebook pixels (opt-in). If users wish to revoke this consent, they can simply delete the cookie in their browser. If the website is re-visited or reloaded, users will once again be asked to confirm their consent to cookies.
Further information can be found at http://www.facebook.com/policy.php; http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.
e. Data protection provisions about the application and use of LinkedIn Insight
The person responsible for processing has implemented the LinkedIn Insight Conversion Tool component from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, on this website. This makes it possible to obtain information about the use of this website and to present the user with advertising content tailored to their interests as revealed on other websites. For this purpose, a cookie valid for 120 days is set in the user’s browser, which enables LinkedIn to recognize that user when they visit a website. LinkedIn uses this data to compile anonymous reports for the data controller about advertising activity and information about how the user interacts with this website.
The LinkedIn Insight Conversion Tool and interest-based advertising can be deactivated by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
If the user is a LinkedIn member, click on the “Reject on LinkedIn” field. Other visitors should click on “Reject”.
Further information on data protection at LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy#choices-oblig
When visiting this website for the first time, the user consents to tracking via the LinkedIn Insight Tag (opt-in). If users wish to revoke this consent, they can simply delete the cookie in their browser. If the website is re-visited or reloaded, users will once again be asked to confirm their consent to cookies.
f. Data protection provisions about the application and use of POLYLANG
The operator has integrated the Polylang component to support the multilingual use of this website. Polylang is a product of WP SYNTEX, 28, rue Jean Sebastien Bach, 38090 Villefontaine, France. Polylang cookies are only set to recognise and record the language used or selected by the user. These cookies are stored for one year and then deleted. Further information can be found at https://polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law/.
g. Data protection provisions about the application and use of Borlabs
The person responsible for processing has integrated the Borlabs cookie component on this website. This sets a technically necessary cookie (borlabs-cookie) to store the user’s cookie preferences. Borlabs Cookie does not collect any personal data.
The borlabs cookie stores the user’s consent given when they first visited the website. If users wish to revoke such consents, they should simply delete the cookie from their browser. If the website is re-visited or reloaded, users will once again be asked to confirm their consent to cookies.
h. Data protection provisions for the application and use of Google Tag Manager
The processing controller has integrated the “Google Tag Manager” component from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland on this website. Google Tag Manager is a solution with which the controller can manage so-called website tags via an interface and thus, for example, integrate Google Analytics and other Google marketing services into the online offer. The Tag Manager itself, which implements the tags, does not process any personal data of the data subject. Further information, in particular with regard to the processing of the personal data of the data subject, can be found at https://www.google.com/intl/de/tagmanager/use-policy.html.
The data subject consents to the use of the Google Tag Manager when entering the website for the first time (opt-in). If the data subject would like to revoke this consent, they can simply delete the cookie in their browser. If the website is re-entered/reloaded, the data subject will be asked again for their cookie consent.
10. Legal Basis of Processing
Art. 13 para. 1 DSG and Art. 6 para. 1 lit. a GDPR serve our company as a legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 13 para. 2 lit. a DSG or Art. 6 para. 1 lit. b GDPR. The same applies to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 13 para. 1 DSG (law) or Art. 6 para. 1 lit. c GDPR. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This would apply, for example, if a visitor to our business was injured and his name, age, health insurance data or other vital information would have to be forwarded to a doctor, hospital or other third party. In this case the processing would be based on Art. 6 para. 1 lit. d GDPR. Ultimately, processing operations could be based on Art. 6 para. 1 lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are founded on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject are not overriding. If the processing of personal data is based on Article 6 para. 1 lit. f GDPR, our legitimate interest is the performance of our business activities for the benefit of all our employees and shareholders.
11. Period for which the Personal Data will be Stored
We will only store your data for as long as is legally necessary or appropriate to the purpose for which it is processed. In the case of analyses, we store your data until the analysis has been completed. If we store data on the basis of a contractual relationship with you, this data remains stored for at least as long as the contractual relationship exists and as long as limitation periods for possible claims on our part or legal or contractual storage obligations exist.
12. Statutory or Contractual Requirements for the Provision of Personal Data; Obligation of the Data Subject to Provide the Personal Data; Possible Consequences of Failure to Provide Such Data
We hereby inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner). Sometimes the conclusion of a contract may require a data subject to provide personal data which subsequently have to be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide personal data would mean that the contract could not be concluded with the data subject. Before providing personal data, the data subject must contact one of our employees. Our employee will inform the data subject individually whether the provision of the personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.
13. Existence of Automated Decision-Making
As a responsible company, we refrain from automatic decision-making or profiling.
14. Data security
OrSuisse AG shall protect the data in accordance with the legal requirements and shall take appropriate technical and organizational measures to protect, in particular, access to, transport, storage and input of data. Security measures are continuously adapted and improved in line with technological developments.
15. Currentness of and Amendments to Data Protection Statement
Due to the further development of our website, of our products or to the implementation of new technologies, it may be necessary to change this Data Protection Statement. The current Data Protection Statement can be viewed and printed on our website at any time.
The original data protection statement is in the German language. The translated versions only serve for better comprehensibility. In the event of any dispute, the German text shall prevail.
As of December 1, 2020