With this Data Protection Declaration, we inform you about the personal data we process in connection with our activities and tasks, including our reseatech.ch-Website. We specifically inform you about what personal data we process, why, how, and where we process such data. We also provide information about the rights of individuals whose data we process.
For individual or additional activities and tasks, additional data protection declarations, as well as other legal documents such as General Terms and Conditions (GTC), Terms of Use, or Participation Terms, may apply.
We are subject to Swiss data protection law and, if applicable, foreign data protection law, especially that of the European Union (EU), including the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law provides adequate data protection.
1. Contact Addresses
Responsibility for the processing of personal data:
ReseaTech GmbH, Kirchbergstrasse 190, 3400 Burgdorf, Switzerland
We will inform you if, in individual cases, there are other responsible parties for the processing of personal data.
2. Terms and Legal Bases
2.1 Terms
Personal data means any information relating to a specific or identifiable natural person. An affected person is a person about whom we process personal data.
Processing includes any handling of personal data, regardless of the means and methods used, such as querying, comparing, adapting, archiving, retaining, extracting, disclosing, obtaining, recording, collecting, deleting, disclosing, organizing, storing, altering, distributing, linking, destroying, and using personal data.
The European Economic Area (EEA) includes the Member States of the European Union as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, especially the Federal Data Protection Act (Datenschutzgesetz, DSG) and the Data Protection Ordinance (Datenschutzverordnung, DSV).
We process, if and to the extent the General Data Protection Regulation (GDPR) is applicable, personal data in accordance with at least one of the following legal bases:
- Art. 6(1)(b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject and for pre-contractual measures.
- Art. 6(1)(f) GDPR for the necessary processing of personal data to safeguard the legitimate interests of us or third parties, unless the fundamental rights and freedoms of the data subject prevail. Legitimate interests include, in particular, our interest in conducting our activities and tasks in a sustainable, user-friendly, secure, and reliable manner, as well as being able to communicate about them, ensuring information security, protecting against misuse, enforcing our own legal claims, and complying with Swiss law.
- Art. 6(1)(c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under the law of Member States in the European Economic Area (EEA).
- Art. 6(1)(e) GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
- Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
- Art. 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
3. Type, Scope, and Purpose
We process those personal data that are necessary to permanently, user-friendly, securely, and reliably carry out our activities and operations. Such personal data can include categories of inventory and contact data, browser and device data, content data, meta or marginal data, usage data, location data, sales data, as well as contract and payment data.
We process personal data for the duration necessary for the respective purpose(s) or as required by law. Personal data that is no longer required will be anonymized or deleted.
We may have personal data processed by third parties. We may process or transmit personal data in conjunction with third parties. These third parties are, in particular, specialized providers whose services we use. We also ensure data protection with these third parties.
We generally process personal data only with the consent of the affected individuals. If processing is permissible for other legal reasons, we may forego obtaining consent. For example, we may process personal data without consent to fulfill a contract, comply with legal obligations, or protect overriding interests.
In this context, we process information that an affected individual voluntarily provides to us when contacting us—such as via postal mail, email, instant messaging, contact forms, social media, or telephone—or when registering for a user account. We may store such information in an address book or similar tools. When we receive data about other individuals, the transmitting parties are obliged to ensure data protection for these individuals and to ensure the accuracy of this personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect when carrying out our activities and operations, provided that such processing is legally permissible.
4. Applications
We process personal data about applicants, as far as it is necessary for assessing suitability for an employment relationship or for the subsequent execution of an employment contract. The necessary personal data arise, in particular, from the information requested, such as in the context of a job advertisement. Furthermore, we process personal data that applicants voluntarily provide or publish, especially as part of cover letters, resumes, and other application documents, as well as online profiles.
We process—provided that the General Data Protection Regulation (GDPR) is applicable—personal data about applicants, in particular, in accordance with Article 9(2)(b) GDPR.
5. Personal Data Abroad
We process personal data generally in Switzerland and the European Economic Area (EEA). However, we can also export or transmit personal data to other countries, especially to process them there or have them processed.
We can export personal data to all countries and territories on Earth and elsewhere in the Universe, provided that the local law ensures adequate data protection, in accordance with the decision of the Swiss Federal Council, as well as, where applicable, in accordance with the decision of the European Commission under the General Data Protection Regulation (GDPR).
We can transmit personal data to countries whose law does not ensure adequate data protection, provided that data protection is guaranteed for other reasons, especially based on standard data protection clauses or other suitable guarantees. In exceptional cases, we can export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, such as the explicit consent of the affected individuals or a direct connection to the conclusion or execution of a contract. Upon request, we will gladly provide affected individuals with information about any guarantees or provide a copy of any guarantees.
6. Rights of Affected Individuals
6.1 Data Protection Claims
We grant data subjects all rights in accordance with applicable data protection law. Data subjects have the following rights in particular:
- Information: Data subjects can request information about whether we process personal data about them, and if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data as such, but also information about the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data, among other things.
- Correction and Restriction: Data subjects can correct incorrect personal data, complete incomplete data, and request the restriction of their data processing.
- Deletion and Objection: Data subjects can request the deletion of personal data (“right to be forgotten”) and object to the processing of their data for the future.
- Data Disclosure and Data Transfer: Data subjects can request the disclosure of personal data or the transfer of their data to another controller.
We may postpone, restrict, or refuse the exercise of data subjects’ rights within the legally permissible framework. We may inform data subjects of any conditions that may need to be met for the exercise of their data protection claims. For example, we may fully or partially refuse to provide information, citing business secrets or the protection of other individuals. We may also fully or partially refuse to delete personal data, citing legal retention obligations, for example.
We may, exceptionally, impose costs for the exercise of rights. We will inform data subjects in advance of any potential costs.
We are obligated to identify data subjects who request information or assert other rights with appropriate measures. Data subjects are obliged to cooperate.
6.2 Right to Complaint
Data subjects have the right to enforce their data protection claims in court or file a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private controllers and federal authorities in Switzerland is the Federal Data Protection and Public Access Commissioner (EDÖB).
Data subjects also have the right to file a complaint with a competent European data protection supervisory authority if the General Data Protection Regulation (GDPR) is applicable.
7. Data Security
We implement suitable technical and organizational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security.
Access to our website is secured using transport encryption (SSL / TLS, especially with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.
Our digital communication, like virtually all digital communication, is subject to mass surveillance without cause or suspicion, as well as other monitoring by law enforcement authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the processing of personal data by intelligence agencies, police agencies, and other security authorities.
8. Website Usage
8.1 Cookies
We can use cookies. With cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – these are data that are stored in the browser. Such stored data does not have to be limited to traditional text cookies.
Cookies can be stored in the browser temporarily as “session cookies” or for a specific period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies, in particular, allow a browser to be recognized on the next visit to our website, thus, for example, measuring the reach of our website. Permanent cookies can also be used for online marketing.
Cookies can be disabled or deleted entirely in the browser settings at any time. Without cookies, our website may not be available in full. We request – at least if and to the extent required – explicit consent for the use of cookies.
For cookies used for success and reach measurement or advertising, a general objection (“opt-out”) is possible for numerous services through the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
8.2 Server Log Files
We can collect the following information for each access to our website if it is transmitted from your browser to our server infrastructure or can be determined by our web server: date and time, including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual subpage of our website including transmitted data volume, the last webpage accessed in the same browser window (referer or referrer).
We store such information, which can also represent personal data, in server log files. The information is necessary to provide our website permanently, user-friendly, and reliably, and to ensure data security and, in particular, the protection of personal data – also by third parties or with the help of third parties.
8.3 Pixel Tags
We can use pixel tags on our website. Pixel tags are also referred to as web beacons. With pixel tags – also from third parties whose services we use – these are small, usually invisible images that are automatically retrieved when visiting our website. Pixel tags can capture the same information as in server log files.
9. Notifications and Messages
We send notifications and messages by email and through other communication channels such as instant messaging or SMS.
9.1 Success and Reach Measurement
Notifications and messages may contain web links or pixel tags that capture whether a single message was opened and which web links were clicked. Such web links and pixel tags can also capture the usage of notifications and messages on a personal basis. We need this statistical capture of usage for success and reach measurement in order to effectively and user-friendly, as well as permanently, safely, and reliably send notifications and messages based on the needs and reading habits of the recipients.
9.2 Consent and Objection
You must in principle explicitly consent to the use of your email address and other contact addresses, unless the use is permissible for other legal reasons. Wherever possible, we use the “double opt-in” procedure for such consent, meaning you will receive an email with a web link that you must click to confirm, to prevent abuse by unauthorized third parties. We may log such consents, including IP address, as well as date and time for evidence and security purposes.
You can in principle object to receiving notifications and messages such as newsletters at any time. With such an objection, you can also object to the statistical capture of usage for success and reach measurement. Necessary notifications and messages related to our activities and operations remain reserved.
9.3 Notification and Message Service Providers
We send notifications and messages with the help of specialized service providers.
We use in particular:
- Mailchimp: Communication platform; Provider: The Rocket Science Group LLC DBA Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); Data protection information: Privacy Statement (Intuit) including “Country and Region-Specific Terms,” Frequently Asked Questions about Privacy at Mailchimp, Mailchimp and European Data Transfers, Security, Cookie Policy, Privacy Rights Requests, Legal Terms.
10. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and to inform about our activities and operations. In connection with such platforms, personal data can also be processed outside of Switzerland and the European Economic Area (EEA).
The respective general terms and conditions (GTC) and terms of use, as well as privacy policies and other provisions of the individual operators of such platforms also apply. These provisions provide information, in particular, about the rights of data subjects directly with regard to the respective platform, including, for example, the right to access.
11. Third-Party Services
We use services from specialized third parties to be able to carry out our activities and operations permanently, user-friendly, securely, and reliably. With such services, we can embed functions and content into our website. In the case of such embedding, the services used capture the IP addresses of users at least temporarily for technical reasons.
For necessary security-related, statistical, and technical purposes, third parties whose services we use can process data related to our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data, to be able to offer the respective service.
We use in particular:
- Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General data protection information: “Principles of Data Protection and Security”, Privacy Policy, “Google is committed to complying with applicable data protection laws”, “Guide to Privacy in Google Products”, “How We Use Data from Websites or Apps Where Our Services Are Used” (information from Google), “Types of Cookies and Other Technologies Used by Google”, “Personalized Advertising” (activation / deactivation / settings).
- Microsoft Services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), in the United Kingdom, and in Switzerland; General data protection information: “Data Protection at Microsoft”, “Data Protection and Privacy (Trust Center)”, Privacy Statement, Privacy Dashboard (Data and Privacy Settings).
11.1 Digital Infrastructure
We use services from specialized third parties to access the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.
We use in particular:
- METANET: Hosting; Provider: METANET AG (Switzerland); Data privacy information: Privacy Policy, “Technical and Organizational Measures”.
11.2 Audio and Video Conferences
We use specialized services for audio and video conferences to communicate online. This allows us to hold virtual meetings, conduct online classes, and webinars, for example. When participating in audio and video conferences, the terms and conditions of the individual services, such as privacy policies and terms of use, also apply.
Depending on your life situation, we recommend muting the microphone by default and blurring the background or using a virtual background when participating in audio or video conferences.
We use in particular:
- Google Meet: Video conferences; Provider: Google; Google Meet-specific information: “Google Meet – Security and Data Privacy for Users”.
- Microsoft Teams: Platform for audio and video conferences, among other things; Provider: Microsoft; Teams-specific information: “Privacy and Microsoft Teams”.
- Zoom: Video conferences; Provider: Zoom Video Communications Inc. (USA); Privacy information: Privacy Policy, “Privacy at Zoom”, “Legal Compliance Center”.
11.3 Mapping Material
We use third-party services to embed maps into our website.
We use in particular:
- Google Maps including Google Maps Platform: Map service; Provider: Google; Google Maps-specific information: “How Google Uses Location Information”.
11.4 Digital Audio and Video Content
We use services from specialized third parties to enable the direct playback of digital audio and video content, such as music or podcasts.
We use in particular:
- YouTube: Video platform; Provider: Google; YouTube-specific information: “Privacy and Security Center”, “My Data on YouTube”.
11.5 Fonts
We use services from third parties to embed selected fonts, as well as icons, logos, and symbols into our website.
We use in particular:
- Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: “Privacy and Google Fonts”, “Privacy and Data Collection”.
12. Success and Reach Measurement
We attempt to determine how our online offering is used. In this context, we can measure the success and reach of our activities and operations, as well as the impact of third-party links to our website. We may also experiment and compare how different parts or versions of our online offering are used (the “A/B test” method). Based on the results of success and reach measurement, we can fix errors, strengthen popular content, or make improvements to our online offering.
In most cases, individual users’ IP addresses are stored for success and reach measurement. IP addresses are generally shortened (IP masking) in this case to follow the principle of data minimization.
Cookies may be used in success and reach measurement, and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our website, information about the screen size or browser window size, and the approximate location—usually only in pseudonymized form. Some third-party services where users are logged in may be able to associate the use of our online offering with the user’s account or profile at the respective service.
We use in particular:
- Google Analytics: Success and reach measurement; Provider: Google; Google Analytics-specific information: Measurement also across different browsers and devices (Cross-Device Tracking), as well as with pseudonymized IP addresses that are only exceptionally transmitted in full to Google in the USA, “Privacy”, “Browser Add-on to Deactivate Google Analytics”.
13. Final Provisions
We can adapt and supplement this privacy policy at any time. We will inform you about such adaptations and supplements in an appropriate form, especially by publishing the current privacy policy on our website.