Responsible entity for the processing of personal data:
Qualiprint Holding AG
We will provide notice in cases where there are different responsible entities for the processing of personal data on a case-by-case basis.
1. Terms and Legal Bases
Personal data refers to any information relating to a specific or identifiable natural person. A data subject is an individual about whom we process personal data.
Processing encompasses all actions taken with personal data, regardless of the means and methods, such employed as querying, comparing, adapting, archiving, retaining, extracting, disclosing, obtaining, capturing, collecting, deleting, revealing, organizing, arranging, storing, modifying, distributing, linking, destroying, and using personal data.
2. Legal Bases
We process personal data in accordance with Swiss data protection law, especially the Federal Data Protection Act (Datenschutzgesetz, DSG), and the Ordinance to the Federal Data Protection Act (Datenschutzverordnung, DSV).
3. Type, Scope, and Purpose
We process the personal data that is required to enable us to carry out our activities and operations in a permanent, user-friendly, secure and reliable manner. Such personal data may in particular fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales data and contract and payment data.
We process personal data for the duration that is necessary for the respective purpose(s) or as required by law. Personal data that is no longer required for processing will be anonymized or deleted.
We may have third parties process personal data on our behalf. We may also jointly process or transmit personal data with third parties. These third parties particularly include specialized providers whose services we use. We ensure data protection is maintained with these third parties as well.
As a matter of principle, we only process personal data with the consent of the persons concerned. If and insofar as the processing is permitted for other legal reasons, we may waive the requirement to obtain consent. For example, we may process personal data without consent in order to fulfil a contract, to comply with legal obligations or to protect overriding interests.
Within this context, we primarily process information that a data subject voluntarily provides to us when making contact – for example, through postal mail, email, instant messaging, contact forms, social media, or telephone – or when registering for a user account. We may store such information, for instance, in an address book, a Customer Relationship Management (CRM) system, or similar tools. If we receive data about other individuals from third parties, these transmitting individuals are obligated to ensure data protection for these individuals and to verify the accuracy of this personal data.
We also process personal data that we receive from third parties, obtain from publicly available sources or collect in the course of our activities and operations, if and to the extent that such processing is permitted for legal reasons.
We process personal data about applicants to the extent necessary for assessing suitability for an employment relationship or for the subsequent execution of an employment contract. The necessary personal data primarily arise from the information provided, for example, within the context of a job advertisement. Furthermore, we process personal data voluntarily disclosed or published by applicants, notably as part of cover letters, resumes, and other application documents, as well as online profiles.
5. Personal Data Abroad
We primarily process personal data in Switzerland. However, we may also disclose or export personal data to other countries, especially to process or have them processed there.
We may disclose personal data to all countries and territories on Earth as well as elsewhere in the universe, provided that the local laws in accordance with a decision of the Swiss Federal Council ensure adequate data protection.
We may disclose personal data to countries that do not provide adequate data protection under their laws, as long as suitable data protection is ensured through other means. Suitable data protection can, for example, be ensured through appropriate contractual agreements, based on standard data protection clauses, or with other appropriate safeguards. Exceptionally, we can export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, such as obtaining explicit consent from the data subjects or when there is a direct link to the conclusion or performance of a contract. Upon request, we are willing to provide data subjects with information about any guarantees in place or provide copies of such guarantees.
6. Rights of Data Subjects
6.1 Data Protection Claims
We grant data subjects all claims in accordance with applicable data protection law. Data subjects, in particular, possess the following rights:
- Access: Data subjects have the right to request information on whether we process personal data about them and, if so, what specific personal data it concerns. Data subjects also receive the necessary information to assert their data protection claims and ensure transparency. This includes the processed personal data itself, but among other things, also details about the purpose of processing, the retention period, any disclosure or export of data to other countries, and the origin of the personal data.
- Correction and Restriction: Data subjects have the right to correct inaccurate personal data, complete incomplete data, and request the restriction of processing their data.
- Deletion and Objection: Data subjects have the right to request the erasure of their personal data ("right to be forgotten") and to object to the processing of their data for the future.
- Data Disclosure and Data Portability: Data subjects have the right to request the disclosure of their personal data or the transfer of their data to another controller.
We may postpone, limit, or refuse the exercise of data subjects' rights within legally permissible bounds. We may inform data subjects about any requirements that need to be fulfilled for the exercise of their data protection claims. For instance, we may partially or completely deny providing information with reference to trade secrets or the protection of other individuals. Similarly, we may partially or completely refuse the deletion of personal data with reference to statutory retention obligations.
In exceptional cases, we may impose costs for the exercise of these rights. We will inform data subjects in advance about any potential costs.
We are obligated to identify data subjects who request information or assert other rights through appropriate measures. Data subjects are obligated to cooperate in this identification process.
6.2 Right to complain
Data subjects have the right to enforce their data protection claims through legal proceedings or to lodge a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
7. Data Security
We implement appropriate technical and organizational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security.
Access to our website is secured using transport encryption (SSL/TLS), especially with the Hypertext Transfer Protocol Secure (HTTPS). Most browsers indicate transport encryption with a padlock icon in the address bar.
Our digital communication, like any digital communication, is subject to mass surveillance without cause or suspicion, as well as other forms of monitoring by security authorities in Switzerland, across Europe, the United States of America (USA), and other countries. We have no direct control over the processing of personal data by intelligence agencies, law enforcement, and other security authorities.
8. Use of the Website
Cookies can be stored in the browser temporarily as "session cookies" or for a specific duration as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specified storage period. Cookies allow, among other things, a browser to be recognized on the next visit to our website, enabling measurements of website reach, for example. However, permanent cookies can also be used for online marketing purposes.
For cookies used for tracking success, measuring reach, or advertising, many services provide a general opt-out option through organizations such as AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
8.2 Server Log Files
For each access to our website, we may collect the following information if they are transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual subpage of our website including transferred data volume, and the last webpage visited in the same browser window (referer or referrer).
We store such information, which can also constitute personal data, in server log files. This information is necessary to provide our website consistently, user-friendly, and reliably, as well as to ensure data security and particularly the protection of personal data – both by ourselves and third parties or with the assistance of third parties.
8.3 Tracking Pixels
We may use tracking pixels on our website, also known as web beacons. Tracking pixels, including those from third-party services we use, are small, usually invisible images that are automatically retrieved when visiting our website. Tracking pixels can capture the same information as server log files.
9. Social Media
We maintain a presence on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland.
10. Third party services
We utilize services from specialized third parties to carry out our activities and operations consistently, user-friendly, securely, and reliably. Such services allow us to embed functions and content into our website, among other purposes. When embedding such content, the utilized services may, for technically necessary reasons, temporarily capture the Internet Protocol (IP) addresses of users.
For essential security, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This could include performance or usage data required to provide their respective services. We primarily utilize the following services:
- Services by Microsoft: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), in the United Kingdom, and in Switzerland; General privacy information: «Datenschutz bei Microsoft», «Datenschutz und Privatsphäre (Trust Center)», Datenschutzerklärung, Datenschutz-Dashboard (Daten- und Datenschutz-Einstellungen).
10.1 Digital Infrastructure
We utilize services from specialized third parties to access the required digital infrastructure for our activities and operations. This includes, for example, hosting and storage services from selected providers. We use in particular:
- Hostpoint: Hosting; Anbieterin: Hostpoint AG (Switzerland); Data protection information: Data protection declaration.
- METANET: Hosting; Provider: METANET AG (Switzerland); Data protection information: Data protection declaration, "Technical-organisational measures".
- Joomla.org Joomla! is a free and open-source content management system (CMS) Angaben zum Datenschutz: Datenschutzerklärung, Cookie-Richtlinie.
10.2 Automation and integration of apps and services
We use specialised platforms to integrate and connect existing third party apps and services. We can also use such "no-code" platforms to automate processes and activities with third-party apps and services. In particular, we use:
Microsoft Power Automate including Microsoft Power Platform:: Integrated Application Platform; Provider: Microsoft; Microsoft Power Platform-specific privacy disclosures: "Compatibility and Privacy", "Data Storage and Governance", "Security".
10.3 Contact Options
We utilize services from selected providers to enhance communication with third parties, such as potential and existing customers.
10.4 Audio and video conferencing
Depending on the life situation, we recommend muting the microphone by default when participating in audio or video conferences as well as blurring the background or having a virtual background superimposed. We use in particular:
- Microsoft Teams: platform for audio and video conferencing, among other things; provider: Microsoft; Teams-specific information: "Data protection and Microsoft Teams".
- Skype: audio and video conferencing; Skype-specific providers: Skype Communications SARL (Luxembourg) / Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom and Switzerland; data protection information: "Legal information about Skype", "Data protection and security".
We use third party services to embed maps on our website, in particular:
- Google Maps including Google Maps Platform: map service; provider: Google; Google Maps-specific information: "How Google uses location information".
10.6 Digital audio and video content
We use services from specialised third parties to enable the direct playback of digital audio and video content such as music or podcasts. In particular, we use:
- YouTube: Video platform; Provider: Google; YouTube-specific information: "Privacy and Security Center", "My Data on YouTube".
We use services from third parties to embed selected fonts, icons, logos, and symbols into our website. Specifically, we utilize:
- Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: "Privacy and Google Fonts", "Privacy and Data Collection".
We utilize the option to display targeted advertising for our activities and operations through third parties such as social media platforms and search engines.
We aim to reach individuals who are already interested in or may be interested in our activities and operations through such advertising, particularly utilizing remarketing and targeting techniques. To enable this, we may transmit relevant, potentially personal information to third parties who facilitate such advertising. Additionally, we can assess the effectiveness of our advertising, specifically whether it leads to visits on our website (conversion tracking).
Third parties with whom we advertise and where you are logged in as a user may associate the use of our website with your profile on their platform. Specifically, we use:
- Google Ads: Search engine advertising; Provider: Google; Specific Google Ads Information: Advertising based on search queries, using various domain names, especially doubleclick.net, googleadservices.com, and googlesyndication.com for Google Ads, "Ads" (Google), "Why am I seeing this ad?".
11. Extensions for the Website
We use extensions to our website to provide additional functionality. In particular, we use:
Google reCAPTCHA: Spam protection (differentiation between wanted comments from humans and unwanted comments from bots as well as spam); Provider: Google; Google reCAPTCHA-specific information: "Was ist reCAPTCHA? ("What is reCAPTCHA?").
12. Success and Reach Tracking
We aim to assess how our online offerings are utilized. In this context, we may measure the success and reach of our activities and endeavors, as well as the impact of third-party links directing to our website. Furthermore, we may conduct experiments, such as comparing the usage of various parts or versions of our online offerings using methods like A/B testing. The insights garnered from success and reach measurements allow us to address errors, strengthen popular content, and enhance our online offerings.
For success and reach measurement, the Internet Protocol (IP) addresses of individual users are typically stored. However, these IP addresses are generally truncated (IP masking) to adhere to the principle of data minimization through pseudonymization.
Cookies might be employed in success and reach measurement, and user profiles could be created. Created user profiles may encompass information like specific pages visited or content viewed on our website, screen size or browser window dimensions, and, at the very least, an approximate location. In principle, any generated user profiles are solely pseudonymized and are not used for the identification of individual users. Certain third-party services, where users are logged in, may associate the usage of our online offerings with their user account or profile on the respective service. We specifically utilize:
- Google Analytics: Success and Reach Measurement; Provider: Google; Google Analytics-specific information: Measurement across various browsers and devices (Cross-Device Tracking), "Privacy", "Browser Add-on to Disable Google Analytics".
13. Final Provisions