Privacy Notice - General Information

Information about the processing of your data

The protection of your personal data is of great importance to us. With the following privacy notice, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent, and how you can exercise your data protection rights. The data protection notice applies to all persons who access our website, use our services, send us an application or get in touch with us.

Our services are subject to the Swiss Data Protection Act and, where applicable, foreign data protection law such as, in particular, the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.

We will process your data in accordance with the legal provisions on data protection, paying particular attention to the principles of transparency, data necessity and data minimization.

Who is responsible for the processing of your data?

Fubag AG
Churerstrasse 47
CH-8808 Pfäffikon SZ
Switzerland

Phone: +41 41 552 10 50
E-Mail: info@fubag.ch

Do you have questions regarding data protection?

If you have any data protection concerns, you can contact us through the following e-mail address:  dataprotection@fubag.ch

Please be aware that in individual cases other companies may be responsible for processing your data.

What about the security of your data?

We have taken comprehensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss and other external interference. To this end, we regularly review our security measures and adapt them to the state of the art.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, entry, disclosure and safeguarding of availability relating to it. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. Furthermore, we already take the protection of personal data into account in the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Privacy notice for visitors of the website

When you access our website, only access data is transmitted to our provider in order to display the website to you.

What data types are affected?

  • Browser type/ browser version,
  • operating system used,
  • Language and version of the browser software,
  • Host name of the accessing end device,
  • IP address,
  • Website from which the request comes,
  • Content of the request (specific page),
  • Date and time of the server request,
  • Access status / HTTP status code,
  • Referrer URL (the previously visited page),
  • Amount of data transferred,
  • Time zone difference to Greenwich Mean Time (GMT)

What is the purpose of the processing?

We use this data in order to be able to make the website accessible, to detect and correct any technical problems that may occur and to prevent misuse of the offer and, if necessary, to track it, to ensure the preservation of the user's settings for all page requests and the storage of the user's preferred language. In addition, we use this data in anonymous form, i.e. without the possibility of identifying the user, for statistical purposes and to improve the web pages. The legal basis for the processing of personal usage data is our legitimate interest

Are third-party services embedded into our website?

On our website, we include functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or social media buttons and posts (hereinafter uniformly referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the user, since without the IP address they would be unable to send the content to their browser. The IP address is thus required for the display of this content or function. We strive to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website.

We integrate the fonts ("Google Fonts") of the provider Google, whereby the user data is used solely for the purpose of displaying the fonts in the user's browser. The integration is based on our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform presentation and taking into account possible licensing restrictions for their integration. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://fonts.google.com/; Privacy Notice: https://policies.google.com/privacy.

How long will your data be stored?

Personal data of visitors to our website are deleted when their information is no longer required for the purposes described in this data protection notice, unless legal regulations require a longer storage period. User data is regularly stored for a period of 30 days.

Are external hosting services being used?

In order to provide our online offer securely and efficiently, we use the services of an external web hosting provider in Switzerland, which provides servers from which the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services. This involves the processing of all data required for the operation and use of our website.

The data processed within the service provision of the hosting offer may include all information relating to the users of our online offer, which is generated in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites.

We use external hosting services for the operation of this website. By using external hosting services, we aim to provide our website efficiently and securely. We base the processing on our legitimate interest.

Will your data be transferred to a third country?

A transfer to a third country is not carried out in principle.

However, if in particular cases we process data in a third country (i.e., outside Switzerland, or the European Union (EU) or the European Economic Area (EEA)) or the processing takes place as part of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with the legal requirements.

Subject to express consent or transmission required by contract or law, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses of the EU Commission, in the presence of certifications or binding corporate rules (information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

What rights do you have?

If we process your data, you are entitled to rights under Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of the processed personal data.

If and to the extent that the GDPR applies to our processing of your data, you may request confirmation free of charge as to whether we are processing your personal data and, if so, request information about the processing of your personal data, have the processing of your personal data restricted, exercise your right to data portability and have your personal data corrected, deleted, blocked or completed. If we base the processing of your data on the legitimate interest, you can object to the processing at any time. Should the processing of your data be based on consent, you further have the right to withdraw your consent for one or more specific purposes at any time. However, the withdrawal of consent is only effective for the future and does not affect the lawfulness of the data processed until the withdrawal.

Data subjects whose personal data we process have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner.

Privacy notice for existing and prospective contractual partners (Dropdown)

Within the scope of our business relationships, we are dependent on collecting and processing personal data which is required for the establishment and implementation of the business relationship or for the fulfillment of the legal or contractual obligations associated with it, as well as for the performance of services or the execution of orders. Without this data, we are generally not in a position to enter into or maintain a business relationship, to process an order or to offer services and products.

Where does your data come from (source)?

We process your data, which we receive in the course of our business relationship with you. Personal data may be processed at any stage of a business relationship and may differ depending on the group of persons.

In principle, data is processed which is provided to us by means of submitted contracts, forms, correspondence or other documents or with your consent. If necessary for the provision of the service, we also process personal data that is generated or transmitted through the use of services and products or that we have permissibly received from third parties (e.g. credit agency) or from other companies. Finally, your data may also be processed from publicly accessible sources (e.g. debtor lists, land registers, commercial and association registers, press, Internet).

In addition to this data, we may also process personal data of other natural persons involved in the business relationship, such as data of authorized representatives, agents or cardholders. We ask you to inform these persons accordingly about this privacy notice.

What types of data are affected?

In principle, we process the following categories of data in particular:

  • Personal data (e.g. name, date of birth, nationality)
  • Address and contact data (e.g. address, telephone number, e-mail address)
  • Identification data (e.g. passport or ID card data)
  • Data from public sources and registers (e.g. debtor lists, press, media)
  • Information in connection with services and products used

What is the purpose of the processing?

The data is processed primarily for the fulfillment of the contract (e.g. for invoicing) or for the implementation of pre-contractual measures, for the protection of our legitimate interests (e.g. consultation of and data exchange with credit agencies regarding your payment behavior), based on your consent and/or for the fulfillment of legal obligations (e.g. tax retention obligations).

The conclusion, administration or execution and fulfillment of our contracts are not possible without the processing of your personal data. If you do not provide us with your data or do not provide us with the complete data, we may not be able to establish the contractual relationship you have requested.

Who has access to your data?

Access to your data may be granted both to bodies within and outside our company. Internally, only employees may process your data if they need it to fulfill our contractual or legal obligations or to protect legitimate interests. For these purposes, other companies, service providers or vicarious agents may also receive data. Such recipients may be companies in the categories of banking services, sales agreements, IT services, logistics, printing services, debt collection, consulting and advisory services, and sales and marketing. Furthermore, recipients of your data in this context may be other credit and financial services institutions or comparable institutions to which we transmit personal data in order to carry out the business relationship (e.g. banks, information agencies).

Will your data be transferred to a third country?

A transfer to a third country is not carried out in principle.

However, if in particular cases we process data in a third country (i.e., outside Switzerland, or the European Union (EU) or the European Economic Area (EEA)) or the processing takes place as part of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with the legal requirements.

Subject to express consent or transmission required by contract or law, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses of the EU Commission, in the presence of certifications or binding corporate rules (information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

How long will your data be stored?

We store your data for the entire duration of the business relationship, unless there are shorter mandatory deletion periods for certain data. It should be noted that our business or contractual relationships can last for years. Furthermore, the duration of storage is determined by the necessity and purpose of the respective data processing. If the data is no longer required for the fulfillment of contractual or legal obligations or to protect our legitimate interests or the legitimate interests of third parties (achievement of the purpose) or if a granted consent is withdrawn, the data is regularly deleted, unless further processing or storage is necessary due to contractual or legal retention periods and documentation obligations or for reasons of preservation of evidence for the duration of the applicable statutes of limitations

Do we use automated decision-making in the course of our processing?

As a matter of principle, our decisions are not based exclusively on automated processing of personal data. Should we apply such procedures in individual cases, we will inform you about this separately if this is provided for by law.

What rights do you have?

If we process your data, you are entitled to rights under Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of the processed personal data.

If and to the extent that the GDPR applies to our processing of your data, you may request confirmation free of charge as to whether we are processing your personal data and, if so, request information about the processing of your personal data, have the processing of your personal data restricted, exercise your right to data portability and have your personal data corrected, deleted, blocked or completed. If we base the processing of your data on the legitimate interest, you can object to the processing at any time. Should the processing of your data be based on consent, you further have the right to withdraw your consent for one or more specific purposes at any time. However, the withdrawal of consent is only effective for the future and does not affect the lawfulness of the data processed until the withdrawal.

Data subjects whose personal data we process have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner.

Privacy notice for job applicants (Dropdown)

The recruitment process requires applicants to provide us with the data relevant for their evaluation and selection. The information required can be found in the job description or, in the case of online forms, in the details provided therein.

What types of data are affected?

In principle, the required information includes:

  • information about the person, such as name, address, contact information, as well as
  • evidence of qualifications required to obtain a position (education, professional training).

Upon request, we will be happy to provide additional information on which details are required.

What is the purpose of the processing?

We process your data to the extent that this is necessary for the decision on a possible establishment of an employment relationship with us as well as for the initiation or implementation of contractual relationships.

Furthermore, we may process data from you if this is necessary to fulfill legal obligations or to defend any legal claims asserted against us. The legitimate interest is, for example, a duty to provide evidence in proceedings regarding equal treatment. Finally, your data may also be processed on the basis of your consent, insofar as you have given us consent to process personal data for specific purposes (e.g. obtaining references).

Where does your data come from (source)?

We process personal data that we receive from you by mail or e-mail in the course of contacting you or your application.

Who has access to your data?

Applicants can send us their applications using a designated e-mail address jobs@fubag.ch, to which only the Human Resources team has access. We only pass on your personal data within our company to those areas and persons who require this data to fulfill contractual and legal obligations or to carry out our legitimate interests.

Please note, however, that e-mails are generally not encrypted when sent over the Internet. As a rule, e-mails are encrypted during transport, but not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the application between the sender and the reception on our server.

Applicants are welcome to contact us regarding the application submission method or to send us the application by mail.

Will your data be transferred to a third country?

A transfer to a third country is not carried out in principle.

However, if in particular cases we process data in a third country (i.e., outside Switzerland, or the European Union (EU) or the European Economic Area (EEA)) or the processing takes place as part of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with the legal requirements.

Subject to express consent or transmission required by contract or law, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses of the EU Commission, in the presence of certifications or binding corporate rules (information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

How long will your data be stored?

The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is not deemed suitable, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.

Subject to a justified withdrawal by the applicants, the deletion takes place at the latest after the expiry of a period of six months so that we can answer any follow-up questions about the application and fulfill our obligations to provide evidence under the regulations on equal treatment of applicants.

Do we use automated decision-making in the course of our processing?

As a matter of principle, our decisions are not based exclusively on automated processing of personal data. Should we apply such procedures in individual cases, we will inform you about this separately if this is provided for by law.

What rights do you have?

If we process your data, you are entitled to rights under Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of the processed personal data.

If and to the extent that the GDPR applies to our processing of your data, you may request confirmation free of charge as to whether we are processing your personal data and, if so, request information about the processing of your personal data, have the processing of your personal data restricted, exercise your right to data portability and have your personal data corrected, deleted, blocked or completed. If we base the processing of your data on the legitimate interest, you can object to the processing at any time. Should the processing of your data be based on consent, you further have the right to withdraw your consent for one or more specific purposes at any time. However, the withdrawal of consent is only effective for the future and does not affect the lawfulness of the data processed until the withdrawal.

Data subjects whose personal data we process have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner.

Privacy notice in case you contact us (Dropdown)

Our website contains information that allows you to contact our company directly.

When contacting us (e.g. by e-mail or telephone or via social media), the information of the inquiring persons is processed in this context, to the extent that this is necessary to respond to the contact inquiries and any requested measures.

The response to contact requests in the context of contractual or pre-contractual relationships is made to fulfill our contractual obligations or to respond to (pre-) contractual inquiries and otherwise based on the legitimate interests in responding to the inquiries.

What types of data do we process?

  • Inventory data (e.g. name, address)
  • Contact data (e.g. e-mail, telephone number)
  • Content data (e.g. concern, interest)

What is the purpose of the processing?

  • Contact requests and communication
  • Managing and responding to requests

On what legal basis do we process your data?

Depending on the content of your contact, the processing of your data is based on the following legal basis:

  • Insofar as your contact involves information in the context of a contract or content relating to an existing contract, the processing is based on the legal basis relating to the performance of the contract or the initiation of a contract.
  • In other cases, the processing is based on both our (business interest) and your (answering your question) legitimate interest.

How long will your data be stored?

For persons who are not yet in a contractual relationship with us, the data will only be stored for as long as is necessary to respond to the inquiry.

Will your data be passed on to third parties?

In some cases, we may have your data processed by authorized third parties or process it jointly with third parties or with the help of third parties or transmit it to third parties. Such third parties are in particular providers whose services we use, whereby we ensure in these cases that appropriate data protection is guaranteed.

Within our organization, we may transfer your data to other entities or grant them access to this data. Insofar as this transfer is for administrative purposes, the transfer of the data is based on our legitimate corporate and business interests or takes place to the extent that it is necessary for the fulfillment of our contract-related obligations or if the consent of the data subjects or a legal permission exists.

Will your data be transferred to a third country?

A transfer to a third country is not carried out in principle.

However, if in particular cases we process data in a third country (i.e., outside Switzerland, or the European Union (EU) or the European Economic Area (EEA)) or the processing takes place as part of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with the legal requirements.

Subject to express consent or transmission required by contract or law, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses of the EU Commission, in the presence of certifications or binding corporate rules (information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Do we use automated decision-making in the course of our processing?

As a matter of principle, our decisions are not based exclusively on automated processing of personal data. Should we apply such procedures in individual cases, we will inform you about this separately if this is provided for by law.

What rights do you have?

If we process your data, you are entitled to rights under Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of the processed personal data.

If and to the extent that the GDPR applies to our processing of your data, you may request confirmation free of charge as to whether we are processing your personal data and, if so, request information about the processing of your personal data, have the processing of your personal data restricted, exercise your right to data portability and have your personal data corrected, deleted, blocked or completed. If we base the processing of your data on the legitimate interest, you can object to the processing at any time. Should the processing of your data be based on consent, you further have the right to withdraw your consent for one or more specific purposes at any time. However, the withdrawal of consent is only effective for the future and does not affect the lawfulness of the data processed until the withdrawal.

Data subjects whose personal data we process have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner.