The information in this declaration applies to the processing of personal data on our website or via our website and is intended to inform you as a user in particular about the scope of the processing, the processing purposes, recipients, legal bases, storage periods and your rights. Personal data is any information relating to an identified or identifiable natural person, i.e. a human being (hereinafter also referred to as "data subject"), including, for example, your name, address or e-mail address. "Processing" of personal data means in particular the collection, storage, use and transmission of such data.
I. Name and address of the responsible party
Responsible for compliance with the provisions of the Swiss Data Protection Act (DSG) and any other applicable data protection provisions on this website is:
corporate benefits swiss AG
Schwanengasse 3
3011 Bern
Switzerland
Phone: +41 (0)31 301 36 36
E-Mail: info@cb-ag.ch
Web: https://www.corporate-benefits.ch
For further information on the responsible person, please refer to the imprint of this website.
II. General information on data processing
1. Legal basis for the processing of personal data
The processing of personal data in connection with this website is subject to the Swiss Data Protection Act (DSG) of 25 September 2020, as of 1 September 2023. In the case of third-party services that process personal data of website users outside Switzerland, foreign data protection legislation may be applicable depending on the circumstances, in particular the European Data Protection Regulation (EU GDPR) in the EU/EEA area.
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 para. 6 in conjunction with 31 para. 1 Federal Data Protection Act (FADP) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 31 para. 1, 2 lit. a FADP serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 31 para. 1 FADP serves as the legal basis.
If processing is required to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 31 para. 1 FADP serves as the legal basis for processing.
2. Purpose of the data processing
The purpose of this website is to provide the user with information about the responsible party and their activities and, if necessary, to exchange information between the responsible party and the user, e.g. via a contact form. Unless expressly stated otherwise, it does not serve to specifically collect personal data of the user and to evaluate it in a person-specific manner for other purposes or to forward it to third parties.
Against this background, the purpose of processing user data via the website is to provide them with the smoothest possible technical access to the relevant information and services and to offer an attractive user experience.
3. Principles of the data processing
Personal data shall be processed by the responsible party in accordance with, inter alia, the following legal principles:
The processing is carried out in good faith and must be proportionate;
The processing is carried out only for the purposes recognisable to the user and only to the extent compatible with these purposes;
The data will be destroyed or made anonymous as soon as its processing is no longer necessary and as long as there are no exceptional reasons provided for by law;
Recognisably incomplete or inaccurate data will be corrected or deleted;
Consent of the user to data processing is only valid if given voluntarily after adequate information;
The principles of "privacy by design" and "privacy by default" shall be respected.
4. Data deletion and storage period
The personal data of the data subject shall be deleted or the processing shall be restricted as soon as the purpose of the storage ceases to apply. Storage may also take place if this is necessary due to an overriding interest or is provided for in laws or other regulations to which the responsible party is subject.
III. Confidentiality / disclosure to third parties
Unless expressly mentioned in this data protection statement, such as in the context of data processing by contractors or in the case of third-party services, or unless it is clearly intended for disclosure for a specific purpose, user data is treated confidentially and no user data is disclosed to third parties or sold to third parties for their own purposes. Exceptions to this are disclosures to third parties that are required by law, e.g. as a result of official or court orders.
IV. Disclosure abroad
The data of the website, including personal data of the users, are stored and processed on protected servers in Switzerland or in countries of the EU / EEA. Unless expressly stated in this privacy policy, in particular in the section on third-party services, no user data is transferred to countries outside the EU / EEA.
V. Data processing by authorised representatives
The responsible party is entitled to have personal data of website users processed by contractually bound external service providers or agents. However, these must be legally or contractually obliged to comply with the data protection law and confidentiality to the same extent as the responsible party. They may not process user data to a greater extent than the responsible party is permitted to do. The responsible party is also obliged to regularly ensure that the commissioned data processors are in a position to guarantee data security.
An up-to-date list of the commissioned data processors used by the responsible party for the purpose of operating the website as well as the scope of the processing of personal data carried out by the commissioned processors shall be provided to the user by the responsible party upon request and insofar as there are no overriding interests to the contrary.
VI. Data security (technical and organisational measures)
To ensure data security, technical and organisational measures (TOM) are used by the responsible party and their agents in accordance with the current state of technology. Upon request, and provided that this does not jeopardise data security for other users, the responsible party shall provide the user with more detailed information on the TOMs taken.
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that users send to us as the site operator. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
However, it cannot be guaranteed that information or personal data transmitted by the user by means of unencrypted online forms, e-mails or FTP uploads cannot be viewed or modified by unauthorised persons. Such transmission is always at the website user's own risk and without any guarantee on the part of the responsible party.
VII. Provision of the website and creation of log files
1. Description and scope of the data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device (computer, smartphone, tablet, etc.).
The following data is collected:
(1) Information about the browser type and version used
(2) The IP address of the accessing device
(3) Date and time of access
(4) Web requests to the servers
(5) Websites from which the system of the accessing device arrives at our website
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal basis for the data processing
The legal basis for the temporary storage of the data and the log files is Art. 31 para. 1 FADP.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's device. For this purpose, the user's IP address must remain stored for the duration of the session. The storage in log files takes place in order to ensure the functionality of the website.
In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also constitute our legitimate interest in data processing pursuant to Art. 31 para. 1 FADP.
4. Duration of the storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after 7 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an identification of the accessing client is no longer possible.
VIII. Cookies for language setting
1. Description and scope of the data processing
Our website uses cookies to save the user's language settings. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.
The following data is thereby stored and transmitted in the cookies:
- Language settings (of website and operating system)
b) Legal basis for the data processing
The legal basis for the processing of personal data using cookies is Art. 31 para. 1 FADP.
c) Purpose of the data processing
We use these cookies for the adoption of language settings. This is also our legitimate interest in processing the personal data.
d) Duration of the storage
Cookies are stored on your device with which you visit our website and from this in turn the named information is transmitted to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent. If you do not make any changes to your cookie settings, the cookie for the language settings will be stored on your device for a period of 12 months.
IX. Contact by e-mail or contact form
1. Description and scope of the data processing
It is possible to contact us via the e-mail addresses provided on our website. In this case, the user's personal data transmitted with the e-mail will be stored.
Our website also includes a contact form that you can use to send us enquiries or request quotes.
Using this form, we collect the data shown in the respective form fields, including:
(1) Name of your company (firm)
(2) Name
(3) E-mail address
(4) Location
As well as the data that you may send us via your individual message.
2. Legal basis for the data processing
The legal basis for processing the data transmitted in the course of contacting us by e-mail or via the contact form is Art. 6 para. 6 in conjunction with 31 para. 1 FADP. If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 31 para. 1, 2 lit. a FADP.
3. Purpose of the data processing
The processing of personal data is solely for the purpose of processing the contact. This also constitutes the necessary legitimate interest in processing the data.
4. Duration of the storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail or contact form, this is the case when the respective conversation with you has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
Applicant data will be deleted in the event of rejection no later than three months after notification of the rejection to the applicant.
If, in the course of e-mail communication, data is generated that we are obliged to retain or store due to tax, commercial or other regulations, it will only be deleted after expiry of the respective statutory retention or storage periods. The legal basis for this storage is Art. 31 para. 1 FADP.
The responsible party uses content or service offers from third-party providers within the website in order to be able to integrate their content and services, such as analysis services or fonts, into the website. This always requires that the third-party providers of this content collect the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is thus necessary for the display of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. Such information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources. Depending on the third-party service, it is also possible that other information about the user is collected, used for the third-party provider's own purposes and possibly processed abroad.
Insofar as the responsible party uses the services of third parties listed in this data protection declaration on the website, the website user, by using the website, consents to the use of these services and the associated data processing by third parties, the use for the own purposes of third parties, the associated disclosure abroad, if any, as well as the associated use and data protection provisions of third parties.
The user acknowledges in particular that the responsible party cannot assume any responsibility for the processing of personal data within the scope of such third-party services due to the lack of influence. Such third-party services and, consequently, the scope of user data processing change continuously as a result of updates, bug fixes, new releases or other programme modifications. The corresponding descriptions of the third-party services in this data protection declaration therefore only serve to provide the user with a rough guide to the content and scope of the data processing by such services as well as the options for objection (so-called opt-out). The responsible party endeavours to update the descriptions regularly but cannot guarantee that the information is always up to date. The responsible party recommends that users regularly obtain information about the content of such services and the scope of the associated processing of user data directly from the relevant third-party service provider.
1. Web analysis through Google Analytics
a. Scope of the processing of personal data
(1) This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The purpose of our use of the tool is to enable the analysis of your user interactions on websites and in apps and to improve our offer through the statistics and reports obtained and to make it more interesting for you as a user.
(2) We primarily record the interactions between you as a user of the website and our website with the help of cookies, data on the device/browser, IP addresses and website or app activities. Google Analytics also collects your IP addresses in order to ensure the security of the service and to provide us, as the website operator, with information about which country, region or location the respective user comes from (so-called "IP location determination"). For your protection, however, we naturally use the anonymisation function ("IP masking"), i.e. Google truncates the IP addresses by the last octet within the EU/EEA.
b. Legal basis for the processing of personal data
The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your consent (Art. 6 para. 6 in conjunction with 31 para. 1 FADP). Revocation of your consent is possible at any time without affecting the permissibility of the processing until revocation. In apps, you can reset the advertising ID under the Android or iOS settings. The easiest way to revoke your consent is to use our Consent Manager or to install the Google browser add-on, which can be accessed via the following link: https://tools.google.com/dlpage/gaoptout?hl=enc.
c. Purpose of the data processing
The processing of user data by Google Analytics enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.
d. Duration of the storage
You can find more information on the scope of services provided by Google Analytics at marketingplatform.google.com/about/analytics/terms/gb/ Google provides information on data processing when using Google Analytics at the following link: support.google.com/analytics/answer/6004245?hl=en&sjid=9604595231136110291-EU. General information on data processing, which according to Google shall also apply to Google Analytics, can be found in Google's data protection declaration at www.policies.google.com/privacy?hl=en&gl=gb.
e. Recipients of the data and transfer to a third country
Google acts as an agent and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. We have agreed so-called standard contractual clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.
2. Google Campaign Manager (formerly DoubleClick by Google)
a. Scope of the processing of personal data
We use Google Campaign Manager. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Campaign Manager uses cookies to present you with advertisements that are relevant to you. For this purpose, your browser receives a pseudonymous identification number (ID). This is used to check which advertisements were displayed or accessed in your browser. The use of Google Campaign Manager cookies enables Google and partners to serve ads to you based on your previous visits to our site or other sites on the internet. The information generated by the cookies is transferred by Google to a server in the USA for analysis and stored there. Google will not combine this data with other data collected by Google.
b. Legal basis for the processing of personal data
The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your consent (Art. 6 para. 6 in conjunction with 31 para. 1 FADP). Revocation of your consent is possible at any time without affecting the permissibility of the processing until revocation. In apps, you can reset the advertising ID under the Android or iOS settings. The easiest way to revoke your consent is to use our Consent Manager or install the Google browser add-on, which can be accessed via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
c. Purpose of the data processing
We use Google Campaign Manager and the data processed in this context for advertising purposes, in particular to be able to show you targeted advertising. Our legitimate interest in processing the data also lies in these purposes.
d. Duration of the storage and possibility of objection
Cookies are stored on the user's device and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.
Moreover, you can prevent the collection of the data generated by the cookies and related to your use of the websites to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: www.google.com/settings/ads/plugin
You can find more information on Google's data protection at https://policies.google.com/privacy?hl=en.
e. Recipients of the data and transfer to a third country
The recipient of the data is Google for cases in which personal data is transferred to the USA. Google acts as an agent and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. We have agreed so-called standard contractual clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.
3. Google Ads
We use the Google Ads service to draw attention to our offers with the help of advertisements. If you access our website via a Google ad, Google Ads will store a cookie in your device. The legal basis for the processing of your data is Art. 6 para. 6 in conjunction with 31 para. 1 FADP, i.e. the integration only takes place with your consent.
The cookies set by Google enable Google to recognise your internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer will be able to recognise that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer so that the cookies cannot be tracked across the websites of other Ads customers. Through the integration of Google Ads, Google receives the information that you have accessed the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible for the provider to obtain and store your IP address.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We ourselves do not independently collect personal data in the aforementioned advertising measures, but provide Google alone with the opportunity to collect the data. We only receive statistical evaluations from Google that provide information on which advertisements were clicked on how often and at what prices. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.
The revocation of your consent is possible at any time without affecting the admissibility of the processing until the revocation. The easiest way to revoke is via our Consent Manager or via the following functions:
a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving any third-party ads;
b) by setting your browser to block cookies from the domain "www.googleadservices.com”, www.google.de/settings/ads, deleting this setting when you delete your cookies;
c) by disabling the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads" via the link www.aboutads.info/choices, deleting this setting when you delete your cookies;
d) by permanently disabling them in your Firefox, Internet Explorer or Google Chrome browsers at the link www.google.com/settings/ads/plugin.
Please note that in this case you may not be able to use all the functions of this website to their full extent.
Further information on data protection at Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, can be found here: www.google.com/intl/de/policies/privacy and services.google.com/sitestats/de.html.
We use Universal Event Tracking (UET) on our website via the Microsoft Advertising (formerly Bing Ads) service of Microsoft Corporation (USA). Via UET, Microsoft stores a cookie in the user's browser to enable an analysis of the use of our online offer. The prerequisite for this is that the user has reached our website via an advertisement from Microsoft Advertising. In this way, Microsoft and we can recognise that someone has clicked on an advertisement, been redirected to our online offer and reached a previously determined target page (so-called conversion measurement). No IP addresses are stored for this purpose. No further personal information about the identity of the user is communicated.
Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. Microsoft Advertising is only used with your consent in accordance with Art. 6 para. 6 in conjunction with 31 para. 1 FADP.
In the case of Microsoft services, the transfer of data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Further information on data protection at Microsoft can be found in the Microsoft data protection information at privacy.microsoft.com/de-de/privacystatement.
For the provision of our website and the contact options offered, we use various service providers, including host providers and e-mail providers, who process the data stored by them exclusively on our behalf as order processors in accordance with Art. 9 FADP in Switzerland or in the European Union.
Use of the SalesViewer® technology
On this website, data is collected and stored for marketing, market research and optimisation purposes using the SalesViewer® technology of SalesViewer® GmbH on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR).
For this purpose, a javascript-based code is used to collect company-related data and the corresponding use. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymised and is not used to personally identify the visitor to this website.
The data stored by Salesviewer is deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.
You can object to the collection and storage of data at any time with effect for the future by clicking on this link www.salesviewer.com/opt-out to prevent the collection by SalesViewer® within this website in the future. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you will need to click this link again.
If your personal data is processed, you are a data subject within the meaning of Art. 5 lit. b FADP and, subject to the exceptions provided for by law or contractually agreed, you are entitled to the following rights with regard to your data:
- The right to information on data processing (Art. 19 FADP)
- The right to information (Art. 25 FADP)
- The right to rectification of data (Art. 6 para. 5 FADP; 32 para. 1 FADP)
- The right to erasure of data ("right to be forgotten"; Art. 6 para. 4 FADP; 32 para. 2 lit. c FADP)
- The right to object and to restrict ("block") or stop the processing of data (Art. 30 para. 2 lit. b; 32 para. 2 lit. a, b FADP)
- The right to revoke consent to data processing (Art. 30 para. 2 lit. b FADP)
- The right to data disclosure and data portability (Art. 28 FADP)
- The right to information in the case of automated individual decisions (Art. 21 FADP)
To exercise these rights, please contact us using the contact details provided at the beginning of this document.
Irrespective of any other administrative or judicial remedy, you also have the right to seek advice and assistance from the competent supervisory authority if you believe that the processing of personal data relating to you is in breach of the FADP. The Federal Data Protection and Information Commissioner (FDPIC) is the competent authority for matters relating to data protection in the processing of personal data by private individuals, insofar as persons in Switzerland are concerned or the data are processed from Switzerland. The FDPIC can investigate breaches of data protection regulations ex officio or on complaint and order that the processing be adapted, interrupted or terminated in whole or in part. They also advise private individuals on data protection issues, provide information to data subjects on request on how they can exercise their rights and may file a complaint with the competent prosecution authority.
The contact details of the FDPIC can be found at https://www.edoeb.admin.ch/edoeb/en/home.html.
Bern, August 2023
corporate benefits swiss AG