Privacy Policy of
Balmer-Etienne AG
In this Privacy Policy we inform you about how we, Balmer-Etienne AG (hereinafter also "we" and "us") collect and process your personal data (hereinafter also referred to as "data" or "personal data").
If you provide us with personal data of other persons (e.g. employee data), we assume that you are authorised to do so and that the data is accurate. By transmitting data about other persons, you confirm this. Please ensure that the other persons are informed about this Privacy Policy.
We are committed to handling your personal data responsibly. This is important to us. Insofar as we (or third parties on our behalf) collect and process personal data, we comply with the requirements of the Swiss Data Protection Act. In addition, we also comply with the requirements of the European General Data Protection Regulation (GDPR) insofar as we are legally or contractually obliged to do so. However, whether and to what extent these laws are applicable depends on the individual case.
You receive information in this Privacy Policy, in particular:
- How to contact us if you have any questions.
- Which of your personal data we collect and process and for what purpose.
- The legal bases we rely on for processing.
- To whom we disclose your personal data.
- How we protect your data.
- Which cookies/tracking and other technologies we use.
- How long we process your personal data.
- What rights you have with regard to your personal data.
- Which Privacy Policy applies in each case.
1. Our contact details
Balmer-Etienne AG is responsible under applicable data protection law for data processing in accordance with this Privacy Policy. If you have any questions about this Privacy Policy, our use of your data or your respective rights, please contact us at:
Balmer-Etienne AG
Kauffmannweg 4
CH-6003 Lucerne / Switzerland
E-Mail: datenschutz@balmer-etienne.ch
2. Which data we collect and for what purpose
2.1. Visiting the website (creation of log files) and other electronic offers
Each time our website is visited, the web server automatically collects data and information from the computer system of the accessing computer. This includes, in particular, information about the browser type and version used, the user's operating system, the user's Internet service provider, the referrer URL (websites from which the user's system accesses our website), websites that are accessed by the user's system via our website, as well as the user's IP address, access date and time and the client's file request (file name and URL). This data is stored in the log files of our system (or by third parties) together with other data and is only collected for the purpose of statistical analysis.
When you use other electronic services, such as our Wi-Fi network, we collect certain technical data. The technical data also includes the logs in which we record the use of our systems (log data). In some cases, we may also assign a unique identification number (an ID) to your end device (tablet, PC, smartphone, etc.).
We use this data to ensure the smooth connection, the convenient use of our website and other electronic offers, the evaluation of system security and stability and for other administrative purposes. This data generally does not allow us to draw any conclusions about your identity. However, in the context of user accounts or registrations, it can be linked to other data categories and thus possibly to your person.
2.2. Marketing and newsletter, registration for events
We may use your name and postal or e-mail address(es) to provide our services and to send you newsletters, event information/invitations, publications and the like. Newsletters are sent via our software partner Mailchimp, which is located in the USA. Information on Mailchimp's data protection can be found here. By registering, you agree that we may transfer your data to our software partner, that we may track your opening and clicking behaviour and that we may contact you directly in individual cases. If required by law, we will obtain your prior consent for this, unless we have received your contact details as part of our services and you have not expressly refused to receive such marketing information. If you no longer wish to receive such mailings from us, you can unsubscribe at any time using the contact details provided. There is also an unsubscribe link at the end of each e-mail.
On the website, you also have the option of registering online for our events using our registration form by entering your details. When you register, the data you enter in the input mask will be transmitted to us and stored. By registering, you agree that we may process this data as well as the content of discussions and audio and video recordings made during the event, that we may track your click and opening behaviour and that we may also make excerpts of the data available to third parties (e.g. photos on social media). You also confirm that you have read and understood our Privacy Policy.
Insofar as we refer to third-party websites in publications, event information/invitations etc. and you visit these websites, the corresponding data protection declarations of the respective website operators apply. We have no influence on this.
2.3. Contact by e-mail and other communication channels
We offer you the possibility of contacting us via the e-mail address(es) posted on our website and via other digital communication channels (e.g. LinkedIn, TeamViewer). In this case, we store the transmitted data.
Some digital communication channels are operated by companies based in the USA (e.g. LinkedIn, TeamViewer). Information on the data protection of these communication channels can be found here and here. By using these digital communication channels, you agree that your data may be transferred to other countries, including the USA, that your opening and clicking behaviour may be tracked and that we may contact you directly. You can revoke your consent to the use of the selected digital communication channel at any time. To do so, please contact us using the contact details provided.
Some digital communication traffic (e.g. email, LinkedIn, TeamViewer, etc.) is unencrypted and unsecured. The risk remains with you.
2.4. Contact forms
On our website, we offer you the opportunity to get in touch with us and our experts. This enables us to contact you and deal with your enquiry. The data you enter in this input mask(s) will be transmitted to us and stored. By sending the contact form, you agree that we process your data. You also confirm that you have read and understood our Privacy Policy.
2.5. Job Applications
Our job vacancies are posted on our website and/or on external portals (incl. print media) and platforms. Your online application, unsolicited application and job mail subscription are made via the tool of our software partner Refline AG, Baar/Switzerland. The online application portal has a separate privacy policy. For the application process via external portals or platforms, the respective separate privacy policy applies. In all other cases, this Privacy Policy applies.
2.6. In the context of business relationships
We process your data that we receive in the course of our business relationship with you, our customers in general, other business partners and other persons involved. This includes the following data, in particular:
- contact details such as title, first name, surname, gender, address, e-mail address, telephone number and other contact details;
- personal information such as date of birth, nationality, marital status, profession, title, job description, passport/ID number, AHV number, family circumstances;
- communication data such as exchanged communication content from e-mails, other written correspondence, telephone conversations, video conferences, etc. and information about the type, time and place of communication. This also includes image and audio recordings of (video) telephone calls;
- financial information such as data on bank details, investments or shareholdings;
- mandate data (service-dependent) such as tax information, business data (articles of association, minutes of contracts, etc.), employee data (e.g. salary, social insurance), accounting data, audit data;
- this data may also include particularly sensitive data such as data on health, religious beliefs or social assistance measures, especially if we provide services in the area of payroll processing or accounting.
Where permitted, we also obtain data from publicly accessible sources (e.g. commercial register, media, internet, social media, etc.). In addition to data that you provide to us directly, this includes data that we receive about you from third parties (authorities, address dealers, credit agencies, other third parties), in particular information from registers, in connection with official and court proceedings, in connection with your professional functions and activities, information about you in correspondence and meetings with third parties, information that people from your environment (e.g. family, advisors, legal representatives, employers) provide to us so that we can conclude contracts with or under the supervision of third parties (e.g. family, advisors, legal representatives, employers) so that we can conclude or process contracts with or involving you (e.g. references, powers of attorney), your address and, if applicable, interests and other socio-demographic data (for marketing).
2.7. Other purposes
Another purpose of processing data is to safeguard other legitimate interests. These cannot be named explicitly. They depend on the individual case.
3. Legal basis of data processing
3.1. Within the scope of our services and for the fulfilment of contractual obligations
Data is processed for the purpose of providing our services to our customers, including pre-contractual measures and post-contractual support (consulting, fiduciary services, auditing). The data collected in this way is used for the entire processing of our services, including any subsequent warranty claims, technical administration, etc. Further details on the purposes of data processing can be found in the relevant contractual documents and terms and conditions.
3.2 Within the framework of the balancing of interests
Where necessary and permissible, we process your data beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. This includes:
- consultation of and data exchange with information centres and other third parties (e.g. debt collection register);
- examination and optimisation of procedures for needs analysis for the purpose of direct customer contact and collection of personal data from publicly accessible sources for the purpose of customer acquisition;
- advertising or market and opinion research, unless you have objected to the use of your data;
- assertion of legal claims and defence in legal disputes;
- examination of possible conflicts of interest;
- risk management;
- ensuring IT security and IT operations;
- prevention and investigation of criminal offences;
- measures for business management and further development of services and products as well as the website;
- purchase and sale of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of data as well as measures for business management.
3.3. Based on your consent
If you have given us your consent to process data for specific purposes, the lawfulness of this processing is based on your consent. Any consent given can be revoked at any time. The revocation of consent does not affect the lawfulness of the data processed until the time of revocation.
3.4. Due to legal requirements, other binding regulations or in the public interest
In addition, we are subject to various legal obligations and other binding regulations in connection with which we must process your data (e.g. obligations as auditors, fiscal representatives, last will executors).
4. Data transfer and transmission abroad
We only disclose your data to third parties within the scope of our business activities and for the purposes described in this Privacy Policy if we are obliged to do so by law, court order or official regulations, if the disclosure is necessary for the assertion, exercise or defence of legal claims or for the performance of contracts and business activities or on the basis of your consent. These third parties include in particular the following categories of recipients:
- contractors such as providers, service providers for evaluating the benefits of the website (marketing purposes), service providers for IT services (data management, data storage, technical support; newsletter dispatch, etc.), service providers in the areas of recruitment, talent management, HR or other services;
- external business partners (e.g. suppliers, banks, debt collection companies) and experts in connection with the contractual service;
- competitors, industry organisations, associations, organisations and other bodies;
- media;
- domestic and foreign authorities, official bodies or courts;
- other parties in potential and actual legal proceedings.
We process personal data not only in Switzerland. Your data may be processed both in the European Union/EEA and in any country in the world (including the USA). If the level of data protection in the country, where the processing third party is located, is deemed inappropriate for Swiss conditions or within the meaning of the GDPR (including the USA), we provide suitable data protection through appropriate guarantees (e.g. standard contractual clauses), unless there is a legal exception (e.g. your consent), the recipient is already subject to a legally recognised set of binding international agreements/rules (e.g. CH-USA Data Privacy Framework) to ensure data protection or we can rely on an exemption provision. Such contractual precautions (guarantees) partially compensate for weaker or missing legal protection, but not all risks can be completely excluded (e.g. from government access abroad).
Please also note that data exchanged via the Internet is often routed via third countries. Your data may therefore be sent abroad even if the sender and recipient are located in the same country.
5. Data security
We use appropriate technical and organisational measures in the systems to protect your data held by us against loss, destruction, alteration and unauthorised access by third parties.
Security measures of a technical nature include, for example, encryption (including login data) and pseudonymisation of data, logging, access restrictions and the storage of backup copies.
We also take our own internal data protection very seriously. Our employees and the service companies we commission are obliged to maintain confidentiality and to comply with the provisions of applicable data protection laws. Our contractors are also obliged to take appropriate technical and organisational security measures to protect the data. Furthermore, they are only granted access to personal data to the extent necessary.
Our security measures are continuously adapted in line with technological developments. However, absolute protection cannot be guaranteed.
6. Cookies/tracking and other technologies
6.1. Use of cookies and pixels
Our website uses cookies and pixels (together cookies). Our interest in optimising our website is, therefore, justified. Cookies are text files that are stored in the Internet browser or by the Internet browser on your computer system. Pixels are small graphics that enable log file recording and log file analysis. The use of cookies serves to make the use of our website more pleasant for you.
We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site. In addition, we also use temporary cookies for the purpose of user-friendliness, which are stored on your end device for a specified period of time. If you visit our website again to make use of our services, it is automatically recognised that you have already visited us and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you and, if necessary, to display information specifically tailored to you (online marketing). These cookies are automatically deleted after a defined period of time.
The data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible for us to assign the data to the accessing user. The data is not stored together with other data. When you visit our website for the first time, you will be informed by an info banner about the use of cookies for analysis purposes and referred to this Privacy Policy (info). In this context, you will also be informed about how to prevent the storage of cookies (settings). If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
6.2. Analytics
We use Google Marketing Platform on our website, a web analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd (Google Building Gordon House, Barrow St, Dublin 4, Ireland); both together "Google", whereby Google Ireland Ltd. is our data processor. Google Marketing Platform uses cookies (text files) and similar technologies to collect certain information about the behaviour of individual users on or in the relevant website and the end device used (tablet, PC, smartphone, etc.) and thus to enable the analysis of the use of the website.
The information generated by these performance cookies about the use of the website (incl. IP address) is transmitted to Google's server in the USA and stored there. We have configured the services so that the IP addresses of users of Google's websites within Europe are shortened before being forwarded to the USA so that they cannot be traced back. We have switched off the settings "Data transfer" and "Signals".
Google provides us with reports and in this sense can be regarded as our data processor. However, Google also processes certain data for its own purposes. Google may be able to draw conclusions about the identity of website visitors based on the data collected and therefore create personal profiles and link the data obtained to any existing user accounts of these persons. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. If you consent to the use of Google, you explicitly consent to such processing, which also includes the transfer of personal data to the USA and other countries. You can find more information on data protection from Google Marketing Platform here.
6.3. Google Maps
We use the Google Maps product from Google Inc. on our website. By using this website, you consent to the collection, processing and use of the automatically collected data by Google Inc, its representatives and third parties. You can find the terms of use of Google Maps here.
6.4. Social Media
We use so-called plug-ins from social networks such as LinkedIn on our website. The corresponding buttons/symbols are visible on our website. These elements are configured so that they are deactivated by default. By clicking on the buttons/symbols, the respective operators of the social networks can register that you are on our website, where you are located and use this information for their own purposes. The processing of your data is the responsibility of the respective operator in accordance with their privacy policy. We do not receive any information about you from them.
If you communicate with us via such social networks or comment on or disseminate content from us, we collect the corresponding data and process it in accordance with our Privacy Policy.
When you visit our social media sites, data (e.g. on your user behaviour) may also be transmitted directly to the relevant provider or collected by them and processed together with other data already known to them (e.g. for marketing and market research purposes and to personalise platform content). Further information on data processing by social network providers, the countries in which they process your data and your rights can be found in the privacy policies of the relevant social networks.
7. Duration of the processing of your personal data
We only process your data for as long as it is necessary for the respective purpose and the fulfilment of our contractual and legal obligations, including statutory retention periods (usually 10 years), or if you have given us your consent to do so. We continue to process your data as long as we have a legitimate interest in storing it. This may be the case in particular if we need personal data to enforce or defend against claims, for archiving purposes and to ensure IT security.
8. Your rights
You have several choices when using this website. You can choose not to provide any data at all by not filling in any relevant forms or data fields on our website, blocking cookies and not using any of the personalised services available.
If you choose to provide personal data or provide it to us as part of our business relationship, you have the right of information, rectification, deletion, restriction of data processing, revocation of your consent and, if applicable, the right to data portability and objection under certain circumstances and insofar as this is provided for by applicable law. Your rights are not absolute. We reserve the right to assert the restrictions provided for by law. We will inform you accordingly.
If you wish to assert rights against us, please enclose a corresponding identification of your person.
Every data subject also has the right to enforce his/her claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).
9. Subject to change
This Privacy Policy is not part of any contract with you. We reserve the right to change or amend this Privacy Policy at any time, in particular if we change our data processing or if new legal provisions become applicable. The version published on this website is the current version; previous versions will be replaced by the new version.
This Privacy Policy is available and drawn up in German and English. In case of contradictions, the German version is the binding version and prevails over the English version.
Last update: 30 August 2023