We are subject to Swiss data protection law and possibly applicable foreign data protection law, especially that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
Responsibility for the processing of personal data:
Walter Frei AG
We would like to point out if there are other responsible parties for processing personal data in individual cases.
We have the following data protection officer or the following data protection consultant as the point of contact for affected individuals and authorities for inquiries related to data protection:
Walter Frei AG
Personal data are all details that relate to a specific or identifiable natural person. An affected person is a person whose personal data we process.
Processing includes any handling of personal data, regardless of the means and procedures used, such as querying, matching, adjusting, archiving, storing, reading out, disclosing, acquiring, collecting, deleting, revealing, arranging, organizing, saving, changing, distributing, linking, destroying, and using personal data.
The European Economic Area (EEA) comprises the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal information.
We process personal data in accordance with Swiss data protection law, especially the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).
We process – provided that and as far as the General Data Protection Regulation (GDPR) applies – personal data according to at least one of the following legal bases:
We process personal data that is necessary to permanently, user-friendly, securely, and reliably carry out our activities. Such personal data can, in particular, be categorized as inventory and contact data, browser and device data, content data, meta or incidental data, usage data, location data, sales data, contract, and payment data.
We process personal data for the duration required for the respective purpose or purposes or as legally required. Personal data no longer needed for processing is anonymized or deleted.
We may have personal data processed by third parties. We may jointly process personal data with third parties or transmit it to third parties. Such third parties are especially specialized providers whose services we use. We also ensure data protection with such third parties.
We generally process personal data only with the consent of the affected persons. If and as far as processing is permissible for other legal reasons, we may waive obtaining consent. For instance, we may process personal data without consent to fulfill a contract, to meet legal obligations, or to protect overriding interests.
In this context, we especially process information that an affected person provides us voluntarily when making contact—e.g., by mail, email, instant messaging, contact form, social media, or phone—or when registering for a user account. We may store such information, for example, in an address book, a Customer-Relationship-Management system (CRM system), or similar tools. If we receive data about other people, the transmitting persons are obligated to ensure data protection for these persons and to ensure the accuracy of this personal data.
We also process personal data that we obtain from third parties, procure from publicly accessible sources, or collect during our activities, provided such processing is legally permissible.
We process personal data of applicants insofar as it is necessary to assess their suitability for employment or for the subsequent execution of an employment contract. The required personal data is especially derived from the information requested, for example, in a job advertisement. Furthermore, we process those personal data that applicants voluntarily communicate or publish, especially as part of cover letters, resumes, and other application documents, as well as from online profiles.
We process — provided the General Data Protection Regulation (GDPR) is applicable — personal data of applicants especially according to Art. 9 para. 2 lit. b GDPR.
We can offer applicants the opportunity to store their data in our Talent Pool to consider them for future job openings. We can also use such data to maintain contact and to provide news updates. If we believe an applicant might be suitable for a job opening based on their data, we can inform the applicant accordingly.
We process personal data primarily in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly to process or have them processed there.
We can export personal data to all countries and territories on Earth and elsewhere in the Universe, provided that the local law, according to the decision of the Swiss Federal Council, ensures adequate data protection and – if and when the General Data Protection Regulation (GDPR) applies – according to the decision of the European Commission ensures adequate data protection.
We may transfer personal data to countries whose law does not ensure adequate data protection, provided that data protection is ensured for other reasons, particularly based on standard data protection clauses or with other appropriate guarantees. Exceptionally, we can export personal data to countries without adequate or suitable data protection, if the specific data protection legal requirements are met, for example, the express consent of the affected persons or a direct connection with the conclusion or processing of a contract. Upon request, we gladly inform affected persons about any guarantees or provide a copy of any guarantees.
We grant affected persons all claims according to the applicable data protection law. Affected persons particularly have the following rights:
We may defer, limit, or deny the exercise of the rights of affected persons within the legally permissible framework. We may inform affected persons about the conditions that must be met to exercise their data protection rights. For example, we may partially or fully deny access with reference to trade secrets or the protection of other individuals. We may also partially or fully deny the deletion of personal data with reference to statutory retention obligations.
We may exceptionally charge fees for exercising rights. We will inform affected persons in advance about any potential fees.
We are obligated to identify affected persons who request information or assert other rights with appropriate measures. Affected persons are required to cooperate.
Affected persons have the right to legally enforce their data protection claims or file a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private entities and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Affected persons have – if and when the General Data Protection Regulation (GDPR) applies – the right to file a complaint with a competent European data protection supervisory authority.
We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security.
Access to our website is secured with transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.
Our digital communication is – as basically all digital communication – subject to mass surveillance without cause and suspicion as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the respective processing of personal data by intelligence services, police stations, and other security authorities.
Cookies can be stored temporarily in the browser as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies in particular allow a browser to be recognized on the next visit to our website and thus, for example, measure the reach of our website. Permanent cookies can also be used for online marketing, for instance.
For cookies used for performance and reach measurement or for advertising, a general objection ("opt-out") is possible via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
For each access to our website, we can record the following information, provided that it is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the individual sub-page of our website accessed including the amount of data transferred, and the last website accessed in the same browser window (referrer).
We store such information, which can also constitute personal data, in server log files. This information is necessary in order to provide our website in a permanent, user-friendly, and reliable manner, and to ensure data security and, in particular, the protection of personal data - also by third parties or with the help of third parties.
We may use counting pixels on our website. Counting pixels are also referred to as web beacons. Counting pixels - also from third parties whose services we use - are small, usually invisible images that are automatically retrieved when visiting our website. With counting pixels, the same information can be recorded as in server log files.
We are present on social media platforms and other online platforms to communicate with interested individuals and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
For our Facebook social media presence including the so-called page insights, we are - where and to the extent the General Data Protection Regulation (GDPR) applies - jointly responsible with Meta Platforms Ireland Limited (Ireland). The Meta Platforms Ireland Limited is part of the Meta companies (including in the US). The page insights provide information on how visitors interact with our Facebook presence. We use page insights to effectively and user-friendly offer our Facebook social media presence.
We use services from specialized third parties to permanently carry out our activities in a user-friendly, secure, and reliable manner. With such services, we can, among other things, embed functions and content into our website. When embedding, for technical reasons, the services used temporarily capture at least the IP addresses of users.
For necessary security-related, statistical, and technical purposes, third parties, whose services we use, may process data related to our activities in an aggregated, anonymized, or pseudonymized manner. These are, for example, performance or usage data to be able to offer the respective service.
We particularly use:
We use services from specialized third parties to access the necessary digital infrastructure in relation to our activities. This includes, for example, hosting and storage services from selected providers.
We use services from selected providers to better communicate with third parties, such as potential and existing customers.
We particularly use:
We recommend, depending on the situation, to mute the microphone by default when participating in audio or video conferences, and to blur the background or display a virtual background.
We particularly use:
We use services from specialized third parties to enable the direct playback of digital audio and video content, such as music or podcasts.
We particularly use:
We attempt to determine how our online offer is used. In this context, for instance, we can measure the success and reach of our activities and operations, as well as the effect of third-party links to our website. We can also, for instance, test and compare how different parts or versions of our online offer are used ("A/B testing" method). Based on the results of the success and reach measurement, we can, in particular, fix errors, strengthen popular content, or make improvements to our online offer.
For the success and reach measurement, in most cases, the IP addresses of individual users are stored. IP addresses are, in this case, basically shortened ("IP masking") to follow the principle of data economy through the respective pseudonymization.
During the success and reach measurement, cookies might be used, and user profiles might be created. Any created user profiles might include, for instance, individual pages visited or content viewed on our website, information on the size of the screen or browser window, and the – at least approximate – location. Generally, any user profiles are exclusively created in a pseudonymized form and are not used to identify individual users. Some third-party services, where users are logged in, might associate the use of our online offer with the user account or user profile of the respective service.
We particularly use:
We can adapt and supplement this privacy statement at any time. We will inform about such adjustments and supplements in an appropriate manner, especially by publishing the respective current privacy statement on our website.