Version dated August 31, 2023
1. Controller/Data Protection Officer/Representative
The person responsible for the data processing activities we conduct here is Mr. Roger Scherrer, EH&S / QM. If you have any privacy concerns, you can contact us at the following address:
Dr. P. Pleisch AG, Zelgstrasse 2, 8344 Bäretswil (+41 44 939 10 61, firstname.lastname@example.org).
2. Collection and Processing of Personal Data
We primarily process personal data that we receive from our customers and other business partners in the context of our business relationship with them and from other individuals involved.
To the extent permitted, we also process publicly accessible data sources (e.g., debt enforcement register, land register, commercial register, press, internet) certain of these data receive personal data from authorities or other third parties. In addition to the data you directly provide to us, the categories of personal data we receive from third parties about you include information from public registers, information we learn in connection with administrative and judicial proceedings, information related to your professional functions and activities (so that we can, for example, conclude and process agreements with your employer/company with your assistance), information about you in correspondence and meetings with third parties, credit information (if we conduct personal transactions with you), information about you provided to us by individuals in your environment (family, advisors, legal representatives, etc.) so that we can enter into or process contracts with you or involving you (e.g., references, delivery addresses, powers of attorney), information to comply with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, distribution and other contractual partners of ours for the use or provision of services by you (e.g., payments made, purchases made), information from media and the internet about you (to the extent appropriate in the specific case, e.g., in the context of an application, press review, marketing/sales, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing purposes), data related to the use of the website (e.g., IP address, MAC address of the smartphone or computer, device and settings information, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location information).
3. Purposes of Data Processing and Legal Basis
We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners, in particular in the context of the impregnation of high-quality activated carbons for air treatment, with our customers and the purchase of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations at home and abroad. As soon as you participate in any form in the corporate process of Dr. P. Pleisch AG, you could be affected by this in your function with your personal data.
In addition, we process personal data of you and other persons, insofar as this is permitted and appears to us to be appropriate, for the following purposes, in which we (and sometimes also third parties) have a corresponding legitimate interest:
- Offer and further development of our products and services on websites, apps, and other platforms on which we are present;
- Communication with third parties and processing their inquiries (e.g., job applications, media inquiries);
- Examination and optimization of needs analysis procedures for direct customer approach and collection of personal data from publicly accessible sources for customer acquisition;
- Advertising and marketing (including event organization) unless you have objected to the appropriate use of your data (if we send you advertisements as an existing customer, you can object at any time, and we will add you to a suppression list for further advertising mailings);
- Market and opinion research, media monitoring;
- Assertion of legal claims and defence in connection with legal disputes and administrative proceedings;
- Prevention and investigation of crimes and other misconduct (e.g., conducting internal investigations, data analysis for fraud prevention);
- Ensuring the operation of our company, especially IT, our websites, apps, and other platforms;
- Video surveillance to safeguard the rights of the company and other measures for IT, building, and plant security, and protection of our employees and other individuals and assets entrusted to us (such as access controls, visitor lists, network and mail scanners);
- Purchase and sale of business areas, companies, or parts of companies, as well as other corporate transactions, and the related transfer of personal data, and measures for business management, compliance with legal and regulatory obligations, and internal regulations.
If you have given us consent to process your personal data for specific purposes (e.g., when subscribing to newsletters or conducting a background check), we will process your personal data based on that consent, to the extent that we do not have another legal basis and one is required. A given consent can be revoked at any time, but this does not affect any data processing already carried out.
4. Cookies/Tracking and Other Technologies Related to the Use of Our Website
We typically use “cookies” and similar technologies on our websites to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you are using when you visit our website. This allows us to recognise you when you return to this website, even if we do not know who you are. In addition to cookies that are only used during a session and deleted after your visit to the website (“session cookies”), cookies can also be used to store user settings and other information for a certain period of time (e.g., two years) (“permanent cookies”). However, you can set your browser to reject cookies, save them for one session only or otherwise delete them prematurely. Most browsers are preset to accept cookies. If you block cookies, certain functionalities (such as language selection, shopping cart, ordering processes) may no longer work.
By using our websites and agreeing to receive newsletters and other marketing emails, you consent to the use of these techniques. If you do not want this, then you must check and configure or set your browser or e-mail program accordingly.
5. Data Disclosure and International Data Transfer
In the context of our business activities and the purposes stated in clause 3, and to the extent permitted and deemed appropriate, we may disclose personal data to third parties, either because they process it for us or because they want to process it for their own purposes. This particularly applies to the following entities:
- Service providers for us (such as banks, insurance companies), including data processors (such as IT providers);
- Retailers, suppliers, subcontractors, and other stakeholders and business partners;
- Domestic and foreign authorities, government agencies, or courts;
- The public, including visitors to websites and social media;
- Competitors, industry organizations, associations, organizations, and other bodies;
- Acquirers or potential acquirers of business areas;
- Other parties and stakeholders involved in actual or potential legal proceedings;
These recipients may be located both domestically and anywhere in the world. You should expect your data to be transferred to all countries where we are active, as well as to other countries in Europe and the USA, where the service providers we use are located (such as Microsoft or companies from hosting and cloud services, forwarding, customs clearance and transport companies of any kind).
If a recipient is in a country without adequate legal data protection, we contractually obligate the recipient to comply with applicable data protection regulations (we use the revised Standard Contractual Clauses of the European Commission, which can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? if not already subject to a legally recognized data protection framework and we cannot rely on an exception provision. An exception may apply, in particular in foreign legal proceedings, cases of overriding public interest, or when disclosure is necessary for contract execution, when you have given your consent, or when it involves data made generally accessible by you and you have not objected to its processing.
6. Duration of Personal Data Retention
We process and store your personal data for as long as necessary to fulfill our contractual and legal obligations or the purposes pursued with the processing, i.e., for the duration of the entire business relationship (from initiation, execution to termination of a contract) and beyond in accordance with legal retention and documentation obligations. It is possible that personal data will be retained for the period in which claims can be asserted against our company and as far as we are otherwise legally obliged or have a legitimate business interest in doing so (e.g., for evidence and documentation purposes). Once your personal data is no longer necessary for the purposes mentioned above, it will generally be deleted or anonymized, to the extent possible.
7. Data Security
We take appropriate technical and organizational security measures to protect your personal data against unauthorized access and misuse. These measures include issuing instructions, providing training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, and controls.
8. Obligation to Provide Personal Data
As part of our business relationship, you must provide the personal data required for the establishment, implementation and maintenance of a business relationship and fulfilment of the associated business activities and contractual obligations (you generally do not have a legal obligation to provide us with data). Without this data, we will usually not be able to conclude or process a contract with you (or the entity or person you represent). The website cannot be used if certain information necessary to ensure data traffic (such as IP address) is not disclosed.
9. Rights of Data Subjects
Under applicable data protection laws and to the extent provided therein (such as the GDPR), you have the right to access, rectify, erase, restrict data processing, object to our data processing activities, especially those for direct marketing purposes, profiling related to direct advertising, and other legitimate interests in processing, as well as the right to receive certain personal data for transfer to another controller (so-called data portability). Please note, however, that we reserve the right to assert the legally provided restrictions, for example, if we are obliged to retain or process certain data, have an overriding interest (provided we may rely on it), or need them to assert claims. If costs are incurred for you, we will inform you in advance. We have already informed you about the possibility of withdrawing your consent in clause 3. Please note that exercising these rights may conflict with contractual agreements, and this may have consequences such as premature termination of the contract or cost implications. We will inform you in advance unless it is already regulated contractually.
Exercising such rights generally requires that you clearly prove your identity (e.g., by providing a copy of an identification document if your identity is not already clear or verifiable). To exercise your rights, you can contact us at the address provided in clause 1.
Every data subject also has the right to enforce their claims in court or file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).