Basler & Hofmann AG (hereinafter referred to as “Basler & Hofmann” or “we”) attaches a great deal of importance to protecting your data and your privacy. With this in mind, this policy is designed to provide you with information on the collection and use of information concerning the personal or material circumstances of an identified or identifiable individual (hereinafter referred to as “personal data”).
I. Controller and contact details for data protection
- In writing: Basler & Hofmann AG, Forchstrasse 395, 8032 Zürich, Schweiz
- By e-maill: email@example.com
II. Information on data processing
1. Processing of personal data
We only process your personal data in line with our data processing principles and where we have a legal basis to do so. Where data is processed to initiate and perform a contract, this legal basis applies. We also process your personal data to ensure the security of our offering and to adapt and improve it based on your needs. We assume that our interests are the overriding interests. We collect the data listed below:
a) All information that you explicitly send us using one of our contact forms, an e-mail or another channel (name, address, age, gender, contact details, text, photos, images, etc.);
b) Other data that we have collected from you or have received in the context of permissible processing operations.
We also collect the following data when you visit one of our websites:
a) IP address and referrer URL (the page previously visited);
b) Browser version and browser type used;
c) Date and time of the visit/query;
d) Visited website URL of the accessed file;
e) Operating system;
We do not use profiling, i.e. the automated processing of personal data to evaluate certain personal aspects relating to you, either on our website or otherwise, and only collect/process personal data that is particularly worthy of protection (e.g. religious, political or philosophical views, state of health, etc.) in exceptional cases and only when we have a contractual or statutory obligation to do so.
2. Dissemination to third parties
2.1 Group companies Subsidiaries and sister companies
Contract data processors
We use partner companies (so-called “contract data processors”) in order to provide individual services that mainly involve the processing of personal data. These include, for example, partner companies that we use to provide individual administrative services. We remain responsible for data protection when we use contract data processors. Contract data processing agreements are in place to ensure that the contract data processors we use comply with the data protection law obligations.
Umantis online applications portal
System for sending large volumes of data: Droppy.ch
Droppy.ch is a simple way to exchange data files that are too large to be sent via e-mail. You can see were the Droppy.ch service has been integrated on our website in our upload portals, which load on a new page in each case and have the domain format baslerhofmann.droppy.ch.
These services are operated by Droppy.ch, Haldensteig 10, 9200 Gossau SG, Switzerland. The files are transmitted in encrypted form (TLS 1.2). The files on the data server are secured with an AES encryption. As a rule, all files that are uploaded are deleted automatically once they have been downloaded or after a maximum of 14 days. The files are stored at Host Europe GmbH, Hansestr. 111, 51149 Cologne, Germany (www.hosteurope.de). Droppy.ch is contractually prohibited from using the data for purposes other than the agreed electronic dispatch services.
The use of Droppy is logged separately for quality assurance and proof of performance purposes. The following data is stored:
- E-mail and IP address of the sender
- Upload date
- Notification e-mail
- E-mail and IP address of the recipient
- Download date
- Total number of downloads and files
This data journal is deleted after one month.
2.2 Other third parties
Your data is not disclosed to third parties without your explicit consent. The term “third parties” does not include our service partners that we need to process the contractual relationship (e.g. financial institutions to process payments, the postal service, courier services or freight forwarders used to ship materials, cloud services to provide and safeguard the digital infrastructure). In such cases, we strictly observe the requirements of the applicable data protection legislation. The scope of the data transmitted is kept to a minimum. We only consider using service partners in countries other than Switzerland or the member states of the European Economic Area if the country concerned either has an equivalent level of data protection according to the Federal Council’s country list or we can contractually ensure an equivalent level of protection (e.g. by concluding contracts or so-called “standard contractual clauses”).
3. Corporate pages on social media
3.1 Media used
We maintain a corporate profile on the following social media that we use to publish information about Basler & Hofmann and to interact with other platform users:
- LinkedIn: Betreiberin ist LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland;
- YouTube: Betreiberin ist Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Irland;
- Xing: Betreiberin ist New Work SE, Am Strandkai 1, 20457 Hamburg, Deutschland.
3.2 Data processing on corporate pages
When you visit a corporate page, the operator of the platform concerned collects information allowing it to recognise users and analyse their behaviour comprehensively. Based on the data it collects as part of this process, the platform operator can also create user profiles. If you are logged in with your personal account when you visit a corporate page, the provider concerned can also assign this visit to your account. The provider only provides us with an anonymised statistical evaluation of the use of our corporate page based on the information obtained
In general, you can assert your data protection law rights in connection with data processing by our corporate pages both vis-à-vis us and vis-à-vis the relevant platform operator. We would like to stress, however, that the most effective strategy is to assert them vis-à-vis the relevant operator, as only the latter has access to the user data and can take appropriate measures and provide information directly.
You can find further information on data processing by the relevant operator, including the processing location, at:
4. Messages, notifications and updates
Communication for advertising purposes: Where there is a corresponding basis under data protection law (use of a service that is subject to a fee [Basler & Hofmann also assumes that a service that is subject to a fee is being provided when it sends out a quotation that you requested, even if this is not invoiced] or corresponding consent), we use your contact details to provide you with information on similar offers by e-mail, as well as for marketing and optimisation purposes so that we can offer you better services and better customer service.
firstname.lastname@example.org. When we send out digital newsletters, we use established tools from recognised providers. We use contract data processing agreements to ensure compliance with data protection law requirements.
Communication for information and other purposes: We send you messages that have to be sent to all customers, notifications that contain important information and other messages that you request from us. You cannot unsubscribe from these communications. You can, however, adjust the channel used for, and format of, the notifications you receive where appropriate.
5. Transmission of personal data
Unless explicitly agreed otherwise, electronic communication uses unencrypted e-mails. The use of e-mails is not technically secure; scenarios can arise in which e-mails are not delivered. When e-mails are transmitted, they can end up leaving the country even if the sender and recipient are within the country. The confidentiality of e-mails cannot be guaranteed if they are not (sufficiently) encrypted.
When you use forms that are available on our website, it is also the case that only the transmission of your message from your computer to the web server is encrypted. When you access special work portals within our infrastructure (Microsoft SharePoint, etc.), on the other hand, data communication is generally encrypted from our interface to us.
By using the forms or sending an e-mail, you provide your consent to communication via e-mail in the knowledge of the described risks. The use of encrypted communication channels or channels with other security features has to be agreed with us in advance.
6. Retention of your personal data
6.1 Server locations
Your personal data collected as part of your activities on the website are hosted in Switzerland on the servers of hosttech Ltd liab. Co, Hofmattbachstrasse 1, 6207 Nottwil. The servers offer the best-possible protection against unauthorised third-party access. Data is backed up at regular intervals. These are stored at the location of the hosttech Ltd liab. Co servers in Nottwil for seven days and at the location of the punkt.de GmbH servers in Karlsruhe for 14 days.
To protect our website from external attacks, we also use the reverse proxy services offered by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. Cloudflare checks user access to our website in advance, in particular to prevent mass attacks on our website. The checks are performed automatically via Cloudflare servers located in the US and Canada. An appropriate level of data protection is ensured by a contract data processing agreement that is available at CLOUDFLARE DATA PROCESSING ADDENDUM | Cloudflare abgerufen werden kann.
The personal data concerning you that we collect directly is stored on our own servers and on virtual servers of a cloud provider with a good reputation and a storage location in Switzerland or the European Economic Area (EEA). The servers offer the best-possible protection against unauthorised third-party access. Backups are generated regularly in order to prevent data losses to the greatest possible extent.
6.2 Retention period
We only retain your data for as long as we are required to by law, or in accordance with the purpose of the processing. With regard to analyses, we store your data until the analysis has been completed. If we store data based on a contractual relationship with you, this data will remain stored at the very least for as long as the contractual relationship is in force, and at the most for as long as limitation periods for possible claims asserted by us have not yet expired, or statutory or contractual retention obligations apply. As a rule, the retention period does not exceed a period of 10 years (calculated from the termination of the contractual or de facto relationship with you).
III. Your rights
In general, you have the right to information, rectification, erasure, restriction, portability and withdrawal, as well as the right to raise an objection or, where appropriate, lodge a complaint.
8. Data concerning people under 16
Under the general data protection law requirements, young people under the age of 16 cannot give their consent to the processing of their personal data. Consent is, however, required to use certain services on our websites and platforms.
9. 9. Access, rectification, portability
You also have the right to request that your personal data that has been stored electronically be transmitted to another data controller free of charge. Please note, however, that we cannot modify your data to meet any special format requirements imposed by another controller and will not, under any circumstances, transfer your business history or passwords.
10. Withdrawal and erasure
Should you submit an erasure request, we will lock and block your profile. Please note, however, that we are obliged under commercial and tax law to retain posting documents for a minimum period of 10 financial years. We are therefore unable to either erase or edit the personal data contained in these documents. This means that, in such cases, your withdrawal or erasure request only applies to future processing and only to personal data that we do not process on the basis of statutory grounds justifying such processing, but exclusively on the basis of your consent.
If a contractual relationship is still pending when we receive your withdrawal or erasure request, we will continue to process your personal data until the contract has been performed in full. Your withdrawal under data protection law explicitly has no impact on the processing of existing contractual relationships and is not considered extraordinary grounds for termination.
11. Lodging a complaint with a supervisory authority
The Federal Data Protection and Information Commissioner (www.edoeb.admin.ch) is responsible for complaints.
12.1 General information regarding cookies
Cookies are small text files or parts of information that are stored on your computer or mobile device (e.g. your smartphone or tablet) when you use our services. Cookies usually contain the name of the website/application it came from, the cookie duration (i.e. how long the cookie will remain on your device) and a value that is usually a randomly generated, one-time number.
The maximum period for which cookies can be stored after they are saved on the user’s device for the first time is consistent with the applicable legislation.
12.2 Essential Cookies
Essential cookies are cookies that are absolutely necessary for our services to work and for their features to be used. Without these essential cookies, our services would not run as smoothly as you would like and we might not be able to provide the website or certain services or features that you are interested in.
We also use technical cookies that allow our services to remember options you selected (e.g. language or the region you are in) for modification and personalisation purposes. These cookies do not collect any information concerning you that is used for advertising purposes, nor do they remember which websites you have visited.
We use the following first-party cookies (all of which are resident cookies):
Device Identifier-Cookie: We install cookies on your computer that recognise you and tell the website or service that you are logged in.
User local cookie: We install cookies that are used to remember certain local options you have set, for example the language you selected.
As these cookies are necessary for us to provide our services, you cannot object to their use.
12.3 Functional Cookies
Functional cookies are cookies that allow you to use certain features of our services that could be useful to you, but are not absolutely necessary for our services to work and for their features to be used. While you can block the installation of these cookies by selecting the appropriate settings in your browser, this may result in you being unable to use certain features of our services or only being able to use them to a limited extent.
Google Maps (Session Third Party Cookies)
We use Google Maps to display interactive maps. Google Maps is a map service provided by Google.
The use of Google Maps means that information concerning the use of this website, including your IP address, may be transmitted to Google in the US.
When you visit a page of our website that contains Google Maps, your browser establishes a direct connection to the Google servers. Google transfers the map content directly to your browser, which embeds the latter into the website. This means that we cannot exert any influence over the scope of the data that Google collects as part of this process. Based on our knowledge, this includes at least the following data:
- Date and time on/at which the website in question was visited,
- Internet address or URL of the website visited,
- IP address.
We cannot exert any influence over the further processing and use of the data by Google, meaning that we cannot accept any responsibility in this regard.
By using our website, you consent to the processing of the data concerning you collected by Google Maps in the manner and for the purpose set out above.
12.4 Analytical cookies and cookies for marketing, profiling and retargeting
Management of the Google tool via the Tag Manager
We use Google Tag Manager on our website. Google Tag Manager is a cookie-free domain that does not collect any personal data. The Google Tag Manager is responsible for triggering other tags that may, in turn, collect data. We would like to point this out to you specifically. Google Tag Manager does not access this data. If users have deactivated this function at domain or cookie level, this continues to apply to all tracking tags implemented with Google Tag Manager.
Google Analytics (residente Third Party-Cookies)
The Google Analytics service is used to analyse how users behave on our website. Our legitimate interest lies in the analysis, optimisation and cost-effective operation of our website.
The usage and user-related information that is collected includes, for example, IP address, location, time or frequency of visits to our website. We use IP anonymisation for the use of Google tools. This truncates the last few digits of your IP address before it is stored on Google’s servers with definitive effect. This means that, while Google’s technical and analytical services can still be used to a reasonable extent, you can no longer be traced in full, giving you a higher level of anonymity with regard to your behaviour while surfing the Internet than you would have without IP anonymisation.
We also use the remarketing feature as part of the ways in which Google Analytics can be used. This allows us to display personalised advertising to you on suitable advertising areas of other websites based on the interests you have shown on our website. This option is limited to a maximum period of 18 months. Retargeting allows us to display advertisements that are as relevant to you as possible, as well as to measure the effectiveness and reach of the advertisements, but also to review the statements we receive from our advertising partners for our campaigns.
The data collected in this process is, in turn, used by Google to supply us with an analysis of visits to our website and user activity on our website. This data can also be used to provide other services in connection with the use of our website and use of the Internet.
Google says that it does not combine your IP address with other data. Google also provides further data protection law information at https://policies.google.com/technologies/partner-sites?hl=en-GB, e.g. on the options for preventing data use.
In addition, Google offers a so-called “deactivation add-on”, including further information, at https://www.google.de/intl/de/policies/privacy
We use the web analytics service Hotjar by Hotjar Ltd (hereinafter referred to as “Hotjar”) on our website. Hotjar is a European company that has its registered office in Malta (Hotjar Ltd, Level 2, St. Julian’s Business Centre, 3, Elia Zammit Street, St. Julian’s STJ 1000, Malta). This tool allows movements on our website to be tracked (so called “heat maps”). For example, we can see how far users scroll and how often they click on which buttons. This provides us with valuable information to make our website even faster and more customer-friendly.
Protecting your personal data is a top priority for us when using this tool. We can only track, for example, which buttons are clicked, how the mouse is moved, how far users scroll, device screen size, device type and browser information, location (country only) and a user’s preferred language for our website.
Hotjar allows all users to block the use of the tool using a “Do not track header”, meaning that no data on the visit to the website concerned is recorded. You can find detailed instructions along with information for your browser at https://www.hotjar.com/opt-out.