Neoperl Group AG, Pfeffingerstrasse 21, 4153 Reinach BL, Switzerland and its subsidiaries/fellow subsidiaries attach great importance to the protection of your personal data. We would like you to know when we store which data and how we use such data. We are subject to the provisions of the Swiss Federal Data Protection Act (Bundesgesetz über den Datenschutz, DSG) and/or – if we offer our goods and services in the EU/EEA area – the provisions of the European General Data Protection Regulation (GDPR). In order to ensure that these data protection provisions are being complied with by us and also by our external services providers, we have taken appropriate technical and organizational measures.
Controller for purposes of the DSG and/or the GDPR or other national data protection laws in EU member states as well as other data protection provisions is
Neoperl Group AG
4153 Reinach BL
Phone: +41 61 716 74 00
Fax: +41 61 716 74 09
The controller has appointed a data protection officer. His contact details are:
Bechtle GmbH IT-Systemhaus Freiburg
79108 Freiburg im Breisgau
For questions, suggestions or comments regarding data protection and in order to exercise your rights as set out below, please contact our data protection officer.
Scope of the processing of personal data
We use the personal data provided by you in order to respond to your queries, process your orders, deliver products, process payments or to give you access to certain information or offers (in particular on our Neoperl website and web shop or in our Neoperl apps).
Legal bases for the processing of personal data
Where the GDPR is applicable, the processing of personal data is generally not permitted unless there is statutory permission. We are obliged, in this regard, to inform you about the legal bases for the processing of the data. Where the DSG is applicable, the processing of personal data is allowed in principle, provided that the statutory principles of the DSG are complied with.
If we obtain your consent for the processing of personal data, such consent constitutes the legal basis.
If the processing of personal data is necessary for the performance of a contract, whose contracting party is you, the performance of the contract constitutes the legal basis. This also applies to any processing that is necessary in order to implement pre-contractual measures.
If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, this constitutes the legal basis.
In the event that interests which are essential for the life of the data subject or that of another natural person make the processing of personal data necessary, this constitutes the legal basis.
If the processing of personal data is necessary for purposes of safeguarding a legitimate interest of our company or of a third party, and if your interests or fundamental rights and freedoms do not override that interest, this constitutes the legal basis for the processing.
Our offering is generally aimed at adults. People under the age of 16 must not transfer any personal data to us without the consent of their parents or legal guardians. We do not request or collect any personal data from children and young people and therefore also do not pass it on to third parties.
Deletion of data and storage time
As soon as the purpose for storing data ceases to apply, we will delete or block your personal data. Data may, however, be stored beyond such time period if this is required due to statutory provisions to which we are subject. This may, for instance, concern data that needs to be stored for commercial or tax-related reasons, such as delivery slips or invoice data.Your data will be blocked or deleted if the storage time prescribed by such provisions expires, unless a continued storage of the data is required for the conclusion or performance of a contract.
Sharing personal data with third parties
As a general rule, we will not share any personal data with third parties without your express consent. In the event that we do share your data with third parties, transmit it to them or grant them access to it in any other way in the context of the processing, this also occurs only on the basis of one of the aforementioned legal bases.
We transfer data, for instance, to payment providers or suppliers if this is necessary in order to fulfil the contract. If we are obliged to do so by statute or by court order, we have to transfer your data to the respective bodies entitled to such data.
On occasion, we use carefully selected external service providers in the processing of your data. If, in the context of what is known as commissioned data processing, data is transferred to service providers, this occurs on the basis of the provisions of the DSG and the GDPR. Our commissioned data processors have been carefully selected, are bound by our instructions and are checked at regular intervals. We only commission such data processors who provide sufficient guarantees that suitable technical and organisational measures are taken to ensure that the processing takes place in accordance with data protection requirements and safeguards the protection of your rights.
Data transfers to third countries
The DSG ensures a high level of data protection in Switzerland. The GDPR ensures a consistently high level of data protection within the European Union. Where possible, when selecting our service providers and cooperation partners we therefore rely on partners in Switzerland and the EU in the event that your personal data is to be processed. Only in exceptional cases will we allow your data to be processed outside of the European Union in the context of using third party services.
We may share your data with subsidiaries or fellow subsidiaries abroad if this is required for intra-group management purposes.
We will only allow your data to be processed in a third country if the special requirements of the DSG and the GDPR have been met. That means that your data may then only be processed on the basis of special guarantees. These guarantees include the EU Commission making an official decision that a third country has an adequate level of data protection in line with that of the EU, compliance with officially recognized special contractual clauses (known as standard contractual clauses) or other conventions between Switzerland and/or the EU and third countries.
Automated decision making
We refrain from using automated decision making processes or profiling (in Switzerland also referred as the processing of personality profiles).
If your personal data is processed, you are a data subject for purposes of the data protection laws (in Switzerland also referred to as the person affected). You have the following rights against us.
To exercise your rights, please contact our data protection officer.
Right to withdraw consent
If the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time. The withdrawal of your consent does not affect the lawfulness of any processing that has taken place until then.
Right of access
You have the right to ask us to confirm whether we are processing any personal data relating to you. If this is the case, you have the right to obtain details of the following information:
Within one month from receipt of your request for information, we will provide you with a copy of the personal data that is being processed. Where you make the request by electronic means and unless otherwise requested by you, we will provide the information to you in a commonly used electronic form.
Right to rectification
You have the right to require us to immediately rectify your personal data if it is incorrect. In due consideration of the purposes of the processing, you have the right to request completion of any incomplete personal data concerning you.
Right to erasure (“right to be forgotten”)
You have the right to require us to erase personal data concerning you without undue delay and we are obliged to erase personal data without undue delay where one of the following grounds applies:
The right to erasure (“right to be forgotten”) does not apply insofar as the processing is required:
Right to restriction of processing
You have the right to require us to restrict the processing of your personal data if one of the following conditions applies:
Where processing has been restricted in accordance with the aforementioned conditions, we will notify you before lifting the restriction.
Right to data portability
Where the GDPR is applicable, you have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from us, provided that the processing is based on consent or on a contract and is carried out by automated means.
In exercising the right to data portability you can have the personal data transmitted directly from us to another controller, where technically feasible. The exercise of the right to data portability does not affect the right to erasure (“right to be forgotten”). This right shall not apply to processing necessary for the performance of a task vested in us and carried out in the public interest or in the exercise of official authority.
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data on the basis of a weighing up of interests. In this case we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the data is processed for reasons of asserting, exercising or defending legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services you may exercise your right to object by automated means using technical specifications.
Automated individual decision making, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
We will implement suitable measures to safeguard your rights and freedoms and legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Right to lodge a complaint with a supervisory authority
Where the GDPR is applicable, without prejudice to any other administrative or judicial remedy you have the right to lodge a complaint with a supervisory authority, in particular at your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of your personal data infringes data protection provisions. Where the Swiss DSG is applicable, you may report your concerns or incidents to the Swiss Federal Data Protection Commissioner. This person can then initiate an investigation of facts, make recommendations and, where required, take legal steps.
You are generally able to use our online offerings without disclosing your identity. In this section we will provide information to you as to when and in what connection we process data during the use of our online offerings, what offers of service providers and cooperation partners we have implemented, how these work and what happens to your data.
Data collection upon visits to our websites
If you use our websites purely for purposes of obtaining information, i.e. if you do not register for an offer, enter into a contract with us or otherwise disclose information to us, we will only collect personal data that your browser transmits to our server. When you access our websites, we will collect the following data which we require for technical reasons in order to display our websites and ensure that they are stable and secure:
This data is temporarily stored in our system log files for a period lasting no longer than ten days. Data may be stored for longer; in this case, however, the IP addresses will be truncated or distorted such that it is no longer possible to identify the accessing client. In this connection the log files will not be stored together with other personal data concerning you. The legal basis for these processing operations is our legitimate interest.
Given that the collection of the data is strictly required in order to display the websites, and the storage of the data in log files is strictly required for the operation of our websites and to ensure IT security, you have no right to object in this regard.
Personal data is required for a customer account. Required data is marked with an asterisk (*) in the registration process. By registering, you consent to the use of this data for the purpose of managing your account. In order to process electronic payments, we may cooperate with electronic payment service providers and transfer your personal data for these processing purposes.
Payment service providers
In the context of the fulfilment of contracts we use payment service providers in order fulfil contracts. Apart from this, we use external payment service providers on the basis of our legitimate interests in order to offer our users an effective and secure payment method.
The data processed by our payment service providers includes inventory data, such as name and address, bank details including account numbers or credit card numbers, passwords, TANs and checksums as well as details relating to contracts, sums and recipients. These details are required in order to process the transactions. The data provided is, however, processed and stored by the payment service provider. That means we receive no account-related or credit card-related information, but only information containing a statement as to whether payment has or has not been made. In certain cases, payment service providers may transfer the data to credit agencies. Such data transfers are made for purposes of checking ID and credit history. In this regard, please refer to the general terms and conditions and privacy policies of the payment service providers.
The payment transactions are governed by the terms and conditions and privacy policies of the respective payment service provider, which can be accessed on the respective websites or transaction apps. Please also refer to these for further information and in order to assert rights to withdraw, rights of access and other data subject rights.
Delivery of goods
Your data will be passed on to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods.
Besides our internet presence, we also provide mobile apps for you to download to your mobile device. In the following, we provide information to you about the processing of personal data when using our apps. We do this to ensure that you are aware of how the services implemented as part of our offer work and what will happen to your data.
When an app is downloaded, the required information is transferred to the respective app store; namely, in particular, the user name, email address, customer number at the app store and the individual device ID. We have no influence over such data processing; this is the responsibility of the respective app store. We only process data required for the app to be downloaded to your device.
When our apps are used, app usage data is generated. This usage data serves as the basis for anonymous statistical evaluations, so that trends can be identified and used to improve the offer accordingly. In general, we process this data to facilitate the usability of the functions provided and to ensure the security and stability of the app.
When using an app for the first time, you will be informed about the processing of your personal data within that app. If we need your consent for data processing, we will ask you to voluntarily give this consent when you use an app for the first time. If you wish to revoke your consent thereafter, you can do so whenever you wish from within the actual app.The legal basis for such processing is either our legitimate interest or your voluntarily given consent.
In order to improve the stability and reliability of our apps, we rely on anonymized crash reports.
iOS apps: If you have voluntarily and expressly consented to the transmission of a crash report in the app settings, anonymous information regarding the crash will be transmitted to our service provider’s servers and stored therein for purposes of analysis. Crash reports do not contain any personal information. In iOS these consist of a stack trace, some device information (no serial number or similar), the app version, the time stamp of the crash, and the list of software libraries stored in the memory. No processor register content or log files are contained therein.
Android apps: If, when configuring your mobile device, you voluntarily and expressly consent to the general transmission of crash reports to Google, following a crash of the app, information (status of the app at the time of the crash, stack trace, manufacturer and operating system of the mobile phone, last log notices) will be transferred to Google and stored for purposes of analysis. This information does not contain any personal data.
Push notifications are sent with the help of a pseudonymized push token provided by your operating system or the push service in question. Neither we nor our contractual partners are able to deduce personal data via the push token or link it to the mobile device.
Push notifications are sent on the basis of your consent. You may revoke your consent at any time by disabling the “receive push notifications” function in the app settings or deactivating the receipt of push notifications in the settings of the operating system.
When using this app, your entries in the decision tree as well as the version number of the app will be processed. Further, your information regarding your smartphone (model/version, operating system and language selected) will be processed.
When using “EasyMatch”, the photographs you have taken of the aerators and your comments will be processed. In addition, the time and the result of the measurement will be processed. A push token and a reference ID of the status of the decision tree will be generated.
When you use our websites, cookies will be stored on your device in addition to the aforementioned data. Cookies are small text packages that may be sent by a website to the browser, and stored and returned by it. Cookies can be used to store various details, which are read by the entity that has placed the cookie. They typically contain a characteristic string (ID) which allows unambiguous identification of the browser in the event of renewed access to the website or a change of page. They are primarily used to make our online offerings more user friendly and more effective overall.
The user data collected in cookies is pseudonymized through technical means, which typically makes it impossible to link the data to the accessing user. If identifiability is possible, for instance in the case of a login cookie whose session ID is necessarily linked to the account of the user, we will notify you at the appropriate time.
We use different types of cookies:
Besides “first party cookies”, which we use in our capacity as data controller, we also use “third party cookies” offered by other providers.
On this website, with your consent we use a live-chat system with technology of the company LiveChat Inc. This allows you to enter into direct online communications with us and for us to support you as swiftly as possible if you have any questions. Cookies are also used to operate the chat function.
The legal basis for the processing of your personal data is your voluntary consent. We will delete the processed data as soon as it is no longer required.
If you have consented, we use Google Analytics on this website, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This allows us to match data, sessions and interactions across several devices to a pseudonymous user ID and, by doing so, to analyze the activities of a user across devices.
The legal basis for the use of Google Analytics is your voluntary consent.
Recipients/categories of recipient
Google is the recipient of the collected data.
Duration of data storage
The data sent to us and linked to cookies, user ID or similar or advertising ID will be automatically deleted after 14 months. The data whose retention time has expired will be deleted automatically once a month.
In order to protect our websites against spam, we use the reCAPTCHA service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland in places where you can enter data. A question is used to establish whether it was a human who entered data or whether the data was entered improperly by automated, electronic means. The reCAPTCHA service includes IP addresses and any other data required by Google to operate the reCAPTCHA service being sent to Google. Your input will be sent to Google for these purposes and used there. Google will, however, first truncate your IP address within member states of the European Union or other parties to the Agreement on the European Economic Area. In exceptional cases only, the full IP address is transferred to a Google server in the U.S. and shortened there. On behalf of the operator of this website, Google will use this information to analyze your usage of this service. The IP address transferred by your browser as part of reCAPTCHA will not be combined with other Google data.
Links to third party websites
Online services on social media
We offer online services on various platforms in order to provide information to you and to make contact with you.
We have no influence over the processing of personal data by the respective platform operator. Typically, when visiting our offers on social media platforms, the platform operator will store cookies in your browser, which are used to store your user behavior and your interests for purposes of market research and advertising.
The platform operators use those user profiles which are generated – usually across devices – in order to show you personalized advertising. Data processing may affect persons who are not registered as a user with the platform in question. In certain cases your data will be processed outside of Switzerland or the European Union, which may impede the assertion of your rights. In selecting such platforms, however, we look at whether the operators undertake to comply with the high data protection levels applicable in Switzerland and the EU.
When visiting one of our social media offerings, your personal data will be processed on the basis of our legitimate interest in maintaining a diverse public image for our company and in using effective means of information and communication with you.
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, IrelandThe basis of the processing is an
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, U.S.
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
We offer you the opportunity to subscribe to our free email newsletter. We will only send this newsletter with your consent. When you subscribe to a newsletter, the data provided in the form (name and email address) will be transmitted to us and stored for as long as the subscription to the newsletter is active.
After you have subscribed to the newsletter, you will receive an email asking you to click on a link in order to confirm your subscription. This allows us to prevent unauthorized third parties subscribing under your email address.
We keep a record of the subscription process, for purposes of providing evidence of our compliance with legal requirements. This involves storing the IP address of the accessing device, as well as the subscription date and time. The data provided by you will be stored while the newsletter subscription is active.
You may terminate the subscription at any time. For these purposes each newsletter contains a link to unsubscribe. This also allows you to revoke your consent. The legal basis for the processing of your data is your voluntary consent to the receipt of the newsletter.
If you purchase goods or services from us and provide us with your email address as part of this process, we reserve the right to use it in order to send newsletters containing direct marketing materials for similar goods or services provided by us. This is done for purposes of our legitimate interest of promoting our goods and services to our customers, which prevail when weighing up the various interests. You may object to this use of your data at any time by sending a message to the point of contact set out below or via the unsubscribe link in the promotional email, without incurring any transmission costs other than in accordance with the base tariffs.
If you send us an enquiry – for instance by using the contact form or chat function – your personal data will be processed in order to respond to your enquiry:
We will not use your data for any automated decision-making processes or for profiling.
When applying to us, the data provided by you – for example your contact details and qualifications – will only be used to process the application procedure.
Your data will be passed on internally to the relevant department managers. We will process your personal data for purposes of your job application to the extent that this is necessary for a decision to be made regarding the conclusion of an employment relationship.
In addition, we may process personal data concerning you to the extent that this is required to defend against any legal claims asserted in the context of the application procedure.
Your data will generally be deleted 3 months after the application procedure has ended, unless there are agreements to the contrary in place with the applicant (see, inter alia, admission to the pool of applicants). If your application results in the conclusion of an employment contract, the data will be included in your personnel file.
For how long will your data be stored?
We will store your personal data for as long as this is required to arrive at a decision regarding your application. If no employment relationship is entered into between you and us, we may continue to store the data insofar as this is necessary to defend against any legal claims. The application documents will be deleted two months after the rejection has been communicated, unless a longer storage time is required due to legal disputes.
Admission to the pool of applicants
In the event that we currently do not have any open positions available that match your application – for instance in the event of an unsolicited application – we are happy to admit your application to our pool of applicants. This does, however, require your consent which we will request in such a case.
If we do not use your application documents in the pool of applicants within one year, we will automatically delete your application documents.
No automated decision making
There will be no automated decision making in individual cases; this means that the decision regarding your application will not be solely based on automated processing.
Last updated: May 2022
The original text was written in German. In the event of legal disputes, the German version shall apply.