Version effective as of 01.09.2023
Contact details for enquiries regarding data protection
If you have any questions concerning data protection, you can contact us at the address below:
GSA Technology AG
Tel: 041 679 70 99
Collection and Processing of Personal Data
We primarily process the personal data we receive from our customers, business partners and other related parties as part of our business relationships with them, or the personal data which we collect from users of our website and other applications. Where permitted, we also retrieve certain data from public sources (e.g. debt collection registers, land registers, commercial registers, the press and the internet) or authorities and other third parties. In addition to the data relating to you that you share with us directly, the categories of personal data relating to you that we obtain from third parties include, in particular, information from public registers, information we receive in connection with official and judicial proceedings, information in connection with your professional roles and activities, information about you in correspondence and discussions with third parties, information pertaining to creditworthiness (where we enter into transactions with you personally), information about you that we are given by people connected with you (e.g. family, advisors or legal representatives) in order that we are able to enter into and execute contracts with or involving you (e.g. powers of attorney, information from banks), your addresses, data in connection with your use of the website (e.g. your IP address, the MAC address of your smartphone or computer, information about your device and settings, cookies, the date and time of your visit, the pages and content you accessed, the features you used, the referring URL and location information).
Purpose of Data Processing and Legal Grounds
First and foremost, we use the personal data we collect to provide our glued laminated timber construction services, to enter into and perform contracts with our customers and business partners and to fulfil our statutory duties.
Furthermore, where admissible and where we deem it appropriate, we process your personal data and the personal data of other people for the following purposes in which we have a legitimate interest that is consistent with the purpose:
- To offer and develop our services and website, as well as other platforms on which we are present;
- To communicate with third parties and process their enquiries;
- To test and optimise methods of analysing demand for the purposes of contacting clients directly and to collect personal data from public sources for the purposes of customer acquisition;
- To conduct advertising and marketing, unless you have objected to the use of your data (if you are a customer and we send you promotional material, you can object at any time, in which case we will remove your name from our mailing lists);
- To enforce and defend against legal claims in connection with legal disputes and official proceedings;
- To prevent and investigate criminal acts and other misconduct (e.g. internal investigations);
- To ensure operation, especially of IT systems, our website and other platforms;
- To undertake corporate transactions, including the related transmission of personal data, as well as business management measures, and in order to comply with statutory and regulatory obligations and internal regulations.
Where you have provided us with your consent to the processing of your personal data for certain purposes, we will process your personal data within the scope of and on the basis of that consent unless we have any other legal grounds and require them. The consent can be withdrawn at any time (see also section 9), although this has no effect on data processed up to that point.
Cookies / Tracking in connection with the Use of our Website
By using our website and consenting to receive newsletters and other marketing emails, you consent to the use of these methods. Otherwise, you will have to change the settings in your browser or email software to prevent it.
Sharing of Data and Transmission of Data Abroad
Where admissible and appropriate, we share data with third parties as part of our business activities and for the purposes described in section 3 – including but not limited to the third parties processing the data on our behalf. The third parties might be the following, in particular (recipients):
- Our service providers (such as banks and insurers), including processors (such as IT providers);
- Sellers, suppliers, subcontractors and other business partners;
- Authorities, official bodies or courts;
- The public, including visitors to websites and users of social media;
- Buyers or parties interested in acquiring business lines, companies or other elements;
- Other parties to actual or potential legal proceedings;
Some of these recipients are in Switzerland, but others might be abroad. In particular, you must expect your data to be transferred to any country in which our service providers (e.g. Microsoft) are situated.
If a recipient is based in a country without an adequate level of data protection, we have the recipient sign a contractual undertaking to uphold the applicable level of data protection (we use the revised standard contractual clauses of the European Commission, which are available here, unless the recipient is already subject to a legally recognised regulatory framework for data protection and we are unable to make use of an exception. Legal proceedings abroad can be one such exception, as can cases of overriding public interest, or if the execution of a contract requires such a disclosure, if you have consented or if the data has been made generally accessible and you have not objected to its processing.
Retention Periods for your Personal Data
We process and store your personal data for as long as necessary to fulfil our contractual and statutory obligations or other purposes for which we are processing the data, i.e. for the term of the entire business relationship (from the initiation to the performance and termination of a contract), as well as in line with the statutory regulations concerning retention and documentation. It is possible that personal data might be stored for the period of time in which claims can be filed against our company and if we are otherwise legally obliged to do so, or if our legitimate interests require it (e.g. for the purposes of evidence and documentation). Where possible, your personal data will be erased or anonymised as soon as it is no longer required for the purposes above. Operational data is generally subject to shorter retention periods of 12 months or less.
In so far as possible and feasible, we have implemented reasonable technical and organisational measures to protect your personal data from being accessed by unauthorised parties and misused.
Obligation to disclose Personal Data
As part of our business relationship, you are required to provide the personal data necessary for the initiation and execution of a business relationship and for the fulfilment of the related contractual obligations (you are not normally legally obliged to provide us with data). Without such data, we will not normally be able to enter into or execute a contract with you (or the body or person you represent). It might not even be possible to use the website if certain information is not disclosed for the purposes of securing the transmission of data (e.g. your IP address).
Rights of the Data Subject
Under the applicable data protection legislation and to the extent provided for therein, you are entitled to access information, to rectification, to erasure, to restriction of processing, to object to the processing of data by us and to other legitimate interests in the processing, and to receive certain personal data for the purposes of transmitting it to another controller (i.e. data portability). However, please note that we reserve the right to utilise the statutory restrictions on our part if, for instance, we are obliged to store or process certain data, have an overriding interest in doing so (provided that we are permitted to cite it) or need to do so in order to exercise legal rights. We have already made you aware of your option to withdraw your consent in section 3.
As a rule, exercising such rights requires you to provide evidence of your identity (e.g. a copy of your personal identification if your identity is not otherwise clear and cannot be verified). You can contact us at the address provided in section 1 in order to exercise your rights.
Furthermore, every data subject has the right to enforce their claims in a court of law and to lodge a complaint with a supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC) (http://www.edoeb.admin.ch).
SSL and TLS encryption
For security reasons and in order to protect the transfer of confidential content such as enquiries which you send to us, the operator of the website, this website uses SSL and TLS encryption.