Data Protection

Version effective as of 01.09.2023

This privacy policy outlines what personal data we process in connection with our activities, including our website. In particular, it details why, how and where we process personal data, as well as the rights of the people whose data we process. All information relating to an identified or identifiable person is personal data.

If you provide us with the personal data of other people (e.g. suppliers), we assume that you are authorised to do so and that the data is accurate. You confirm this by transmitting data relating to third parties. Please ensure that the third parties in question are aware of this privacy policy.

This privacy policy is set out in keeping with the requirements of the European General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP) and the revised Swiss Federal Act on Data Protection (nFADP). However, whether and to what extent these laws apply depends on the individual case at hand.

Contact details for enquiries regarding data protection

Unless indicated otherwise, such as in other privacy policies, on forms or in contracts, neue Holzbau AG, Obseestrasse 11, 6078 Lungern, Switzerland is the controller responsible for the data processing described in this privacy policy.

If you have any questions concerning data protection, you can contact us at the address below: 

GSA Technology AG
Obseestrasse 11
6078 Lungern
Tel: 041 679 70 99
Mail: info@gsa-technology.ch

Collection and Processing of Personal Data

We primarily process the personal data we receive from our customers, business partners and other related parties as part of our business relationships with them, or the personal data which we collect from users of our website and other applications.  Where permitted, we also retrieve certain data from public sources (e.g. debt collection registers, land registers, commercial registers, the press and the internet) or authorities and other third parties. In addition to the data relating to you that you share with us directly, the categories of personal data relating to you that we obtain from third parties include, in particular, information from public registers, information we receive in connection with official and judicial proceedings, information in connection with your professional roles and activities, information about you in correspondence and discussions with third parties, information pertaining to creditworthiness (where we enter into transactions with you personally), information about you that we are given by people connected with you (e.g. family, advisors or legal representatives) in order that we are able to enter into and execute contracts with or involving you (e.g. powers of attorney, information from banks), your addresses, data in connection with your use of the website (e.g. your IP address, the MAC address of your smartphone or computer, information about your device and settings, cookies, the date and time of your visit, the pages and content you accessed, the features you used, the referring URL and location information). 

Purpose of Data Processing and Legal Grounds

First and foremost, we use the personal data we collect to provide our glued laminated timber construction services, to enter into and perform contracts with our customers and business partners and to fulfil our statutory duties.

Furthermore, where admissible and where we deem it appropriate, we process your personal data and the personal data of other people for the following purposes in which we have a legitimate interest that is consistent with the purpose: 

  • To offer and develop our services and website, as well as other platforms on which we are present;
  • To communicate with third parties and process their enquiries;
  • To test and optimise methods of analysing demand for the purposes of contacting clients directly and to collect personal data from public sources for the purposes of customer acquisition; 
  • To conduct advertising and marketing, unless you have objected to the use of your data (if you are a customer and we send you promotional material, you can object at any time, in which case we will remove your name from our mailing lists); 
  • To enforce and defend against legal claims in connection with legal disputes and official proceedings; 
  • To prevent and investigate criminal acts and other misconduct (e.g. internal investigations); 
  • To ensure operation, especially of IT systems, our website and other platforms; 
  • To undertake corporate transactions, including the related transmission of personal data, as well as business management measures, and in order to comply with statutory and regulatory obligations and internal regulations. 

Where you have provided us with your consent to the processing of your personal data for certain purposes, we will process your personal data within the scope of and on the basis of that consent unless we have any other legal grounds and require them. The consent can be withdrawn at any time (see also section 9), although this has no effect on data processed up to that point. 

Cookies / Tracking in connection with the Use of our Website

Our website normally uses cookies and similar methods to identify your browser or device. First of all, the purpose of the cookies we use is to provide the features of our website. We also use cookies to make your surfing experience on our website as user-friendly as possible. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by your browser when you visit our website. If you visit this website repeatedly, this enables us to recognise you even if we do not know who you are. In addition to cookies that are merely used during a session and then erased after you leave the website (session cookies), we can also use cookies (persistent cookies) to store user settings and other information for a certain period of time (e.g. two years). However, you can set your browser to block cookies, to only store cookies for one session or to otherwise delete them prematurely. Most browsers accept cookies by default. If you block cookies, certain features on the website might no longer work properly. 

By using our website and consenting to receive newsletters and other marketing emails, you consent to the use of these methods. Otherwise, you will have to change the settings in your browser or email software to prevent it.

We use Google Analytics or similar services on our website. As part of these services, the data relating to your use of a website is transmitted to the dedicated server. Depending on the provider, this server might be located abroad. For the most commonly used web analytics tool, Google Analytics, this data is transmitted with truncated IP addresses, which prevents individual devices from being identified. Google adheres to the data protection provisions of the Swiss-US Privacy Shield and has signed up to the Swiss-US Privacy Shield with the U.S. Department of Commerce. Your IP address sent by your browser through Google Analytics will not be associated with any other data held by Google. Google only shares the data with third parties on the basis of statutory regulations or under a processing agreement. You can prevent Google from collecting or processing the data generated by the cookie concerning your use of our website (including your IP address) by downloading and installing the browser plugin provided by Google. Furthermore, our website uses plugins from social networks such as Facebook, LinkedIn or Instagram. You can usually identify each social network from its symbols. We have configured these elements so that they are inactive by default. If you activate them (by clicking on them), the operator of the social network in question can log that you are on our website (including the specific page) and use that information for its own purposes. Your personal data is then processed under the responsibility of that operator and in line with its own privacy policy. The operator will not provide us with any information about you

Sharing of Data and Transmission of Data Abroad

Where admissible and appropriate, we share data with third parties as part of our business activities and for the purposes described in section 3 – including but not limited to the third parties processing the data on our behalf. The third parties might be the following, in particular (recipients):

  • Our service providers (such as banks and insurers), including processors (such as IT providers); 
  • Sellers, suppliers, subcontractors and other business partners;
  • Customers;
  • Authorities, official bodies or courts; 
  • Media;
  • The public, including visitors to websites and users of social media; 
  • Buyers or parties interested in acquiring business lines, companies or other elements; 
  • Other parties to actual or potential legal proceedings; 

Some of these recipients are in Switzerland, but others might be abroad. In particular, you must expect your data to be transferred to any country in which our service providers (e.g. Microsoft) are situated. 

If a recipient is based in a country without an adequate level of data protection, we have the recipient sign a contractual undertaking to uphold the applicable level of data protection (we use the revised standard contractual clauses of the European Commission, which are available here, unless the recipient is already subject to a legally recognised regulatory framework for data protection and we are unable to make use of an exception. Legal proceedings abroad can be one such exception, as can cases of overriding public interest, or if the execution of a contract requires such a disclosure, if you have consented or if the data has been made generally accessible and you have not objected to its processing.

Retention Periods for your Personal Data

We process and store your personal data for as long as necessary to fulfil our contractual and statutory obligations or other purposes for which we are processing the data, i.e. for the term of the entire business relationship (from the initiation to the performance and termination of a contract), as well as in line with the statutory regulations concerning retention and documentation. It is possible that personal data might be stored for the period of time in which claims can be filed against our company and if we are otherwise legally obliged to do so, or if our legitimate interests require it (e.g. for the purposes of evidence and documentation). Where possible, your personal data will be erased or anonymised as soon as it is no longer required for the purposes above. Operational data is generally subject to shorter retention periods of 12 months or less. 

Data security

In so far as possible and feasible, we have implemented reasonable technical and organisational measures to protect your personal data from being accessed by unauthorised parties and misused. 

Obligation to disclose Personal Data

As part of our business relationship, you are required to provide the personal data necessary for the initiation and execution of a business relationship and for the fulfilment of the related contractual obligations (you are not normally legally obliged to provide us with data). Without such data, we will not normally be able to enter into or execute a contract with you (or the body or person you represent). It might not even be possible to use the website if certain information is not disclosed for the purposes of securing the transmission of data (e.g. your IP address).

Rights of the Data Subject

Under the applicable data protection legislation and to the extent provided for therein, you are entitled to access information, to rectification, to erasure, to restriction of processing, to object to the processing of data by us and to other legitimate interests in the processing, and to receive certain personal data for the purposes of transmitting it to another controller (i.e. data portability). However, please note that we reserve the right to utilise the statutory restrictions on our part if, for instance, we are obliged to store or process certain data, have an overriding interest in doing so (provided that we are permitted to cite it) or need to do so in order to exercise legal rights. We have already made you aware of your option to withdraw your consent in section 3.

As a rule, exercising such rights requires you to provide evidence of your identity (e.g. a copy of your personal identification if your identity is not otherwise clear and cannot be verified). You can contact us at the address provided in section 1 in order to exercise your rights.

Furthermore, every data subject has the right to enforce their claims in a court of law and to lodge a complaint with a supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC) (http://www.edoeb.admin.ch).

SSL and TLS encryption

For security reasons and in order to protect the transfer of confidential content such as enquiries which you send to us, the operator of the website, this website uses SSL and TLS encryption. 

Amandments

We can amend this privacy policy at any time without providing prior notice. The current version published on our website is the valid version. If the privacy policy is a component of an agreement with you and is updated, we shall notify you of the amendment by email or in another appropriate manner.