Data protection at a glance
Our processing is subject to the Swiss Data Protection Act (DSG) and any applicable foreign data protection law, such as in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR).
Data Protection Officer
We, the following companies:
Caliqua AG, Bruderholzstrasse 31, 4053 Basel, Switzerland
Caliqua Powertec GmbH, Dammstrasse 1, 79576 Weil am Rhein, Germany
are responsible for the collection, processing and use of your personal data and the compliance of the data processing with the applicable data protection law.
e-mail address: email@example.com
Overview of the processing The following overview summarises the types of data processed and the purposes for processing them and refers to the data subjects.
Types of data processed – user data (e.g. names, addresses) – applicant data (e.g. details of the person, postal and contact addresses, the documents associated with the application and the information contained therein, such as cover letter, CV, certificates and their information provided with respect to a specific post or qualification or voluntarily supplied by applicants) – contact data (e.g. e-mail addresses, telephone numbers) – content data (e.g. entries in online forms) – usage data (e.g. websites visited, interest in contents) – meta data and communication data (e.g. information on devices, IP addresses) – contract data (e.g. object of contract, term, customer category) – payment data (e.g. bank details, invoices, payment history)
Categories of data subjects Visitors to and users (hereinafter: users) of the online offer of Caliqua AG, as well as customers, suppliers and business partners associated with us in a business relationship.
Purposes of the processing – to facilitate use of the website
– to make available the offers, its functions and contents – to respond to contact enquires and to communicate with users (blogs, news) – security measures – conversion tracking (measuring the efficacy of marketing measures) – target group formation
Terminology used "Personal data" means any information relating to an identified or identifiable natural person (hereinafter: data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. "Processing" means any procedure performed with or without the help of automatic processes or any such series of processes in connection with personal data. The term is wide in scope and includes practically any handling of data. "Controller" means the natural or legal person, agency, establishment or other body, which alone or jointly with others decides on the purposes and means of the processing of personal data.
Disclosure of data to third parties If, in the context of our processing, we disclose data to other persons and companies (commissioned data processors or third parties, including other EQUANS Group companies), transmit it to them or otherwise grant them access to the data, this takes place only on the basis of a legal authorisation (e.g. if a transfer of the data to a third party, such as a payment service provider, is necessary for the performance of the contract), you have given your informed consent, this is provided for by a legal obligation or on the legal basis of our legitimate interests (e.g. on the intervention of authorised agents, web hosts, etc.). If we commission third parties to process your data, this occurs on the legal basis of what is known as a "commissioned data processing contract".
Of course, whenever data are disclosed to third parties, we comply with the legal provisions on disclosure of data to third parties. If we appoint order processors to provide our services, we take suitable legal precautions and appropriate technical and organisational measures to ensure the protection of your data in accordance with the relevant statutory provisions.
We disclose your data to the following categories of recipients:
IT service providers
Third parties, to which we have outsourced support services, such as translation or proofreading of documents.
Third parties, which we engage to provide further services, which we offer our customers, such as consultants, legal firms and trustees.
Third parties, which are involved in the provision or organisation of events and seminars
Where applicable, government agencies and courts
Transfer to third countries If we process data in a third country (i.e. outside Switzerland, the European Union (EU) or the European Economic Area (EEA) or this occurs in the context of the use of third-party services or the disclosure or transfer of data to third parties, this is implemented only in accordance with the statutory provisions. These third parties are bound by the duty of data protection to the same extent as we are. If data protection in the country in question is not of a commensurate standard, we ensure that your data are protected to such a standard.
We ensure this safeguard in particular through the conclusion of what are known as standard data protection clauses from the EU Commission with the company in question, and/or through the existence in the company in question of Binding Corporate Rules (BCR) recognised by a European Data Protection Authority and/or through the presence of further guarantees, which comply with the applicable law. Where this is not possible, we base the data transfer on your express informed consent or the necessity for transfer in order to fulfil the contract.
Rights of data subjects By law you have various rights with respect to your data. Please note that the existence and scope of these rights may vary in accordance with specifically applicable data protection legislation. Furthermore, exceptions may apply. In particular, where applicable, we may need to further process and store your data, in order to perform a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defence of legal claims or else to comply with legal duties. Insofar as legally admissible, we may therefore also reject your data protection-related requests or only comply with them to a limited extent.
Right of access, correction, erasure and transfer of data
You have the right to request confirmation as to whether the relevant data is being processed and to information about this data. Similarly, in accordance with the legal provisions you have the right to request that inaccurate data concerning you be corrected. In accordance with the relevant legal provisions you have the right to request the erasure of data concerning you; reservations provided for by law remain unaffected thereby. Furthermore, you have the right to request that the processing of your data be restricted. Where applicable, you also have the right to obtain the data concerning you, which you have provided to us, in a structured, current, machine-readable format or to demand that the data be transferred to another Controller. Moreover, the remedies provided by law are available to you, which within the scope of application of the GDPR includes the right to lodge a complaint to the responsible supervisory authority.
Right of Withdrawal You have the right at to withdraw the consent you have granted at any time with effect for the future.
Right of objection If your data is processed on the legal base of our legitimate interest, you may, where applicable, register your objection to the future processing of the relevant data. Furthermore, you may register your objection to the processing of the relevant data for the purposes of direct advertising.
Cookies "Cookies" are small files, which are stored on the user's terminals. Different types of information are stored within cookies. A cookie serves primarily to store information about a user (or the device, on which the cookie is stored) during or also after his or her visit to an online offer.
Temporary cookies, "session cookies" or "transient cookies", are cookies that are deleted once a user leaves an online offer and closes his or her browser. A cookie of this type can store, for example, the content of a login status.
Cookies, which remain stored after the browser has been closed, are known as "permanent" or "persistent" cookies. In this way, for example, the login status can be stored, if the users visit this site several days later. Similarly, a cookie of this type can store the interests of the user and these are used for audience measurement or marketing purposes.
"Third-party cookies" are cookies, which are offered by vendors other than the Controller, who operate online offers (otherwise, if they are only the Controller’s cookies, they are referred to as "first-party cookies")
You can find out more on this possibility for the most widely used browsers on the following links:
We have put technical and organisational security precautions in place in order to protect your data from manipulation, loss or destruction and from access by unauthorised persons and to ensure the protection of your rights and compliance with the applicable provisions of data protection regulations.
The measures taken are intended to guarantee the reliability and integrity of your data and the availability and resilience of our systems and services in the case where your data are processed for extended periods. They are also designed to ensure the rapid restoration of the availability of your data and access to them in the case of a physical or technical incident. Our security measures are constantly upgraded to the latest technical developments.
We also take our own, in-house data protection very seriously. Our employees and the service provider companies commissioned by us are obliged to maintain confidentiality and to comply with the provisions of data protection law. Furthermore, they are granted access to the personal data only insofar as required.
Erasure of data The data processed by us are erased as a matter of principle as soon as they are no longer required for their specific function and their erasure does not conflict with any statutory retention obligations or other, higher-ranking interests, such as usage in particular. If the data are not erased, because they are required for other, legally admissible purposes, their processing is restricted. This means that the data are blocked and not processed for other purposes. This applies, for instance, to data, which must be stored for legal reasons or the storage of which is required for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person.
INDIVIDUAL DATA PROCESSING PROCEDURES
Hosting The hosting services undertaken by us serve in particular to provide the following services: infrastructure and platform services, computing capacity, disk space and database services, security services and technical maintenance services, which we use for the purpose of operating the online offers. In these procedures we process user data, contact data, content data, contract data, usage data, the meta data and communication data of customers, potential customers and visitors to the online offer on the base of our legitimate interest in the secure, efficient provision of these offers.
Collection of access data and log files We ourselves (or our web hosting providers) collect data every time the server is accessed (known as server log files). The access data may include the name and address of the website accessed, date and time of the access, transferred data volumes, notification of successful access, Browser type and version, the user's operating system, referrer URL (the page previously visited), IP addresses, the provider, about which the enquiry was made and the like.
The server log files may be used, on the one hand, for security purposes, e.g. in order to prevent the server overloading (in particular in the event of malicious attacks) and on the other hand, to ensure the capacity utilisation and stability of the server. This also constitutes our legitimate interest in the processing of your data.
For reasons of security (e.g. to investigate abuse or fraud) log file information is stored for a maximum period of 30 days and then erased. Data, which must be further retained for evidential purposes, are exempt from erasure until final clarification of the respective incident.
Provision of contractual services We process personal and contractual data (e.g. for services agreed, subject matter of the contract, contractual communication, users' names and addresses and contact data) for the purpose of fulfilling our contractual and pre-contractual and service obligations. The entries marked as mandatory on online forms are required in order to conclude the contract. When use is made of our online services we store the IP address and the time of the respective user action. Data are stored on the basis of our legitimate interests as well as those of the user as protection against abuse and other unauthorised use. We process usage data (e.g. the web pages of our online offer visited, interest in our services) and content data (e.g. entries on the contact form or user profile) in a user profile for advertising purposes, in order, for example, to display product information for users based on the services they have used to date. Data are erased on the expiry of statutory warranty, statute of limitations and comparable obligations. The necessity to retain data is reviewed every three years. In addition, the statutory duties of archiving remain reserved. Data in any customer account shall remain until it is deleted.
Administration, financial accounting, office organisation, contact management We process data within the scope of our administrative responsibilities and the organisation of our business, financial accounting and compliance with the statutory obligations, such as archiving. For this purpose we process the same data, which we process for the provision of our contractual services. Customers, potential customers, business partners and visitors to the website are included in this processing. The purpose and our interest in the processing lie in the administration, financial accounting, office organisation, data archiving, in other words, tasks, which serve the maintenance of our business activities, performance of our responsibilities and provision of our services. The erasure of data with respect to contractual services and contractual communication corresponds to the data referred to in the case of these processing activities. For this purpose we disclose or transfer data to the fiscal authority, consultants, such as tax advisors or accountants and to other billing offices and payment service providers.
On the basis of our business interest we also store data on suppliers, event organisers and other business partners, for example, for the purpose of subsequent contact. As a matter of principle we store these business-related data on a permanent basis.
Contacting us When a person contacts us (e.g. using the contact form, by e-mail, telephone or through social media) the data of the person making the enquiry are processed in order to handle the contact enquiry and its processing. Contact enquiries in the case of contractual or pre-contractual relationships are processed to fulfil our contractual duties or to respond to contractual or pre-contractual enquiries and otherwise on the basis of our legitimate interest in responding to the enquiries.
Users' data may be stored in a customer relationship management system (CRM system) or in a comparable enquiry organisation. We erase the enquiries, provided that they are no longer required.
Application procedures When you apply for a job with us, the data provided by you as part of the application procedure are processed, in order to check whether we wish to establish and continue an employment relationship with you.
During the application process, in addition to titles, surname, first name, date of birth and nationality, the usual correspondence data, such as postal address, e-mail address and telephone numbers are stored in the applicant database. All the documents submitted by you in connection with the application are also recorded. Moreover, applicants may voluntarily submit additional information to us. These data are processed solely in the context of your application and for staff recruitment. They may also be processed for statistical purposes (e.g. reporting). In this case it is not possible to draw conclusions about individual persons.
Your data may be viewed only by selected employees of CALIQUA, who are entrusted with the assessment of your application file.
The legal basis for the processing of application data is our legitimate interest in undertaking the application procedure.
If an appointment is made, the transferred data are stored for the purpose of processing the employment relationship subject to the legal provisions. Otherwise, if the application procedure ends without appointment, your data are, as a matter of principle, processed only until the time of decision on the employment. These data are erased at the end of 6 months. Your data are stored in an applicant pool, only if you have expressly granted us permission to do so.
Newsletter We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as “newsletter”) only with the consent of the recipient and insofar as this is permitted by law, for example in the case of advertising to existing customers. If a user has registered for a newsletter and the content has been specifically changed, the user's consent must be obtained. Moreover, our newsletters include information on our services and about us.
In order to register for our newsletters, it is as a matter of principle sufficient to enter your e-mail address. However, we may request that you supply a name, for the purpose of putting a personal address on the newsletter, or other data, if these are required for the purposes of the newsletter.
Registration for our newsletter takes place in a so-called double opt-in procedure. This means that on registration you are sent an e-mail requesting you to confirm your registration. This confirmation is necessary to ensure that no-one can subscribe using third-party or non-existent email addresses. The subscriptions to the newsletter are logged, to allow us to verify the subscription process in accordance with the statutory requirements. These include storage of the time of registration and confirmation and the IP address. Similarly, the changes to your data stored by the shipping service provider are logged.
Insofar as we commission a service provider with the despatch of e-mails, this is done on the basis of our legitimate interest in a secure and efficient despatch system. The registration procedure is recorded on the basis of our legitimate interest, in order to establish that this has been conducted in compliance with the law. The registration procedure is recorded on the basis of our legitimate interest for the purposes of proving that it has been carried out in accordance with the law. Our legitimate interest is to provide a user-friendly and secure newsletter system, which serves both our business interests and the expectations of the user and also enables us to prove that consent has been given.
You may cancel receipt of the newsletter at any time, that is, withdraw your consent or lodge an objection. A link to cancel the newsletter is available at the end of every newsletter. We are entitled to store the e-mail address contained for up to three years on the basis of our legitimate interests; before we erase it, in order to be able to prove that consent had previously been granted. The processing of these data is limited to the purpose of defence of any claims.
Newsletter – performance measurement The newsletter contains what is known as a "web beacon", i.e. a file the size of a pixel, which is accessed from our server when the newsletter is opened on this server, or if we use a shipping service provider. During this access technical information, such as information on the browser and your system, as well as your IP address and the time of access is initially collected. This information is used for the technical improvement of the services through the technical data or the target groups and their reading behaviour by means of their retrieval location (which can be ascertained by means of the IP address) or the time of access. The statistical analyses also detect whether the newsletter is opened, when it is opened and which links are clicked. For technical reasons this information may be attributed to the individual recipients of the newsletter. However, it is neither our intention, nor that of the shipping service provider, if one has been appointed, to observe individual users. Rather, the analyses are useful to us to identify the reading habits of our users and to adjust our content to them or to send different content according to the interests of our users.
Google will use this information on our behalf to analyse the use of our online offer by the user, to compile reports on the activities within this online offer and to provide us with other services associated with the use of the online offer and the use of the Internet. In this process pseudonymous user profiles can be generated from the data processed. We use Google Analytics only with IP anonymisation activated. This means that the user's IP address is abbreviated by Google within Switzerland or the European Economic Area. Only in exceptional cases is the full IP address transmitted to a server in the USA and abbreviated there. The anonymised IP address transmitted from the user's browser is not mixed with other Google data.
Google Re/Marketing Services On the basis of our legitimate interests (i.e. interests in the analysis, optimisation and commercial operation of our online offer) we reserve the right to make use of and use the marketing and re-marketing services (Google marketing services) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (Google). According to Google in the case of users, who are normally resident in the European Economic Area or in Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is the Controller responsible for your data.
Google Marketing Services enable us to present targeted advertising for and on our website, in order to present to users only those advertisements, which potentially address their interests. When a user is shown advertisements for products, in which he or she has shown interest on other websites, this is referred to as "re-marketing". For these purposes when you access our websites and those of others, on which Google Marketing Services are active, Google issues a code and this integrates marketing or re-marketing tags (invisible graphics or codes, also known as web beacons) into the website. With their help an individual cookie, or small file, is saved on the user's terminal. Instead of cookies other technologies may be used. This file notes which websites the user has visited, what content interests the user and which offers he or she has clicked on, as well as technical information on the browser and operating system, referring web pages, time of visit and other information on the use of the online offer.
Similarly, the user's IP address is recorded, whereby we advise you that Google Analytics abbreviates the IP address within the Member States of the European Union or in other states/countries which are contractual parties to the Agreement on the European Economic Area and only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there. The IP address is not merged with the user's data within other offers from Google. Google may also link the information detailed above with such information from other sources. If the user subsequently visits other websites, he or she may be shown advertisements which match his or her interests.
The user's data are processed by Google Marketing Services in a pseudonymised form. This means that Google does not, for example, store and process the name or e-mail address of the user, but processes the relevant data obtained from the cookie within a pseudonymous user profile. This in turn means that from Google's point of view the advertisements are not administered and displayed to a specifically identified person, but to the cookie holder, irrespective of who this cookie holder is. This does not apply, if a user has expressly permitted Google to process the data without pseudonymisation The information collected by Google Marketing Services on the user is transferred to Google and stored on Google servers in the USA.
Google Tag Manager
We are also able to use Google Tag Manager to integrate and administrate Google analysis and marketing services on our website. Google Tag Manager is a solution, with which we can manage website tags across an interface. The Google Tag Manager tool itself, which implements the tags, is a domain without cookies and does not collect any personal data. However, the tool ensures that other tags are released; these tags for their part may in some cases collect data. Conversely, Google Tag Manager itself does not access these data. If deactivation at the domain or cookie level is specified, this remains in existence for all tracking tags implemented with Google Tag Manager.
Further information on Google Tag Manager is available on Google Tag Manager Use Policy | Google Tag Manager – Google.
Google Web Fonts
In order to display our contents correctly and graphically across all browsers, we use Google Webfonts script libraries and font libraries to display fonts. Google Webfonts are transferred to avoid repeated downloading into your browser’s cache. If your browser does not support Google Webfonts or prohibits access, contents are displayed in a standard font.
Accessing script libraries or font libraries automatically triggers a link to the library operator. In this way it is theoretically possible that operators of relevant libraries might collect data, although it is currently not clear whether and, if applicable, for what purposes the operator collects Google data in this case.
We collect no personal data through the link with Google Web Fonts.
Please note that in this case data from users outside Switzerland or the European Economic Area may be processed. This may result in risks for the users because, for example, it could make it more difficult to enforce the rights of the users.
Integration of third-party services and content Within our online offer we use content or service offers from third-party providers, in order to include their contents and services, such as videos or fonts (hereinafter collectively referred to as “content”). This always requires that the third-party providers are aware of the users' IP address, since without the IP address they would be unable to send the content to the users' browsers. Therefore, the IP address is required so that this content can be displayed. We endeavour to use only the content of the respective access providers, which use the IP address solely for the delivery of the content. In addition, third-party providers are able to use what are known as pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes. The pixel tags allow information, such as visitor traffic to the pages of these websites to be analysed. The pseudonymous information can also be stored in cookies on the user's device and may include information, including technical information on the browser and operating system, websites consulted, times of visits and other data on the use of our online offer, and may also be linked to information of this type from other sources.