Privacy Policy

In this Privacy Policy, we provide information about what personal data we process, where we process it, and for what purpose, particularly in connection with our zellerag.ch website and other content. This Privacy Policy also provides information about the rights of persons whose data we process.

For individual or additional content and services, further privacy policies may apply, including special or supplementary privacy policies, as well as other legal documents such as General Terms and Conditions of Business, terms of use or conditions of participation.

Our content is subject to Swiss data protection legislation and any applicable foreign data protection legislation such as in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognises that the Swiss data protection legislation ensures an adequate level of data protection.

1. Contact Addresses

Responsible for the processing of personal data:

Max Zeller Söhne AG
Seeblickstrasse 4
8590 Romanshorn, Switzerland

info@zellerag.ch

We will provide notification in individual cases where a different party is responsible for processing personal data.

Data protection representative in the European Economic Area (EEA)

In accordance with GDPR Art. 27, we have the following data protection representative in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway as the point of contact to be additionally addressed by, in particular, supervisory authorities and data subjects on issues related to the General Data Protection Regulation (GDPR):

VGS Datenschutzpartner UG
Am Kaiserkai 69
20457 Hamburg
Germany

info@datenschutzpartner.eu

2. Processing of Personal Data

2.1 Terms

Personal data shall include any information that relates to an identified or identifiable person. A data subject shall be any person whose personal data is processed. Processing shall comprise any handling of personal data, irrespective of the means and procedures applied, in particular any retention, disclosure, collection, erasure, storage, modification, destruction and utilisation of personal data.

The European Economic Area (EEA) comprises the European Union (EU), the Principality of Liechtenstein, Iceland and Norway.

2.2 Legal Bases

We shall process personal data in line with the Swiss data protection legislation, including, in particular, the Swiss Federal Act on Data Protection (FADP) and the Swiss Ordinance to the Federal Act on Data Protection (OFADP).

If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we shall process personal data in accordance with at least one of the following legal bases:

  • GDPR Art. 6(1)(b) for the required processing of personal data for the performance of a contract to which the data subject is party as well as in order to take steps prior to entering into a contract.
  • GDPR Art. 6(1)(f) for the required processing of personal data for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms as well as by interests of the data subject. Legitimate interests shall comprise, in particular, our interest in providing our content securely, reliably, in a user-friendly way and on a permanent basis, information security, protection against misuse and unauthorised use, the enforcement of our own legal claims and compliance with Swiss legislation.
  • GDPR Art. 6(1)(c) for the required processing of personal data for compliance with a legal obligation to which we are subject according to any applicable legislation of Member States of the European Economic Area (EEA).
  • GDPR Art. 6(1)(e) for the required processing of personal data for the performance of a task carried out in the public interest.
  • GDPR Art. 6(1)(a) for the processing of personal data with the consent of the data subject.
  • GDPR Art. 6(1)(d) for the required processing of personal data in order to protect the vital interests of the data subject or of another natural person.

2.3 Type, Scope and Purpose

We process such personal data as is necessary in order to provide our content in a user-friendly, secure and reliable manner. This personal data may fall under the categories of inventory and contact data, browser and device data, content data, metadata, usage data, location data, sales data, contract data and payment data.

We process personal data for the duration that is legally required, or required for the respective purpose or purposes. Personal data which no longer needs to be processed is anonymised or erased. Persons whose data we process have a basic right of erasure.

As a basic principle, we shall process personal data only after the consent of the data subject has been given, unless processing is permissible for any other legal reasons, for example for the performance of a contract to which the data subject is party and for corresponding measures prior to entering into a contract to safeguard our prevailing legitimate interests, because such processing is evident from the circumstances or following prior information.

Within this framework, we shall process, in particular, any information that is provided by data subjects themselves voluntarily upon establishment of contact – for example by letter, e-mail, contact form, social media or telephone — or upon registration for a user account. We may store this information in an address book, for example, or using comparable tools. Insofar as you provide information to us via third parties, you are obliged to guarantee data protection by such third parties and to ensure the correctness of this personal data.

We also process personal data that we receive from third parties, acquire from publicly accessible sources, or collect as part of the provision of our content, insofar as and to the extent that such processing is legally permissible.

Personal data from applications is only processed to the extent necessary for assessing suitability for employment or for subsequent performance of a contract of employment. The personal data required for executing an application process is derived from the requested and/or disclosed information, for example within the context of a job description. Applicants shall have the opportunity to provide further information for their respective applications voluntarily.

2.4 Processing of Personal Data by Third Parties, including Abroad

We may assign third parties to process personal data, or process this data together with third parties or with the assistance of third parties, or send it to third parties. In particular, these third parties are providers whose services we use. We shall ensure that these third parties also provide an adequate level of data protection.

As a general principle, these third parties are located in Switzerland and the European Economic Area (EEA). However, these third parties may also be located in other countries and territories on Earth and elsewhere in the universe, insofar as their data protection legislation ensures an adequate level of data protection according to the Swiss Federal Data Protection and Information Commissioner (FDPIC) and insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable according to the European Commission, or if adequate data protection is assured for other reasons, for example by a corresponding contractual agreement, in particular one based on standard contract clauses, or by corresponding certification. In the case of third parties in the United States of America (USA), Privacy Shield certification may ensure adequate data protection. In exceptional cases, such a third party may be located in a country without adequate data protection, provided that the legislative data protection requirements, for example the explicit consent of the data subject, are met.

3. Rights of Data Subjects

Any data subjects whose personal data is processed by us shall have the rights accorded under Swiss data protection legislation. This shall include the right to information and the right to rectification, erasure or blocking of the personal data processed.

Any data subjects whose personal data is processed by us, if and to the extent that the General Data Protection Regulation (GDPR) is applicable, may request a confirmation free of charge as to whether we process their personal data and if this is the case, they may request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability and have their personal data rectified, erased (“right to be forgotten”), blocked or completed.

Any data subjects whose personal data is processed by us, if and to the extent that the GDPR is applicable, may revoke at any time and with future effect any consents given and object to the processing of their personal data at any time.

Any data subjects whose personal data is processed by us shall have a right of appeal to the relevant supervisory authority. The supervisory authority in charge of data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

4. Data Security

We shall take reasonable and adequate technical and organisational measures to ensure data protection and in particular data security. Notwithstanding such measures, however, security vulnerabilities are always possible when processing personal data on the Internet. We cannot therefore guarantee absolute data security.

Our online content is accessed with transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated to HTTPS). Most browsers indicate transport encryption with a padlock symbol in the address line.

Any access to our online content, just as, in principle, any use of the Internet, is subject to groundless mass surveillance regardless of suspicion as well as other monitoring measures taken by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We have no direct influence on the processing of personal data in this way by intelligence agencies, police services and other security authorities.

5. Use of the Website

5.1 Cookies

We may use cookies on our website. Cookies, which comprise either our own cookies (first-party cookies), or cookies from third parties whose services we use (third-party cookies), are text files stored in your browser. Cookies cannot execute programmes or transmit malware, such as Trojans and viruses.

When visiting our website, cookies may be stored in your browser temporarily as "session cookies" or for a certain period of time as permanent cookies. "Session cookies" are automatically deleted when you close your browser. Permanent cookies, in particular, enable us to recognise your browser when you visit our website again, which allows us to measure, for example, the reach of our website. However, permanent cookies may also be used for online marketing, for example.

You may disable and delete cookies in your browser settings in whole or in part at any time. Without cookies, however, our website might no longer be available to its full extent. Insofar as and to the extent required, we shall directly ask you to give your consent to the use of cookies.

For numerous services, it is possible to lodge a general objection to cookies used for measuring performance and reach or for advertising (opt-out) via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 Server Log Files

For any visit made to our website, we may gather the following information, insofar as it can be transmitted by your browser to our server infrastructure, or detected by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the individual pages of our website accessed including the amount of data transferred, the last web page opened in the same browser window (referrer).

We store this information, which may also constitute personal data, in server log files. We require this information in order to make our online content user-friendly, reliable and permanently accessible, and in order to ensure data security and therefore in particular the protection of personal data, including by third parties, or with the help of third parties.

5.3 Tracking Pixels

We may use tracking pixels on our website. Tracking pixels are also called web beacons. Tracking pixels – which may also come from third parties whose services we use – are small, usually invisible graphics which are automatically loaded when you visit our website. Tracking pixels can collect the same information as server log files.

6. Notifications and Messages

We may send notifications and messages such as newsletters by e-mail and via other communication channels such as instant messaging.

6.1 Performance and Reach Measurement

Notifications and messages may contain web links or tracking pixels which gather data on whether an individual message was opened and what web links in it were clicked on. These web links and tracking pixels can also collect data on how notifications and messages are used by individuals. We require this statistical gathering of usage data in order to measure performance and reach, to make notifications and messages effective and user-friendly based on the needs and reading habits of the recipients, and to provide them securely and reliably on a permanent basis.

6.2 Consent and Objection

In principle, you must explicitly consent to the use of your e-mail address and your other contact addresses, unless use of these is permissible for other legal reasons. For any consent to receive e-mails, we use the "double opt-in" where possible, which means that you receive an e-mail with a web link, which you must click on to confirm, so that no misuse by unauthorised third parties can occur. We can log these consents including Internet Protocol (IP) address, date and time for evidential and security reasons.

As a basic principle, you can unsubscribe from notifications and messages such as newsletters at any time. We reserve the right to send notifications and messages that are essential for our services. When you unsubscribe, you can, in particular, object to the statistical gathering of usage data for performance and reach measurement.

6.3 Service Providers for Notifications and Messages

We send notifications and messages using the services of third parties, or with the help of third parties. Cookies can also be used for this. We shall ensure that these services also provide an adequate level of data protection.

We use MailChimp to send and manage newsletters. MailChimp is a service of the US American Rocket Science Group LLC. Further information about the type, scope and purpose of the data processing can be found in MailChimp's Privacy Policy and on the page about MailChimp, the Privacy Shield and GDPR.

7. Social Media

We are present on social media platforms and other online platforms in order to communicate with interested persons and provide information about our services. This may involve personal data being processed outside Switzerland and the European Economic Area (EEA).

The respective General Terms and Conditions, terms of use, privacy policies and other provisions of the individual operators of these online platforms shall apply. These provisions provide information in particular about the rights of data subjects, in particular the right to information.

For our social media presence on Facebook, we are responsible together with Facebook for the Page Insights, insofar as and to the extent that GDPR is applicable. The Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights in order to make our social media presence on Facebook effective and user-friendly. Facebook has published Information about Page Insights Data and a Page Insights Controller Addendum.

8. Third-Party Services

We make use of the services of third parties in order to provide our content in an effective and user-friendly manner as well as permanently, securely and reliably. These services are also used to embed content in our website. These services, for example hosting and storage services, video services and payment services, require your Internet Protocol (IP) address, since they cannot otherwise deliver the corresponding content. Such services may be located outside Switzerland and the European Economic Area (EEA), provided that adequate data protection is assured.

Third parties whose services we use may also process data in connection with our content and from other sources – in aggregated, anonymised or pseudonymised form, inter alia using cookies, log files and tracking pixels – for their own security-related, statistical and technical purposes.

8.1 Audio and Video Conferences

We use services for audio and video conferences in order to communicate with our customers and other persons. We may use these in particular to run audio and video conferences, virtual meetings and training such as webinars.

We only use services for which adequate data protection is assured. In addition to this Privacy Policy, any conditions of the services used apply, for example terms of use or privacy policies.

In particular, we use Zoom, a service of the US American Zoom Video Communications Inc. Zoom ensures adequate data protection with Privacy Shield certification. Zoom also grants rights under the European General Data Protection Regulation (GDPR) to users in Switzerland. Further information about the type, scope and purpose of the data processing can be found in Zoom's Privacy Policy and on Zoom's Legal and Privacy page.

8.2 Maps

We use Google Maps to embed maps in our website. Cookies are also used for this. Google Maps is a service of the US American Google LLC. Google Ireland Limited in Ireland is responsible for users in the European Economic Area (EEA) and Switzerland. Further information about the type, scope and purpose of the data processing can be found in Google's Privacy and Security Principles and Privacy Policy, in the Google Product Privacy Guide (including Google Maps), as well as under How Google uses information from sites or apps that use our services and How Google uses cookies. It is also possible to object to personalised advertising.

8.3 Entertainment

We use Vimeo to embed videos in our website. Cookies are also used for this. Vimeo is a service of the US American Vimeo Inc. Further information about the type, scope and purpose of the data processing can be found in the Vimeo privacy FAQs and in the Vimeo Privacy Policy.

8.4 Fonts

We use Google Fonts to embed selected fonts in our website. No cookies are used for this. Google Fonts is a service of the US American Google LLC, which is offered independently of other Google services. Google Ireland Limited in Ireland is responsible for users in the European Economic Area (EEA) and Switzerland. Further information about the type, scope and purpose of the data processing can be found in Google's Privacy and Security Principles and Privacy Policy.

8.5 Performance and Reach Measurement

8.5.1 Google Analytics

We use Google Analytics to analyse how our website is used, including for example measuring the reach of our website and the success of third-party links to our website. This is a service of the US American Google LLC. Google Ireland Limited in Ireland is responsible for users in the European Economic Area (EEA) and Switzerland.

Google also tries to gather data on individual visitors to our website when they use different browsers or devices (cross-device tracking). Cookies are also used for this. Your Internet Protocol (IP) address is required for Google Analytics, but this will not be linked with other Google data.

We always have your Internet Protocol (IP) address anonymised by Google before analysis. As a result, your full IP address will not be sent to Google in the USA as a basic principle.

Further information about the type, scope and purpose of the data processing can be found in Google's Privacy and Security Principles and Privacy Policy, in the Google Product Privacy Guide (including Google Analytics), as well as under How Google uses information from sites or apps that use our services and How Google uses cookies. You can also use the Google Analytics Opt-out Browser Add-on and object to personalised advertising.

8.5.2 Google Tag Manager

We use Google Tag Manager in order to include services for analytics or advertising from Google and third-parties in our website and manage these services. This is a service of the US American Google LLC. Google Ireland Limited in Ireland is responsible for users in the European Economic Area (EEA) and Switzerland. No cookies are used for this, but cookies may be used in connection with the included and managed services. We provide information about the processing of personal data by these services in this Privacy Policy.

8.5.3 Hotjar

We use Hotjar to analyse how our website is used. Hotjar allows the recording of user behaviour on our website, for example with regard to mouse movements and mouse clicks or other input options. Cookies and other technologies may be used for this, in order to gather data on user behaviour and information such as screen size, anonymised Internet Protocol (IP) address and approximate location (country). Hotjar, a service of Hotjar Ltd. in Malta, states that it stores the gathered data in a pseudonymised user profile.

We and Hotjar establish no link to individual visitors to our website. The data gathered is not used to identify individual users, nor is it linked to other data about other individual users. Further information about the type, scope and purpose of the data processing can be found on Hotjar's "Privacy by Design" page, "Cookie Information" page and in Hotjar's Privacy Policy. It is also possible to object to data collection by Hotjar.

8.6 Advertising

8.6.1 Facebook Ads

We use Facebook Ads in order to place targeted advertising on Facebook. Facebook Ads is a service of Facebook Ireland Ltd. in Ireland or the US American Facebook Inc. Facebook Ads also uses cookies.

In particular, our aim with this advertising is to reach persons who are interested in our online content or already use our online content. For this purpose, using in particular the Facebook pixel, we send corresponding information, which may also include personal data, to Facebook (Custom Audiences including Lookalike Audiences). We may also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).

Further information about the type, scope and purpose of the data processing can be found in Facebook's Data Policy. Facebook users can use the ad preferences to control what advertising they see on Facebook and what advertising is displayed to them on Facebook in future.

We use Google Ads (formerly AdWords) in order to place targeted advertising in the Google search engine and elsewhere on the Internet, for example on other websites, inter alia based on search queries. Google Ads is a service of the US American Google LLC. Google Ireland Limited in Ireland is responsible for users in the European Economic Area (EEA) and Switzerland. Google Ads also uses cookies. Google uses various domain names, in particular doubleclick.net, googleadservices.com and googlesyndication.com, for Google Ads.

In particular, our aim with this advertising is to reach persons who are interested in our online content or already use our online content. We may also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).

Further information about the type, scope and purpose of the data processing can be found in Google's Privacy and Security Principles and Privacy Policy, as well as under How Google uses information from sites or apps that use our services and How Google uses cookies. It is also possible to object to personalised advertising.

8.6.3 Instagram Ads

We use Instagram Ads in order to place targeted advertising on Instagram. Instagram Ads is a service of Facebook Ireland Ltd. in Ireland or the US American Facebook Inc. Cookies may also be used for this.

In particular, our aim with this advertising is to reach persons who are interested in our online content or already use our online content. For this purpose, using in particular the Facebook pixel, we send corresponding information, which may also include personal data, to Facebook (Custom Audiences including Lookalike Audiences). We may also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).

Further information about the type, scope and purpose of the data processing can be found in Instagram's Data Policy and Facebook's Data Policy. Users can also check which interests the advertising relates to under the Instagram Ads Interests, and control what advertising is displayed to them using the Facebook ad preferences.

8.6.4 LinkedIn Ads

We use LinkedIn Marketing Solutions in order to place targeted advertising on LinkedIn (LinkedIn Ads). This is a service of LinkedIn Ireland Unlimited Company in Ireland or the US American LinkedIn Corporation. Cookies are also used for this.

In particular, our aim with this advertising is to reach persons who are interested in our online content or already use our online content. For this purpose, using in particular the LinkedIn Insight Tag, we send corresponding information, which may also include personal data, to LinkedIn (retargeting). We may also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking). If you are logged into LinkedIn as a user, LinkedIn can link the use of our online content to your profile.

Further information about the type, scope and purpose of the data processing can be found in LinkedIn's Privacy Policy, Cookie Policy and on LinkedIn's Privacy Hub. It is also possible to object to personalised advertising.

9. Add-ons for the Website

We use Google reCAPTCHA to protect entry forms against bots and spam, while at the same time reliably allowing inputs by persons. Cookies are also used for this. This is a service of the US American Google LLC. Google Ireland Limited in Ireland is responsible for users in the European Economic Area (EEA) and Switzerland. Further information about the type, scope and purpose of the data processing can be found in Google's Privacy and Security Principles and Privacy Policy and under How Google uses cookies.

10. Final Provisions

This data protection declaration is an unofficial translation from the German-language original.

We may amend or add to this Privacy Policy at any time. We shall provide notification of any such amendments or additions in a suitable form, in particular by publishing the current Privacy Policy on our website.