Data Protection Declaration

As the data controller we have prepared this privacy notice to inform you in accordance with the requirements of the EU General Data Protection Regulation 2016/679 (GDPR) about the nature, scope and purpose of the processing of personal data in relation to the services we offer on our website.

I. Definitions

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

‘Union’, ‘EU’ or ‘Member State’ means the European Union or a member state of the Union.

II. General Information

1. The data controller

SKAN AG
Kreuzstrasse 5
4123 Allschwil
Switzerland
Telephone: +41 61 485 44 44
E-Mail: info@skan.ch

2. EU Representative for all controllers outside the EU

SKAN Deutschland GmbH
Nickrischer Straße 2
02827 Görlitz/Hagenwerder
Germany
Telephone: +49 358223 9900 0
E-Mail: de.info@skan.ch

3. Contact details of the Data Protection Officer

OBSECOM GmbH
Königstr. 40
70173 Stuttgart
Germany
Telephone: 0711 / 4605025-40
Telefax: 0711 / 4605025-49
E-Mail: datenschutz@obsecom.de
Webseite: https://www.obsecom.eu

4. Legal bases

We process personal data based on at least one of the following legal bases:

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art. 6 (1)(a) GDPR);
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) GDPR);
  • Processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 (1)(c) GDPR);
  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person (Art. 6 (1)(d) GDPR);
  • Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (Art. 6 (1)(f) GDPR)

In this privacy policy we refer to the respective legal basis of the individual data processing operations.

5. Onward transfer of personal data

We have split our customer service into sales regions. If one of our regional sales partners/branches/subsidiaries is responsible for responding to your request or carrying out pre-contractual and contractual measures, we will pass on your contact details to the office responsible in that region. The legal basis for the data transfer is our legitimate interest in processing and responding to your enquiry in accordance with Art. 6 (1)(f) GDPR.

To process your enquiry, it may be necessary to transfer data to sales partners/branches/subsidiaries in EU member states. The data transfer to the EU is legitimised based on an adequacy decision. The list of countries whose legislation ensures adequate data protection can be found at: https://www.fedlex.admin.ch/eli/cc/2022/568/de#annex_1.

To process your enquiry, it may be necessary to transfer data to sales partners/branches/subsidiaries in Japan or the USA. The data transfer is legitimized based on standard contractual clauses: A copy of the standard contractual clauses can be found at: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=EN.

Beyond that, we forward personal data to recipients (data processors or other third parties) only to the extent required and only if one of the subsequent conditions are met:

  • the data subject has consented to the data transfer;
  • the onward transfer is required to fulfil a contractual obligation or pre-contractual measure on the request of the data subject;
  • we are obliged by law to make such a transfer;
  • The onward transfer is made on the basis of our legitimate interest or those of a third party.

6. Third countries

The transfer of personal data to a third country or an international organisation outside the EU or the European Economic Area (EEA) is subject to legal or contractual permission only in accordance with the provisions under Art. 44 et seq. GDPR. Pursuant to Art. 45 GDPR an adequacy decision of the EU commission must be present for the respective country, or appropriate safeguards for data privacy under Art. 46 GDPR, or Binding Corporate Rules under Art. 47 GDPR must exist. In individual cases, a data transfer may be permitted on the basis of an exception under Art. 49 GDPR.

We may use on our website external services provided by organisations based in the USA. If these services are active, personal data is collected in connection with the provision of the relevant service and may be transferred to and stored on servers in the USA. The European Court of Justice considers the USA to have an inadequate level of data protection. When data is transferred to the US, there is a fundamental risk that the US authorities may access and use the data for surveillance and monitoring purposes without notification and without the possibility of a legal remedy.

7. Rights of data subjects

As a data subject you have the following right:

  • Pursuant to Art. 15 GDPR to request information about your personal data processed by us. You may also request information regarding the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or the criteria used to determine that period, the data source (where personal data is not collected from you), the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing; the existence of the right to request rectification or erasure of data concerning you, the right to restrict processing or to object to such processing, the right to lodge a complaint with a supervisory authority. Finally, you have a right to know whether personal data has been transferred to a third country or to an international organisation, and, if so, the appropriate safeguards relating to this transfer;
  • Pursuant to Art. 16 GDPR to demand the immediate rectification of inaccurate personal data and to have incomplete personal data which is stored by us completed;
  • Pursuant to Art. 17 GDPR to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of a legal claim.
  • Pursuant to Art. 18 GDPR to request the restriction of the processing of your personal data if the accuracy of the personal data is contested by you; the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether our legitimate grounds override your interests;
  • Pursuant to Art. 20 GDPR to receive your personal data, which you have provided for us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller;
  • Pursuant to Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes and the legal basis for processing is our legitimate interests pursuant to Art. 6 (1)(f) GDPR;
  • Pursuant to Art. 7 (3) GDPR to withdraw your consent given to us at any time. As a result, we are no longer allowed to continue to process the data that was based on this consent in the future;
  • Pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. A list of contact details of the EU supervisory authorities can be found on this website: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. You can contact the Swiss Federal Data Protection Commissioner on this website: https://www.edoeb.admin.ch/edoeb/de/home/deredoeb/kontakt.html

If you wish to assert the data subject rights mentioned above, you can contact us or our data protection officer at any time using the contact details above.

8. Erasure and restriction of personal data

Unless otherwise provided for in this privacy notice, personal data will be deleted, if this data is no longer necessary in relation to the purposes for which they were collected or otherwise processed and the deletion does not conflict with statutory retention requirements. In addition, we will erase the personal data processed by us in accordance with Art. 17 GDPR on your request, if the conditions provided therein are met. If personal data are required for other lawful purposes, they will not be erased, but their processing will be restricted in accordance with Art. 18 GDPR. In case of restriction, the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons.

9. Cookies

Our website uses cookies. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, PC, etc.) when you visit our website. Cookies do no harm to your device, nor do they contain any viruses or other malicious software. The cookie stores information which is created in relation to the specific device you are using. However, this does not mean that we become immediately aware of your identity. Cookies are mainly used to make the website more user-friendly, effective and secure.

Most browsers accept cookies automatically. However, if you do not wish to accept cookies, you can configure your browser so that no cookies are stored on your device or a message is displayed before new cookies are created. Information on how to remove cookies in Internet Explorer / Edge, please refer to: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies. Information on the removal of cookies in Firefox, please refer to: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectlocale=en-US&redirectslug=delete-cookies-remove-info-websites-stored. Learn how to remove cookies in Safari here: https://support.apple.com/en-gb/guide/safari/sfri11471/mac.

A general objection to the use of cookies used for online marketing purposes can be made for a variety of services, as explained at http://www.youronlinechoices.com/ or the opt-out page of the Network Advertising Initiative http://optout.networkadvertising.org. However, disabling cookies may mean that you may not be able to use all the features of our website.

This website uses the Consentmanager cookie banner, which sets technically necessary cookies to save your cookie preferences. The cookie banner itself does not process any personal data. The list below shows the cookies we use on our website:
https://skan.com/cookie-info

You can change your preferences for the use of certain types of cookies on our website here: https://skan.com/cmp-user-settings.

The data processed by essential/necessary cookies are required for the aforementioned purposes to protect our legitimate interests as well as those of third parties in the provision and operation of our website in accordance with Art. 6 (1)(f) GDPR. The legal basis for the use of cookies for advertising, market research and the integration of external media is your voluntarily given consent according to Art. 6 (1)(a) GDPR.

III. Individual processing operations

1. Hosting

In order to make our website available, we use services provided by hosting companies, such as: Provision of web servers, disk space, database services, and security or maintenance services. Here we, or our hosting providers, process personal data of website visitors based on our legitimate interests in providing efficient and secure access to our website in accordance with Art. 6 (1)(f) GDPR.

2. Access data and log files

By visiting our website or its individual pages, your device�s internet browser automatically sends information to the server of our website. This information is stored in so-called log files by us or our hosting provider and will be deleted after 30 Days at the latest.

The following information is stored:

  • IP address of the requesting computer;
  • Date and time of access;
  • Name and URL of the requested file;
  • Website from which our site was accessed (Referrer-URL);
  • The browser used and your computer�s operating system;
  • Status codes and the transferred amount of data;
  • Name of your access providers.

This data will be used for the following purposes:

  • The provision of our website, including all of its features and contents;
  • To ensure a smooth connection to our website;
  • To ensure a more user-friendly experience on our website;
  • To ensure system security and stability;
  • For anonymised statistical evaluation of website access;
  • To optimise our website;
  • For disclosure to law enforcement authorities in the event of unlawful interference / attacks on our systems;
  • For further administrative purposes.

The legal basis for data processing is Art. 6 (1)(f) GDPR. Our legitimate interest relates to the data collection purposes mentioned above. Under no circumstances will we use the personal data collected for the purpose of drawing conclusions about a person.

3. General means of contact

If you contact us using the contact details published on our website (for example, by e-mail) and in this context provide us with personal data, we will use this data to process your request on the basis of Art. 6 (1)(b) GDPR, if your request is related to the performance of a contract or is required to perform pre-contractual action. In all other cases, processing is based on your consent in accordance with Art. 6 (1)(a) GDPR and / or our legitimate interest in the effective processing of requests addressed to us pursuant to Art. 6 (1)(f) GDPR. We will store your personal data until you ask us for deletion, revoke your consent to the storage, or the data are no longer necessary for the purpose for which they were collected (for example, after completion of your request). Mandatory statutory provisions – especially retention periods – remain thereof unaffected.

4. Contact form

If you use the contact form, you will be asked to provide your e-mail address, Name, Title, Phone, Company and any other personal data, so that we can get in touch with you. Further information can be provided voluntarily. The data processing for the purpose of contacting us and answering your request takes place in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent. All personal data collected in connection with the contact form will be deleted after your request has been processed, unless further storage is required for the documentation of other transactions (for example, subsequent conclusion of a contract).

5. E-Mail direct marketing to customers

If you are an existing customer and we have received your e-mail address in connection with the sale of goods or services, we may use your name, e-mail address, your company affiliation if you are interacting on behalf of a company, and the type of goods or services you purchased from us for the direct marketing of our own similar goods or services. This only applies if you have not objected and we clearly and unequivocally have advised you of the possibility of objection at the time of collecting the e-mail address, and every time we use it thereafter. The legal basis of processing is our legitimate interest in direct marketing according to Art. 6 (1)(f) GDPR. We will store the personal data until you object to the processing.

6. Job applications

If you use our form to apply for a job, you will be asked to provide your name, contact information and further application documents so that we can review your application and contact you. The data processing for the purpose of processing your application is carried out in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent. Taking into account the limitation periods of the relevant anti-discrimination legislation, application documents will be kept for a period of 6 months after completion of the application process and then deleted, unless storage is required for the documentation of other operations (for example, subsequent recruitment).

IV. Statistics and Analytics

1. Hotjar

Our website uses the hotjar analysis service. The provider is hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta (hereinafter ‘hotjar’). Hotjar collects data about the visits of users to our website. The purpose of this data is to ensure that our website is designed to meet users’ needs, to continuously optimise our website, measure the success of marketing measures and compile statistical analyses. The legal basis is our legitimate interests according to Art. 6 (1)(f) GDPR. The personal data collected can be used to create usage profiles under pseudonyms. Hotjar may use cookies to achieve this purpose. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can object to the collection and storage of data at any time with effect for the future. To do so, please click on the link below and follow the instructions to set an opt-out cookie for your computer: https://www.hotjar.com/opt-out (opt-out).

Attention: If you delete your cookies, this will also result in the opt-out cookie being deleted and you may have to reactivate it. For more information on how hotjar handles your personal data, please refer to hotjar’s privacy policy at: https://www.hotjar.com/legal/policies/privacy.

2. Bing Conversion Tracking

Our website uses Bing Conversion Tracking. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter ‘Microsoft’). The personal data is processed for the purpose of advertising of our products and services, as well as analysing the clicks on advertisements, purchases, and registrations. Cookies are used for analysis and evaluation. This service records your IP address, which of our websites you have visited and, where applicable, other data required by Microsoft for the provision of conversion tracking. The information recorded about your use of this website is stored on servers in the USA. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of us or Microsoft. You may refuse to use cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. The legal basis for the processing of personal data is your voluntarily given consent according to Art. 6 (1)(a) GDPR. The legal basis for the transfer of personal data to the USA is also your voluntarily given consent according to Art. 49. (1)(a) GDPR. For more information on how Microsoft handles your personal data, please refer to Microsoft’s privacy policy at: https://privacy.microsoft.com/de-de/privacystatement.

3. LinkedIn Insight Tag

We use the LinkedIn Insight Tag on our website. The provider is LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland (hereinafter ‘LinkedIn’). The purpose of the LinkedIn Insight Tag is to create anonymised reports on website audiences and ad performance. We also use retargeting features to display targeted advertising on other websites. For this purpose, LinkedIn sets a cookie in your web browser, which, among others, collects the following data: IP address, device and browser characteristics and page events (e.g. page views). The information collected by LinkedIn may be transferred to and stored on servers in the USA. The legal basis for the processing of personal data is your voluntarily given consent according to Art. 6 (1)(a) GDPR. The legal basis for the transfer of data to the USA is also your voluntarily given consent according to Art. 49 (1)(a) GDPR. The collected information is anonymised within seven days and deleted after 90 days. If you do not agree with the tracking and retargeting by the LinkedIn Insight Tag, you can obtaining an opt-out cookie via this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Please note that when you delete your browser cookies, the opt-out cookie will also be deleted. You will then have to visit the LinkedIn opt-out page again to reset the cookie. For more information on how LinkedIn handles personal data, please refer to the privacy policy at: https://www.linkedin.com/legal/privacy-policy.

V. Google Services

Provider of the services below is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter ‘Google’).

The information collected by Google in connection with the provision of the respective services may be transferred to and processed by Google servers in the USA and stored there. Please also note our information above on data transfer to third countries.

For more information about how Google handles personal data, please refer to Google’s Privacy Policy: https://www.google.com/intl/de/policies/privacy/. For information on the use of data for advertising purposes by Google, settings and your right to object please refer to: https://www.google.de/policies/privacy/partners/, https://www.google.de/policies/technologies/ads/, https://adssettings.google.de/

1. Google services for which your consent is required

The legal basis for the use of the following services is your voluntarily given consent according to Art. 6 (1)(a) GDPR. The legal basis for data transfer to the USA is also your voluntarily given consent in accordance with Art. 49 (1)(a) GDPR.

1.1 Google Analytics

Our website uses Google Analytics. Google Analytics uses cookies. Google Analytics collects information about the visits of website users and analyses their behaviour. This data serves the purpose of developing a user-friendly website design, the continuous optimisation of our services and offers, to measure the success of marketing activities and to create statistical analysis. In this context, pseudonymised user profiles are created and cookies are used. Google Analytics collects information such as browser type / version, operating system, referrer URL (the previously visited page), host name of the accessing computer (IP address) and time of server request. The information generated is transferred to the US and stored on servers owned by Google. The collected user data and event data will be deleted after 14 months. Information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. Under no circumstances will your IP address be merged with any other data that is kept by Google. The IP address will be anonymised so that assignment is impossible. You can prevent the local storage of cookies by configuring your browser software accordingly. However, be advised that in this case you may not be able to use all the features of this website to the full extent possible. Additionally, in order to prevent Google from collecting and processing the data generated in relation to your use of the website you may download and install the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. You can prevent Google from gathering your data by clicking on this link https://skan.com/gaoptout which sets an opt-out cookie on your computer. This cookie ensures that Google Analytics will not collect and store any user data from your browser when visiting this website. Attention: If you delete your cookie cache, this will result in the opt-out cookie being deleted as well. Then you must re-activate the opt-out cookie again.

1.2 Google AdWords with Conversion-Tracking

Our website uses Google AdWords and Google AdWords with Conversion Tracking. Google Conversion Tracking is used to track and evaluate the clicks on ads, purchases, signups, phone calls, app downloads, and other actions on our website. In this context Google AdWords collects your IP address, which of our websites you have visited and, if necessary, other data required by Google for providing conversion tracking statistics. Under no circumstances will your IP address be merged with any other data that is kept by Google. This service also uses Cookies for analysis and evaluation purposes. You can prevent the storage of cookies by configuring your browser so that no Cookies will be stored on your device. However, disabling cookies may mean that you may not be able to use all the features on our website. The information generated is transferred to the US and stored on servers owned by Google. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.

1.3 Google Maps

This website uses Google Maps to display site maps, maps, terrain data, or geographic maps. This service collects your IP address, which of our websites you have visited and, if necessary, other data required by Google for the provision of the maps (such as location data). The generated information is stored on servers in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. The Google Maps terms of service can be found at: https://www.google.com/intl/en_uk/help/terms_maps.html.

1.4 YouTube

Our website uses media content from the YouTube platform. Provider is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter ‘Google’). The purpose is to display content of the YouTube platform that relates to the content of our website. This service collects your IP address and any additional data Google may need to provide the YouTube content. The information gathered about your use of this website is stored on a server in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. If you are logged in to your YouTube account while you are visiting our website, Google can link your visit of our website directly to your YouTube user account. If you do not want Google to be able to associate the data collected on our website with your respective user account on YouTube, you must first log out of YouTube.

2. Other Google services

The legal basis for the use of the following services are our legitimate interests according to Art. 6 (1)(f) GDPR. Our legitimate interests are listed below for each service individually.

2.1 Google Web Fonts

Our website uses external typesets provided by Google, so-called web fonts. To do this, your browser loads the required web fonts into your browser cache when you visit the website. If your browser does not support this feature, your computer will use a standard font to display the website. This service collects your IP address, which of our websites you have visited and, if necessary, other data required by Google for the provision of the web fonts. The generated information about your use of this website is stored on servers in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.

2.2 Google Tag Manager

Our website uses Google Tag Manager to manage the website through a single tag management interface. Google Tool Manager only implements tags. This means no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which may collect data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain effective for all tracking tags as far as they are implemented with the Google Tag Manager.

VI. Social Media Plugins

Our website uses plugins from social media networks. If you open a website with such a plugin, your browser establishes a direct connection with the server of the respective provider, whereby the provider receives knowledge of which page you have visited and which IP address made the request. The same also applies to the use of the component, e.g. the liking or sharing of content or commenting on a post.

If you are logged in to the respective provider of the social media network while you are using the plugin, the respective provider can link the visit to our website to your social media user profile. If you click on the button of one of the plugins, information will be transmitted to the respective provider and published in your social media profile. If you do not want the provider to be able to link the data collected to your social media user profile, you must first log out of the social media network. The purpose of the plugins is to promote awareness of our website and to share content from our website on social media networks.

We use a privacy friendly 2-click method with Shariff buttons to integrate social media plugins on our web site. The described data transfer therefore only takes place with the activation click and not already when loading the page. More information about Shariff 2-Click buttons are available at: https://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.html.

The legal basis for the use of the following services is your voluntarily given consent according to Art. 6 (1)(a) GDPR. The legal basis for data transfers to the USA is also your voluntarily given consent in accordance with Art. 49 (1)(a) GDPR.

1. ShareThis-Button

This website uses the social media plugin ShareThis. The provider is ShareThis Inc, 250 Cambridge Avenue, Palo Alto, CA 94306, USA (hereinafter ‘ShareThis’). These plugins allow users to post or share comments about our website on social networks (for example, Facebook or Google+). The plugin is recognisable by the ShareThis logo. In this context, your IP address is collected, which of our websites you have visited, and possibly other data that ShareThis can determine in connection with the connection. The personal data collected may be stored on servers in the USA. If you use one of the functions offered by ShareThis while logged in to the corresponding social media provider, the action can be assigned to your respective user account. For more information on how ShareThis handles your personal data, please refer to the privacy policy at: https://sharethis.com/privacy/.