Privacy Policy

I. Who is responsible?

For the processing of your personal data, as described in this Privacy Policy and unless otherwise specified in individual cases, the controller within the meaning of the Swiss Data Protection Act is:

TIC Holding Schweiz AG

Hinterbergstrasse 16

6312 Steinhausen

References in this Privacy Policy to “TIC Holding”, “we” or “us” refer to the controller mentioned above. The companies of TIC Holding Schweiz AG are collectively referred to in this Privacy Policy as the “TIC Group.” A list of the companies of TIC Holding Schweiz AG can be found on the following website: https://www.tic-holding.ch/portfolio.

If you have any data protection concerns, you may contact us at any time, in particular at the following email address:

info@tic-holding.ch (Subject: «Data Protection»)

II. What personal data do we process?

We collect and process in particular the following personal data about you:

  • Master data, such as name, address, email address, telephone number, gender, date of birth, social media profiles, photos, videos, relationship information (customer, service provider, etc.), history, official information (e.g. commercial register extracts, permits), and information about subscribed advertising (including consents);
  • Communication data, such as contact details, type of communication (telephone, email, text messages, video messages, etc.), as well as location, date, time, and content of communication;
  • Registration data, such as username, password, email address;
  • Financial data, such as payment information and creditworthiness data;
  • Contract data, data arising in connection with the conclusion or execution of a contract, such as information on the conclusion of a contract, acquired claims and receivables, information on customer satisfaction, purchasing information (e.g. purchase date, place, time, history, quantity, type and value of goods/services);
  • Technical data, such as IP address, operating system, date, time, geographic information;
  • Behavioral data, such as duration and frequency of visits to our website, date and time of a visit or opening of a message, location of your device, interaction with our online presences on social networks or other third-party platforms;
  • Preference data, such as user settings and data derived from analysis of collected data (especially behavioral data);
  • Other data that you provide to us about yourself.

III. How do we collect personal data?

We collect your personal data in various ways. On the one hand, we collect personal data that you provide to us (e.g. by email, telephone, or mail), that we receive from third parties (e.g. business partners or authorities), and that we collect about you (e.g. from publicly accessible registers, websites, or business partners).

1) Data provided by you

You provide us with personal data when you interact with us, for example in the following situations:

  • When you communicate with our employees
  • When you visit our business premises
  • When you participate in customer events or public events organized by us
  • When you register to use certain offers or services (e.g. free WiFi)

The data provided includes in particular master data, communication data, registration data, and contract data, as well as preference data.

As a rule, providing personal data is voluntary, meaning that in most cases you are not obliged to disclose personal data to us. However, we must collect and process personal data that is necessary for the execution of a contractual relationship and the fulfillment of associated obligations or that is legally required, such as mandatory master and contract data. Otherwise, we will not be able to conclude or continue the respective contract.

If you transmit data about other persons (e.g. family members, employees), we assume that you are authorized to do so and that such data is correct. Please ensure that these other persons are informed about this Privacy Policy.

If you do not provide certain personal data to us, this may result in the inability to provide the associated service or conclude a contract. We will generally inform you where personal data requested by us is mandatory.

2) Data received from third parties

We may also receive your personal data from other companies of the TIC Group. We may also receive personal data about you from third parties, for example:

  • Business partners with whom we work (e.g. banks, insurers, distribution partners, and other contractual partners)
  • Persons who communicate with us
  • Credit agencies (e.g. when we obtain credit checks)
  • Address brokers or the Swiss Post (e.g. for address updates)
  • Providers of online services (e.g. internet analytics services)
  • Authorities and courts in connection with administrative or judicial proceedings.

The data received includes in particular master data, communication data, financial data and contract data, as well as preference data.

3) Data collected by us

We may also collect your personal data ourselves or automatically, for example:

  • When you use our offers
  • When you use our services
  • When you visit our websites
  • When we consult publicly accessible sources (e.g. public registers, websites, platforms)
  • When we obtain information about you from your organization or another organization/company (e.g. references in recruitment processes with your consent)
  • When we cooperate with business partners
  • When you click on a link in or otherwise interact with one of our electronic marketing messages.

The data collected includes in particular behavioral data and technical data.

We may also derive additional personal data from existing personal data, for example by evaluating behavioral data. Such derived personal data often consists of preference data.

IV. For what purposes do we process personal data?

We process your personal data primarily in order to conclude and perform our contracts with you, our customers, and our business partners. In particular, we process your personal data for the following purposes:

  • to communicate with you
  • to provide you and our customers with our services (including websites) and improve them
  • to manage the business relationship with you and our customers
  • to conduct advertising, marketing, market research and product development
  • to ensure your security and ours and to prevent misuse (e.g. IT security, theft, fraud and abuse prevention, and evidence purposes)
  • to comply with legal and regulatory obligations
  • to enforce our claims and defend ourselves against claims by others
  • to prepare and execute the sale or purchase of business units, companies or parts of companies and other corporate transactions, including the transfer of personal data
  • for business management and optimization of internal group processes.

When processing personal data for the purposes described in this statement, we rely, among other things, on our legitimate interest in maintaining, expanding and managing the business relationship and communicating with you as a business partner regarding our products and services.

For certain purposes you may grant us consent to process your personal data. If we do not have another legal basis, we will process your personal data within the scope of and based on this consent. You may withdraw your consent at any time. Withdrawal does not affect processing already carried out.

V. Why and how do we share data?

We may disclose your personal data to trusted third parties where this is necessary or appropriate for the provision of our services or for the fulfillment of the purposes defined in this Privacy Policy. We may disclose your personal data to the following categories of recipients: external service providers (e.g. IT service providers, auditors, freight forwarders, payment service providers); customers and other contractual partners; counterparties, their legal representatives and involved persons; business partners with whom we may have to coordinate the provision of services; authorities and courts. We may also disclose your personal data to other companies of the TIC Group. Please note that these recipients may in turn engage third parties, so that your data may also become accessible to them.

Where we share your personal data with third parties that process your personal data on our behalf, this is done on the basis of our instructions and in compliance with our Privacy Policy as well as other appropriate confidentiality and security measures. For example, we use service providers to support the operation of our IT infrastructure, the provision of our products and services, the improvement of our internal business processes, and the provision of additional support to our customers.

As a rule, we process your personal data only in Switzerland and in the European Economic Area (EEA) (see also Section 6 below). On our websites, we use services of third-party providers; please refer to our Cookie Policy (Section 12 below) regarding the independent collection of data by such third-party providers.

VI. Why and how do we transfer data abroad?

We may transfer your personal data to recipients in the European Economic Area (EEA), as well as to recipients in the United States and in other countries that do not ensure a level of data protection comparable to Swiss law (so-called third countries). We normally do this where it is necessary for the performance of a contract or for the enforcement of legal claims. Where we disclose data to other third countries and this is not already known to you (e.g. from a contract or our communication with you), the respective country, international body, or at least the region can generally be identified from this Privacy Policy and in particular the Cookie Policy at the relevant point. We transfer your personal data to a third country only if the data protection requirements are met (e.g. after entering into recognized standard data protection clauses or after consent has been obtained), or if we may rely on an exception. An exception may exist, in particular, in cases of overriding public interests or where the performance of a contract that is in your interest requires such disclosure.

VII. How do we use profiling?

“Profiling” means the automated processing of personal data in order to analyze personal aspects or make predictions (e.g. analysis of personal interests and habits). Preference data is generally derived through profiling. We use profiling in particular in the automatic processing of behavioral data and preference data in connection with our websites. In particular, we use profiling to improve our websites and to present them and our content in a manner tailored to users’ needs. As a basis for profiling, we may also link personal data from different sources in order to improve the quality of our analyses and forecasts.

VIII. How do we make automated individual decisions?

“Automated individual decisions” are decisions that are made fully automatically, i.e. without human involvement, and that have legal consequences for the data subject or may significantly affect him or her in another way. As a rule, we do not use automated individual decisions; if we do, we will inform you separately in the individual case.

IX. How do we protect data?

We take appropriate technical (e.g. firewall, SSL encryption, password protection) and organizational (e.g. access restrictions, training of authorized persons) security measures in order to protect your personal data. Through these measures, we protect your personal data against unauthorized or unlawful processing, access, and/or against accidental loss, alteration, disclosure. Please always note that the transmission of information over the internet and other electronic means involves certain security risks. We cannot guarantee the security of information transmitted in this way.

X. How long do we retain data?

We retain your personal data for as long as required by our processing purposes (see Section 4), the statutory retention periods (generally five or 10 years), and our legitimate interests, in particular for documentation and evidentiary purposes, or where storage is technically necessary (e.g. in the case of backups or document management systems). We delete or anonymize your personal data, provided that no legal or contractual obligations or technical reasons prevent this, generally after the expiry of the storage and processing period in the course of our usual procedures and in accordance with our retention policy.

XI. Social Media

We may operate pages and other online presences (e.g. fan pages, channels, profiles) on social networks and other platforms operated by third parties, and may collect and process data about you there (in particular contact and profile data) that you or the social networks provide to us. We receive the data when you come into contact with us via our online presence (e.g. by accessing and commenting on posts). We receive aggregated or otherwise sufficiently anonymized data from the platforms for evaluation purposes, so that we can further develop the content and services we offer. In particular, we process the data for communication, for marketing purposes (including advertising on these platforms), and for market research. We may ourselves further disseminate content published by you, or delete or restrict content from or about you in accordance with the usage guidelines. Personal data may also be processed outside Switzerland and the European Economic Area (EEA).

Furthermore, the platforms analyze your use of our online presences and link this data with other data about you known to the platforms. They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalize advertising) and to manage their platforms (e.g. which content they show you).

When using the platforms, in addition to the relevant privacy policies, further legal documents also apply in each case (e.g. General Terms and Conditions and Terms of Use).

We currently use the following platform:

  • LinkedIn of LinkedIn Ireland, Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, whereby data may also be transferred to the USA. We are jointly responsible with LinkedIn and have concluded the so-called “Page Insights Joint Controller Addendum” (https://legal.linkedin.com/pages-joint-controller-addendum). More information regarding data processing can be found in LinkedIn’s Privacy Policy: https://www.linkedin.com/legal/privacy-policy

XII. Cookie Policy

Below we describe how and for what purposes we use log data, cookies, similar technologies and other third-party services when using our websites and in doing so process personal and other data.

1) What is log data?

Whenever a connection is made with a web server, certain information is technically logged and stored. When you visit our website, information is automatically sent to our website’s server. This information includes the IP address of your computer, the date and time of access, the name and URL of the retrieved data, the website from which access is made (referrer URL), the browser type and version, as well as other information transmitted by the browser (e.g. your computer’s operating system, geographical origin, language setting). This information is temporarily stored in a so-called log file and retained in accordance with legal requirements. We process the data for the purpose of ensuring a smooth connection setup and comfortable use of our website, as well as for evaluating system security and stability.

2) What are cookies and similar technologies?

We may use cookies and similar technologies on our website. Cookies are generally small text files that your browser automatically creates and stores on your device (computer, tablet, smartphone, etc.) when you access our site. Session cookies store your inputs while you navigate from page to page within the website. Session cookies are deleted after a short time, at the latest when you close your browser. Persistent cookies remain stored for a certain period even after the browser is closed. Similar technologies include, for example, pixel tags (invisible images or program code loaded from a server and thereby transmitting certain information to the operator of the server), fingerprints (information about the device and browser collected when accessing a website and which, in combination, distinguish the device from others), and other technologies (e.g. “Web Storage”) for storing data in the browser.

We use both persistent and session cookies on our website. We may not be able to identify you in every case by means of a cookie. We use cookies and similar technologies to ensure the functionality of our website and, where applicable, to analyse its use and improve user experience. We also use cookies for the purpose of providing our services (in particular technically necessary cookies). Cookies have different retention periods. We have no control over the retention period of cookies set by third-party providers.

3) How can you disable cookies and similar technologies?

You can configure your browser so that it does not automatically accept cookies and similar technologies or deletes existing cookies and other data stored in the browser. You can also extend your browser with additional software (so-called “add-ons” or “plug-ins”) which then prevents tracking by certain third parties (such plug-ins are available, for example, at www.noscript.net or www.ghostery.com). As a rule, you will find further information in your browser’s help pages under the keyword “privacy.” Please note that the partial or complete deactivation of cookies may result in you not being able to use all the functions of our websites.

4) Which cookies and similar technologies do we use and how do we use them?

Technically necessary cookies

We use persistent cookies to store your personal user settings (in particular regarding cookies and language selection on our website). In this context, we generally process only the data necessary to store your preferences and ensure the proper functioning of the website. The purpose of processing is to re-identify your personal settings on our website. These cookies are necessary to ensure the functionality and security of our website. These cookies are automatically deleted from your system after six months at the latest. You may also delete the cookies manually at any time. Please note that in this case your user settings will be lost.

5) Third-party services

a) Website delivery tools

  • IONOS of IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. We use IONOS as our hosting provider in order to operate and provide our website. In this context, personal data such as IP addresses, log files and technical access data may be processed. The processing is necessary to ensure the stability, security and proper functioning of our website. Further information can be found in IONOS’ Privacy Policy: https://www.ionos.de/terms-gtc/datenschutzerklaerung/

b) Analytics and tracking tools

  • Google Analytics of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use Google Analytics in order to analyse the use of our website and to improve our services and user experience. In this context, information such as your IP address (in anonymised form), device information, browser type, pages visited, and duration of visits may be processed. Google may also transfer data to the USA. Google’s Privacy Policy can be found at: https://policies.google.com/privacy

c) External services

  • Google Fonts of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use Google Fonts in order to ensure a consistent and visually appealing presentation of our website. When accessing our website, your browser may connect to Google servers, which may result in the processing of technical data such as your IP address. Google’s Privacy Policy can be found at: https://policies.google.com/privacy

d) Cookie consent tool

  • Borlabs Cookie of Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany. We use Borlabs Cookie to obtain and manage your consent for the use of cookies and similar technologies on our website. Borlabs Cookie stores your selected preferences and ensures that only those cookies are set for which you have given consent. Further information can be found at: https://de.borlabs.io/datenschutz/

XIII. What rights do you have?

As a potentially affected person, you may assert various claims against us in accordance with the applicable national and international provisions. Where applicable, we will process your personal data again for the purpose of fulfilling your claims.

You have the following rights with regard to your personal data:

  • Right to information: you have the right to obtain information about which personal data we have about you and how we process it;
  • Right to data disclosure or transfer: you have the right to receive or have transferred a copy of your personal data in a commonly used electronic format, provided that such data are processed automatically and that the data are processed with your consent or in direct connection with the conclusion or performance of a contract between you and us;
  • Right to rectification: you have the right to have your personal data corrected if it is inaccurate;
  • Right to erasure: you have the right to have your personal data deleted;
  • Right to object: you have the right to object to the processing of your personal data (in particular where data are processed for direct marketing purposes).

Please note that these rights are subject to conditions and exceptions. We may restrict or refuse your request to exercise these rights where legally permissible. We reserve the right to redact copies for data protection reasons or for reasons of confidentiality, or to provide them only in excerpted form.

If you wish to exercise your rights vis-à-vis us or if you disagree with the way we handle your rights or data protection, please contact us; our contact details can be found in Section 1. In order to prevent misuse, we must identify you (e.g. with a copy of an identity document, if necessary).

XIV. Legal bases under the GDPR

To the extent the GDPR is applicable to specific processing activities, the following provisions additionally apply.

We base the processing of your personal data in particular on the fact that

  • as described in Section 4, it is necessary for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR);
  • it is necessary for the purposes of the legitimate interests pursued by us or by third parties as described in Section 4, namely for communication with you or third parties, to operate our website, to improve our electronic offerings and the registration for certain offers and services, for security purposes, for compliance with Swiss law and internal regulations for our risk management and corporate governance, and for further purposes such as training and education, administration, evidence and quality assurance, the organization, implementation and follow-up of events, and for the safeguarding of further legitimate interests (see Section 4) (Art. 6 para. 1 lit. f GDPR);
  • due to our mandate or our position under the law of the EEA or of a Member State, it is legally required or permitted (Art. 6 para. 1 lit. c GDPR), or is necessary in order to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
  • you have separately consented to the processing, for example by means of a corresponding declaration on our website (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).

If you are located in the EEA, then, in addition to the rights in Section 13, you also have the right to restriction of data processing, and you may lodge a complaint with the data protection supervisory authority in your country. A list of the authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de

Our representative in the EEA pursuant to Art. 27 GDPR is:

Winterberg Administration GmbH

Tölzer Str. 1

82031 Grünwald

XV. How can we amend this Privacy Policy?

We may amend this Privacy Policy at any time or include new processing activities. We also update this Privacy Policy from time to time in order to take legal requirements into account. We will inform you of such amendments and additions in an appropriate form; in particular, we publish the current Privacy Policy on our website (see below).

The current Privacy Policy may be accessed at any time at https://www.tic-holding.ch/privacypolicy .