Privacy Policy: Nellen

Privacy policy

The ‘controller’ for the purposes of data protection legislation, including the EU General Data Protection Regulation (GDPR) in particular, is:

Nellen & Partner AG
Redingstrasse 6
9000 St. Gallen
Switzerland

Telephone: +41 (0)71 228 33 66
Email: info@nellen.ch
Website: nellen.ch

General information

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential.

Based on Article 13 of the Swiss Federal Constitution and the Swiss federal government’s legal provisions concerning data protection (Data Protection Act, FADP), every person is entitled to protection of his or her privacy and protection of his or her personal data against misuse. The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and handle it in line with statutory privacy provisions and the terms of this privacy policy.

In conjunction with our hosting providers, we endeavour to protect databases against unauthorised access, loss, misuse and imitation as far as possible.

Please note that there may be security loopholes when transmitting data over the internet (e.g. in email communications). It is impossible to completely protect data against third-party access.

By using this website, you give your consent to the collection, processing and usage of data in accordance with the specifications below. This website can generally be visited without registering for it. At the time of visiting, data such as the pages viewed/the name of the file viewed, the date and the time are stored on the server for statistical purposes. This data is not linked to you personally. Personal data, including names, addresses and email addresses, are collected on a voluntary basis where possible. Your data is not disclosed to third parties without your consent.

Processing of personal data

Personal data refers to any information relating to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing means any operation involving personal data, regardless of the means or methods used, and includes the archiving, dissemination, procurement, erasure, storage, modification, destruction and usage of personal data.

We process personal data in accordance with Swiss data protection law. Additionally, we process personal data based on the following legal grounds in connection with GDPR Article 6(1) if and to the extent that the EU’s GDPR is applicable:

Consent (GDPR Art 6(1)(a)) – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Performance of a contract and enquiries prior to a contract (GDPR Art 6(1)(b)) – Processing the data is required for the performance of a contract to which the data subject is party, or necessary in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (GDPR Art 6(1)(c)) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
Protection of vital interests (GDPR Art 6(1)(d)) – Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
Legitimate interests (GDPR Art 6(1)(f)) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Application process as a pre-contractual or contractual relationship (GDPR Art 9(2)(b)) – Insofar as applicants are asked for special categories of personal data within the meaning of GDPR Article 9(1) (e.g. health data such as disabilities or ethnic background) as part of the job application process for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law, this data is processed in accordance with GDPR Article 9(2)(b); if such data is processed to protect the vital interests of the applicant or other persons, it is processed in accordance with GDPR Article 9(2)(c); if such data is processed for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services, it is processed in accordance with GDPR Article 9(2)(h). In the event that special categories of data are shared on the basis of voluntary consent, it is processed based on GDPR Article 9(2)(a).

We process personal data for the length of time necessary for the relevant purpose or purposes. If we are subject to legal or other obligations mandating a longer retention period, we restrict the processing accordingly.

Relevant legal grounds

We share with you the legal grounds for our data processing pursuant to our obligations under Article 13 of the GDPR. Where the legal grounds are not set out in the privacy policy, the following applies: the legal grounds for obtaining consent are GDPR Articles 6(1)(a) and 7, the legal grounds for processing to render our services and perform contractual actions as well as answer enquiries are GDPR Article 6(1)(b), the legal grounds for processing to fulfil our legal obligations are GDPR Article 6(1)(c) and the legal grounds for processing for the purposes of our legitimate interests are GDPR Article 6(1)(f). In the event that the vital interests of the data subject or another natural person make it necessary to process personal data, GDPR Article 6(1)(d) serves as the legal grounds.

Security measures

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons, we implement appropriate technical and organisational measures in accordance with statutory specifications to ensure a level of security appropriate to the risk.

In particular, the measures include safeguards for the confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as retrieval of it, input, forwarding, backups and separation of the data. Furthermore, we have established procedures to ensure that data subjects’ rights are fulfilled, data is erased and there is a response to threats to the data. Moreover, we take into account the protection of personal data from as early as the development or selection stages for hardware, software and processes in accordance with the principle of data protection through the technology’s design and through preset configurations that emphasise data protection.

Transfer of personal data

As part of our processing of personal data, it may transpire that data is transferred or disclosed to other entities, businesses, legally independent organisational units or individuals. The recipients of this data may be, for example, IT contractors or providers of services and content that are embedded in a website. In such cases, we observe the statutory provisions and, in particular, sign corresponding contracts and agreements for the protection of your data with the recipients of your data.

Data processing in non-EU/EEA countries

Insofar as we process data in a ‘third country’ (i.e. outside of the European Union (EU) or European Economic Area (EEA)) or data is processed as part of the utilisation of third-party services or as part of the disclosure or transfer of data to other people, entities or businesses, this data is processed solely in accordance with statutory provisions..

We only process data in third countries when they have a recognised level of data protection, have a contractual obligation from the European Commission’s standard protection clauses or have certificates or binding internal data protection provisions (GDPR Articles 44 to 49, European Commission information page: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en), and this is in any case subject to your explicit consent or must be a transfer necessitated by contract or law.

Privacy policy for cookies

This website uses cookies. Cookies are text files containing data from websites or domains that have been visited. They are stored on the user’s computer by a browser. The primary purpose of a cookie is to store the information about a user within a website during or after the user’s visit. The information stored can include, for example, a website’s language settings, the login status, a shopping basket or the point up to which a video has been watched. We also deem the term ‘cookies’ to include other technologies that fulfil the same functions as cookies (e.g. when user details are stored using pseudonymous online identifiers, also referred to as ‘user IDs’).

A distinction can be made between the following cookie types and functions:

Temporary cookies (also referred to as session cookies): Temporary cookies are deleted no later than when a user has left a website and closed his or her browser.
Permanent cookies: Permanent cookies remain stored even after the browser is closed. For instance, they can save the user’s login status or display preferred content directly when the user returns to a website. Such cookies can also save the user’s interests, which can be used to measure reach or for marketing purposes.
First-party cookies: First-party cookies are set by us ourselves.
Third-party cookies: Third-party cookies are mainly used by advertisers (‘third parties’) to process user information.
Strictly necessary cookies: Cookies can also be absolutely essential for the operation of a website (e.g. to save logins or other user-entered data or for security).
• Statistics, marketing and personalisation cookies: Furthermore, cookies are usually also used to measure reach when a user’s interests or actions (e.g. viewing specific content, using functions, etc.) are stored in a user profile on certain websites. The purpose of such profiles is, for example, to display to users content that matches their potential interests. This process is also referred to as tracking the potential interests of users. If we use cookies or tracking technologies, we inform you separately in our privacy policy or as part of our request for your consent.

Information about legal grounds: the legal grounds on which we process your personal data using cookies depend on whether we ask you for consent. If this is the case and you consent to cookies being used, the legal grounds for processing your data are the consent you have given. Otherwise, the data processed using cookies is processed based on our legitimate interests (e.g. in operating and improving our website in an economical manner) or, if it is necessary to use cookies, to fulfil our contractual obligations.

Duration of storage: if we do not explicitly inform you of a specific length of time for which permanent cookies will be stored (e.g. as part of a cookie opt-in function), please assume that the storage duration may be up to two years.

General information about withdrawal and objection (opting out): you have the option at any time to withdraw consent that you have given or to object to the processing of your data using cookie technologies (referred to collectively as ‘opting out’), depending on whether the processing is based on consent or on legal authority. You can raise an initial objection using the settings in your browser, for example, by deactivating the use of cookies (although this may limit the functionality of our website). An objection to the usage of cookies for online-marketing purposes can also be raised using a variety of services, especially if tracking is being employed, through the websites optout.aboutads.info and www.youronlinechoices.com. You can also find further notes about objecting in the information about the contractors and cookies used..

Processing of cookie data based on consent: we use a procedure for cookie consent management that obtains users’ consent to the usage of cookies and to the mentioned processes and providers as part of the cookie consent management procedure. This consent can be managed and withdrawn by users. The procedure saves the consent declaration so that consent does not have to be asked for again and so that there is evidence of consent in accordance with legal obligations. The consent can be saved on a server and/or in a cookie (using an ‘opt-in cookie’ or comparable technologies) so that the consent can be linked to a user or a user’s device. Unless information about specific providers of cookie management services differs, the following information applies: consent can be stored for up to two years. A pseudonymous user identifier is formed as part of this and saved along with the time of the consent and details about the extent of the consent (e.g. which categories of cookies and/or service providers), the browser, the system and the device used.

Types of data processed: usage data (e.g. websites visited, interest in content, times of access), metadata/communication data (e.g. device information, IP addresses).
Data subjects: users (e.g. website visitors, users of online services).
Legal grounds: consent (GDPR Article 6(1)(a)), legitimate interests (GDPR Article 6(1)(f)).

Privacy policy for server log files

The provider of this website automatically gathers and saves information in server log files that your browser automatically transfers to us. This information includes:

browser type and version
operating system used
referrer URLL
host name of the accessing computer
time of server request

This data cannot be matched with specific individuals. This data is not merged with other data sources. We do reserve the right to review this data at a later date if we gain knowledge of concrete indications of unlawful use.

Privacy policy for the contact form

If you send us enquiries using the contact form, the details you provide on the enquiry form, including the contact details you have entered on it, will be stored with us for the purpose of processing the enquiry and in case there are follow-up questions. We do not share this data without your consent and treat it as confidential.

Use of Google Maps

This website uses the Google Maps product offering. This enables us to display interactive maps to you directly on the website, which allows you convenient use of the Maps function. By visiting our website, Google receives information that you have visited the corresponding page on our website. This occurs irrespective of whether Google provides an account that you are logged into or whether there is no such account. If you are logged into Google, your data will be directly matched with your account. If you do not want your data to be matched with your Google profile, you must log out before activating the button. Google stores your data in user profiles and uses it for the purposes of marketing, market research and/or designing its website according to user needs. In particular, data is analysed to provide advertising targeted to user needs (even for users not logged in) and to inform other users of the social network about your activity on our website. You have a right to object to the creation of such user profiles, though you must contact Google to exercise this right. Further information about the purpose and scope of Google’s data collection and processing as well as further information about your rights in relation to it and potential settings for protecting your privacy is available at: www.google.de/intl/en/policies/privacy.

Use of Google reCAPTCHA

We use Google reCAPTCHA (‘reCAPTCHA’) on our website. The provider of it is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). The intention behind reCAPTCHA is to check if the data entered on our website (e.g. on a contact form) comes from a person or an automated program. To this end, reCAPTCHA analyses the behaviour of website visitors based on various attributes. This analysis begins automatically as soon as website visitors access the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, dwell time on the website or user’s mouse movements). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses take place fully in the background. Website visitors are not advised that an analysis is being performed.

The data is processed based on GDPR Article 6(1)(f). The website operator has a legitimate interest in protecting its online offerings against improper automated espionage and against spam. Further information about Google reCAPTCHA and Google’s privacy policy can be found via the following links: www.google.com/intl/policies/privacy/ and policies.google.com/terms

Privacy policy for LinkedIn

We use on our website the marketing services of the social network LinkedIn, belonging to LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (‘LinkedIn’).

These services use cookies, that is, text files that are stored on your computer. They allow us to analyse your usage of the website. As a result, we can measure the success of our advertisements and display to users products in which they have previously expressed interest, for example.

Information is recorded through this, for example, about the operating system, the browser, the website that you have visited beforehand (referrer URL), the pages that the user has visited, the products and services that the user has clicked on and the date and time of your visit to our website.

The information generated by these cookies about your use of this website is transferred in a pseudonymous format to a LinkedIn server in the United States and stored there. Accordingly, LinkedIn does not store the user’s name or email address. Rather, the above data is linked only to the person who generated the cookie. This does not apply if the user has allowed LinkedIn to process data without making it pseudonymous or has a LinkedIn account.

You can prevent cookies from being stored by activating the corresponding settings in your browser software, though be aware that you may not be able to use the complete functionality of this website in that case. You can object to the usage of your data directly to LinkedIn: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We use LinkedIn Analytics so that we can analyse how our website is used and regularly improve it. Using the acquired statistics, we can improve our offering and make it more appealing to you as a user. All LinkedIn companies have accepted standard contractual clauses to ensure that the transfer of data to the US and Singapore that is required for the development, provision and maintenance of the services occurs lawfully. If we ask users for consent, the legal grounds for the processing are GDPR Article 6(1)(a). Otherwise, the legal grounds for using LinkedIn Analytics are GDPR Article 6(1)(f).

Information about the external provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2 Ireland; Nutzervereinbarung and Datenschutzerklärung.

Privacy policy for YouTube

Functions for the YouTube service are integrated into this website. YouTube belongs to Google Ireland Limited, a company registered and operated under Irish law based at Gordon House, Barrow Street, Dublin 4, Ireland. It operates the services in the European Economic Area and Switzerland.

Your legal agreement with YouTube consists of the Terms of Service that can be found via the following link: www.youtube.com/static. These Terms of Service constitute a legally binding agreement between you and YouTube in relation to the usage of the services. Google’s privacy policy explains how YouTube deals with your personal data and protects your data when you use the service.

Copyrights

The copyrights and all other rights to content, images, photographs or other files on the website are the property solely of the operator of this website or the specially named right holders. Written approval must be obtained in advance from the copyright holder to reproduce any file. Anyone who commits a copyright violation without approval from the relevant right holder may be subject to criminal prosecution and potentially required to pay damages.

General disclaimer

All information provided on our website has been carefully examined. We endeavour to offer information that is current, accurate and complete. Nevertheless, mistakes cannot be ruled out fully, which means that we cannot provide any guarantee for the completeness, accuracy or currency of information, including that of a journalistic or editorial nature. Liability claims for losses of a material or non-material nature that are caused by using the information offered are excluded unless there is demonstrable evidence of culpability as a result of intent or gross negligence.

The publisher may, at its discretion and without warning, modify or erase text and is not required to update the content of this website. This website is visited or accessed at the visitor’s own risk. The publisher, its clients and its partners are not responsible for losses, be they direct, indirect, random, determinable in advance or consequential, that are claimed to have been incurred through visiting this website. The aforementioned parties therefore do not assume any liability for them..

The publisher also does not assume any responsibility or liability for the content or availability of third-party websites that are accessible through external links on this website. Solely the operators of the linked websites are responsible for the content of those websites. The publisher therefore explicitly distances itself from any third-party content that is potentially questionable under criminal or liability laws or that offends common decency.

Amendments

We may amend this privacy policy at any time without prior warning. The current version published on our website is the one that applies.

Access, erasure and blocking

You can obtain from us access to the personal data concerning you that we have stored along with information about the origin, recipient and purpose of the data collection and processing. You also have the right to obtain the rectification, blocking or erasure of your data. This excludes data that is stored based on statutory provisions or that is required for the orderly performance of business. In order for a data block to be able to be implemented at any time, data is kept in a block file for control purposes. We erase your data upon your request if it is not subject to a statutory retention obligation. If it is subject to an archival obligation, we block your data. For all questions and concerns relating to the rectification, blocking or erasure of personal data, please contact our Data Protection Officer using the contact details provided in this privacy policy or the address provided in the legal notice.

Questions for the Data Protection Officer

If you have questions concerning data protection, please write us an email or directly contact the person within our organisation who is responsible for data protection as listed at the top of the privacy policy.