Data Protection Statement

Thank you very much for your interest in our company. Data protection is of particular importance to the management of OrSuisse AG. Generally, the use of the Internet pages of OrSuisse AG is possible without any disclosure of personal data. However, if a person involved (hereafter referred to as data subject) wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, it is our standard practice to obtain the consent of the data subject.

The processing of personal data, for example the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the applicable national and international data protection legislation, in particular the Federal Act on Data Protection (Bundesgesetz über den Datenschutz) DSG and the General Data Protection Regulation of the EU GDPR. By means of this Data Protection Statement, our company aims to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this Data Protection Statement informs the data subjects about their due rights.

As the data controller, OrSuisse AG has implemented numerous technical and organisational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle be subject to security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to communicate personal data to us by alternative means, such as telephone.

1. Definitions

The Data Protection Statement of OrSuisse AG is based on the terminology used by the legislators in creating the data legislation. Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. In order to guarantee this, we would like to explain beforehand the terms used.
Among others, we shall use the following terms in this data protection declaration:

a) Personal Data ‘Personal data’ means any information relating to an identified or identifiable natural person (hereafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

b) Data Subject
‘Data subject’ means any identified or identifiable natural or legal person whose personal data are processed by the controller.

c) Processing
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, query, use, disclosure by transmission, circulation or otherwise making available, alignment or combination, restriction, erasure or destruction;

d) Restriction of Processing
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;

e) Profiling
‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

f) Pseudonymisation
‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

g) Controller or Controller of Processing
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

h) Processor
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

i) Recipient
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients;

j) Third Party
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

k) Consent
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

2. The Name and Address of the Controller

The controller, as according to data protection legislation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature, is:
OrSuisse AG, Rathausplatz 7, 6460 Altdorf UR, Schweiz
Tel.: +41 (0)41 511 53 88, Fax: +41 (0)41 511 71 27
E-Mail: info@orsuisse.ch, Website: www.orsuisse.ch

3. Cookies

The website of OrSuisse AG uses cookies. Cookies are text files which are stored on a computer system via an Internet browser.
Numerous websites and servers use cookies. Many cookies carry a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which Internet pages and servers can be linked to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A particular Internet browser can be recognized and identified by its unique cookie ID.
The use of cookies enables OrSuisse AG to provide more user-friendly services to the users of this website, which would not be possible without the setting of cookies.
A cookie can be used to optimise the information and offers on our website in the interests of the user. Cookies will enable us, as mentioned before, to recognize the users of our website. The purpose of this recognition is to facilitate the use of our website. For example, the user of a website that uses cookies will not have to re-enter his access data on every visit of the website because these data will be provided by the website and the cookie stored on the user's computer system.
The data subject can at any time bar cookies coming from our website by means of an appropriate setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

4. Scope, purpose, etc. of data processing

a) Collection of general data and information on the website in particular
The website of OrSuisse AG collects a series of general data and information each time it is accessed by a data subject or by an automated system. These general data and information are stored in the log files of the server. The following can be recorded: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system is directed to our website (so-called referrer), (4) the sub-sites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that will serve to avert dangers in the event of attacks on our information technology systems.
When using this general data and information, the company does not draw any conclusions about the data subject. This information is in fact needed to (1) correctly deliver the content of our website, (2) optimize the content and advertising of our website, (3) ensure the enduring functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. These anonymously collected data and information are therefore evaluated by OrSuisse AG both statistically and with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by the data subject.

b) Scope of Data Processing within the Context of Order Placement
When the order is placed, OrSuisse AG records customer data, either as part of a contract initiation in direct contact or online. These are in particular:
- personal details (name, place of residence, etc.)
- copy of identity card or excerpt from commercial register
- payment information

c) Purpose of Data Processing
The data collected by OrSuisse AG will only be used for the purpose of comprehensive customer service and the specific fulfillment of contracts, in particular
- contract processing and support;
- product improvement;
- quality management;
- technical support;
- IT Development;
- establishing contact with customers within the context of order processing.
In addition, the company is entitled to also use the data for information purposes about other products.

d) Transfer of Data to Third Parties, to Third Parties Abroad
OrSuisse AG may share information with third parties that provide services to OrSuisse AG, such as website support and improvement, website promotion, payment processing and/or order fulfillment, data systems, backup, etc. These service providers will only have access to the information necessary to carry out these limited functions on the part of OrSuisse AG and required in order to protect and secure the information.
OrSuisse AG is also entitled to transfer personal data to third companies (contracted service providers) abroad in case this is advisable for the data processing described in this data protection statement. These third companies are obliged to protect data to the same extent as OrSuisse AG itself. If the level of data protection in a country does not correspond to the Swiss or EU standard, OrSuisse AG will contractually ensure that the protection of personal data corresponds to that in Switzerland or the EU standard at all times. This will be ensured by one or more of the following measures:
- by establishment of EU Model Clauses with the contracted service providers, cf. https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts- transfer-personal-data-third-countries_de;
- by ensuring that the commissioned service providers are Swiss-US or EU-US Privacy Shield certified (if the data recipient is based in the USA or stores the data there), cf. https://www.privacyshield.gov/;
- by the implementation of Binding Corporate Rules (BCR), recognised by a European data protection authority, by the contracted service providers, cf. https://ec.europa.eu/info/law/law- topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_en.

5. Contact Option via Website

Due to legal requirements, the OrSuisse AG website contains information that enables immediate electronic contact with our company and direct communication with us, which also includes a general address for so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted voluntarily by a data subject to the data controller will be stored for the purposes of processing or contacting the data subject. These personal data will not be passed on to third parties.

6. Routine Deletion and Blocking of Personal Data

The controller shall process and store the personal data of the data subject only for the period of time necessary to achieve the storage purpose or where provided for by the European directive and regulatory authority or another legislator in laws or regulations to which the controller is subject.
If the storage purpose no longer applies or if a storage period required by the European Directive and Regulation Body or another appropriate legislator expires, the personal data shall be blocked or deleted routinely and in accordance with the legal provisions.

7. Rights of the Data Subject

a) Right to confirmation
Any data subject shall have the right to obtain confirmation from the controller as to whether personal data relating to him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may at any time contact a member of staff of the controller.

b) Right to Information
Granted by the European directive and regulatory authority, any data subject concerned by the processing of personal data has the right to obtain from the controller, at any time and free of charge, information on the storage of personal data relating to him or her, as well as a copy of that information. The data subject shall have access, inter alia, to the following information:
- the purposes of processing;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the expected period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Furthermore, the data subject has the right to know whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right of information, he or she may at any time contact an employee of the controller for this purpose.

c) Right to Rectification
Every data subject concerned by the processing shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right of rectification, he or she may at any time contact a member of staff of the controller.

d) Right to Erasure (Right to be Forgotten)
Every data subject concerned by the processing shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and insofar the processing is not requisite:
- the personal data were collected or otherwise processed in relation to purposes for which they are no longer necessary;
- the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation according to applicable law (e.g. Union or Member State law) to which the controller is subject.
If one of the above reasons applies and a data subject wishes to have personal data stored at OrSuisse AG deleted, he or she can contact an employee of the data controller at any time. The employee of OrSuisse AG shall ensure that the request for deletion is complied with immediately.
If OrSuisse AG has made the personal data public and is, as controller, obliged to erase the personal data, OrSuisse AG, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, insofar as processing is not required. The employee of OrSuisse AG will take the necessary steps in the individual case.
The data subject must be aware that even after a request to block or delete his personal data these must be retained in part within the framework of legal or contractual obligation for retention (e.g. for accounting purposes, compliance, money laundering legislation, etc.). Furthermore, the deletion of data may result in certain services, products, etc. no longer being able to be purchased or used from OrSuisse AG.

e) Right to Restriction of Processing
Any data subject concerned by the processing of personal data shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful, the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
- the data subject has objected to the processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the above conditions applies and a data subject wishes to request the restriction of personal data stored at OrSuisse AG, he or she can contact an employee of the data controller at any time. The employee of OrSuisse AG will arrange for the processing to be restricted.

f) Right to Data Portability
Any data subject concerned by the processing of personal data shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. Furthermore, the data subject shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, where processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided the rights and freedoms of others will not be adversely affected.
In order to assert the right to data transferability, the person concerned may contact an employee of OrSuisse AG at any time.

g) Right to Object
Any data subject concerned by the processing of personal data shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on:
- the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- safeguarding the legitimate interests of the data controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.
This also applies to profiling based on these provisions.
OrSuisse AG will no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where OrSuisse AG processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This will include profiling to the extent that it is related to such direct marketing. If the data subject objects to OrSuisse AG processing data for the purposes of direct marketing, OrSuisse AG will no longer process the personal data for these purposes.
Moreover, where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, the data subject may directly contact any employee of OrSuisse AG or another employee.

h) Automated Individual Decision-Making, including Profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision is not (1) necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) based on the data subject's explicit consent.
If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is based on the data subject's explicit consent, the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to exercise rights in relation to automated decisions, he or she may at any time do so by contacting an employee of the controller.

i) Right to revoke consent according to data protection law
Any data subject concerned by the processing of personal data has the right to revoke consent to the processing of personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may at any time do so by contacting an employee of the controller.

8. Data protection for job applications and in the application process

The data controller collects and processes the personal data of applicants for the purpose of handling the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents electronically to the data controller, for example by e-mail or via a web form on the website. If the data controller enters into an employment contract with an applicant, the data transmitted will be stored for the purpose of fulfilling the employment relationship in compliance with the statutory provisions. If the data controller does not enter into an employment contract with the applicant, the application documents shall be automatically deleted two months after notification of the rejection decision, provided that there are no other legitimate interests of the data controller which would prevent such deletion.

9. Privacy Policy of Plugins

a. Privacy Policy on the Application and Use of Facebook
The controller has integrated Facebook components on this website. Facebook is a social network.
A social network is an Internet-based social meeting place, an online community that usually enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the Internet community to provide personal or company-related information. For instance, Facebook enables users of the social network to create private profiles, upload photos and network via friendship requests.
The operating company of Facebook is Facebook, Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. The data controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland if a data subject lives outside the USA or Canada.. On every access of one of the individual pages of this website, which is operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject will be automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_DE. As part of this technical process, Facebook will obtain information about which specific subpage of our website is visited by the data subject.
If the data subject is logged into Facebook at the same time, Facebook will recognize which specific subpage of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of the data subject's stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks one of the Facebook buttons integrated on our website, for example the "Like" button, or if the data subject submits a comment, Facebook will assign this information to the personal Facebook user account of the data subject and save this personal data.
Facebook will receive information through the Facebook component that the data subject has visited our website whenever the data subject is logged in to Facebook at the same time as accessing our website, regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transferred to Facebook in this way, he or she can prevent the transfer by logging out of his or her Facebook account before accessing our website.
Facebook's published data policy, which is available at https://www.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which settings Facebook offers to protect the privacy of the data subject. In addition, different applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

b. Privacy Policy on the Application and Use of Google Analytics (with Anonymization Function)
The data controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the gathering, accumulation and evaluation of data on the behavior of visitors to websites. A web analysis service collects data on, among other things, from which website a data subject came to a website (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and to analyse the costs and benefits of Internet advertising.
Operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition "_gat._anonymizeIp" for the web analysis via Google Analytics. This addition is used by Google to shorten and anonymise the IP address of the Internet connection of the data subject if access to our Internet pages is gained from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services in connection with the use of our website.
Google Analytics places a cookie on the information technology system of the data subject. What cookies are has already been explained above. Placing the cookie enables Google to analyze the use of our website. Each time you access one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission statements to be prepared.
The cookie is used to store personal information, such as the access time, the location from which an access originated and the frequency of visits to our website by the data subject. Each time the data subject visits our website, this personal data, including the IP address of the Internet connection used, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through this technical process to third parties.
The data subject can at any time prevent the setting of cookies by our website, as described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs. Furthermore, it is possible for the data subject to object to and prevent the collection of data generated by Google Analytics relating to the use of this website as well as the processing of this data by Google. For this purpose, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information on visits to Internet pages may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the data subject's information technology system is later deleted, formatted or reinstalled, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within his or her sphere of control, the browser add-on may be reinstalled or reactivated.
Further information and Google's applicable privacy policy can be found at https://www.google.de/intl/en/policies/privacy/ and https://www.google.com/analytics/terms/us.html . Google Analytics is explained in more detail under this link https://www.google.com/intl/de_en/analytics/.

c. Privacy Policy on the Application and Use of YouTube
The controller has integrated components by YouTube on this website. YouTube is an Internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them, all of the aforementioned free of charge. YouTube permits the publication of all kinds of videos, which is why complete film and television programs, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
On every access of any individual page of this website, which is operated by the controller and in which a YouTube component (YouTube video) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be obtained at www.youtube.com/intl/en/yt/about/. As part of this technical process, YouTube and Google will gain knowledge of which specific subpage of our website is visited by the data subject.
If the data subject is logged in to YouTube at the same time, YouTube will recognize which specific subpage of our website the data subject is visiting when accessing a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website whenever the data subject is logged into YouTube at the same time as accessing our website, regardless of whether the data subject clicks on a YouTube video or not. If such transmission of this information to YouTube and Google is not desired by the data subject, the data subject may prevent the transmission by logging out of his or her YouTube account before accessing our website.
The data protection regulations published by YouTube, which are available at www.google.de/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.

10. Legal Basis of Processing

Art. 13 para. 1 DSG and Art. 6 para. 1 lit. a GDPR serve our company as a legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 13 para. 2 lit. a DSG or Art. 6 para. 1 lit. b GDPR. The same applies to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 13 para. 1 DSG (law) or Art. 6 para. 1 lit. c GDPR. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This would apply, for example, if a visitor to our business was injured and his name, age, health insurance data or other vital information would have to be forwarded to a doctor, hospital or other third party. In this case the processing would be based on Art. 6 para. 1 lit. d GDPR. Ultimately, processing operations could be based on Art. 6 para. 1 lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are founded on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject are not overriding. If the processing of personal data is based on Article 6 para. 1 lit. f GDPR, our legitimate interest is the performance of our business activities for the benefit of all our employees and shareholders.

11. Period for which the Personal Data will be Stored

We will only store your data for as long as is legally necessary or appropriate to the purpose for which it is processed. In the case of analyses, we store your data until the analysis has been completed. If we store data on the basis of a contractual relationship with you, this data remains stored for at least as long as the contractual relationship exists and as long as limitation periods for possible claims on our part or legal or contractual storage obligations exist.

12. Statutory or Contractual Requirements for the Provision of Personal Data; Obligation of the Data Subject to Provide the Personal Data; Possible Consequences of Failure to Provide Such Data

We hereby inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner). Sometimes the conclusion of a contract may require a data subject to provide personal data which subsequently have to be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide personal data would mean that the contract could not be concluded with the data subject. Before providing personal data, the data subject must contact one of our employees. Our employee will inform the data subject individually whether the provision of the personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.

13. Existence of Automated Decision-Making

As a responsible company, we refrain from automatic decision-making or profiling.

14. Data security

OrSuisse AG shall protect the data in accordance with the legal requirements and shall take appropriate technical and organizational measures to protect, in particular, access to, transport, storage and input of data. Security measures are continuously adapted and improved in line with technological developments.

15. Currentness of and Amendments to Data Protection Statement

Due to the further development of our website, of our products or to the implementation of new technologies, it may be necessary to change this Data Protection Statement. The current Data Protection Statement can be viewed and printed on our website at any time.
The original data protection statement is in the German language. The translated versions only serve for better comprehensibility. In the event of any dispute, the German text shall prevail.

As of January 1, 2019