Privacy Policy


Table of contents

1. General Information
1.1 Data Protection Officer
1.2 Rights of Data subjects and supervisory authority
1.3 Legal Basis
1.4 Storage Duration
1.5 Data Security
1.6 Transmission to Service Providers
1.7 Data Transfer to Third Parties
1.8 No Obligation to Provide data/no profiling

2. Server Protocols
3. E-Mail Contact
4. Application and Career
5. Newsletter6. Google Tag Manager
7. Google reCaptcha
8. LinkedIn Analytics
9. LinkedIn Ads
11. Doubleclick.net12. Cookies
13. Amendment of the Privacy Policy

1. General Information

The Controller for all processing of personal information in connection with the use of this website is:
- c/o rconcept GmbH
- Hohlstraße 192
- 8004
- Zürich

As a company registered under the laws of Switzerland, the Basic Data Protection Regulation ("GDPR") is not directly applicable to EMPAUA.

Personal data is processed in accordance with the Swiss Federal Law on Data Protection ("DSG"). However, EMPAUA has implemented (on a voluntary basis and without any legal obligation) a data protection management system ("DPMS") based on the requirements of the GDPR to ensure compliance with the high data protection standards of the European Union.

The DPMS includes European companies of the EMPAUA group (e.g. based in Germany, Spain, United Kingdom), which are partly responsible for individual data processing operations.

This Privacy Statement describes the collection and use of personal data in connection with the use of our website. In addition to the rights under the DSG, user of this website have the possibility to exercise certain rights conferred under the GDPR. Processing activities that are not covered by this data protection declaration may be supplemented by further privacy statements.

1.1 Data Protection Officer
We have appointed an external data protection officer through Simpliant. Simpliant advises us as external data protection officer and in the implementation and maintenance of our data protection management system.

You can contact our appointed data protection officer:

- by post at the above address ("- for the attention of the Data Protection Officer - ")
- or by e-mail at

More information about Simpliant can be found at
1.2 Rights of data subjects and supervisory authority

You can exercise the following rights:
- Information about your data stored by us and its processing (Art. 8 DSG, Art. 15 GDPR),
- Correcting incorrect personal data (Art. 5 para. 2 DSG, Art. 16 GDPR),
- Deletion of your data stored with us (Art. 17 GDPR),
- Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
- Portability of the data if you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR)
- Opposition to the processing of your data by us (Art. 21 GDPR)

In principle, you can exercise the rights of data subjects in respect of all processing activities. In order to make it easier for you to exercise your rights, information is sometimes provided on separate exercise options for the respective processing operations (e.g. by means of opt-out links).

To exercise your rights, you can contact data protection officer by e-mail. For identification purposes, we generally require the following information:

- First and last name
- postal address

In case of doubt as to the origin of a request, identification can be carried out by means of a copy of your identity card, to the extent necessary for identification beyond doubt. The processing of your application and the identification of your person is based on Art. 6 para. 1 lit. c GDPR.

1.3 Legal Basis

Personal data processed on this website is processed in accordance with Art 12 DSG.

1.4 Storage Duration
The duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.

1.5 Data Security
In order to protect the security of your data during transmission, we use technical and organisational security measures, such as the SSL encryption of our website, to prevent unauthorised access by third parties. The data security measures are based on the risk of the processing in question. As a rule, data is stored on ISO 27001 certified servers. Our security measures are continuously improved and adapted in line with technological developments.

1.6 Transmission to service providers
We use service providers to provide our services. These service providers act only in accordance with our instructions (Art. 10a DSG). If not further specified below, the service providers are commissioned to provide the following services, among others:

- Fulfilment of our contractual obligations
- Provision of the platform/app
- Maintenance of IT systems and related services
- APIs and interfaces for the integration of third-party tools
- Handling of our customer service and management of enquiries
- Measurement and statistics of website use
- Management of customer contacts
- Communication and marketing
- Processing of payments

1.7 Data transfer to third countries
Our servers and hosting providers are located exclusively in the European Union. There is no data transfer of your provided data to the USA.

However, the transfer of personal data to the USA is possible for third-party tools that you can use within the scope of our offer. If personal data is transferred to a third country outside the European Union or the European Economic Area, this only happens if the requirements of Art. 44- 49 GDPR and Art. 6 DSG are met, in particular if the transfer is secured by standard contractual clauses, an adequacy decision by the Commission or binding company rules.

1.8 No obligation to provide data/no profiling
You are not obliged to provide us with personal data. Every data transfer is based on your voluntary decision. However, the use of our services is in part only possible if we process your personal data. Your data will not be used for profiling or automatic decision-making.

2. Server Protocols

the nature and purpose of the processing:

We do not operate our own server infrastructure but use service providers ("hosting providers") for this purpose. The service provider processes our data as a commissioned processor and is subject to our instructions. When you visit our website, certain data is stored in a server log by the hosting provider.

The data stored there include:
- IP address
- Name of the access provider
- Browser type, version of the browser software and language of the browser
- Operating system
- Date and time of access
- Content of the access
- Amount of data transferred
- Access status (successful transmission/error)
- Websites to which you have been redirected
- Visited websites

The processing is carried out for the following purposes:
- Ensuring a trouble-free connection to the website
- Ensuring a smooth use of our website
- Assessment of system security and stability

Storage duration:
The storage period from the time of collection is 14 days.

3. E-Mail Contact

Nature and purpose of data processing:
You can get in touch with us by sending us an e-mail. The data you have entered and transmitted will be processed for the purpose of individual communication with you. You can specify your request and contact one of our offices directly using the contact information on our website.

The recipients of the data are processors on behalf. As contract processors, the service providers are obliged to process the data only within the scope of our instructions.

Storage duration:
If no legal retention periods require the storage of the data or if the nature of the processing requires the ongoing processing of personal data, your data will be deleted at the latest 3 years after the last contact. If a contractual relationship is established, your contact data will be stored for as long as this contractual relationship lasts. If we are subject to statutory retention periods, we will comply with these and delete your data after these periods have expired.

4. Application and Career

Nature and purpose of data processing:
On our website you have the possibility to apply for a job (especially for open positions). As a rule, personal data is collected directly from you during the application process - when you apply for a specific job advertisement or submit a speculative application. In addition, we may also have received data from third parties (e.g. job exchanges such as if you have applied to us via such a platform. In addition, we may process personal data that we are permitted to receive from publicly accessible sources (e.g. professional social networks).

In order to accept and evaluate your application and depending on the data provided by you, we may process the following personal data:All the information you provide about yourself:

- Name
- Contact details
- E-mail
- Phone number
- Date and place of birth
- Advertisement photo
- Files and documents, such as diplomas and certificates, which you send us in connection with your application

Only the departments and groups of people directly involved in the recruitment process have access to the data you provide. All employees involved have been obliged to keep your data confidential.

In addition, the data can be processed by the service providers (e.g. job platform). As processors, the service providers are obliged to process the data only within the scope of our instructions or - depending on the use of the service provider - as joint-controllers in accordance with the GDPR.

Storage duration:
Your personal data will be deleted at the latest six months after the end of the application procedure. Anything else applies only if you have given us your express consent to store your data in our applicant pool for a possible later job offer and thus later consideration. In the event of recruitment, we will include the data provided in our personnel file.

5. Newsletter

Nature and purpose of data processing:
On our website we offer you the opportunity to register for an e-mail newsletter with regular product news and updates. For these purposes we need to process your e-mail address and your name. This data is processed solely for the purpose of providing you with this information. Mailchimp uses click-tracking, open-tracking, and Google analytics tracking.

The recipients of the data are processors on behalf. As contract processors, the service providers are obliged to process the data only within the scope of our instructions.

Storage duration:
We process your data until you unsubscribe from our newsletter or revoke your consent. You can do this by clicking on the "unsubscribe link" which is included in every newsletter mail.

Transfer to third countries:
A transfer of data to third countries outside the EU cannot be excluded. In this context, the service provider may transfer the collected data to the USA.

6. Google Tag Manager

We use Google Tag Manager. Google Tag Manager is a very popular tool for websites of any size and shape. It organizes all the third-party tags on our website and controls when they are triggered.

7. Google reCaptcha

Nature and purpose of data processing:
reCaptcha is a free captcha service from Google that protects websites from spam software and abuse by non-human visitors. This service is most commonly used when filling out forms on the internet. A captcha service is a kind of automatic Turing test, which is intended to ensure that an action on the internet is performed by a human and not by a bot.

Storage duration:
Google reCaptcha stores your data only for the duration of the respective visit.

8. LinkedIn Analytics

Nature and purpose of data processing:
We have a company profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn Analytics uses analytical research in relation to our social media account on LinkedIn, from which the following information is derived:
- Visitor highlights
- Visitor metrics
- Visitor demographics
- Life-page traffic

Further details can be found in LinkedIn's privacy policy:
Storage duration:
The storage period from the date of the survey is 14 months.

9. LinkedIn Ads

Nature and purpose of data processing:
We use "LinkedIn Ads" on our website, a product of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn Ads stores and processes information about your user behaviour on our website. LinkedIn Ads uses cookies (Clause 4), i.e. small text files that are stored locally in the cache of your web browser on your end device and which enable an analysis of your use of our website.

We use LinkedIn Ads for marketing and optimisation purposes, in particular to analyse the use of our website and to continuously improve individual functions and offers as well as the user experience.

Storage duration:
LinkedIn Ads only stores your data for the duration of the respective visit.


Nature and purpose of data processing: collects data about visitors' preferences and behaviour on the site - This information is used to make content and advertising more relevant to each visitor.

Storage duration: stores your data only for the duration of the respective visit.


Nature and purpose of data processing:
This website still uses the online marketing tool DoubleClick by Google. DoubleClick uses cookies to serve ads relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them being shown more than once. DoubleClick may also use cookie IDs to track conversions related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser's website using the same browser and makes a purchase.

Storage duration:
Your data will be stored for up to one year.

12. Cookies

13. Amendment of the Privacy Policy

We reserve the right to adapt this data protection declaration in order to always comply with current legal requirements or to present changes to our offers in the data protection declaration (e.g. when introducing new services). The current version of the data protection declaration applies.

Go up