contraf ag

​Data protection declaration

​Data protection declaration

​Version from September 1st, 2023

    ​In this data protection declaration, we, contraf ag, explain how we collect and process personal data. It is not an exhaustive description; If necessary, other data protection declarations or general terms and conditions, conditions of participation and similar documents from clients regulate specific matters. Personal data refers to all information that relates to a specific person or who can be identified via the data.

    No consent to the data protection declaration is required from customers, their employees or other data subjects. The data protection declaration only provides information about the type, scope and purpose of the use of personal data by contraf ag.

    If you provide us with personal data of other people (e.g. family members, data of work colleagues, clients or suppliers), please ensure that these people are aware of this data protection declaration and only provide us with their personal data if you are allowed to do so and if this personal data is correct.

    ​1. ​Responsibility

    ​Responsible for the data processing that we describe here is contraf ag, Luisenstrasse 29, 8005 Zurich, Switzerland, unless otherwise stated in individual cases. If you have any data protection concerns, you can communicate them to us at the following contact addresses:
    Martin Buck, martin.buck@contraf.ch on +41 44 380 80 08.

    ​2. Collection and processing of personal data

    ​We process personal data (data that directly or indirectly identifies natural persons) that we receive from these and other people involved as part of our business relationship with our customers and their business partners and further involved persons, and that we receive and raise from their users when operating our websites, apps and other applications.

    To the extent permitted, we also obtain certain data from publicly available sources or receive such data from other companies within orders, from authorities, clients and other third parties. In addition to the information you provide to us directly, the categories of personal information we receive about you from third parties include, in particular:

    • ​from public registers (e.g. commercial registers, land registers, debt collection registers);
    • which we learn in connection with official and judicial proceedings;
    • in connection with your professional functions and activities (e.g. so that we can, with your help, conclude and conduct business with your employer);
    • about you in correspondence and discussions with third parties;
    • about your creditworthiness (if we conduct business with you personally and this is necessary);
    • about you, who convey us people from your environment (family, advisors, legal representatives, etc.) so that we can conclude or process contracts with you or with your involvement (e.g. references, your address for delivery, powers of attorney, information on compliance with legal requirements such as export restrictions);
    • from banks, insurance companies, sales and other contractual partners of ours for the use or provision of services by you (e.g. payments made);
    • from the media and the Internet about you (if this is indicated in the specific case, e.g. as part of an application, press review, marketing/sales, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing);
    • in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location information).

    ​3. ​Purposes of data processing and legal basis

    ​We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners, in particular in the context of providing services in the consulting and transport sectors and purchasing products and services from our suppliers and subcontractors, as well as to comply with legal obligations at home and abroad. If you work for such a customer or business partner, your personal data may of course also be affected.

    In addition, we process personal data from you and other persons, to the extent permitted and deemed appropriate to us, also for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

    • ​​Survey of traffic routes, behavior, volumes and the choice of means of transport;
    • Collection of parking times, duration and origin of parked vehicles;
    • Communication with third parties and processing their inquiries (e.g. applications, media inquiries);
    • Offer and further development of our services and websites, apps and other platforms on which we are present;
    • Examination and optimization of procedures for needs analysis for the purpose of direct customer contact as well as collection of personal data from publicly accessible sources for the purpose of customer acquisition;
    • Advertising and marketing (including the implementation of events), unless you have objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time and we will then put you on a blocking list against further advertising mailings);
    • Market and opinion research, media monitoring;
    • Assertion of legal claims and defense in connection with legal disputes and official proceedings; 
    • Preventing and solving crimes and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud); 
    • Warranties of our operations, in particular IT, our websites, apps and other platforms; 
    • Video surveillance to protect house rules and other measures for IT, building and system security and to protect our employees and other people and assets belonging to or entrusted to us (such as access controls, visitor lists, network and email scanners, telephone records);
    • Purchase and sale of business areas, companies or parts of companies and other corporate transactions and the associated transfer of personal data as well as measures for business management and to comply with legal and regulatory obligations as well as internal regulations of contraf ag.

    ​If you have given us your consent to process your personal data for specific purposes, we will process your personal data within the framework and based on this consent, unless we have another legal basis that we need. A given consent can be revoked at any time, but this has no effect on data processing that has already taken place. 

    ​4. ​Cookies / tracking and other technologies related to the use of our website Data collected automatically

    ​​As a general rule, we do not collect any personal data on our website for further processing. When you access our website, technical information is automatically collected. This information is recorded in the server log file and includes IP address, HTTP status code, your operating system, browser, browser language, sites visited, which site you used to access the website and where you left the website, date and time including time zone of your call and length of stay. This data is stored in web hosting and is not further processed there. A corresponding contract exists (one-its.ch). The collection of this data serves for data security and to ensure that our website is permanently user-friendly and reliable. Your data will not be used to draw conclusions about you personally. Information of this type can only be evaluated statistically.

    Cookies
    Cookies are stored by your browser. They are used to recognize a website that has already been accessed and thereby, for example, measure the reach of the website. Online marketing would be another point, but we don't use it. Cookies are usually only saved during the session (i.e. the current visit to our website) and then automatically deleted. You can change how your computer should handle cookies (accept all, exclusion list, etc.) in the browser settings. Without cookies, a website may not be able to be displayed completely, which is why we ask for your consent.

    Social Media
    If we use social networks on our website in the future, such as YouTube (Data Protection and Security Center, My Data on YouTube) or LinkedIn (LinkedIn Consumer Solutions Platform, Data Protection, Data Protection Declaration), this will be visible to you (typically via corresponding symbols). By clicking/using these links, personal data will be transferred to the respective platforms and therefore processed outside of Switzerland. How and for what this personal data is used and processed, as well as the rights you have to this data, is the responsibility of the relevant operator, which is regulated in its data protection regulations, terms of use and general terms and conditions. We do not receive any information about you from these operators.

    Plug-Ins
    We use so-called plug-ins on our website. These serve certain functions, such as enabling direct playback of digital video content or image optimization. How and for what purposes any personal data collected is used and processed, as well as the rights you have to this data, is the responsibility of the operator, which is regulated in its data protection regulations, terms of use and general terms and conditions. We do not receive any information about you from this operator.

    Personal Data Not Collected Automatically
    If data is voluntarily transmitted to us via contact form, email or other media, we assume that you agree to transmit the data. If we receive the information from a third party, we will assume that they have complied with their privacy policy towards you.

    People photo
    If there are people in our photos who do not agree to their publication, please contact us. The copyright of our photos, which can be seen here on the website, lies with contraf ag. Downloading and using the photos is only permitted with written permission from us. 

    ​​5. ​Data sharing and data transfer abroad

    ​As part of our business activities and the purposes set out in Section 3, we also disclose personal data to third parties, to the extent permitted and deemed appropriate to us, either because they process it for us or because they use it for their own purposes. This particularly concerns the following recipients:

    • ​Service providers from us and externally, such as banks, insurance companies), including order processors (such as IT providers; personnel administration/payroll accounting);
    • Dealers, suppliers, subcontractors and other business partners; 
    • Customers;
    • Domestic and foreign authorities, official offices or courts;
    • Catering and hotel businesses as well as media in connection with your participation in events;
    • Public, including visitors to websites and social media;
    • Competitors, industry organizations, associations, other organizations and committees;
    • Other parties in potential or actual legal proceedings.

    ​These recipients are mostly domestic but can be anywhere in the world. They must expect their data to be transferred to other countries in Europe and the USA, where the service providers we use are located (such as Microsoft).

    If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose we use the European Commission's revised Standard Contractual Clauses, which can be found here: https://eur-lex.europa.eu/eli/ dec_impl/2021/914/oj? are available) unless it is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception provision. An exception may apply in particular in legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract requires such disclosure, if you have given your consent or if it concerns data that you have made generally accessible and the processing of which you have not objected to.

    ​6. ​Duration of retention of personal data

    ​We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or for other purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as in accordance with the legal retention and documentation obligations. It is possible that personal data will be stored for the time in which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data are no longer required for the above purposes, they will be deleted or made anonymous as far as possible. For operational data (e.g. system protocols, logs), shorter retention periods of twelve months or less apply.

    ​7. ​Data security

    ​We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse, such as issuing instructions, regular training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization and controls of these measures. 

    ​8. ​Obligation to provide personal data

    ​As part of our business relationship, you must provide the personal data that is necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations. Without this data, we will generally not be able to enter into or process a contract with you (or the entity or person you represent). The website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed. 

    ​9. ​Profiling and automated decision making

    ​This data protection declaration is designed to meet the requirements of the Swiss Data Protection Act (“DSG”), the revised Swiss Data Protection Act (“revDSG”) and the EU General Data Protection Regulation (“GDPR”). However, whether and to what extent these laws are applicable depends on the individual case.

    ​10. ​Applicability of data protection law

    ​Diese Datenschutzerklärung ist auf die Anforderungen des Schweizer Datenschutzgesetz («DSG»), das revidierte Schweizer Datenschutzgesetz («revDSG»), sowie der EU-Datenschutz-Grundverordnung («DSGVO»), ausgelegt. Ob und inwieweit diese Gesetze anwendbar sind, hängt jedoch vom Einzelfall ab.

    ​11. ​Rights of the data subject

    ​​Within the framework of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR), you have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing, in particular those for the purposes of direct marketing and other legitimate interests in processing and releasing certain personal data for the purpose of transferring it to another location (so-called data portability). Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (to the extent that we are entitled to rely on this) or use them for the assertion of requirements. If you incur any costs, we will inform you in advance. We have already provided information about the possibility of revoking your consent in Section 3. Please note that exercising these rights may conflict with contractual agreements and this may have consequences such as early termination of the contract or cost implications. We will inform you in advance if this is not already contractually stipulated.

    The exercise of such rights generally requires that you provide clear proof of your identity (e.g. by providing a copy of your ID, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in Section 1.

    Every data subject also has the right to enforce their claims in court or to file a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch). 

    ​12. ​Changes

    ​We may amend this privacy policy at any time without prior notice. The current version published on our website applies. To the extent that the Privacy Policy is part of an agreement with you, in the event of an update, we will inform you of the change by email or other appropriate means.