We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for Avantama AG ("Avantama" or "we/us/our"). The use of this website https://avantama.com ("Website") is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary.
The processing of personal data shall always be in line with the General Data Protection Regulation ("GDPR"), and in accordance with the country-specific data protection regulations applicable to Avantama (in particular with the Swiss Data Protection Act, as revised from time to time, ("DPA")). By means of this data protection declaration ("Policy"), our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
When you provide personal data to us, we may use it for any purposes described in this Policy or as stated at the point of collection, or as obvious from the context of collection.
In this data protection declaration, we use, inter alia, the following terms:
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Personal data means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to us via the Website, e.g. your name, address, e-mail address, IP address, etc. This definition shall, where applicable, incorporate the definitions provided in the DPA or the GDPR.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Swiss law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
2. RIGHTS OF THE DATA SUBJECT
(a) As a data subject, you have the following rights under the DPA and/or GDPR:
- The right to be informed about our collection and use of personal data;
- The right of access to the personal data we hold about you (see section 3);
- The right to rectification if any personal data we hold about you is inaccurate or incomplete (please contact us using the details in section 11);
- The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you;
- The right to restrict (i.e. prevent) the processing of your personal data;
- The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
- The right to object to us using your personal data for particular purposes; and
- Rights with respect to automated decision making and profiling.
(b) If you have any cause for complaint about our use of your personal data, please contact us using the details provided in section 11 and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Officer ("FDPIC") and/or any competent EU supervisory authority (as the case may be).
3. WHAT DATA DO WE COLLECT AND HOW DO WE USE YOUR DATA?
3.1. Contact form
(a) If you contact us (e.g. via our contact form), we may collect the following types of personal data
- contact details: first and last name, gender, e-mail address, address, telephone numbers, position, associated company/office;
- subject matter of your message.
(b) We may use such personal data as follows:
- to reply to your email;
- to reply to any other request submitted by you.
3.2. Business Partners
(a) We also collect and maintain personal data of clients, suppliers, and other business partners and of people who work for them, or of people who provide us with business cards or other contact information, of contractors, and investors. The types of personal data that we collect may be:
- contact details: first and last name, gender, e-mail address, address, telephone numbers, position, associated company/office;
- payment information: credit card, banking or financial details;
- any other information that we are provided with.
(b) We may use such personal data as follows:
- to provide products and services, programs, and maintain customer relationships;
- to perform our obligations under a contract with you or the company you work for;
- to contact you with information, product updates, and for marketing and analytics purposes;
- to improve the quality, safety, and security of our products and services;
- to satisfy any legal and regulatory obligations to which we are subject; and
- to complete any other processing that you have requested from us or that you have agreed to.
(c) In the event a consent was given, you have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.
3.3. Job Applicants
(a) As part of the recruitment process, Avantama may collect the following personal data (whether such information is provided by the applicant or a third party):
- contact details, CV or résumé, application form details, national social insurance or other identification number, qualification certificates, training certificates, licenses, passport or permission to work documentation, references from former employer(s);
- if permitted by law and to the extent necessary, health details;
- information relating to criminal records or financial probity checks or other independent searches (so-called background screening) (and where Avantama does the applicants will be asked to consent to such collection and use before Avantama undertakes the search) that Avantama undertake to assess the applicant's suitability for the position applied for;
- materials produced during the course of the recruitment processing, including any video and presentations the applicant provide Avantama for the purposes of a recruitment assessment and any contemporaneous interview notes (whether made by the applicant or the interviewer, about the applicant).
(b) Avantama may obtain personal data from the applicant or from third parties such as Avantama's business partners, employment agencies, past employers, educational institutions, credit reference agencies, other background check organisations, sanctions and politically exposed person screening lists or public registers.
(c) If the applicant is a former employee of Avantama, the applicant agrees to the usage of any available employmentrelated records held by Avantama for the purpose of processing the application for employment.
(d) We may use such personal data as follows:
- assessing the applicant's suitability for the advertised role or other potential vacancies within Avantama;
- preparing for the on-boarding, such as, reference checking, background screening and employment contract preparation;
- complying with Avantama's legal obligations, such as assisting with proceedings or investigations anywhere in the world as required by public authorities, law enforcement agencies and regulators.
(e) This processing is a necessary precondition of entering into any future contract with the applicant, should the application be successful). If the applicant is unable to provide Avantama with the information requested, Avantama may be unable to assess appropriateness for the job applied for, or to communicate with the applicant, or offer the applicant a role. If the job application is successful in securing a job with Avantama and once an employment contract has been entered into, the personal data of the applicant will be processed in accordance with the privacy provisions of the employment contract and other Avantama directives.
3.4. Use of Website
(a) Our Website collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files and may be
- the browser types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system reaches our website (so-called referrers),
- the sub-websites,
- the date and time of access to the Internet site,
- an Internet protocol address (IP address),
- the Internet service provider of the accessing system, and
- any other similar data and information that may be used in the event of attacks on our information technology systems.
(b) When using these general data and information, Avantama does not draw any conclusions about the data subject. Rather, this information is needed to
- deliver the content of our website correctly,
- optimize the content of our website as well as its advertisement,
- ensure the long-term viability of our information technology systems and website technology, and
- provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
(c) Therefore, Avantama analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
4. LEGAL BASIS FOR THE PROCESSING
(a) For our processing operations we rely on the following legal basis:
- You have given your consent to the processing of your data for one or more specific purposes. In the event a consent was given, you have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.
- The processing is necessary for the performance of a contract to which you are a party or necessary for carrying out pre-contractual measures.
- The processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such legitimate interests may be to carry out our business in favor of the well-being of all our employees and the shareholders; to interact with clients, suppliers, and other business partners and with people who work with or for them; to effectively deliver products, services, or information to you or the company you work for; to operate our business in effective and lawful way (provided this does not interfere with your rights); or to interact with employees or job applicants.
- The processing is necessary in order for us to comply with our legal obligations.
- In rare cases, if the processing is necessary in order to protect your vital interests of you or of another natural person.
(b) We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded.
(a) Cookies are text files that are stored in a computer system via an Internet browser.
(c) By using this Website, you may also receive certain third party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than us. Third party Cookies are used on this Website. For more details, please see below Section 10.
5.2. Consent and Control
(b) In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
6. STORAGE OF PERSONAL DATA
(a) We will retain your personal data on our systems only for as long as we need it, given the purposes for which it was collected, or as required to do so by law. We keep contact information (such as mailing lists information) until a user unsubscribes or requests that we delete that information. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honor your request. We dispose resumes when they are no longer under consideration, unless you consent that your information is stored to alert you of future job vacancies that might be of interest to you.
(b) As the controller, Avantama has implemented numerous technical and organizational measures to protect personal data from loss, misuse, alteration or destruction. Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to or by us. Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
7. SHARING AND CROSS-BORDER TRANSFER OF PERSONAL DATA
(a) We may transfer or disclose personal data we collect to our affiliates and to their third party contractors or subcontractors, such as WordPress, WooCommerce or PwC. We may also transfer personal data to third party service providers who may use their own third party subcontractors.
(b) When we transfer personal data, we do so for the purposes for which it has been submitted or as outlined in this Policy. We may transfer personal data across geographical borders and store personal data in a country other than where you are based. These countries are the EU countries and Switzerland. We do not transfer personal data to affiliates or third party providers unless they are bound to maintain appropriate security and confidentiality levels, to process the personal information only as instructed by us, and to pass on those same obligations down to their sub-processors. If a recipient of personal data is located in a country that does not have an adequate data protection level, we implement standard contractual clauses, conduct a ‘Transfer Impact Assessment’ to verify the risks associated with the relevant transfer, and implement other mechanisms, such as supplementary measures, to provide adequate protection for the transfer of this personal data.
(c) We do not sell personal data to third parties.
8. NO AUTOMATED DECISION-MAKING
We do not use automatic decision-making or profiling.
9. THIRD PARTY SERVICES, APPLICATIONS AND WEBSITES
9.1. Application and use of Facebook
On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.
A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.
If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the "Like" button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.
Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.
The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.
9.2. Application and use of Google Analytics (with anonymization function)
On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
For the web analytics through Google Analytics the controller uses the application "_gat. _anonymizeIp". By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
9.3. Application and use of LinkedIn
The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. Over 400 million registered people in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a LinkedIn component (LinkedIn plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding LinkedIn component of LinkedIn. Further information about the LinkedIn plug-in may be accessed under https://developer.linkedin.com/plugins. During the course of this technical procedure, LinkedIn gains knowledge of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in at the same time on LinkedIn, LinkedIn detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the LinkedIn component and associated with the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated on our website, then LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores the personal data.
LinkedIn receives information via the LinkedIn component that the data subject has visited our website, provided that the data subject is logged in at LinkedIn at the time of the call-up to our website. This occurs regardless of whether the person clicks on the LinkedIn button or not. If such a transmission of information to LinkedIn is not desirable for the data subject, then he or she may prevent this by logging off from their LinkedIn account before a call-up to our website is made.
9.4. Application and use of Twitter
On this website, the controller has integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called ‘tweets,’ e.g. short messages. These short messages are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user's tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Twitter component (Twitter button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Twitter component of Twitter. Further information about the Twitter buttons is available under https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our website was visited by the data subject. The purpose of the integration of the Twitter component is a retransmission of the contents of this website to allow our users to introduce this web page to the digital world and increase our visitor numbers.
If the data subject is logged in at the same time on Twitter, Twitter detects with every call-up to our website by the data subject and for the entire duration of their stay on our Internet site which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Twitter component and associated with the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our website, then Twitter assigns this information to the personal Twitter user account of the data subject and stores the personal data.
Twitter receives information via the Twitter component that the data subject has visited our website, provided that the data subject is logged in on Twitter at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made.
The applicable data protection provisions of Twitter may be accessed under https://twitter.com/privacy?lang=en.
9.5. Application and use of YouTube
On this website, the controller has integrated components of YouTube. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.
YouTube's data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
10. ACCESS TO YOUR PERSONAL DATA AND CONTACT
(a) You have the right to ask for a copy of any of your personal data held by us (where such data is held). Please contact us for more details at firstname.lastname@example.org.
(b) If you have any questions about the Website or this Policy, please contact us by email at email@example.com. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.
11. CHANGES TO OUR POLICY
We may change this Policy from time to time (for example, if the law changes). Any changes will be immediately posted on the Website and you will be deemed to have accepted the terms of the Policy on your first use of the Website following the alterations. We recommend that you check this page regularly to keep up-to-date.