We are pleased about your visit to our website hitso.ch and your interest in our company.
Protecting your personal data, such as date of birth, name, phone number, address, etc., is an important concern for us.
The purpose of this privacy policy is to inform you about the processing of your personal data that we collect when you visit our website. Our privacy practices are in accordance with the legal regulations of the Federal Act on Data Protection (FADP) of Switzerland and the General Data Protection Regulation (GDPR) of the EU. The following privacy policy serves to fulfill the information obligations from the FADP and the GDPR. These can be found, for example, in Art. 19 ff. FADP as well as Art. 13 ff. of the GDPR.
Owner or Responsible Party
The responsible party within the meaning of Art. 5 Bst. j FADP or Art. 4 No. 7 GDPR is the entity that decides, alone or jointly with others, on the purposes and means of processing personal data. The responsible party according to Art. 4 No. 7 GDPR also includes the recipient of the personal data within the meaning of Art. 4 No. 9 GDPR. Any third-party recipient will be identified separately.
In relation to our website, the owner or responsible party is:
Helvetic IT Solution GmbH
Chamerstrasse 172
6300 Zug
Switzerland
E-Mail: info@hitso.ch
Tel.: +41 41 20 333 80
Contact details of the data protection officer (FADP) or the data protection supervisor (GDPR)
We have appointed a data protection advisor according to Art. 10 FADP. This person also meets the requirements of a data protection officer according to Art. 37 GDPR. You can contact this person at the following contact details:
Adrian Komani
Chamerstrasse 172
6300 Zug
Switzerland
E-Mail: adrian.komani@hitso.ch
Tel.: +41 41 203 33 81
Website: http://hitso.ch/
Website Provision and Creation of Log Files
Each time our website is accessed, our system automatically collects data and information from the accessing device (e.g., computer, mobile phone, tablet, etc.).
Which personal data are collected and to what extent are they processed?
(1) Information about the browser type and the version used;
(2) The operating system of the accessing device;
(3) Hostname of the accessing computer;
(4) The IP address of the accessing device;
(5) Date and time of access;
(6) Websites and resources (images, files, other page content) accessed on our website;
(7) Websites from which the user’s system reached our website (referrer tracking);
(8) Notification of whether the retrieval was successful;
(9) Amount of data transferred
This data is stored in the log files of our system. Storage of this data together with other personal data of a specific user does not take place, so that identification of individual site visitors does not occur.
Legal basis for the processing of personal data
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Para. 2 FADP or Art. 2 CC) as well as Art. 6 Para. 1 lit. f GDPR (legitimate interest).
Purpose of data processing
The temporary (automated) storage of data is necessary for the course of a website visit to enable delivery of the website. The storage and processing of personal data also take place to maintain the compatibility of our website for as many visitors as possible and to prevent misuse and eliminate malfunctions. For this purpose, it is necessary to log the technical data of the accessing computer to respond as quickly as possible to display errors, attacks on our IT systems, and/or functionality errors on our website. In addition, the data serves us to optimize the website and to ensure the general security of our information technology systems.
Duration of storage
The deletion of the aforementioned technical data takes place as soon as it is no longer needed to ensure the compatibility of the website for all visitors, but at the latest 3 months after accessing our website.
Restriction, objection, correction, and deletion options
You can request the restriction of processing according to Art. 18 GDPR at any time or object to processing according to Art. 21 GDPR, as well as request correction or deletion of data according to Art. 16 or 17 GDPR. Which rights you are entitled to and how you can assert them can be found in the lower section of this privacy policy.
Special Functions of the Website
Our site offers you various functions, during the use of which we collect, process, and store personal data. Below we explain what happens with these data:
Order Form
Which personal data are collected and to what extent are they processed?
The data you enter into the form fields, such as address, name, first name, etc., are processed by us for the purpose mentioned below.
Legal basis for the processing of personal data
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Para. 2 FADP or Art. 2 CC) as well as Art. 6 Para. 1 Bst. b GDPR (execution of (pre)contractual measures).
Purpose of data processing
The purpose of data processing is to process your order so that we can fulfill or initiate the contract concluded with you.
Duration of storage
The deletion of the data takes place as soon as it is no longer needed for processing the order and there are no legal retention obligations. Usually, the legislator provides for a retention obligation of 10 years.
Objection, processing, correction, and deletion options
You can restrict processing according to Art. 18 GDPR at any time, object to processing according to Art. 21 GDPR, and request correction or deletion of data according to Art. 16 or 17 GDPR. Which rights you are entitled to and how you can assert them can be found in the lower section of this privacy policy.
Necessity of providing personal data
The information in the order form is necessary for the conclusion of a contract. If you do not fill in the required fields completely, the order you desire cannot be executed.
Application Form
Which personal data are collected and to what extent are they processed?
The data you enter into the form fields of the application form and possibly upload are processed for the purpose mentioned below.
Legal basis for the processing of personal data
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Para. 2 FADP or Art. 2 CC) as well as Art. 6 Para. 1 lit. b GDPR (execution of (pre)contractual measures).
Purpose of data processing
The purpose of data processing lies in the examination and processing of the application documents you uploaded via the form.
Duration of storage
The deletion of the data takes place as soon as the application has been processed and there is no legitimate interest in storing the application data. Therefore, if an employment relationship does not materialize, your application documents will be deleted after a maximum of 6 months.
Objection, processing, correction, and deletion options
You can restrict processing according to Art. 18 GDPR at any time, object to processing according to Art. 21 GDPR, and request correction or deletion of data according to Art. 16 or 17 GDPR. Which rights you are entitled to and how you can assert them can be found in the lower section of this privacy policy.
Necessity of providing personal data
The information in the application form is necessary for sending and processing the application. If you do not fill in the required fields completely, your desired application cannot be sent or processed.
Rating Function
Scope of processing personal data
The data you enter into the fields of our rating form will be processed by us for the purpose mentioned below.
Legal basis for the processing of personal data
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Para. 2 FADP or Art. 2 CC) as well as Art. 6 Para. 1 lit. a GDPR (consent through a clear affirmative action or behavior).
Purpose of data processing
Acceptance and publication of your rating on our website – and if you explicitly consent – also on the internet platforms of our rating service providers.
Duration of storage
Your rating will be stored and published indefinitely. We reserve the right to delete without giving reasons and without prior or subsequent information.
Objection, processing, correction, and deletion options
You can restrict processing according to Art. 18 GDPR at any time, object to processing according to Art. 21 GDPR, and request correction or deletion of data according to Art. 16 or 17 GDPR. Which rights you are entitled to and how you can assert them can be found in the lower section of this privacy policy.
Necessity of providing personal data
Providing information in the rating function is voluntary. If you do not fill in the required fields completely, your desired rating cannot be published on our platform.
Booking Inquiry Form
Scope of processing personal data
The data you enter into our booking inquiry form (date, number of persons, etc.) will be processed by us for the following purpose.
Legal basis for the processing of personal data
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Para. 2 FADP or Art. 2 CC) as well as Art. 6 Para. 1 lit. b GDPR (execution of (pre)contractual measures).
Purpose of data processing
A pre-contractual exchange of information is necessary to check your booking so that we can prepare for a possible later conclusion of the contract.
Duration of storage
The deletion of the data takes place as soon as it is no longer needed for processing the booking and there are no legal retention obligations.
Objection, processing, correction, and deletion options
You can restrict processing according to Art. 18 GDPR at any time, object to processing according to Art. 21 GDPR, and request correction or deletion of data according to Art. 16 or 17 GDPR. Which rights you are entitled to and how you can assert them can be found in the lower section of this privacy policy.
Necessity of providing personal data
The information in the booking inquiry form is required to process your booking properly. If you do not fill in the required fields completely, your desired booking inquiry cannot be processed by us.
Callback Service
Which personal data are collected and to what extent are they processed?
The data you enter into our call-back form, such as phone number and name, will be processed by us for the following purpose.
Legal basis for the processing of personal data
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Para. 2 FADP or Art. 2 CC) as well as Art. 6 Para. 1 lit. a GDPR (consent through a clear affirmative action or behavior).
Purpose of data processing
Provision and execution of the callback service, fulfillment of the callback request.
Duration of storage
The deletion of the data takes place as soon as it is no longer required for processing your callback request.
Objection, processing, correction, and deletion options
You can restrict processing according to Art. 18 GDPR at any time, object to processing according to Art. 21 GDPR, and request correction or deletion of data according to Art. 16 or 17 GDPR. Which rights you are entitled to and how you can assert them can be found in the lower section of this privacy policy.
Necessity of providing personal data
The information in the callback form is not legally required. If you do not fill in the required fields completely, your desired callback request cannot be processed by us.
Comment Function
Which personal data are collected and to what extent are they processed?
The personal data you leave in your comment, such as the content of your comment, your name or pseudonym, your email address, etc.
Legal basis for the processing of personal data
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Para. 2 FADP or Art. 2 CC) as well as Art. 6 Para. 1 lit. a GDPR (consent through a clear affirmative action or behavior).
Purpose of data processing
Acceptance and publication of your comment on our website.
Duration of storage
Your comment will be stored and published indefinitely. We reserve the right to delete without giving reasons and without prior or subsequent information.
Restriction, objection, correction, and deletion options
You can delete your own comments yourself. If this does not work, you can have them deleted by us at any time. Please contact us for this purpose.
You can request the restriction of processing according to Art. 18 GDPR at any time, object to processing according to Art. 21 GDPR, and request correction or deletion of data according to Art. 16 or 17 GDPR. Which rights you are entitled to and how you can assert them can be found in the lower section of this privacy policy.
Necessity of providing personal data
Using the comment function is not legally required and is not necessary for the conclusion of a contract. You create comments for your own reasons and immediately agree to publication by submitting. If you disclose personal information, you do so on your own initiative and responsibility. The use of the comment function is voluntary. You are not obliged to write a comment on our page. If you wish to leave a comment, you must fill in the fields marked as required. If you do not enter the necessary information, your comment cannot be published.
Contact Forms
Which personal data are collected and to what extent are they processed?
The data you entered into our contact forms, which you entered into the input mask of the contact form.
Legal basis for the processing of personal data
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Abs 2 FADP or Art. 2 CC) as well as Art. 6 Para. 1 lit. a GDPR (consent through a clear affirmative action or behavior).
Purpose of data processing
The data collected via our contact form or via our contact forms will only be used to process the specific contact request that comes in through the contact form. Please note that we may also send you emails to the specified address to fulfill your contact request. This serves the purpose of you being able to receive confirmation from us that your request has been correctly forwarded to us. However, the sending of this confirmation email is not mandatory for us and serves only for your information.
Duration of storage
After processing your request, the collected data will be deleted immediately, as long as there are no legal retention periods.
Restriction, objection, correction, and deletion options
You can request the restriction of processing according to Art. 18 GDPR at any time, object to processing according to Art. 21 GDPR, and request correction or deletion of data according to Art. 16 or 17 GDPR. Which rights you are entitled to and how you can assert them can be found in the lower section of this privacy policy.
Necessity of providing personal data
Using the contact forms is voluntary. You are not obliged to contact us via the contact form but can also use the other contact options provided on our site. If you would like to use our contact form, you must fill in the fields marked as mandatory. If you do not fill in the necessary information in the contact form, you can either not send the request or we cannot process your request due to lack of information.
Live Chat Function
Scope of processing personal data
The data you enter into our live chat, such as name and content.
Legal basis for the processing of personal data
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Para. 2 FADP or Art. 2 CC) as well as Art. 6 Para. 1 lit. a GDPR (consent through a clear affirmative action or behavior).
Purpose of data processing
The data collected via our live chat will only be used to process inquiries that come in through our live chat.
Duration of storage
After processing your inquiry, which came in via our live chat, the collected data will be deleted immediately, as long as there are no legal retention periods.
Restriction, objection, correction, and deletion options
You can request the restriction of processing according to Art. 18 GDPR at any time, object to processing according to Art. 21 GDPR, and request correction or deletion of data according to Art. 16 or 17 GDPR. Which rights you are entitled to and how you can assert them can be found in the lower section of this privacy policy.
Necessity of providing personal data
Using the live chat is voluntary. You are not obliged to contact us via live chat. You can also use the other contact options provided on our site. If you do not enter the necessary information, you cannot use our live chat.
Login Area / Registration
Scope of processing personal data and collected personal data
The registration and login data you entered or communicated to us.
Legal basis for the processing of personal data
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Para. 2 FADP or Art. 2 CC) as well as Art. 6 Para. 1 lit. b GDPR (execution of (pre)contractual measures).
Purpose of data processing
You have the possibility to use a separate login area on our website . To check your authorization to use the protected area or the protected documents, you need to enter your login data (email or username and password) into the corresponding form. If needed, we can send you your login data or the option to reset your password by email upon request.
Duration of storage
The collected data will be stored as long as you maintain a user account with us.
Restriction, objection, correction, and deletion options
You can request the restriction of processing according to Art. 18 GDPR at any time, object to processing according to Art. 21 GDPR, and request correction or deletion of data according to Art. 16 or 17 GDPR. Which rights you are entitled to and how you can assert them can be found in the lower section of this privacy policy.
Necessity of providing personal data
Certain pages and their content are not publicly accessible. Via the login area on our site, certain users can gain access to the protected area. The use of the content protected by the login area is not possible without entering personal data. If you want to use our login area, you must fill in the fields marked as mandatory (username and password). The entry of data presupposes the existence of a user account. Login is not possible if the data you entered is incorrect. If the data is incorrect or not entered by you, the protected area cannot be used. However, the rest of the site is still usable without login.
Newsletter Subscription Form
Which personal data are collected and to what extent are they processed?
By subscribing to the newsletter on our website, we receive the email address you entered in the registration field and possibly other contact data if you provide this to us via the newsletter subscription form.
Legal basis for the processing of personal data
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Para. 2 FADP or Art. 2 CC) as well as Art. 6 Para. 1 lit. a GDPR (consent through a clear affirmative action or behavior).
Purpose of data processing
The data collected in the registration form of our newsletter will be used by us exclusively for sending our newsletter, in which we inform about all our services and our news. After registration, we will send you a confirmation email containing a link you need to click to finalize the subscription to our newsletter (double opt-in). This gives your consent to data processing according to Art. 6 Para. 6 FADP.
Duration of storage
Our newsletter can be canceled at any time by clicking on the unsubscribe link, which is also included in every newsletter. Your data will be deleted immediately after unsubscribing from us, as long as there are no legal retention obligations. Likewise, your data will be deleted immediately by us in the case of an incomplete registration. We reserve the right to delete without giving reasons and without prior or subsequent information.
Restriction, objection, correction, and deletion options
You can request the restriction of processing according to Art. 18 GDPR at any time, object to processing according to Art. 21 GDPR, and request correction or deletion of data according to Art. 16 or 17 GDPR. Which rights you are entitled to and how you can assert them can be found in the lower section of this privacy policy.
Necessity of providing personal data
If you want to use our newsletter service, you must fill in the fields marked as mandatory and confirm the email address by clicking the double opt-in link. The information for the newsletter subscription is necessary to be able to use the newsletter offer. The information is used exclusively for sending our newsletter. If you do not fill in the mandatory fields, we cannot provide you with our newsletter service.
Appointment Booking Form
Scope of processing personal data
The data you enter into our appointment booking form.
Legal basis for the processing of personal data
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Para. 2 FADP or Art. 2 CC) as well as Art. 6 Para. 1 lit. b GDPR (execution of (pre)contractual measures).
Purpose of data processing
The data collected via our appointment booking form will only be used to process appointment requests that come in through the appointment booking form.
Duration of storage
Your appointment booking will be deleted by us immediately after 12 months after the appointment was scheduled, as long as there are no legal retention periods. We reserve the right to delete without giving reasons and without prior or subsequent information.
Restriction, objection, correction, and deletion options
You can request the restriction of processing according to Art. 18 GDPR at any time, object to processing according to Art. 21 GDPR, and request correction or deletion of data according to Art. 16 or 17 GDPR. Which rights you are entitled to and how you can assert them can be found in the lower section of this privacy policy.
Necessity of providing personal data
Using our appointment booking form is necessary if you want to book an appointment online with us. To book online, you must provide certain mandatory information. If you do not fill in the mandatory information completely, your appointment booking cannot be accepted or processed.
Disclosure of Information to Third Parties
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Para. 2 FADP or Art. 2 CC).
The disclosure of information to third parties is based on the scope of the following activities or offers of our website or our business model.
Basically, we retain your information only as long as necessary and treat it confidentially. Except for the transfer of personal data to debt collection service providers, to public bodies and authorities as well as to private individuals, who have a claim to the data based on legal provisions, court decisions, or official orders, and the transfer to authorities for the purpose of initiating legal proceedings or for law enforcement purposes if our legally protected rights are attacked.
Automatic Identity and Creditworthiness Check for Shipping on Account or Online Payment
Which personal data are collected and to what extent are they processed?
If you choose the payment method purchase on account or order online using a payment service, you will be asked during the ordering process to release the data necessary for processing the payment and an identity and creditworthiness check. Before and surname, street, house number, postal code, location, date of birth, as well as the data related to your order.
Legal basis for the processing of personal data
The processing of personal data is based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Para. 2 FADP or Art. 2 CC).
In the direct context of the conclusion or execution of a contract (Art. 31 Para. 2 lit. a FADP), the overriding interest exists in obtaining information about the identity of a contracting party. Directly in the context of a contract conclusion, personal data may be processed to check creditworthiness, provided that neither particularly sensitive personal data nor profiling with high risk is involved, the data is disclosed to third parties only if they need the data for the conclusion or execution of a contract with the affected person, the data is not older than ten years, and the affected person is of legal age (Art. 31 Para. 2 lit. c FADP). See also Art. 6 Para. 1 lit. b GDPR (execution of (pre)contractual measures).
Purpose of data processing
For the purpose of identity and creditworthiness checks, we transmit data to credit agencies (information agencies) and receive information from these as well as possibly creditworthiness information based on mathematical-statistical procedures, into whose calculation address data flows among other things (so-called score values). When using online payment services, we transmit your details to the respective partners and receive information from them for the release of the order for shipment.
Duration of storage
We will store the relevant data for payment processing as long as it is necessary for carrying out the transaction. As far as the data is subject to legal retention obligations, deletion will take place after the expiry of the retention obligation.
Restriction, objection, correction, and deletion options as well as right to information
You can request the restriction of processing according to Art. 18 GDPR at any time, object to processing according to Art. 21 GDPR, and request correction or deletion of data according to Art. 16 or 17 GDPR. You can request information at any time according to Art. 25 FADP about whether personal data concerning you is being processed. This allows you to view the information necessary for you to assert your rights according to data protection law and ensures transparent data processing. If the information stored about you is incorrect, we will delete it and possibly consult with the data protection advisor. Which rights you are entitled to and how you can assert them can be found in the lower section of this privacy policy.
Statistical Evaluation of Visits to This Website – Web Tracker
We collect, process, and store the following data when you call up this website or individual files of the website: IP address, website from which the file was retrieved, name of the file, date and time of retrieval, amount of data transferred, and notification of the success of the retrieval (so-called web log). We use this access data exclusively in non-personalized form for the continuous improvement of our internet offer and for statistical purposes.
The processing of any personal data takes place based on the principle of legality (Art. 6 Para. 1 FADP) and the principle of good faith (Art. 6 Para. 2 FADP or Art. 2 CC). We also use the following web trackers for the evaluation of visits to this website:
Google Analytics
Scope of processing personal data
On our site, we use the web tracking service of the company Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/ (hereafter: Google Analytics). Google Analytics uses cookies within the framework of web tracking , which are stored on your computer and enable an analysis of your use of our website and your surfing behavior (so-called tracking). We carry out this analysis based on Google Analytics’ tracking service to continuously optimize our internet offer and make it more available. In the context of using our website, data, in particular, your IP address and your user activities, are transmitted to servers of the company Google Ireland Limited. We conduct this analysis based on Google’s tracking service to continuously optimize our internet offer and make it more available. We also need web tracking for security reasons. By tracking, we can trace whether third parties are attacking our website. With the information from the web tracker, we can take effective countermeasures and protect the personal data we process from these cyber attacks. By activating IP anonymization within the Google Analytics tracking code of this website, your IP address is anonymized by Google Analytics before transmission. This website uses a Google Analytics tracking code, which has been extended by the operator gat._anonymizeIp(); to allow only an anonymized collection of IP addresses (so-called IP masking).
Legal basis for the processing of personal data
The legal basis for data processing is according to Art. 13 Para. 1 FADP or Art. 6 Para. 1 lit. a GDPR your consent in our cookie banner regarding the use of cookies and web tracking (consent through a clear affirmative action or behavior).
Purpose of data processing
On our behalf, Google will use this information to evaluate your visit to this website, to compile reports on website activities, and to provide further services related to website use and internet use to us. We also need web tracking for security reasons. By tracking, we can trace whether third parties are attacking our website. With the information from the web tracker, we can take effective countermeasures and protect the personal data we process from these cyber attacks.
Duration of storage
Google will store the data relevant for the provision of web tracking as long as it is necessary to fulfill the booked web service. The data collection and storage are anonymized. If there should still be a personal reference, the data will be deleted immediately, as far as it is not subject to any legal retention obligations. In any case, deletion takes place after the retention obligation has expired.
Objection and deletion options
You can prevent the collection and forwarding of personal data to Google (esp. your IP address) and the processing of this data by Google by deactivating the execution of script code in your browser, installing a script blocker in your browser, or activating the “Do Not Track” setting of your browser. You can also prevent the collection of data generated by the Google cookie and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link http://tools.google.com/dlpage/gaoptout?hl=de. Google’s security and privacy principles can be found at https://policies.google.com/privacy.
Google Tag Manager
Which personal data are collected and to what extent are they processed?
On our site, we use the service Google Tag Manager of the company Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/ (hereafter: Google Tag Manager). Google Tag Manager offers a technical platform to execute and centrally manage other web services and web tracking programs via so-called ” tags”. Google Tag Manager stores cookies on your computer and analyzes your surfing behavior if web tracking tools are executed via Google Tag Manager (so-called “tracking”). The data sent by individual tags integrated into Google Tag Manager are compiled by Google Tag Manager under a uniform user interface, stored, and processed. All integrated “tags” are listed again in this privacy policy. More information on data protection for the tools integrated into Google Tag Manager can be found in the respective section of this privacy policy. In the context of using our website with activated integration of tags by Google Tag Manager, data, especially your IP address and your user activities, are transmitted to servers of the company Google Ireland Limited. Regarding the web services integrated via Google Tag Manager, the regulations in the respective section of this privacy policy apply. The tracking tools used in Google Tag Manager ensure by an IP anonymization of the source code that the IP address is anonymized by Google Tag Manager before transmission. Hereby, Google Tag Manager enables only the anonymized capture of IP addresses (so-called IP masking).
Legal basis for the processing of personal data
The legal basis for data processing is according to Art. 13 Para. 1 FADP or Art. 6 Para. 1 lit. a GDPR your consent in our cookie banner regarding the use of cookies and web tracking (consent through a clear affirmative action or behavior).
Purpose of data processing
On our behalf, Google will use the information obtained via Google Tag Manager to evaluate your visit to this website, compile reports on website activities, and provide further services related to website use and internet use to us.
Duration of storage
Google will store the data relevant for the function of Google Tag Manager as long as it is necessary to fulfill the booked web service. The data collection and storage are anonymized. If there should still be a personal reference, the data will be deleted immediately, as far as it is not subject to any legal retention obligations. In any case, deletion takes place after the retention obligation has expired.
Objection and deletion options
You can prevent the collection and forwarding of personal data to Google (esp. your IP address) and the processing of this data by Google by deactivating the execution of script code in your browser, installing a script blocker in your browser, or activating the “Do Not Track” setting of your browser. You can also prevent the collection of data generated by the Google cookie and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link http://tools.google.com/dlpage/gaoptout?hl=de. Google’s security and privacy principles can be found at https://policies.google.com/privacy.
Gstatic
We use the service Gstatic from the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/. The processing takes place according to the assessment of Swiss authorities in secure third countries. The list of states and further information can be found at the following link: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html. The transfer of personal data also takes place to the USA. Regarding the transfer of personal data to the USA, there is an adequacy decision for the EU-US Data Privacy Framework of the EU Commission according to Art. 45 GDPR (hereafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual level of protection of the GDPR applies to the transfer.
The legal basis for the transfer of personal data is your consent according to Art. 6 Para. 6 FADP or Art. 31 Para. 2 FADP and according to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR, which you have given on our website.
Gstatic is a background service used by Google to retrieve static content to reduce bandwidth usage and preload required catalog files. The service primarily loads background data for Google Fonts and Google Maps.
In the context of order processing, personal data may also be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. The certification of the provider under the EU-US Data Privacy Framework can be accessed at https://www.dataprivacyframework.gov/list.
You can revoke your consent at any time. Further information on revoking your consent can be found either in the consent itself or at the end of this privacy policy.
Further information on the handling of transferred data can be found in the provider’s privacy policy at https://policies.google.com/privacy.
The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.
Integration of External Web Services and Processing of Data Outside the EU
On our website, we use active content from external providers, so-called web services. By calling up our website, these external providers may receive personal information about your visit to our website. Here, data processing outside Switzerland and the EU is possible. You can prevent this by installing an appropriate browser plugin or disabling the execution of scripts in your browser, which may lead to functional restrictions on websites you visit.
We use the following external web services:
Google Cloud APIs
We use the service Google Cloud APIs from the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/. The processing takes place according to the assessment of Swiss authorities in secure third countries. The list of states and further information can be found at the following link: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html. The transfer of personal data also takes place to the USA. Regarding the transfer of personal data to the USA, there is an adequacy decision for the EU-US Data Privacy Framework of the EU Commission according to Art. 45 GDPR (hereafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual level of protection of the GDPR applies to the transfer.
The legal basis for the transfer of personal data is your consent according to Art. 6 Para. 6 FADP or Art. 31 Para. 2 FADP and according to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR, which you have given on our website.
We use Google APIs on our website to load additional services from Google. Google APIs is a collection of interfaces for communication between various Google services used on your website. The service is used in particular for displaying Google Fonts fonts and providing the Google Maps map.
Regarding the processing itself, the service or we collect the following data: IP address.
If the service is active on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the necessary data. In the context of order processing, personal data may also be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When using the Google service on our website, Google may transmit and process information from other Google services to provide background services for the display and data processing of the services provided by Google. This may also involve data transmission to the Google services Google Cloud, Google Maps, Google Ads, and Google Fonts according to the Google privacy policy under Google’s data protection responsibility. The certification of the provider under the EU-US Data Privacy Framework can be accessed at https://www.dataprivacyframework.gov/list.
You can revoke your consent at any time. Further information on revoking your consent can be found either in the consent itself or at the end of this privacy policy.
Further information on the handling of transferred data can be found in the provider’s privacy policy at https://policies.google.com/privacy.
The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.
Google Fonts
We use the service Google Fonts from the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/. The processing takes place according to the assessment of Swiss authorities in secure third countries. The list of states and further information can be found at the following link: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html. The transfer of personal data also takes place to the USA. Regarding the transfer of personal data to the USA, there is an adequacy decision for the EU-US Data Privacy Framework of the EU Commission according to Art. 45 GDPR (hereafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual level of protection of the GDPR applies to the transfer.
The legal basis for the transfer of personal data is your consent according to Art. 6 Para. 6 FADP or Art. 31 Para. 2 FADP and according to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR, which you have given on our website.
We use the service Google Fonts to integrate attractive fonts on our website to display our website in a visually improved version. The service is also used on our website if other Google services are loaded that require Google Fonts fonts for execution. This is the case, for example , if our website uses Google services that require Google Fonts for execution.
Regarding the processing itself, the service or we collect the following data: Data on fonts, IP address of the visitor, statistics on the use of fonts, and other data from Google services related to our website.
If the service is active on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the necessary data. In the context of order processing, personal data may also be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When using the Google service on our website, Google may transmit and process information from other Google services to provide background services for the display and data processing of the services provided by Google. This may also involve data transmission to the Google services Google Apis, Google Cloud, and Google Ads according to the Google privacy policy. The certification of the provider under the EU-US Data Privacy Framework can be accessed at https://www.dataprivacyframework.gov/list.
You can revoke your consent at any time. Further information on revoking your consent can be found either in the consent itself or at the end of this privacy policy.
Further information on the handling of transferred data can be found in the provider’s privacy policy at https://policies.google.com/privacy.
The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.
Jsdelivr
We use the service Jsdelivr from the company Prospect One Sp., Krolweska 65A, 30-081 Krakow, Poland, Email: hello@prospectone.io, Website: https://prospectone.io/. The processing takes place according to the assessment of Swiss authorities in secure third countries. The list of states and further information can be found at the following link: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html. The transfer and processing of personal data take place exclusively on servers in the European Union.
The legal basis for the transfer of personal data is according to Art. 6 Para. 1 lit. f GDPR our legitimate interest in processing. Our legitimate interest lies in achieving the purpose described below.
Jsdelivr is a Content Delivery Network that mirrors our content across various servers to ensure optimal accessibility worldwide.
Regarding the processing, you have the right to object according to Art. 21 GDPR. Further information can be found at the end of this privacy policy.
Further information on the handling of transferred data can be found in the provider’s privacy policy at https://www.jsdelivr.com/privacy-policy-jsdelivr-com.
Legally ok Legal Text Snippet and Modules
We use the service Legally ok Legal Text Snippet and Modules from the company Legally ok GmbH, Schochenmühlestrasse 6, 6340 Baar, Switzerland, Email: hello@legally-ok.com, Website: https://www. legally-ok.com/. The processing takes place exclusively in Switzerland according to the applicable data protection legislation. The processing also takes place in a third country outside the EU. For this third country, there is an adequacy decision of the Commission. On the page of the EU Commission (Link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de) you can find a current list with all adequacy decisions.
The legal basis for the transfer and processing is Art. 31 Para. 1 FADP and Art. 6 Para. 1 lit. c GDPR. The use of the service supports us in fulfilling our legal obligations.
With the help of the service, content of our legal texts is reloaded on our website. Through the integration on our site, the respective current legal texts are reloaded. Through this integration, further technical modules may also be reloaded concerning the legal texts or legally required elements.
Which rights you have regarding the processing can be found at the end of this privacy policy.
Further information on the handling of transferred data can be found in the provider’s privacy policy at https://www.legally-ok.com/datenschutz/.
OpenStreetMap
We use the service OpenStreetMap from the company FOSSGIS e.V., Römerweg 5, 79199 Kirchzarten, Germany, Email: kast@openstreetmap.de, Website: http://www.openstreetmap.de/. The processing takes place according to the assessment of Swiss authorities in secure third countries. The list of states and further information can be found at the following link: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html. The transfer and processing of personal data take place exclusively on servers in the European Union.
The legal basis for the transfer of personal data is according to Art. 6 Para. 1 lit. f GDPR our legitimate interest in processing. Our legitimate interest lies in achieving the purpose described below.
OpenStreetMap is integrated into our website to enable navigation and display our business locations.
Regarding the processing, you have the right to object according to Art. 21 GDPR. Further information can be found at the end of this privacy policy.
Further information on the handling of transferred data can be found in the provider’s privacy policy at https://www.fossgis.de/datenschutzerkl%C3%A4rung/.
WordPress
We use the service WordPress from the company Automattic Inc., 60 29th Street #343, CA 94110 San Francisco, United States, Email: help@wordpress.com, Website: https://automattic.com/. Your personal data is transferred to so-called insecure third countries that do not guarantee adequate data protection through their legislation. Your data will only be disclosed if suitable data protection is guaranteed. This can be ensured, in particular, by:
- international treaties
- data protection clauses in a contract between the controller or the processor and their contract partner, which were previously notified to the FDPIC
- specific guarantees that the competent federal body has developed and notified to the FDPIC in advance
- standard data protection clauses that the FDPIC has previously approved, issued, or recognized or
- binding corporate rules that have previously been approved by the FDPIC or by an authority responsible for data protection in a state that guarantees adequate protection
If such guarantees are not present, your data may only be disclosed if you have given your consent, the disclosure is in direct connection with the conclusion or processing of a contract, or the disclosure is necessary for the enforcement of claims before courts and authorities or to protect public interests.
The transfer of personal data also takes place to the USA. Regarding the transfer of personal data to the USA, there is an adequacy decision for the EU-US Data Privacy Framework of the EU Commission according to Art. 45 GDPR (hereafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual level of protection of the GDPR applies to the transfer.The legal basis for the transfer of personal data is according to Art. 6 Para. 1 lit. f GDPR our legitimate interest in processing. Our legitimate interest lies in achieving the purpose described below.
WordPress is the technical system behind our WordPress website. We need the integration to display our website and edit content.
The certification of the provider under the EU-US Data Privacy Framework can be accessed at https://www.dataprivacyframework.gov/list.
Regarding the processing, you have the right to object according to Art. 21 GDPR. Further information can be found at the end of this privacy policy.
Further information on the handling of transferred data can be found in the provider’s privacy policy at https://automattic.com/privacy/.
Data Security and Privacy, Communication by Email
Your personal data is protected by technical and organizational measures during collection, storage, and processing so that it is not accessible to third parties. In the case of unencrypted communication by email, we cannot guarantee complete data security on the transmission path to our IT systems, so we recommend encrypted communication or the postal route for information with a high need for confidentiality.
Duration of Data Storage and Rights of the Data Subject
Duration of Storage
We store personal data only to the extent and as long as it is necessary for fulfilling the purposes for which the personal data was collected, we have a legitimate overriding interest in storing it, or we are legally obligated to do so.
Right to Information
You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have a right to information about the information specified in 25 ff. FADP or Art. 15 Para. 1 GDPR, provided that the disclosure by the owner of the data collection is not refused, restricted, or postponed (see Art. 26 f. FADP or Art. 15 Para. 4 GDPR). We will also provide you with a copy of the data upon request.
Right to Correction
You have the right according to Art. 32 Para. 1 FADP or Art. 16 GDPR to request that incorrectly stored personal data (such as address, name, etc.) be corrected if there is no legal obligation to the contrary. You can also request the completion of data stored with us at any time. A corresponding adjustment will be made promptly.
Right to Deletion
You have the right according to Art. 17 Para. 1 GDPR to request that we delete personal data collected about you if
- the data is no longer needed;
- due to the revocation of your consent, the legal basis for processing has been lost without replacement;
- no legitimate reasons for processing exist;
- your data is processed unlawfully;
- a legal obligation requires it.
The right does not exist according to Art. 17 Para. 3 GDPR if
- processing is necessary for exercising the right to freedom of expression and information;
- your data has been collected based on a legal obligation;
- processing is necessary for reasons of public interest;
- the data is necessary for the establishment, exercise, or defense of legal claims.
Right to Restriction of Processing
According to Art. 18 Para. 1 GDPR, you have the right in certain cases to request the restriction of the processing of your personal data.
This is the case if
- the accuracy of the personal data is contested by you;
- the processing is unlawful and you oppose the deletion;
- the data is no longer needed for the processing purpose but is needed for the establishment, exercise, or defense of legal claims;
- an objection to processing pursuant to Art. 21 Para. 1 GDPR has been lodged and it is not yet clear which interests prevail.
Right to Withdrawal
If you have expressly given us consent to process your personal data (Art. 6 Para. 6 FADP and Art. 31 Para. 1 FADP; Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR), you can revoke this consent at any time. Please note that this does not affect the legality of the processing based on consent before its withdrawal. Data for which we are legally required to store will be deleted after the retention period has expired.
Right to Object
According to Art. 21 GDPR, you have the right at any time to object to the processing of personal data concerning you, which has been collected based on Art. 6 Para. 1 lit. f GDPR (within the scope of a legitimate interest). If you have expressly given us consent to process your personal data (Art. 6 Para. 6 FADP and Art. 31 Para. 1 FADP), you can revoke this consent at any time. Please note that this does not affect the legality of the processing based on consent before its withdrawal. The right only applies if there are special circumstances against storage and processing. Data for which we are legally required to store will be deleted after the retention period has expired.
How Do You Exercise Your Rights?
You can exercise your rights at any time by contacting the contact details below:
Helvetic IT Solution GmbH
Chamerstrasse 172
6300 Zug
Switzerland
Email: info@hitso.ch
Phone: +41 41 20 333 80
Right to Data Portability
According to Art. 20 GDPR, you have a claim to the transfer of personal data concerning you. The data will be provided by us in a structured, common, and machine-readable format. The data can optionally be sent to you or to a responsible person named by you.
We will provide the following data upon request:
- Data collected based on consent (Art. 31 Para. 1 FADP and Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR);
- Data that we have received from you within the framework of existing contracts (Art. 31 Para. 2 lit. a FADP as well as Art. 6 Para. 1 lit. b GDPR and Art. 9 Para. 2 lit. a GDPR);
- Data that has been processed in an automated procedure.
The transfer of personal data directly to a responsible person desired by you will be made to the extent technically feasible. Please note that data that interferes with the predominant interests of third parties pursuant to Art. 26 Para. 1 lit. b FADP or Art. 20 Para. 4 GDPR cannot be transferred or can only be transferred to a limited extent.
Notifications to the FDPIC and Complaint Options
Affected persons can make a complaint to the supervisory authority according to Art. 49 FADP if there are sufficient indications that a data processing operation could violate data protection regulations. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Further information can be found in the contact form of the FDPIC: https://www.edoeb.admin.ch/edoeb/de/home/deredoeb/kontakt.html
If you suspect that your data is being processed unlawfully on our site, you can of course seek legal clarification of the issue at any time. In addition, any other legal option is open to you. Regardless, according to Art. 77 Para. 1 GDPR, you have the option of complaining to a supervisory authority. The right to complain according to Art. 77 GDPR is available in the EU member state of your place of residence, your workplace, and/or the place of the alleged violation, i.e., you can choose the supervisory authority to which you complain from the above-mentioned places. The supervisory authority with which the complaint has been filed will then inform you about the status and results of your submission, including the possibility of a judicial remedy according to Art. 78 GDPR.
