General Data Protection Regulation

The present data protection declaration clarifies the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") in the context of the provision of our services and our online offer, as well as the associated websites, functions and content and our external online presence, such as our social media profile (hereinafter jointly referred to as “online offer”). Regarding the terms used, such as "processing" or "data controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Version of the 6th of September 2018

Dexel SA 
Chemin du Long-Champ 95f 
CH-2504 Bienne 

E-Mail: office@dexel.ch

• Basic data (e.g. personal data, names, or addresses)  
• Contact information (e.g. emails, phone numbers)  
• Content data (e.g. text entry, photographs, videos) 
• Usage data (e.g. websites visited, interest in content, time of access) 
• Metadata/communication data (e.g. device information, IP addresses)

Visitors and users of the online offer (the data subjects are hereinafter collectively referred to as “users”). 
Processing purpose

• Provision of the online offer, its functions, and its content  
• Response to contact requests and communication with users  
• Security measures  
• Audience measurement/marketing

“Personal data”: any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an “identifiable natural person” is deemed to be a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier (e.g. cookie), or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity;

“Processing”: any operation or set of operations performed with or without automated processes and applied to personal data. The term has a very broad meaning and covers practically any handling of data.

“Pseudonymisation”: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that personal data are not attributed to an identified or identifiable natural person.

“Profiling”: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

“Controller”: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor”: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

In accordance with Art. 13 GDPR, we hereby inform you of the legal basis applicable to our data processing. The following applies to users falling within the scope of the General Data Protection Regulation (GDPR), i.e. EU and EEC, unless the legal basis is mentioned in the declaration data protection:

• The legal basis for obtaining consent is Art. 6, par. 1, lit. and Art. 7 GDPR. 
• The legal basis for processing for the purposes of providing our services and implementing contractual measures as well as for responding to requests for information is Art. 6 par. 1 lit. b GDPR. 
• The legal basis for processing for the purposes of fulfilling our legal obligations is Art. 6 par. 1 lit. c GDPR. 
• If the protection of the vital interests of the data subject or of another natural person requires the processing of personal data, Art. 6, par. 1, lit. d GDPR serves as the legal basis. 
• The legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to the controller is Art. 6, par. 1, lit. e GDPR. 
• The legal basis for processing intended to safeguard our legitimate interests is Art. 6, par. 1, lit. f GDPR. 
• The processing of data for a purpose other than that for which it was collected is governed by the provisions of art. 6, par. 4 GDPR. 
• The processing of special categories of data (within the meaning of Art. 9 par. 1 GDPR) is governed by the provisions of Art. 9 par. 2 GDPR.

We take the appropriate technical and organisational measures in accordance with the legal requirements, considering the state of the art, the costs of implementation and the type, scope, circumstances, and purposes of the processing, as well as the probability of occurrence and the seriousness of the risk for the rights and freedoms of the natural persons, in order to guarantee a level of protection adapted to the risk. 

These measures consist of guaranteeing the confidentiality, integrity, and availability of data by controlling physical access to the data as well as any access concerning this data, its capture, its transmission, the guarantee of its availability as well as its separation. We have established procedures to ensure that the rights of data subjects are considered that data is deleted and that we respond to any threats to the data. In addition, we take the protection of personal data into account during the development or selection of hardware, software, and processes, in accordance with the principle of data protection through technical design and through data protection-friendly default settings.

If we disclose data to other people and companies (subcontractors, co-controllers or third parties) in the context of our processing, transfer data to them or give them access to the data, this can only be done with legal authorisation (e.g. if a transfer of data to third parties, such as payment service providers, is necessary for the execution of the contract), with the consent of the users, if a legal obligation stipulates it or on the basis of our legitimate interests (e.g. to contract an agent, a website host, etc.). 

If we disclose or transmit data to other companies in our own group, or otherwise provide them with access to data, we do so in particular for administrative purposes, according to our legitimate interest and in accordance with the legal requirements.

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or if this is done in the context of the use of third party services or the disclosure or transfer of data to other persons or companies, this is done only to fulfil our (pre)contractual obligations, by virtue of your consent or of a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we process or leave data in a third country only if the legal requirements are met. This means that processing takes place, for example, based on special guarantees such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. the "Privacy Shield" in the USA) or compliance with officially recognised special contractual obligations.

You have the right to obtain a declaration confirming whether data concerning you is being processed, to receive information about this data as well as other information and a copy of this data, in accordance with the legal provisions. 

You have the right, in accordance with the legal provisions, to demand that the data concerning you be completed or that inaccurate data concerning you be rectified. 

In accordance with the legal provisions, you have the right to demand that the data concerning you be deleted immediately or that the processing of this data be restricted in accordance with the legal regulations. 

You have the right to demand to receive the data concerning you that you have provided to us in accordance with the legal provisions and to request that it be transmitted to other data controllers. 

You also have the right to lodge a complaint with the competent supervisory authority in accordance with legal regulations.

You have the right to revoke any consent you have given, without retroactive effect.

You can object at any time to the further processing of data concerning you in accordance with the legal provisions. This opposition may be filed against processing for direct advertising purposes.

“Cookies” are small files that are stored on the user’s computer. Various data can be stored in cookies. A cookie is primarily used to record information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted when a user leaves an online offer and closes their browser. This type of cookie can save the contents of a shopping basket in an online store or a login status, for example. Cookies that remain stored even after closing the browser are called “permanent” or “persistent”. Users can thus recuperate their connection status when returning to a site after several days. User interests may also be stored in a cookie of this type, which is used for audience measurement or marketing purposes. “Third -party cookies” are cookies used by providers other than the person responsible for operating the online service (in the latter case, the cookies are called “first-party cookies”). 

We may use temporary and permanent cookies and we explain this in our privacy policy. 

If the user does not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the browser system settings. The exclusion of cookies may result in functional restrictions of this online offer. 

A general objection to the use of cookies for online marketing purposes for many services, in the case of tracking, can be declared on the American site http://www.aboutads.info/choices/ or the European site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by deactivating cookies in the browser settings. Please note that some functions of this online offer may become unusable in this case.

The data we process will be deleted or the processing will be restricted in accordance with the legal regulations. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer necessary for its intended purpose and there is no legal obligation to retain it. 

If the data is not deleted because it is necessary for other legally permitted purposes, its processing will be restricted. This means that the data will be blocked and will not be processed for other purposes. This applies to data that must be stored for commercial or tax reasons, for example.

We ask you to remain informed about the contents of our data protection declaration. We adapt the data protection declaration as soon as changes in our data processing make this necessary. We will notify you as soon as changes require your cooperation (e.g. consent) or another individual notification from you.

We process the data of our contractual partners and interested parties as well as other customers, mandators or contractual partners (hereinafter referred to as "contractual partners") in accordance with Art. 6 par. 1 lit. b GDPR to provide them with our contractual or pre-contractual services. The data processed as well as the type, scope, purpose, and necessity of their processing are determined by the contractual relationship. 

The data processed includes the master data of our contractual partners (e.g. names and addresses), their contact details (e.g. email addresses and telephone numbers) as well as contractual data (e.g. services used, content of the contract, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history). 

We do not process special categories of personal data unless they are part of ordered or contractual processing.

 We process the data necessary for the justification and execution of contractual services and mention the necessity of their indication, if this is not obvious to the contracting parties. Disclosure to external persons or entities is only made when required under a contract. When processing data entrusted to us within the framework of a mandate, we act in accordance with the client's instructions and the legal requirements. 

In the context of the use of our online services, we may record the user's IP address and connection time. They are stored based on our legitimate interests, as well as the interests of users in being protected against misuse and other unauthorised use. This data is not transmitted to third parties, unless this is necessary to assert our rights in accordance with Art. 6, par. 1, lit. f GDPR or there is a legal obligation to do so under Art. 6 par. 1 lit. c GDPR. 

The data is deleted when it is no longer necessary for the execution of contractual or legal protection obligations, or for the processing of possible guarantees and comparable obligations. The necessity of retaining the data is reviewed every three years; otherwise, legal retention obligations apply.

We process data in the context of the administrative and organisational tasks of our business, financial accounting, and compliance with legal obligations, such as archiving. The data processed in this context is the same as that which we process in the context of the provision of our contractual services. The basis for this processing is Art. 6, par. 1, lit. c GDPR and Art. 6, par. 1, lit. f GDPR. Customers, interested parties, business partners and website visitors are affected by this processing. The purpose and interest we have in this processing lies in administration, financial accounting, office organisation, data archiving, which is to say the tasks which serve to maintain our commercial activities, execute our tasks, and provide our services. The deletion of data relating to contractual services and contractual communication corresponds to the data specified in these processing activities. 

During these activities, we disclose or transmit data to tax authorities, advisors, in particular tax advisors or accountants, as well as other tax services and payment service providers. 

Furthermore, based on our business interests, we store information about our suppliers, agents, and other business partners, for the purpose of further contacts for example. This data, which mainly concerns our company, is generally stored for long periods.

When contacting us (e.g. via the contact form, by email, by telephone or via social media), the user's data is processed to respond to the contact request and to process it in accordance with Art. 6, par. 1, lit. b GDPR (in the context of contractual/pre-contractual relations), and Art. 6 par. 1, lit. f GDPR (other requests). The user data may be stored in a customer relationship management system (“CRM system”) or a similar request management system. 

We delete requests when they are no longer necessary. We review the necessity of this every two years; in addition, the legal archiving obligations apply.

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, sending emails, security services and technical maintenance. We use them for the purposes of operating this online service. 

We, or our host, process master data, contact details, content data, contract data, usage data, metadata, and communication data of customers, interested parties and visitors of this service online, based on our legitimate interests in the efficient and secure provision of this online service, in accordance with Art. 6 par. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a subcontracting contract).

We, or our host, collect data from each access to the server on which this service is located (data called serverlogfiles), based on our legitimate interests within the meaning of Art. 6 par. 1 lit. f GDPR. The access data includes the name of the website accessed, the file, date and time of access, the amount of data transferred, notification of successful access, the browser type and version, the user's operating system, the referring URL (the previously visited page), the IP address and the requesting provider. 

For security reasons (e.g. to elucidate misuse or fraudulent action), logfile information is stored for a maximum period of 7 days and then deleted. Data of which the retention is necessary for evidentiary purposes cannot be deleted until the incident in question has been definitively clarified.

Based on our legitimate interests (i.e. the analysis, optimisation, and economic operation of our online offer within the meaning of Art. 6 par. 1 lit. f GDPR), we use Google Analytics, a website analysis service of Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the user's use of the online offer is usually transmitted to a Google server in the United States and stored there. 

Google is certified under the Privacy Shield Agreement, which ensures compliance with European data protection law. 

Google uses this information on our behalf to evaluate users' use of our online services, to compile reports on the activities of this online service and to provide us with other services associated with the use of this online service and the Internet. Pseudonymous user profiles of the users can be created from the processed data. 

We only use Google Analytics if IP anonymisation is enabled. This means that the user's IP address is shortened by Google within member states of the European Union or in other signatory States of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. 

The IP address transmitted by the user's browser is not combined with other Google data. The user can refuse the use of cookies by selecting the appropriate settings in their browser; they can also refuse the collection by Google of data generated by the cookie concerning their use of the online offer, as well as the processing of this data by Google, by downloading and installing the browser-plugin available through the link: 

https://tools.google.com/dlpage/gaoptout?hl=fr 

For more information on Google's use of data, settings and objection options, please refer to Google's privacy policy and Google's advert display settings. 

Users' personal data is deleted or anonymised after 14 months.

We use Google Analytics in the form of “universal analytics”. “Universal Analytics” means a process of Google Analytics in which user analysis is carried out based on a pseudonymous user ID, thereby creating a pseudonymous profile of the user with information from the use of various devices (“cross- device tracking ").

As part of our online offer, and based on our legitimate interests (namely the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 par. 1 lit. f GDPR), we use content or service offers from third-party providers, in order to integrate their content and services such as videos or fonts (hereinafter uniformly referred to as “content”). 

This always assumes that the third-party providers of this content have knowledge of the user's IP address. Without this IP address, they would not be able to send the content to the user's browser. The IP address is therefore necessary for the presentation of this content. We strive to only use content of which the providers use the IP address solely for the delivery of that content. Third-party providers may also use “pixel tags” (invisible graphics also called “web beacons”) for statistical or marketing purposes. Pixel tags may be used to evaluate information such as visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and the operating system, referring websites, visiting times and other information. on the use of our website. It may also be correlated with such information from other sources.

We integrate maps from the “Google Maps” service of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The processed data may include the IP addresses and location data of users, which, however, are not collected without their consent (usually within the settings of their mobile devices). The data may be processed in the United States. Google Privacy Policy, Opt-out of Google personalised advertising.

We use Typekit typescripts from the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. .  Data protection declaration Opt-Out.

Based on our legitimate interests (i.e. the analysis, optimisation and economic operation of our online offer), we use the "Typekit" external typewritten fonts from the provider Monotype GmbH, Horexstraße 30, 61352 Bad Homburg, Germany.