1. General information on data processing
1.1 Controller
1.2 Data Protection Officer
1.3 Data subject rights and supervisory authority
1.4 Processing of data, purpose and legal basis
1.5 Storage duration
1.6 Data security
1.7 Transmission to service provider
1.8 Data transfer to third countries
1.9 No obligation to provide data / No profiling
2. Processing activities
2.1 Server logs
2.2 E-mail contact
2.3 Contact form
2.4 Application and career
2.5 Content Download
2.6 Content Delivery Network (CDN)
2.7 Request demo
2.8 Consent Management
2.9 Website analysis
2.10 Marketing and advertising
3. Cookies and third-party tools
3.1 AWS CloudFront
3.2 Google Ads
3.3 Google Analytics
3.4 Google reCaptcha
3.5 Google Tag Manager
3.6 jQuery CDN
3.7 JSDelivr CDN
3.8 LinkedIn Analytics & Ads
3.9 Webflow
3.10 Weglot
3.11 Cookiebot
3.12 Youtube Video
4. Data processing on our social media pages
5. Changes to the privacy policy
As a company registered under Swiss law, the EU General Data Protection Regulation ("GDPR") is not directly applicable. Personal data is processed in accordance with the Swiss Federal Act of Data Protection ("FADP"), irrespective of the naming of provisions and terms from the GDPR
However, Empaua has implemented (on a voluntary basis and without legal obligation) a Data Protection Management System ("DPMS") based on the requirements of the GDPR to ensure compliance with the high European Union data protection standards within Empaua. The DPMS includes European companies of Empaua (e.g. located in Germany, Spain, United Kingdom) which are jointly responsible for individual data processing operations.
This privacy policy describes the collection and use of personal data in connection with the use of our website. In addition to the rights under the FADP, users of this website have the opportunity to exercise certain rights under the GDPR. Processing not described by this privacy policy may be supplemented by further privacy statements.
1.1 Controller
The controller for all processing of personal data in connection with the use of this website is the:
Empaua ("Empaua"/"We")
Grubenstrasse 27
8045 Zurich
Switzerland
You can contact us about privacy-related inquiries at dataprotection@empaua.com
1.2 Data Protection Officer
We have appointed an external data protection officer through Simpliant. Simpliant advises us as an external data protection officer and on the implementation and maintenance of our DPMS. Our data protection officer is registered with a German supervisory authority. For more information about Simpliant, please visit https://www.simpliant.eu
You can contact our appointed data protection officer at:
• by post at the above address ("- for the attention of the Data Protection Officer -")
• or by e-mail at dataprotection@empaua.com
1.3 Data subject rights and supervisory authority
You can exercise the following rights:
• Right to information about your data stored by us and its processing (Art. 15 GDPR),
• Right to rectification of inaccurate personal data (Art. 16 GDPR),
• Right to have your data stored by us deleted (Art. 17 GDPR),
• Right to restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
• Right to portability of data if you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR),
• Right to object to the processing of your data by us (Art. 21 GDPR)
• If we process your data on the basis of your consent, you have the right to withdraw your consent at any time with effect for the future (Art. 7 para. 3 GDPR).
To exercise your rights, you can contact us by email at dataprotection@empaua.com
For identification purposes, please provide the following information:
• First and last name
• E-mail address
In individual cases, further information may be required for unique identification. The processing of your request and the identification of your person is based on Art. 6 para. 1 lit. c GDPR.
You can file a complaint with a supervisory authority at any time, e.g. at your place of residence, or with the authority responsible for us.
The contact information for the supervisory authority responsible for you in Switzerland can be found here.
The contact information for the supervisory authority responsible for you in Germany can be found here.
The contact information for the supervisory authority responsible for you in Spain can be found here: https://www.aepd.es/es
The contact information for the supervisory authority responsible for you in the United Kingdom can be found here: https://ico.org.uk/
1.4 Processing of data, purpose and legal basis
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act of Data Protection ("FADP").
The legal basis of all our processing activities is based on Art. 6 para. 1 GDPR. You will receive further information in the context of the presentation of the individual processing activities.
1.5 Storage duration
We will take all reasonable steps to ensure that your personal data is processed only for the period required by the purpose of processing in each case. If the storage period is not specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law (depending on the respective national regulation). Furthermore, we may retain your personal data until the expiry of the statutory limitation periods (usually three years; in individual cases, however, up to 10 years or longer), provided that this is necessary for the assertion, exercise or defense of legal claims.
1.6 Data security
To protect the security of your data during transmission, we use technical and organizational security measures, in particular the encryption of our website to prevent unauthorized access by third parties. An HTTPS encrypted connection is used. Our security measures are continuously improved and adapted according to technological developments.
1.7 Transmission to service provider
We use service providers for the provision of our services. These service providers act only according to our instructions and are contractually obligated to comply with the provisions of Art. 28 GDPR.
1.8 Data transfer to third countries
Our servers and hosting providers are located in the European Union and Switzerland. Your personal data will only be transferred to third countries if the requirements of Art. 44 - 49 GDPR are met, in particular standard contractual clauses, binding corporate rules, adequacy decision of the Commission, as well as - if necessary - further required protective measures (in particular so-called transfer impact assessments).
1.9 No obligation to provide data / No profiling
There is no legal or contractual obligation to provide us with data. However, some services can only be provided if the necessary data is provided by you. Your personal data will not be used for automated decision making including profiling.
Our website offers different areas with different functionalities for the visitor, which are described in more detail below.
2.1 Server logs
Nature and purpose of data processing:
When you access our website, information of a general nature is automatically collected. This information, known as server log files, includes:
- IP address
- Name of the access provider
- Browser type, browser software version and browser language
- Operating system
- Date and time of access
- Access content
- Amount of data transferred
- Access status (successful transmission/error)
- Web page(s) to which the access was redirected
- Visited websites
The processing is carried out for the following purposes:
- Ensuring a trouble-free connection to the website
- Ensuring a smooth use of our website
- Assessment of system security and stability
Legal basis:
The processing is carried out pursuant to Art. 6 para. 1 lit. f GDPR based on our legitimate interest to host the website and to improve and monitor the security, stability and functionality of the website.
Recipient:
The recipient of the data is a technical service provider who is responsible for the operation and maintenance of our website. As processors, the service providers are obliged to process the data only within the scope of our instructions.
Transfer to third countries:
There is a transfer of data to processors on behalf in the USA. The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.
Retention period:
The server log files are retained for 14 days. Data whose further retention is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
2.2 E-mail contact
Nature and purpose of data processing:
You can contact us by sending us an e-mail. The data you enter and send will be processed for the purpose of individual communication with you. Using the contact information on our website, you can specify your request and contact one of our offices directly.
Legal basis:
The processing of the data transmitted by you via e-mail is based on a legitimate interest (Art. 6 para. 1 lit. f GDPR) in efficient and simple communication with you. Depending on the nature of your request, the processing of the transmitted data may also serve the implementation of pre-contractual and contractual measures (Art. 6 para. 1 lit. b GDPR).
Recipient:
The recipients of the data are processors on our behalf. As processors on our behalf, the service providers are obliged to process the data only within the scope of our instructions.
Storage period:
If no legal retention periods require the storage of the data or if the type of processing requires the ongoing processing of personal data, your data will be deleted no later than three years after the last contact. If a contractual relationship is established, your contact data will be stored for as long as this contractual relationship exists. If we are subject to legal retention periods, we will comply with these and delete your data after these periods have expired.
2.3 Contact form
Nature and purpose of the processing:
Furthermore, there is the possibility to contact us via a contact form on the website. In this context, we may process your IP address, your e-mail address, your name, your telephone number, your job title, your company, your industry, your country and the content of your inquiry.
Legal basis:
The data is processed for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR). In addition, you will be processed to protect our legitimate interests Art. 6 para. 1 lit. f GDPR to provide our customers with a straightforward customer service.
Retention period:
The data is deleted if it is no longer necessary. The necessity is reviewed at regular intervals.
2.4 Application and career
Nature and purpose of data processing:
On our website https://de.empaua.com/ you have the opportunity to apply for a job (especially for vacancies). As a rule, personal data is collected directly from you as part of the application process - when you apply for a specific job posting or submit a speculative application. In addition, we may also have received data from third parties (e.g. job boards) if you have applied to us via such a platform. In addition, we may process personal data that we may receive from publicly available sources (e.g. professional social networks).
In order to accept and evaluate your application and depending on the data provided by you, we may process the following personal data:
Any information you provide about yourself, such as.
• Name
• Contact details
• E-mail
• Phone number
• Date and place of birth
• Application photo
• LinkedIn profile
• Conclusion
• Information about the previous employer, salary expectation
• Files and documents, such as certificates and references, that you send us in connection with your application
• Other personal data transmitted to us as part of the application process
Legal basis:
The processing of the data that you have provided to us as part of the application process is based on Art. 6 para. 1 lit. b, Art. 88 GDPR in conjunction with the respective national regulation. In case of your consent, the legal basis is Art. 6 para. 1 lit. a GDPR.
Recipient:
Your application data may be shared between entities within the corporate group. Only the departments and groups of people involved in the recruitment process have access to the data you provide. All employees involved have been obligated to treat your data confidentially.
In addition, the data may be processed by the service providers (e.g. our job platform). As processors, the service providers are obliged to process the data only within the scope of our instructions.
Duration of storage:
Your personal data will be deleted no later than six months after completion of the application process.
Something else only applies if you have given us your express consent to store your data in our applicant pool for a possible later job offer and thus a later consideration. In the event of employment, we will include the data provided in our personnel file.
2.5 Content Download
Nature and purpose of data processing:
On our website there is the possibility to download so-called white papers or cheat sheets. For this purpose, we process personal data: Your name, your e-mail address and your company.
Legal basis:
The processing of the data is based on your consent, Art. 6 para. 1 lit. a GDPR.
Retention period:
The data retention period is six years.
2.6 Content Delivery Network (CDN)
Nature and purpose of data processing:
Our website uses CDN tools to improve the retrieval times of our website for visitors and to prevent denial-of-service attacks. In the process, your IP address is transmitted to a service provider.
Legal basis:
The legal basis for this is Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the quality assurance, security and economic operation of our website.
Recipient:
The recipients of the data are order processors outside the EU/EEA. The service providers are obliged to process the data only according to our instructions.
Transfer to third countries:
Appropriate safeguards exist for the transfer of your data to countries outside the EU or EEA. The order processing contract with the service providers contains standard contractual clauses approved by the EU Commission and appropriate guarantees for compliance with data protection obligations.
2.7 Request demo
Nature and purpose of the processing:
You have the option to request a demo, in the course of which we may process your IP address, email address, name, phone number, job title, company, industry, country, demo type and contents of your request.
Legal basis:
The data is processed for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR). In addition, you will be processed to protect our legitimate interests Art. 6 para. 1 lit. f GDPR to provide users of our website with an uncomplicated service.
Retention period:
The data is kept for six months.
2.8 Consent Management
Nature and purpose of the processing:
Our website uses cookies for various processing activities for which your consent is required. In order to obtain and store such consent, we use a so-called "cookie banner". As part of this, a cookie - a small text file - is set on your device to register your selection/consent. For this purpose, we process your IP address, among other things.
Legal basis:
The processing is carried out pursuant to Art. 6 para. 1 lit. f GDPR, based on our legitimate interest of documenting compliance with the provisions of the GDPR.
For more information, see the "Cookies and third-party tools" section.
2.9 Website analysis
Nature and purpose of data processing:
This website uses cookie-based technologies to help us better understand how the website is used. We do this by compiling reports about activity on the website that do not identify specific individuals. Analytics cookies process your IP address and data about usage patterns on our website (e.g., which pages were visited and which buttons were clicked) for this purpose.
Legal basis:
The processing is carried out with your consent in accordance with Art. 6 para. 1 lit. a GDPR.
For more information, see the section "Cookies and third-party tools".
2.10 Marketing and advertising
Nature and purpose of data processing:
This website uses cookie-based technologies that help us run marketing and advertising campaigns. Advertisers can use them to serve ads that are primarily based on search results when using the company's own services.
Legal basis:
The processing is carried out with your consent in accordance with Art. 6 para. 1 lit. a GDPR.
For more information, see the "Cookies and third-party tools" section.
3.1 AWS CloudFront
AWS CloudFront is used to properly deliver the content on our website. AWS CloudFront is a service provided by Amazon Web Services, Inc. which acts as a content delivery network (CDN) on our website.
A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Amazon Web Services, Inc., whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the purposes stated above and to maintain the security and functionality of AWS CloudFront. For more information, please see the AWS CloudFront Privacy Policy: https://aws.amazon.com/de/privacy/
3.2 Google Ads
This website uses remarketing functions in the Campaign Manager of Google Ltd, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. These functions enable the website visitor to be presented with interest-based advertising within Google's advertising network. For this purpose, a cookie is stored on the visitor's computer. The character string contained therein is used to recognize the visitor when visiting websites that are part of the Google advertising network. There, the visitor can be shown advertisements that relate to previously visited content on websites that use Google Remarketing.
Google uses the so-called "DoubleClick" cookie for this purpose, among others. The DoubleClick cookie is only used for the remarketing function. In the process, the following data can be transmitted via cookies: IP address, browser type, browser software version and browser language, operating system, date and time of access, content data of the access. Your data may be transferred to third countries on the basis of standard contractual clauses.
According to Google, the remarketing function does not collect any personal data. If you still do not wish to use Google's "interest-based advertising" function, you can generally deactivate it in the settings at http://www.google.com/settings/ads Alternatively, you can also set your browser so that it does not accept cookies or only accepts certain cookies. Please note that this may limit the functionality and convenience of websites. You can also deactivate the use of cookies for interest-based advertising via the advertising network initiative. To do so, follow the instructions at: http://www.networkadvertising.org/managing/opt_out.asp
3.3 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies that enable the website to analyze your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in Ireland. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Browser Add-On.
As an alternative to the browser add-on described above or when visiting our website on mobile devices, you can prevent tracking by Google Analytics on our pages by clicking on this link: https://tools.google.com/dlpage/gaoptout . This will install an opt-out cookie on your device and prevent the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser.
3.4 Google reCaptcha
reCaptcha is a free captcha service from Google that protects websites from spam software and abuse by non-human visitors. This service is most commonly used when filling out forms on the Internet. A captcha service is a kind of automatic Turing test that is designed to ensure that an action on the Internet is performed by a human and not by a bot. Here, IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on web pages, previously visited web pages and are processed. Google reCaptcha stores your data only for the duration of the respective visit.
We operate pages on the following social media channels:
• Facebook: facebook.com or mobile app of Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd. 4 Grand Canal Square, Dublin 2, Ireland, see under: https://www.facebook.com/policy.php
• Instagram: instagram.com or mobile app of Facebook Ireland Ltd. 4 Grand Canal Square, Dublin 2, Ireland, see under: http://instagram.com/about/legal/privacy/
• Twitter: twitter.com or mobile app from Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, see under: https://twitter.com/en/privacy
• LinkedIn: linkedin.com or mobile app by LinkedIn Corporation, Legal Department - Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA or LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, see under: https://www.linkedin.com/legal/privacy-policy
• YouTube: Youtube.com or mobile app from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4th, Ireland, see under: https://policies.google.com/privacy
When you visit our social media pages, data is processed both by us and by the respective social media provider as the responsible party.
The respective social media provider assumes the data protection obligations towards you as a user, such as providing information about data processing, and is the contact for your rights. This results from the fact that such a provider has direct access to the relevant information on the social media site and the processing of your data.
When using Facebook, Instagram, Twitter or LinkedIn, the data may also be processed outside the EU.
We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or to make changes to our offers in the data protection declaration, e.g. when introducing new services. The current version of the data protection declaration applies in each case.
Our website uses so-called cookies. Cookies are small text files that are stored on your device and in your browser. They serve to make our offer more user-friendly, effective and secure.
Most of the cookies we use are so-called session cookies. These cookies are automatically deleted at the end of the session. The session cookies are used to assign successive page views to individual users who access our website at the same time. Other cookies are stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.
If personal data is processed and the cookies used are not necessary for the provision of our offers, the processing is regularly based on your consent, which you give by clicking on the cookie banner displayed, Art. 6 para. 1 lit. a GDPR.
You can set your browser so that you are informed about the setting of cookies, decide on a case-by-case basis whether to accept them or exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser.
In addition, it is possible to prevent the collection and processing of the data generated by the "cookies" in connection with the use of this website, e.g. by using the browser plugins mentioned below. However, depending on the setting, deactivation may lead to a restriction of the user comfort.
Logout links:
• Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
• Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-Websites-entfernen
• Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE
• Opera: http://www.opera.com/de/help
• Facebook: https://www.facebook.com/ads/preferences or https://www.facebook.com/settings
• Instagram: https://www.instagram.com/accounts/privacy_and_security/
• Twitter: https://twitter.com/personalization
• LinkedIn: https://www.linkedin.com/psettings/privacy