Data Protection Policy

Data Protection Policy of RONDO Burgdorf AG

I. Data controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act is:

RONDO Burgdorf AG

Heimiswilstrasse 42
3400 Burgdorf
Switzerland

+41 34 420 81 11

info@rondo-online.com

Represented by

Peter Studer (CEO) and Bernhard Merki (Chairman of the Board of Directors)

Commercial register number

CH-053-3004578-6

II. General information on data processing

(1) Personal data is only processed to the extent that this is necessary for the provision of a functioning website including content and services. As a rule, data is only processed with the consent of the data subject. By way of exception, data is processed without the consent of the data subject if this is not possible for factual reasons and the processing of the data is permitted by legal provisions.

2) Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data insofar as the consent of the data subject has been obtained for personal data processing operations.

Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data insofar as this is necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Art. 6 para. 1 lit. c GDPR serves as the legal basis for the processing of personal data, insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which the company is subject.

Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing of personal data, insofar as this is necessary to safeguard a legitimate interest of the company or a third party, and the interests, fundamental rights and freedoms of the data subject do not prevail over the first-mentioned interest.

(3) The personal data of the data subject shall be deleted or blocked as soon as the storage purpose ceases to apply. In addition, storage may take place if this has been provided for by relevant national or European regulations. The data shall also be blocked or deleted if a storage period prescribed in the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the purposes of concluding or fulfilling a contract.

III. Use of the website

(1) Each time the website is accessed, the system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  1. Name of the accessed website
  2. Date and time of the request
  3. Transferred data volume
  4. Message about successful retrieval
  5. Browser type and version
  6. Operating system
  7. Website from which you have accessed the website
  8. IP address
  9. The user’s provider

The data is stored in the log files of the system. This data is not stored together with other personal data of the user.

(2) The legal basis for this is Art. 6 para. 1 lit. f GDPR.

(3) Collection and temporary storage of the IP address is necessary to enable the website to be displayed on your terminal device. For this purpose, your IP address must be stored for the duration of your visit to the website. This data is not evaluated for marketing or analysis purposes.

(4) The data is deleted when the respective session has ended. Insofar as this data is stored in log files, this will be the case after seven days at the latest. Storage in excess of this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to identify the calling client.

(5) The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the provision a web presence. Consequently, there is no scope for objection.

IV. Use of cookies

(1) The website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again. Cookies cannot transmit viruses to the end device or execute programs themselves.

Cookies are used to make websites more user-friendly. Some elements of the website demand that the calling browser can be identified even after a page change.

If cookies are not technically necessary, they are only loaded with the user’s consent. For this purpose, we use a plug-in that does not collect any personal data itself.

Transient cookies are automatically deleted when the session is ended. These include, but are not limited to, session cookies, which store the so-called session ID, by means of which various web browser requests can be assigned to the joint session. This makes it possible to recognise the end device during a new session.

Persistent cookies are automatically deleted after a specified storage period, which may vary depending on the cookie. The associated settings can be deleted at any time in the web browser settings.

The following data is stored in the cookies:

  • Log-in information
  • Language settings
  • Search terms entered
  • Number of hits on the website
  • Use of individual functions of the website

(2) The legal basis for this is Art. 6 para. 1 lit. f GDPR.

(3) The purpose of using technically essential cookies is to simplify the use of websites for users. Some website features cannot be offered without the use of cookies. For these, it is essential that the browser is recognised even after a page change.

The user data collected by means of technically essential cookies are not used to create user profiles.

(4) Cookies are stored on the user’s computer and transmitted to our site by the computer. Therefore, you as a user also have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all the functions of the website to their full extent.

V. Contact forms and email contact

(1) The website uses contact forms that can be used for contacting the company electronically. When used, the data entered in the input mask is transmitted to the website and stored there. This data is as follows:

  • Last name
  • Email address
  • Message body

In addition, the following data is collected when you contact us:

  • IP address of the calling computer
  • Date and time of contact

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

(2)  The legal basis for processing the data is Art. 6 para. 1 lit. a GDPR.

The legal basis for processing the data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR.

If the email contact has the objective of concluding or fulfilling a contract, the additional legal basis for data processing is Art. 6 para. 1 lit. b GDPR.

(3) The personal data from the input mask is processed solely for the purpose of dealing with the approach. If contact is made by email, this shall also constitute a necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of the information technology systems.

(4) The data will be deleted as soon as it is no longer required for achieving the purpose for which it was collected. In the case of personal data from the input mask of the contact form and data sent by email, this is the case when the respective conversation with the data subject has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

(5) The data subject shall have the possibility to revoke their consent to the processing of personal data at any time. If contact is made by email, an objection to the storage of personal data can be made at any time. In this case, however, the conversation cannot be continued.

All personal data stored in the course of the approach will be deleted in this case.

VI. Newsletter

(1) It is possible to subscribe to a free newsletter. When registering for the newsletter, the email address from the input mask is transmitted.

In addition, the following data is collected during registration:

  •  
  • Date and time of registration

During the registration process, consent is obtained for data processing and reference is made to this data protection policy.

(2) The legal basis for processing the data after the user has registered for the newsletter is Art. 6 para. 1 lit. a GDPR, if the user has given their consent.

(3) The user’s email address is collected so that the newsletter can be delivered.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

Therefore, the user’s email address is stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is usually deleted after a period of seven days.

(5) The subscription to the newsletter can be cancelled by the data subject at any time. A link is provided for this purpose in each newsletter.

This also enables the user to revoke their consent to the storage of personal data collected during the registration process.

VII. Google Analytics

(1) If you have given your consent, the website uses “Google Analytics”, a web analytics service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: “Google”). Google uses cookies, i.e. small text files that are stored on the end device and enable an analysis of the use of the website. The information generated by the cookie about the use of the website is usually transmitted to a Google server in the USA and stored there. If anonymity of the IP address to be transmitted by the cookie is enabled on the website by means of the extension “anonymizeIp()” (hereinafter referred to as: “IP-Anonymity”), the IP address will be abbreviated first by Google within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. Pseudonymous usage profiles can be created from the processed data. The IP address transmitted when using Google Analytics is not merged with other data from Google.

The website uses Google Analytics only in conjunction with the enabled IP anonymity described above. This means that your IP address will only be processed by Google in abbreviated form. This excludes the possibility of personal references.

(2) The legal basis for data processing is the consent of the user in accordance with Art. 6 para. 1 lit. a. GDPR.

(3) The website uses Google Analytics for the purpose of analysing the use of the website and to be able to continuously improve individual functions and offers as well as the user experience. The offering can be improved and made more interesting for the user by statistically evaluating user behaviour. This also constitutes Google’s legitimate interest in processing the aforementioned data.

(4) Storage of the cookies generated by Google Analytics can be prevented by not granting consent or by configuring the web browser settings accordingly. Please note that in this case it may not be possible to use all the functions of the website. If you wish to prevent data generated by the cookie and related to user behaviour (including your IP address) from being collected and processed by Google, you can download and install the web browser plug-in available at the link below: http://tools.google.com/dlpage/gaoptout?hl=de.

In order to compel Google to process the transmitted data solely in accordance with the instructions and to comply with the applicable data protection regulations, the data controller has concluded an order processing agreement with Google.

Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Further information on data use by Google, on setting and objection options and on data protection can be found on the following Google web pages:

VIII. Google Tag Manager

We use “Google Tag Manager” on our website, a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as: Google Tag Manager allows us to manage website tags as marketers through a single interface. The Google Tag Manager tool that implements the tags is a cookie-free domain and does not itself collect any personal data. Google Tag Manager triggers other tags, which may in turn collect data. Google Tag Manager does not access this data. If deactivation has taken place at domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager.

Further information on data protection can be found on the following Google web pages:

IX. Google Ads Remarketing

This website uses the Google Ads tool of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) if you have given us consent to do so. The function is used to present interest-based advertisements to website visitors within the Google advertising network. The technology enables us to display automatically generated, targeted advertisements after your visit to our website. The ads are based on the products and services you clicked on the last time you visited our website. For this purpose, a “cookie” is stored in the website visitor’s browser, making it possible to recognise the visitor when they visit websites that belong to the Google advertising network. Cookies are small text files that are stored in your browser when you visit our website. Google usually stores information such as your web request, IP address, browser type, browser language, date and time of your request. This information is used to associate the web browser with a specific computer. On pages of the Google advertising network, the visitor can then be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google’s remarketing function.

If you have consented to Google linking your browsing history to your Google Account and using information from your Google Account for ad personalisation at  https://www.google.com/settings/u/0/ads/authenticated , then the remarketing feature will also operate across multiple devices. In the process, Google collects your Google ID and uses it for the purpose of cross-device recognition.

According to its own information, Google does not collect any personal data during this process. If you still do not wish to use Google’s remarketing function, you can disable it by clicking on OPT-OUT.

In addition to withholding your consent, you can also prevent the storage of cookies by setting up your browser software accordingly; however, we would like to point out that this may prevent you from using all the functions of this website to their full extent.

For more information about how Google uses cookies, please see  Google’s data protection policy .

X. Lucky Orange

(1) If you have given your consent, the website uses “Lucky Orange”, a web analytics service provided by Lucky Orange LLC, 8665 W 96th St, Suite 100, Overland Park, Kansas, USA (hereinafter referred to as: “Lucky Orange”). Lucky Orange uses cookies, i.e. small text files that are stored on the end device and enable an analysis of the use of the website. The information generated by the cookie about the use of the website is usually transmitted to a Lucky Orange server in the USA and stored there. Lucky Orange will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.

 

(3) The website uses Lucky Orange for the purpose of analysing the use of the website and to be able to continuously improve individual functions and offers as well as the user experience.

(4) Storage of the cookies generated by Lucky Orange can be prevented by not granting consent or by configuring the web browser settings accordingly.

In order to compel Lucky Orange to process the transmitted data solely in accordance with the instructions and to comply with the applicable data protection regulations, the data controller has concluded an agreement with Lucky Orange in accordance with the EU standard contractual clauses for the transmission of personal data to third countries.

Lucky Orange LLC, 8665 W 96th St, Suite 100, Overland Park, Kansas, USA. Further information on data use by Lucky Orange, on setting and objection options and on data protection can be found on the following Lucky Orange web pages:

XI. LinkedIn

(1)  If you have given us your consent, we will use “LinkedIn Marketing Solutions”, a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as: “LinkedIn”) on our website. LinkedIn Marketing Solutions stores and processes information about your user behaviour on our website. LinkedIn Marketing Solutions uses, among other things, cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device and that enable an analysis of how you use our website.

(2) The legal basis in this case is Art. 6 para. 1 lit. a GDPR.

(3) We use LinkedIn Marketing Solutions for marketing and optimisation purposes, in particular to analyse the use of our website and to continuously improve individual functions and offers as well as the user experience. Our offering can be improved and made more interesting for you as a user by statistically evaluating user behaviour. This also constitutes our legitimate interest in having the third-party provider process the aforementioned data.

(4) In addition to withholding consent, you can prevent the installation of cookies by deleting existing cookies and disabling the storage of cookies in the settings of your web browser. Please note that in this case you may not be able to use all the functions of our website to their full extent. You can also prevent LinkedIn from collecting the aforementioned information by setting an opt-out cookie on one of the websites linked below:

https://www.linkedin.com/psettings/guest-controls 

http://optout.aboutads.info/?c=2#!/ 

http://www.youronlinechoices.com/de/praferenzmanagement/ 

Please note that this setting will be deleted when you delete your cookies. You can object to the collection and forwarding of personal data or prevent this data from being processed by disabling JavaScript in your browser. In addition, you can prevent the execution of JavaScript code altogether by installing a JavaScript blocker (e.g. https://noscript.net/ or https://www.ghostery.com).

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Further information on data protection from the third-party provider can be found on the following website: https://www.linkedin.com/legal/privacy-policy.

XII. Facebook Pixel

(1) If you have given us your consent, the website uses “Facebook Pixel” (hereinafter referred to as: “Pixel”), an analysis program of the social network “Facebook.com” of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereinafter referred to as: “Facebook”) to track the actions of users who have previously seen or clicked on a Facebook advertisement. The data collected is anonymous and is used for market research purposes. Facebook may link this data to an existing Facebook account and also use it for its own advertising purposes, in accordance with Facebook’s Data Use Policy.

The user can allow Facebook and its partners to display advertisements on and outside of Facebook. Furthermore, a cookie may be stored on the computer for these purposes.

(2) The legal basis for data processing is the consent of the user within the meaning of Art. 6 para. 1 lit. a. GDPR.

(3) The website uses pixels for marketing and optimisation purposes, in particular to display ads that are relevant and interesting, to improve campaign performance reports or to avoid displaying the same ads more than once.

(4) In addition to withholding consent, it is possible to prevent the installation of cookies by deleting existing cookies and disabling the storage of cookies in the web browser settings. Please note that in this case it may not be possible to use all the functions of the website in their entirety.

Consent can be revoked here:

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen 

Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 4, IRELAND, Fax: +0016505435325. Further information on data use by Facebook, on setting and objection options and on data protection can be found on the following Facebook web pages:

https://www.facebook.com/about/privacy/

XIII. Encrypted data transmission

All data is transmitted over an encrypted connection using TLS technology. The certificate required for this, which is installed on the servers, was issued by an independent organisation.

You can recognise an encrypted connection by the fact that the address line of the browser changes from http:// to https://.

As soon as the encrypted TLS connection is established, the entries you submit to the website can no longer be read by third parties.

XIV. Rights of the data subject

If personal data is processed by , the users are “data subjects” within the meaning of the GDPR and are entitled to the following rights with respect to the data controller:

1.  Right to information

The data subject may request confirmation from the data controller as to whether personal data is being processed.

If such processing is taking place, the following information may be requested from the data controller:

(1) the purposes for which the personal data is being processed;

(2) the categories of personal data that are being processed;

(3) the recipients or categories of recipients to whom the personal data in question has been or will be disclosed;

(4) the planned duration of the storage of the personal data or, if specific information about this is not available, criteria for determining the storage duration;

(5) the existence of a right to rectification or erasure of the personal data, a right to restriction of processing by the data controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) any available information on the origin of the data if the personal data is not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 para. 1 and 4 GDPR and, in these cases at the very least, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

The data subject has the right to request information on whether the personal data is transferred to a third country or to an international organisation. In this context, a request for information about the appropriate safeguards pursuant to Article 46 of the GDPR may be made in connection with the transmission of data.

2. Right to rectification

The data subject has a right to rectification and/or completion with respect to the data controller if the personal data processed is inaccurate or incomplete. The data controller shall rectify this without undue delay.

Right to restriction of processing

A request to restrict the processing of personal data may be made under the following conditions:

(1)  if you contest the accuracy of the personal data for a period of time that enables the data controller to verify the accuracy of the personal data;

(2) the processing activity is unlawful and erasure of the personal data has been refused and restriction of the use of the personal data is requested instead;

(3) the data controller no longer needs the personal data for processing purposes, but the data is required for the assertion, exercise or defence of legal claims, or

(4) if an objection to the processing activity has been raised in accordance with Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate interests of the data controller override the interests of the data subject.

Where the processing of personal data has been restricted, this data may be processed, with the exception of storage, solely with the consent of the data subject, or for the assertion, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the Union or of a Member State.

If data processing has been restricted in accordance with the above-mentioned conditions, the data subject shall be informed by the data controller before the restriction is lifted.

Right to erasure

a) Erasure obligation

The data subject has the right to demand from the data controller that the personal data be deleted without delay, and the data controller is obliged to delete this data without delay, if one of the following reasons applies:

(1) The personal data is no longer required for the purposes for which it was collected or otherwise processed.

(2) The consent on which processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR is revoked and there is no other legal basis for such processing activities.

(3) An objection to the processing activity is raised in accordance with Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for such processing, or an objection to the processing activity is raised in accordance with Art. 21 para. 2 GDPR.

(4) The personal data has been processed unlawfully.

(5) It is necessary to erase the personal data in order to comply with a legal obligation under Union or Member State law to which the data controller is subject.

(6) The personal data was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

b) Information to third parties

If the data controller has made the personal data public and is obliged to erase it pursuant to Art. 17 para. 1 GDPR, they shall take reasonable measures, including technical measures, with due consideration for the available technology and the cost of implementation, to inform the data controllers processing the personal data that data subjects have requested that they erase all links to, or copies or replications of, this personal data.

c)  Exceptions

The right to erasure does not exist insofar as the processing activity is necessary

(1) in order to exercise the right to freedom of expression and information;

(2) in order to comply with a legal obligation to which the data controller is subject under Union or Member State law, or to perform a task carried out in the public interest or in the exercise of official authority vested in the data controller;

(3) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or

(5)  for the assertion, exercise or defence of legal claims.

Right to information

If the right to rectification, erasure or restriction of processing has been asserted against the data controller, the latter shall undertake to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data has been disclosed, unless this proves impossible or involves a disproportionate degree of effort.

The data subject has the right to be informed about these recipients.

Right to data portability

The data subject has the right to receive the personal data provided to the data controller in a structured, commonly used and machine-readable format. The data subject shall also have the right to transfer such data to another data controller without hindrance from the data controller to whom the personal data has been provided, if

(1) the processing activity is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR, and

(2) the processing activity is carried out with the aid of automated procedures.

In exercising this right, the data subject also has the right to have the personal data transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

7. Right of objection

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data carried out on the basis of Art. 6 para. 1 lit. e or f GDPR; this shall also apply to any profiling based on these provisions.

The data controller shall no longer process the personal data unless they can demonstrate compelling legitimate grounds for the processing activity that override the interests, rights and freedoms of the data subject, or that the processing activity is necessary for the assertion, exercise or defence of legal claims.

If the personal data is processed for the purpose of canvassing, the data subject shall have the right to object at any time to the processing of personal data for the purpose of such advertising; this shall also apply to profiling insofar as it is related to such canvassing.

If an objection has been raised to processing for canvassing purposes, the personal data will no longer be processed for these purposes.

Notwithstanding Directive 2002/58/EC, it is possible to exercise the right of objection in relation to the use of information society services by means of automated procedures using technical specifications.

8.  Right to revoke the declaration of consent under data protection law

The data subject has the right to revoke the declaration of consent under data protection law at any time. Revocation of consent shall not affect the legitimacy of the processing activities carried out on the basis of consent up to the point of revocation.

9. Automated decisions in individual cases including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, that has a legal impact on him or her or significantly affects him or her in a similar way. This shall not apply if the decision 

(1) is necessary for the conclusion or performance of a contract between the data subject and the data controller,

(2) is permitted by legislation of the Union or the Member States to which the data controller is subject and such legislation contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests; or

(3) is made with the express consent of the data subject.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.

With regard to the cases mentioned in (1) and (3), the data controller shall take reasonable steps to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which include, at least, the right to bring about the intervention of a person on the part of the data controller, to express his or her point of view and to contest the decision.

10. Right of complaint to a supervisory authority

Without prejudice to any other administrative or judicial remedy, the data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the data subject’s place of residence, place of work or location of the alleged infringement, if he or she takes the view that the processing of the personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.