Re-Fer

With this privacy statement, users of this website will be informed of their rights granted to them by the legal regulations of the Swiss Federal Law on Data Protection (DSG) and the EU’s General Data Protection Regulation (DSGVO).

In addition, it is revealed how the re-fer AG deals with this Internet appearance with all-time collected data. For convenience in this text, mostly the male form/spelling is used.

The use of this website is possible without specifying personal information. If it is necessary to process personal data (e.g. on a web form), it’s explicitly pointed out.

Owner or responsible person

The responsibility for the processing of data within the meaning of applicable Swiss or European Union legislation as well as other provisions of a data protection nature has

re-fer AG
Riedmattli 9
6423 Seewen
Switzerland
P +41 41 818 66 66
info(at)re-fer.eu

Security

re-fer AG takes all technical measures to ensure a protection as complete as possible for the data collected via this website (including encrypted data transmission via TLS/SSL). However, data transmissions on the internet can generally have security gaps; absolute protection is not guaranteed.

Complete data security cannot be guaranteed, especially with unencrypted email communication. For this reason, encrypted communication or postal mail is recommended for data with a high level of secrecy.

Duration of data storage and rights of the data subject

Duration of storage:

We store personal data only to the extent and for as long as this is necessary to fulfill the purposes for which the personal data was collected, we have a legitimate overriding interest in the storage or are legally obliged to do so.

Right to information:

You have the right to request confirmation as to whether we are processing personal data about you. If this is the case, you have the right to information about the data specified in 25 ff. DSG or Art. 15 para. 1 DSGVO named information, as far as the information cannot be refused, restricted or postponed by the owner of the data collection (cf. Art. 26 f. DSG or Art. 15 para. 4 DSGVO). We will also be happy to provide you with a copy of the data.

Correction claim:

Pursuant to Art. 32 (1) DSG or Art. 16 DSGVO, you have the right to demand that incorrectly stored personal data (such as address, name, etc.) be corrected, provided that this claim does not conflict with any legal obligation. You can also request that the data stored by us be completed at any time. A corresponding adjustment will be made immediately.

Right to deletion:

Pursuant to Art. 17 (1) DSGVO, you have the right to request that we delete the personal data we have collected about you if

•     the data is either no longer needed;
•     due to the revocation of your consent, the legal basis for processing has ceased to exist without replacement;
•     there are no longer any justified reasons for processing;
•     your data is processed unlawfully;
•     a legal obligation requires this.

According to Art. 17 (3) of the GDPR, the right does not exist if

• the processing is necessary for the exercise of the right to freedom of expression and information;
• Your data has been collected on the basis of a legal obligation;
• the processing is necessary for reasons of public interest;
• the data is necessary for the assertion, exercise or defense of legal claims.

Right to restrict processing:

According to Art. 18 (1) DSGVO, you have the right in individual cases to request the restriction of the processing of your personal data.

This is the case when

• the accuracy of the personal data is disputed by you;
• the processing is unlawful and you do not consent to its deletion;
• the data is no longer required for the processing purpose, but the collected data is used for the assertion, exercise or defense of legal claims;
• an objection to the processing pursuant to Art. 21 (1) DSGVO has been filed and it is still unclear which interests prevail.

Right of revocation:

If you have given us express consent to process your personal data (Art. 6 para. 6 DSG and Art. 31 para. 1 DSG; Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO), you may revoke this consent at any time. Please note that the legality of the processing carried out on the basis of the consent up to the revocation is not affected by this. Information for which we are legally obligated to retain data will be deleted after expiry of the deadline.

Right to object:

In accordance with Art. 21 DSGVO, you have the right to object at any time to the processing of personal data relating to you that has been collected on the basis of Art. 6 Para. 1 lit. f DSGVO (in the context of a legitimate interest). If you have given us express consent to process your personal data (Art. 6 (6) DSG and Art. 31 (1) DSG), you may revoke this consent at any time. Please note that the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this. You only have this right if there are special circumstances that speak against the storage and processing. Information for which we are legally obligated to store will be deleted after the expiry of the deadline.

How do you exercise your rights?

You can exercise your rights at any time by contacting us using the contact details of our company.

Right to data portability:

Pursuant to Art. 20 DSGVO, you have a right to the transmission of the personal data concerning you. The data will be provided by us in a structured, common and machine-readable format. The data can be sent either to you or to a person responsible named by you.

We will provide you with the following data upon request:

• Data collected on the basis of consent (Art. 31 para. 1 DSG as well as Art. 6 para. 1 let. a DSGVO);
• Data that we have received from you in the context of existing contracts (Art. 31 para. 2 let. a DSG as well as Art. 6 para. 1 let. b DSGVO and Art. 9 para. 2 let. a DSGVO);
• Data that has been processed as part of an automated procedure.

We will transfer the personal data directly to a responsible party of your choice as far as this is technically feasible. Please note that we may not transfer data that interferes with the overriding interests of third parties pursuant to Art. 26 (1) b DSG or Art. 20 (4) DSGVO, or may do so only to a limited extent.

Notifications to the FDPIC and possibility of legal action:

Pursuant to Art. 49 FADP, data subjects may file a report with the supervisory authority if there are sufficient indications that data processing may violate data protection regulations. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

For further information, please refer to the contact form of the FDPIC: https://www.edoeb.admin.ch/edoeb/de/home/deredoeb/kontakt.html

If you suspect that your data is being processed unlawfully on our site, you can bring about a judicial clarification of the issue in accordance with Art. 32 DSG. As a rule, a lawsuit in accordance with Art. 28 ff. ZGB should be sought. If you are affected by the processing of data by federal bodies, the procedure is governed by Art. 41 FADP. In this case, you can also contact the FDPIC (see reference to the contact form above).

Right of appeal to the supervisory authority pursuant to Art. 77 (1) DSGVO:

If you suspect that your data is being processed illegally on our site, you can of course bring about a judicial clarification of the issue at any time. In addition, any other legal option is open to you. Independently of this, you have the option of contacting a supervisory authority in accordance with Art. 77 (1) DSGVO. The right of complaint pursuant to Art. 77 DSGVO is available to you in the EU Member State of your place of residence, your place of work and/or the place of the alleged infringement, i.e. you can choose the supervisory authority to which you turn from the places mentioned above. The supervisory authority to which the complaint has been submitted will then inform you of the status and outcome of your submission, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Sharing of data

Data collected via this website will not be passed on to third parties unless otherwise stated below.

References/links to external websites

This website may contain references/links to other websites for which re-fer AG is not responsible. Users should therefore note that these websites have their own data protection declarations and terms and conditions, which may differ from these.

Cookies

Cookies are used on the re-fer AG website. The following Wikipedia article provides a detailed description of the technology: https://en.wikipedia.org/wiki/HTTP_cookie

Cookies can contain a so-called cookie ID, which allows the cookie to be uniquely identified. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored.

By using cookies, re-fer AG can provide the users of this website with services that would not be possible without them. Users of this website can prevent the setting of cookies by making the appropriate settings in their internet browser. Cookies that have already been set can be deleted in the Internet browser used or using additional software. If the setting of cookies is deactivated, not all functions of this website may be usable.

The legal basis for the data processed by cookies is Article 6 Paragraph 1 Sentence 1 Letter f DSGVO as well as other bases in Swiss law, specifically the principle of legality (Article 6 Paragraph 1 DSG) and the requirement of good faith (Art. 6 Para. 2 DSG or Art. 2 ZGB).

Collection of general data and information (Logfiles)

When you access this website, general data and information is collected and stored in so-called log files on the server. The browser types and versions used, the operating system used by the user, the website from which a user accesses our website (so-called referrer), the sub-websites that are accessed via an accessing system on our website, and the date can be recorded in log files and the time of access to the website, an Internet protocol address (IP address), the Internet service provider of the accessing system and other similar data and information that serve to avert danger in the event of attacks on IT systems.

When using this general data and information, no conclusions can be drawn about the data subject. The information is required to correctly deliver the content of this website, to ensure the functionality of the IT systems and technology of this website, and to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack.

This anonymously collected data and information is therefore evaluated by re-fer AG or its hosting partner both statistically and with the aim of increasing data protection and data security.

The legal basis for the collection of data and information is the principle of legality (Art. 6 Para. 1 DSG), the requirement of good faith (Art. 6 Para. 2 DSG or Art. 2 ZGB) and Art. 6 Para. 1 lit . f DSGVO (legitimate interest).

YouTube

re-fer AG may have integrated components from YouTube on this website. YouTube is an online video portal that allows you to post video clips free of charge and also view, rate and comment on them free of charge.

YouTube’s operating company is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

Every time a single page of this re-fer AG website is accessed, on which a YouTube component (“YouTube video”) has been integrated, the Internet browser used by the user is automatically prompted to download a display of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/.

As part of this technical process, YouTube and Google Inc. receive information about which specific subpage of our website is visited by the data subject.

If the person concerned is logged in to YouTube at the same time, YouTube recognizes which content page is visited when a video is viewed. This information is collected by YouTube and Google Inc. and assigned to the respective YouTube account of the data subject.

YouTube and Google Inc. always receive information via the YouTube component that the person concerned has visited our website if they are logged in to YouTube at the same time as accessing our website – this occurs regardless of whether a YouTube Video is clicked or not.

If the user of this website does not want such a transmission, they can prevent this by logging out of their YouTube account before accessing our website.

The data protection regulations published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google Inc.

Vimeo

re-fer AG may have integrated Vimeo components on this website. Vimeo is an online video portal that enables free and paid posting of video clips as well as free and paid viewing, rating and commenting on them.

The operating company of Vimeo is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

Every time a single page of this re-fer AG website is accessed, on which a Vimeo component (“Vimeo video”) has been integrated, the Internet browser used by the user is automatically prompted to download a display of the corresponding Vimeo component from Vimeo. Further information about Vimeo is available in English at https://help.vimeo.com/hc/en-us.

As part of this technical process, Vimeo learns which specific subpage of our website is visited by the user.

If the user is logged in to Vimeo at the same time, Vimeo Inc. recognizes which content page is visited when a video is viewed. This information can be collected by Vimeo and assigned to the respective Vimeo account of the data subject.

Vimeo always receives information via the Vimeo component that the user has visited our website if they are logged into Vimeo at the same time as accessing our website – this occurs regardless of whether a Vimeo video is clicked on or not.

If the user of this website does not want such a transmission, they can prevent this by logging out of their Vimeo account before accessing our website.

The data protection regulations published by Vimeo, which are available in English at https://vimeo.com/privacy, provide information about the collection, processing and use of personal data by Vimeo Inc.

Contact form

If you fill out a contact form (also called a web form), send us an email or another electronic message, your details will only be saved for processing the request and possible other related questions and will only be used in the context of the request. The legal basis for processing your request is Art. 6 Para. 1 Sentence 1 Letter b DSGVO as well as other bases in Swiss law, specifically the principle of legality (Art. 6 Para. 1 DSG) and the requirement of good faith (Art 6 Paragraph 2 DSG or Art. 2 ZGB).

re-fer AG will delete your contact details within a maximum of 150 days after your request has been processed.

Google Maps

This website uses the Google Maps product from Google Inc. By using this website, you agree to the collection, processing and use of automatically collected data by Google Inc, its representatives and third parties.

The terms of use of Google Maps can be found at https://www.google.com/intl/en/help/terms_maps/.

Security – iThemes Security

What personal information we collect and why we collect it

Security-Logs

The IP address of visitors, the user ID of logged in users, and the username of login attempts are conditionally logged to scan for malicious activity and protect the website from certain types of attacks. Examples of conditions under which logging occurs include login attempts, logout requests, suspicious URL requests, changes to site content, and password updates. This information is retained for 60 days.

With whom we share your data

This site is checked for potential malware and vulnerabilities by iThemes Site Scanner. We do not send any personal information to the scanner; however, during the scan the scanner may find personal information that has been posted publicly (e.g. in comments).

How long we keep your data

• Security log backups are retained for 30 days.
• Security logs are retained for 60 days.

Where we send your data

This website is part of a network of websites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log in to the website is shared with a service provided by ithemes.com. For privacy details, please see the iThemes Privacy Policy.

Extensions for the website

We use extensions for our website to enable additional functions.

We use:

• jQuery (Google Hosted Libraries): Free JavaScript library; Provider: Google; Google Hosted Libraries-specific information: “What does the use of Google Hosted Libraries mean for privacy?”.

Automated decision making (Profiling)

re-fer AG does not use automatic decision-making or profiling.

Information about this data protection declaration

This data protection declaration is partly based on the data protection declaration generator (https://dsgvo-muster-datenschutzerklaerung.dg-datenschutz.de/) of the DGD Deutsche Gesellschaft für Datenschutz GmbH and was partly created by get public – Agency for Communication (https://www. getpublic.ch) adapted to the best of our knowledge and belief for use on the websites of Swiss companies.

This data protection declaration can be changed at any time and without prior notice by re-fer AG. The current version published on this page applies.