Privacy Statement
Effective: 17/09/2018
1. Purpose of this Privacy Policy
2. Identity of the controller and contact details
3. Scope of "personal data" and "processing"
4. Purpose of the processing
5. Sharing your personal information
6. Cross-border transfer of personal data
7. Profiling and automated individual decision making
8. Security of your personal data
9. Retention of your personal data
10. What rights do you have in relation to the processing of your personal data?
11. Other considerations
12. Changes to this Privacy Policy
1. Purpose of this Privacy Policy
With a view to the new EU General Data Protection Regulation ("GDPR"), this privacy policy ("Privacy Policy") sets out which personal data we process, in which way and for what purposes.
This Privacy Policy applies to any processing of personal data in connection with all our business activities in all our business areas. This also includes the business activities of all our affiliated companies, unless they have issued a separate privacy policy. For certain services additional Privacy Policies may apply. We will inform you of these provisions in an appropriate manner where such is the case.
In this Privacy Policy, we indicate in particular:
• which personal data we collect about you;
• when we collect your personal data;
• the purpose for which we use your personal data and the legal basis thereto;
• how long we retain your personal data;
• who has access to your personal data; and
• what rights you have with regard to your personal data.
You will find corresponding notes and explanations below. Please find further details in the table at the end of this Privacy Policy. In case of questions, please contact us. You can find our contact details following this link.
2. Identity of the controller and contact details
In principle, the following entity ("we" or "us") acts as controller with regard of the data processing in accordance with this Privacy Policy:
Habasit International AG
Römerstrasse 1
Reinach-Basel, CH-4153
Email privacy@habasit.com Tel: +41 61 715 15 15
The entities of the Habasit Group have not appointed a data protection officer according to article 37 GDPR save for affiliates in Germany and Poland. You will find the details of the data protection officers concerned on the respective local websites.
In certain cases the controller of your personal data is not us, but another group entity:
• If you are in contact with another Habasit Group entity, then this entity is the controller with regard to the respective data processing, unless this Privacy Policy provides otherwise.
• In certain cases, we may also transfer your personal data to another Habasit Group entity or to third parties so that these recipients can process personal data for their own purposes, i.e. not on our behalf. This may also include public authorities. This Privacy Policy states where such may be the case. In this case, the respective recipient is the controller.
3. Scope of "personal data" and "processing"
Personal data is all information that relates to a particular natural person or (according to Swiss data protection law) a legal entity. This for example includes the following information provided that it can be assigned to a specific natural person:
• contact information, e.g. name, address, e-mail address, telephone number;
• further personal information, e.g. gender, birthday and age, marital status, nationality, passport number;
• job-related information, e.g. profession, title, function, education, former employers, skills and experience, permits and admissions as well as memberships;
• logs showing your visits on our website and the use of our apps.
You will find specific information on the personal data we process under section 4 and in the table at the end of this data protection declaration.
"Processing" means any operation or set of operations which is performed on personal data. This includes, for example, the following actions:
• the collection, storage and retention;
• the organisation, the arrangement and the administration;
• adaptation and alteration;
• retrieval and consultation;
• the use and application;
• the disclosure;
• the alignment and the combination;
• the restriction;
• the erasure and destruction; and
• the transfer and dissemination.
This Privacy Policy applies to all these operations insofar as they concern personal data.
4. Purpose of the processing
Depending on the occasion and purpose, we process very different personal data. You will find more details in this section and in the table at the end of this Privacy Policy and frequently also in general terms and conditions, terms of participation and specific privacy statements. Among other things, we process personal data - possibly also sensitive personal data - in the following situations and for the following purposes:
• Communication: We process personal data when you contact us or when we contact you, e.g. when you contact our customer service as well as when you write or call us. Normally, we only require information such as name and contact data and the content and time of the relevant messages. We use this data in order to provide you with information, process your request and to communicate with you. We can also forward messages within the Habasit Group to the responsible entity offices, e.g. if your request concerns another entity.
• Purchase of goods and services: We also receive and process personal data if you make use of our services or purchase goods. We process your personal data, for example, for the processing of orders and contracts, including the dispatch of order and shipping confirmations, delivery confirmations, delivery and invoicing.
• Visiting websites (including our blog(s)); using apps: When you visit our websites (including our blog(s)) or install and use an app from us, we process personal data. The processing depends on the offer and functionality of the website or app. This data includes, for example, your domain name and IP address information, log data, information about the time our website was accessed, the duration of the visit and the pages accessed. We use this data for reasons of IT security, but also to improve the user-friendliness of the website and its functions and to measure the number of visits, average time spent on the websites of our domain, pages viewed within the domain, etc. We also use this information to create statistics on the use of our websites and their contents. We also use "cookies", which are small text files that are temporarily or permanently stored on your device when you visit our website. Cookies are often required for the functionality of the website. Others are used to personalize the offer. However, logs and cookies often do not contain personal data because we are often unable to assign this information to you. We also use analysis services such as Google Analytics. Within the use of such services, detailed information about the use of the relevant website is collected, but such information is also often not personal. Finally, we may use functionalities from third party providers, which may result in the provider concerned processing data about you. Please refer to the table at the end of this Privacy Policy for further details. There you will also learn how you can prevent these processing steps.
• Information and direct marketing: We process personal data in many ways for information and marketing purposes, including for information and marketing purposes. If you, for example, register for a newsletter or other form of communication (such as brochures or messages by SMS), we will, for example, process your contact details and information about your use of the newsletter.
• Visiting our premises: When you enter our premises, we may make video recordings in appropriately marked areas for security and evidence purposes. You may also be able to use a Wi-Fi service. In this case, we collect device-specific data in the course of your registration, and we may ask you to enter your name and e-mail address when registering if so required by applicable local legislation.
• Customer events: When we hold customer events (such as advertising events, sponsoring events, cultural and sporting events), we also process personal data. Such data include the name and address of the participants or interested parties and other data depending on the event, e.g. your date of birth. We process this information for the purpose of carrying out customer events, but also for our own marketing purposes. Further details can be found in the respective conditions of participation.
• Business partners: We work together with various companies and business partners. We also process personal data about the contact persons in these companies, e.g. name, function and title. Depending on the field of activity, we are also required to examine the company in question and its employees more closely, e.g. to carry out a safety inspection. In this case we will collect further information. We will point this out to you separately. We may also process personal data about you to improve our customer orientation, customer satisfaction and customer loyalty (Customer Relationship Management).
• Administration: We process personal data for our internal and group-internal administration. For example, we may process personal data in the context of IT or real estate management. We also process personal data for accounting and archiving purposes and generally for checking and improving internal processes.
• Job applications: We also process personal data when you send job applications to us. As a general rule, we require the usual information and documents as well as the ones mentioned in a job advertisement.
• Corporate deals: We may also process personal data in order to prepare and process company takeovers and sales and purchases or sales of assets such as receivables or real estate and similar transactions.
• Compliance with legal requirements: We process personal data to comply with legal requirements. These include, for example, the operation of a fraud reporting system, internal investigations or the disclosure of documents to an authority if we have good reason to do so or are even legally obliged to do so.
• Protection of rights: We process personal data in various constellations in order to protect our rights, e.g. to assert claims in and out of court and before local and foreign authorities or to defend ourselves against claims. For example, we can have process prospects clarified or submit documents to an authority. Authorities may also require us to disclose documents containing personal data.
The table at the end of this Privacy Policy describes in more detail what types of personal data we collect about you, how and for what purposes it is used, on what legal basis and whether you are obliged to provide us with personal data.
5. Sharing your personal information
Our employees have access to your personal data as far as it is necessary for the described purposes and the work of the employees concerned. They act in accordance with our instructions and are bound to confidentiality and secrecy when handling your personal data.
We may also transfer your personal data to other entities within the Habasit Group for the purpose of internal group administration and for the various processing purposes described in this Privacy Policy. This means that your personal data can also be processed and combined with personal data originating from another Habasit Group entity for the respective purposes.
We may also disclose your personal data to third party service providers who perform certain business operations on our behalf ("processors"), in particular:
• IT services, e.g. services in the areas of data storage (hosting), cloud services, dispatch of e-mail newsletters, data analysis etc.;
• Consulting services, e.g. services of tax consultants, lawyers, management consultants, consultants in the field of personnel recruitment and placement;
• haulage and logistics services, e.g. for the dispatch of ordered goods;
• administration services, e.g. real estate management;
• business information and debt collection, e.g. if you want to make a purchase on account or if due receivables are not paid.
Through the diligent selection of our processors and the conclusion of suitable contractual agreements, we ensure that data protection is also ensured by third parties during the entire processing of your personal data. Our processors are obliged to process the personal data exclusively on our behalf and according to our instructions.
Moreover, we may review or execute transactions such as mergers or the acquisition or sale of individual parts of an entity or its assets. In this context, the transfer of personal data to another company may be necessary. In these cases, for reasons of confidentiality, it is not always possible to inform you in advance if your personal data is affected. However, we will inform you as early as possible in each individual case and try to process as little personal data as possible.
There are also other cases where we may disclose your personal data, for instance, we may disclose your personal data to third parties (e.g. authorities) if this is required by law. We also reserve the right to process your personal data in order to comply with a court order or to assert or defend legal claims or if we consider it necessary for other legal reasons.
6. Cross-border transfer of personal data
The recipients of your personal data (section 5) may be located abroad - even outside of the European Union (EU) or the European Economic Area (EEA). The countries concerned may not have laws that protect your personal data to the same extent as the laws in Switzerland, the EU or the EEA. We refer to such countries which do not provide for adequate protection as "third countries". If we disclose your personal data to a third country recipient, we will take appropriate measures to ensure the protection of your personal data. One way of doing this is to conclude data transfer agreements ensuring the necessary data protection with the third country recipients. These include contracts approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner, the so called standard contractual clauses. It is moreover permitted to transfer personal data to recipients who have joined the US Privacy Shield program.
Please contact us if you would like to obtain a copy of our data transfer contracts or if you wish to receive further information (details in section 2).
7. Profiling and automated individual decision making
"Profiling" means a process by which personal data is processed automatically to evaluate, analyse or predict personal aspects, e.g. economic situation, personal preferences, interests, reliability, behaviour, location or movements. We may carry out profiling, e.g. in the examination of contractual partners.
"Automated individual decision making" relates to decisions which are based solely on automated means and which result in negative legal effects or other similarly negative effects on you. We will inform you separately if we make automated individual decisions and provided that such information is required by law.
8. Security of your personal data
We apply appropriate technical and organisational security processes to safeguard the security of your personal data and to protect it against unauthorised or unlawful processing and to prevent the risk of loss, unintentional alteration, unintentional disclosure or unauthorised access. However, the electronic transfer of information in particular entails security risks that cannot be completely ruled out. If you transfer information in this way, you do so at your own risk.
9. Retention of your personal data
We retain your personal data for no longer than this is necessary for the purposes for which the information is collected. We moreover retain personal data as long as we have a legitimate interest in the storage, e.g. if we need personal data for the enforcement of or the defence against claims, for archiving purposes and for guaranteeing IT security or in the case of running statutes of limitations. The relevant statute of limitations does for instance often run for ten years, in some cases for five years or one year. We also retain your personal data as long as it is subject to a legal retention obligation. Certain documents have a ten-year retention period; some even have a retention period of 25 years. Other documents must only be retained for a short period, which is the case, for example, for video surveillance recordings or for recordings of certain Internet processes (log data). In certain cases we may ask for your consent in order to retain your personal data for a longer period (e.g. in relation to job applications which we would like to keep pending).
10. What rights do you have in relation to the processing of your personal data?
You can at any time object to the processing of your personal data or freely withdraw your consent to the processing of your personal data. A right of objection exists in particular against data processing in the context of direct advertising. If you revoke your consent or effectively object to further processing for a specific purpose, we may no longer process your personal data for the corresponding purposes.
In addition, you have the following rights:
Right |
Description |
Remarks |
Right to information |
You have the right to be informed transparently, clearly and comprehensively about how we process your personal data and what rights you have in connection with the processing of your personal data. This Privacy Policy fulfils this obligation. If you would like further information, please contact us (details in section 2). |
|
Right of access |
You have the right to request, at any time and free of charge, access to your personal data stored and processed by us. |
In some cases, the right to information may be limited or excluded, in particular: |
Right to rectification |
You have the right to have incorrect or incomplete personal data corrected and to be informed of such rectification. |
|
Right to erasure |
You have the right to have your personal data erased. You can request the deletion of your personal data if: We will also inform all of our recipients of the erasure made, unless this is impossible or involves disproportionate effort. |
In individual cases, the right to erasure may be excluded, especially if processing is necessary: |
Right to restrict processing |
Under certain circumstances, you have the right to request that the processing of your personal data be restricted. |
|
Right to data portability |
You have the right to receive the personal data concerning you, which you have provided to us, free of charge, in a commonly used and machine-readable format, provided that: |
Depending on the individual case, your personal data may be transferred to you or directly to another controller. |
Right to lodge a complaint |
You have the right to lodge a complaint with a competent supervisory authority about the way we handle or process your personal data. |
|
Right to withdraw consent |
You have the right to withdraw your consent at any time. According to Article 21 GDPR, you may also object to data processing in certain other cases. Withdrawal of your consent will not render past processing activities that were based on your consent unlawful. |
11. Other considerations
Legal basis: The GDPR requires us to inform about the relevant legal basis for our data processing activities. According to the GDPR, the processing of personal data is particularly permitted if
• it is based on a valid consent that has not been withdrawn;
• it serves the performance of a contract to which the data subject is party or for pre-contractual measures upon the data subject's request (e.g. review of his or her contract request);
• it is necessary to fulfil a legal obligation;
• it is necessary to protect vital interests of you or another person;
• it is necessary for a task in the public interest or the exercise of official authority;
• it is necessary for legitimate interests, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
The processing of sensitive personal data (section 3]) is more restricted. Among other things, it is permitted if it
• is based on an explicit consent;
• is necessary to comply with certain obligations in the field of labour and social security law;
• relates to personal data which the data subject has obviously disclosed publicly;
• is necessary for the assertion of rights
In the table at the end of this Privacy Policy you will find information on the legal basis on which we usually base the respective data processing activities. Due to the complexity of many data processes, it cannot be ruled out, however, that in individual cases - depending on the circumstances - other legal bases may also apply.
Obligation to provide personal data: The GDPR also requires you to be informed whether you are obliged to provide your personal data due to a legal or contractual requirement or because the data is necessary to enter into a contract. We must moreover inform about the possible consequences when you fail to provide such data. You will also find corresponding information in the table at the end of this Privacy Policy.
Third party personal data: You may wish or need to provide us with third party personal data. We would like to point out that in this case you are obliged to inform the relevant persons about such data disclosure and about this Privacy Policy. You are also obliged to obtain the consent of the relevant person for such disclosure.
12. Changes to this Privacy Policy
We may modify this Privacy Policy from time to time if we change our data processing activities or if new legislation becomes applicable. We actively inform people registered with us of such modifications if this is possible without disproportionate effort. In general, however, a data processing activity is subject to the version of the Privacy Policy which is the latest version at the beginning of the relevant processing.
Table: Reason for data collection; scope, purpose and obligation to make data available; legal basis for processing.
Reason for the data collection |
Personal data being processed |
Processing purpose and obligation to make data available |
legal basis for processing |
Purchase of goods and services |
When you purchase goods or services with us, we process personal data in connection with your purchasing and payment behaviour. This includes, in particular, payment information. For purchases on account we can check your creditworthiness. For this purpose, we usually obtain information from specialized companies, so-called credit agencies. We may also evaluate purchase information and link it to other personal information, such as non-personal statistical information and other personal information we have collected about you, in order to derive information about your preferences and affinities with certain products or services. |
In this context, we process your personal data for the following purposes: |
We base our processing on the fact that we are allowed to process your personal for the performance of a contract. |
Online services (incl. apps) |
If you use our online services – even if you do not purchase any goods or services – we process personal data. |
We process your personal data in relation to online services for the following purposes: |
Online services can usually only be used if you accept the corresponding terms of use. Doing so, a contract will be concluded between you and us. The processing of personal data for the processing of the contract is permitted under the GDPR. Depending on the functions of the online offer, we may also ask for your consent or rely on legitimate interests. |
Visiting our website (in general) |
Every time you access our websites (including our blog(s)), for technical reasons, your browser transfers certain data to us and stores them in log files. This includes the following usage data, for example: |
In this context, we process your personal data for the following purposes: |
The processing of log files is in our legitimate interests. |
Visiting our website (cookies) |
Depending on the functionality, we store cookies. Cookies are small files that your browser automatically creates and that are stored on your terminal device when you visit our website. On the one hand, we use session cookies in which a unique identification number is stored, a so-called session ID, and information about the origin and storage period of the cookie. These cookies are deleted after your visit of our website. On the other hand, we use permanent cookies that remain stored even after the end of the respective browser session. Such cookies are used to recognize a visitor at a later visit. |
We use cookies for the following reasons: |
The use of cookies serves our legitimate interests. Some cookies are required. This individualization is also in the interest of our website visitors. Further, the analysis of the use of our websites is a legitimate interest. |
Visiting our website (evaluation of user behaviour) |
On our website, we use Google Analytics, an analysis service of Google, Inc. in the USA. Google Analytics uses cookies that enable an analysis of the website use. General information about cookies can be found in this table under "visiting our website (cookies)". Thereby, information about your behaviour on our website and the device used (PC, tablet, smartphone, etc.) are stored. For example, this includes the following usage data: |
This information is used to better understand the use of our website and to improve its content, functionality and irretrievability. |
The processing purposes mentioned on the left are within our legitimate interest. |
Visiting our website (social plug-ins) |
Our websites may use third party plug-ins. As a result, buttons of the respective providers are displayed, or content of the respective provider is integrated on the website. |
We use plug-ins to make our website more attractive and to make it easier for you to interact with the relevant offer. This also helps us to reach a wider audience for our website. Further information about the processing of the relevant data can be found in the privacy policy of the respective providers |
The processing purposes mentioned to the left are in our legitimate interests. It is very important to us to design our website in an attractive manner and to increase the interaction with our visitors. The use of social plug-ins is an important tool for this purpose. |
Subscribing to electronic newsletters |
When you subscribe to an electronic newsletter, we will in particular process the following personal data: |
We process your personal data in order to send you the electronic newsletter. This also involves us informing you about changes and providing you with further information about our electronic newsletter service. We process personal data about your use of the electronic newsletter in order to get to know you better and to be able to tailor our services more specifically to you. |
We understand your subscription to our electronic newsletter as your consent for the processing of your personal data for the purposes described to the left. |
Entering an area under video surveillance |
We take video recordings in appropriately marked areas. We may thus obtain information about your behaviour in the relevant areas. The use of video surveillance cameras is limited to specific locations and clearly marked. In addition, the data collected in this manner is only available for processing to specific employees. |
Such processing is carried out for your own safety, the safety of our employees and for evidence purposes. If criminal acts are suspected, we can make the recordings available to the prosecution authorities. |
It is within our legitimate interest to ensure our customers' and employees' safety in the relevant areas and to prevent possible crimes against our employees and our customers as well as to contribute to their investigation. |
Wi-Fi in our premises |
We collect device-specific data from your device as soon as you log in via our Wi-Fi infrastructure. This particularly includes the following information: |
We process this information in order to provide you with Wi-Fi services and for IT security purposes. The use of our Wi-Fi service is voluntary. You are in principle also not obliged to disclose any personal data to us. However, it may not be possible to use the Wi-Fi service without your personal data being processed accordingly. |
By using our Wi-Fi service, you consent to our processing of your personal data for this purpose. |
Participation in customer events |
We process personal data when we invite you to customer events (such as promotional events, sponsoring events, cultural and sporting events). In particular, this includes the following - possibly particularly sensitive - personal data: |
We process your personal data in order to invite you to our events and to find out which customer events you are interested in. In this way, we can draw your attention specifically to the customer events that we hope will be of interest to you. |
We process your personal data after you have given us your consent to inform you about the relevant customer events or if you have registered for one of our customer events. The processing mentioned to the left is also in our legitimate interest, because it enables us to get in touch with you personally and to get to know you better. This enables us to better tailor our services to your needs and interests and to expand and improve our services. This is important for us so that we can successfully assert ourselves in the market. |
Contact with our firm as business partner |
If you work for a company that supplies or purchases goods or services from us or that works together with us in some other way, we process personal data about you, such as, for example, |
The processing of personal data serves the following purposes: |
The processing described to the left is within our legitimate interest because it enables us to make use of external services and thus increase our efficiency. We also have a legitimate interest in preventing misuse of our goods and services and in ensuring an appropriate level of security when we receive services or work with other companies. This may require background and security checks. Customer care is also in our justified interest. |
Administration |
For our internal administration and management, we process - possibly sensitive - personal data about our customers, business partners and third parties, e.g. in the context of the administration of our IT, our real estate (e.g. for the preparation of a rent schedule or for the determination of the usual market rent) and other assets. |
We process this personal data particularly for the following purposes: |
Processing for the aforementioned purposes may be necessary for the performance of contracts. It is also within our legitimate interests. |
Job applications: |
When you apply for a job at our company, we process your contact details and the information provided to us (e.g. application, contact details, curriculum vitae, qualifications, certificates, etc.; if necessary also sensitive personal data). Other personal data may also be required in the course of a job application, depending on the position and profile. |
We process your personal data to check your suitability for the position in question and to discuss possible employment with you. With your consent, we may also keep your application pending if we - or you - refrain from employment with a view to a possible later employment. |
Processing for the purposes mentioned to the left is within our legitimate interests. If we process sensitive personal data, we ask for your explicit consent. |
Corporate deals: |
We may carry out transactions in which we sell, encumber or acquire companies or parts of companies or assets such as receivables or real estate. When reviewing and, if necessary, processing such transactions, we process personal data whose scope depends on the subject and stage of the transaction and which may also contain sensitive personal data (e.g. health data). Such information may be disclosed to a prospective buyer to the extent permitted by law. If we sell receivables, we provide the purchaser, for example, with information about the reason and amount of the receivable and, if applicable, the creditworthiness and conduct of the debtor in connection with this receivable, and in the case of the sale of real estate, we can provide in particular information about the tenants. Transactions involving companies or parts of companies also require the processing of personal data, e.g. information about current, former and future employees, suppliers and customers and their contact persons, etc. The processing of personal data is also required. |
The purpose of this data processing is to check the corresponding transactions and to carry them out where applicable. Notifications to local and foreign authorities may also be required. |
Processing for the purposes mentioned to the left may be required for the performance of contracts. It is also in our legitimate interest. |
Compliance with legal requirements: |
In order to comply with legal obligations, we may have to or want to process personal data. This is the case, for example, if an authority requires documents containing your name and contact details, or if we carry out an investigation. In order to ensure compliance with the applicable law, we also take various measures. We may also conduct internal investigations in which your personal data may also be processed. |
We in particular process your personal data for the following purposes: |
Processing for the aforementioned purposes is necessary for compliance with legal obligations and for legitimate interests. |
Protection of rights: |
We process personal data in order to protect our rights, e.g. to assert claims in court, in or out of court and before local and foreign authorities or to defend ourselves against claims. This may also include sensitive personal data. |
We process this personal data for the following purposes: |
Processing for the aforementioned purposes may be necessary for the performance of contracts. It is also within our legitimate interests. |
Communication with us |
We collect personal data when you contact us in writing, electronically or by phone. We process contact and communication data, including in particular the following personal data: |
In this context, we process your personal data for the following purposes: |
By contacting us, we understand that you consent to the processing of your personal data. The processing of data is within our legitimate interests, as it enables us to improve the quality of our services, avoid errors in our processes and achieve higher customer satisfaction. |