PRIVERA AG operates the https://www.r-2.ch/ website and is therefore responsible for the collection, processing and use of your personal data and for assuring compliance of its data processing activities with Swiss law.
We set great store by your trust. That is why we take the subject of data protection seriously and maintain appropriate security. We do of course comply with the statutory provisions of the new Swiss Data Protection Act (nDSG), the Ordinance implementing the Swiss Data Protection Act (VDSG), the Telecommunications Act (FMG) and, where applicable, other provisions of data protection law, in particular the General Data Protection Regulation of the European Union (GDPR).
Please read the following information to find out which of your personal data we collect and for what purposes we use that data.
1. What is the purpose of this data protection declaration?
2. Who is responsible for processing your data?
3. Which data do we process?
4. For what purposes do we process your data?
5. On what basis do we process your data?
6. To whom do we disclose your data?
7. Are your personal data also sent abroad?
8. For how long do we process your data?
9. How do we protect your data?
10. What are your rights?
11. Do we use online tracking and online advertising techniques?
12. Which data do we process on our social media pages, on video platforms and platforms for 360° tours?
13. Can this data protection declaration be amended?
Privera AG (hereinafter also “we”,” us”) procures and processes personal data about you and other persons (known as “third parties”). We use the term “data” as a synonym for “personal data” or “data relating to persons.”
“Personal data” are data that refer to identified or identifiable persons, i.e. conclusions as to their identity can be reached on the basis of the data as such or with suitable additional data. “Personal data meriting special protection” are a category of personal data that benefits from particular protection under the applicable data protection law. Personal data meriting special protection include e.g. data from which racial and ethnic origin can be determined, together with healthcare data, information about religious convictions or world views, biometric data for identification purposes and information about trade union membership. In Section 3, you will find details of the data that we process in the context of this data protection declaration. “Processing” means all handling of personal data, such as procurement, storage, use, adaptation, notification and erasure.
In this data protection declaration, we explain what we do with your data when you use our website https://www.r-2.ch/, procure our services, are in contact with us otherwise under the terms of a contract, communicate or have other dealings with us. Should the need arise, we will inform you by means of a timely written notification of any further processing activities that are not mentioned in this data protection declaration. Furthermore, we may let you know separately how your data are processed, e.g. in declarations of consent, terms and conditions of contract, further data protection declarations, forms and notices.
If you transfer or notify data about other persons, such as family members, work colleagues etc. to us, we assume that you have been authorised to do so and that these data are accurate. By transferring data about third parties you confirm that to be the case. Please also make sure to inform these third parties of this data protection declaration.
Privera AG, with registered office in Gümligen, is legally responsible under the terms of data protection law for the data processing operations described in this data protection declaration, unless otherwise stated in any particular case, e.g. in further data protection declarations, on forms or in contracts. This data protection declaration is applicable unless otherwise specified including, as appropriate, in cases where a member company of the Valores Group instead of us is responsible. That is the case in particular when your data are processed by any such group member company in connection with your own legal obligations or contracts or if you share data with a group member company. In such cases, that group member company is the entity responsible and only if you share your data with other group member companies for their own purposes (see Section 6) do those other group member companies also become the responsible entities.
You can reach us at the following address on data protection matters and to exercise your rights as set out in Section 10:
Privera AG
Compliance
Worbstrasse 142
3073 Gümligen (Switzerland)
E-Mail: compliance@privera.ch
We process various categories of data about you. The most important categories are listed below:
We process your data for the purposes explained below. Further information about the online sector will be found in Sections 11 and 12. These purposes or the objectives on which they are based constitute legitimate interests on our part and possibly also on that of third parties. You will find further information about the legal bases for our processing in Section 5.
We process your data for purposes connected with communication with you, in particular to answer enquiries and enforce your rights (Section 10) and to contact you if we need further information. For this purpose we make particular use of communication data and master data and data in connection with offers and services used by you. We retain these data in order to document our communication with you, for training purposes, for quality assurance and to answer further enquiries.
This concerns all purposes in connection with which you and we communicate, for consultation, authentication in the event of website use etc. We likewise process communication data to enable us to communicate with you by email and telephone, social media, letter and fax. Communication with you generally takes place in connection with other processing purposes, e.g. to enable us to provide services. Our data processing operations are also used to provide evidence of the communication and of its contents.
We process data to establish, administer and implement contractual relationships.
We close contacts of many different kinds with our business and private customers, with suppliers, subcontractors or other contracting partners, such as project partners or parties to legal disputes. For this purpose, we process in particular master data, contract data and communication data of the persons for whom the customer arranges a service.
For business acquisition purposes, personal data – in particular master data, contract data and communication data – for potential customers or other contracting partners (e.g. on an order form or in a contract) are collected by us or obtained from a communication. Likewise in connection with the closing of a contract, we process data to review creditworthiness and to open a customer relationship. This information is sometimes reviewed to comply with legal requirements.
In the context of the performance of our contractual relations, we process data to administer the customer relationship, to provide and procure contractual services (this also involves the use of third parties such as banks and insurance companies), for consultancy and for customer care. The enforcement of legal claims arising out of contracts (debt collection, legal proceedings etc.) is likewise part of implementation, as too are bookkeeping, termination of contracts and such public communication as may be necessary.
We process data for marketing purposes and to maintain our relations, e.g. to send our customers and other contracting partners personalized advertising of our own services or those of third parties affiliated to us. This may be done e.g. in the form of newsletters and other regular contacts (electronically, by post, by telephone), through other channels for which you have provided us with contact information and also on the occasion of individual marketing campaigns (e.g. events). You may decline such contacts at any time (see at the end of this Section 4) or decline or withdraw consent when contact is made for advertising purposes. With your consent, we may also send you our targeted online advertising via the Internet (see Section 11).
For example, with your consent we send you information, advertising and service offers of our own and those of third parties within the Privera AG / Valores Group as printed matter, electronically or by telephone. For this purpose, we process, in particular, communication and registration data. Like most business enterprises we personalize communications to enable us to send you individual information and offers which correspond to your needs and interests. To that end, we link data that we process about you and determine preferred data that we then use as the basis for personalization (see Section 3).
Maintenance of our relationship also includes an approach to existing customers and their contacts – which may be personalized on the basis of data about activity and preferences. In order to maintain relations, we may also operate a Customer Relationship Management-System (“CRM”) in which we store the data about customers, suppliers and other business partners needed to maintain the relationship e.g. about contact persons, history of the relationship (services procured, interactions etc.), interests, wishes, marketing actions (newsletters, invitations to events etc.), together with further details.
We also process your data for market research and to improve our services and our business.
We endeavour to improve our services (including our website) constantly so as to be able to respond quickly to changing needs. To that end, we analyse e.g. the way in which you navigate our website or which particular services are used by which groups of persons in which way and how new services can be designed (for further details, see Section 11). This gives us an idea of the acceptance of existing services by the market and the market potential of new services. For that purpose, we process in particular master data and data on behaviour and preferences, as well as communication data and details obtained from customer questionnaires, surveys and studies and further details e.g. taken from the media, social media, the Internet and from other public sources. Whenever possible, we use pseudonymized or anonymized data for these purposes. We may also call upon media watch services or make our own media observations and when doing so process personal data for media work purposes and in order to understand and respond to the latest developments and trends.
We may also process your data for security purposes and for access checks.
We constantly review and improve the appropriate degree of security of our IT and other infrastructure (including buildings). In common with every business, we cannot rule out breaches of data security with absolute certainty, but we do our utmost to curtail the risks. We therefore process data e.g. for surveillance, verifications, analyses and tests of our networks and IT infrastructures, for system and fault verifications, for documentation purposes and to make backup copies. Access verifications include checks on access to electronic systems (e.g. logging on to user accounts) as well as physical access checks (e.g. entries into buildings). For security purposes (both preventive and to investigate incidents), we also keep access protocols or lists of visitors and employ surveillance systems (such as security cameras).
We process personal data in order to comply with laws, instructions and recommendations of the authorities and internal regulations (compliance).
This includes e.g. measures to prevent money laundering and the financing of terrorism as required by law. In certain cases, we may have to conduct specific investigations of customers (“Know your Customer”) or make reports to the authorities. The performance of obligations to provide information and reports or supervisory obligations and those laid down by tax law also presupposes or entails data processing operations e.g. compliance with archiving duties and the prevention, detection and investigation of criminal acts and other breaches. This also includes the acceptance and processing of complaints and other reports, the supervision of communication, internal investigations or the disclosure of documents to an authority if we have adequate grounds for doing so or are required to do so by law. Your personal data may under certain circumstances likewise be processed when external investigations are made, e.g. by a prosecuting or supervisory authority or by a retained private entity. For all these purposes, we process in particular your master data, your contract data and communication data and, under certain circumstances, also data about your activity and information falling into the ”other data” category. Legal obligations may involve Swiss law and also foreign provisions by which we are governed, as well as self-regulation, branch standards, our own corporate governance and official instructions and requests.
We also process data for our own risk management purposes and as part of our prudent business management, including business organization and business development.
For these purposes we process in particular master data, contract data, registration data and technical data as well as activity and communication data. For instance, as part of our financial management we must supervise our receivables and payables and avoid falling victim to malfeasance and malpractice; this may necessitate the evaluation of data to detect relevant patterns. For these purposes and for your and our own protection we may also engage in profiling and draw up and process profiles. As part of the planning of our resources and the organisation of our business, we must evaluate data about the use of our services and other offers and process or exchange relevant details with other persons (such as outsourcing partners) which may also include your data. The same applies to services provided for us by third parties. For the purposes of business development we may sell businesses, parts of businesses or enterprises to others or acquire them from such other persons or enter into partnerships which may likewise lead to the exchange and processing of data (including your own e.g. as a customer or supplier or as a supplier’s representative).
We may process your data for other purposes, e.g. as part of our internal procedures and administration.
These other purposes include e.g. administrative purposes (such as master data management, bookkeeping and data archiving and the verification, management and ongoing improvement of our IT infrastructure), the safeguarding of our rights (e.g. in order to enforce our claims in the courts, prior to legal proceedings or out of court and in relation to the authorities, both in Switzerland and elsewhere, or to defend ourselves against claims, for instance by securing evidence, making legal investigations and taking part in proceedings in courts or with the authorities) and evaluating and improving our own internal processes. The safeguarding of other legitimate interests is also part of the other purposes which cannot be listed in full.
In cases where we ask for your consent to certain types of processing, we inform you separately of the purposes for which processing is carried out. You may withdraw your consent at any time with effect for the future by letting us know in writing (by post) or, unless otherwise indicated or agreed, by email addressed to us; you will find our contact details in Section 2. For the withdrawal of your consent to online tracking, see Section 11. As soon as we have received notice of withdrawal of your consent, your data will no longer be processed for the purposes to which you had originally consented unless we have another legal basis for doing so. The withdrawal of your consent does not affect the lawfulness of processing effected on the basis of your previous consent until such time as it is withdrawn.
In cases where we do not ask for your consent to processing, we base the processing of your personal data on the fact that such processing is necessary to prepare or perform a contract with you (or with the entity represented by you) or that we or third parties have a legitimate interest in particular in pursuing the purposes described in Section 4 above and the related objectives and in being able to take appropriate actions. Our legitimate interests include compliance with legal requirements in so far as these are not in any case already acknowledged as a legal basis by the applicable data protection law (e.g. the GDPR, the law applicable in the EEA and in Switzerland). However, this also includes the marketing of our services, our interest in a better understanding of our markets and in running our enterprise, including its operational business, securely and efficiently and in furthering its future development.
If we receive sensitive data (e.g. healthcare data, information about political, religious or philosophical world views or biometric data for identification purposes) we may also process your data on the basis of other legal provisions, e.g. if disputes arise over the need for processing for a particular purpose or for the enforcement of, or defence against, legal claims. In certain specific cases other legal bases may apply; we will notify you of them separately should that be necessary.
In connection with our contracts, the website, our services, our legal obligations or otherwise to safeguard our legitimate interests and for the further purposes listed in Section 4, we also transfer your personal data to third parties, in particular to the following categories of recipients:
All these categories of recipients may themselves use third parties so that your data may also be made available to the latter. We may restrict processing by specific third parties (e.g. IT providers) but cannot restrict processing by other third parties (e.g. public authorities, banks etc
As explained in Section 6, we also disclose data to other entities. These are not all located in Switzerland. Your data may therefore also be processed in Europe and in exceptional cases in any other country of the world.
If a recipient is located in a country which does not have appropriate legal data protection, we undertake to require the recipient by contract to respect the applicable data protection. For that purpose, we use the European Commission’s revised standard contract clauses which can be consulted here: [https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj] unless he is already governed by legally acknowledged data protection rules and we cannot refer to an exceptional provision. An exception may in particular apply in the case of legal proceedings abroad and also in cases of overriding public interest or if the performance of a contract requires such disclosure, if you have consented or if the data have been made generally accessible by you and you have not objected to their processing.
Many countries outside Switzerland or the EU and the EEA do not at present have laws which assure an adequate standard of data protection within the meaning of the DSG or GDPR. This weaker or non-existent legal protection can be partially offset by the contractual measures referred to above. However, contractual provisions cannot eliminate all the risks (in particular that of government access abroad). You should be aware of these residual risks, even if the risk may be low in any particular case and we take other measures (such as pseudonymization or anonymization) to minimize it.
Please also be aware that data exchanged over the Internet are frequently routed through third countries. Your data may therefore still go abroad even if the sender and receiver are both situated in the same country.
We process your data for as long as the purposes of such processing by us, the legal retention periods and our legitimate interests require processing for documentation and evidential purposes or if storage is necessary for technical reasons. For further information about the duration of storage and processing in any particular case, please refer to the individual data categories in Section 3 or to the cookie categories in Section 11. In the absence of other legal or contractual obligations, we erase or anonymize your data upon the expiry of the storage or processing period as part of our usual processes.
Documentation and evidential purposes include our interest in documenting processes, interactions and other circumstances in the event of legal claims, inaccuracies, for purposes of IT and infrastructure security and to provide evidence of good corporate governance and compliance. Retention may be necessary for technical reasons if certain data cannot be separated from other data and we must therefore retain them all (e.g. in the case of backups or document management systems).
We take appropriate security measures in order to safeguard the confidentiality, integrity and availability of your personal data, to protect them against unauthorized or unlawful processing and to avert the risk of loss, unintended alteration, undesired disclosure or illegitimate access.
Security measures of a technical and organisational nature may include e.g. the encryption and pseudonymization of data, drawing up protocols, access limitations, storage of backup copies, instructions given to our staff, confidentiality agreements and verifications. We protect your data transferred via our website while in transit by means of suitable encryption mechanisms. However, we can only secure those areas that are under our control. We also require our order processors to take suitable security measures. However, security risks cannot always be ruled out altogether; residual risks are inevitable.
Under certain circumstances, the applicable data protection law grants you the right to object to the processing of your data, especially for direct marketing purposes and to safeguard other legitimate interests in processing.
To facilitate your control over the processing of your personal data, you also have the following rights in respect of our data processing, depending on the applicable data protection law:
If you wish to exercise the above rights in relation to us, please contact us in writing, in person or, in cases where not otherwise stated or agreed, by email addressed to us; you will find our contact details in Section 2. To enable us to rule out misuse, we must identify you (e.g. by a copy of an identity document in cases where this is not otherwise possible).
Please note that criteria, exceptions or limitations apply to these rights under the applicable data protection law (e.g. to protect third parties or business secrets). We will inform you suitably as the case may be.
In particular, we may have to continue to store and process your personal data in order to perform a contract with you, to safeguard our own interests that merit protection such as enforcement, exercise of, or defence against, legal claims or in order to comply with legal obligations. To the extent that this is permitted by law, in particular to protect the rights and freedoms of other data subjects and to safeguard interests that merit protection, we may therefore decline a request by a data subject either in whole or in part (e.g. by redacting certain contents that concern third parties or our business secrets).
If you do not agree to the way in which we handle your rights or data protection, please let us know (Section 2). In particular, if you are based in the EEA, in the United Kingdom or in Switzerland, you are also entitled to lodge a complaint with the data protection supervisory authority in your country.
We use various techniques on our website by means of which we and third parties retained by us recognize you again when you visit our website and, under certain circumstances, are able to follow you across several visits. Information on that subject is set out in this section.
The central need for us is to be able to distinguish between accesses by you (via your system) and accesses by other users to enable us to assure the functionality of the website and effect evaluations and personalizations. We do not wish to ascertain your identity even if we can do so, to the extent that we or third parties retained by us can identify you by combination with registration data. However, even without registration data, the techniques used are configured in such a way that you are recognized as an individual visitor whenever you retrieve a particular page e.g. because our server (or the third-party server) assigns a particular recognition number to you or your browser (known as a cookie).
Cookies are individual codes (e.g. a serial number) which our server or the server of one of our service providers or contracting advertising partners transfers to your system when the connection to our website is made; your system (browser, mobile phone) receives and stores those cookies until the programmed expiry time. Upon each subsequent access, your system transfers these codes to our server or to the third-party server. In this way you are recognized again even if your identity is unknown.
Other techniques may also be used to enable you to be recognized again with a varying degree of probability (i.e. differentiated from other users).
“Fingerprinting” is one example. When fingerprinting is used, your IP address, your browser, the screen resolution, choice of language and other details which your system notifies to every server are combined to create a more or less unique fingerprint. This dispenses with the need for cookies.
Whenever you access a server (e.g. to use a website or app or because an image – either visible or invisible – is integrated into an email), your visits can be tracked. If we integrate the offers of a contracting advertising partner or provider of an analysis tool into our website, this can track you in the same way, even if you cannot be identified in any particular case.
We use such techniques on our website and enable some third parties to do likewise. You can program your browser to block, mislead or erase certain cookies or alternative techniques. You can also extend your browser with software that blocks tracking by specified third parties. You will find further information on this subject on your browser’s help pages (generally under the key words “Data protection”) or on the websites of the third parties listed by us below.
A distinction is made between the following cookies (techniques with comparable working methods such as fingerprinting are included here):
At present, we use offers of the following service providers and contracting advertising partners (if the latter use your data or cookies placed by you to direct their advertising):
We may run pages and other forms of online presence on social networks and other platforms operated by third parties (“Fanpages”, “Channels”, “Profile” etc.) and collect data about you as described in Section 3 and
below. We receive these data from you and the platforms if you contact us via our online presence (e.g. if you communicate with us, comment on our contents or visit us online). At the same time, the platforms evaluate your use of our online presence and link those data to other data about you that are known to the platforms (e.g. your activity and preferences). They also process such data for their own purposes under their own responsibility, in particular for marketing and market research (e.g. to personalize advertising) and to steer their platforms (e.g. to determine the contents that are displayed to you).
We receive data about you when you communicate with us online or view our contents on the relevant platforms, visit our online presences or are active on them (e.g. call attention to contents or make comments). These platforms also collect information about you such as technical data, registration data, communication data, activity and preference data (see Section 3 for an explanation of these terms). These platforms regularly assess the way in which you interact with us, how you use our online presences, our contents or other parts of the platform (what you view, comment, “like”, forward etc) for statistical purposes and link such data with further personal details (such as your age, gender and other demographic information). In this way they also compile profiles of you and statistics about the use of our online presences. They use these data and profiles in order to display our own or third-party advertising and other contents in a personalized manner for you on the platform and to direct the platform performance as well as for market and user research and to provide information to us and other entities about you and your use of our online presence. We may to some extent steer the evaluations which these platforms compile about the use of our online presences.
We process these data for the purposes described in Section 4, in particular for communication, for marketing (including advertising on these platforms, see Section 11) and for market research. Information about the relevant legal bases will be found in Section 5. Contents published by you personally (such as comments on an announcement) may be circulated by us (e.g. in our advertising on the platform or elsewhere). We or the platform operators may also erase or restrict contents by or about you in line with the guidance on use (e.g. inappropriate comments).
Further information about processing done by the platform operators will be found in those platforms’ own data protection notices. Those notices will also let you know in which countries they process your data, which information, erasure and other rights you have as a data subject and how you may exercise these rights or obtain further information. We currently use the following platforms:
We call your attention to the fact that we as the webpage provider have no knowledge of the content of the transferred data and of their use by the platforms. Details of data collection (purpose, scope, further processing, use) and about your rights and possible settings will be found in the LinkedIn data protection notices.
This data protection declaration is not part of a contract with you. We may amend this data protection declaration at any time. The version published on this website is the latest available edition.
Latest update: 27.08.2023