An overview of data protection
1. Data Controller / Data Protection Officer / Representative
Data Controller has a Data Protection Officer according to Art. 37 GDPR:Responsible for the data processing we conduct here is
Metecon Switzerland LLC
c/o LMP Attorneys-at-Law LLC
If you have data protection concerns, you can contact us at the following address
Metecon Switzerland LLC
c/o LMP Attorneys-at-Law LLC
2. Collection and Processing of Personal Data
We primarily process personal data that we receive from our customers and other business partners in the course of our business relationships with them and other individuals involved. Where permitted, we may also obtain certain data from publicly accessible sources (e.g., debt registers, land registers, commercial registers, press, internet) or receive such data from other companies within the Metecon GmbH, authorities, and other third parties. In addition to the data you directly provide to us, the categories of personal data we receive from third parties about you include information from public registers, information we learn in connection with administrative and judicial proceedings, information related to your professional functions and activities (so that we can, for example, conduct and process transactions with your employer with your assistance), information about you in correspondence and discussions with third parties, credit information (where we conduct business with you personally), information about you provided to us by individuals in your network (family, advisors, legal representatives, etc.) so that we can conclude or process contracts with you or involving you (e.g., references, your delivery address, powers of attorney, compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurers, distributors, and other contractual partners of ours for the use or provision of services by you (e.g., payments made, purchases made), information from media and the internet about you (to the extent relevant in the specific case, e.g., in the context of an application, press review, marketing/sales, etc.), your addresses, and, if applicable, interests and other socio-demographic data (for marketing), data related to the use of the website (e.g., IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location data).
3. Purposes of Data Processing and Legal Bases
We primarily use the personal data we collect to enter into and perform contracts with our customers and business partners, particularly within the scope of Regulatory Complience with our customers and the procurement of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations at home and abroad. If you are acting on behalf of such a customer or business partner, you may also be affected in this capacity.
Additionally, we process personal data of you and other individuals, where permissible and deemed appropriate, for the following purposes, in which we (and sometimes third parties) have a legitimate interest that is aligned with the respective purpose:
- Offering and improving our services, websites, and other platforms on which we are present.
- Communicating with third parties and handling their inquiries (e.g., job applications, media inquiries).
- Evaluating and optimizing procedures for needs analysis for direct customer communication and collecting personal data from publicly accessible sources for customer acquisition.
- Advertising and marketing (including the conduct of events) unless you have objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time, and we will add you to a suppression list to stop further advertising).
- Market and opinion research, media monitoring.
- Asserting legal claims and defense in legal disputes and administrative proceedings.
- Preventing and investigating crimes and other misconduct (e.g., conducting internal investigations, data analysis for fraud prevention).
- Ensuring the operation of our business, particularly IT, our websites, and other platforms.
- Purchase and sale of business areas, companies, or parts of companies, and other corporate transactions, as well as the transfer of personal data related to such transactions and measures for business management and to comply with legal and regulatory obligations, as well as internal regulations of Metecon Schweiz GmbH.
If you have given us consent to process your personal data for specific purposes (e.g., when registering for newsletters or conducting a background check), we will process your personal data within the scope of and based on this consent, to the extent that we have obtained your consent. Consent provided can be withdrawn at any time, but this does not affect data processing that occurred before withdrawal.
4. Cookies / Tracking and Other Technologies Related to the Use of Our Website
We typically use "cookies" and similar technologies on our websites, which can identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. When you revisit this website we can recognize you, even if we don't know who you are. In addition to cookies used only during a session and deleted after your website visit ("session cookies"), cookies can also be used to store user settings and other information for a specific period (e.g., two years) ("persistent cookies"). However, you can configure your browser to reject cookies, store them for only one session, or delete them prematurely. Most browsers are preset to accept cookies. We use persistent cookies to store user settings (e.g., language, auto-login), to better understand how you use our offerings and content, and to display tailored offers and advertisements to you (which may also occur on websites of other companies; however, they won't know who you are from us, if we even know, as they will only see that the same user who was on our site visited a specific page on their site). Some of the cookies are set by us, and some are set by partner companies we work with. If you block cookies, certain functionalities (e.g., language selection) may no longer work.
In our newsletters and other marketing emails, we sometimes include visible and invisible image elements, through the retrieval of which from our servers, we can determine whether and when you have opened the email, allowing us to measure and better understand how you use our offerings and tailor them to you. You can block this in your email program; most are preset to do so.
By using our websites and consenting to receive newsletters and other marketing emails, you agree to the use of these techniques. If you do not wish to do so, you must adjust your browser or email program accordingly.
Google Analytics or other servicesGoogle:
We use Google Analytics or other Google’s tools and plug-in on our websites. This is a third-party service that can be located in any country worldwide (in the case of Google Analytics, it is Google Ireland (based in Ireland), which relies on Google LLC (based in the USA) as a data processor (both "Google"), www.google.com). With this service, we can measure and evaluate the use of the website (non-personal) using persistent cookies set by the service provider. We have configured the service to shorten the IP addresses of visitors by Google in Europe before forwarding them to the USA, making them untraceable. We have disabled the settings "Data Sharing" and "Signals." While we assume that the information we share with Google is not personal data for Google, it is possible that Google may draw conclusions about the identity of visitors from this data, create personal profiles, and link this data to the Google accounts of these individuals. If you have registered with the service provider yourself, the service provider will also know you. The processing of your personal data by the service provider is then the responsibility of the service provider, following its privacy policies. The service provider only informs us about how our respective website is used by the User and hence no personal information is collected.Google Maps:
This website utilizes Google Maps via an API, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Your IP address is stored to enable Google Maps features, with the data typically sent to Google's servers in the United States. The website operator lacks control over this data transfer. Google Maps is used for presenting online content and facilitating location discovery on the website, which aligns with our legitimate interests under Art. 6 Sect. 1 lit. f GDPR. For more information on user data handling, refer to Google's Data Privacy Declaration: https://policies.google.com/privacy?hl=en.GGoogle Tag Manager:
This website employs Google Tag Manager, which manages website tags through an interface. Google Tag Manager implements tags but doesn't set cookies or collect personal data. It triggers other tags that may collect personal data but doesn't access this data. Deactivation at the domain or cookie level applies to all tracking tags using Google Tag Manager.Google Remarketing or Similar Target Groups:
We use Google Ireland Limited's Remarketing or Similar Target Groups function to display interest-based, personalized ads on third-party websites in Google's advertising network. This is based on Article 6 (1)(f) GDPR, serving our legitimate interest in website analysis, optimization, and cost-efficient operation. Google stores a cookie with a sequence of numbers on your device, recording your visit and website use anonymously. No personal data is shared. Cross-device marketing may track usage across devices if you've linked your browser histories to your Google account. To opt out, use the browser plug-in: https://support.google.com/My-Ad-Center-Help/answer/12155656?visit_id=638303819355282859-3821932719&rd=1.Google AdServices:
- Description: Advertising service.
- Processing Company: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
- Data Purposes: Advertising and targeting.
- Technologies Used: Cookies and Pixels.
- Data Collected: Click path, events, IP address, referrer URL, touch point to advertising medium, transactions, user agent, pages viewed.
- Legal Basis: Art. 6 para. 1 s. 1 lit. a GDPR.
- Location of Processing: European Union.
- Retention Period: Data is deleted when no longer needed for processing.
- Transfer to Third Countries: Data may be transferred outside the EU/EEA.
- Data Recipients: Google LLC, Google Ireland Limited, Alphabet Inc.
- Opt-out: https://safety.google/privacy/privacy-controls/
- Storage Information: Maximum age of cookie storage is 1 year; no non-cookie storage.
Social media plugins:
We also use plug-ins from social networks such as LinkedIn, Facebook on our websites. This is visible to you (typically through corresponding icons). We have configured these elements to be deactivated by default. If you activate them (by clicking), the operators of the respective social networks can register that you are on our website and where you are, and they can use this information for their purposes. The processing of your personal data is then the responsibility of the respective operator according to their privacy policies. We do not receive any information about you from them.LinkedIn Analytics and LinkedIn Ads:
We use LinkedIn Corporation's conversion tracking technology and their remarketing feature on our website.
This technology allows visitors to our website to see personalised ads on LinkedIn. It also enables the creation of anonymised reports on the performance of ads and user interaction with the website. For this purpose, the LinkedIn Insight tag is integrated on this website. It establishes a connection to the LinkedIn server when you visit this website and are logged into your LinkedIn account.
We maintain a profile on Facebook. This platform is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries. However, Facebook is certified under the EU-US Privacy Shield.
We would like to point out that the headquarters of the company is in the USA and that the USA is not a safe third country the purpose of EU data protection law. US companies are obliged to surrender personal data to security authorities without you as the data subject being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities. We have concluded a joint processing agreement (Controller Addendum) with Facebook. This agreement defines which data processing operations we or Facebook are responsible for when you visit our Facebook page. We receive "Insights" data from Facebook, i.e. data on user numbers. These "Insights" data are personal data according to the GDPR, which are collected and processed in connection with a visit to or interaction of persons with a page and its contents.
"Page-Insights" are statistics that Facebook Ireland provides to the person responsible for the page.
The agreement on joint responsibility can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
Data processing for interactions on our Facebook page
On our Facebook page you have the possibility to get in contact with us by commenting on our contributions, creating a contribution yourself or sending us private messages. If you want to avoid Facebook processing personal data that you have submitted to us, please contact us by other means.
5. Data Disclosure and International Data Transfer
As part of our business activities and the purposes outlined in section 3, where permitted and deemed appropriate, we disclose information to third parties, whether they process it for us or for their own purposes. This includes, in particular, the following entities:
- Service providers for us (within the Metecon Schweiz GmbH and externally, such as banks, insurance companies), including data processors (such as IT providers);
- Merchants, suppliers, subcontractors, and other business partners;
- Domestic and foreign authorities, government agencies, or courts;
- The public, including website and social media visitors;
- Competitors, industry organizations, associations, organizations, and other committees;
- Acquirers or potential buyers of business segments, companies, or other parts of the Metecon group;
- Other parties in potential or actual legal proceedings;
- Other companies within the Metecon GmbH;
These recipients may be located partly domestically but can be anywhere on the planet. You should expect your data to be transferred to all countries where the Metecon GmbH is represented by group companies, branches, or other offices https://www.metecon.de/de/unternehmen/,
If a recipient is located in a country without adequate legal data protection, we contractually obligate the recipient to comply with applicable data protection laws (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?). unless they are already subject to a legally recognized framework for data protection, and we cannot rely on an exemption. An exemption may apply, particularly in cases of foreign legal proceedings, overriding public interests, or when contract execution requires such disclosure, when you have consented, or when it concerns data made generally accessible by you, to which you have not objected.
6. Duration of Personal Data Retention
We process and store your personal data for as long as necessary to fulfill our contractual and legal obligations or the purposes pursued with the processing. This means, for example, for the entire duration of the business relationship (from initiation, execution to termination of a contract), as well as according to legal retention and documentation obligations. It is possible that personal data may be retained for a period during which claims can be asserted against our company, and to the extent that we are otherwise legally obligated or legitimate business interests require it (e.g., for evidentiary and documentation purposes). Once your personal data is no longer required for the purposes mentioned above, it will generally be deleted or anonymized to the extent possible. For operational data (e.g., system logs), shorter retention periods of twelve months or less apply.
7. Data Security
We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse.
8. Obligation to Provide Personal Data
In the context of our business relationship, you must provide the personal data necessary for the establishment and execution of a business relationship and the fulfillment of associated contractual obligations (you typically do not have a legal obligation to provide us with data). Without this data, we will generally not be able to enter into or process a contract with you (or the entity or person you represent). The website cannot be used if certain information necessary for data traffic security (such as IP address) is not disclosed.
9. Profiling and Automated Decision-Making
We partially process your personal data automatically to assess certain personal aspects (profiling). We use profiling, in particular, to inform and advise you on products in a targeted manner. In doing so, we use evaluation instruments that allow us to tailor communication and advertising, including market and opinion research, to your needs.
For the establishment and execution of the business relationship and otherwise, we do not generally use fully automated decision-making processes (as regulated, for example, in Article 22 of the GDPR). If we use such procedures in individual cases, we will inform you separately, if required by law, and inform you about the related rights.
10. Rights of the Data Subject
Under applicable data protection law and to the extent provided (such as under the GDPR), you have the right to access, rectify, erase, restrict data processing, and object to our data processing, especially for purposes of direct marketing, profiling carried out for direct advertising, and other legitimate interests in processing, as well as the right to receive certain personal data for transfer to another entity (data portability). Please note that we reserve the right to assert the legally provided restrictions on our part, such as if we are obligated to retain or process certain data, have a predominant interest in doing so (as far as we are entitled to do so), or need it to assert claims. If costs are incurred for you, we will inform you in advance. We have already informed you about the possibility to withdraw your consent in section 3. Please note that exercising these rights may conflict with contractual agreements and may have consequences such as early contract termination or cost implications. We will inform you in advance if this is not already contractually regulated.
The exercise of such rights generally requires that you clearly prove your identity (e.g., by providing a copy of your ID card, where your identity is not otherwise clear or verifiable). To exercise your rights, you can contact us at the address provided in section 1.
Every data subject also has the right to enforce their claims in court or file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).