What is it about?
We are subject to Swiss data protection law and any applicable foreign data protection law, in particular that of the European Union (EU), as determined by the General Data Protection Regulation (GDPR). However, whether and to what extent foreign data protection law is applicable depends on the individual case.
Who is responsible and how can you contact us?
The company responsible for the processing of your data is Suter Inox AG, based in Brugg, registered office, Schachenstrasse 20 in 5116 Schinznach Bad (tel.: +41 58 263 64 00).
If you have any questions in connection with our website or on the subject of data protection, you can contact our data protection officer directly at email@example.com.
We also have a data protection representative in the EU as an additional point of contact for supervisory authorities and data subjects in terms of Art. 27 GDPR: reichert & reichert, tax consultancy and law office, Max-Porzig-Strasse 1, D-78224 Singen / Reichenaustrasse 19a, D-78467 Konstanz, firstname.lastname@example.org.
On what legal basis do we process data?
We always process personal data in accordance with Swiss data protection law. In other respects, we process personal data – insofar as and to the extent that the GDPR is applicable – in accordance with at least the following principles and legal bases:
- The consent of the data subject to the processing of personal data concerning him or her was given (point (a) of Art. 6 (1) GDPR).
- The processing of personal data is necessary for the performance of a contract, the associated contracting party, or for the implementation of pre-contractual measures (point (b) of Art. 6 (1) GDPR).
- The processing is necessary for the fulfilment of a legal obligation to which we are subject (point (c) of Art. 6 (1) GDPR).
- The processing of personal data is necessary to protect the vital interests of the data subject or another natural person (point (d) of Art. 6 (1) GDPR).
- The processing is necessary to protect the legitimate interests of us or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data are overriding (point (f) of Art. 6 (1) GDPR). Our legitimate interests include, in particular, our business interests in being able to provide our website, the enforcement of our own legal claims as well as compliance with the legal bases that are applicable to us.
What data is collected and for what purpose?
When visiting our website
Our website is hosted by Flow Swiss AG, based in Zurich. Our hosting provider automatically collects and stores general data and information in what are referred to as server log files, which are automatically transferred by the browser that you use. The following data are collected and/or logged:
- Browser type and versions used
- The operating system used by the accessing system
- The website and sub-website from which the accessing system arrives at our website (referrer URL)
- Host name of the computer used for access
- Date and time of access
- Place/region of access
- The IP address
- The name of the accessed page/file
- The volume of data transferred
The anonymously collected data and information can be evaluated with the aim of increasing the levels of data protection and data security. The anonymous data from the server logs are stored separately from the other personal data submitted by a data subject.
We do not draw any conclusions about your person on the basis of this general data or information. The data and information collected from the server log are used solely to analyse the functioning of the website and to provide law enforcement authorities with the necessary information upon request in the event of a cyber attack.
When opening a customer account
On our website, you have the option to open a customer account. We collect the following data during your registration:
- First name and surname
- Company (optional)
- Postal address
- Email address
- Phone/fax (optional)
- Date of birth
- User name and password
The collection of this data takes place for the purpose of the contract processing and serves you as a customer by providing you access to your basic data stored with us through a password-protected portal. You are able to view your completed and open orders, your watch list and offers in your portal and manage your personal data. You can also manage your newsletter subscription via your customer account.
When shopping in the online shop
If you would like to place orders in our online shop, we require the following information for the processing of the contract:
- First name and surname
- Company (optional)
- Invoice and delivery address
- Payment details (depending on the selected payment method)
- Email address
- Fax (optional)
- If a customer account exists: User name and password
In the case of payments via our online shop
To be able to offer you an effective and secure payment option for your purchases in our online shop, we use external payment service providers via Datatrans AG, based in Zurich, through whose platform you are able to make your payment transactions. The data processed by the payment service providers include inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contractual amounts and recipient-related information. The information is required so as to be able to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. We do not receive any (bank) account or credit card information; we only receive information to confirm (accept) or reject the payment. Under certain circumstances, the data may be transferred by the payment service providers to credit agencies for the purpose of checking identity and creditworthiness. For this and for the payment transactions, we refer to the GTC and privacy policies of the respective payment service providers.
When using our contact form
You have the possibility to contact us via the contact form. The personal data such as name, address, telephone number and email address voluntarily transferred in this way are automatically stored and processed for the purposes of contacting you.
The data entered by you in the contact form will remain with us until you ask us to erase it, withdraw your consent to its storage or the purpose for the data storage is omitted (e.g. after completed processing of your enquiry). Imperative legal provisions – particularly retention periods – shall remain unaffected.
When you subscribe to our newsletter
If you have signed up for our newsletter, we will use your name and email address to send you our newsletters. The data processing is thus based on your consent and our interest in informing you about our services. You can withdraw this consent at any time by cancelling your subscription to the newsletter. The lawfulness of the data processing prior to the withdrawal of the consent shall remain unaffected.
We use CleverReach, a service of CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany, to send our newsletter. CleverReach is a service with which the sending of our newsletter can be organised and analysed. The data you enter for the purpose of receiving newsletters (such as your email address) is stored on the servers of CleverReach in Germany. For further information about the data protection conditions of CleverReach, refer to: https://www.cleverreach.com/de-de/datenschutz/.
If you do not wish for analysis to be carried out by CleverReach, you must cancel your newsletter subscription. An appropriate link is included in every newsletter email that allows you to do so. You can also end your newsletter subscription by sending an email to us or via your customer account.
Our website uses “cookies”. Cookies are small text files that are stored on your computer via the browser when you visit our website. These text files are used to make our offer user-friendly and to provide you with our services in a technically error-free and optimised form. Most of the cookies used by us are “session cookies”. These are erased automatically at the end of your visit. Other cookies are stored on your end device until you erase them. These cookies allow us to recognise your browser during your next visit to our site. These cookies allow us to evaluate what your preferences are within our website. Through the use of technically unnecessary cookies, we then learn how our website is used, which enables us to continuously improve our offer.
If you do not wish to do this, you can set your browser settings so that your browser notifies you about the setting of a cookie, to which you must then consent. A complete deactivation of cookies in your browser, however, may limit the functionality of our website.
How do we use web analytics tools and plugins?
To optimise the design of our website, we use the functions of the web analysis service Google Analytics. Google Analytics uses persistent cookies to collect anonymous information, such as the number of visitors to the website and information about where visitors log on to our website and which pages they view or the length of their visit to our website. The text files are stored on your computer and enable an analysis of the use of the website by us. The information which is generated by the cookie concerning your use of this website is usually transferred to a Google server in the US and stored there. We have, however, activated the anonymisation of IP addresses on this website. This means that your IP address will be abbreviated by Google within European Union member states or other states which are part of the European Economic Area before it is transferred to the US. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. On behalf of the provider of this website, Google will use this information to analyse your use of the website, to compile reports about your website activity and to provide further services which are connected to the use of this website and of the Internet for its operator. The IP address transferred by your browser within the framework of Google Analytics will not be combined with any other data of Google.
The processing of your personal data by Google is primarily the responsibility of Google and takes place according to its data protection provisions. You can deactivate this function at any time with the ad settings in your Google account or prevent the collection of your data by Google Analytics, however, by setting an opt-out cookie which prevents the collection of your data during future visits to this website: https://tools.google.com/dlpage/gaoptout?hl=de
We use the map service Google Maps on our website.
To use the features of Google Maps, it is necessary for your IP address to be saved. This information will usually be transferred to a Google server in the US, where it will be saved. We have no influence over this transfer of data.
Google Tag Manager
We use Google Tag Manager to be able to better manage and evaluate the tools that are used on our website.
Hotjar – HeatMap
We use a heat map service on our website which is provided by Hotjar Ltd. (St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta). This is a tool for analysing your user behaviour on our website. It allows us to see the areas of the website where the mouse is moved or clicked the most often. Each individual user session is recorded. We can then replay the sessions and thereby analyse the use of our website, which serves to improve our web offerings.
We have integrated videos from the provider Vimeo LLC (555 West 18th Street, New York 10011) on our website. When you visit such a video on our website, a connection will be established to the Vimeo servers. This will notify the Vimeo servers which of our web pages you have visited. If you are logged in to Vimeo as a member, Vimeo will assign this information to your personal user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and erasing the corresponding Vimeo cookies.
Further information on the data processing by Vimeo is available here: https://vimeo.com/privacy.
On our website we also use YouTube for embedding videos, which is a service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
If the playback of the YouTube video is initiated, YouTube will set a cookie to collect information about the user behaviour. This will notify the YouTube server which of our web pages you have visited. If you are logged in to your YouTube account, you allow YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
Further information on how Google handles user data is available here: https://www.google.de/intl/de/policies/privacy/.
Social media plugins
We use components of the LinkedIn, Instagram, Facebook and YouTube networks on our website. These services are operated by the companies Meta Platforms (Facebook and Instagram), Google Ltd. (YouTube) and LinkedIn Ireland Unlimited Company (LinkedIn). By integrating these networks, you are given the opportunity to share the posts stored on our website on the above-mentioned platforms and/or to visit our website on the social media channels.
You can recognise the plugins by the corresponding icons of the above-mentioned platforms on our website. When you visit our website, a direct connection will be established between your browser and the server of the corresponding social media provider via the plugin. As a result of this, the provider receives the information that you have visited our website with your IP address. If you click on a corresponding logo while you are logged into your account, you can link the contents of our pages on your profile. This enables the social media provider to assign the visit to our pages to your user account.
Please note that we, as the website provider, do not have access to the content of the data transferred or its use by such social media platforms. Details on collection of data (purpose, scope, further processing, use) as well as your rights and settings options are provided in the privacy policies of the respective networks:
- YouTube: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Facebook / Instagram: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
- LinkedIn: LinkedIn Ireland Unlimited Company, Dublin 2, Ireland
To whom will my personal data be forwarded?
As a matter of principle, we only transfer personal data to third parties if this is necessary within the context of a contract, for the purpose of our or your legal protection, for the fulfilment of legal obligations, or in relation to a collaboration with a service partner. Our service partners include, in particular, those referred to above under “Web analytics tools and plugins”. No further transfer of data will take place, or it will only occur if you have expressly consented to its transfer. Your data will not be passed on to third parties without your express consent, for advertising purposes, for example.
For the maintenance and upkeep of our IT systems and our website, our IT service provider, our web host and website operator may also have access to specific personal data. They have contractually agreed to manage such data with care and are only permitted to process personal data on our behalf and in accordance with our instructions. The disclosure of such data to third parties by them has been contractually excluded. The right to surrender the data to public authorities on the basis of corresponding mandatory statutory reasons remains reserved.
We process personal data in Switzerland and the European Economic Area (EEA). However, we may also export and/or transfer personal data to other countries, in particular for its processing or to arrange for its processing there (conceivable in particular for the online services that we use). If this is a country without sufficient data protection, we shall conclude the EU standard contractual clauses in particular, but we may also rely on consent on a case-by-case basis, or transfer data abroad because it is necessary for the processing of a contract if the data was published by you or if necessary for legal proceedings abroad.
How will my data be backed up?
We shall take all reasonable steps that are appropriate from a technical and organisational point of view to ensure the security of your personal data. We continuously improve our security measures and adapt them according to the current state of the art.
For security reasons and to protect the transfer of confidential content, this website then uses SSL and/or TLS encryption with a DV / OV / EV certificate. You can recognise an encrypted connection by the address line in the browser changing from “http://” to “https://” and by the lock symbol in the browser line. If SSL- and/or TLS encryption is enabled, the data you transfer to us cannot be accessed by third parties.
For how long do we retain your personal data?
We shall retain your personal data for as long as it is necessary for the purposes for which it is processed. Furthermore, we shall retain your personal data to comply with statutory and regulatory documentation and retention obligations, for as long as claims may be asserted against us or insofar as this is required by legitimate interests, in particular the security of our data (for example, for evidential purposes or for IT security). Personal data, the processing of which is no longer necessary, will be anonymised or erased.
Which rights do you have in connection with the processing of your data?
If you feel that your privacy or otherwise in terms of your personal data has been infringed as a result of data processing operations on our part, you have the right to contact us at any time via the above-mentioned data controller.
If the respectively applicable requirements are met and no statutory derogations apply, you have the following rights:
- the right to access your personal data and certain aspects of the processing;
- the right of rectification for your personal data;
- the right of erasure for your personal data;
- the right to the restriction of processing for your personal data;
- the right to object to the processing of your personal data.
You also have the right to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
You can also request that we provide either you or a third party with the personal data concerning you that we process automatically on the basis of your consent or for the fulfilment of a contract in a common, machine-readable format.
Some data processing operations are only therefore possible with your explicit consent. You can withdraw the consent that you provided on a previous occasion at any time. To do so, sending us an informal message by email is sufficient (email@example.com. The lawfulness of the data processing prior to the withdrawal of consent remains unaffected, however.
Version 1 / September 1, 2023