Privacy Statement

Effective: 17/09/2018

1. Purpose of this Privacy Policy
2. Identity of the controller and contact details
3. Scope of "personal data" and "processing"
4. Purpose of the processing
5. Sharing your personal information
6. Cross-border transfer of personal data
7. Profiling and automated individual decision making
8. Security of your personal data
9. Retention of your personal data
10. What rights do you have in relation to the processing of your personal data?
11. Other considerations
12. Changes to this Privacy Policy

1. Purpose of this Privacy Policy
With a view to the new EU General Data Protection Regulation ("GDPR"), this privacy policy ("Privacy Policy") sets out which personal data we process, in which way and for what purposes.
This Privacy Policy applies to any processing of personal data in connection with all our business activities in all our business areas. This also includes the business activities of all our affiliated companies, unless they have issued a separate privacy policy. For certain services additional Privacy Policies may apply. We will inform you of these provisions in an appropriate manner where such is the case.
In this Privacy Policy, we indicate in particular:
• which personal data we collect about you;
• when we collect your personal data;
• the purpose for which we use your personal data and the legal basis thereto;
• how long we retain your personal data;
• who has access to your personal data; and
• what rights you have with regard to your personal data.
You will find corresponding notes and explanations below. Please find further details in the table at the end of this Privacy Policy. In case of questions, please contact us. You can find our contact details following this link.

2. Identity of the controller and contact details
In principle, the following entity ("we" or "us") acts as controller with regard of the data processing in accordance with this Privacy Policy:

Habasit International AG
Römerstrasse 1
Reinach-Basel, CH-4153
Email privacy@habasit.com Tel: +41 61 715 15 15

The entities of the Habasit Group have not appointed a data protection officer according to article 37 GDPR save for affiliates in Germany and Poland. You will find the details of the data protection officers concerned on the respective local websites.
In certain cases the controller of your personal data is not us, but another group entity:
• If you are in contact with another Habasit Group entity, then this entity is the controller with regard to the respective data processing, unless this Privacy Policy provides otherwise.
• In certain cases, we may also transfer your personal data to another Habasit Group entity or to third parties so that these recipients can process personal data for their own purposes, i.e. not on our behalf. This may also include public authorities. This Privacy Policy states where such may be the case. In this case, the respective recipient is the controller.

3. Scope of "personal data" and "processing"
Personal data is all information that relates to a particular natural person or (according to Swiss data protection law) a legal entity. This for example includes the following information provided that it can be assigned to a specific natural person:
• contact information, e.g. name, address, e-mail address, telephone number;
• further personal information, e.g. gender, birthday and age, marital status, nationality, passport number;
• job-related information, e.g. profession, title, function, education, former employers, skills and experience, permits and admissions as well as memberships;
• logs showing your visits on our website and the use of our apps.
You will find specific information on the personal data we process under section 4 and in the table at the end of this data protection declaration.
"Processing" means any operation or set of operations which is performed on personal data. This includes, for example, the following actions:
• the collection, storage and retention;
• the organisation, the arrangement and the administration;
• adaptation and alteration;
• retrieval and consultation;
• the use and application;
• the disclosure;
• the alignment and the combination;
• the restriction;
• the erasure and destruction; and
• the transfer and dissemination.
This Privacy Policy applies to all these operations insofar as they concern personal data.

4. Purpose of the processing
Depending on the occasion and purpose, we process very different personal data. You will find more details in this section and in the table at the end of this Privacy Policy and frequently also in general terms and conditions, terms of participation and specific privacy statements. Among other things, we process personal data - possibly also sensitive personal data - in the following situations and for the following purposes:

Communication: We process personal data when you contact us or when we contact you, e.g. when you contact our customer service as well as when you write or call us. Normally, we only require information such as name and contact data and the content and time of the relevant messages. We use this data in order to provide you with information, process your request and to communicate with you. We can also forward messages within the Habasit Group to the responsible entity offices, e.g. if your request concerns another entity.

Purchase of goods and services: We also receive and process personal data if you make use of our services or purchase goods. We process your personal data, for example, for the processing of orders and contracts, including the dispatch of order and shipping confirmations, delivery confirmations, delivery and invoicing.

Visiting websites (including our blog(s)); using apps: When you visit our websites (including our blog(s)) or install and use an app from us, we process personal data. The processing depends on the offer and functionality of the website or app. This data includes, for example, your domain name and IP address information, log data, information about the time our website was accessed, the duration of the visit and the pages accessed. We use this data for reasons of IT security, but also to improve the user-friendliness of the website and its functions and to measure the number of visits, average time spent on the websites of our domain, pages viewed within the domain, etc. We also use this information to create statistics on the use of our websites and their contents. We also use "cookies", which are small text files that are temporarily or permanently stored on your device when you visit our website. Cookies are often required for the functionality of the website. Others are used to personalize the offer. However, logs and cookies often do not contain personal data because we are often unable to assign this information to you. We also use analysis services such as Google Analytics. Within the use of such services, detailed information about the use of the relevant website is collected, but such information is also often not personal. Finally, we may use functionalities from third party providers, which may result in the provider concerned processing data about you. Please refer to the table at the end of this Privacy Policy for further details. There you will also learn how you can prevent these processing steps.

Information and direct marketing: We process personal data in many ways for information and marketing purposes, including for information and marketing purposes. If you, for example, register for a newsletter or other form of communication (such as brochures or messages by SMS), we will, for example, process your contact details and information about your use of the newsletter.

Visiting our premises: When you enter our premises, we may make video recordings in appropriately marked areas for security and evidence purposes. You may also be able to use a Wi-Fi service. In this case, we collect device-specific data in the course of your registration, and we may ask you to enter your name and e-mail address when registering if so required by applicable local legislation.

Customer events: When we hold customer events (such as advertising events, sponsoring events, cultural and sporting events), we also process personal data. Such data include the name and address of the participants or interested parties and other data depending on the event, e.g. your date of birth. We process this information for the purpose of carrying out customer events, but also for our own marketing purposes. Further details can be found in the respective conditions of participation.

Business partners: We work together with various companies and business partners. We also process personal data about the contact persons in these companies, e.g. name, function and title. Depending on the field of activity, we are also required to examine the company in question and its employees more closely, e.g. to carry out a safety inspection. In this case we will collect further information. We will point this out to you separately. We may also process personal data about you to improve our customer orientation, customer satisfaction and customer loyalty (Customer Relationship Management).

Administration: We process personal data for our internal and group-internal administration. For example, we may process personal data in the context of IT or real estate management. We also process personal data for accounting and archiving purposes and generally for checking and improving internal processes.

Job applications: We also process personal data when you send job applications to us. As a general rule, we require the usual information and documents as well as the ones mentioned in a job advertisement.

Corporate deals: We may also process personal data in order to prepare and process company takeovers and sales and purchases or sales of assets such as receivables or real estate and similar transactions.

Compliance with legal requirements: We process personal data to comply with legal requirements. These include, for example, the operation of a fraud reporting system, internal investigations or the disclosure of documents to an authority if we have good reason to do so or are even legally obliged to do so.

Protection of rights: We process personal data in various constellations in order to protect our rights, e.g. to assert claims in and out of court and before local and foreign authorities or to defend ourselves against claims. For example, we can have process prospects clarified or submit documents to an authority. Authorities may also require us to disclose documents containing personal data.
The table at the end of this Privacy Policy describes in more detail what types of personal data we collect about you, how and for what purposes it is used, on what legal basis and whether you are obliged to provide us with personal data.

5. Sharing your personal information
Our employees have access to your personal data as far as it is necessary for the described purposes and the work of the employees concerned. They act in accordance with our instructions and are bound to confidentiality and secrecy when handling your personal data.
We may also transfer your personal data to other entities within the Habasit Group for the purpose of internal group administration and for the various processing purposes described in this Privacy Policy. This means that your personal data can also be processed and combined with personal data originating from another Habasit Group entity for the respective purposes.
We may also disclose your personal data to third party service providers who perform certain business operations on our behalf ("processors"), in particular:
• IT services, e.g. services in the areas of data storage (hosting), cloud services, dispatch of e-mail newsletters, data analysis etc.;
• Consulting services, e.g. services of tax consultants, lawyers, management consultants, consultants in the field of personnel recruitment and placement;
• haulage and logistics services, e.g. for the dispatch of ordered goods;
• administration services, e.g. real estate management;
• business information and debt collection, e.g. if you want to make a purchase on account or if due receivables are not paid.
Through the diligent selection of our processors and the conclusion of suitable contractual agreements, we ensure that data protection is also ensured by third parties during the entire processing of your personal data. Our processors are obliged to process the personal data exclusively on our behalf and according to our instructions.
Moreover, we may review or execute transactions such as mergers or the acquisition or sale of individual parts of an entity or its assets. In this context, the transfer of personal data to another company may be necessary. In these cases, for reasons of confidentiality, it is not always possible to inform you in advance if your personal data is affected. However, we will inform you as early as possible in each individual case and try to process as little personal data as possible.
There are also other cases where we may disclose your personal data, for instance, we may disclose your personal data to third parties (e.g. authorities) if this is required by law. We also reserve the right to process your personal data in order to comply with a court order or to assert or defend legal claims or if we consider it necessary for other legal reasons.

6. Cross-border transfer of personal data
The recipients of your personal data (section 5) may be located abroad - even outside of the European Union (EU) or the European Economic Area (EEA). The countries concerned may not have laws that protect your personal data to the same extent as the laws in Switzerland, the EU or the EEA. We refer to such countries which do not provide for adequate protection as "third countries". If we disclose your personal data to a third country recipient, we will take appropriate measures to ensure the protection of your personal data. One way of doing this is to conclude data transfer agreements ensuring the necessary data protection with the third country recipients. These include contracts approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner, the so called standard contractual clauses. It is moreover permitted to transfer personal data to recipients who have joined the US Privacy Shield program.
Please contact us if you would like to obtain a copy of our data transfer contracts or if you wish to receive further information (details in section 2).

7. Profiling and automated individual decision making
"Profiling" means a process by which personal data is processed automatically to evaluate, analyse or predict personal aspects, e.g. economic situation, personal preferences, interests, reliability, behaviour, location or movements. We may carry out profiling, e.g. in the examination of contractual partners.
"Automated individual decision making" relates to decisions which are based solely on automated means and which result in negative legal effects or other similarly negative effects on you. We will inform you separately if we make automated individual decisions and provided that such information is required by law.

8. Security of your personal data
We apply appropriate technical and organisational security processes to safeguard the security of your personal data and to protect it against unauthorised or unlawful processing and to prevent the risk of loss, unintentional alteration, unintentional disclosure or unauthorised access. However, the electronic transfer of information in particular entails security risks that cannot be completely ruled out. If you transfer information in this way, you do so at your own risk.

9. Retention of your personal data
We retain your personal data for no longer than this is necessary for the purposes for which the information is collected. We moreover retain personal data as long as we have a legitimate interest in the storage, e.g. if we need personal data for the enforcement of or the defence against claims, for archiving purposes and for guaranteeing IT security or in the case of running statutes of limitations. The relevant statute of limitations does for instance often run for ten years, in some cases for five years or one year. We also retain your personal data as long as it is subject to a legal retention obligation. Certain documents have a ten-year retention period; some even have a retention period of 25 years. Other documents must only be retained for a short period, which is the case, for example, for video surveillance recordings or for recordings of certain Internet processes (log data). In certain cases we may ask for your consent in order to retain your personal data for a longer period (e.g. in relation to job applications which we would like to keep pending).

10. What rights do you have in relation to the processing of your personal data?

You can at any time object to the processing of your personal data or freely withdraw your consent to the processing of your personal data. A right of objection exists in particular against data processing in the context of direct advertising. If you revoke your consent or effectively object to further processing for a specific purpose, we may no longer process your personal data for the corresponding purposes.

In addition, you have the following rights:

Right 

Description 

Remarks 

Right to information 

You have the right to be informed transparently, clearly and comprehensively about how we process your personal data and what rights you have in connection with the processing of your personal data. This Privacy Policy fulfils this obligation. If you would like further information, please contact us (details in section 2). 

Right of access 

You have the right to request, at any time and free of charge, access to your personal data stored and processed by us. 

In some cases, the right to information may be limited or excluded, in particular:
• if you were not able to sufficiently identify yourself;
• to protect the rights and freedoms of other persons (e.g. confidentiality obligations or third party data protection rights);
• in the event of excessive exercise of the right to access (alternatively, we may demand payment for the information); or
• if a comprehensive provision of information would generate disproportionate efforts.

Right to rectification 

You have the right to have incorrect or incomplete personal data corrected and to be informed of such rectification.
We will also inform all of our recipients of the adjustments made, unless this is impossible or involves disproportionate effort. 

Right to erasure 

You have the right to have your personal data erased. You can request the deletion of your personal data if:
• the personal data are no longer necessary for the purposes pursued;
• you have effectively withdrawn your consent or have effectively objected to the processing;
• the personal data is being processed unlawfully.

We will also inform all of our recipients of the erasure made, unless this is impossible or involves disproportionate effort. 

In individual cases, the right to erasure may be excluded, especially if processing is necessary:
• to perform a legal task or a task in the public interest;
• for the establishment, exercise or defence of legal claims 

Right to restrict processing 

Under certain circumstances, you have the right to request that the processing of your personal data be restricted.
We will also inform all of our recipients of the adjustments made, unless this is impossible or involves disproportionate effort. 

Right to data portability 

You have the right to receive the personal data concerning you, which you have provided to us, free of charge, in a commonly used and machine-readable format, provided that:
• the specific data processing is based on your consent or is necessary for the performance of the contract; and
• the processing is carried out by automated means. 

Depending on the individual case, your personal data may be transferred to you or directly to another controller. 

Right to lodge a complaint 

You have the right to lodge a complaint with a competent supervisory authority about the way we handle or process your personal data. 

Right to withdraw consent

You have the right to withdraw your consent at any time.

According to Article 21 GDPR, you may also object to data processing in certain other cases. Withdrawal of your consent will not render past processing activities that were based on your consent unlawful. 

11. Other considerations
Legal basis: The GDPR requires us to inform about the relevant legal basis for our data processing activities. According to the GDPR, the processing of personal data is particularly permitted if
• it is based on a valid consent that has not been withdrawn;
• it serves the performance of a contract to which the data subject is party or for pre-contractual measures upon the data subject's request (e.g. review of his or her contract request);
• it is necessary to fulfil a legal obligation;
• it is necessary to protect vital interests of you or another person;
• it is necessary for a task in the public interest or the exercise of official authority;
• it is necessary for legitimate interests, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
The processing of sensitive personal data (section 3]) is more restricted. Among other things, it is permitted if it
• is based on an explicit consent;
• is necessary to comply with certain obligations in the field of labour and social security law;
• relates to personal data which the data subject has obviously disclosed publicly;
• is necessary for the assertion of rights
In the table at the end of this Privacy Policy you will find information on the legal basis on which we usually base the respective data processing activities. Due to the complexity of many data processes, it cannot be ruled out, however, that in individual cases - depending on the circumstances - other legal bases may also apply.

Obligation to provide personal data: The GDPR also requires you to be informed whether you are obliged to provide your personal data due to a legal or contractual requirement or because the data is necessary to enter into a contract. We must moreover inform about the possible consequences when you fail to provide such data. You will also find corresponding information in the table at the end of this Privacy Policy.
Third party personal data: You may wish or need to provide us with third party personal data. We would like to point out that in this case you are obliged to inform the relevant persons about such data disclosure and about this Privacy Policy. You are also obliged to obtain the consent of the relevant person for such disclosure.

12. Changes to this Privacy Policy
We may modify this Privacy Policy from time to time if we change our data processing activities or if new legislation becomes applicable. We actively inform people registered with us of such modifications if this is possible without disproportionate effort. In general, however, a data processing activity is subject to the version of the Privacy Policy which is the latest version at the beginning of the relevant processing.

Table: Reason for data collection; scope, purpose and obligation to make data available; legal basis for processing.

Reason for the data collection 

 Personal data being processed

Processing purpose and obligation to make data available 

legal basis for processing 

Communication with us 

We collect personal data when you contact us in writing, electronically or by phone. We process contact and communication data, including in particular the following personal data:
– your name;
– depending on the type of communication, your contact data such as postal address, e-mail address and telephone number;
– content and time of the communication.
The content of the communication depends largely on you. If you provide us with particularly sensitive personal data, we will also process this data. Phone calls with us may be recorded; however, you will be informed in advance. 

In this context, we process your personal data for the following purposes:
– Customer service and maintenance; general communication with you: It is important to us that you can contact us and report your concerns.
– Quality assurance and training: The possible recording of conversations helps us to analyse and improve our processes.
Of course, you are not obliged to provide us with specific information. However, we can often only answer your queries if you provide us with certain minimum details. 

By contacting us, we understand that you consent to the processing of your personal data. The processing of data is within our legitimate interests, as it enables us to improve the quality of our services, avoid errors in our processes and achieve higher customer satisfaction. 

Purchase of goods and services 

When you purchase goods or services with us, we process personal data in connection with your purchasing and payment behaviour. This includes, in particular, payment information.
For purchases on account we can check your creditworthiness. For this purpose, we usually obtain information from specialized companies, so-called credit agencies.
We may also evaluate purchase information and link it to other personal information, such as non-personal statistical information and other personal information we have collected about you, in order to derive information about your preferences and affinities with certain products or services.

In this context, we process your personal data for the following purposes:
– Processing: We process your personal data so that we can record your purchases and deliver the products when ordered. We may also process your data to fight against fraud.
– Information about your purchasing behaviour: We analyse the purchasing behaviour of our customers and gain information from that, which we consider when improving our services (product range, choice of location, etc.).
– Statistical purposes: We process your personal data for statistical purposes. This also makes it easier for us to better meet the needs of our customers. 

We base our processing on the fact that we are allowed to process your personal for the performance of a contract.
We moreover base the processing on legitimate interests. Through the collected personal data we can tailor our services better and more specifically to your needs and interests and expand and improve our offerings. This is important to us so that we can successfully assert ourselves in the market. 

Online services (incl. apps) 

If you use our online services – even if you do not purchase any goods or services – we process personal data.
We can also provide mobile applications (apps). In this case, we collect personal information when you install an app, when you use the app and its features, and when you update the app, being specified that an end user license agreement between you and a Habasit Group entity may specify which personal information may be processed. Such data may include in particular the following information:
– date, time and duration of the installation;
– device-specific information such as the device type or the current version of your operating system;
– credit card information;
– information about the use of the app.
Depending on the type of offer, we process additional personal data. This may include the following personal data, which may also include sensitive data:
– information on the use of a customer account;
– your age;
– your language skills;
– your shopping behaviour;
– your location.
We may also evaluate your personal data and link it to other personal data, such as non-personal statistical information and other personal data that we have collected about you, in order to derive information about your preferences and affinities with certain products or services.
You may find further information in the applicable terms and conditions and in this table under "visiting our website". 

We process your personal data in relation to online services for the following purposes:
– Provision and analysis: We process personal data in order to make the relevant offer available online or via an app and to process the offer. This may include opening and managing a customer account in your name. We also process personal data in order to further develop the offer and to develop new services.
– Use for other services: If you use or administer other services via your customer account, we also use your personal data for that purpose.
– Provision of individualized services: By using your customer account we get to know you better. On this basis, we can provide you with personalized services.
– Administration: We process personal data in connection with online services in order to better understand the behaviour and interests of our customers. For example, we record which apps you download, how you use them, how long you have them installed and what services you benefit from. Additionally, the processing of personal data helps us to fight against fraud.
The use of the online services is voluntary. However, if you decide to use it, it is usually not possible without the corresponding processing of personal data. 

Online services can usually only be used if you accept the corresponding terms of use. Doing so, a contract will be concluded between you and us. The processing of personal data for the processing of the contract is permitted under the GDPR. Depending on the functions of the online offer, we may also ask for your consent or rely on legitimate interests. 

Visiting our website (in general) 

Every time you access our websites (including our blog(s)), for technical reasons, your browser transfers certain data to us and stores them in log files. This includes the following usage data, for example:
– IP address and device-specific information such as the MAC address of the device;
– contents accessed and the date and time of the visit to the website. 

In this context, we process your personal data for the following purposes:
– Provision of the website: The recording of certain log files is compulsory in connection with the provision of the website.
– Website management: The processing of log files helps us to maintain and correct errors, to ensure the security of our website and to fight against fraud.
– Individualization and optimization of the website: We want to design our website as individual and user-friendly as possible. For this purpose, we store individual settings, e.g. that you have already called up the relevant website, which settings (e.g. language settings) you made at that time and which functionalities you used. 

The processing of log files is in our legitimate interests. 

Visiting our website (cookies) 

Depending on the functionality, we store cookies. Cookies are small files that your browser automatically creates and that are stored on your terminal device when you visit our website. On the one hand, we use session cookies in which a unique identification number is stored, a so-called session ID, and information about the origin and storage period of the cookie. These cookies are deleted after your visit of our website. On the other hand, we use permanent cookies that remain stored even after the end of the respective browser session. Such cookies are used to recognize a visitor at a later visit.
Cookies do often not process any personal data. For example, it is hardly possible for us to assign the information collected by the cookie to a specific person. Of course, we process personal data, also with the help of cookies if you shop with us in an online shop or identify yourself in any other way. You will find respective information in this table under "online offers (incl. apps) ".
Some cookies originate from third parties. This is the case when we use functions on our website that are provided by third parties. This applies to analysis services that also work with cookies; you will find respective information in this table under "visiting our website (evaluations)". 

We use cookies for the following reasons:
– Cookies help us to ensure and safeguard the various functions and services of our website.
– The storage of cookies enables us to make it easier for you to use our website and to make functionalities as user-friendly as possible, for example by saving language settings or entries made for the duration of a browser session.
– Furthermore, cookies serve to adapt our online services to your needs. By collecting and evaluating information about the use in general and the behaviour of visitors of our website and the devices used for this purpose, we can provide you with targeted services of goods and services as well as other information that may be of particular interest to you.
You are not obliged to accept cookies used by us. You can configure your device (tablet, PC, smartphone, etc.) so that a message appears before a new cookie is created. This allows you to decline cookies. You can also delete cookies from your terminal. Further, you have the option of preventing the collection of data generated by the cookie (including your IP address) and the processing of this data by downloading and installing an appropriate browser add-on.
However, rejecting or deactivating cookies may imply that you are not able to use all functions of the website. 

The use of cookies serves our legitimate interests. Some cookies are required. This individualization is also in the interest of our website visitors. Further, the analysis of the use of our websites is a legitimate interest. 

Visiting our website (evaluation of user behaviour) 

On our website, we use Google Analytics, an analysis service of Google, Inc. in the USA. Google Analytics uses cookies that enable an analysis of the website use. General information about cookies can be found in this table under "visiting our website (cookies)". Thereby, information about your behaviour on our website and the device used (PC, tablet, smartphone, etc.) are stored. For example, this includes the following usage data:
– type and version of the browser;
– the address (URL) of the website from which you accessed our website;
– name of your provider;
– the IP address of the device;
– date and time of access to our website;
– pages visited and length of stay.
This information is stored on a Google server in the USA. However, your IP address will first be shortened in the EU or the EEA. Only in exceptional cases will the full IP address be transmitted to the USA.
We may also use similar services from other providers, each of which uses cookies. The providers often do not receive any personal data, but can record the user's use of the concerned website. 

This information is used to better understand the use of our website and to improve its content, functionality and irretrievability.
You can prevent the use of Google Analytics by installing an add-on for your browser, a so-called browser add-on. 

The processing purposes mentioned on the left are within our legitimate interest. 

Visiting our website (social plug-ins) 

Our websites may use third party plug-ins. As a result, buttons of the respective providers are displayed, or content of the respective provider is integrated on the website.
The respective provider receives in particular the following personal data:
– the information that your browser has visited the website in question;
– the IP address of the device used, even if you do not have an account with the provider.
If you are also logged in at the provider's website at the same time, the provider can assign the visit to your personal profile. 

We use plug-ins to make our website more attractive and to make it easier for you to interact with the relevant offer. This also helps us to reach a wider audience for our website. Further information about the processing of the relevant data can be found in the privacy policy of the respective providers
The plug-in provider may process your personal data as controller and in accordance with their own data protection regulations. 

The processing purposes mentioned to the left are in our legitimate interests. It is very important to us to design our website in an attractive manner and to increase the interaction with our visitors. The use of social plug-ins is an important tool for this purpose. 

Subscribing to electronic newsletters

When you subscribe to an electronic newsletter, we will in particular process the following personal data:
– Your name;
– Your e-mail address;
– the information whether you have consented to the receipt of newsletters or have filed an objection.
We may also process information about your use of the electronic newsletters, this includes in particular the following personal data:
– Delivery of the newsletter;
– if and when you have opened and forwarded the newsletter;
– links you have clicked on (target, date and time).
We may also evaluate your personal data and combine it with other personal data, such as non-personal statistical information and other personal data that we have collected about you, in order to derive information about your preferences and affinities with certain products or services. 

We process your personal data in order to send you the electronic newsletter. This also involves us informing you about changes and providing you with further information about our electronic newsletter service. We process personal data about your use of the electronic newsletter in order to get to know you better and to be able to tailor our services more specifically to you. 

We understand your subscription to our electronic newsletter as your consent for the processing of your personal data for the purposes described to the left. 

Entering an area under video surveillance 

We take video recordings in appropriately marked areas. We may thus obtain information about your behaviour in the relevant areas. The use of video surveillance cameras is limited to specific locations and clearly marked. In addition, the data collected in this manner is only available for processing to specific employees. 

Such processing is carried out for your own safety, the safety of our employees and for evidence purposes. If criminal acts are suspected, we can make the recordings available to the prosecution authorities.
If you do not want to be recorded, we must ask you not to enter the relevant areas. 

It is within our legitimate interest to ensure our customers' and employees' safety in the relevant areas and to prevent possible crimes against our employees and our customers as well as to contribute to their investigation.

Wi-Fi in our premises 

We collect device-specific data from your device as soon as you log in via our Wi-Fi infrastructure. This particularly includes the following information:
– the MAC address of your terminal device (a unique identifier for the device);
– date, time and duration of the connection.
In most cases, we cannot assign this information to a specific person. However, you may need to log in via your email address or an SMS function in order to use our Wi-Fi network services. If this is the case, we particularly collect the following personal data:
– your name;
– your e-mail address;
– if necessary, your mobile phone number;
– date and time of registration.
When you use our Wi-Fi network, we will in particular process the following information:
– duration of the connection;
– location of the used Wi-Fi service;
– the volume of data used. 

We process this information in order to provide you with Wi-Fi services and for IT security purposes. The use of our Wi-Fi service is voluntary. You are in principle also not obliged to disclose any personal data to us. However, it may not be possible to use the Wi-Fi service without your personal data being processed accordingly. 

By using our Wi-Fi service, you consent to our processing of your personal data for this purpose. 

Participation in customer events 

We process personal data when we invite you to customer events (such as promotional events, sponsoring events, cultural and sporting events). In particular, this includes the following - possibly particularly sensitive - personal data:
– your name;
– your contact details;
– your participation or non-participation;
– further, customer-specific data, such as your date of birth.
We may also evaluate your personal data and combine it with other personal data, such as non-personal statistical information and other personal data that we have collected about you, in order to derive information about your preferences and affinities with certain products or services. 

We process your personal data in order to invite you to our events and to find out which customer events you are interested in. In this way, we can draw your attention specifically to the customer events that we hope will be of interest to you.
Participation in customer events is voluntary, but usually not possible without the processing of personal data. 

We process your personal data after you have given us your consent to inform you about the relevant customer events or if you have registered for one of our customer events.
The processing mentioned to the left is also in our legitimate interest, because it enables us to get in touch with you personally and to get to know you better. This enables us to better tailor our services to your needs and interests and to expand and improve our services. This is important for us so that we can successfully assert ourselves in the market.

Contact with our firm as business partner 

If you work for a company that supplies or purchases goods or services from us or that works together with us in some other way, we process personal data about you, such as, for example,
– Your name;
– your position, your title, your field of activity;
– stations of your professional career;
– your interactions with us.
We process further personal data, including sensitive personal data , when we check whether we want or can work with your company (e.g. during security audits).
If you are working on our premises, we will also process other contact details, such as details of:
– nationality and residence status;
– previous convictions and criminal measures;
– data about user accounts and their use;
– badge number and use;
– your use of our IT infrastructure;
– video recording (if you are in an area under video surveillance).
We will inform you separately about such processing or ask for your consent.

The processing of personal data serves the following purposes:
– to check whether we obtain services from your company or deliver them to your company or whether we want and can work together with your company (e.g. in the course of suitability tests, checks for conflicts of interest, etc.);
– to check whether your company offers the required security standards should it process personal data on our behalf;
– to plan the work schedules of our employees and, if necessary, of you or of employees of your company;
– for training purposes;
– for monitoring and performance evaluation;
– for the preparation and processing of company takeovers and sales and similar transactions.
If we process personal data in order to obtain services from third parties, we generally do so for the following purposes:
– for the management and administration of our IT and other resources;
– for the exchange of personal data within the group;
– for compliance purposes, including the receipt and investigation of complaints and reports of irregularities.
We can also process your personal data for customer care purposes. 

The processing described to the left is within our legitimate interest because it enables us to make use of external services and thus increase our efficiency. We also have a legitimate interest in preventing misuse of our goods and services and in ensuring an appropriate level of security when we receive services or work with other companies. This may require background and security checks. Customer care is also in our justified interest.
If we process sensitive personal data for the purposes mentioned to the left, we usually do so to assert, exercise or defend legal claims or upon having obtained your explicit consent. 

Administration 

For our internal administration and management, we process - possibly sensitive - personal data about our customers, business partners and third parties, e.g. in the context of the administration of our IT, our real estate (e.g. for the preparation of a rent schedule or for the determination of the usual market rent) and other assets. 

We process this personal data particularly for the following purposes:
– review and improvement of our internal processes;
– accounting;
– archiving;
– education;
– other administration purposes.
These purposes may relate to us or to companies affiliated with us. 

Processing for the aforementioned purposes may be necessary for the performance of contracts. It is also within our legitimate interests. 

Job applications: 

When you apply for a job at our company, we process your contact details and the information provided to us (e.g. application, contact details, curriculum vitae, qualifications, certificates, etc.; if necessary also sensitive personal data). Other personal data may also be required in the course of a job application, depending on the position and profile. 

We process your personal data to check your suitability for the position in question and to discuss possible employment with you. With your consent, we may also keep your application pending if we - or you - refrain from employment with a view to a possible later employment.
It is voluntary to provide the respective personal data, but we cannot process an application without the necessary personal data. 

Processing for the purposes mentioned to the left is within our legitimate interests. If we process sensitive personal data, we ask for your explicit consent. 

Corporate deals: 

We may carry out transactions in which we sell, encumber or acquire companies or parts of companies or assets such as receivables or real estate. When reviewing and, if necessary, processing such transactions, we process personal data whose scope depends on the subject and stage of the transaction and which may also contain sensitive personal data (e.g. health data). Such information may be disclosed to a prospective buyer to the extent permitted by law. If we sell receivables, we provide the purchaser, for example, with information about the reason and amount of the receivable and, if applicable, the creditworthiness and conduct of the debtor in connection with this receivable, and in the case of the sale of real estate, we can provide in particular information about the tenants. Transactions involving companies or parts of companies also require the processing of personal data, e.g. information about current, former and future employees, suppliers and customers and their contact persons, etc. The processing of personal data is also required. 

The purpose of this data processing is to check the corresponding transactions and to carry them out where applicable. Notifications to local and foreign authorities may also be required. 

Processing for the purposes mentioned to the left may be required for the performance of contracts. It is also in our legitimate interest.
If we process sensitive personal data, we rely on your explicit consent. 

Compliance with legal requirements:

In order to comply with legal obligations, we may have to or want to process personal data. This is the case, for example, if an authority requires documents containing your name and contact details, or if we carry out an investigation. In order to ensure compliance with the applicable law, we also take various measures. We may also conduct internal investigations in which your personal data may also be processed. 

We in particular process your personal data for the following purposes:
– compliance with legal obligations, including orders from a court or authority;
– preventive measures to ensure compliance;
– measures to detect and clarify abuses. 

Processing for the aforementioned purposes is necessary for compliance with legal obligations and for legitimate interests. 

Protection of rights: 

We process personal data in order to protect our rights, e.g. to assert claims in court, in or out of court and before local and foreign authorities or to defend ourselves against claims. This may also include sensitive personal data. 

We process this personal data for the following purposes:
– Clarification and enforcement of our claims, which may also include claims by companies affiliated with us and our contractual and business partners;
– Defence against claims against us, our employees, companies affiliated with us and our contractual and business partners;
– Clarification of other legal, economic and other issues;
– Participation in proceedings before courts and local and foreign authorities.

Processing for the aforementioned purposes may be necessary for the performance of contracts. It is also within our legitimate interests.