Website Data Protection Declaration
We are pleased that you are interested in the Oetiker Group (referred to below as “Oetiker”). The Oetiker website itself can be accessed without inputting any personal data. If the processing of personal data is necessary but we are under no legal obligation to process such data, we generally request the permission of the person concerned. The processing of personal data is performed in accordance with the requirements of the data protection regulations of the European Union (“GDPR”) and in agreement with the applicable national data protection provisions. The intention of this data protection declaration is to inform you of the type, scope and purpose of the personal data that we process. In addition, this data protection declaration will inform the persons concerned of their rights.
As Oetiker is responsible for processing, it has therefore implemented many technical and organizational measures to ensure protection that is as comprehensive as possible for the processing of personal data via this website. Nevertheless, Internet-based data transmission is never completely secure, so absolute protection cannot be guaranteed. For this reason every person concerned is free to choose an alternative method for sending personal data to us, for example, using the phone.
In accordance with the California Consumer Privacy Act (CCPA) of 2018, we will not sell your personal information to any third party. We do not discriminate against California residents who choose to exercise their CCPA rights. Should you have any questions or concerns, please email us at firstname.lastname@example.org.China Residents
We may provide and transfer your personal information to other Oetiker entities in and outside of China in accordance with this privacy notice. All cross-border transfers of personal information comply with the applicable obligations and requirements of the Chinese Personal Information Protection Law (PIPL). Should you have any questions or concerns, please email us at email@example.com.
1. Terms used
This data protection declaration is based on the terminology used by the European body responsible for issuing directives and decrees when releasing the GDPR. Our data protection declaration should be easy to read and understand for all persons concerned. In order to ensure this, we first define the terms that are used.
In this data protection declaration and on our website, we use the following terms among others:
a) Personal data
Personal data are all the information that relate to an identified or identifiable natural person (referred to below as the "person concerned”). An identifiable natural person is one who can be identified directly or indirectly, in particular by allocation of an identifier such as a name, code number, location data, online identifier or one or more features that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Person concerned
The person concerned is any identified or identifiable natural person for whom personal data is processed by the person responsible for processing.
Processing is any process or series of processes performed with or without the aid of an automated process in connection with personal data such as creating, recording, organizing, sorting, storing, modifying or changing, reading, requesting, using, publishing by transmission, propagation or any other form of preparation, comparison or linking, restricting, deleting or destroying.
Profiling is any form of automated processing of personal data in which these personal data are used to evaluate particular personal aspects that relate to a natural person, in particular to analyze or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behavior, place of residence or change of residence of that natural person.
Pseudonymization is the processing of personal data in such a way that without introduction of additional information the personal data can no longer be attributed to a specific person, where this additional information is stored separately and is subject to technical and organizational measures so as to guarantee that the personal data cannot be assigned to an identified or identifiable natural person.
f) Responsible person, or person responsible for processing
The responsible person, or person responsible for processing, is the natural or legal person, authority, establishment or other office, which decides alone or jointly with others on the purpose and means of processing personal data. If the purpose and means of this processing are specified by EU law or the law of member states, the responsible person can identify and provide the specific criteria specified by EU law or the law of member states.
g) Order processor
The order processor is a natural or legal person, authority, establishment or other office who or which processes the personal data on behalf of the responsible person.
The recipient is a natural or legal person, authority, establishment or other office, who or which publishes the personal data irrespective of whether or not it does so via a third party. Authorities, which in the context of a specific inquiry mandate, may obtain personal data under the provisions of EU law or the law of member states, do not rank as recipients.
i) Third party
A third party is a natural or legal person, authority, establishment or other office, apart from the person concerned, the responsible person, the subcontract processor and the persons, who or which process the personal data under the immediate accountability of the responsible person or the order processor.
Permission is any unambiguous expression by the person concerned, of their own free will, in an informed manner, in the form of a declaration or other unambiguous confirmed action, whereby the person concerned makes it understood that they agree to the processing of the personal data concerning him.
2. Name and address of the responsible person
The responsible person in the sense of the basic data protection regulations and other data protection laws applicable in member states of the European Union and other provisions of a data protection legal character is:
Oetiker Schweiz AG
PO Box 358
Any person concerned can at any time address all questions and proposals regarding data protection directly to our Data Protection Officer.
A cookie allows us to optimize the information and offers on our website for the individual user. As previously mentioned, cookies allow us to recognize users returning to our website. The purpose of this recognition is to make it easier for the user to use our website.
The person concerned can make a setting on their browser at any time to prevent cookies being installed on the Internet browser they are using, thereby permanently prohibiting the installation of cookies. In addition, cookies already installed on an Internet browser or other software programs can be deleted at any time. All the popular Internet browsers offer this facility. If the person concerned deactivates the installation of cookies in the Internet browser they are using, under some circumstances not all the functions of our website can be used to their full extent.
4. Recording of general data and information
Every time our website is called up by a person concerned or by an automated system it records a series of general data and information. These general data and information are saved in the log files of the server. The data recorded can be
- the type and version of browser that is used,
- the operating system used by the system performing the access,
- the website from which a system performing the access arrives at our website (the referrer),
- the sub-websites which the system performing the access directed to our website,
- the date and time of the access to the website,
- an Internet protocol address (IP address),
- the Internet Service Provider of the system performing the access,
- other similar data and information for the purposes of defense in the event of attacks on our information technology systems.
In our use of the general data and information we draw no conclusions about the person concerned. Rather this information is required in order (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website and the advertisements for it, (3) to ensure the continuing functional capability of our information technology systems and the technology of our website and (4) to provide the information necessary for a criminal prosecution in the event of a cyber-attack. This anonymously gathered data and information are thus analyzed statistically on the one hand, and evaluated with the objective of increasing the data protection and the data security within our company on the other hand, with the ultimate aim of ensuring an optimum level of protection for the personal data that we process. The anonymous data on the server log files are saved separately from all personal data provided by the person concerned.
The person concerned has the option of registering on our website by giving their personal data. In that case the personal data that are submitted to us depend on the respective input screen that is used for the registration. The personal data submitted by the person concerned are created and saved by Oetiker solely for internal use and for our own purposes. Oetiker may also release the personal data to one or more order processing agencies, which also use the data solely for internal purposes.
If requested by the person concerned at any time, Oetiker will declare to the person concerned which personal data it holds on them. In addition, on request by the person concerned or at their instruction, Oetiker will correct or delete personal data on the person concerned, provided this does not conflict with any statutory obligation to store that data. The Data Protection Officer named in this data protection declaration, and all employees of the agency responsible for processing are available in this respect as contact persons for the person concerned.
6. Routine deletion and closure of personal data
Oetiker processes and saves personal data for the person concerned only for the period of time necessary in order to achieve the purpose for which the data were stored, or which is specified by the European body responsible for issuing Directives and Decrees.
Once the purpose is no longer valid, or on expiry of the period specified by the European body responsible for issuing Directives and Decrees or specified by other applicable legislation, the personal data are closed or deleted as a matter of routine and in accordance with the statutory regulations.
7. Rights of the person concerned
Each person concerned has the following rights under the GDPR, according to the European body responsible for issuing directives and decrees:
- Right to acknowledgement
- Right to information
- Right to correction
- Right to deletion (the right to be forgotten)
- Right to restrict the processing
- Right to data transferability
- Right to protest
- Automated decisions in individual cases including profiling
- Right to retract permission under data protection law
If a person concerned wishes to exercise any of these rights they may contact our responsible person as defined at point 2.
8. Data protection regarding applications and the application process
We create and process the personal data of applicants for the purposes of dealing with the application process. The processing may involve electronic media. This is particularly the case if the applicant has submitted the relevant application papers to us by electronic means, such as via e-mail. If a contract of employment is entered into with the applicant, the data submitted during the course of processing the employment relationship is saved in accordance with the statutory regulations. If no contract of employment is entered into with the applicant, the application papers are automatically deleted six months after the rejection of the application, provided the deletion does not conflict with any legitimate interest. Statutory requirements for archiving, burden of proof and duty of storage over and above the data protection law may constitute a legitimate interest in this sense.
9. Data protection provisions regarding the use and application of Google Analytics
The Oetiker website uses Google Analytics. Google Analytics is a web analysis service. Web analysis is the creation, collection and evaluation of data about the behavior or visitors to websites. A web analysis service records among other things data about the website from which the person concerned accessed the website, about which subpages of the website the person visited and how often and for how long a subpage was viewed. Web analysis is used primarily for optimizing a website and for cost-benefit analysis of Internet advertising.
The operating company of Google Analytics Component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of the Google Analytics Component is the analysis of the visitor flows on our website. Google uses the data and information thus gained, amongst other things, to evaluate the use of our website, to generate online reports for us, which show and summarize the activities on our websites, and also to provide services in conjunction with the use of our website.
Google Analytics installs a cookie on the information technology system of the person concerned. The cookie allows the storage of personal information such as the rights of access, the time of access, the location from which the access was made and the frequency of visits to our website by the person concerned. At each visit to our website, those personal data, including the IP address of the internet connection used by the person concerned, are transmitted to Google in the United States of America. Those personal data are stored by Google in the United States of America. In some circumstances, Google may pass the personal data collected by this technical process to third parties.
As described above, the person concerned can at any time perform a setting on their browser to prevent cookies being installed on the Internet browser they are using, and thus permanently prohibit the installation of cookies. Such a setting on the Internet browser that is used would also prevent Google Analytics installing a cookie on the information technology system of the person concerned. In addition, a cookie already installed in an Internet browser or other software programs by Google Analytics can be deleted at any time.
Further information and the applicable Google data protection provisions can be viewed under https://policies.google.com/privacy and under http://www.google.com/analytics/terms/us.html. The operation of Google Analytics is explained in more detail under the link https://www.google.com/intl/us_us/analytics/.
10. Data protection provisions about the use and application of Google Ad-Words
The person responsible for processing has integrated this website into Google AdWords. Google AdWords is a service for Internet advertising, which permits the advertising opera-tor to link advertisements both into the Google search engine results and also into the Google advertising network. Google AdWords permits the advertising operator to specify preagreed key words, in response to which an advertisement appears in the Google search engine results only if the user of the search engine calls up a search result relevant to the key word. In the Google advertising network, the advertisements are distributed by means of an automatic algorithm on thematically-relevant websites in response to the preagreed key words.
The operating company of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is the advertising of our website by displaying interest-relevant advertisements on the websites of third party companies and in the search engine results of the Google search engine, and advertising third party advertisements on our website.
If a person concerned accesses our website from a Google advertisement, Google installs a conversion cookie on the information technology system of the person concerned. It has already been explained what cookies are. Please see above. After thirty days a conversion cookie ceases to be valid and no longer identifies the person concerned. As long as the conversion cookie has not expired it will trace whether certain sub-websites, such as the shopping basket of an online shop system have been called up on our website. By means of the conversion cookie both we and also Google can trace whether a person concerned who accessed our website via an AdWords advertisement generated turnover, i.e. whether they bought goods or broke off the transaction.
The data and information collected by use of the conversion cookie are used by Google to generate visitor statistics for our website. In turn, we use these visitor statistics to determine the total number of users who were sent to us via AdWords advertisements; we can thus determine the success of lack of success of the respective AdWords advertisement and act on this to optimize our AdWords advertisements for the future. Neither we as a company, nor other advertising customers of Google AdWords, receive information from Google that enables us to identify the person concerned.
Personal information such as the websites visited by the person concerned is saved by means of the conversion cookie. At each visit to our website, these personal data, including the IP address of the internet connection used by the person concerned are subsequently transmitted to Google in the United States of America. Those personal data are stored by Google in the United States of America. In some circumstances Google may pass the personal data collected by this technical process to third parties.
As described above, the person concerned can time perform a setting at any time on their browser to prevent cookies being installed on the Internet browser they are using, and thus permanently prohibit the installation of cookies. Such a setting on the Internet browser that is used would also prevent Google Analytics setting a conversion cookie on the information technology system of the person concerned. In addition, a cookie already installed on an Internet browser or other software programs by Google AdWords can be deleted at any time.
In addition, the person concerned has the option of blocking the Google advertisement relating to their interests. To do this, the person concerned must use each of their Internet browsers to call up the link adsettings.google.com and make the desired settings there.
Further information and the applicable Google data protection provisions can be viewed under https://policies.google.com/privacy.
11. Data protection provisions about the use and application of YouTube
The person responsible for processing has integrated components this website into YouTube. YouTube is an Internet video portal which permits video publishers to create video clips free of charge and permits other users to view, evaluate and comment on these clips, also free of charge. YouTube permits the publication of all kinds of videos, including complete films and TV productions, together with music videos, trailers or videos created by the users themselves, which can be called up via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Every time an individual entry is made to this website which is operated by the person responsible for processing and into which a YouTube component (YouTube video) is integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective YouTube component to download a presentation of the respective YouTube component from YouTube. Further information on YouTube can be called up under https://www.youtube.com/yt/about. In the course of this technical process, YouTube and Google are informed which specific sub-page of our website was visited by the person concerned.
If at the same time the person concerned is logged in to YouTube, YouTube detects when a subpage that contains a YouTube video has been called which specific subpage is being visited by the person concerned. This information is gathered by YouTube and Google and assigned to the respective YouTube account of the person concerned.
If the person concerned at the time the video was called up was time logged in to YouTube at the same time, then YouTube and Google still obtain information via the YouTube component that the person concerned has visited our website; this occurs whether or not the person concerned clicked on a YouTube video or not. If the person concerned does not wish this type of information to be supplied to YouTube and Google, they can prevent it by logging out of their YouTube account before calling up our website.
The data protection provisions published by YouTube, which can be called up under https://policies.google.com/privacy give information on the creation, processing and use of personal data by YouTube and Google.
12. Data protection provisions about the use and application of XING
XING is provided by XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Every time a user calls up a website that contains the XING functions, a connection to the XING server is established. As far as we are aware this does not involve the saving of any personal data. In particular no IP address is saved and no usage behavior is evaluated.
Further information on data protection and the XING share button can be found in the data protection declaration by XING under https://privacy.xing.com/en.
13. Data protection provisions about the use and application of LinkedIn
LinkedIn is provided by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time a user calls up a website that contains the LinkedIn functions, a connection to the LinkedIn server is established. When you visit our website, LinkedIn is informed of this and is informed of your IP address. If you click on the LinkedIn "Recommend" button and you are logged in to your LinkedIn account, LinkedIn can assign your visit to our website to you and your user account. We would draw to your attention that as the provider of the website pages, we have no knowledge of the content of the data that are transferred, nor of their usage by LinkedIn.
Further information on this can be found in the data protection declaration by LinkedIn under: https://www.linkedin.com/legal/privacy-policy.
14. Data protection provisions about the use and application of Facebook plugins
If you visit our website, the plug establishes a direct connection between your browser and the Facebook server. By this means, Facebook obtains the information that you used your IP address to visit our website. Whilst logged in to your Facebook user account, if you click on the Facebook "Like” button, you can link the contents of our website to your Facebook profile. This allows Facebook to assign your visit to our website to your Facebook user account. We would draw to your attention that, as the provider of the website pages, we have no knowledge of the content of the data that are transferred, nor of their usage by Facebook. Further information on this can be found in the data protection declaration by Facebook under https://www.facebook.com/policy.php.
If you prefer that Facebook cannot assign your visit to our website to your Facebook user account, please log out from your Facebook user account.
15. Data protection provisions about the use and application of Brightcove
More information about Brightcove and the options for deactivating the use of Brightcove can be found under:
16. Data protection provisions about the use and application of WeChat
WeChat is provided by Tencent, Data & Privacy Centre, Tencent Building, Science and Technology Park Road, Nanshan District, Shenzhen, Guangdong Province, China. Every time an user calls up a website that contains the WeChat functions, a connection to the Tencent server is established. When you visit our WeChat profile, Tencent is informed of this and is informed of your IP address.
Further information on this can be found in the data protection declaration by Tencent under:
17. Data protection provisions about the use and application of Salesforce
Further information on this can be found in the data protection declaration by Salesforce under:
18. External Hosting
We use Amazon Web Services (AWS) as an external service provider to host our website. The personal data collected on this website is stored on AWS servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website. The use of AWS is in the interest of a secure, fast and efficient provision of our website (Art. 6 para. I f) DSGVO). AWS will only process your data to the extent that is necessary for the fulfilment of its service obligations within the framework of contractual obligations and instructions from us. We have concluded an order processing contract with AWS in accordance with Art. 28 DSGVO.