Privacy Statement/Notice Noventa Group
Version dated 25/09/2018
We will use this Privacy Statement to explain how companies belonging to the Noventa Group (Noventa Group AG, Noventa AG, Noventa (Thailand) Co., Ltd.; Noventa Romania S.R.L., Noventa Tooling AG, Noventa Consulting AG), referred to in the following as we), collect and otherwise process your personal data. This description is not final; other privacy statements, terms and conditions, terms of participation and similar documents may add provisions for specific circumstances.
We undertake to manage your personal data conscientiously. It is therefore self-evident to us that we will adhere to the legal obligations of the Swiss Federal Act on Data Protection (DSG), the Ordinance to the Federal Act on Data Protection (VDSG), the Telecommunications Act (FMG) and other provisions of data protection law in Switzerland. Moreover, we will adhere to the provisions of the EU General Data Protection Regulation (GDPR) with regard to the processing of personal data of data subjects located in the EU.
We are therefore obliged to inform you which personal data is collected or used. In the following Privacy Statement, we will inform you of what we do with your personal data and how you can establish contact with us.
1. Controller/data protection officer
The controller within the meaning of the GDPR and other national data protection laws in the member states of the European Union and other data protection regulations is:
Noventa Group AG
unless otherwise stated in individual cases. You may contact the address given above if you have a question concerning data protection.
2. Collection and processing of personal data
We mainly process personal data that we receive from our customers, business partners and other involved persons within the framework of our business relationships, or that we collect from users of our websites, apps and other applications.
Where permitted, we also collect certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, the media, the Internet) or receive it from other companies within the Noventa Group, government agencies and other third parties.
In addition to the data that you submit to us voluntarily, the categories of personal data relating to you that we receive from third parties include in particular information from public registers; information that we receive in connection with official and court proceedings; information in connection with your professional position and activities (for instance to enable us to complete and manage transactions with your employer with assistance from you); information about you in correspondence and meetings with third parties; credit rating information (where we enter into transactions with you personally); information about you that we receive from persons in your environment (family, consultants, legal representatives etc.) so that we can enter into or perform contracts with you or with your involvement (e.g. references, your delivery address, powers of attorney); information on adherence to statutory requirements such as anti-money laundering regulations and export restrictions; information from banks, insurance companies, distribution and other of our contractual partners such that you may claim or provide services (e.g. payment history, purchasing history); information from the media and the Internet about you (provided this is appropriate in the particular instance, e.g. in the case of an application, press review, marketing/sales etc.); your addresses and possibly your interests and other sociodemographic data (for marketing); and data in connection with your use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of your visit, access pages and contents, used functions, referral website and geographical information).
3. Purposes of data processing and legal bases
We use the personal data collected by us primarily to enter into and perform the contracts with our customers and business partners, and in particular to supply our customers with products, to purchase products and services from our suppliers and subcontractors, as well as to satisfy our legal obligations at home and abroad. Your personal data may of course also be affected if you work on behalf of any such customers or business partners.
Where we are permitted to do so and it appears appropriate, we also process personal data concerning you and other persons for the following purposes in which we (and at times also third parties) have a legitimate interest that reflects these purposes:offerings and development of our offerings, services and websites, apps and other platforms on which we are present;
- communication with third parties and processing of their enquiries (e.g. applications, media requests);
- review and optimisation of processes for needs analysis in order to communicate directly with customers and to collect personal data from publicly accessible sources for the purpose of customer acquisition;
- advertising and marketing (including organisation of events), provided you have not objected to the use of your data (if you are our customer and we send you advertising, you can object to this advertising at any time; in this case we will put you on a blocking list to ensure you no longer receive advertising);
- market and opinion research, media monitoring;
- exercise of legal claims and defences in connection with legal disputes and in administrative proceedings;
- prevention and investigation or criminal offences and other misdemeanours (e.g. performance of internal investigations and data analyses to fight corruption);
- assurance of the security of our operations, especially IT, our websites, apps and other platforms;
- video monitoring to protect our property and other measures to ensure IT, facility and complex security and the protection of our staff, other persons and assets belonging or entrusted to us (e.g. admission checks, visitor lists, network and mail scanners, telephone records);
- purchase and sale of business divisions, companies or parts of companies, as well as transactions under corporate law, and associated with this the transfer of personal data and measures for business controlling, as well as adherence to statutory and regulatory obligations and internal policies.
Where you have provided us with consent for the processing of your personal data for certain purposes (e.g. your registration to receive newsletters or to conduct background checks), we shall process your personal data within this framework based on your consent, except where we have and require other legal authorisation. Consent may be withdrawn at any time, but will not affect the lawfulness of data processing carried out before consent was withdrawn.
4. Cookies/tracking and other technologies in connection with use of our website
This means we can recognise you when you return to our website or use our app, although we will not be aware of your identity.
Besides cookies that remain only for one session and are deleted when you leave our website ("session cookies"), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) ("persistent cookies"). You can adjust your browsers settings to reject cookies, to store cookies only for one session, or to delete them earlier.
The default setting of most browsers is to accept cookies. We use persistent cookies to store user settings (e.g. language, country, browser settings, auto-login). You may not be able to use all features (e.g. language selection, shopping cart, order processes) if you disable cookies.
In some places in our newsletters and other marketing emails we integrate where permitted visible and hidden image elements. When activated, they enable our servers to identify whether and when you open the email. This allows us to measure responses, to acquire a better understanding of how you use our service, and to tailor our services to meet your needs. You can block this function in your email program; the default setting of most programs is that you must do this yourself.
You consent to the inclusion of these technologies by using our website and apps, as well as by consenting to the receipt of newsletters and other marketing emails. Should you object, you must adjust your browser and email program settings or delete the app if you are unable to adjust the settings accordingly.
4.1 Web analysis service Google Analytics/Universal Analytics
4.2 Social media plug-ins
4.3 Google Maps
5. Data disclosure and data transfer abroad
Where permitted and appropriate in our view, we disclose personal data to third parties within the framework of our business activities and the purposes set out in section 3, either because these third parties process the data on our behalf or because they intend to process the data for their own purposes. This applies in particular to the following third parties:
- our service providers (within the Noventa Group and external providers like banks, insurance firms), including contract processors (e.g. IT providers);
- retailers, suppliers, subcontractors and other business partners;
- national and international government agencies, offices or courts;
- the general public, including visitors to websites and social media;
- competitors, industry organisations, associations, societies and other bodies;
- buyers or potential buyers of business divisions, companies or other parts of the Noventa Group;
- other parties to possible actual legal proceedings;
- other companies within the Noventa Group;
jointly referred to as recipients.
Some of these recipients are national, but could also be located anywhere in the world. In particular, you should anticipate the transfer of your data to all countries in which the Noventa Group is represented by group companies, permanent establishments or other offices (http://www.noventa.com), as well as to other countries in Europe and the United States where our service providers are domiciled (e.g. Microsoft).
Where we transfer data to a country without adequate data protection laws, we use – as prescribed by law – suitable contracts (namely that are based on standard contractual clauses by the European Commission) or binding corporate rules to ensure an adequate level of protection. Alternatively, we base our practice on the legal exceptions granted in regard to personal data in cases of consent, contractual performance, the establishment, exercise or defence of legal claims, overriding public interest or because it is necessary to protect the physical integrity of the data subject. You may obtain at any time a copy of the aforementioned contractual assurances mentioned under section 1, insofar as they are not accessible by clicking on the above link. We reserve the right, for reasons of data protection or secrecy, to redact the copies or to provide only
6. Duration of storage for personal data
We uphold the principles of data economy and data avoidance. We process and store your personal data for as long as is necessary for the performance of our contractual and legal obligations or the other purposes of processing, e.g. for the duration of the entire business relationship (from first contact to fulfilment and completion of a contract). We may also store your personal data for longer periods in accordance with statutory retention and documentation obligations. In this regard, it is possible that personal data will be stored for as long as claims can be exercised against our company or where we are obliged to do so due to other legal obligations or have legitimate business interests in doing so (e.g. for evidence or documentation purposes). As a rule and as far as is possible, your personal data will be erased or anonymised as soon as it is no longer necessary for the aforementioned purposes.
7. Data security
We take adequate technical and organisational security precautions for the protection of your personal data against unauthorised access and abuse. We do so, for instance, through the introduction of policies, training, IT and network security solutions, access control and restrictions, encryption of data storage media and transfers, as well as by monitoring.
8. Obligation to provide personal data
When you enter into a business relationship with us, you must provide the personal data that is necessary to commence and perform a business relationship and for the fulfilment of associated contractual obligations (in most cases you are not required by law to provide us with data). Without this data, we will generally be unable to enter into or perform a contract with you (also the office or person that you represent). It will also be impossible to use the website without disclosing certain information to enable the transfer of data (e.g. IP address).
9. Use of profiling
We do not use "profiling", except where otherwise mentioned explicitly in this Privacy Statement. Profiling describes fully automatic data processing that is intended to assess a person (e.g. in regard to their personal predilections), i.e. to analyse or predict their behaviour.
10. Rights of the data subject
You are entitled, within the framework of applicable data protection laws, and where included therein (such as in the GDPR), the right to information, rectification, erasure, the right to restriction of processing, the right to object to our processing, as well as the right to data portability for the purposes of transferring personal data to another controller.
Kindly take note that we reserve the right to enforce statutory restrictions, for instance if we are obliged to store or process certain data, if we possess overriding interests (where we are entitled to refer to them), or if we require the data for the defence of claims. We shall inform you of all circumstances in which you would incur costs. We already informed you in section 3 of your right to withdraw consent. Please be aware that exercising this right may conflict with contractual agreements and might therefore have consequences such as premature cancellation of the contract or the incurrence of costs. We shall inform you of these circumstances in advance of any action, where this is not already included in the contractual provisions.
In most cases you will only be able to exercise your rights where you have clearly proven your identity (e.g. by submitting a copy of your identification document if your identity is not clear or cannot be verified). You may contact the address provided under section 1 in order to exercise your rights.
Moreover, each data subject has the right to enforce claims in a court of law or to submit a complaint to the competent data protection authorities in the relevant country.
We are entitled to change this Privacy Statement at any time and without prior notice. The current version published on our website shall apply in each case. Where the Privacy Statement is an integral part of an agreement with you, we will inform you by email or by other suitable means of any changes.