The controller for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 GDPR is

SCHLOSSBERG Switzerland AG
Tösstalstrasse 15
8488 Turbenthal
CH-Switzerland

E-mail: info@schlossberg.ch
Phone: +41 (0)52 396 23 23

Our EU representative according to Art. 27 GDPR is: Schlossberg Switzerland GmbH, Marktplatz 6, 70173 Stuttgart, Germany.


If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions as a whole or for individual measures, you can address your objection to the controller.

You can save and print out this privacy policy at any time.

Translated with DeepL.com (free version)

We use personal data for the purpose of operating the website and our web shop.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

We collect information about you when you use this website. We automatically collect information about your usage behaviour and your interaction with us and register data about your computer or mobile device. We collect, store and use data about every access to our website (so-called server log files). The access data includes

• Name and URL of the retrieved file
• Date and time of access
• Amount of data transferred
• Notification of successful retrieval (HTTP response code)
• Browser type and browser version
• operating system
• Referrer URL (i.e. the previously visited page)
• Websites that are accessed by the user's system via our website
• Internet service provider of the user
• IP address and the requesting provider

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user's end device. It is not assigned to a device ID.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the recorded data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.

We use Google signals. When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalised advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalised advertising messages. The data is also used to compile anonymised statistics on the user behaviour of our users.

We have concluded an order processing contract (AV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

This website uses the ‘e-commerce measurement’ function of Google Analytics. With the help of e-commerce measurement, the website operator can analyse the purchasing behaviour of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When you access Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offers and easyoffers and to make it easy to find the places we indicate on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ andhttps://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google fonts are installed locally. There is no connection to Google servers.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

You can find more information on the handling of user data in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google Remarketing

This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Remarketing analyzes your user behavior on our website (e.g. clicking on certain products in order to classify you into certain advertising target groups and then display suitable advertising messages to you when you visit other online offers (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. cell phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can object to personalized advertising by clicking on the following link: https://www.google.com/settings/ads/onweb/.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. You can withdraw your consent at any time.

Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.

Klaviyo

Diese Website nutzt die Dienste von Klaviyo für den Versand von Newslettern. Anbieter ist Klaviyo 225 Franklin St, Boston, MA 02110, USA.

This website uses the services of Klaviyo to send newsletters. The provider is Klaviyo 225 Franklin St, Boston, MA 02110, USA.

Klaviyo is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of subscribing to the newsletter (e.g. e-mail address), this data is stored on Klaviyo's servers in the USA.

With the help of Klaviyo, we can analyze our newsletter campaigns. When you open an email sent with Klaviyo, a file contained in the email (known as a web beacon) connects to Klaviyo's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not wish to be analyzed by Klaviyo, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.klaviyo.com/legal/dpa

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

You can find more details in Klaviyo's privacy policy at: https://www.klaviyo.com/legal/privacy-notice

We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Facebook Pixel, Facebook Custom Audiences and Facebook-Conversion

Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Meta Platforms, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Meta Platforms Technologies Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used.

With the help of the Facebook pixel, Facebook is able to determine you as a visitor to our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “custom audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

Facebook privacy policy

The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, general information on the display of Facebook ads can be found in Facebook's data usage policy. Specific information and details about the Facebook pixel and how it works can be found in the Facebook help section.

Basis

The use of the Facebook pixel and the storage of “conversion cookies” is based on Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

Objection

Although we declare legitimate interests in the use of the Facebook pixel and the storage of “conversion cookies”, we offer you opt-out options. You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set which types of ads are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices. You can also object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative and additionally via the US website aboutads.info or the European website youronlinechoices.com.

Use of Social Media

We maintain online presences within social networks and platforms to communicate with customers, potential customers, and users active there, and to inform them about our services. Please note that user data may be processed outside the European Union. This could pose risks to users, such as making it more difficult to enforce their rights. With regard to US providers certified under the Privacy Shield, we point out that they commit to complying with EU data protection standards. Additionally, user data is generally processed for market research and advertising purposes. For example, usage profiles can be created based on user behaviour and interests. These profiles can then be used to display advertisements, both on and off the platforms, that are presumably tailored to user interests. For these purposes, cookies are typically stored on users' devices, recording their usage behaviour and interests. Usage profiles can also contain data collected independently of the devices used by the users (especially if users are members of the respective platforms and logged in).

The processing of users' personal data is based on our legitimate interests in effectively informing and communicating with users in accordance with Article 6(1)(f) of the GDPR. If users are asked by the respective platform providers for consent to the aforementioned data processing, the legal basis for processing is Article 6(1)(a) and Article 7 of the GDPR. For a detailed description of the respective processing activities and opt-out options, we refer to the linked information provided by the providers below. In the case of requests for information and the exercise of user rights, we also point out that such requests are most effectively addressed to the providers, as only they have access to users' data and can directly take appropriate actions and provide information.

Integration of Third-Party Services and Content (Plugins)

Within our online offering and based on our legitimate interests (i.e., interest in the analysis, optimisation, and economic operation and in the attractive presentation of our online offering, in accordance with Article 6(1)(f) of the GDPR), we use content or service offerings from third-party providers to integrate their content and services, such as videos or posts. Such integration always requires that the third-party providers of this content perceive your IP address, as they cannot send the content to your browser without the IP address. The IP address is therefore necessary for displaying these contents.

We strive to use only content whose providers use your IP address solely to deliver the content. Third-party providers may also use "pixel tags" (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These "pixel tags" allow for the evaluation of visitor traffic on the pages of this website. Pseudonymised information may also be stored in cookies on your device and may include technical information about your browser and operating system, referring websites, visit times, and further information regarding the use of our online offering, and may be combined with such information from other sources.

YouTube

This website integrates YouTube videos. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in an extended privacy mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website unless they watch the video. However, data may still be transmitted to YouTube partners via the extended privacy mode. Regardless of whether you watch a video, YouTube establishes a connection to the Google DoubleClick network.

Once you start a YouTube video on this website, a connection to YouTube's servers is established, and the YouTube server is informed about which of our pages you visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

In addition, after starting a video, YouTube may store various cookies on your device or use similar recognition technologies (e.g., device fingerprinting). This allows YouTube to receive information about visitors to this website, which is used, among other things, to collect video statistics, improve user experience, and prevent fraud attempts.

Other data processing operations may be triggered after starting a YouTube video, which we have no control over. The use of YouTube is in the interest of providing an appealing presentation of our online offerings. This constitutes a legitimate interest pursuant to Article 6(1)(f) of the GDPR. If consent is requested, processing will take place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, as long as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

For more information about YouTube's privacy policy, please visit: https://policies.google.com/privacy?hl=en.

Vimeo

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages with a Vimeo video, a connection is established to the Vimeo servers. The Vimeo server is informed about which of our pages you have visited. Additionally, Vimeo obtains your IP address. However, we have configured Vimeo in such a way that Vimeo will not track your activities or set cookies.

The use of Vimeo is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest pursuant to Article 6(1)(f) of the GDPR. If consent has been requested, processing is based exclusively on Article 6(1)(a) of the GDPR; consent can be revoked at any time.

For more information on how Vimeo handles user data, please refer to Vimeo’s privacy policy: https://vimeo.com/privacy.

Meta Social Plugins

We use social plugins ("plugins") from the social network Facebook, operated by Meta Platforms Technologies Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

These plugins can display interaction elements or content (e.g., videos, graphics, or text contributions) and are recognisable by a Facebook logo or are labelled as a "Meta Social Plugin." The list and appearance of Facebook social plugins can be viewed. When you call up a function of our online offering that includes such a plugin, your device establishes a direct connection to the Meta servers. The content of the plugin is transmitted by Facebook directly to your device and integrated into the online offering. User profiles can be created from the processed data. Therefore, we have no influence over the extent of the data that Meta collects through these plugins and can only inform users based on our knowledge. Through the integration of the plugins, Meta receives the information that you have accessed the corresponding page of our online offering. If you are logged into Meta, Meta can associate your visit with your Meta account. If you interact with the plugins, for example by pressing the like button or posting a comment, the corresponding information is transmitted directly from your device to Meta and stored there. Even if you are not a Meta member, there is still a possibility that Meta will obtain and store your IP address. According to Meta, only anonymised IP addresses are stored in Europe.

For the purpose and scope of data collection and further processing and use of the data by Facebook, as well as your rights and settings options for protecting your privacy, please refer to Meta’s privacy policy.

Unless otherwise specified, we only retain personal data for as long as necessary to fulfil the purposes pursued.

In some cases, the law mandates the retention of personal data, for example, under tax or commercial regulations. In such cases, the data is stored by us solely for these legal purposes and is not processed for any other purpose. Once the statutory retention period has expired, the data is deleted.

Nach den anwendbaren Gesetzen haben Sie verschiedene Rechte bezüglich Ihrer personenbezogenen Daten. Möchten Sie diese Rechte geltend machen, so richten Sie Ihre Anfrage bitte per E-Mail oder per Post unter eindeutiger Identifizierung Ihrer Person an die in Ziffer 1 genannte Adresse.
Nachfolgend finden Sie eine Übersicht über Ihre Rechte.

Recht auf Bestätigung und Auskunft

Sie haben das Recht auf eine übersichtliche Auskunft über die Verarbeitung Ihrer personenbezogenen Daten.
Im Einzelnen:
Sie haben das Recht, von uns eine Bestätigung darüber zu erhalten, ob Sie betreffende personenbezogene Daten verarbeitet werden. Ist dies der Fall, so haben Sie das Recht, von uns eine unentgeltliche Auskunft über die zu Ihnen gespeicherten personenbezogenen Daten nebst einer Kopie dieser Daten zu verlangen.
Werden personenbezogene Daten an ein Drittland oder an eine internationale Organisation übermittelt, so haben Sie das Recht, über die geeigneten Garantien gemäss Art. 46 DSGVO im Zusammenhang mit der Übermittlung unterrichtet zu werden.

Recht auf Berichtigung

Sie haben das Recht, von uns die Berichtigung und ggf. auch Vervollständigung der betreffenden personenbezogenen Daten zu verlangen.
Im Einzelnen:
Sie haben das Recht, von uns unverzüglich die Berichtigung von betreffenden unrichtigen personenbezogenen Daten zu verlangen. Unter Berücksichtigung der Zwecke der Verarbeitung haben Sie das Recht, die Vervollständigung unvollständiger personenbezogener Daten – auch mittels einer ergänzenden Erklärung – zu verlangen.

Recht auf Löschung ("Recht auf Vergessenwerden")

In einer Reihe von Fällen sind wir verpflichtet, Sie betreffende personenbezogene Daten zu löschen. 
Im Einzelnen:
Sie haben gemäss Art. 17 Abs. 1 DSGVO das Recht, von uns zu verlangen, dass Sie betreffende personenbezogene Daten unverzüglich gelöscht werden, und wir sind verpflichtet, personenbezogene Daten unverzüglich zu löschen, sofern einer der folgenden Gründe zutrifft:

1. Die personenbezogenen Daten sind für die Zwecke, für die sie erhoben oder auf sonstige Weise verarbeitet wurden, nicht mehr notwendig.

2. Sie widerrufen Ihre Einwilligung, auf die sich die Verarbeitung gemäss Art. 6 Abs. 1 S. 1 lit a) DSGVO oder Art. 9 Abs. 2 lit. a) DSGVO stützte, und es fehlt an einer anderweitigen Rechtsgrundlage für die Verarbeitung.

3. Sie legen gemäss Art. 21 Abs. 1 DSGVO Widerspruch gegen die Verarbeitung ein und es liegen keine vorrangigen berechtigten Gründe für die Verarbeitung vor, oder Sie legen gemäss Art. 21 Abs. 2 DSGVO Widerspruch gegen die Verarbeitung ein.

4. Die personenbezogenen Daten wurden unrechtmässig verarbeitet.

5. Die Löschung der personenbezogenen Daten ist zur Erfüllung einer rechtlichen Verpflichtung nach dem Unionsrecht oder dem Recht der Mitgliedstaaten erforderlich, dem wir unterliegen.

6. Die personenbezogenen Daten wurden in Bezug auf angebotene Dienste der Informationsgesellschaft gemäss Art. 8 Abs. 1 DSGVO erhoben.

Haben wir die personenbezogenen Daten öffentlich gemacht und sind wir gemäss Art. 17 Abs. 1 DSGVO zu deren Löschung verpflichtet, so treffen wir unter Berücksichtigung der verfügbaren Technologie und der Implementierungskosten angemessene Massnahmen, auch technischer Art, um für die Datenverarbeitung Verantwortliche, die die personenbezogenen Daten verarbeiten, darüber zu informieren, dass Sie von ihnen die Löschung aller Links zu diesen personenbezogenen Daten oder von Kopien oder Replikationen dieser personenbezogenen Daten verlangt haben.

Recht auf Einschränkung der Verarbeitung

In einer Reihe von Fällen sind Sie gemäss Art. 18 DSGVO berechtigt, von uns eine Einschränkung der Verarbeitung Ihrer personenbezogenen Daten zu verlangen. 
Im Einzelnen: 
Sie haben das Recht, von uns die Einschränkung der Verarbeitung zu verlangen, wenn eine der folgenden Voraussetzungen gegeben ist:

1. die Richtigkeit der personenbezogenen Daten wird von Ihnen bestritten, und zwar für eine Dauer, die es uns ermöglicht, die Richtigkeit der personenbezogenen Daten zu überprüfen,

2. die Verarbeitung unrechtmässig ist und Sie die Löschung der personenbezogenen Daten ablehnten und stattdessen die Einschränkung der Nutzung der personenbezogenen Daten verlangt haben;

3. wir die personenbezogenen Daten für die Zwecke der Verarbeitung nicht länger benötigen, Sie die Daten jedoch zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen benötigen, oder

4. Sie Widerspruch gegen die Verarbeitung gemäss Art. 21 Abs. 1 DSGVO eingelegt haben, solange noch nicht feststeht, ob die berechtigten Gründe unseres Unternehmens gegenüber den Ihren überwiegen.

Recht auf Datenübertragbarkeit

Sie haben das Recht, die betreffenden personenbezogenen Daten maschinenlesbar zu erhalten, zu übermitteln, oder von uns übermitteln zu lassen.
Im Einzelnen: 
Sie haben das Recht, die betreffenden personenbezogenen Daten, die Sie uns bereitgestellt haben, in einem strukturierten, gängigen und maschinenlesbaren Format zu erhalten, und Sie haben das Recht, diese Daten einem anderen Verantwortlichen ohne Behinderung durch uns zu übermitteln, sofern

1. die Verarbeitung auf einer Einwilligung gemäss Art. 6 Abs. 1 S. 1 a) DSGVO oder Art. 9 Abs. 2 a) DSGVO oder auf einem Vertrag gemäss Art. 6 Abs. 1 S. 1 b) DSGVO beruht und

2. die Verarbeitung mithilfe automatisierter Verfahren erfolgt.

Bei der Ausübung Ihres Rechts auf Datenübertragbarkeit gemäss Absatz 1 haben Sie das Recht, zu erwirken, dass die personenbezogenen Daten direkt von uns einem anderen Verantwortlichen übermittelt werden, soweit dies technisch machbar ist.

Widerspruchsrecht

Sie haben das Recht, aus einer rechtmässigen Verarbeitung Ihrer personenbezogenen Daten durch uns zu widersprechen, wenn sich dies aus Ihrer besonderen Situation begründet und unsere Interessen an der Verarbeitung nicht überwiegen. 
Im Einzelnen: 
Sie haben das Recht, aus Gründen, die sich aus Ihrer besonderen Situation ergeben, jederzeit gegen die Verarbeitung Sie betreffender personenbezogener Daten, die aufgrund von Art. 6 Abs. 1 S. 1 e) oder f) DSGVO erfolgt, Widerspruch einzulegen; dies gilt auch für ein auf diese Bestimmungen gestütztes Profiling. Wir verarbeiten die personenbezogenen Daten nicht mehr, es sei denn, wir können zwingende schutzwürdige Gründe für die Verarbeitung nachweisen, die Ihre Interessen, Rechte und Freiheiten überwiegen, oder die Verarbeitung notwendig machen.

Employees

Our employees are trained and made aware of data protection.

Infrastructure

Workstations, Laptops, and Mobile Devices of Employees

All laptops and workstations are protected by full disk encryption and are centrally managed. We take great care to ensure that updates are installed on our employees' devices and regularly check workstations and devices for malware. We can apply critical patches and remotely wipe all devices. We use industry-standard OTP (One-Time Password) technology to further secure access to the company's infrastructure.

Microsoft Office / Microsoft Dynamics NAV

We use Microsoft Office and Microsoft Dynamics NAV from Microsoft for the collection, processing, and use of personal and non-personal data. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Legal Basis

The legal basis for data processing is Article 6(1)(b) of the GDPR, which allows us to process data for the fulfilment of a contract or pre-contractual measures.

We collect your personal data to manage our employment or contractual relationship with you and for the purposes listed below. We collect personal data either directly from you or, if applicable, from third parties, including public databases, social media platforms, or recruitment companies. We collect, process, and transfer your personal data using automated and/or paper-based data processing systems. We use automated processing systems (e.g., for payroll and payment processing). Personal data is also processed on a case-by-case or ad hoc basis (e.g., when an employee is proposed for a new position or in connection with changes in an employee's marital status).

The following types of personal data may be collected:

• Personal identification details such as name, private address, date of birth, gender, professional photographs, and private telephone number;
• Government identification numbers such as social security numbers for payroll processing;
• Immigration, work permit, and residency status;
• Contact details of family members and emergency contacts;
• Job-related information, such as duration of employment, work location, employment identification, employment evidence, leave days, and contract data;
• Information on education and training, such as awards, certificates, and licences, as well as professional records and participation certificates for company training;
• Recruitment and performance-related data such as objectives, assessments, comments, feedback results, career history, work materials, career and succession planning, skills and competencies, and other job-related qualifications;
• Data regarding your use of the assets of Schlossberg Switzerland AG and the management of operational activities;
• Information on compliance and risk management, such as disciplinary records, background checks, security information, as well as income, remuneration, and benefits details, such as salary and insurance information, information about family members, government identification or tax numbers, bank account details, and information about job-related benefits.

Processing Purposes

We process personal information for the following purposes:

• Workforce planning, recruitment, and hiring;
• Human resources administration, payroll, remuneration, and performance programmes;
• Performance management, training, and development;
• Promotion and succession planning;
• Legal defence and compliance, including responding to government authorities' requests for information, and complying with liens, garnishments, and tax regulations;
• Workplace management, such as travel and expense programmes, and internal health and safety programmes;
• Management of operational activities, including production-related tasks;
• Information system management;
• Internal reporting;
• Auditing;
• Protecting Schlossberg Switzerland AG, its employees, and the public from harm, theft, legal liability, fraud, misuse, or threats to the safety of our networks, communications, systems, facilities, and infrastructures, as well as for other legal and industry-standard purposes.

Legal Bases for Processing

This use of personal data is based on one of the following legal grounds, as applicable:

• The necessity of processing your personal data for the fulfilment of your employment contract;
• Taking steps to enter into a contract with you;
• Schlossberg Switzerland AG’s legal obligations as an employer;
• Schlossberg Switzerland AG’s legitimate business interests, including general human resources administration, general business operations, disclosures for auditing and reporting purposes, internal investigations, network and information systems security management, and safeguarding Schlossberg Switzerland AG’s assets;
• In some special and limited cases, your consent.

Special Categories of Personal Data ("Sensitive Personal Data")

Where applicable, we also process sensitive and personal data if it is lawful and necessary for business purposes or if required by applicable law. Sensitive personal data is collected, processed, and transferred only when adequate privacy mechanisms are in place and, if required by law, after we have obtained your consent.

Disclosure and Categories of Recipients

We may disclose your personal data for legitimate purposes:

• To joint ventures, subcontractors, service providers, or suppliers of Schlossberg Switzerland AG that perform services on our behalf for the above-mentioned purposes;
• To a newly formed or acquiring company if Schlossberg Switzerland AG is involved in a merger or transfer of some or all of its business;
• To other recipients when legally required, such as by court order or under applicable law;
• To any recipient with your consent, such as for verifying employment history or for bank credit checks; or
• To any recipient when there is a particular need, such as in life-threatening emergencies.

Accuracy

We take reasonable steps to ensure that personal data is accurate, complete, and up to date. Please note that you share responsibility for the accuracy of your personal data. Kindly inform Human Resources if your personal details or the personal details of your beneficiaries or family members change.

Your Rights Regarding Personal Data

Access, Correction, and Transfer

You may request information about the personal data stored about you by Schlossberg Switzerland AG. You are also entitled to request the correction of incomplete, inaccurate, or outdated personal data. To the extent required by applicable law, you may also request that we transfer personal data you have provided to us to you or other companies.

Objection

We respect your right to object to any use or disclosure of your personal data that is not:

• Legally required;
• Necessary for fulfilling a contractual obligation (your employment contract); or
• Necessary for our legitimate business needs (e.g., disclosures in general human resources management, general administrative disclosures for audit and reporting purposes, or internal investigations, security management of network and information systems, and protection of Schlossberg Switzerland AG’s assets).

If you object, we will work with you to find an acceptable solution. You may also withdraw your consent at any time regarding any processing of your personal data based on your consent.

Deletion

You have the right to have your personal data deleted in accordance with legal requirements. This applies, for example, if your data is outdated or the processing is unnecessary or unlawful; if you withdraw your consent to processing based on such consent; or if we determine that we must follow your objection to our processing. Under certain conditions, we may be required to retain your personal data due to our legal obligations or to assert, exercise, or defend legal claims.

Restriction of Processing

As provided by law, you may also request that we restrict the processing of your personal data while we are handling your request or complaint regarding:

• The accuracy of your personal data;
• Our legitimate interest in processing this data; or
• The legality of the processing of your personal data.

You may also request the restriction of the processing of your personal data if you intend to use the personal data for legal disputes.

Exercising these rights is free of charge by contacting our Data Protection Officer. However, we may charge a reasonable fee or refuse to act on a request if it is clearly unfounded or excessive, particularly due to its repetitive nature. In some cases, we may deny a request or restrict your rights, for example, if your request is likely to negatively affect the rights and freedoms of others, jeopardise the enforcement and execution of a law, impair ongoing or pending legal proceedings, or violate applicable law. In all cases, you are entitled to file a complaint with the Data Protection Officer of the Canton of Zurich.

Information Security

We have implemented safeguards to protect your personal information from loss, misuse, unauthorised access, disclosure, alteration, and destruction. We have taken appropriate technical and organisational measures to protect the data systems on which your personal data is stored, and we require the same level of protection from our suppliers and service providers on a contractual basis. If you, as an applicant, submit your applications to us via email, please be aware that emails are generally not encrypted, and you, as the applicant, are responsible for ensuring encryption. Therefore, we cannot take responsibility for the transmission path of the application between you as the sender and its reception on our server. The data you provide as an applicant may be further processed by us for employment purposes in the event of a successful application.

Retention

If your application for a job is unsuccessful, the data will be deleted. Your data will also be deleted if you withdraw your application, which you are entitled to do at any time. Subject to your legitimate withdrawal, deletion will occur after a period of six months to enable us to answer any follow-up questions regarding the application and to comply with our obligations under the Equal Treatment Act. Invoices for travel cost reimbursement will be archived according to tax regulations.

If your application for a job is successful, we will retain your personal data for as long as necessary to fulfil the purpose for which it was collected; this typically corresponds to the duration of a contractual relationship, as well as any subsequent period required or provided by applicable law. Our retention policies reflect applicable statutes of limitations and legal requirements.

This Privacy Policy is currently valid as of 16 October 2024.

Schlossberg Switzerland AG reserves the right to review, amend, or supplement these legal notices and the Privacy Policy at any time. Please review this policy regularly.