Privacy Policy

With this Privacy Policy, we inform you about the personal data we process in connection with our activities and operations, including our sidora.ch website. In particular, we provide information on the purposes, manner and location of our processing of personal data. We also inform you about the rights of persons whose data we process.

Additional privacy policies and other legal documents such as general terms and conditions, terms of use or terms of participation may apply to individual or supplementary activities and operations.

We are subject to Swiss data protection law and, where applicable, foreign data protection law, in particular that of the European Union (EU) under the General Data Protection Regulation (GDPR). The European Commission recognises that Swiss data protection law ensures an adequate level of data protection.

1. Contact Details

Controller responsible for the processing of personal data:

Sidora AG
Sulzerallee 70
CH-8404 Winterthur
info@sidora.ch

We will indicate where other controllers are responsible for the processing of personal data in individual cases.

2. Definitions and Legal Bases

2.1 Definitions

Personal data means any information relating to an identified or identifiable natural person. A data subject is a person about whom we process personal data.

Processing encompasses any operation involving personal data, regardless of the means and methods employed, including but not limited to the collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure and destruction of personal data.

The European Economic Area (EEA) comprises the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.

2.2 Legal Bases

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the Ordinance on Data Protection (DPO).

Where and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data on the basis of at least one of the following legal grounds:

  • Art. 6(1)(b) GDPR for the processing of personal data necessary for the performance of a contract with the data subject or for the implementation of pre-contractual measures.
  • Art. 6(1)(f) GDPR for the processing of personal data necessary to protect the legitimate interests of ourselves or third parties, provided that the fundamental freedoms, fundamental rights and interests of the data subject do not prevail.
  • Art. 6(1)(c) GDPR for the processing of personal data necessary for compliance with a legal obligation.
  • Art. 6(1)(e) GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.
  • Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6(1)(d) GDPR for the processing of personal data necessary to protect the vital interests of the data subject or of another natural person.

We require the collected personal data for the performance of contractual obligations (e.g. orders, invoicing) and for contacting you (customer service). Your data is collected, stored, processed and used for these purposes.

For statistical analysis of website access, we use logs. The following information is recorded and stored until automatic deletion:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access was made (referrer URL)
  • Browser used and, where applicable, the operating system of your computer and the name of your access provider

This data is collected and processed for internal statistical purposes and to ensure system security and stability.

We process your personal data, insofar as necessary, for the duration required for the respective purpose or purposes, in particular for the entire duration of the business relationship and beyond that in accordance with statutory or contractual retention and documentation obligations. This data is only accessible to authorised Sidora employees via passwords.

We use your personal data solely for the purposes stated above. As a matter of principle, data will not be disclosed to third parties without your express consent. Insofar as we are obliged to do so by law or by court order, we will transmit your data to the bodies entitled to receive such information.

3. Nature, Scope and Purpose

We process the personal data that is necessary to carry out our activities and operations on a permanent, user-friendly, secure and reliable basis. Such personal data may fall into the categories of inventory and contact data, browser and device data, content data, metadata and marginal data and usage data, location data, sales data, as well as contract and payment data.

We process personal data for the duration required for the respective purpose or purposes or as required by law. Personal data whose processing is no longer necessary will be anonymised or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit it to third parties. Such third parties are in particular specialised providers whose services we use. We ensure data protection with such third parties as well.

As a matter of principle, we only process personal data with the consent of the data subjects concerned. Where and to the extent that processing is permissible for other legal reasons, we may refrain from obtaining consent.

In this context, we process in particular information that a data subject voluntarily provides to us when making contact -- for example by post, email, instant messaging, contact form, social media or telephone -- or when registering for a user account. We may store such information, for example, in an address book or using comparable tools.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, where and to the extent that such processing is permissible for legal reasons.

4. Job Applications

We process personal data of applicants insofar as it is necessary for assessing suitability for employment or for the subsequent performance of an employment contract. The required personal data arises in particular from the information requested, for example in the context of a job advertisement. We also process personal data that applicants voluntarily provide or publish, in particular as part of cover letters, curricula vitae and other application documents as well as online profiles.

5. Personal Data Abroad

As a matter of principle, we process personal data in Switzerland and in the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, in particular to process it or have it processed there.

We may transmit personal data to countries whose legislation does not ensure adequate data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard contractual clauses or with other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the special data protection requirements are met, for example the express consent of the data subjects or a direct connection with the conclusion or performance of a contract.

6. Rights of Data Subjects

6.1 Data Protection Claims

We grant data subjects all claims in accordance with applicable data protection law. Data subjects have in particular the following rights:

  • Access: Data subjects may request information as to whether we process personal data about them and, if so, which personal data is involved. Data subjects also receive the information necessary to assert their data protection claims and to ensure transparency.
  • Rectification and restriction: Data subjects may have inaccurate personal data rectified, incomplete data completed and the processing of their data restricted.
  • Erasure and objection: Data subjects may have personal data erased ("right to be forgotten") and object to the processing of their data with effect for the future.
  • Data portability: Data subjects may request the disclosure of personal data or the transfer of their data to another controller.

We may postpone, restrict or refuse the exercise of the rights of data subjects within the legally permissible framework. We may inform data subjects of any requirements that must be fulfilled for the exercise of their data protection claims.

6.2 Right to Lodge a Complaint

Data subjects have the right to enforce their data protection claims through legal proceedings or to lodge a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

7. Data Security

We take appropriate technical and organisational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security.

Access to our website is secured by means of transport encryption (SSL/TLS, in particular using the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock symbol in the address bar.

Our digital communications are subject -- as is essentially all digital communication -- to mass surveillance without cause or suspicion as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police and other security authorities.

8. Use of the Website

8.1 Cookies

We may use cookies. Cookies -- both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) -- are data stored in the browser. Such stored data need not be limited to traditional cookies in text form.

Cookies may be stored in the browser temporarily as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a defined storage duration. Cookies enable, in particular, the recognition of a browser upon the next visit to our website and thus, for example, the measurement of the reach of our website.

Cookies may be deactivated in whole or in part and deleted at any time in the browser settings. Without cookies, our website may no longer be fully available. We request -- at least where and to the extent necessary -- active express consent for the use of cookies.

8.2 Server Log Files

We may collect the following information for each access to our website, provided that such information is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including the volume of data transferred, last website accessed in the same browser window (referer or referrer).

We store such information, which may also constitute personal data, in server log files. The information is necessary to provide our website on a permanent, user-friendly and reliable basis and to ensure data security and thus in particular the protection of personal data.

8.3 Tracking Pixels

We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels -- including those from third parties whose services we use -- are small, usually invisible images that are automatically retrieved when visiting our website. The same information as in server log files can be captured with tracking pixels.

9. Notifications and Communications

We send notifications and communications by email and through other communication channels such as instant messaging or SMS.

9.1 Performance and Reach Measurement

Notifications and communications may contain web links or tracking pixels that record whether an individual communication was opened and which web links were clicked. Such web links and tracking pixels may also track the use of notifications and communications on a personal basis. We require this statistical tracking of usage for performance and reach measurement in order to send notifications and communications effectively, in a user-friendly manner and on a permanent, secure and reliable basis, based on the needs and reading habits of the recipients.

9.2 Consent and Objection

As a general rule, you must expressly consent to the use of your email address and your other contact details, unless such use is permissible for other legal reasons. For any consent, we use the "double opt-in" procedure wherever possible.

You may, as a general rule, object to receiving notifications and communications such as newsletters at any time. This is subject to the reservation of necessary notifications and communications in connection with our activities and operations.

9.3 Service Providers for Notifications and Communications

We send notifications and communications with the assistance of specialised service providers.

We use in particular:

  • Brevo: Building and maintaining customer relationships, in particular by email and instant messaging; provider: Sendinblue GmbH (Germany).

10. Social Media

We maintain a presence on social media platforms and other online platforms in order to communicate with interested persons and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The general terms and conditions, terms of use, privacy policies and other provisions of the respective operators of such platforms also apply. These provisions provide information in particular about the rights of data subjects directly vis-a-vis the respective platform, which include, for example, the right of access.

11. Third-Party Services

We use services from specialised third parties in order to carry out our activities and operations on a permanent, user-friendly, secure and reliable basis. With such services, we can, among other things, embed functions and content in our website. In the case of such embedding, the services used collect, for technically necessary reasons, at least temporarily the Internet Protocol (IP) addresses of users.

For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymised or pseudonymised manner.

We use in particular:

  • Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and in Switzerland.
  • Microsoft Services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom and in Switzerland.

11.1 Digital Infrastructure

We use services from specialised third parties to utilise the required digital infrastructure in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.

We use in particular:

  • Cloudflare: Content Delivery Network (CDN); Cloudflare Inc. (USA).
  • hosttech: Hosting; hosttech GmbH (Switzerland).

11.2 Map Material

We use third-party services to embed maps in our website.

We use in particular:

  • Google Maps including Google Maps Platform: Map service; provider: Google.

11.3 Digital Audio and Video Content

We use services from specialised third parties to enable the direct playback of digital audio and video content.

We use in particular:

  • Vimeo: Video platform; provider: Vimeo Inc. (USA).
  • YouTube: Video platform; provider: Google.

11.4 Lead Generation Service

We use the lead generation service of Leadinfo B.V., Rotterdam, the Netherlands. This service identifies company visits to our website based on IP addresses and displays publicly available information to us, such as company names or addresses. In addition, Leadinfo sets two first-party cookies to analyse user behaviour on our website.

12. Website Extensions

We use extensions for our website in order to utilise additional functions.

We use in particular:

  • Google reCAPTCHA: Spam protection; provider: Google.

13. Performance and Reach Measurement

We endeavour to determine how our online offering is used. In this context, we may, for example, measure the success and reach of our activities and operations as well as the effect of third-party links to our website.

For performance and reach measurement, the Internet Protocol (IP) addresses of individual users are stored in most cases. In this case, IP addresses are generally truncated ("IP masking") in order to follow the principle of data minimisation through the corresponding pseudonymisation.

Cookies may be used and user profiles may be created in the context of performance and reach measurement. As a general rule, any user profiles are created exclusively on a pseudonymised basis and are not used for the identification of individual users.

We use in particular:

  • Google Analytics: Performance and reach measurement; provider: Google; measurement also across different browsers and devices (cross-device tracking).
  • Google Tag Manager: Integration and management of other services for performance and reach measurement as well as further services from Google and from third parties; provider: Google.

14. Final Provisions

We may amend and supplement this Privacy Policy at any time. We will inform about such amendments and supplements in an appropriate manner, in particular by publishing the current Privacy Policy on our website.