Privacy Policy

With this privacy policy, we inform you about the processing of personal data in connection with our activities and operations, including our website under the domain name swissfeel.com. In particular, we inform you for what purpose, how, and where we process which personal data. We also inform you about the rights of individuals whose data we process.

For individual or additional activities and operations, we may publish further privacy policies or other information regarding data protection.

We are subject to Swiss law as well as, where applicable, foreign law, in particular that of the European Union (EU) with the European General Data Protection Regulation (GDPR).

The European Commission recognized with its decision of July 26, 2000 that Swiss data protection law ensures an adequate level of data protection. With its report of January 15, 2024, the European Commission confirmed this adequacy decision.

1. Contact addresses

Responsible in the sense of data protection law is:

SWISSFEEL AG
Leutschenbachstrasse 41
CH-8050 Zurich

info@swissfeel.com

In individual cases, third parties may be responsible for the processing of personal data, or there may be joint responsibility with third parties. Upon request, we will gladly provide data subjects with information about the respective responsibility.

2. Terms and legal bases

2.1 Terms

Data subject: Natural person whose personal data we process.

Personal data: All information relating to an identified or identifiable natural person.

Particularly sensitive personal data: Data relating to trade union, political, religious, or philosophical views and activities; data concerning health, privacy, or affiliation with an ethnicity or race; genetic data; biometric data uniquely identifying a natural person; data relating to criminal and administrative sanctions or prosecutions; and data relating to social assistance measures.

Processing: Any handling of personal data, regardless of the means and methods used, such as querying, matching, adapting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, revealing, sorting, organizing, saving, altering, disseminating, linking, destroying, and using personal data.

European Economic Area (EEA): Member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.

2.2 Legal bases

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

We process personal data – insofar as and to the extent that the European General Data Protection Regulation (GDPR) applies – in accordance with at least one of the following legal bases:

• Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data to fulfill a contract with the data subject as well as to carry out pre-contractual measures.
• Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to safeguard legitimate interests – including the legitimate interests of third parties – provided that the fundamental freedoms and rights as well as the interests of the data subject do not prevail. Such interests include, in particular, the sustainable, user-friendly, secure, and reliable exercise of our activities and operations, ensuring information security, protection against misuse, enforcement of our own legal claims, and compliance with Swiss law.
• Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under applicable law of member states in the European Economic Area (EEA).
• Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data in the performance of a task carried out in the public interest.
• Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
• Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
• Art. 9 para. 2 et seq. GDPR for the processing of special categories of personal data, in particular with the consent of the data subjects.

The European General Data Protection Regulation (GDPR) refers to the processing of personal data as "processing of personal data" and to the processing of particularly sensitive personal data as "processing of special categories of personal data" (Art. 9 GDPR).

3. Type, scope and purpose of the processing of personal data

We process the personal data that is necessary in order to be able to carry out our activities and operations on a permanent, user-friendly, secure, and reliable basis. The processed personal data may in particular fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data. The personal data may also constitute particularly sensitive personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of carrying out our activities and operations, insofar as such processing is permissible.

We process personal data, where necessary, with the consent of the data subjects. In many cases, however, we may process personal data without consent, for example to fulfill legal obligations or to safeguard overriding interests. We may also ask data subjects for their consent even when their consent is not required.

We process personal data for the duration necessary for the respective purpose. In particular, we anonymize or delete personal data depending on statutory retention and limitation periods.

4. Disclosure of personal data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may include, for example, specialized providers whose services we use.

In the course of our activities and operations, we may in particular disclose personal data to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister, and subsidiary companies, organizations and associations, social institutions, telecommunications companies, insurance companies, and payment service providers.

5. Communication

We process personal data in order to communicate with individuals as well as with authorities, organizations, and companies. In particular, we process data provided to us by a data subject when contacting us, for example by postal mail or email. We may store such data in an address book or using comparable tools.

Third parties who transmit data to us about other individuals are required to independently ensure the data protection of those individuals. In particular, they must ensure that such data is accurate and that it may be transmitted.

We use selected services from suitable providers to enable and improve communication with individuals and other communication partners. With such services, we may also manage and otherwise process the data of the data subjects beyond direct communication.

We particularly use:

• bexio: Customer Relationship Management (CRM); provider: bexio AG (Switzerland); data protection information: Privacy Policy, “Cloud and Data Security”, “Data Security – Definition and Measures for Companies”.

6. Applications

We process personal data of applicants insofar as it is necessary for assessing suitability for an employment relationship or for the subsequent execution of an employment contract. The required personal data results in particular from the requested information, for example within the scope of a job advertisement. We may publish job advertisements with the help of suitable third parties, for example in electronic and printed media or on job portals and recruitment platforms.

We also process personal data that applicants provide or publish voluntarily, in particular as part of cover letters, résumés, and other application documents as well as online profiles.

We process – insofar as and to the extent that the General Data Protection Regulation (GDPR) applies – personal data of applicants in particular in accordance with Art. 9 para. 2 lit. b GDPR.

We may enable applicants to store their information in our talent pool so that it can be considered for future open positions. We may also use such information to maintain contact and to provide updates. If we believe that an applicant may be suitable for an open position based on the information provided, we may inform the applicant accordingly.

7. Data security

We take appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. With our measures, we particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data, though we cannot guarantee absolute data security.

Access to our website and our other digital presence is carried out by means of transport encryption (SSL / TLS, in particular with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn before visiting a website without transport encryption.

Our digital communication is subject – as is basically any digital communication – to mass surveillance without cause or suspicion by security authorities in Switzerland, in the rest of Europe, in the United States of America (USA), and in other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police authorities, and other security authorities. Nor can we rule out that a data subject may be specifically monitored.

8. Personal data abroad

We primarily process personal data in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular in order to process it there or have it processed.

We may export personal data to all countries on Earth and elsewhere in the universe, provided that the local law ensures an adequate level of data protection according to a decision of the Swiss Federal Council and – insofar as and to the extent that the General Data Protection Regulation (GDPR) applies – also according to a decision of the European Commission.

We may transfer personal data to countries whose laws do not guarantee adequate data protection, provided that data protection is otherwise ensured, in particular on the basis of standard data protection clauses or with other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, for example the explicit consent of the data subjects or a direct connection with the conclusion or execution of a contract. Upon request, we will gladly inform data subjects about any safeguards in place or provide a copy of such safeguards.

9. Rights of data subjects

9.1 Data protection claims

We grant data subjects all claims in accordance with applicable law. Data subjects have in particular the following rights:

• Access: Data subjects may request information on whether we process personal data about them and, if so, which personal data. Data subjects also receive the information necessary to assert their data protection claims and to ensure transparency. This includes the personal data processed as such, but also, among other things, information on the purpose of processing, the retention period, any disclosure or transfer of data to other countries, and the origin of the personal data.
• Rectification and restriction: Data subjects may have incorrect personal data corrected, incomplete data completed, and the processing of their data restricted.
• Opportunity to express their own view and human review: In the case of decisions based solely on automated processing of personal data that are associated with legal consequences for them or significantly affect them (automated individual decisions), data subjects may state their own point of view and request review by a human being.
• Erasure and objection: Data subjects may have personal data erased (“right to be forgotten”) and object to the processing of their data with effect for the future.
• Data release and data transfer: Data subjects may request the release of personal data or the transfer of their data to another controller.

We may postpone, restrict, or refuse the exercise of the rights of data subjects to the extent legally permissible. We may point out any conditions that must be met for the exercise of their data protection rights. For example, we may refuse access in whole or in part with reference to confidentiality obligations, overriding interests, or the protection of other persons. Similarly, we may refuse the erasure of personal data in whole or in part, in particular with reference to statutory retention obligations.

We may exceptionally provide for costs for the exercise of rights. We will inform data subjects in advance of any such costs.

We are obliged to appropriately identify data subjects who request access or assert other rights. Data subjects are required to cooperate.

9.2 Legal remedies

Data subjects have the right to enforce their data protection claims in court or to file a report or complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states in the European Economic Area (EEA), the data protection supervisory authorities are structured federally, particularly in Germany.

10. Use of the website

10.1 Cookies

We may use cookies. Cookies – our own cookies (first-party cookies) as well as cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data does not have to be limited to traditional text-form cookies.

Cookies may be stored temporarily in the browser as “session cookies” or for a certain period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage period. Cookies make it possible, in particular, to recognize a browser on its next visit to our website and thereby, for example, measure the reach of our website. Permanent cookies can also be used, for instance, for online marketing.

Cookies can be deactivated, restricted, or deleted in whole or in part at any time in the browser settings. Browser settings often also allow automated deletion and other management of cookies. Without cookies, our website may no longer be fully available. We request – at least insofar as required under applicable law – the express consent to the use of cookies.

For cookies used for success and reach measurement or for advertising, many services provide a general opt-out option through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

Adjust settings

10.2 Logging

For each access to our website and our other digital presence, we may log at least the following information, provided it is transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of our website accessed including transferred data volume, last website accessed in the same browser window (referer/referrer).

We log such information, which may also constitute personal data, in log files. This information is necessary to be able to provide our digital presence permanently, in a user-friendly and reliable manner. The information is also necessary to ensure data security – including through third parties or with the help of third parties.

10.3 Tracking pixels

We may integrate tracking pixels into our digital presence. Tracking pixels are also referred to as web beacons. Tracking pixels – including those from third parties whose services we use – are usually small, invisible images or JavaScript-based scripts that are automatically retrieved when accessing our digital presence. At a minimum, tracking pixels can collect the same information as logging in log files.

11. Notifications and messages

11.1 Success and reach measurement

Notifications and messages may contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked. Such web links and tracking pixels can also record the use of notifications and messages on a personal basis. We need this statistical collection of usage for success and reach measurement in order to be able to send notifications and messages effectively, in a user-friendly, permanent, secure, and reliable manner, based on the needs and reading habits of recipients.

11.2 Consent and objection

You must generally consent to the use of your email address and other contact details, unless use is permitted for other legal reasons. To obtain consent with double confirmation, we may use the “double opt-in” procedure. In this case, you will receive a message with instructions for the double confirmation. We may log obtained consents including IP address and timestamp for evidence and security purposes.

You may generally object at any time to receiving notifications and messages such as newsletters. With such an objection, you may simultaneously object to the statistical recording of usage for success and reach measurement. Necessary notifications and messages related to our activities and operations remain reserved.

11.3 Service providers for notifications and messages

We send notifications and messages with the help of specialized service providers.

In particular, we use:

• Mailchimp: Communication platform; provider: The Rocket Science Group LLC DBA Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); data protection information: Privacy Statement (Intuit) including “Country and Region-Specific Terms”, “Mailchimp Privacy FAQs”, “Mailchimp and European Data Transfers”, “Security”, Cookie Policy, “Privacy Rights Requests”, “Legal Terms”.

12. Social media

We are present on social media platforms and other online platforms in order to communicate with interested individuals and to be able to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The general terms and conditions (GTC) and terms of use as well as privacy policies and other provisions of the respective operators of such platforms also apply. These provisions inform, in particular, about the rights of data subjects directly against the respective platform, which includes, for example, the right of access.

For our social media presence on Facebook, including the so-called Page Insights, we are – insofar as and to the extent that the General Data Protection Regulation (GDPR) applies – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta Companies (including in the USA). Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to be able to provide our social media presence on Facebook effectively and in a user-friendly manner.

Further information on the type, scope, and purpose of data processing, information on the rights of data subjects, and the contact details of Facebook as well as Facebook’s data protection officer can be found in the Facebook Privacy Policy. We have concluded the so-called “Controller Addendum” with Facebook and have thereby agreed in particular that Facebook is responsible for ensuring the rights of data subjects. For the so-called Page Insights, the relevant information can be found on the page “Page Insights Controller”, including “Information about Page Insights data”.

13. Services from third parties

We use services from specialized third parties so that we can carry out our activities and operations on a permanent, user-friendly, secure, and reliable basis. With such services, we can, among other things, embed functions and content into our website. In the case of such embedding, the services used collect, for technically compelling reasons, at least temporarily the IP addresses of users.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data in order to be able to provide the respective service.

We particularly use:

• Google services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) partly for users in the European Economic Area (EEA) and in Switzerland; general information on data protection: “Privacy and security principles”, “More about how Google uses personal data”, Privacy Policy, “Google is committed to complying with applicable data protection laws”, “Privacy Guide for Google products”, “How we use data from sites or apps that use our services”, Cookie Policy, “Ads you can influence” (settings for personalized advertising).
• Microsoft services: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), in Switzerland, and in the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; general information on data protection: “Privacy at Microsoft”, “Privacy and security”, Privacy Statement, “Data and privacy settings”.

13.1 Digital infrastructure

We use services from specialized third parties to obtain the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

13.2 Appointment scheduling

We use services from specialized third parties to be able to schedule appointments online, for example for meetings. In addition to this Privacy Policy, any terms directly visible from the services used, such as terms of use or privacy policies, also apply.

We particularly use:

• Doodle: Online appointment scheduling; provider: Doodle AG (Switzerland) as a subsidiary of TX Group AG (Switzerland); data protection information: Privacy Policy, “General Terms and Conditions of the Processing of Personal Data”.

13.3 Audio and video conferences

We use specialized services for audio and video conferences in order to communicate online. With them, we can, for example, hold virtual meetings or conduct online classes and webinars. Participation in audio and video conferences is also subject to the legal texts of the individual services, such as privacy policies and terms of use.

Depending on your situation in life, we recommend muting the microphone by default when participating in audio or video conferences, as well as blurring the background or using a virtual background.

We particularly use:

• Google Meet: Video conferences; provider: Google; Google Meet-specific information: “Google Meet – Security and privacy for users”.
• Zoom: Platform for collaborative work, particularly with video conferences; provider: Zoom Video Communications Inc. (USA); privacy information: “Privacy at Zoom”, Privacy Policy, “Legal compliance”.

13.4 Online collaboration

We use services from third parties to enable online collaboration. In addition to this Privacy Policy, any directly visible terms of the services used, such as terms of use or privacy policies, also apply.

We particularly use:

• Asana: Collaboration platform for companies; provider: Asana Inc. (USA); privacy information: “Trust at Asana”, Privacy Policy, Bug bounty program.
• Microsoft Teams: Platform for productive collaboration, particularly with audio and video conferences; provider: Microsoft; Teams-specific information: “Security and compliance in Microsoft Teams,” particularly “Privacy”.

13.5 Digital content

We use services from specialized third parties to be able to embed digital content into our website. Digital content includes, in particular, images and video material, music, and podcasts.

We particularly use:

• YouTube: Video platform; provider: Google; YouTube-specific information: “Privacy and Safety Center”, “Your data on YouTube”.

13.6 Payments

We use specialized service providers to be able to process payments securely and reliably. The legal texts of the individual providers, such as general terms and conditions (GTC) or privacy policies, apply in addition to this Privacy Policy.

We particularly use:

• Stripe: Payment processing; providers: Stripe Inc. (USA) / Stripe Capital Europe Limited (Ireland) / Stripe Payments Europe Limited (SPEL, Ireland) / Stripe Payments UK Limited (United Kingdom); privacy information: “Stripe Privacy Center”, Privacy Policy, Cookie Policy.

14. Success and reach measurement

We try to measure the success and reach of our activities and operations. In this context, we may also measure the impact of third-party references or check how different parts or versions of our digital presence are used (“A/B testing” method). Based on the results of success and reach measurement, we can, in particular, correct errors, strengthen popular content, or make improvements.

For success and reach measurement, the IP addresses of individual users are recorded in most cases. In this case, IP addresses are generally shortened (“IP masking”) in order to follow the principle of data minimization through corresponding pseudonymization.

Cookies may be used in success and reach measurement, and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our digital presence, information on the size of the screen or browser window, and the – at least approximate – location. Generally, any user profiles are created exclusively in a pseudonymized form and are not used to identify individual users. Certain third-party services, where users are logged in, may possibly assign the use of our online offering to the user account or user profile at the respective service.

We particularly use:

• Google Marketing Platform: Success and reach measurement, particularly with Google Analytics; provider: Google; Google Marketing Platform-specific information: measurement also across different browsers and devices (cross-device tracking) with pseudonymized IP addresses, which are only exceptionally fully transmitted to Google in the USA, Privacy Policy for Google Analytics, “Browser add-on to deactivate Google Analytics”.
• Google Tag Manager: Integration and management of Google and third-party services, particularly for success and reach measurement; provider: Google; Google Tag Manager-specific information: Privacy Policy for Google Tag Manager; further data protection information can be found in the individual integrated and managed services.

15. Final notes on this Privacy Policy

We created this Privacy Policy with the Privacy Policy Generator from Datenschutzpartner .

We may update this Privacy Policy at any time. We will inform about updates in an appropriate manner, in particular by publishing the current Privacy Policy on our website.