This privacy policy applies to the processing of personal data by Vibraplast AG in accordance with the Swiss Data Protection Act (DSG) and the General Data Protection Regulation (GDPR) of the European Union.

It contains the most important information about,

• what data the website operator processes,
• why this data is required,
• how this data is protected,
• what benefits you can derive from this data processing and
• how you can object to the processing.

The website operator is Vibraplast AG, CHE-107.086.109, Wittenwilerstrasse 25, 8355 Aadorf.

The website operator takes your privacy very seriously and treats your personal data confidentially and in accordance with legal requirements. Due to new technologies and the constant further development of this website, changes to this privacy policy may become necessary. We therefore recommend that you read the privacy policy again at regular intervals.

Definitions of the terms used (e.g. "personal data" or "processing") can be found in Art. 5(a–d) of the DSG or in Art. 4 of the GDPR.

Unless otherwise stated in individual cases, Urs Dutly is responsible for the data processing described here.

Data protection enquiries can be sent to us by letter or e-mail, together with a copy of the user's ID card or passport for identification purposes:

Vibraplast AG
Wittenwilerstrasse 25
8355 Aadorf
CH-Switzerland

Telephone: +41 52 368 00 48
E-Mail: urs.dutly@vibraplast.ch

As soon as the Vibraplast AG website or the Vibraplast AG online shop is visited, even without logging in, the website server automatically stores general technical information. This in particular includes details of the browser type, the anonymised IP address of the device you use to access the website, the operating system used, as well as data from the internet service provider.

When using the Vibraplast AG online shop with login or registration or when filling in online forms as well as when corresponding by email with Vibraplast AG, the registration data and all data entered by the user are also stored. When purchasing products or services, for example soundproofing or rubber products, we require – depending on the product and purchase channel – personal information. This applies in particular if you place orders, take part in surveys, correspond with us online or offline, or contact us via social media, blogs or other interactive media.

By submitting personal data or registering, you consent to the scope as well as the use, processing and disclosure of your personal data within the meaning of this privacy policy.

We process personal data in particular in the following categories of processing:

• when managing customers for whom we provide or have provided services
• when managing personal data that we have received indirectly from our customers in the course of providing services
• when managing personal data of our employees and freelancers
• when visiting our website
• when otherwise contractually related, e.g. as a supplier, service provider or consultant
• in the case of job applications
• when we are obliged to do so for legal or regulatory reasons
• when we exercise our due diligence obligations or other legitimate interests, e.g. to avoid conflicts of interest, prevent money laundering or other risks, ensure data accuracy, verify creditworthiness, guarantee security or enforce our rights

More detailed information can be found in the description of the respective categories of processing in section 4.

Which personal data we process depends on your relationship with us and the purpose for which we process it. In addition to your contact details, we also process other information about you, to the extent required within our relationship.

We collect the following categories of personal data, which depend on the respective purpose and are processed accordingly:

• Contact information (e.g. name, first name, address, telephone number, email)
• Personal information (e.g. date of birth, nationality, marital status, occupation, education, title, job title, passport or ID number, AHV number) for employees or freelancers
• Risk assessment data (e.g. creditworthiness information, commercial register data)
• Financial information (e.g. bank account details)
• Website data (e.g. IP address, device information (UDI), browser information, website usage such as analytics and use of plugins etc.)
• Application data (e.g. CV, employment references)
• Security and network data (e.g. visitor lists, access controls, network and mail scanners, telephone call lists)

Where permitted and necessary, we also obtain certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, internet) or receive such data from our customers and their employees, from authorities as well as from other third parties.

We have technical and organisational security procedures in place to safeguard the security of your personal data and to protect your session data and personal data against unauthorised or unlawful processing and/or against accidental loss, alteration, disclosure or access.

However, you should always be aware that the transmission of information via the internet and other electronic means carries certain security risks and that we cannot guarantee the security of information transmitted in this way.

The connection to our servers is secured using 256-bit SSL encryption. Customer data is regularly backed up and verified through a data backup process. Security measures are continuously adapted in line with technological developments.

To provide you with targeted information about products and offer you better advice, we use your data to continuously improve our services and maintain our business relationship with you. It also enables us to provide you with relevant marketing materials.

Your data may be shared with affiliated companies for these purposes. We also engage service providers to carry out technical and organisational tasks. These providers are contractually obliged to process your data exclusively on our behalf and in accordance with our instructions, and to comply with strict security measures.

We store personal data solely for the following purposes:

• Management of our customers, employees, freelancers and partner companies
• Collection of relevant contact information such as name, address, telephone number, email, etc.
• Collection of personal details such as date of birth, nationality, marital status, occupation, education, job title, AHV number and insurance details, specifically for employees
• Collection of financial information, such as bank details

This data is processed on the following legal bases:

• Fulfilment or execution of a contract with the data subject
• Safeguarding legitimate interests, e.g. for administration, quality improvement, security, risk management, enforcement of rights or assessment of potential conflicts of interest

No personal data is required to use our website. However, each time the website is accessed, the server automatically collects certain user information, which is temporarily stored in log files. This data cannot be directly attributed to a specific individual and is used for the technical provision, stability and security of the website, as well as for the analysis and optimisation of our online services.

The data collected includes, amongst other things:

• technical information such as IP address, device type, browser and UDI
• User behaviour such as page clicks, link clicks and newsletter opens

This data is processed on the following legal bases:

• Protection of legitimate interests, e.g. to improve quality, analyse user data and promote our services
• Consent, e.g. to the use of cookies

Cookies are small text files that are automatically stored on your device when you visit our website or online shop. They help us to make your experience more efficient, functional and user-friendly. The aim is to tailor our services to your needs as effectively as possible.

Cookies are safe. They neither damage your hard drive nor transmit personal data to us.

You can configure your browser to prevent cookies from being stored or to receive a notification for each new cookie. Our digital services can also be used without cookies, although this may result in some limitations in functionality.

The use of Vibraplast AG’s digital offerings is measured and analyzed by various technical systems, in particular by third-party providers such as Google Analytics. These analyses may be carried out anonymously or on a personal basis. In some cases, the data collected is passed on to third parties for processing.

Google Analytics, a service of Google Inc., is the most widely used analysis tool. Data may be transferred to servers in the USA. You can object to the collection and processing of data by Google Analytics by setting an opt-out cookie (Google Analytics Opt-Out).

Vibraplast AG does not have detailed knowledge of which specific data is collected or whether it is passed on in anonymised form.

Our digital services are integrated with external third-party systems and functions, including social network plug-ins such as Facebook, Twitter and Google Plus. If you have a user account with these services, they may be able to track and analyse your engagement with our platform.

In doing so, personal data such as IP addresses, browser settings and other parameters may be transmitted to these third-party providers and stored there.

We have no control over the use of this data by third parties and accept no responsibility or liability for this.

By registering on our website or in our online shop, you have agreed to us using your personal data for personalised advertising. This includes, in particular, the personalisation of advertising via email, such as our novum newsletter.

We will only send newsletters and promotional emails if you have given us your consent or if there is a legal basis for doing so.

Our website may contain hyperlinks to external websites operated by third parties and beyond our control. We accept no responsibility or liability for their content or data protection practices.

When you contact us (by telephone, email or chat) or visit us, we process the personal data required for this purpose. During visits, your contact details may be recorded and stored for a certain period of time in order to protect our infrastructure and information.

For online meetings, video conferences and webinars, we use Zoom, Microsoft Teams or Skype. In particular, the following data is processed:

• Contact details (name, address, telephone number, email)
• Communication data (IP address, duration, channel)
• Records of conversations, where relevant, data uploaded or provided by users
• Professional information (role, employer, title)
• Time and reason for the visit

Legal basis for processing:

• Fulfilment of contractual obligations, including contract initiation and enforcement
• Protection of legitimate interests, e.g. for security, traceability and the management of customer relationships

You can submit your application by post or by email using the address provided on our website. Your application documents and personal data will be treated in strict confidence, will not be passed on to third parties and used exclusively for processing your application.

Without your consent, your application file will either be returned to you once the process is completed or, if there is no legal requirement to retain it, deleted or destroyed.

Data processed:

• Contact details (name, address, telephone number, email)
• personal details (occupation, role, employer, title)
• Application documents (cover letter, CV, certificates, diplomas, photos)
• Evaluation information (recruitment consultant assessments, references, assessments)

Legal basis:

• legitimate interests (e.g. recruitment of new employees)
• Consent
• performance of a contract or pre-contractual measures

If we enter into a contract with you for the provision of a service, we will process your personal data or that of your employees. We require this data for communication and to utilise your services. It may also be used to assess conflicts of interest or to minimise risks (e.g. money laundering, sanctions).

Data processed:

• Contact details (name, address, telephone number, email)
• personal details (occupation, role, employer, title)
• Financial information (e.g. bank details)

Legal basis:

• Conclusion or performance of a contract, including contract initiation and enforcement
• Safeguarding legitimate interests, e.g. to avoid conflicts of interest, to protect the company and to enforce legal claims

If you take part in an event organised by us, we collect personal data for planning, running and follow-up. We also use your data to inform you about future events. During the event, photos or videos may be taken and published internally or externally.

Data processed:

• Contact details (name, address, telephone number, email)
• personal details (occupation, role, employer, dietary preferences)
• Images or videos
• Payment details (bank account details)

Legal basis:

• Performance of a contract, e.g. participation in the event
• Protection of legitimate interests, e.g. event management, dissemination of information and efficient organisation
• Consent, e.g. for marketing purposes or the publication of images

We will only disclose your personal data to third parties if this is necessary for the provision of our services, if third parties provide a service on our behalf, if we are legally or officially obliged to do so, or if there is an overriding interest in the disclosure. Furthermore, disclosure will take place if you have given us your consent or if you have requested us to do so.

Not all personal data is transmitted in encrypted form by default. Unless expressly agreed otherwise with you, data is transmitted unencrypted.

Potential recipients of personal data are:

• Service providers (e.g. IT service providers, hosting providers, consultants, lawyers, insurance companies)
• Authorities, government bodies and courts, where required by law or contract

We enter into Data Processing Agreements (DPAs) with service providers who process personal data on our behalf to ensure data protection. Most of our service providers are located in Switzerland or in the EU/EEA. In some cases, such as with Google Analytics, data may also be transferred to the USA or to other countries outside the EEA. Should this be necessary, the transfer will be carried out on the basis of the EU Standard Contractual Clauses or other suitable instruments to ensure data protection.

We process and store your personal data for as long as is necessary to fulfil our contractual and legal obligations or for the purposes pursued. This means that we may, for example, retain your data throughout the entire business relationship – from the initiation to the termination of a contract – and may also store it after the contract has ended due to statutory retention and documentation obligations.

Personal data may also be retained for the duration of the statutory limitation period in the event that claims could be brought against our company, or where legal obligations or legitimate business interests so require, for example for evidential and documentation purposes.

As soon as the personal data is no longer required for these purposes, it is generally deleted or anonymised, where possible. For operational data, such as system logs, shorter retention periods of usually twelve months or less apply.

We take appropriate technical and organisational measures to protect your personal data from unauthorised access and misuse. These include, among other things, the issuance of guidelines and training, the use of IT and network security solutions, access controls and restrictions, and the encryption of data storage media and transmissions.

We also use pseudonymisation and regular audits to ensure the security of your data.

You have the following rights in relation to our processing of personal data:

• Right to access the personal data we hold about you, the purpose of processing, the source of the data, and the recipients or categories of recipients to whom the personal data is disclosed
• Right to rectification if your data is incorrect or incomplete
• Right to restrict the processing of your personal data
• Right to request the erasure of processed personal data
• Right to data portability
• Right to object to data processing or to withdraw consent to the processing of personal data at any time without giving reasons
• Right to lodge a complaint with a competent supervisory authority, where provided for by law

To exercise these rights, please contact us at the address provided in the “General Information” section. Please note that we reserve the right to invoke the restrictions provided for by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are permitted to rely on this) or require the data to assert claims. Should any costs be incurred by you, we will inform you in advance.

Within the framework of our business relationship, you must provide the personal data necessary for the establishment and conduct of the business relationship, as well as for the fulfilment of the associated contractual obligations. Without this data, we will not be able to conclude a contract with you – or with the organisation or person you represent – or to execute it.

It is also not possible to use the website if certain details required to ensure data transmission, such as the IP address, are not disclosed.

The information published on the Vibraplast AG website is provided exclusively for personal use and for information purposes. No warranty is given as to the correctness, completeness, accuracy, reliability or timeliness of the information.

Vibraplast AG accepts no liability for any material or immaterial damage arising from the use or non-use of the information on the website. Furthermore, any liability for technical faults and misuse of the connection is excluded.

All offers are non-binding. Vibraplast AG expressly reserves the right to amend, supplement or delete parts of the website or the entire offering, or to suspend publication temporarily or permanently, without prior notice.

The implementation of new technologies or data protection regulations may make it necessary to amend or revise these.

You will be notified of any significant changes to the privacy policy via a message after logging into your user account or by email.

The current privacy policy is available on our website at any time.

Vibraplast AG’s privacy policy and general terms and conditions are governed exclusively by Swiss substantive law, to the exclusion of the conflict-of-law provisions of Switzerland and your place of residence. Unless otherwise required by mandatory statutory provisions, the place of jurisdiction for all disputes arising in connection with these general terms and conditions shall be in Switzerland.