What is this privacy policy about?

Who is responsible for processing your data?

The following company is the "controller", i.e. the entity primarily responsible under data protection law, for data processing in accordance with this privacy policy, unless otherwise communicated in individual cases (e.g. in other privacy policies, on forms or in contracts):

Stöcklin Logistik AG
Wahlenstrasse 161
4242 Laufen
Switzerland

If you are in contact with another Stöcklin Group company, that company may be the data controller for your interaction.

If you have any questions about data protection, you are welcome to contact us at the following address so that we can process your request as quickly as possible:  datenschutz(at)stoecklin.com

What personal data do we process?

We process different categories of personal data depending on the occasion and purpose. The most important categories are listed below, although this list is not exhaustive.

In the case of contractual partners who are companies, we process less personal data because the applicable data protection law only covers the data of natural persons (i.e. people). However, we process data of the contact persons with whom we are in contact, e.g. name, contact details, professional details and details from communication, and details of managers etc. as part of the general information about companies with which we work.

You provide us with much of the data mentioned in this section yourself (e.g. via forms, as part of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases [(e.g. as part of binding protection concepts (legal obligations)]. If you wish to conclude contracts with us or claim services, you must also provide us with data as part of your contractual obligation under the relevant contract, in particular master data and contract data.

If you provide us with data about other persons, such as information about family members or work colleagues, we assume that you are authorized to do so and that this data is correct. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed of this privacy policy (e.g. by a reference to this privacy policy).

Master data
We define master data as the basic data that we require for the processing of our business relationships or for marketing and advertising purposes and that relates directly to your person and characteristics. In particular, we process the following master data:

• Title, surname and first name
• Address, contact details such as e-mail address and telephone and mobile number

If necessary and justified for the respective case, we process:

• Nationality and residence permit status, gender and date of birth
• Further information from identification documents
• Family data (e.g. marital status)
• Information on language preferences
• Information on professional profile and employment (e.g. employment relationship, employer, start of employment) and, if applicable, training
• Information on income and assets (e.g. gross income, rent and assets)
  Information on housing situation
• In the case of contact persons of companies, also relationships with the company you work for
• Customer history

• Authorizations to sign and declarations of consent

   

We generally receive this master data from you yourself, but may also receive it from other people who work for your company, but may also obtain personal data from third parties, e.g. from bodies for which you work or from third parties such as our contractual partners, associations and address dealers and from publicly accessible sources such as public registers or the Internet (websites, social media, etc.).

Contract data
Contract data is information that arises in connection with the conclusion or execution of the contract, e.g. information on contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, information on the conclusion of the contract itself (e.g. on the conclusion date and the subject matter of the contract), as well as the information required or used for processing. We process the following contract data:

• Date, application process, information on the type and duration as well as conditions of the contract in question, data on the termination of the contract
• Contact details and delivery addresses
• Information on the use of services
• Information on payments and payment methods, invoices, mutual claims, contacts with customer service, complaints, defects, returns, information on customer satisfaction, complaints, feedback, etc.

• For services available online, also access data and logins

   

We receive this data from you, but also from partners with whom we work. Again, this data may relate to your company, in which case it is not "personal data", but also to you if you work for a company or if you receive services from us yourself.

Communication data
Communication data is data in connection with our communication with you, e.g. if you contact us via the contact form or other means of communication. Communication data are e.g.

• Name and contact details such as postal address, e-mail address and telephone number
• Content of correspondence (e.g. emails, written correspondence, telephone conversations, chat messages, etc.)
  Responses to customer and satisfaction surveys

• Information on the type, time and possibly place of communication and other peripheral data of the communication.

   

If, in exceptional cases, we record a telephone call or TEAMS call, we will inform you at the beginning of the conversation. If you do not agree to the recording and storage of the call, you also have the option of terminating the call or contacting us via other communication channels.

Technical data
Technical data is collected in connection with the use of our website. This includes, for example, the following data

• IP address of the end device and device ID
• Information about your device, the operating system of your device or language settings
• Information about your internet provider
• content accessed or logs in which the use of our systems is recorded
• Date and time of access to the website and your approximate location
• information on the content and files accessed in the user account
• other information that is generated when using the user account, such as the sending of the access code via push message for logging into your user account via the website

We can also assign an individual code to you or your end device (e.g. using a cookie; see section: What online tracking and online advertising technologies do we use?) This code is stored for a certain period of time, often only during your visit. As a rule, we cannot deduce who you are from technical data, unless you register for the newsletter on our website, for example. In this case, we can link technical data with master data - and thus with your person.

Behavioral data
We try to get to know you better in order to tailor our offers and services to you and your company in the best possible way. To do this, we collect and use data about your behavior. Behavioral data is, in particular, information about your use of our website. It can also be collected on the basis of technical data. This includes, for example, information about your use of electronic communications (e.g. whether and when you have opened an email or clicked on a link, especially when sending newsletters). We may also use your other interactions with us as behavioral data, and we may link behavioral data with other data (e.g. with anonymous data from statistical offices) and evaluate this data on a personal and non-personal basis.

Preference data
Preference data provides us with information about your likely needs and which services might be of interest to you or your company (e.g. when selecting topics for the newsletter). We therefore also process data on your interests and preferences. For this purpose, we can link behavioral data with other data and evaluate this data on a personal and non-personal basis. This allows us to draw conclusions about characteristics, preferences and expected behavior.

Other data
We may also collect data from you in other situations. In connection with official or legal proceedings, for example, data is collected (such as files, evidence, etc.) that may also relate to you. We may receive or produce photos, videos and audio recordings in which you may be recognizable (e.g. at events, through security cameras, etc.). We may also collect data about who enters certain buildings or has access rights to them and when (including during access controls, based on registration data or visitor lists, etc.), who takes part in events or campaigns (e.g. competitions) and when, or who uses our infrastructure and systems and when.

For what purposes do we process your personal data?

We use the personal data we collect primarily to process your orders and to handle our customer relationship. If you have subscribed to our newsletter, we will use your e-mail address to send it to you. In addition, we also process your personal data for other purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose, insofar as this is permitted and appears appropriate to us:

• For communication purposes, i.e. to contact you and maintain contact with you. This includes responding to inquiries and contacting you in the event of queries, e.g. by email. In particular, we process your communication and master data for this purpose.
• For customer care and for marketing purposes, in order to inform you specifically about offers according to your personal interests and preferences, e.g. through the newsletter and personalized advertising. For this purpose, we process technical data, master data, communication data and behavioral data in particular.
• We also process data to improve our services and for product development.
• To ensure IT security and for prevention: We process personal data to monitor the performance of our operations, in particular IT, our website, applications and other platforms, for security purposes, to ensure IT security, to prevent theft, fraud and misuse and for evidence purposes. This includes, for example, the evaluation of system-side recordings of the use of our systems (log data), the prevention, defense and clarification of cyber attacks and malware attacks, analyses and tests of our networks and IT infrastructures, system and error checks.
• To safeguard domiciliary rights and other measures for IT, building and facility security and to protect our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings).
• For legal protection: We may also process personal data in order to enforce claims in court, in or out of court and before authorities in Switzerland and abroad or to defend ourselves against claims. Master data and communication data may be processed for this purpose.
• To comply with legal requirements: This includes, for example, the processing of complaints and other reports, compliance with orders from a court or authority, measures to detect and clarify abuses and generally measures that we are obliged to take under applicable law, self-regulation or industry standards. In particular, we may process your master data and communication data for this purpose.
• For administration and support: In order to make our internal processes efficient, we process data to the extent necessary for IT administration, accounting or data archiving. In particular, we may process communication and behavioral data as well as technical data for this purpose.
• We may also process data for other purposes. These include corporate management, including business organization and corporate development, other internal processes and administrative purposes (e.g. management of master data, accounting and archiving), training and education purposes and the preparation and processing of the purchase and sale of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of personal data, as well as measures for business management and the protection of other legitimate interests.

If we ask for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can withdraw your consent at any time by notifying us in writing.

Which online tracking and online advertising techniques do we use?

We use various technologies on our website with which we and third parties engaged by us can recognize you when you use our website and, in some cases, track you over several visits. The use of such technologies is specially regulated. We will inform you about this in this section.

How and why do we use cookies and similar technologies?

We use third-party services for our website in order to measure and improve the user-friendliness of the website and online advertising campaigns. For this purpose, we may integrate third-party components on our website, which in turn may use cookies. When we track you or use similar technologies, it is essentially so that we can distinguish access by you (via your system) from access by other users so that we can ensure the functionality of the website and carry out statistical evaluations. We do not want to infer your identity. The technologies used are designed in such a way that you are recognized as an individual visitor each time you access a page, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (so-called "cookie").

Cookies are files that your browser automatically saves on your end device when you visit our website. Cookies contain a unique identification number (an ID) that enables us to distinguish individual visitors from others, but generally without identifying them. Depending on the purpose of use, cookies contain further information, e.g. about the pages accessed and the duration of the visit to a page. We use session cookies, which are deleted when the browser is closed, and persistent cookies, which remain stored for a certain period of time after the browser is closed and are used to recognize visitors on subsequent visits.

We use the following types of cookies and similar technologies:

• Necessary cookies: necessary cookies are required for the functionality of the websites, e.g. so that you can switch between pages without losing information entered in a form.
• Performance cookies: These cookies collect information about the use of a website and enable analysis, e.g. which pages are the most popular. They can simplify the visit to a website and improve user-friendliness.
• Functional cookies: Functional cookies enable extended functions and can display personalized content.

• Marketing cookies: Marketing cookies help us and our advertising partners to target you on our websites and on third-party websites with advertisements for products or services that may be of interest to you, or to display our advertisements when you continue to use the internet after visiting our websites.

   

We use cookies for the following purposes in particular

• Personalization of content
• Displaying personalized advertisements and offers
• Displaying advertisements on third-party websites and measuring success, i.e. whether you respond to these advertisements (remarketing)
• Saving settings between your visits
• Determining whether and how we can improve our website
• Collecting statistical data on the number of users and their usage habits and to improve the speed and performance of the website
• We may process your contact details to target you with advertising on third party platforms.

We may also use similar technologies, e.g. LinkedIn Insight tags, pixel tags or fingerprints to store data in the browser. Pixel tags are small, usually invisible images or program code that are loaded by a server and thereby transmit certain information to the server operator, e.g. whether and when the website was visited. Fingerprints are information that is collected when you visit our website via the configuration of your end device or your browser and that make your end device distinguishable from other devices.

How can cookies and similar technologies be deactivated?

When you visit our website, you have the option of activating or deactivating certain categories of cookies. You can configure your browser settings to block certain cookies or similar technologies or to delete existing cookies and other data stored in the browser. You can also add software (so-called "plug-ins") to your browser that blocks tracking by certain third parties. You can find out more about this in the help pages of your browser (usually under the heading "Data protection"). Please note that our website may no longer function to its full extent if you block cookies and similar technologies.

Cookies from partners and third parties on our website

We use third-party services to measure and improve the user-friendliness of the website and online advertising campaigns. Third-party providers may also be located outside Switzerland and the EU/EEA, provided that the protection of your personal data is adequately ensured. For example, we use analysis services so that we can optimize and personalize our website. The relevant third-party providers may record the use of the website for this purpose and combine their recordings with other information from other websites. This allows them to record user behavior across multiple websites and end devices in order to provide us with statistical evaluations on this basis. The providers can also use this information for their own purposes, e.g. for personalized advertising on their own website or other websites. If a user is registered with the provider, the provider can assign the usage data to the person concerned.

Two of the most important third-party providers are Google and YouTube. You can find more information about them in our cookie policy (https://www.stoecklin.com/de-ch/cookie-richtlinie). Other third-party providers generally process personal and other data in a similar way.

Web analysis with Matomo: Our website uses Matomo, an open source web analysis platform, to analyze the behavior of our visitors and to continuously improve our website. We process the data ourselves and do not pass it on to third parties. Matomo is operated on our own server by our hosting service provider in Germany (Mittwald CM Service GmbH & Co. KG). The storage and processing of the analysis data therefore takes place within the European Union. Your IP address is anonymized before storage (by shortening the last two octets) so that no conclusions can be drawn about your person. No personal user profiles are created. Data processing is based on our legitimate interest in improving our website in accordance with: - Art. 6 para. 1 lit. f GDPR (for visitors from the EU) - Art. 31 para. 2 lit. a FADP (CH) (for visitors from Switzerland) You can object to the anonymized data collection by Matomo at any time. In this case, a so-called opt-out cookie is stored in your browser, which prevents future data collection.

You have the option to prevent the actions you take here from being analyzed and linked. This will protect your privacy but will also prevent the site owner from learning from your actions and improving the usability for you and other users.

Meta Pixel, an analytics tool provided by Meta Platforms Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), which allows us to control ads on Meta and Meta's partners so that they are only shown to users who are likely to be interested in the ads. We can also measure the effectiveness of such ads for statistical and market research purposes. We are jointly responsible with Meta for the exchange of data that Meta receives as a result, for the display of personalized ads, the improvement of ad delivery and the personalization of content. The data is stored on servers in the EU/EEA and the U.S. Users can send requests for information and other inquiries directly to Meta. Further information on data protection at Meta and corresponding setting options can be found in our Cookie Policy.

LinkedIn Insight Tag, an analysis tool from LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland). LinkedIn Tag informs us that you have visited our website and also collects your IP address. Timestamps and events such as page views are also stored. This enables us to statistically evaluate your use of our website in order to constantly optimize it. For example, we find out which LinkedIn ad or interaction on LinkedIn brought you to our website. This enables us to better control the display of our advertising. The data is stored on servers in the EU/EEA and the USA. We have configured LinkedIn Insight Tag so that visitors' IP addresses are truncated or hashed before being forwarded to the USA. Please note that LinkedIn can store the data so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes. You can find further information on LinkedIn's data protection and corresponding settings options.

How do we process data in connection with social media?

On our website, we offer you the option of using a "social media plugin" from Facebook, Instagram, LinkedIn, Twitter, etc. to integrate functions from these providers into our websites. These plugins are deactivated by default. As soon as you activate them (e.g. by clicking on the button), the relevant providers can detect that you are on our website. If you have a corresponding account with the social media provider, they can assign this information to you and thus track your use of online offers.

We are generally jointly responsible with the relevant providers for the exchange of data that this provider collects via plugins or comparable functions (but not for the further processing of a provider). Where possible, we have concluded a corresponding additional agreement with the provider. You can address requests for information and other requests from data subjects in connection with joint responsibility directly to the provider concerned.

To whom do we disclose your personal data?

In connection with our processing, we also disclose your personal data to other recipients.

In particular, we may pass on personal data that we receive from you or from third party sources to other companies in the Stöcklin Group (more on this in the section: Who is responsible for processing your data). Disclosure may be for internal Group administration or to support the Group companies concerned and their own processing purposes, e.g. for the personalization of marketing activities or the development and improvement of services.

We then disclose the personal data required for their services to service providers. This applies in particular to IT service providers, but also to consulting companies, analysis service providers, debt collection service providers, credit agencies, marketing service providers, etc. Insofar as service providers process personal data as processors, they are obliged to process personal data exclusively in accordance with our instructions and to take measures to ensure data security.

Data may also be disclosed to other recipients, e.g. to courts and authorities as part of proceedings and statutory duties to provide information and cooperate, to buyers of companies and assets, to financing companies in the case of securitizations and to debt collection agencies.

In individual cases, we may also disclose personal data to other third parties for their own purposes, e.g. if you have given us your consent to do so or if we are legally obliged or entitled to do so.

Do we disclose personal data abroad?

Recipients of data are not only located in Switzerland. This applies in particular to group companies of the Stöcklin Group and certain service providers. These may also be located outside the European Economic Area (EEA) and Switzerland, e.g. in the USA and Mexico, but also in other countries worldwide. We may, for example, transfer data to authorities and other people abroad if we are legally obliged to do so or, for example, in the context of a company sale or legal proceedings. Not all these countries currently guarantee a level of data protection equivalent to Swiss law. We compensate for the lower level of protection through appropriate contracts, in particular the standard contractual clauses issued by the European Commission and recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC).

In certain cases, we may also transfer data without such contracts in accordance with data protection regulations, e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the execution of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.

How long do we process personal data?

We store and process your personal data for as long as it is necessary for the purpose of processing (in the case of contracts, generally for the duration of the contractual relationship), as long as we have a legitimate interest in storing it (e.g. to enforce legal claims, for archiving and/or to ensure IT security) and as long as data is subject to a statutory retention obligation (e.g. a ten-year retention period applies to certain data). If there are no legal or contractual obligations to the contrary, we destroy or anonymize your data at the end of the storage or processing period as part of our normal processes.

As a rule, we store master data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons. In the case of pure marketing and advertising contacts, the period is normally much shorter, usually no more than 2 years from the last contact.

We generally store contract data for 10 years from the last contract activity, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons.

We anonymize or delete your behavioral and preference data when it is no longer meaningful for the purposes pursued, which can be between 2-3 weeks (for movement profiles) and 24 months (for product and service preferences), depending on the type of data. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons].

With regard to cookies, you can find information on the duration of storage under the link "Cookie settings".

What is the legal basis for data processing?

Depending on the circumstances, data processing is only permitted if the applicable law specifically allows it. This does not apply under the Swiss Data Protection Act, but under the GDPR, for example, insofar as it applies. In this case, we base the processing of your personal data on the following legal bases

on your consent (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR);

1. The processing is necessary for the performance of a contract or pre-contractual measures (e.g. the examination of a contract application; Art. 6 para. 1 lit. b GDPR);
2. The processing is necessary for the establishment, exercise or defense of legal claims or civil proceedings (Art. 6 para. 1 lit. f and Art. 9 para. 2 lit. f GDPR)
3. The processing is necessary for compliance with domestic or foreign legal provisions (Art. 6 para. 1 lit. c and lit. f; Art. 9 para. 2 lit. g GDPR)
4. The processing is necessary for a legitimate interest in data processing, in particular the interests mentioned in section 4 (Art. 6 para. 1 lit. f GDPR).

How do we protect your data?

We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, unintentional modification, unwanted disclosure or unauthorized access. However, security risks cannot generally be completely ruled out; residual risks are unavoidable.