Privacy Policy

In this Privacy Policy we provide information about what personal data we process, where we process it, and for what purpose, particularly in connection with our zellerag.ch website and other content. This Privacy Policy also provides information about the rights of persons whose data we process.

For individual or additional content and services, further privacy policies may apply, including special or supplementary privacy policies, as well as other legal documents such as General Terms and Conditions of Business, terms of use or conditions of participation.

Our content is subject to Swiss data protection legislation and any applicable foreign data protection legislation such as in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognises that the Swiss data protection legislation ensures an adequate level of data protection.

1. Contact Addresses

Responsible for the processing of personal data:

Max Zeller Söhne AG
Seeblickstrasse 4
8590 Romanshorn

info@zellerag.ch

We will provide notification in individual cases where a different party is responsible for processing personal data.

Data protection representative in the European Economic Area (EEA)

In accordance with GDPR Art. 27, we have the following data protection representative in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway as the point of contact to be additionally addressed by, in particular, supervisory authorities and data subjects on issues related to the General Data Protection Regulation (GDPR):

VGS Datenschutzpartner UG
Am Kaiserkai 69
20457 Hamburg
Germany

info@datenschutzpartner.eu

2. Processing of Personal Data

2.1 Terms

Personal data shall include any information that relates to an identified or identifiable person. A data subject shall be any person whose personal data is processed. Processing shall comprise any handling of personal data, irrespective of the means and procedures applied, in particular any retention, disclosure, collection, erasure, storage, modification, destruction and utilisation of personal data.

The European Economic Area (EEA) comprises the European Union (EU), the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) defines the processing of personal data as the processing of data relating to individuals.

2.2 Legal Bases

We shall process personal data in line with the Swiss data protection legislation, including, in particular, the Swiss Federal Act on Data Protection (FADP) and the Swiss Ordinance to the Federal Act on Data Protection (OFADP).

If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we shall process personal data in accordance with at least one of the following legal bases:

  • GDPR Art. 6(1)(b) for the required processing of personal data for the performance of a contract to which the data subject is party as well as in order to take steps prior to entering into a contract.
  • GDPR Art. 6(1)(f) for the required processing of personal data for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms as well as by interests of the data subject. Legitimate interests shall comprise, in particular, our interest in providing our content securely, reliably, in a user-friendly way and on a permanent basis, information security, protection against misuse and unauthorised use, the enforcement of our own legal claims and compliance with Swiss legislation.
  • GDPR Art. 6(1)(c) for the required processing of personal data for compliance with a legal obligation to which we are subject according to any applicable legislation of Member States of the European Economic Area (EEA).
  • GDPR Art. 6(1)(e) for the required processing of personal data for the performance of a task carried out in the public interest.
  • GDPR Art. 6(1)(a) for the processing of personal data with the consent of the data subject.
  • GDPR Art. 6(1)(d) for the required processing of personal data in order to protect the vital interests of the data subject or of another natural person.

2.3 Type, Scope and Purpose

We process such personal data as is necessary to provide our content in a user-friendly, secure and reliable manner on a permanent basis. This personal data may fall under the categories of inventory and contact data, browser and device data, content data, metadata, usage data, location data, sales data, contract data and payment data.

We process personal data for the duration that is legally required, or required for the respective purpose or purposes. Personal data which no longer needs to be processed is anonymised or erased. Persons whose data we process have a basic right of erasure.

As a basic principle, we shall process personal data only after the consent of the data subject has been given, unless processing is permissible for any other legal reasons, for example for the performance of a contract to which the data subject is party and for corresponding measures prior to entering into a contract to safeguard our prevailing legitimate interests, because such processing is evident from the circumstances or following prior information.

Within this framework, we shall process, in particular, any information that is provided by data subjects themselves voluntarily upon establishment of contact – for example by letter, e-mail, contact form, social media or telephone — or upon registration for a user account. We may store this information in an address book, for example, or using comparable tools. Insofar as you provide information to us via third parties, you are obliged to guarantee data protection by such third parties and to ensure the correctness of this personal data.

We also process personal data that we receive from third parties, acquire from publicly accessible sources, or collect as part of the provision of our content, insofar as and to the extent that such processing is legally permissible.

Personal data from applications is only processed to the extent necessary for assessing suitability for employment or for subsequent performance of a contract of employment. The personal data required for executing an application process is derived from the requested and/or disclosed information, for example within the context of a job description. Applicants shall have the opportunity to provide further information for their respective applications voluntarily.

2.4 Processing of Personal Data by Third Parties, including Abroad

We may assign third parties to process personal data, or process this data together with third parties or with the assistance of third parties, or send it to third parties. In particular, these third parties are providers whose services we use. We shall ensure that these third parties also provide an adequate level of data protection.

As a general principle, these third parties are located in Switzerland and the European Economic Area (EEA). However, these third parties may also be located in other countries and territories on Earth and elsewhere in the universe, insofar as their data protection legislation ensures an adequate level of data protection according to the Swiss Federal Data Protection and Information Commissioner (FDPIC) and insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable according to the European Commission, or if adequate data protection is assured for other reasons, for example by a corresponding contractual agreement, in particular one based on standard contract clauses, or by corresponding certification. In exceptional cases, such a third party may be located in a country without adequate data protection, provided that the legislative data protection requirements, for example the explicit consent of the data subject, are met.

3. Rights of Data Subjects

Any data subjects whose personal data is processed by us shall have the rights accorded under Swiss data protection legislation. This shall include the right to information and the right to rectification, erasure or blocking of the personal data processed.

Any data subjects whose personal data is processed by us, if and to the extent that the General Data Protection Regulation (GDPR) is applicable, may request a confirmation free of charge as to whether we process their personal data and if this is the case, they may request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability and have their personal data rectified, erased (“right to be forgotten”), blocked or completed.

Any data subjects whose personal data is processed by us, if and to the extent that the GDPR is applicable, may revoke at any time and with future effect any consents given and object to the processing of their personal data at any time.

Any data subjects whose personal data is processed by us shall have a right of appeal to the relevant supervisory authority. The supervisory authority in charge of data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

4. Data Security

We shall take reasonable and adequate technical and organisational measures to ensure data protection and in particular data security. Notwithstanding such measures, however, security vulnerabilities are always possible when processing personal data on the Internet. We cannot therefore guarantee absolute data security.

Our online content is accessed with transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated to HTTPS). Most browsers indicate transport encryption with a padlock symbol in the address line.

Any access to our online content, just as, in principal, any use of the Internet, is subject to groundless mass surveillance regardless of suspicion as well as other monitoring measures taken by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We have no direct influence on the processing of personal data in this way by intelligence agencies, police services and other security authorities.

5. Use of the Website

5.1 Cookies

We may use cookies on our website. Cookies, which comprise either our own cookies (first-party cookies), or cookies from third parties whose services we use (third-party cookies), are text files stored in your browser. Such stored data need not be limited to traditional cookies in text form. Cookies cannot execute programmes or transmit malware, such as Trojans and viruses.

When visiting our website, cookies may be stored in your browser temporarily as "session cookies" or for a certain period of time as permanent cookies. "Session cookies" are automatically deleted when you close your browser. Permanent cookies are stored for a specific period of time. In particular, they enable us to recognise your browser when you visit our website again, which allows us to measure, for example, the reach of our website. However, permanent cookies may also be used for online marketing, for example.

You may disable and delete cookies in your browser settings in whole or in part at any time. Without cookies, however, our website might no longer be available to its full extent. We actively ask for your explicit consent for the use of cookies, if and when necessary.

For numerous services, it is possible to lodge a general objection to cookies used for measuring performance and reach or for advertising (opt-out) via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 Server Log Files

For any visit made to our website, we may gather the following information, insofar as it can be transmitted by your browser to our server infrastructure, or detected by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the individual pages of our website accessed including the amount of data transferred, the last web page opened in the same browser window (referrer).

We store this information, which may also constitute personal data, in server log files. We require this information in order to make our online content user-friendly, reliable and permanently accessible, and in order to ensure data security and therefore in particular the protection of personal data, including by third parties, or with the help of third parties.

5.3 Tracking Pixels

We may use tracking pixels on our website. Tracking pixels are also called web beacons. Tracking pixels – which may also come from third parties whose services we use – are small, usually invisible graphics which are automatically loaded when you visit our website. Tracking pixels can collect the same information as server log files.

6. Notifications and Messages

We may send notifications and messages such as newsletters by e-mail and via other communication channels such as instant messaging.

6.1 Performance and Reach Measurement

Notifications and messages may contain web links or tracking pixels which gather data on whether an individual message was opened and what web links in it were clicked on. These web links and tracking pixels can also collect data on how notifications and messages are used by individuals. We require this statistical gathering of usage data in order to measure performance and reach, to make notifications and messages effective and user-friendly based on the needs and reading habits of the recipients, and to provide them securely and reliably on a permanent basis.

6.2 Consent and Objection

In principle, you must explicitly consent to the use of your e-mail address and your other contact addresses, unless use of these is permissible for other legal reasons. For any consent to receive e-mails, we use the "double opt-in" where possible, which means that you receive an e-mail with a web link, which you must click on to confirm, so that no misuse by unauthorised third parties can occur. We can log these consents including Internet Protocol (IP) address, date and time for evidential and security reasons.

As a basic principle, you can unsubscribe from notifications and messages such as newsletters at any time. We reserve the right to send notifications and messages that are essential for our services. When you unsubscribe, you can, in particular, object to the statistical gathering of usage data for performance and reach measurement.

6.3 Service Providers for Notifications and Messages

We send notifications and messages using the services of third parties, or with the help of third parties. Cookies can also be used for this. We shall ensure that these services also provide an adequate level of data protection.

In particular, we use:

7. Social Media

We are present on social media platforms and other online platforms in order to communicate with interested persons and provide information about our services. This may involve personal data being processed outside Switzerland and the European Economic Area (EEA).

The respective General Terms and Conditions, terms of use, privacy policies and other provisions of the individual operators of these online platforms shall apply. These provisions provide information in particular about the rights of data subjects, in particular the right to information.

For our social media presence on Facebook, we are responsible together with Facebook Ireland Limited in Ireland for the Page Insights, insofar as and to the extent that GDPR is applicable. The Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights in order to make our social media presence on Facebook effective and user-friendly.

Further information on the type, scope and purpose of data processing, information on the rights of data subjects and the contact details of Facebook as well as Facebook's data protection officer can be found in Facebook's privacy policy ("Data Policy"). We have concluded an agreement known as the “Controller Addendum” with Facebook and have thus agreed in particular that Facebook is responsible for ensuring the rights of data subjects. Information on Page Insights can be found on the Facebook pages Page Insights Information including "Page Insights Controller Addendum” and Information about Page Insights Data.

8. Performance and Reach Measurement

We use services and programmes to analyse how our website is used, including for example measuring the reach of our website and the success of third-party links to our website. However, we can also, for example, test and compare how different versions of our website or parts thereof are used ("A/B test" method). Based on the results of the performance and reach measurement, we can in particular correct errors, amplify particularly popular content or improve our online content.

The use of services and programmes for performance and reach measurement requires the Internet Protocol (IP) addresses of individual users to be stored. As a matter of principle, IP addresses are truncated in accordance with the principle of data minimisation and to improve the data protection of visitors to our website ("IP masking").

Services and programmes for performance and reach measurement may require the use of cookies and the creation of user profiles. User profiles contain, for example, the pages visited or content viewed on our website, information on the size of the screen or browser window and the - at least approximate - location. User profiles are as a rule always created under a pseudonym. We do not use user profiles to identify individual visitors to our website. Some services you are registered with as a user may link your use of our website with your profile at the respective service; however, this usually requires your prior consent.

In particular, we use:

9. Third party services

We use services of third parties in order to be able to provide our offer permanently, user-friendly, securely and reliably. These services are also used to embed content in our website. These services, for example hosting and storage services, video services and payment services, require your Internet Protocol (IP) address, since they cannot otherwise deliver the corresponding content. Such services may be located outside Switzerland and the European Economic Area (EEA), provided that adequate data protection is assured.

Third parties whose services we use may also process data in connection with our content and from other sources – in aggregated, anonymised or pseudonymised form, inter alia using cookies, log files and tracking pixels – for their own security-related, statistical and technical purposes.

9.1 Digital Infrastructure

We use services of third parties to provide the necessary digital infrastructure for our content. These include, for example, hosting and storage services from specialised providers.

In particular, we use:

9.2 Audio and Video Conferences

We use services for audio and video conferences in order to communicate with our customers and other persons. We may use these in particular to run audio and video conferences, virtual meetings and training such as webinars. In addition to this Privacy Policy, any conditions of the services used apply, for example terms of use or privacy policies.

In particular, we use Zoom, a service of the US American Zoom Video Communications Inc. Zoom also grants rights under the European General Data Protection Regulation (GDPR) to users in Switzerland. Further information about the type, scope and purpose of the data processing can be found in Zoom's Privacy Policy and on Zoom's Legal and Privacy page.

9.3 Maps

We use third party services to embed maps in our website.

In particular, we use:

9.4 Entertainment

9.4.1 We use Vimeo to embed videos in our website. Cookies are also used for this. Vimeo is a service of the US American Vimeo Inc. Further information about the type, scope and purpose of the data processing can be found in the Vimeo privacy FAQs and in the Vimeo Privacy Policy.

9.4.2 We use YouTube to embed videos in our website. Cookies are also used for this. YouTube is a service of the US American Google LLC. Google Ireland Limited in Ireland is responsible for users in the European Economic Area (EEA) and Switzerland. Further information about the type, scope and purpose of the data processing can be found in Google's Privacy and Security Principles and Privacy Policy, in the Google Product Privacy Guide (including YouTube) in the Information on how Google uses data from websites on which Google services are used and in the Information about Google cookies. It is also possible to object to personalised advertising.

9.5 Fonts

We use Google Fonts to embed selected fonts in our website. No cookies are used for this. Google Fonts is a service of the US American Google LLC, which is offered independently of other Google services. Google Ireland Limited in Ireland is responsible for users in the European Economic Area (EEA) and Switzerland. Further information about the type, scope and purpose of the data processing can be found in Google's Privacy and Security Principles and Privacy Policy.

9.6 Advertising

9.6.1 Facebook Ads

We use Facebook Ads in order to place targeted advertising on Facebook. Facebook Ads is a service of Facebook Ireland Ltd. in Ireland or the US American Facebook Inc. Facebook Ads also uses cookies.

In particular, our aim with this advertising is to reach persons who are interested in our online content or already use our online content. For this purpose, using in particular the Facebook pixel, we send corresponding information, which may also include personal data, to Facebook (Custom Audiences including Lookalike Audiences). We may also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).

Further information about the type, scope and purpose of the data processing can be found in Facebook's Data Policy. Facebook users can use the ad preferences to control what advertising they see on Facebook and what advertising is displayed to them on Facebook in future.

We use Google Ads (formerly AdWords) in order to place targeted advertising in the Google search engine and elsewhere on the Internet, for example on other websites, inter alia based on search queries. Google Ads is a service of the US American Google LLC. Google Ireland Limited in Ireland is responsible for users in the European Economic Area (EEA) and Switzerland. Google Ads also uses cookies. Google uses various domain names, in particular doubleclick.net, googleadservices.com and googlesyndication.com, for Google Ads.

In particular, our aim with this advertising is to reach persons who are interested in our online content or already use our online content. We may also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).

Further information about the type, scope and purpose of the data processing can be found in Google's Privacy and Security Principles and Privacy Policy, as well as under How Google uses information from sites or apps that use our services and How Google uses cookies. It is also possible to object to personalised advertising.

9.6.3 Instagram Ads

We use Instagram Ads in order to place targeted advertising on Instagram. Instagram Ads is a service of Facebook Ireland Ltd. in Ireland or the US American Facebook Inc. Instagram Ads also uses cookies.

In particular, our aim with this advertising is to reach persons who are interested in our online content or already use our online content. For this purpose, using in particular the Facebook pixel, we send corresponding information, which may also include personal data, to Facebook (Custom Audiences including Lookalike Audiences). We may also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).

Further information about the type, scope and purpose of the data processing can be found in Instagram's Data Policy and Facebook's Data Policy. Users can also check which interests the advertising relates to under the Instagram Ads Interests, and control what advertising is displayed to them using the Facebook ad preferences.

9.6.4 LinkedIn Ads

We use LinkedIn Marketing Solutions in order to place targeted advertising on LinkedIn (LinkedIn Ads). This is a service of LinkedIn Ireland Unlimited Company in Ireland or the US American LinkedIn Corporation. Cookies are also used for this.

In particular, our aim with this advertising is to reach persons who are interested in our online content or already use our online content. For this purpose, using in particular the LinkedIn Insight Tag, we send corresponding information, which may also include personal data, to LinkedIn (retargeting). We may also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking). If you are logged into LinkedIn as a user, LinkedIn can link the use of our online content to your profile.

Further information about the type, scope and purpose of the data processing can be found in LinkedIn's Privacy Policy, Cookie Policy and on LinkedIn's Privacy Hub. It is also possible to object to personalised advertising.

10. Add-ons for the Website

We use Google reCAPTCHA to protect input forms against bots and spam, while at the same time reliably allowing inputs by persons. Cookies are also used for this. This is a service of the US American Google LLC. Google Ireland Limited in Ireland is responsible for users in the European Economic Area (EEA) and Switzerland. Further information about the type, scope and purpose of the data processing can be found in Google's Privacy and Security Principles and Privacy Policy and under How Google uses cookies.

11. Final Provisions

This Privacy Policy is an unofficial translation from the German-language original.

We may amend or add to this Privacy Policy at any time. We shall provide notification of any such amendments or additions in a suitable form, in particular by publishing the current Privacy Policy on our website.

Romanshorn, May 2021