OE Group Logo

Privacy Policy

Introduction

In this Privacy Policy, we explain what personal data we process in connection with our activities and operations, including our website www.oe-group.ch. In particular, we explain why, how, and where we process specific personal data. We also provide information about the rights of individuals whose data we process. Additional privacy policies and other legal documents, such as Terms and Conditions, Terms of Use, or Terms of Participation, may apply to specific or additional activities and services. We are subject to Swiss data protection law as well as any applicable foreign data protection laws, in particular those of the European Union (EU) and the European General Data Protection Regulation (GDPR). In its decision of July 26, 2000, the European Commission recognized that Swiss data protection law ensures an adequate level of data protection. In its report of January 15, 2024, the European Commission confirmed this adequacy decision.

Contact Information

Responsibility for the processing of personal data: OE Group AG Bahnhofstrasse 55 8180 Buelach Switzerland info@oe-group.ch In specific cases, there may be other controllers responsible for processing personal data, or joint controllership with at least one other controller.

Data Protection Representative in the European Economic Area (EEA)

We have appointed the following data protection officer in accordance with Article 27 of the GDPR: VGS Datenschutzpartner GmbH Am Kaiserkai 69 20457 Hamburg Germany info@datenschutzpartner.eu The Data Protection Representative serves as an additional point of contact for data subjects and public authorities in the European Union (EU) and the rest of the European Economic Area (EEA) for inquiries related to the GDPR.

Terms and Legal Basis

Personal data: Any information relating to an identified or identifiable natural person. Sensitive personal data: Data concerning trade union, political, religious, or philosophical views and activities; data concerning health, sexual life, or membership in an ethnic or racial group; genetic data; biometric data that uniquely identifies a natural person; data concerning criminal or administrative sanctions or proceedings; and data concerning social assistance measures. Processing: Any handling of personal data, regardless of the means and methods used, such as retrieving, comparing, adapting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, revealing, sorting, organizing, saving, modifying, disseminating, linking, destroying, and using personal data. Data subject: A natural person whose personal data we process. European Economic Area (EEA): Member states of the European Union (EU), as well as the Principality of Liechtenstein, Iceland, and Norway. Note: The European General Data Protection Regulation (GDPR) refers to the handling of personal data as the processing of personal data and the handling of sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR). We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO). We process personal data to the extent that the General Data Protection Regulation (GDPR) applies in accordance with at least one of the following legal bases: Article 6(1)(b) of the GDPR for the processing of personal data necessary for the performance of a contract with the data subject and for the implementation of pre-contractual measures. Art. 6(1)(f) GDPR for the necessary processing of personal data to safeguard our legitimate interests or those of third parties, provided that the fundamental freedoms and rights as well as the interests of the data subject do not take precedence. Legitimate interests include, in particular, our interest in being able to conduct our activities and operations in a sustainable, user-friendly, secure, and reliable manner and to communicate about them, ensuring information security, protecting against misuse, enforcing our own legal claims, and complying with Swiss law. Art. 6(1)(c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under the applicable law of Member States in the European Economic Area (EEA). Art. 6(1)(e) GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest. Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject. Art. 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.

Nature, Scope, and Purpose

We process the personal data necessary to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. Such personal data may include, in particular, the following categories: account and contact information, browser and device data, content data, metadata and ancillary data, usage data, location data, sales data, and contract and payment data. We process personal data for as long as is necessary for the specific purpose or purposes or as required by law. Personal data that is no longer needed for processing is anonymized or deleted. We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties include, in particular, specialized service providers whose services we use. We ensure that data protection is maintained even when such third parties are involved. We generally process personal data only with the consent of the individuals concerned. If and to the extent that processing is permitted for other legal reasons, we may refrain from obtaining consent. For example, we may process personal data without consent in order to fulfill a contract, to comply with legal obligations, or to protect legitimate interests. We also process personal data that we receive from third parties, obtain from publicly available sources, or collect in the course of our activities and operations, provided that such processing is permitted by law.

Communication

We process personal data in order to communicate with third parties. In this context, we process, in particular, data that a data subject provides when contacting us, for example by mail or email. We may store such data in an address book or using similar tools. Third parties who transmit data about other individuals are required to ensure data protection for those individuals. To this end, they must, among other things, ensure the accuracy of the personal data transmitted. We use selected services from reputable providers to improve our communication with third parties. In particular, we use: bexio (Customer Relationship Management, bexio AG, Switzerland); Jira Service Management (Customer service, Atlassian Pty Ltd / Atlassian Inc.); Microsoft Forms (Online form service, Microsoft); Typeform (Online form service, TYPEFORM SL, Spain).

Applications

We process personal data about applicants to the extent necessary to assess their suitability for employment or for the subsequent performance of an employment contract. The required personal data is derived in particular from the information requested, for example in connection with a job posting. We may post job openings through appropriate third parties, such as in electronic and print media or on job portals and recruitment platforms. We also process personal data that applicants voluntarily provide or make public, particularly as part of cover letters, resumes, and other application materials, as well as online profiles. We process personal data relating to applicants to the extent that the General Data Protection Regulation (GDPR) applies in particular in accordance with Article 9(2)(b) of the GDPR. We allow applicants to submit their information to our talent pool so that we can consider them for future job openings. We may also use this information to stay in touch and provide updates. If we believe an applicant is a good fit for an open position based on the information provided, we may contact the applicant to let them know.

Data Security

We implement appropriate technical and organizational measures to ensure data security commensurate with the respective risk. Through these measures, we ensure, in particular, the confidentiality, availability, traceability, and integrity of the personal data we process; however, we cannot guarantee absolute data security. Access to our website and other online platforms is secured using transport encryption (SSL/TLS, specifically the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers issue a warning before visiting websites that do not use transport encryption. Our digital communications - like all digital communications - are subject to mass surveillance without cause or suspicion by security agencies in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence over how personal data is processed by intelligence agencies, police departments, and other security agencies. We also cannot rule out the possibility that certain individuals are being specifically monitored.

Personal Data Abroad

We generally process personal data in Switzerland and within the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular to process it there or have it processed there. We may transfer personal data to any country or territory in the world, provided that the local laws ensure an adequate level of data protection in accordance with a decision by the Swiss Federal Council and, where and to the extent that the General Data Protection Regulation (GDPR) applies, also in accordance with a decision by the European Commission. We may transfer personal data to countries whose laws do not provide adequate data protection, provided that data protection is ensured by other means, in particular through standard data protection clauses or other appropriate safeguards. In exceptional cases, we may transfer personal data to countries without adequate or appropriate data protection if the specific legal requirements for data protection are met, such as the explicit consent of the data subjects or a direct connection to the conclusion or performance of a contract. Upon request, we are happy to provide data subjects with information about any safeguards in place or to provide a copy of such safeguards.

Rights of Data Subjects

We grant data subjects all rights provided for under applicable data protection law. In particular, data subjects have the following rights: Right of access: Data subjects may request information regarding whether we process personal data about them and, if so, what personal data is involved. Data subjects will also receive the information necessary to exercise their data protection rights and ensure transparency. This includes the personal data being processed as such, as well as information regarding the purpose of processing, the retention period, any disclosure or export of data to other countries, and the origin of the personal data. Correction and restriction: Data subjects may have inaccurate personal data corrected, incomplete data supplemented, and the processing of their data restricted. Deletion and Objection: Data subjects may request the deletion of their personal data ('right to be forgotten') and object to the processing of their data with effect for the future. Data Disclosure and Data Transfer: Data subjects may request the disclosure of their personal data or the transfer of their data to another controller. We may defer, restrict, or deny the exercise of data subjects' rights to the extent permitted by law. We may inform data subjects of any conditions that must be met for them to exercise their data protection rights. For example, we may refuse to provide information in whole or in part, citing trade secrets or the protection of other individuals. For example, we may also refuse to delete personal data, in whole or in part, citing legal retention requirements. In exceptional cases, we may charge a fee for the exercise of these rights. We will inform the individuals concerned in advance of any such fees. We are required to take reasonable steps to verify the identity of data subjects who request information or exercise other rights. Data subjects are required to cooperate. Data subjects have the right to enforce their data protection rights through legal action or to file a complaint with a data protection supervisory authority. The data protection supervisory authority for private data controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). European data protection supervisory authorities, where and to the extent that the General Data Protection Regulation (GDPR) applies, are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities have a federal structure, particularly in Germany.

Cookies

We may use cookies. Cookies, including our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies), are data stored in the browser. Such stored data is not necessarily limited to traditional text-based cookies. Cookies can be stored temporarily in the browser as "session cookies" or for a specific period of time as so-called "persistent cookies." "Session cookies" are automatically deleted when the browser is closed. Persistent cookies have a specific storage period. In particular, cookies enable us to recognize a browser the next time it visits our website and, for example, to measure the reach of our website. However, persistent cookies can also be used for online marketing, for example. Cookies can be disabled entirely or partially, or deleted, at any time in your browser settings. Without cookies, our website may not be fully functional. We actively seek your explicit consent to the use of cookies, at least to the extent necessary. For cookies used to measure performance and reach or for advertising purposes, many services offer a general opt-out option through AdChoices, the Network Advertising Initiative (NAI), YourAdChoices, or Your Online Choices (EDAA).

Logging

For every visit to our website and other online presence, we may log at least the following information, provided that it is transmitted to our digital infrastructure during such visits: date and time (including time zone), IP address, access status (HTTP status code), operating system (including user interface and version), browser (including language and version), the specific subpage of our website that was accessed, including the amount of data transferred, and the last webpage accessed in the same browser window (referrer). We record such information, which may also constitute personal data, in log files. This information is necessary to ensure that our website remains available, user-friendly, and reliable. It is also necessary to ensure data security, including through third parties or with the assistance of third parties.

Notifications and Announcements

We send notifications and messages via email and other communication channels, such as instant messaging or text messages. Notifications and messages may contain web links or tracking pixels that track whether a specific message has been opened and which web links were clicked. Such web links and tracking pixels may also track the use of notifications and messages on an individual basis. We require this statistical tracking of usage to measure effectiveness and reach, to send notifications and messages in a way that is effective and user-friendly, as well as sustainable, secure, and reliable, based on the recipients' needs and reading habits. You must generally consent to the use of your email address and other contact information, unless such use is permitted for other legal reasons. We may use the "double opt-in" procedure to obtain double-confirmed consent, if necessary. We may log the consents obtained, including IP addresses and timestamps, for evidentiary and security purposes. You may, in principle, opt out of receiving notifications and communications, such as newsletters, at any time. By opting out, you may also object to the collection of usage data for the purpose of measuring performance and reach. This does not apply to necessary notifications and communications related to our activities and operations. We send notifications and messages through specialized service providers. In particular, we use: ActiveCampaign (marketing automation / email marketing, ActiveCampaign LLC, USA); Twilio (communications platform, Twilio Inc., USA / Twilio Ireland Limited, Ireland).

Social Media

We maintain a presence on social media and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with these platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA). The General Terms and Conditions, Terms of Use, privacy policies, and other provisions of the individual operators of such platforms also apply in each case. These provisions provide information, in particular, about the rights of data subjects directly vis-a-vis the respective platform, including, for example, the right of access. For our social media presence on Facebook, including the so-called Page Insights, we are, insofar as and to the extent that the General Data Protection Regulation (GDPR) applies, jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies operating, among other places, in the USA. Users of social media platforms can log in to or register for our online service using their respective user accounts ('Social Login'). The terms and conditions of the relevant social media platforms apply.

Third-Party Services

We use services provided by specialized third parties to ensure that our operations and activities are sustainable, user-friendly, secure, and reliable. These services allow us, among other things, to embed features and content into our website. When such embedding occurs, the services used collect users' IP addresses, at least temporarily, for technical reasons. For necessary security, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. In particular, we use: Google services (Google LLC / Google Ireland Limited); Microsoft services (Microsoft Ireland Operations Limited / Microsoft Corporation).

Digital Infrastructure

We use services provided by specialized third parties to access the digital infrastructure required for our activities and operations. These include, for example, hosting and storage services from selected providers. In particular, we use: Hostfactory (Hosting, OptimaNet Schweiz AG, Switzerland).

Automation, Scheduling, and Collaboration

We use specialized platforms to integrate and connect existing third-party apps and services. In particular, we use: Zapier (Zapier Inc., USA). We use services provided by specialized third parties to enable online scheduling. In particular, we use: Calendly (Calendly LLC, USA); Microsoft Bookings (Microsoft). We use specialized audio and video conferencing services to communicate online. In particular, we use: Zoom (Zoom Video Communications Inc., USA); Microsoft Teams (Microsoft).

Maps, Media, and Documents

We use third-party services to embed maps on our website. In particular, we use: Google Maps (Google). We use services provided by specialized third parties to enable the direct playback of digital audio and video content. In particular, we use: Vimeo (Vimeo Inc., USA); YouTube (Google). We use third-party services to embed documents on our website. In particular, we use: Canva (Canva Pty Ltd, Australia); Microsoft 365 (Microsoft). We use third-party services to embed selected fonts, icons, logos, and symbols on our website. In particular, we use: Font Awesome (Fonticons Inc., USA).

E-Commerce and Payments

We operate an e-commerce business and use third-party services to successfully offer services, content, or goods. In particular, we use: Shopify (Shopify Inc. / Shopify International Limited, Ireland). We use specialized service providers to process our customers' payments securely and reliably. In addition, the legal terms and conditions of the individual service providers apply to the processing of payments. In particular, we use: Klarna (Klarna Bank AB, Sweden); Stripe (Stripe Inc., USA / Stripe Payments Europe Limited, Ireland); TWINT (TWINT AG, Switzerland); Worldline (Worldline SA, France / Worldline Schweiz AG, Switzerland).

Advertisement

We take advantage of the opportunity to display targeted advertisements for our activities and services on third-party platforms, such as social media platforms and search engines. We use this type of advertising specifically to reach people who are already interested in our activities and services or who might be interested in them (remarketing and targeting). To this end, we may share relevant information, including where applicable personal data, with third parties that enable such advertising. We can also determine whether our advertising is effective, specifically whether it leads to visits to our website (conversion tracking). Third parties with whom we advertise and with whom you are registered as a user may, in some cases, associate your use of our website with your profile on their platform. In particular, we use: Google Ads (Google); LinkedIn Ads (LinkedIn Corporation / LinkedIn Ireland Unlimited Company); Meta Ads (Meta Platforms Ireland Limited); Snapchat Ads (Snap Inc., USA); TikTok Ads (TikTok Information Technologies UK Limited / TikTok Technology Limited, Ireland).

Measuring Success and Reach

We try to determine how our online offering is used. In this context, we may, for example, measure the success and reach of our activities, as well as the effect of third-party links to our website. We may also test and compare how different parts or versions of our online offering are used (A/B testing). Based on the results, we can fix errors, strengthen popular content, or make improvements to our online offering. In most cases, the IP addresses of individual users are stored for the purpose of measuring success and reach. In such cases, IP addresses are always truncated ("IP masking") to comply with the principle of data minimization through appropriate pseudonymization. Cookies may be used, and user profiles may be created, when measuring success and reach. Any user profiles created are created exclusively in pseudonymized form and are not used to identify individual users. In particular, we use: Google Marketing Platform including Google Analytics (Google); Google Tag Manager (Google); Google reCAPTCHA (Google).

Video Surveillance

We use video surveillance to prevent criminal offences, to secure evidence in the event of criminal offences, to exercise and assert our own legal claims, to defend against third-party legal claims, and to exercise our domestic authority. Where and insofar as the General Data Protection Regulation (GDPR) applies, these constitute overriding legitimate interests pursuant to Art. 6(1)(f) GDPR, and, in the case of particularly sensitive personal data, with reference to Art. 9(2)(f) GDPR. We retain recordings from our video surveillance system for as long as they are necessary for the preservation of evidence or for any other specified purpose. As a rule, the recordings are deleted or overwritten after 96 hours. We may back up recordings from our video surveillance system and transmit them to the relevant authorities, such as courts or law enforcement agencies, provided that such transmission is necessary for a specified purpose, in our other legitimate and overriding interests, or to comply with legal obligations.

Final Provisions

We may amend or supplement this Privacy Policy at any time. We will notify you of such amendments or supplements in an appropriate manner, in particular by publishing the most current version of the Privacy Policy on our website. Translation for convenience, German version prevails.

Datenschutzerklärung | OE Group