Privacy policy
Basler & Hofmann AG (hereinafter referred to as “Basler & Hofmann” or “we”) attaches a great deal of importance to protecting your data and your privacy. With this in mind, this policy is designed to provide you with information on the collection and use of information concerning the personal or material circumstances of an identified or identifiable individual (hereinafter referred to as “personal data”).
To the extent that it concerns our websites, this privacy policy is applicable to the domain https://www.baslerhofmann.ch/ and sub-domains with the format subdomain.baslerhofmann.ch.
The provisions set out in this privacy policy also apply to other digital media and services that we use in addition to our websites, and also provide you with information on how we process personal data in general (i.e. regardless of whether it was originally collected from one of our websites or using other means).
Amendments to this privacy policy will apply from the time of their publication on our website. The processing of personal data that were collected under the provisions of an older privacy policy will be performed in accordance with the latest privacy policy. We reserve the right to amend this privacy policy at any time and to inform our customers, partners and users about the changes in an appropriate form.
I. Controller and contact details for data protection
Basler & Hofmann is responsible under data protection law (hereinafter referred to as the “controller”) for the personal data that you send to us on the basis of this privacy policy. Should you have any questions relating to your personal data, please do not hesitate to contact us. You can reach us as follows:
- In writing: Basler & Hofmann AG, Forchstrasse 395, 8032 Zürich, Schweiz
- By e-maill: datenschutz@baslerhofmann.ch
II. Information on data processing
1. Processing of personal data
We only process your personal data in line with our data processing principles and where we have a legal basis to do so. Where data is processed to initiate and perform a contract, this legal basis applies. We also process your personal data to ensure the security of our offering and to adapt and improve it based on your needs. We assume that our interests are the overriding interests. We collect the data listed below:
a) All information that you explicitly send us using one of our contact forms, an e-mail or another channel (name, address, age, gender, contact details, text, photos, images, etc.);
b) Other data that we have collected from you or have received in the context of permissible processing operations.
We also collect the following data when you visit one of our websites:
a) IP address and referrer URL (the page previously visited);
b) Browser version and browser type used;
c) Date and time of the visit/query;
d) Visited website URL of the accessed file;
e) Operating system;
f) Provider.
You can find a list of the cookies that we use on our website at the end of this privacy policy under IV “Information on the use of cookies”.
We do not use profiling, i.e. the automated processing of personal data to evaluate certain personal aspects relating to you, either on our website or otherwise, and only collect/process personal data that is particularly worthy of protection (e.g. religious, political or philosophical views, state of health, etc.) in exceptional cases and only when we have a contractual or statutory obligation to do so.
2. Dissemination to third parties
2.1 Group companies Subsidiaries and sister companies
As part of the services offered, Basler & Hofmann may need to have certain services provided by our subsidiaries and sister companies. This may result in your personal data having to be processed by these companies. As all subsidiaries and sister companies apply the same data protection legal principles, we can also ensure compliance with the provisions of this privacy policy at all of these companies.
Contract data processors
General
We use partner companies (so-called “contract data processors”) in order to provide individual services that mainly involve the processing of personal data. These include, for example, partner companies that we use to provide individual administrative services. We remain responsible for data protection when we use contract data processors. Contract data processing agreements are in place to ensure that the contract data processors we use comply with the data protection law obligations.
Umantis online applications portal
We use the talent management software Umantis, which is operated by Haufe-Lexware GmbH & Co. KG, 79111 Freiburg, Germany, to process online applications. As we refer users directly to this platform, your personal data is collected by Umantis on our behalf and is processed in accordance with the contract data processing agreement that has been concluded. Please refer to the additional specific privacy policy on the relevant portal for applicants for information on the protection of your personal data when submitting online applications. Where provisions in that specific privacy policy deviate from provisions in this privacy policy, the provisions set out in the specific privacy policy take precedence.
System for sending large volumes of data: Droppy.ch
Droppy.ch is a simple way to exchange data files that are too large to be sent via e-mail. You can see were the Droppy.ch service has been integrated on our website in our upload portals, which load on a new page in each case and have the domain format baslerhofmann.droppy.ch.
These services are operated by Droppy.ch, Haldensteig 10, 9200 Gossau SG, Switzerland. The files are transmitted in encrypted form (TLS 1.2). The files on the data server are secured with an AES encryption. As a rule, all files that are uploaded are deleted automatically once they have been downloaded or after a maximum of 14 days. The files are stored at Host Europe GmbH, Hansestr. 111, 51149 Cologne, Germany (www.hosteurope.de). Droppy.ch is contractually prohibited from using the data for purposes other than the agreed electronic dispatch services.
The use of Droppy is logged separately for quality assurance and proof of performance purposes. The following data is stored:
- E-mail and IP address of the sender
- Upload date
- Notification e-mail
- E-mail and IP address of the recipient
- Download date
- Total number of downloads and files
This data journal is deleted after one month.
2.2 Other third parties
Your data is not disclosed to third parties without your explicit consent. The term “third parties” does not include our service partners that we need to process the contractual relationship (e.g. financial institutions to process payments, the postal service, courier services or freight forwarders used to ship materials, cloud services to provide and safeguard the digital infrastructure). In such cases, we strictly observe the requirements of the applicable data protection legislation. The scope of the data transmitted is kept to a minimum. We only consider using service partners in countries other than Switzerland or the member states of the European Economic Area if the country concerned either has an equivalent level of data protection according to the Federal Council’s country list or we can contractually ensure an equivalent level of protection (e.g. by concluding contracts or so-called “standard contractual clauses”).
3. Corporate pages on social media
3.1 Media used
We maintain a corporate profile on the following social media that we use to publish information about Basler & Hofmann and to interact with other platform users:
- LinkedIn: Betreiberin ist LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland;
- YouTube: Betreiberin ist Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Irland;
- Xing: Betreiberin ist New Work SE, Am Strandkai 1, 20457 Hamburg, Deutschland.
3.2 Data processing on corporate pages
We process personal data in line with the principles set out in this privacy policy. Corresponding personal data may be processed if you interact with us via our relevant corporate social media pages.
When you visit a corporate page, the operator of the platform concerned collects information allowing it to recognise users and analyse their behaviour comprehensively. Based on the data it collects as part of this process, the platform operator can also create user profiles. If you are logged in with your personal account when you visit a corporate page, the provider concerned can also assign this visit to your account. The provider only provides us with an anonymised statistical evaluation of the use of our corporate page based on the information obtained
In general, you can assert your data protection law rights in connection with data processing by our corporate pages both vis-à-vis us and vis-à-vis the relevant platform operator. We would like to stress, however, that the most effective strategy is to assert them vis-à-vis the relevant operator, as only the latter has access to the user data and can take appropriate measures and provide information directly.
You can find further information on data processing by the relevant operator, including the processing location, at:
LinkedIn: https://www.linkedin.com/legal/privacy-policy
YouTube: https://www.google.de/intl/de/policies/privacy
Xing: https://privacy.xing.com/de
4. Messages, notifications and updates
Communication for advertising purposes: Where there is a corresponding basis under data protection law (use of a service that is subject to a fee [Basler & Hofmann also assumes that a service that is subject to a fee is being provided when it sends out a quotation that you requested, even if this is not invoiced] or corresponding consent), we use your contact details to provide you with information on similar offers by e-mail, as well as for marketing and optimisation purposes so that we can offer you better services and better customer service.
info@baslerhofmann.ch. When we send out digital newsletters, we use established tools from recognised providers. We use contract data processing agreements to ensure compliance with data protection law requirements.
Communication for information and other purposes: We send you messages that have to be sent to all customers, notifications that contain important information and other messages that you request from us. You cannot unsubscribe from these communications. You can, however, adjust the channel used for, and format of, the notifications you receive where appropriate.
5. Transmission of personal data
Unless explicitly agreed otherwise, electronic communication uses unencrypted e-mails. The use of e-mails is not technically secure; scenarios can arise in which e-mails are not delivered. When e-mails are transmitted, they can end up leaving the country even if the sender and recipient are within the country. The confidentiality of e-mails cannot be guaranteed if they are not (sufficiently) encrypted.
When you use forms that are available on our website, it is also the case that only the transmission of your message from your computer to the web server is encrypted. When you access special work portals within our infrastructure (Microsoft SharePoint, etc.), on the other hand, data communication is generally encrypted from our interface to us.
By using the forms or sending an e-mail, you provide your consent to communication via e-mail in the knowledge of the described risks. The use of encrypted communication channels or channels with other security features has to be agreed with us in advance.
6. Retention of your personal data
6.1 Server locations
Your personal data collected as part of your activities on the website are hosted in Switzerland on the servers of hosttech Ltd liab. Co, Hofmattbachstrasse 1, 6207 Nottwil. The servers offer the best-possible protection against unauthorised third-party access. Data is backed up at regular intervals. These are stored at the location of the hosttech Ltd liab. Co servers in Nottwil for seven days and at the location of the punkt.de GmbH servers in Karlsruhe for 14 days.
To protect our website from external attacks, we also use the reverse proxy services offered by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. Cloudflare checks user access to our website in advance, in particular to prevent mass attacks on our website. The checks are performed automatically via Cloudflare servers located in the US and Canada. An appropriate level of data protection is ensured by a contract data processing agreement that is available at CLOUDFLARE DATA PROCESSING ADDENDUM | Cloudflare abgerufen werden kann.
The personal data concerning you that we collect directly is stored on our own servers and on virtual servers of a cloud provider with a good reputation and a storage location in Switzerland or the European Economic Area (EEA). The servers offer the best-possible protection against unauthorised third-party access. Backups are generated regularly in order to prevent data losses to the greatest possible extent.
6.2 Retention period
We only retain your data for as long as we are required to by law, or in accordance with the purpose of the processing. With regard to analyses, we store your data until the analysis has been completed. If we store data based on a contractual relationship with you, this data will remain stored at the very least for as long as the contractual relationship is in force, and at the most for as long as limitation periods for possible claims asserted by us have not yet expired, or statutory or contractual retention obligations apply. As a rule, the retention period does not exceed a period of 10 years (calculated from the termination of the contractual or de facto relationship with you).
III. Your rights
7. General
In general, you have the right to information, rectification, erasure, restriction, portability and withdrawal, as well as the right to raise an objection or, where appropriate, lodge a complaint.
8. Data concerning people under 16
Under the general data protection law requirements, young people under the age of 16 cannot give their consent to the processing of their personal data. Consent is, however, required to use certain services on our websites and platforms.
In general, our websites and platforms are not aimed at young people under the age of 16 – with the sole exception of our content on vocational training and trial programmes. Insofar as this privacy policy refers to consent, this always includes the consent of an individual’s parents or statutory representative where necessary. If a young person interacts with us, we will generally assume that their statutory representative has granted consent. This principle applies until the statutory representative informs us otherwise, or until we have to assume, based on other circumstances, that a young person is acting without the consent of their statutory representative.
9. 9. Access, rectification, portability
You have the right at all times to access your data stored with us free of charge and to have your data rectified. You can find our contact details in section 1 of this privacy policy.
You also have the right to request that your personal data that has been stored electronically be transmitted to another data controller free of charge. Please note, however, that we cannot modify your data to meet any special format requirements imposed by another controller and will not, under any circumstances, transfer your business history or passwords.
10. Withdrawal and erasure
You can withdraw your consent to the processing of your data by us, as granted in accordance with data protection law, at any time and request that your personal data be erased. You can find our contact details in section 1 of this privacy policy.
Should you submit an erasure request, we will lock and block your profile. Please note, however, that we are obliged under commercial and tax law to retain posting documents for a minimum period of 10 financial years. We are therefore unable to either erase or edit the personal data contained in these documents. This means that, in such cases, your withdrawal or erasure request only applies to future processing and only to personal data that we do not process on the basis of statutory grounds justifying such processing, but exclusively on the basis of your consent.
If a contractual relationship is still pending when we receive your withdrawal or erasure request, we will continue to process your personal data until the contract has been performed in full. Your withdrawal under data protection law explicitly has no impact on the processing of existing contractual relationships and is not considered extraordinary grounds for termination.
11. Lodging a complaint with a supervisory authority
The Federal Data Protection and Information Commissioner (www.edoeb.admin.ch) is responsible for complaints.
IV. Information on the use of cookies
This section provides you with information on how, and for what purpose, we use cookies on our website, as well as on how the individual cookies affect your personal data. It goes without saying that your rights set out in section III above also apply in relation to the cookies described below.
12. Cookies
12.1 General information regarding cookies
Cookies are small text files or parts of information that are stored on your computer or mobile device (e.g. your smartphone or tablet) when you use our services. Cookies usually contain the name of the website/application it came from, the cookie duration (i.e. how long the cookie will remain on your device) and a value that is usually a randomly generated, one-time number.
We use cookies to make our services more user-friendly and to tailor our services and products to suit your interests and needs. Cookies can achieve this because our services can read these files. This means that our services can recognise you and remember key pieces of information that make your use of our services more user-friendly (e.g. by remembering your preferences). Cookies can also be used to help accelerate your future activities and user experience with our services. We also use cookies to compile anonymous, aggregated statistics that allow us to understand how users use our services and help us improve the structure and content of our digital media.
The maximum period for which cookies can be stored after they are saved on the user’s device for the first time is consistent with the applicable legislation.
12.2 Essential Cookies
Essential cookies are cookies that are absolutely necessary for our services to work and for their features to be used. Without these essential cookies, our services would not run as smoothly as you would like and we might not be able to provide the website or certain services or features that you are interested in.
We also use technical cookies that allow our services to remember options you selected (e.g. language or the region you are in) for modification and personalisation purposes. These cookies do not collect any information concerning you that is used for advertising purposes, nor do they remember which websites you have visited.
We use the following first-party cookies (all of which are resident cookies):
Device Identifier-Cookie: We install cookies on your computer that recognise you and tell the website or service that you are logged in.
User local cookie: We install cookies that are used to remember certain local options you have set, for example the language you selected.
Data protection visibility cookies: We install cookies on your computer that show whether the banner message displayed on the page has informed you about the use of cookies as well as the handling of, and your rights in relation to, your data, and then whether you have consented to the use of cookies so that the banner is not shown again every time you visit a page.
As these cookies are necessary for us to provide our services, you cannot object to their use.
12.3 Functional Cookies
Functional cookies are cookies that allow you to use certain features of our services that could be useful to you, but are not absolutely necessary for our services to work and for their features to be used. While you can block the installation of these cookies by selecting the appropriate settings in your browser, this may result in you being unable to use certain features of our services or only being able to use them to a limited extent.
Google Maps (Session Third Party Cookies)
We use Google Maps to display interactive maps. Google Maps is a map service provided by Google.
The use of Google Maps means that information concerning the use of this website, including your IP address, may be transmitted to Google in the US.
When you visit a page of our website that contains Google Maps, your browser establishes a direct connection to the Google servers. Google transfers the map content directly to your browser, which embeds the latter into the website. This means that we cannot exert any influence over the scope of the data that Google collects as part of this process. Based on our knowledge, this includes at least the following data:
- Date and time on/at which the website in question was visited,
- Internet address or URL of the website visited,
- IP address.
We cannot exert any influence over the further processing and use of the data by Google, meaning that we cannot accept any responsibility in this regard.
If you do not want Google to collect, process or use data concerning you via our website, you can deactivate JavaScript in your browser settings. This will, however, mean that you cannot use the maps displayed.
For information on the purpose and scope of the data collection and the further processing and utilisation of the data by Google, as your rights in this respect and the settings that you can adjust to protect your privacy, please consult the Google privacy policy: https://policies.google.com/privacy?hl=en-GB.
By using our website, you consent to the processing of the data concerning you collected by Google Maps in the manner and for the purpose set out above.
12.4 Analytical cookies and cookies for marketing, profiling and retargeting
Management of the Google tool via the Tag Manager
We use Google Tag Manager on our website. Google Tag Manager is a cookie-free domain that does not collect any personal data. The Google Tag Manager is responsible for triggering other tags that may, in turn, collect data. We would like to point this out to you specifically. Google Tag Manager does not access this data. If users have deactivated this function at domain or cookie level, this continues to apply to all tracking tags implemented with Google Tag Manager.
Google Analytics (residente Third Party-Cookies)
The Google Analytics service is used to analyse how users behave on our website. Our legitimate interest lies in the analysis, optimisation and cost-effective operation of our website.
The usage and user-related information that is collected includes, for example, IP address, location, time or frequency of visits to our website. We use IP anonymisation for the use of Google tools. This truncates the last few digits of your IP address before it is stored on Google’s servers with definitive effect. This means that, while Google’s technical and analytical services can still be used to a reasonable extent, you can no longer be traced in full, giving you a higher level of anonymity with regard to your behaviour while surfing the Internet than you would have without IP anonymisation.
We also use the remarketing feature as part of the ways in which Google Analytics can be used. This allows us to display personalised advertising to you on suitable advertising areas of other websites based on the interests you have shown on our website. This option is limited to a maximum period of 18 months. Retargeting allows us to display advertisements that are as relevant to you as possible, as well as to measure the effectiveness and reach of the advertisements, but also to review the statements we receive from our advertising partners for our campaigns.
The data collected in this process is, in turn, used by Google to supply us with an analysis of visits to our website and user activity on our website. This data can also be used to provide other services in connection with the use of our website and use of the Internet.
Google says that it does not combine your IP address with other data. Google also provides further data protection law information at https://policies.google.com/technologies/partner-sites?hl=en-GB, e.g. on the options for preventing data use.
In addition, Google offers a so-called “deactivation add-on”, including further information, at https://www.google.de/intl/de/policies/privacy
Hotjar
We use the web analytics service Hotjar by Hotjar Ltd (hereinafter referred to as “Hotjar”) on our website. Hotjar is a European company that has its registered office in Malta (Hotjar Ltd, Level 2, St. Julian’s Business Centre, 3, Elia Zammit Street, St. Julian’s STJ 1000, Malta). This tool allows movements on our website to be tracked (so called “heat maps”). For example, we can see how far users scroll and how often they click on which buttons. This provides us with valuable information to make our website even faster and more customer-friendly.
Protecting your personal data is a top priority for us when using this tool. We can only track, for example, which buttons are clicked, how the mouse is moved, how far users scroll, device screen size, device type and browser information, location (country only) and a user’s preferred language for our website.
Hotjar allows all users to block the use of the tool using a “Do not track header”, meaning that no data on the visit to the website concerned is recorded. You can find detailed instructions along with information for your browser at https://www.hotjar.com/opt-out.
Privacy policy dated: 30 August 2023