Privacy Policy
With this privacy policy, we inform about the personal data we process in connection with our activities and operations, including our
For individual or additional activities and operations, other privacy policies and other legal documents such as terms and conditions (T&C), terms of use, or participation conditions may apply.
We are subject to Swiss data protection law and possibly applicable foreign data protection law, especially that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
1. Contact Addresses
Responsibility for the processing of personal data:
Walter Frei AG
Buechstrasse 6
8645 Jona-Rapperswil
We would like to point out if there are other responsible parties for processing personal data in individual cases.
Data Protection Officer or Data Protection Consultant
We have the following data protection officer or the following data protection consultant as the point of contact for affected individuals and authorities for inquiries related to data protection:
Marcel Frei
Walter Frei AG
Buechstrasse 6
8645 Jona-Rapperswil
2. Terms and Legal Bases
2.1 Terms
Personal data are all details that relate to a specific or identifiable natural person. An affected person is a person whose personal data we process.
Processing includes any handling of personal data, regardless of the means and procedures used, such as querying, matching, adjusting, archiving, storing, reading out, disclosing, acquiring, collecting, deleting, revealing, arranging, organizing, saving, changing, distributing, linking, destroying, and using personal data.
The European Economic Area (EEA) comprises the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal information.
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, especially the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).
We process – provided that and as far as the General Data Protection Regulation (GDPR) applies – personal data according to at least one of the following legal bases:
- Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the performance of a contract with the data subject and for taking pre-contractual measures.
- Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect our or third parties' legitimate interests unless the fundamental rights and freedoms and interests of the data subject prevail. Legitimate interests include our interest in permanently carrying out our activities in a user-friendly, safe, and reliable manner, ensuring information security, protecting against misuse, enforcing our legal claims, and complying with Swiss law.
- Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject according to any applicable law of member states in the European Economic Area (EEA).
- Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
- Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
- Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
3. Type, Scope, and Purpose
We process personal data that is necessary to permanently, user-friendly, securely, and reliably carry out our activities. Such personal data can, in particular, be categorized as inventory and contact data, browser and device data, content data, meta or incidental data, usage data, location data, sales data, contract, and payment data.
We process personal data for the duration required for the respective purpose or purposes or as legally required. Personal data no longer needed for processing is anonymized or deleted.
We may have personal data processed by third parties. We may jointly process personal data with third parties or transmit it to third parties. Such third parties are especially specialized providers whose services we use. We also ensure data protection with such third parties.
We generally process personal data only with the consent of the affected persons. If and as far as processing is permissible for other legal reasons, we may waive obtaining consent. For instance, we may process personal data without consent to fulfill a contract, to meet legal obligations, or to protect overriding interests.
In this context, we especially process information that an affected person provides us voluntarily when making contact—e.g., by mail, email, instant messaging, contact form, social media, or phone—or when registering for a user account. We may store such information, for example, in an address book, a Customer-Relationship-Management system (CRM system), or similar tools. If we receive data about other people, the transmitting persons are obligated to ensure data protection for these persons and to ensure the accuracy of this personal data.
We also process personal data that we obtain from third parties, procure from publicly accessible sources, or collect during our activities, provided such processing is legally permissible.
4. Applications
We process personal data of applicants insofar as it is necessary to assess their suitability for employment or for the subsequent execution of an employment contract. The required personal data is especially derived from the information requested, for example, in a job advertisement. Furthermore, we process those personal data that applicants voluntarily communicate or publish, especially as part of cover letters, resumes, and other application documents, as well as from online profiles.
We process — provided the General Data Protection Regulation (GDPR) is applicable — personal data of applicants especially according to Art. 9 para. 2 lit. b GDPR.
We can offer applicants the opportunity to store their data in our Talent Pool to consider them for future job openings. We can also use such data to maintain contact and to provide news updates. If we believe an applicant might be suitable for a job opening based on their data, we can inform the applicant accordingly.
5. Personal Data Abroad
We process personal data primarily in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly to process or have them processed there.
We can export personal data to all countries and territories on Earth and elsewhere in the Universe, provided that the local law, according to the decision of the Swiss Federal Council, ensures adequate data protection and – if and when the General Data Protection Regulation (GDPR) applies – according to the decision of the European Commission ensures adequate data protection.
We may transfer personal data to countries whose law does not ensure adequate data protection, provided that data protection is ensured for other reasons, particularly based on standard data protection clauses or with other appropriate guarantees. Exceptionally, we can export personal data to countries without adequate or suitable data protection, if the specific data protection legal requirements are met, for example, the express consent of the affected persons or a direct connection with the conclusion or processing of a contract. Upon request, we gladly inform affected persons about any guarantees or provide a copy of any guarantees.
6. Rights of Affected Persons
6.1 Data Protection Claims
We grant affected persons all claims according to the applicable data protection law. Affected persons particularly have the following rights:
- Information: Affected persons can request information about whether we process personal data about them and, if so, which personal data it concerns. Affected persons also receive information necessary to assert their data protection rights and to ensure transparency. This includes the processed personal data itself and, among other things, details about the purpose of processing, the duration of storage, any disclosure or potential export of data to other countries, and the origin of personal data.
- Correction and Restriction: Affected persons can correct inaccurate personal data, complete incomplete data, and restrict the processing of their data.
- Deletion and Objection: Affected persons can request the deletion of personal data ("Right to be Forgotten") and object to the processing of their data in the future.
- Data Release and Data Transfer: Affected persons can request the release of personal data or the transfer of their data to another responsible party.
We may defer, limit, or deny the exercise of the rights of affected persons within the legally permissible framework. We may inform affected persons about the conditions that must be met to exercise their data protection rights. For example, we may partially or fully deny access with reference to trade secrets or the protection of other individuals. We may also partially or fully deny the deletion of personal data with reference to statutory retention obligations.
We may exceptionally charge fees for exercising rights. We will inform affected persons in advance about any potential fees.
We are obligated to identify affected persons who request information or assert other rights with appropriate measures. Affected persons are required to cooperate.
6.2 Right to Complain
Affected persons have the right to legally enforce their data protection claims or file a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private entities and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Affected persons have – if and when the General Data Protection Regulation (GDPR) applies – the right to file a complaint with a competent European data protection supervisory authority.
7. Data Security
We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security.
Access to our website is secured with transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.
Our digital communication is – as basically all digital communication – subject to mass surveillance without cause and suspicion as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the respective processing of personal data by intelligence services, police stations, and other security authorities.
8. Use of the Website
8.1 Cookies
We may use cookies. Cookies - our own cookies (first-party cookies) as well as cookies from third parties whose services we use (third-party cookies) - are data stored in the browser. Such stored data are not necessarily limited to traditional text-based cookies.
Cookies can be stored temporarily in the browser as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies in particular allow a browser to be recognized on the next visit to our website and thus, for example, measure the reach of our website. Permanent cookies can also be used for online marketing, for instance.
Cookies can be disabled or deleted in the browser settings at any time, either completely or in part. Without cookies, our website may not be fully available. We request - at least where and to the extent necessary - explicit consent for the use of cookies.
For cookies used for performance and reach measurement or for advertising, a general objection ("opt-out") is possible via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
8.2 Server Log Files
For each access to our website, we can record the following information, provided that it is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the individual sub-page of our website accessed including the amount of data transferred, and the last website accessed in the same browser window (referrer).
We store such information, which can also constitute personal data, in server log files. This information is necessary in order to provide our website in a permanent, user-friendly, and reliable manner, and to ensure data security and, in particular, the protection of personal data - also by third parties or with the help of third parties.
8.3 Counting Pixels
We may use counting pixels on our website. Counting pixels are also referred to as web beacons. Counting pixels - also from third parties whose services we use - are small, usually invisible images that are automatically retrieved when visiting our website. With counting pixels, the same information can be recorded as in server log files.
9. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
The general terms and conditions (T&Cs) and terms of use as well as the privacy policies and other regulations of the individual operators of such platforms apply. These provisions inform, in particular, about the rights of affected individuals directly against the respective platform, which includes, for example, the right to information.
For our Facebook social media presence including the so-called page insights, we are - where and to the extent the General Data Protection Regulation (GDPR) applies - jointly responsible with Meta Platforms Ireland Limited (Ireland). The Meta Platforms Ireland Limited is part of the Meta companies (including in the US). The page insights provide information on how visitors interact with our Facebook presence. We use page insights to effectively and user-friendly offer our Facebook social media presence.
Further details about the type, scope, and purpose of data processing, information on the rights of affected individuals, and the contact details of Facebook as well as the data protection officer of Facebook can be found in the Facebook privacy policy. We have concluded the so-called "Addendum for Controllers" with Facebook and have, in particular, agreed that Facebook is responsible for ensuring the rights of affected individuals. The relevant information for the so-called page insights can be found on the page "Information on Page Insights" including "Information on Page Insights Data".
10. Third-Party Services
We use services from specialized third parties to permanently carry out our activities in a user-friendly, secure, and reliable manner. With such services, we can, among other things, embed functions and content into our website. When embedding, for technical reasons, the services used temporarily capture at least the IP addresses of users.
For necessary security-related, statistical, and technical purposes, third parties, whose services we use, may process data related to our activities in an aggregated, anonymized, or pseudonymized manner. These are, for example, performance or usage data to be able to offer the respective service.
We particularly use:
- Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General data protection information: "Principles on Data Protection and Security", Privacy Policy, "Google is committed to complying with applicable data protection laws", "Guide to data protection in Google products", "How we use data from websites or apps that use our services" (Information from Google), "Types of cookies and other technologies used by Google", "Personalized Advertising" (Activation / Deactivation / Settings).
- Microsoft Services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland; General data protection information: "Data Protection at Microsoft", "Data Protection and Privacy (Trust Center)", Privacy Policy, Privacy Dashboard (Data and Privacy Settings).
10.1 Digital Infrastructure
We use services from specialized third parties to access the necessary digital infrastructure in relation to our activities. This includes, for example, hosting and storage services from selected providers.
10.2 Contact Options
We use services from selected providers to better communicate with third parties, such as potential and existing customers.
We particularly use:
- Microsoft Dynamics 365: Customer Relationship Management (CRM); Provider: Microsoft; Microsoft Dynamics-specific information: "Data protection and personal data in Microsoft Dynamics 365".
10.3 Audio and Video Conferencing
We use specialized services for audio and video conferencing to communicate online. With this, we can hold virtual meetings or conduct online classes and webinars. The legal texts of the individual services, such as privacy policies and terms of use, additionally apply to participation in audio and video conferences.
We recommend, depending on the situation, to mute the microphone by default when participating in audio or video conferences, and to blur the background or display a virtual background.
We particularly use:
- Microsoft Teams: Platform, among other things, for audio and video conferences; Provider: Microsoft; Teams-specific information: "Data protection and Microsoft Teams".
10.4 Digital Audio and Video Content
We use services from specialized third parties to enable the direct playback of digital audio and video content, such as music or podcasts.
We particularly use:
- YouTube: Video Platform; Provider: Google; YouTube-specific information: "Data protection and security center", "My data on YouTube".
11. Success and Reach Measurement
We attempt to determine how our online offer is used. In this context, for instance, we can measure the success and reach of our activities and operations, as well as the effect of third-party links to our website. We can also, for instance, test and compare how different parts or versions of our online offer are used ("A/B testing" method). Based on the results of the success and reach measurement, we can, in particular, fix errors, strengthen popular content, or make improvements to our online offer.
For the success and reach measurement, in most cases, the IP addresses of individual users are stored. IP addresses are, in this case, basically shortened ("IP masking") to follow the principle of data economy through the respective pseudonymization.
During the success and reach measurement, cookies might be used, and user profiles might be created. Any created user profiles might include, for instance, individual pages visited or content viewed on our website, information on the size of the screen or browser window, and the – at least approximate – location. Generally, any user profiles are exclusively created in a pseudonymized form and are not used to identify individual users. Some third-party services, where users are logged in, might associate the use of our online offer with the user account or user profile of the respective service.
We particularly use:
- Google Analytics: Success and reach measurement; Provider: Google; Specific details about Google Analytics: Measurement across different browsers and devices (Cross-Device Tracking) and with pseudonymized IP addresses, which are only exceptionally fully transferred to Google in the USA, "Privacy", "Browser Add-on to Deactivate Google Analytics".
12. Final Provisions
We created this privacy statement with the Data Protection Generator by Data Protection Partner.
We can adapt and supplement this privacy statement at any time. We will inform about such adjustments and supplements in an appropriate manner, especially by publishing the respective current privacy statement on our website.