With this privacy policy we hereby inform you as to which data we are processing, why we need the data and how you can object to the data processing. It is possible that other data protection policies, General Terms and Conditions, Conditions of Participation or similar documents are applicable to specific circumstances. Processing of personal data in this privacy policy shall mean any use or operation performed on your personal data. This specifically includes, but is not limited to, data collection, recording, application, adaption, use, erasure, etc.

If you provide us with personal data of other people (for example family members or colleagues), please ensure these people are made aware of the current privacy policy and only provide us with their personal data if you are entitled to do so and, if required, with the permission of the individual. Please only provide us with personal data you know to be true and accurate.

1. Why do we collect Personal Data?

Primarily, we process personal data that we obtain from our customers, other business partners and other involved individuals in the context of our business connections, or we collect it from users who access our websites, Apps and other applications. All data processing is only carried out for specific purposes. Such purposes can, for example, arise out of technical needs, contractual requirements, legal provisions, overriding private or public interests or your explicit consent. Essentially, we collect data to conclude and fulfil our contracts with our customers and business partners. Furthermore, your personal data may be collected in connection with the regular management of our company, in particular the administration of customer relations, the supply of services and products, order and contract handlings, sales and invoices, the reply to questions and concerns, information about our products and services, marketing and technical support, as well as the evaluation and development of services and products.

In addition, insofar as permitted by law or contract and where appropriate, we may process personal data from you and third parties for the following purposes, which are in our (or, as the case may be, any third parties') legitimate interest, such as:

• Providing and developing our products, services and websites, apps and other platforms, on which we are active;
• Communication with third parties and processing of their requests (for example job applications, media queries);
• Review and optimization of procedures regarding needs assessment for the purpose of direct customer approach as well as obtaining personal data from publicly accessible sources for customer acquisition;
• Advertising and marketing (including organizing events) provided that you did not object to the use of your data (if you are part of our customer base and you receive our advertisement, you may object at any time and we will place you on a blacklist against further advertising mailings);
• Market and opinion research, media surveillance (cf. no. 3 below);
• Asserting legal claims and defense in legal disputes and official proceedings;
• Prevention and investigation of criminal offences and other misconduct (such as implementation of internal investigations, data analysis for fraud abatement);
• ensuring our operation, including our IT, our websites, apps and other appliances;
• Acquisition and sale of business domains, companies or parts of companies and other transactions under company law and the connected transfer of personal data, as well as measures for business management and compliance with legal and regulatory obligations as well as internal regulations of Essemtec AG;

2. What Data is collected?

Due to contractual, project management and technological reasons we need personal data for the ordering and purchase of certain services as well as products required to carry out our services and to conduct associated contractual relationships to their conclusion.

In case of Purchase of services we collect i.a. the following data:

• Gender, name
• Postal address, IP address, e-mail address
• Company position

Apart from data you provided to us directly, categories of data we receive about you from third parties include, but are not limited to: data received in connection with administrative or court proceedings, information in connection with your professional role and activities (e.g., in order to conclude and carry out contracts with your employer), information about you in correspondence and discussions with third parties, credit rating information (if we conduct business activities with you personally), information about you given to us by individuals associated with you (family, consultants, legal representatives, etc.) in order to conclude or process contracts with you or with your involvement (e.g. references, your delivery-address, powers of attorney), information regarding legal regulations such as anti-money laundering and export restrictions, bank details, information regarding insurances, our distributors and other business partners for the purpose of ordering or delivering services to you or by you (e.g., payments made, previous purchases), information about you found in the media or internet (insofar as indicated in the specific case, e.g. in connection with job applications, media reviews, marketing/sales, etc.), your address and any interests and other socio-demographic data (for marketing purposes), data in connection with your use of our websites (e.g., IP address, MAC address of your smartphone or computers, information regarding your device and settings, cookies, date and time of your visit, sites and content retrieved, applications used, referring website, localization data).

If you have given us your consent to process your personal data for certain purposes (for example when registering to receive newsletters or carrying out a background check), we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.

3. What Data is processed in Connection with Marketing?

Insofar as you do not object, we use your customer data (such as name, gender, date of birth, address, customer number, e-mail address) and contact data for marketing purposes.

We analyse your data to indicate your preferences in order to provide you with customized information and offers (by e-mail).

When receiving this information and offers for marketing purposes you will always have the possibility to unsubscribe from all further messages. That is why, for example, all e-mails have a one click unsubscribe for further messages.

4. What Data is processed when using our Website?

In general you can visit our Websites without providing any personal data. When you visit our Websites our servers temporarily saves all accesses in a log file. The following technical data is captured and is saved until the automated deletion, which will occur after a maximum of seven months:

• IP address of the enquiring computer
• Date and time of the access
• Website from where the access had taken place, when indicated with the used search term
• Name and URL of the recalled file
• Conducted search enquires (timetable, general search function on the Website, products, etc.)
• The operating system of your computer (provided by the user agent)
• Browsers you used (provided by the user agent)
• Model (in case of an access through mobile phones)
• User transfer protocol

The collection and processing of this data enables us to secure and stabilise the system, conduct error and performance analysis, as well as for internal statistical purposes. It also allows us to optimise our online services.

Furthermore the IP address is used for the language default settings. In addition, it is analysed together with other data, for the investigation and defence in case of an attack on the net infrastructure or other unauthorised or abusive use of the Website, and can be used for the civil or criminal proceedings against the respective users.

Finally, we also use cookies, as well as applications and tools that are based on the application of cookies. You will find detailed information on this further below in this privacy policy.

5. What are Cookies and when are they applied?

We apply typical “cookies” and comparable techniques on our websites and Apps to identify your browser or device. A cookie is a small text file that is sent to your computer and automatically saved by the web browser on your computer or mobile device, when you visit or use our Websites. Cookies save certain settings from your browser and data regarding the exchange between the Website and your browser. An identification number can be assigned when activating a cookie to identify your browser and to use the data contained in the cookie.

With the use of our websites, Apps and with the consent to receive newsletters and other marketing e-mails, you accept the application of such techniques. You can configure your browser in order to receive a warning on the screen before a cookie is saved. You can renounce the use of personal cookies; in this case certain services cannot be used.

6. How are Tracking Tools applied?

For the purpose of a demand-oriented layout and the continuous improvement of our Websites, Apps and e-mails we use web analysis services from AT Internet, Google Analytics and other third parties.

Pseudonym profiles of use are created in connection with our Websites and small text files saved on your computer are applied (see above “What are cookies and when are they applied?”). The information cookies generate in the use of this Website is transmitted to the servers of these service providers and is saved there and processed for us. In addition to the data listed above (see “What data are processed when using our website?”) we also receive the following information:

• The navigation path a visitor takes on the Website
• Amount of time spent on the main Website or subsites
• Subsites from which the Website is left
• Country, region or city from where the Website is accessed
• Terminal (type, version, colour depth, resolution, width and height of the browser window)
• Recurrent or new visitor

The information is used to analyse the utilisation of the Website. Please note: The processing of your personal data through service providers such as Google Analytics is solely the responsibility of the service provider under its own data protection regulations. The service provider tells us only how our website is used (without any of your personal data).

We use e-mail marketing services from third parties when we send e-mails. That is why our e-mails may contain a so-called web beacon (counting pixels) or similar technical tools. A web beacon is 1x1 pixel size transparent graphic linked to the user ID of the particular e-mail subscriber.

The feedback from these services enables the analysis of whether our e-mails have been opened. Furthermore, the click behaviour can be charted and analysed. We use this data for statistical purposes and for improving the content of our messages. This enables us to better align our information and offers in our e-mails with the individual interests of the particular receiver. The counting pixel is deleted when you delete the e-mail.

To stop the application of web beacons in our e-mails ensure in your e-mail programme settings that no HTML is displayed in the messages.

Below you will learn more about our most important tracking tools.

7. Google Analytics

Provider of Google Analytics is Google Inc., an enterprise of the holding company Alphabet Inc. based in the USA. The anonymised IP address that Google Analytics transmits from your browser is not consolidated with other data from Google. Only in exceptional cases is the full IP address transmitted to a server of Google in the USA and is reduced there. According to Google Inc. the IP address is not linked to other data concerning the user. On the Website of Google Analytics you can find further information about the user web analysis service. You can find instructions on how you can stop the processing of your data through a web analysis service under:

https://tools.google.com/dlpage/gaoptout?hl=en-GB

8. What are Social Plugins and how are they applied?

Our Websites use social plugins such as Youtube. The plugins are marked with the provider logo and are, for example, “Like” buttons.

When you open our Websites that contain plugins, the provider receives information, via the plugin, that you have selected our Website. While at the same time you are logged in to the provider itself the provider may attach the visit to your profile. All the time you interact with the plugins the corresponding information is transmitted directly to the provider and is saved there.

If you do not want the provider to collect data about you then choose “block cookies from third party providers” in your browser settings. In this case, if there is embedded content, the browser will not send any information to the server of the provider. But with this setting certain content on our Websites may not work. The processing of your personal data is carried out under the sole responsibility of these social media providers according to their data protection regulations. We receive no data about you from these providers.

9. Display of Advertisements

We contract third party providers (Ad servers) to place advertisements on our Website and in our Apps. Each time a user visits our Website and/or Apps an enquiry is sent to the Ad server when the site opens. In order that advertisements about products and services that you might be interested in, or that are of higher relevance for you, can be displayed we transmit the following information to the Ad server for each enquiry:

• Profile data (age, domicile and gender)
• Travel data (place, time, date and weekday of departure, place, time date and weekday of arrival, travel class)
• Approximate GPS coordinates
• Unique User ID (for the application of advertisement frequencies, post click tracking and cookie targeting)
• IP address (hashed appendix in the Ad server)
• Browser and operating system information
• Device manufacturer and model

For each ad-hoc enquiry the Ad server checks if a suitable campaign is available and subsequently delivers either specific, non-specific or no advertisements by the random principle and according to capacity. No history data is collected, nor are names, phone number or e-mails passed down. The information listed above is never transmitted to the advertising customer, but is exclusively used for the one time delivery of advertisements and is not saved for a later utilisation. In the settings of the Apps, you may control the display of advertisements under “further settings”

10. Contact Form

You have the option to use a contact form to get in contact with us. In doing so the entry of certain personal data is compulsory (marked in the form). By sending the contact form you accept our privacy policy and you agree to the way we process your personal data.

We use data such as title, address, phone number and company only to be able to reply to your contact request in the best personalised way possible.

11. How long is your Data stored for?

Your data is deleted as soon as it is no longer required for the fulfilment of the purpose it has been collected for (for example in the range of a contractual relationship). Personal data may be retained for the period during which claims can be asserted against our company or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes). Personal data is blocked instead of deleted, if legal or actual impediments conflict the deletion (for example the legal obligation to retain data).

12. What Rights do you have regarding your Personal Data?

Regarding your personal data you have the following rights:

• You can request information about your saved personal data
• You can request corrections, amendments, blocking or deletion of your personal data
• You have the right to object to our data processing and to the release of certain personal data in order to transmit them to another place (so called data portability). But please note we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims.
• If you have installed a customer account you can delete it or allow it to be deleted.
• You can opt-out of the use of your data for marketing purposes.
• You may withdraw consent you have already given to us at any time.

Please note that the exercise of these rights may conflict with contractual agreements and this may have an impact on you, such as the premature termination of the contract or associated costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon.

To exercise your rights please send a letter by mail to:

Essemtec AG
Data protection officer
Mosenstrasse 20
6287 Aesch/LU
Switzerland

Or e-mail to: privacy@essemtec.com

13. Obligation to provide Personal Data

In the context of our business relationship you must provide us with any personal data that is necessary for the conclusion and performance of a business relationship and the performance of our contractual obligations (as a rule, there is no statutory requirement to provide us with data). Without this information, we will usually not be able to enter into or carry out a contract with you (or the entity or person you represent). In addition, the website cannot be used unless certain information is disclosed to enable data traffic (e.g. IP address).

14. Is your Data transferred to third Parties?

No transfer, sale or any other transmission of your personal data will be carried out to any third parties, unless it is necessary for the contract processing, or you have expressly agreed to this.

15. Is your Personal Data transferred abroad?

In the context of our business activities and in line with the purposes of the data processing set out in section 1, we may transfer data to third parties abroad, insofar as such a transfer is permitted and we deem it appropriate (for example to external service providers). They are bound to the compliance of the Data Protection Laws in the same extent as we are. If the data protection standards do not comply with the Swiss standards, we will ensure, at any time, that the protection of your personal data complies with the Swiss standards.

Alternatively, we rely on the statutory exceptions of consent, performance of contracts, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the persons concerned.

16. Data Security

We have taken appropriate technical and organizational security measures to protect the saved personal data against manipulation, partial or whole loss and unauthorised access by third parties. Our security procedures are continually improved in accordance with technological developments.

We take internal data protection very seriously as well. Our employees and external service providers that we have commissioned are committed to secrecy and compliance with all data protection regulations.

We take appropriate precautions to protect your data. However, the transmission of information over the internet and other electronic means always holds certain safety risks and we cannot guarantee the safety of information that is transmitted this way.

17. Modification of this Privacy Policy

We reserve the right to modify and complement this statement anytime and at our own discretion. Please consult this statement regularly.

Last update: July 2018