Information on data protection for customers, vendors and partners
1. Responsible entity and data protection officer
The following three Bucher + Suter companies are responsible for the processing of personal data:
- Bucher + Suter AG (Arastrasse 6, 3048 Worblaufen, Switzerland), firstname.lastname@example.org, +41 31 917 52 00
- Bucher & Suter AG (Stubenwald-Allee 19, 64625 Bensheim, Germany), email@example.com, +49 6251 8622 500
- Booker + Suter Inc (4600 S Syracuse St, 9th Floor, Denver, CO 80237, USA), firstname.lastname@example.org, +41 31 917 52 00)
Managing Director: Martin Wüthrich
The company data protection officer can be contacted at the above address, at the e-mail address email@example.com or by telephone at +49 6251 8622 598.
2. Which categories of personal data are processed by us?
2.1 We mainly process the following personal data:
- Master data (such as name), contact data (such as telephone, e-mail address, place of work, business card), signatures that you place on documents, and submitted powers of attorney.
- User account for the use of our systems and data necessary for granting access to our premises.
- Your function and employer and, where relevant to the business relationship, your professional activities, experience and qualifications, references and information about the services you have provided to us.
- In certain cases (e.g., within the framework of cooperation with financial institutions) and only if lawful, we also receive information from you on debt enforcement or criminal records (e.g. if the project in which you are involved requires such proof and we are the person responsible for this information).
- Information about you in correspondence, e-mail communications, and meetings, opinions of you, as well as feedback and protocol notes provided and collected in the course of your business activities.
- Data of consultants and partners from you and, if applicable, about their employees.
- In certain cases, financial data (such as bank account data) so that a payment can be made, or data from your insurance company for claims management purposes.
- Information within the framework of judicial and extrajudicial proceedings.
- Publicly available data.
We receive your data directly from you or from the company that employs you. In addition, we also retrieve data from public registers or databases (such as commercial registers and the internet). To the extent permitted, we may also receive such information from other Noser Group companies, government agencies, and other third parties.
In principle, you are not legally obliged to share your personal data with us. However, you may be required to provide this information under a contract with you or the company for which you work (for example, if you are mentioned as a contact person in a contract or are required by a contractual agreement to provide certain information such as a debt collection statement, references, etc.). Certain data must also be provided to conclude a contract (such as bank details, names, addresses, etc.). In some cases, failure to provide data may lead to a breach of contract.
3. For what purposes and on what legal basis do we process your data?
3.1 We use the personal data collected to carry out our business activities, in particular:
- Conclude and execute contracts, including correspondence, invoicing, contract management, project development, as well as management and protection of contractual claims.
- Establish and maintain business relationships, including marketing (delivery of information about our offerings, invitations to events in our business), contact management, correspondence, customer management, customer satisfaction surveys.
- Management of authorizations and use of our IT systems and internal tools.
- Settlement of claims and insurance claims.
- Implementation of restructurings and company acquisitions and sales.
- Securing and sustainability of our business activities as well as the management of our company, such as storage, accounting, consulting with specialists on business incidents, fulfilling information duties to administrative bodies and authorities, ensuring compliance, ensuring secure access to buildings, and access to systems.
The legal basis for the processing of your data is primarily the implementation of contractual measures as well as the fulfillment and execution of concluded contracts with you. In addition, we are legally obliged to collect and process specific data, e.g., for accounting and billing purposes. Furthermore, the processing of your data may become necessary to protect our legitimate interests. For example, in the following cases:
- To approach our existing customers and partners as well as new customers within the scope of marketing campaigns.
- To protect and assert our legal claims.
- To ensure the security and availability of our IT systems and other infrastructure.
- Carry out or optimize business processes (incl. management and administration of the company) as well as company acquisitions and restructurings.
- If we pass on data to our service providers certain tasks for us.
Before we process data based on our legitimate interests, we ensure that your rights to data protection do not outweigh our legitimate interests. If you do not agree with processing on this basis, and if certain conditions are met, you can file an objection. An objection against direct advertising can be submitted at any time. You can find out more about your rights under point 6.
Of course, we process, albeit rarely, personal data that you voluntarily give us without the aforementioned legal basis. With regard to such data, you may revoke your consent at any time with the result that we may no longer use the data and will delete it. Processing already carried out, will not be affected by this.
4. To whom do we pass on your personal data?
The passing on of data constitutes data processing. Therefore, we only pass on your personal data to third parties if there is a corresponding legal basis (as described in section 3, the legal basis used by us are usually contracts with you, legal obligations, legitimate interest, or consent).
To the extent permitted, personal information is shared with other Noser Group companies to administer and manage the group and with service providers who perform functions for us and assist us in the performance of our activities. In addition, your data can be shared with partners and customers if the business relationship, the project, or the usual market practice requires this. Your personal data may be shared with the following service providers, companies, and authorities:
- Companies providing services to us on a contract basis, such as IT hosting and maintenance suppliers, consultants, banks, insurance companies, etc., including contractors.
- Cloud service providers (such as Salseforce.com, Microsoft, Cisco, etc.). Project data and related personal data can be stored and edited on such applications.
- Other subcontractors and business partners whose services we may lawfully obtain or with whom we have a mutual business relationship.
- Authorities, law enforcement agencies, courts, if required for the above purposes, when required by law or for the legal protection of our legitimate interests in compliance with applicable law.
- Counterparties in corporate acquisitions.
The above third parties to whom we may transfer personal data may be located in Switzerland or other countries, including countries outside Europe such as the United States. If we process personal data abroad or if this occurs in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if the necessary requirements of data protection law are met. An appropriate level of protection for personal data is thus ensured (employing a decision on adequacy, standard contractual clauses, privacy shield rules, etc.) You can request detailed information on this and, in particular, a copy of the specific guarantees available at any time from the contact person mentioned in section 1.2.
5. How long do we store your data?
Your data will be stored (i) as long as it is necessary for the purpose of processing and/or (ii) as long as the storage of the data is subject to a legal obligation, e.g. statutory retention obligations for business documents, and/or (iii) as long as the storage is necessary for the assertion, exercise or defense of legal claims. As soon as we no longer need your personal data for any of the purposes mentioned above, it will be deleted or anonymized as far as practically possible.
6. What rights do you have?
When the EU Data Protection Regulation applies to data processing, you have all the rights set out below. In all other cases, you have the rights listed below, which the applicable data protection law provides.
You have the right to:
- request information about your personal data processed by us;
- demand the correction of incorrect or incomplete personal data stored by us without delay;
- request the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- request the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you; the processing is unlawful, but you refuse its deletion, and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing;
- revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future;
- object to the processing of your personal data, provided that this data is processed based on legitimate interests and provided that there are reasons for doing so which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without stating a particular situation;
- receive the personal data that you have provided to us in a structured, common and machine-readable format or request its transfer to another location;
- complain to the competent supervisory authority.
If you have any questions concerning the existence or exercise of these rights, you may contact the contact person referred to in point 1.1 at any time.
7. How do we guarantee the security of your data?
We use appropriate technical (e.g., security of IT systems and buildings) and organizational (e.g., internal guidelines, training, instructions) security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
8. Timeliness and amendment of this data protection declaration
This data protection declaration is currently valid and was given that status in October 2019. Due to the further development of our business activities or due to changed legal or official requirements, it may be necessary to amend this data protection declaration. We, therefore, recommend that you periodically review this privacy statement on our website.