Data Protection Declaration
General Data Protection Regulation (GDPR) & Swiss Federal Data Protection Act (DPA)
Introduction
This Data Protection Declaration tells you about how we collect and use personal data when you use our Internet pages.The abbreviation GDPR stands for the EU General Data Protection Regulation and applies to persons in the EU who visit our website (referred to in the following as “persons from the EU”). The abbreviation DAP stands for the Swiss Federal Data Protection Act and applies to persons in Switzerland who visit our website (referred to in the following as “persons from Switzerland”).
Name and address of the person(s)/company responsible for data collection and processing
The following party is responsible in the sense of the data protection legislation and other data protection regulations of a regulatory nature:


BI Netzwerk GmbH
Oberer Giebel 8
3323 Baeriswil
Switzerland
Web: www.baaas.net
e-Mail: info@binetzwerk.ch
Tel.: +41 79 646 63 58
Right of access to information


According to article 8 DPA and article 15 GDPR you have the right to demand confirmation from us about whether or not we collect and process personal data about you. If this is the case, you are entitled to information about this personal data and to further information as stated in article 8 DPA and article 15 GDPR.


Right to rectification


According to article 5 DPA and article 16 GDPR, you have the right to demand of us that any personal data we hold about you that is incorrect should be immediately rectified. Taking into account the purpose of data collection and processing, you further also have the right to demand that any incomplete personal data is completed – including by means of a supplementary declaration.


Right of erasure
Persons from the EU have the right to demand of us that we immediately delete personal data about you. We are obliged to immediately delete personal data if the corresponding requirements set out in article 17 GDPR are met. We refer to article 17 GDPR for more details. In the cases set out by law, persons from Switzerland also have the right to demand the deletion of data, for example if data is no longer required or necessary, or if the consent to process said data has been withdrawn.


Disclosure of data to third parties
We will never disclose personal data that has been shared with us to third parties, particularly not for advertising purposes.
However, we do work with third parties as part of running these Internet pages and as part of our efforts to provide products and services. It is possible that these parties could gain knowledge of personal data in the process. We choose our service providers with great care – particularly with regard to data protection and data security – and put in place all measures required for reliable data processing in line with applicable data protection regulations.
Data processing in Switzerland / in the EU


We always process data in Switzerland (data transmission on conclusion of a contract, server log files, contact forms, registration, cookies). The EU has set out definitions for adequate protection of personal data in Switzerland in Commission Decision 2000/518/EC. By contrast, some of our service providers whose plugins and tools we use process data outside the EU in some cases. This is disclosed as part of this Data Protection Declaration during the relevant explanations of the plugins/tools that are used. The appropriate level of data protection is ensured as part of the participation in the so-called “Privacy Shield” and in the data protection and data security measures put in place by the service provider.


Right to restriction of processing


In accordance with article 18 GDPR, provided certain requirements are met persons from the EU have the right to demand from us that the way in which your personal data is processed is restricted.


Right to data portability


According to article 20 GDPR you have the right to receive a copy of your personal data that you have made available to us in a structured, standard and machine-readable format, and you have the right to transmit this data to another responsible party without obstruction or hindrance by us, provided the processing is based on consent granted in accordance with article 6 paragraph 1 a) GDPR or article 9 paragraph 2 a) GDPR, or on a contract in accordance with article 6 paragraph 1 b) GDPR, and the processing is performed by automated means.


Right of objection


According to article 21 GDPR, you have the right to object against any processing of your personal data that takes place on the basis of article 6 paragraph 1 letter e or f GDPR; this also applies to profiling based on these regulations.
In cases where we process your personal data for the purpose of direct marketing, you have at all times the right to object against the processing of your personal data for the purpose of such marketing; this also applies to profiling to the extent that it is linked to such direct marketing.
If you wish to exercise any of your due rights, please contact us as the responsible party using the contact data stated above, or use one of the other methods of communication we offer to send us this notification. If you have any questions about this, please get in touch with us.
Right of appeal to the regulatory authority


In accordance with article 77 GDPR, persons from the EU have the right to appeal to the regulatory authority, regardless of any other regulatory or judicial legal remedies. This right applies in particular in the member state of your place of residence, your workplace or the location of the supposed infringement if you believe that the processing of the personal data relating to you is in breach of the rulings set out in GDPR. Persons from Switzerland have recourse to the judicial remedies set out in articles 15 / 25 / 27 / 29 DPA.


Server log files


When you access our website, the company appointed by us to run the website will save, in additional to technical information about the terminal device you are using (operating system, screen resolution and other, non-personal characteristics) and the browser (version, language settings), in particular also the public IP address of the computer you use to access our site, along with the date and time of access. The IP address is a unique numerical address under which your terminal device sends or calls up information on the Internet. We and our service provider do not generally know who is behind an IP address, unless you share data when using our website that enables us to identify you. In addition, a user can be identified if legal proceedings are initiated against said user (e.g. in the event of attacks on our website) and we gain knowledge about his/her identity as part of the investigation procedure. In normal use you therefore do not need to worry that we might be able to link your IP address to you.
Our service provider uses the processed data for statistical, non-personal purposes to enable us to analyse which terminal devices are used with which settings during visits to our website, so that we can optimise the website settings if necessary. These statistics do not contain any personal data. The legal basis for the creation of statistics is article 6, paragraph 1 f) GDPR.
The IP address is further used to enable you to technically access and use our website, as well as to detect and protect against attacks on our service provider or our website. Unfortunately, the Internet sees frequent attacks designed to harm website operators or their customers (e.g. to prevent access, spy on data, distribute malware (e.g. viruses) or for other illegitimate purposes). Such attacks would impair the proper functioning of the computer centre of the company appointed by us, prevent proper use of the website and jeopardise the security of visitors to our website. We collect and process the IP address details and the access time to protect against such attacks. Via our service provider, we use this processing of data to safeguard our justified interests, to ensure that our website works correctly and to protect ourselves against illegal attacks against us and the visitors of our website. The legal basis for this type of data processing is article 6, paragraph 1 f) GDPR.
The saved IP data is deleted (through anonymisation) once it is no longer required for the detection of or defence against an attack.
Data transmission on conclusion of a contract for services and digital content


If you purchase a service or digital content, we will process the data provided by you in order to conclude and perform the contract. Here, data will be handed over to service providers within the scope and extent required for shipment and billing of your purchase. The legal basis for this type of data processing is article 6, paragraph 1 b) GDPR.
We will also process this data for detection of and protection against attempts at fraud on the basis of article 6, paragraph 1 f) GDPR. We do this in order to protect ourselves against fraudulent transactions.
Data saved in connection with the conclusion of a contract for the purchase of a service or digital content will be deleted after expiry of the legally required storage period. If, based on the processing of a purchase contract, legal recording and storage obligations arise (e.g. storage of invoices in accordance with applicable tax laws), the legal basis for this type of data processing is article 6, paragraph 1 c) GDPR.
We will delete or anonymise the data once it is no longer required for the performance of the relevant contract and no further legal storage obligations apply.
Cookies


We use cookies and comparable technologies (Local Storage) on our website to ensure that it works correctly, to understand how visitors use our website and to save the settings made by a user in his/her browser.
A cookie is a small text file that is saved on your terminal device by your browser when you access our website. If you access our website again at a later time, we can read these cookies again. Cookies are saved for different lengths of time. You can at all times change the settings in your browser to choose which cookies should be accepted, but changes to these settings can cause our website to no longer work properly for you. You can also delete cookies yourself at any time. If you do not do this, we can state when a cookie is saved how long it is to be saved on your computer. A distinction needs to be made here between so-called session cookies and permanent cookies. Session cookies are deleted by your browser when you leave our website or when you exit the browser. Permanent cookies are saved for the length of time stated by us during saving.
We use cookies for the following purposes:
• Technically required cookies, which are essential in order to use the functions made available on our website (e.g. detection whether you are logged in). Without these cookies, certain functions cannot be made available.
• Functional cookies, which are used for the technical implementation of certain functions you wish to use.
• Analysis cookies, which are used to analyse user behaviours.
• Cookies from third-party providers. Cookies from third-party providers are saved by third-party providers whose functions we have embedded in our website to enable certain functions. They can also be used to analyse user behaviours.
Most browsers that are used by our users allow them to select which cookies should be saved and enable them to delete (certain) cookies again. If you restrict the saving of cookies to certain websites or do not allow any cookies from third-party web page providers to be saved, this can, in some cases, prevent you from being able to make full use of all the functions that are otherwise available on our website. Information about adjusting cookie settings on the most commonly used browsers can be found here:
• Google Chrome (support.google.com/chrome/answer/95647?hl=en)
• Internet Explorer (https://support.microsoft.com/en-en/help/17442/windows-internet-explorer-delete-manage-cookies)
• Firefox (https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences)
• Safari (https://support.apple.com/kb/PH21411?locale=de_DE&viewlocale=en_US)
Contact form


If you use one of the available contact forms to send us a message, we will use the data you share with us to process your request. The legal basis for this is our justified interest in responding to your request in accordance with article 6, paragraph 1 f) GDPR. If your request serves the conclusion of a contract with us, then a further legal basis for processing this data is given in article 6, paragraph 1 b) GDPR. The data will be deleted once your query has been dealt with. In case we are required by law to store the data for a longer period than this, it will be deleted once the corresponding period has passed.


Registration / customer account


When a customer account is created for you, we will use the data made available by you to create and manage the account, as well as to enable you to take advantage of the services associated with your customer account. The legal basis for this type of data processing is article 6, paragraph 1 a) GDPR. If the creation of the customer account serves the conclusion of a contract with us, then a further legal basis for processing this data is given in article 6, paragraph 1 b) GDPR.
This data will be saved until the customer account is closed. If we are required by law to store the data for a longer period of time (e.g. in order to comply with accounting requirements) or we are entitled by law to store the data for a longer period of time (e.g. due to an on-going legal dispute against the owner of a user account), deletion of the data will take place after expiry of the storage obligation or legal entitlement.
Job applications (including via e-mail)


We are delighted that you are interested in working for us and that you would like to apply for a job in our company or have already done so. In the following, we would like to inform you how we will use your personal data in connection with your application.
We will collect and process the data you provide to us in connection with your application in order to examine your suitability for the job (or any other vacant positions in our company, if applicable) and to carry out the application process.
The legal basis for the processing of your personal data is the pursuit of legitimate interests in accordance with article 6, paragraph 1, letter f) GDPR. Our interests exist in the performance of the application process and, where applicable, in the assertion of or defence against claims.
Data from applicants will be deleted within a period of 12 months if the application is unsuccessful.
If you are offered a job as a result of the application process, the data will be transferred from the applicant database to our HR information system.
Within the company, access to your data will always be restricted to only people who need to access the data to complete our proper application process.


Google Analytics analysis tool


As part of GGF job processing, we utilise Google Analytics via Google Tag Manager. This is a service of Google LLC (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA. Google uses a so-called cookie as the job processor for this. This is a small text file that is saved on your computer by your browser. With the aid of this cookie, Google receives information about websites you access, along with, in particular, the following information: browser type/version, operating system used, technical information about the operating system and the browser, as well as the public IP address of the computer you are using. We use Google Analytics in such a way that your IP address is only used in anonymised form. According to information from Google, this anonymisation is performed in the European Union or in a member state of the EEA. Only in exceptional cases should the full IP address be sent to a server of Google in the USA before being shortened there. According to information from Google, the anonymisation is performed before the IP address is saved for the first time to a permanent data carrier. For more details, please refer to the data protection declaration of Google, which can be accessed at https://support.google.com/analytics/answer/6004245?hl=en.
Google Analytics enables us to generate non-personal usage statistics for our website as well as demographic data about visitors and visitor behaviours. Furthermore, statistics are generated that help us to better understand how users find our website, which in turn enables us to improve our search engine optimisation and marketing strategies. With this data processing, we are pursuing our justified interests of being able to improve our website and marketing strategies. The legal basis for this type of data processing is article 6, paragraph 1 f) GDPR.
Information about what you can do to object to the use of Google Analytics can be found at https://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent data acquisition by Google Analytics within this website in future (this opt-out feature only works in this browser and only for this domain). In the process, an opt-out cookie will be saved to your device. If you delete the cookies in this browser, you will need to click this link again.
Google is a member of the PrivacyShield Framework and has signed with us a job processing agreement for Google Analytics. Pseudonymised data is deleted after 12 months.