1. RESPONSIBILITIES, DATA PROTECTION OFFICER AND REPRESENTATIVE
SIBIRGroup Ltd., Bahnhofstrasse 134, 8957 Spreitenbach, Switzerland.
Insofar as SIBIRGroup discloses personal data to another V-ZUG company or branch for its own purposes, this shall likewise become the controller within the meaning of Art. 4 (7) GDPR. A list of all companies and branches of V-ZUG can be found here: https://www.vzug.com/ch/de/v-zug-group-organisation.
SIBIRGroup has not appointed a data protection officer within the meaning of Art. 37 GDPR (or comparable regulations in other applicable data protection laws). Any requests, claims or information in relation to data protection should be addressed to the following contact: email@example.com.
For cases in which a V-ZUG company processing personal data is not located in the EU or EEA and the data processing is related to an offer of goods or services to data subjects in the EU or EEA, as well as for cases in which the behaviour of data subjects in the EU or EEA is monitored, the following representative within the Union has been appointed in accordance with Art. 27 GDPR: V-ZUG Europe BVBA, Evolis 102, 8530 Harelbeke-Kortrijk, Belgium.
For cases where a V-ZUG company processing personal data is not located in the United Kingdom and the data processing is related to an offer of goods or services to data subjects in the United Kingdom, as well as for cases where the behaviour of data subjects in the United Kingdom is observed, the following representative within the United Kingdom has been appointed for the purposes of Art. 27 UK GDPR: V-ZUG UK Ltd, 1 Pancras Square, Kings Cross, London, United Kingdom N1C 4AG.
2. PROCESSING OF PERSONAL DATA
SIBIRGroup collects and processes the personal data of the following:
- website visitors who are registered or not registered with SIBIRGroup;
- contacts and employees of service providers, suppliers, distributors, vendors and providers of SIBIRGroup products and product parts;
- customers, buyers and recipients/beneficiaries or interested parties of products and services (including guarantee, repairs and maintenance services) of SIBIRGroup or their contacts and employees;
- contacts and employees of business partners and affiliated companies, employment agencies and personnel leasing firms (as well as leased employees) and other trade and commercial partners;
- participants in competitions, market research and opinion surveys conducted by SIBIRGroup;
- participants in courses, seminars and other events offered by SIBIRGroup;
- users of the WiFi service offered in stores, showrooms, business premises and other locations of SIBIRGroup;
- customers and users of the SIBIRGroup customer and loyalty cards; and
- registered participants in the customer programmes of SIBIRGroup (CUSTOMER PROGRAMME);
(all referred to jointly as business partners).
The personal data of business partners is generally collected directly from the data subject in connection with the use of the websites, upon enquiry or use of products or services, submission of reviews and reports, participation in competitions, market research or other surveys, in stores, sales outlets or events of SIBIRGroup or by approved distributors of SIBIRGroup or in direct communication with SIBIRGroup via email, telephone, audio and video conference or otherwise.
However, personal data may also be collected indirectly, in particular if transactions are conducted in favour of a business partner or for delivery to same from another business partner (e.g. guarantee, repairs or maintenance services), at the recommendation of third parties (e.g. recommendation by a contact of the business partner) or upon retrieval or purchase of supplementary information from third-party data sources (e.g. social media, address brokers, providers of business information, etc.).
SIBIRGroup processes the following categories of personal data:
- Personal data and contact information: In particular, this includes but is not limited to first name and surname, home address, place of residence, telephone number, email address, age, date of birth, gender, civil status, family dependants, information on a second contact, photo, function, previous business correspondence with these persons, business transactions, enquiries, offers, proposals, conditions and contracts, and information on the professional or other interests of the persons;
- Data in connection with services, delivery and sale as well as orders and purchase: In particular, this includes but is not limited to payment information, credit card details and other payment details, invoice and delivery address, delivered and sold as well as ordered and purchased products and services, information in connection with subsequent enquiries, complaints and disagreements on products and services and corresponding contracts, such as guarantee cases, cancellations and disputes, and information on business partners blocked for SIBIRGroup, etc.;
- Data in connection with the marketing of products and services: In particular, this includes but is not limited to information on marketing activities such as documents received, invitations and participation in events and special activities (unless part of a customer programme), personal preferences and interests, etc.;
- Data in connection with the use of websites: In particular, this includes but is not limited to IP address and other identifiers (e.g. user name on social media, MAC address of the smartphone or computer, cookies, web beacons, pixel tags, log files, local shared objects (flash cookies) or other technologies that collect personal data automatically), date and time of visit or the use of websites, accessed pages and content, and referring websites, etc.;
- Data collected in connection with a customer programme: Membership number, access data (including passwords), preferred language, voucher number, date and duration of membership, payment data of the customer or a third person, information on the recipient, number of website visits, purchase history, purchased products, etc. (customer programmes include the traditional customer loyalty programmes as well as all website accounts, activities and events for which a business partner registers with personal data and thereby enters into a corresponding contract with SIBIRGroup);
(all referred to jointly as business partner data).
3. PURPOSE OF PROCESSING AND LEGAL BASIS
Where permissible according to applicable laws, SIBIRGroup may process the business partner data in particular, but not exclusively, for the following purposes:
- In connection with offered products and services, contract conclusion (in particular purchase and sale of products and services), processing of contracts (in particular purchase, delivery and supply contracts and contracts on participation in customer programmes and events) or other business relationships, maintenance and development of relationships with business partners (in particular invitation to and performance of events, activities and campaigns for and with business partners), communication, customer service and support (in particular orders and enquiries), marketing, advertising and sales measures (including newsletters and promotional measures);
- Administration of users of websites and other activities in which business partners are involved, operation and further development of websites (including the provision of functions that require identifiers or other personal data) and other IT systems and identity checks;
- Quality control, market research, further development of products and services, preparation of statistics, budgets, records and management information and other reports on business partners, transactions and activities, offers and other commercial aspects of SIBIRGroup for the purposes of business management and the development of the company, offering and activities and project management;
- Protection of business partners, employees and other persons and protection of data, secrets and assets of SIBIRGroup to which it has been entrusted and the security of systems and buildings of SIBIRGroup;
- Compliance with the legal and regulatory requirements and internal rules of SIBIRGroup and the V-ZUG Group, exercise and implementation of various rights, defence of legal claims, civil proceedings, complaints, fraud and misuse prevention, for the purposes of legal investigations or proceedings and for responding to enquiries by authorities;
- Sale or purchase of business areas, companies or parts of companies and other commercial transactions and the associated transmission of business partner data;
- For other purposes where a legal duty requires processing or which are recognisable due to the circumstances or announced at the time of data collection;
(referred to jointly as the processing purpose).
SIBIRGroup uses the business partner data for the processing purpose in accordance with the following legal bases:
- Contract fulfilment;
- Fulfilment of a legal obligation of SIBIRGroup;
- Consent of business partners (only to the extent that processing is conducted based on a specific follow-up enquiry by SIBIRGroup and may be revoked by the business partner at any time, in particular the receipt of newsletters for which the business partners have registered);
- Legitimate interests of SIBIRGroup, including
- the sale and delivery of products and services, also with respect to persons who are not directly contractual partners (e.g. recipients of gifts);
- Performance of advertising and marketing;
- Efficient and effective customer support, contact maintenance and other communication with business partners including outside of contract processing;
- Examination of conduct, activities and needs, marketing studies by, with and on business partners;
- Efficient and effective improvement of existing products and services and development of new products and services;
- Efficient and effective protection of business partners and other persons and the protection of data, secrets and assets of SIBIRGroup to which it has been entrusted and the security of systems and buildings of SIBIRGroup;
- Maintenance and secure, efficient and effective organisation of business operations, including a secure, efficient and effective operation and successful further development of websites and other IT systems;
- Constructive business management and development;
- Successful sale or purchase of business areas, companies or parts of companies and other commercial transactions;
- Compliance with the legal and regulatory requirements and internal rules of SIBIRGroup;
- Interest in the prevention of fraud, offences and crimes as well as investigations in connection with such offences and other improper conduct, handling of lawsuits and actions against SIBIRGroup, involvement in legal proceedings and cooperation with authorities, as well as the assertion, exercise and defence of legal claims.
Where permissible under applicable data protection law, SIBIRGroup may process the data of registered or non-registered visitors of the website, in particular for the purposes of the operation and further development of websites (including the provisions of functions that require identifiers or other personal data), for statistical analysis of website use and for preventing misuse, for the purposes of legal investigations or proceedings and for responding to enquiries by authorities. It may do so on the same basis as described above for business partner data.
All processing purposes apply to the entire V-ZUG Group, i.e. not only to the V-ZUG company that originally collected the personal data. All business partner data shall be collected for the purposes of all V-ZUG companies.
Processing and use of personal data for purposes other than those for which the data was collected shall only take place in accordance with applicable statutory rules or, where necessary, with the consent of the data subject.
4. DATA DISCLOSURE TO THIRD PARTIES AND DATA TRANSMISSION ABROAD
Where permissible under applicable law, SIBIRGroup may pass on the business partner data to the following categories of third parties, which process the business partner data for the processing purpose on behalf of SIBIRGroup or for their own purposes:
- Service providers (within the V-ZUG Group as well as externally, such as in support and service), including order processors;
- Distributors, suppliers and other business partners;
- Customers and buyers of SIBIRGroup products and services;
- Local, national and foreign authorities and agencies as well as corresponding supervisory and enforcement authorities (including prosecution authorities or courts);
- Media and private reporters;
- General public, including visitors of websites and channels on social media of SIBIRGroup;
- Industry organisations, associations, societies and other bodies;
- Acquirers or parties interested in acquiring business areas, companies or other parts of SIBIRGroup;
- Other parties in possible or actual legal proceedings;
- Other V-ZUG companies;
(all referred to jointly as third parties).
SIBIRGroup may transmit business partner data to third parties in any country, in particular to any country in which the V-ZUG Group is represented by Group companies, branches, showrooms and sales outlets as well as representatives or distributors, as well as any country in which the service providers of V-ZUG companies process their data. In the event that data is transmitted to a country without an adequate level of data protection, SIBIRGroup shall ensure an appropriate level of protection with the use of technical and organisational measures and sufficient contractual guarantees, in particular based on an international agreement, data protection clauses in an agreement between SIBIRGroup and an order processor, which has been disclosed in advance to the Federal Data Protection and Information Commissioner (FDPIC), currently applicable EU standard contractual clauses, standard contractual clauses approved, issued or recognised by the FDPIC in advance, binding internal data protection policies approved in advance by the FDPIC or another competent supervisory authority of a country that guarantees an adequate level of protection or other suitable guarantees according to applicable data protection law. In the absence of such guarantees, SIBIRGroup shall depend on the exception of consent, contract processing, the determination, exercise or assertion or legal claims, prevailing public interests, the data published by the business partner or because this is required for the protection of the integrity of such persons. The business partner may obtain a copy of the contractual guarantees from the contact named under Part I Section I or this contact will inform the business partner where such a copy may be obtained. SIBIRGroup reserves the right to redact such copies for data protection reasons or reasons of secrecy.
5. DATA STORAGE
As a rule, SIBIRGroup stores contractual business partner data for the duration of the contractual relationship and ten years beyond the end of the contractual relationship, insofar as no longer statutory periods of retention apply in individual cases, this is necessary for reasons of evidence or other grounds for exception exist under applicable law, or earlier deletion is required (in particular because the data is no longer required or because SIBIRGroup is obliged to delete such data).
For operating data containing business partner data (e.g. protocols, logs), shorter periods of retention generally apply.
Commercial documents including communication shall be stored for as long as SIBIRGroup has an interest therein (in particular for interest in evidence in case of claims, documenting compliance with certain statutory regulations and other provisions, interest in non-personal analysis) or is obliged to do so (by contract, law or other provisions). Statutory periods, for example, regarding the anonymisation or pseudonymisation of data, remain reserved.
6. COOKIES, GOOGLE ANALYTICS AND SOCIAL PLUG-INS
Insofar as SIBIRGroup uses third-party advertising on a website (e.g. banner advertising) or wishes to place its own advertising on third-party websites, cookies may also be used by companies specialised in the placement of such advertising. They shall not receive any personal data from SIBIRGroup, i.e. only a permanent cookie is stored on the device of users of a website in order to recognise them as such and only for the purposes of SIBIRGroup. This makes it possible for SIBIRGroup to place targeted SIBIRGroup advertising for these persons on third-party websites. The operators of the third-party websites likewise receive no personal data from SIBIRGroup.
SIBIRGroup may use PIWIK (https://piwik.org), Google Analytics or similar services on the websites. This is a service of a third party, which may be located in any country in the world (in the case of Google Analytics by Google Inc. in the USA, www.google.com), with which SIBIRGroup is able to measure and analyse the use of a website. To this end, permanent cookies are likewise used, which are placed by the service provider. The service provider does not receive any personal data from SIBIRGroup (and also does not store any IP addresses). However, it may track the use of websites by users, combine this information with data from other websites that the users have visited and which are likewise tracked by the service provider, and use these insights for its own purposes (e.g. placement of advertising). Insofar as the users have registered with the service provider themselves, the service provider will know their identity. The service provider shall then process personal data in the responsibility of the service provider according to its data protection provisions. SIBIRGroup receives information on the use of websites from the service provider.
SIBIRGroup may integrate and use the Google remarketing function on the websites to advertise products and services of SIBIRGroup. This function is intended to present website visitors interest-based advertising from SIBIRGroup as part of the Google advertising network. Here, too, cookies are used, which are placed by the service provider. All data is collected anonymously in this context, eliminating the possibility of establishing connections to specific persons. The default settings of SIBIRGroup websites are configured such that the integrated technologies are deactivated. If a visitor to SIBIRGroup is redirected from websites to Google, the privacy policies of Google apply. You can make changes to the settings for the Google remarketing function here: https://www.google.com/settings/ads.
Moreover, SIBIRGroup may use plug-ins (and add-ons) of social networks such as Facebook, Twitter, WhatsApp, LinkedIn, YouTube, Google+, Google Maps, Pinterest or Instagram or those of business partners on its websites or integrate graphics from other websites. The default settings of the websites are configured such that the plug-ins and other integrated technologies are deactivated. Users must therefore activate them themselves. If they do so, the operators of the social networks and third-party services may establish a direct connection to the user while they are visiting the websites and learn that the users are browsing the websites and can analyse this information. The operator of the social network shall then process personal data in the responsibility of the operator according to its data protection provisions. SIBIRGroup receives no information from the operators of these social networks.
7. Advertising campaigns
SIBIRGroup may use the personal data of business partners with their consent (provided such consent is required under applicable law) or based on other grounds recognised under data protection law in order to provide business partners with information on products or services (e.g. promotions, marketing information, competitions or campaigns). The promotions may be carried out in accordance with the applicable law in particular on the websites of SIBIRGroup, third-party websites, via newsletter, via email and post (see Part II Section 4) and/or on social networks. Further information can be found in the details regarding the individual promotions respectively.
8. RIGHTS OF THE DATA SUBJECTS OF BUSINESS PARTNERS
Every data subject has a right to information regarding their personal data with respect to SIBIRGroup. Moreover, every data subject has the right to demand from SIBIRGroup the rectification, erasure and restriction of their personal data and to object to the processing of personal data. If the processing of personal data is based on consent, the consent may be revoked by the data subject at any time. In states of the EU or EEA, the data subject has the right in certain cases to receive data generated in the use of online services in a structured, common and machine-readable or electronic format that enables further use and transmission. Enquiries in connection with these rights should be addressed to the data protection officer or the contact pursuant to Part I Section 1. SIBIRGroup reserves the right to restrict the rights of the data subject in accordance with applicable law and, for example, not to provide complete information or not to delete data.
If SIBIRGroup takes an automated decision affecting an individual person, which has legal effects for the data subject or significantly affects the data subject in a similar manner, the data subject may contact a responsible person at SIBIRGroup and request reconsideration of the decision or request assessment by a person in the first place, provided this is prescribed by applicable law. In this case, the data subject may no longer be able to use certain automated services under certain circumstances. The person shall be informed of such decisions.
Every data subject has the right to lodge a complaint with the responsible data protection authority.
The following explanations supplement the information provided in the general part for specific activities of SIBIRGroup. In the event of contradictions, the following explanations shall prevail over those in the general part.
1. ONLINE SHOPS
In the online shops of SIBIRGroup, the creditworthiness of a business partner, who submits an order, may be assessed automatically in order to offer purchase on account on the basis of this decision, insofar as this payment option is offered in the first place. Creditworthiness shall be reviewed in these cases by means of an enquiry submitted to an external credit agency. This credit agency shall inform SIBIRGroup of the credit rating of the business partner, which is determined based on its gathered information on payment experience with the business partner, their history regarding debt and insolvency and any recorded restrictions in legal capacity. No billing options may be offered under a certain credit score. If a business partner does not agree with this provision, they may contact the following: firstname.lastname@example.org.
The online shops of SIBIRGroup may likewise take automated decisions on the conclusion of purchase agreements. However, SIBIRGroup does not consider these to be automated individual decisions within the meaning of applicable Swiss or European data protection laws. In the event that a business partner objects to such automated contract conclusion, they may use the physical stores operated by SIBIRGroup and its distributors for the purchase of SIBIRGroup products and services.
2. PHYSICAL STORES
In particular, physical stores include but are not limited to exhibition stands, sales outlets and stores and procurement, operation and production sites where SIBIRGroup products and services are presented, displayed, offered, marketed, sold or for which information, advice or recommendations are provided. Physical stores also include sales outlets of business partners (in particular distributors). In connection with visits to such physical stores, SIBIRGroup may collect personal data directly or via the business partner. In particular, this includes but is not limited to name, address, telephone number and email address.
SIBIRGroup processes personal data in order to render services in connection with orders, deliveries, installation, assembly, calibration, acceptance (FAT/SAT), warranty cases, service and support, maintenance and servicing, further enquiries or the transmission of information material (product information, events, etc.). In particular, this includes but is not limited to name, address, telephone number and email address. Processing is intended for product, customer and quality control purposes.
4. OTHER COMMERCIAL COMMUNICATION AND BANNER ADVERTISING
SIBIRGroup may send business partners other commercial communication regarding its products and services. In the case of existing business partners, SIBIRGroup reserves the right to do so in accordance with applicable law, including without advance consent; however, the business partner may object to any further dispatches at any time. In other cases, SIBIRGroup shall only conduct such communication following advance solicitation by the business partner.
The dispatch of commercial communication may be cancelled at any time via email, telephone or post.
When visiting the websites, it is possible that personalised advertising is displayed by way of web banners. Every banner advertisement displayed to the business partner contains products or websites, which the business partner has already visited. Advertising is generated by SIBIRGroup by means of cookies (see Part I Section 6).
5. AUDIO AND VIDEO CONFERENCES
SIBIRGroup may record and store audio and video conferences in compliance with statutory regulations and internal rules following advance notice. In particular but not exclusively, the following personal data shall be processed in this connection: first name, surname, email address, telephone number (for telephone dial-up) and profile picture (optional). The processing of this personal data takes place for the purpose of know-how management or commercial documentation or the preservation of evidence in connection with legal transactions with business partners.