Data privacy policy
We, the DUBS + GEHRIG HANDELS AG, are responsible for the data processing described in this privacy policy (hereinafter also referred to as ‘us’ and ‘our’).
We process various personal data on our website (http://www.dubs-gehrig.com/) and as part of our business activities, about which we would like to inform you below. Personal data is all information that relates to you (e.g. name, address, e-mail address, telephone number) and can identify you directly or indirectly (e.g. via the Internet). If you have any data protection concerns, please contact us at the address given at the end of this privacy policy (see section 10).
The privacy policy is designed to meet the requirements of data protection in Switzerland. Please note that we will review and amend it from time to time. The version published on this website is the current version.
If you provide us with data of third parties (e.g. family members, customers, etc.), you confirm with your transmission that you are authorised to do so, that this data is correct and that the third parties concerned are aware of this data protection declaration.
1 Personal data that we process
First and foremost, we process the personal data about you that you provide to us yourself or that we collect from users when they visit our website and use our app.
In addition, we may also obtain personal data about you from third-party sources for the purposes set out in section 2, in particular
from customers or your employer with whom we are in contact (e.g. your contact details and details in connection with their professional functions and activities) so that we can, for example, conclude and process transactions with your employer with your help
Orders and related information that we receive from third parties so that we can conclude or fulfil contracts with you, for example to deliver products or provide services to you
Documents relating to you and powers of attorney
- Credit reports from credit agencies or authorities, certificates and references
- Extracts from publicly accessible registers (e.g. commercial register)
- Communication data.
- If you contact us via the contact form on our website, the e-mail address or telephone number provided, we collect the peripheral data of the communication in addition to the information you provide to us. This includes the manner, place and time of the communication.
- Your online activities (including activities on social media). For example, when you use our website, we collect technical data to ensure the functionality and security of these services. This data also includes logs in which the use of our systems is recorded. As part of the technical data, we collect the IP and MAC address of the devices used as well as information about the operating system of your end device, the date, region and time of use and the type of browser you use to access our website. This can help us to transmit the correct formatting of the website and serves to promote a smooth connection setup, convenient use of the website, evaluation of system security and stability and other administrative purposes. To ensure the functionality of these offers, we can also assign a customised code to you or your end device (e.g. in the form of a coo
2 Purposes for which we process your personal data
In addition to the purposes that we will inform you of separately if required, we process your personal data for the following purposes:
- Communication with you and the third parties mentioned in section 1
- Conclusion and processing of contracts with you (including conducting application procedures and entering into employment relationships) and the third parties named in section 1
- Operation of the infrastructure (including our website)
- Marketing to promote our services (e.g. mailings, events) and relationship management
- Market research and product development, in particular to plan, develop and improve our offering (including products and services)
- Compliance with regulatory requirements such as laws, industry standards, directives, etc.
- Maintaining security (e.g. combating offences and fraud, access controls and monitoring our website)
- Risk management and prudent corporate governance (e.g. business organisation and corporate development)
- Assertion and defence of claims and official proceedings
If we ask for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time with effect for the future by sending us written notification (by post) or, unless otherwise stated or agreed, by e-mail; you will find our contact details in Section 10 below. Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so (e.g. legal obligation or overriding interest). The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal.
2 Cookies
We use technologies on our website with which we and third parties engaged by us can recognise you when you use the website and, under certain circumstances, track you over several visits. Essentially, this is so that we can distinguish your access (via your system) from access by other users, so that we can ensure the functionality of the website and carry out analyses and personalisation. We do not want to infer your identity. However, even without registration data, the technologies used are designed in such a way that you are recognised as an individual visitor each time you access a page, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (so-called ‘cookie’). Cookies help in many ways to make your visit to our website easier, more pleasant and more meaningful.
You can programme your browser so that it blocks or deceives certain cookies or alternative technologies or deletes existing cookies. You can also add software to your browser that blocks tracking by certain third parties. Further information on this can be found on the help pages of your browser (usually under the heading ‘Data protection’). On the following pages you will find explanations on how to configure the processing of cookies in the most common browsers:
Please note that deactivating cookies may mean that you cannot use all the functions of our website.
4. Third-party services that are integrated on our website
4.1 Tracking tools that we use
We use third-party services to provide our website in a permanent, user-friendly, secure and reliable manner. They may also be used to embed content in our website. These services require your (IP) address in order to be able to transmit the corresponding content.
4.1.1 Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland or Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Analytics uses methods that make it possible to analyse the use of our website, e.g. cookies. These generate information about your use of the website, such as
- Navigation path of visitors to our website
- Time spent on the website (including subpages)
- The subpage on which the website is left
- The country, region or city from which our website is accessed
- The end device used (type, version, colour depth, resolution, width and height of the browser window)
- Browser provider (including version) and the operating system used
- Whether it is a returning or new visitor
- The website that was visited before visiting our website (referrer URL)
- Host name of the accessing computer (IP address)
- Time of the server request
This information is transferred to Google servers in the USA and stored there. The IP address is shortened by activating IP anonymisation (‘anonymizeIP’) on our website before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area, as well as in Switzerland. The anonymised IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. In these cases, we ensure through contractual guarantees, in particular through the agreement of the EU standard contractual clauses and additional measures, that Google complies with an adequate level of data protection.
We use this information to analyse the use of our website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of our website. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. According to Google, under no circumstances will the IP address be associated with other data relating to the user.
The legal basis for processing the data for the aforementioned purposes is your consent, which you give us using the cookie banner. You can withdraw your consent at any time (see section 10).
You can prevent Google from collecting the data generated by the cookies (including the IP address) relating to the use of the website and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. In this case, an opt-out cookie will be stored on your device. If you delete cookies, the link must be clicked again.
We use Google Signals. This is used to record additional information in Google Analytics about users who have activated personalised ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.
The recorded data is stored together with the randomly generated user ID, which makes it possible to analyse pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.
4.1.2 Google reCAPTCHA
Our website uses reCAPTCHA from Google to check whether the data input (e.g. in a contact form) is made by a human or by an automated programme. For this purpose, the behaviour of website users is analysed on the basis of various characteristics. To analyse this, reCAPTCHA evaluates various information, in particular the IP address, the time the user spends on our website or the mouse movements made by the user. The data collected during the analysis is transmitted to Google.
Further information on Google reCAPTCHA can be found in Google’s privacy policy at: https://support.google.com/analytics/answer/6004245?hl=de.
4.1.3 Google Tag Manager
To manage cookies and pixels for tracking tools and other tools, we use Google Tag Manager on our website, a service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The Tag Manager tool is a cookie-free domain and does not collect any personal data. However, it triggers other tags that can collect personal data. If you have made a deactivation at the main or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
You can find more information on the collection and use of your personal data by the Tag Manager tool in its privacy policy: https://marketingplatform.google.com.
4.2 Other tools and plugins that we use
4.2.1 Google Web Fonts
For the standardised display of fonts, we use so-called web fonts on our website, a service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland or Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. This tells the Google server which of our web pages you have visited. The IP address of the browser of the end device of the visitor to this website is also stored by Google. If your browser does not support web fonts, a standard font will be used by your computer.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
4.2.2. CCM19
We use ccm19, a cookie consent manager tool, on our website. The service provider is the German company Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany. You can find out more about the data processed through the use of ccm19 in the privacy policy at https://www.ccm19.de/datenschutzerklaerung.html
5. Links to third-party websites on our website
Our website contains links to third-party websites.
We have no influence whatsoever on websites linked to our website and disclaim any liability for the visit and content of linked websites. With regard to data protection, we refer to the privacy policy on the respective websites.
6. Data transfer (including data transfer abroad)
We may also transfer your personal data to third parties for the purposes set out in section 2, in particular to the following categories of recipients:
Service providers: We work with service providers who process personal data about you on our behalf or under joint responsibility with us or who receive data about you from us under their own responsibility, debt collection companies, shipping service providers and the third parties mentioned in section 4 who collect data about you via the website).
Public authorities: We may disclose personal data to offices, courts and other authorities if this is necessary for the performance of a contract or if we are legally obliged or authorised to do so or if this appears necessary to protect our legitimate interests. The authorities process data about you that they receive from us on their own responsibility;
Business partners: e.g. suppliers, customers, marketing and project partners;
Other persons: This refers to other cases where the involvement of third parties arises from the purposes set out in section 2, e.g. other parties in potential or actual legal proceedings as well as acquirers or parties interested in acquiring business divisions, companies or other parts of us.
All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
The third parties to whom we transfer your personal data may also be located abroad, usually in other signatory states to the Agreement on the European Economic Area, but exceptionally in any country in the world (e.g. with regard to the tools we use in accordance with section 4). If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection law, e.g. by agreeing the EU standard contractual clauses, unless the recipient is already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption clause. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the fulfilment of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.
Note on data transfers to the USA: Some of the third-party service providers mentioned in this privacy policy are based in the USA (see section 4). In order to enable you to make an informed decision about consenting to the use of your data, we would like to explicitly draw your attention to the following legal and factual situation in the USA: The surveillance measures of authorities in the USA generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland or the EU to the USA. This is done without differentiation, restriction or exception based on the objective pursued. There is no objective criterion that makes it possible to restrict the access of the authorities in the USA to the personal data and its subsequent use to very specific, strictly limited purposes that justify access to this data and the interference associated with its use. In the USA, there are no legal remedies for data subjects from Switzerland or the EU that would allow them to obtain access to the personal data concerning them and to obtain its correction or deletion, or no effective legal protection against general access rights of authorities in the USA. From the perspective of the Swiss Confederation and the EU, the USA does not have an adequate level of data protection (in particular due to the legal and factual situation mentioned in this section). Insofar as we explain in this privacy policy that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at an appropriate level by our partners through contractual arrangements with these companies and any additional appropriate guarantees that may be required.
7. Data security
We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to counteract the risks of loss, unintentional alteration, unwanted disclosure or unauthorised access.
Data transmitted via an open network such as the Internet or an e-mail service is openly accessible, which is why we cannot guarantee the confidentiality of messages or content transmitted via these channels. Please be aware that third parties may access, collect and use personal data transmitted over an open network for their own purposes.
8. Duration of storage of personal data
We process your data for as long as our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes require it or storage is technically necessary. In particular, business communication or concluded contracts, for example, must be stored for up to 10 years.
9. Your rights
The applicable data protection law grants you various rights, including the right to information, the right to correct incorrect data and the right to object. In addition, you can revoke your consent to the processing of your personal data at any time with effect for the future (see also section 2).
If you have any questions regarding your rights and how to exercise them, please contact us in writing or, unless otherwise stated or agreed, by e-mail; our contact details can be found in section 10 below.
10. Contakt
For data protection concerns, please contact
DUBS + GEHRIG HANDELS AG
Dufourstrasse 10
P.O. Box 221
CH – 8702 Zollikon