Privacy Policy of DUAP AG

Version of 24.05.2018

In this privacy statement, we explain that DUAP AG (hereinafter referred to as DUAP AG, us or ourselves) determines how we collect and otherwise process personal information. This is not an exhaustive description; if applicable, other privacy statements [or general terms and conditions, terms and conditions of participation and similar documents] govern specific matters. Personal data means all information relating to a specific or identifiable person.
If you provide us with other persons’ personal information (such as family members, coworker data), please ensure that these individuals are aware of this Privacy Policy and only provide us with their personal information if you are permitted to do so and if that personal information is accurate.
This privacy policy is based on the EU General Data Protection Regulation (DSGVO). Although the GDPR is a regulation of the European Union, it is important to us. The Swiss Data Protection Act (DSG) is strongly influenced by EU law, and companies outside the European Union or the EEA have to comply with the GDPR in certain circumstances.

1. Responsible / Data Protection Officer / Representative

Data Protection Officer according to Art. 37 GDPR:
Responsible for the data processing, which we describe here, is the company DUAP AG, Waldgasse 19, CH-3360 Herzogenbuchsee. If you have data protection concerns, you can contact us at the following address:
DUAP AG
Mr. Roberto De Bastiani
Waldgasse 19
CH-3360 Herzogenbuchsee
Tel. +41 62 956 55 55
Fax. +41 62 956 55 47
E-mail: roberto.debastiani@duap.ch

2. Collection and processing of personal data

We primarily process the personal information that we receive through our business relationship with our customers and other business partners from these and other individuals involved, or that we collect when using our websites, apps, and other applications from their users.
To the extent permitted, we also derive or obtain certain data from publicly available sources (such as debt collection registers, land registers, commercial registers, press, internet) from other companies within DUAP AG, government agencies and other third parties (such as credit reporting agencies or agencies). In addition to the information you provide directly to us, the categories of personal information we receive about you from third parties, including, but not limited to, information from public registers, information we receive in connection with regulatory and judicial procedures, include information relating to you professional functions and activities (so that we can conclude and handle business with your employer, for example), information about you in correspondence and meetings with third parties, creditworthiness information (as far as we handle business with you personally), information about you, us persons Give your environment (family, consultants, legal representatives, etc.) so that we can conclude or handle contracts with you or with you (eg references, your address for deliveries, authorizations, information on compliance with legal requirements such as money laundering and export restrictions , Information from banks, insurance, V sales and other contractual partners from us for the use or provision of services by you (e.g. payments made, purchases made), information from the media and the Internet about you (as far as indicated in the specific case, eg in the context of an application, press review, marketing / sales, etc.), your addresses and any interests and other sociodemographic data (for marketing), data related to the use of the website (eg IP address, MAC address of the smartphone or computer, details of your device and settings, cookies, date and time of visit, pages accessed and content, features used, referring website, location information).

3. Purposes of data processing and legal bases

We use the personal data collected by us primarily to conclude and execute our contracts with our customers and business partners, in particular in the field of injection and precision engineering with our customers and the purchase of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations at home and abroad. Of course, if you work for such a customer or business partner, you may also be affected by your personal data in this function.
In addition, we process personal data of you and other persons, as far as permitted and appear appropriate to us, for the following purposes in which we (and sometimes also third parties) have a legitimate interest in the purpose:
• Offer and further develop our offers, services and websites, apps and other platforms in which we are present;
• communicating with third parties and handling their requests (e.g., applications, media inquiries);
• Reviewing and optimizing requirements analysis procedures for direct customer approach and collecting personal data from publicly available sources for customer acquisition purposes;
• Advertising and marketing (including conduct of events), as long as you have not objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time, then we put you on a blacklist against further advertising mail) ;
• market and opinion research, media observation;
• asserting legal claims and defense in connection with legal disputes and regulatory proceedings;
• prevention and investigation of criminal offenses and other misconduct (eg conducting internal investigations, data analysis to combat fraud);
• warranties of our operations, in particular IT, our websites, apps and other platforms;
• video surveillance to safeguard the rights of the house and other measures for IT, building and facility security and protection of our employees and other persons and our belonging or entrusted values ​​(such as access controls, visitor lists, network and mail scanners, telephone records);
• Purchase and sale of business units, companies or parts of companies and other corporate transactions and, as a result, the transfer of personal data as well as measures for business control and, to that extent, compliance with legal and regulatory obligations as well as internal regulations of DUAP AG.

If you have given us permission to process your personal data for specific purposes (for example, when you register to receive newsletters or conduct a background check), we process your personal data within the framework of and on the basis of this consent, unless we have another legal basis and we need one. A given consent can be withdrawn at any time, but this has no effect on already processed data.

4. Cookies / Tracking and other technologies related to the use of our website

We typically use “cookies” and similar techniques on our websites and apps to identify your browser or device. A cookie is a small file that is sent to your computer or automatically saved to your computer or mobile device by the web browser you use when you visit our website or install the app. If you visit this website again or use our app, we can recognize you, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after your visit to the website (“session cookies”), cookies can also be used to store user settings and other information over a certain period of time (eg two years) (“permanent cookies “). However, you can set your browser to reject cookies, save them for one session only, or otherwise delete them prematurely. Most browsers are pre-set to accept cookies. We use persistent cookies to better understand how you use our offerings and content, and to enable us to display tailored offers and advertisements for you (which may happen on other companies’ websites, but they will not know who we are) They are, if we even know that, because they only see that the same user is on their website, who was also on a particular page with us). Some of the cookies are set by us, and some by contractors with whom we work. If you disable cookies, certain features (such as language selection, shopping cart, order process) may no longer work.
By using our websites, apps and agreeing to receive newsletters and other marketing emails, you agree to the use of these techniques. If you do not want this, then you must set your browser or your e-mail program accordingly, or uninstall the app, if this can not be adjusted via the settings.

We sometimes use Google Analytics or similar services on our websites. This is a third party service that may be located in any country in the world (in the case of Google Analytics, it is Google LLC in the US, www.google.com) that we use to measure the use of the website (non-personally identifiable) and can evaluate. For this purpose, permanent cookies are also used, set by the service provider. The service provider will not receive any personal information from us (and will not retain any IP addresses), but may track your use of the website, combining this information with data from other websites you have visited and also being tracked by service providers, and these findings for own purposes (eg control of advertising) use. As far as you have registered yourself with the service provider, the service provider knows you too. The processing of your personal data by the service provider is then the responsibility of the service provider according to its privacy policy. The service provider only tells us how our respective website is used (no information about you personally).
Social media plug-ins:
We can also use plug-ins from social networks such as Facebook, Twitter, Youtube, Google+, LinkedIn, Pinterest or Instagram on our websites. If we use such plug-ins, this will be obvious to you, typically with corresponding symbols. We have configured these items to be disabled by default. By activating them (by clicking on them), the operators of the respective social networks can register that you are on our website and where and can use this information for their own purposes. The processing of your personal data takes place in the responsibility of this operator according to its privacy policy. We do not receive any information from you about him.

5. Data transfer and data transmission abroad

As part of our business activities and the purposes stated in prov. 3, as far as permitted and as we see fit, also known to third parties, either because they work on them for us, either because they want to use them for their own purposes. These are in particular the following places:
• Service providers of ours (within the DUAP AG group and externally, such as banks, insurance companies), including order processors (such as IT providers);
• dealers, suppliers, subcontractors and other business partners;
• Customer;
• domestic and foreign authorities, authorities or courts;
• Media;
• public, including visitors to websites and social media;
• Competitors, industry organizations, associations, organizations and other bodies;
• acquirer or prospective buyer of business units, companies or other parts of the DUAP AG Group;
• other parties in possible or actual legal proceedings;
• Other companies of the DUAP AG Group;
all common recipients.
These receivers are partly domestic, but can be anywhere on earth. In particular, you must count on the transmission of your data to all countries in which DUAP AG is represented by group companies, branches or other offices (USA, Ecuador, Italy, Russia) as well as in other European countries and the USA, where ours used service providers (such as Microsoft, IN: ERP, Google, Amazon, etc.). If we transfer data to a country without adequate legal data protection, we provide as required by law by means of appropriate contracts (namely based on the so-called standard contractual clauses of the European Commission, which are available here and here) or so-called Binding Corporate Rules for an appropriate level of protection or rely on the statutory exceptions of consent, contract performance, determination, exercise, or enforcement of any legal claim, overriding public interest, personal information published, or necessary to protect the integrity of the data subjects. You can always at the under no. 1 contact person to obtain a copy of the contractual warranties mentioned above, if not available at the link provided above. However, we reserve the right to blacken copies for reasons of data protection or secrecy, or to deliver them only in part.

6. Duration of storage of personal data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise for the purposes pursued by the processing, i. E. For example, for the duration of the entire business relationship (from the initiation, execution to the termination of a contract) as well as in accordance with the statutory retention and documentation obligations. It may be that Personal Information is held for the time that claims can be asserted against our Company and to the extent that we are otherwise required by law or legitimate business interests so require (for example, for evidence and documentation purposes up to 10 years).

7. Data security

We take reasonable technical and organizational precautions to protect your personal information from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of media and communications, controls, etc.

8. Duty to provide personal information

As part of our business relationship, you must provide the personal information necessary to enter into, conduct, and perform any contractual obligations (you do not normally have a legal obligation to provide us with information). Without this information, we will generally be unable to conclude or execute a contract with you (or the entity or person you represent). Also, the website can not be used if certain data traffic security information (such as IP address) is not disclosed.

9. Profiling [and Automated Decision Making]

We process your personal data partly automated with the aim to evaluate certain personal aspects (profiling). In particular, we use profiling to provide you with targeted information and advice on products. We use evaluation tools that enable us to communicate and advertise as required, including market and opinion research.
In principle, we do not use fully automated automatic decision-making for the establishment and implementation of the business relationship and otherwise (as regulated in Art. 22 DSGVO). If we use such procedures in individual cases, we will inform you about this separately, provided that this is prescribed by law and you clarify the related rights.

10. Rights of the data subject

You have the right to access, rectification, deletion, the right to restrict the processing of data and otherwise to object to our data processing and to the disclosure of certain personal data for the purpose of transmission under the applicable data protection law and insofar as provided therein (as in the case of the DSGVO) to another place (so-called data portability). Please note, however, that we reserve the right to enforce the statutory restrictions on our part, for example if we are obliged to retain or process certain data, if they have a predominant interest (as far as we are entitled to rely on it) or if they seek the assertion of Need claims. If you incur costs, we will inform you in advance. We have already discussed the possibility of revoking your consent in para. 3 informed. Note that the exercise of these rights may conflict with contractual arrangements and may have consequences such as may have premature termination of the contract or cost implications. We will inform you in advance if this is not already contractually agreed.
The exercise of such rights usually requires that you clearly prove your identity (for example, by providing a copy of your ID where your identity is otherwise unclear or can be verified). To assert your rights, you can contact us at the address given in section 1.
Each data subject also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

11. Changes

We may amend this Privacy Policy at any time without notice. The current version published on our website applies. If the Privacy Policy is part of an agreement with you, we will, in the event of an update, notify you of the change by e-mail or by other appropriate means.