Data Privacy Statement


1. Introduction


Below, we would like to inform you, among other things, who is responsible for processing your data, what data we collect in connection with your visit to our website and the use of our services, the purposes we process this data for, and to whom we may possibly forward it. Also, we would like to inform you about the duration of the processing of your data, the legal basis for the processing (where such is required), as well as the rights you may have in relation to the processing of your data by us. This data privacy policy applies to all data already available to us as well as to those that will be available to us in the future. Please note that we may amend this privacy policy from time to time. The current version published on our website shall apply.


Personal data includes all information relating to an identified or identifiable individual (hereinafter “personal data”). This includes, in particular, information such as name, address, telephone number, e-mail address and, in certain circumstances, IP addresses and device IDs. For the purposes of this privacy policy, the term “data” includes personal data as well as non-personal and anonymized data. “Processing” means any handling of data, regardless of the means and procedures used, in particular the collection, storage, use, modification, disclosure, archiving or deletion of data (hereinafter “processing”).


If you provide us with personal data of other individuals, please make sure these individuals are aware of this privacy policy and only share their personal data with us if you are authorized to do so under the applicable data privacy law.


2. Name and Address of the Controller


The controller responsible for data processing in accordance with this privacy policy is:


BOHEST AG

Holbeinstrasse 36

4051 Basel

Switzerland


+41 61 295 57 00

Send e-mail


3. Categories of Data Processed


When you visit our website, use our services or contact us, we collect certain data. As a rule, we collect this data directly from you. The personal data we process may include the following:


  • Data collected or disclosed when visiting our website or using our services. This includes, among other things, the IP and MAC address or device ID of the device used, cookies, pages accessed and search terms entered, entries in dialogue boxes, ratings, time and duration of visits, clicks, referrer/exit URLs, details regarding time of use, browser and device type, operating system and internet service provider used, and data volume transferred.
  • Data exchanged during or in connection with the contact with us, such as communication via letter, telephone, e-mail, contact form, etc. (in particular name, contact details, gender, marital status, date of birth, job title, photo, employees, language, payment information).
  • Data (in particular e-mail address and name) provided when subscribing to a newsletter or downloading files (e.g. software).
  • Data provided when creating a client account (in particular username, password, payment method selected, and delivery address).
  • Data relating to offers and concluded contracts (e.g. date, type, content, product, parties, duration, value, amendments, payment details, contact information, contact persons, invoicing and correspondence addresses, client feedback, cancellations, disputes, etc.).
  • Data disclosed when using the comment function (in particular e-mail address, the username you choose in case you do not post anonymously, as well as your IP address).
  • Data you provide when participating in surveys and similar activities.


The above data is not always personal data. Generally, data generated when using our services without registration (e.g. for a newsletter) cannot be attributed to a specific individual. In certain cases, however, such attribution may be possible when combined with other data.


We would like to draw your attention to the fact that information provided in connection with the use of the contact form or the comment function may include particularly sensitive data (such as health data), which you may provide voluntarily.


4. Purposes of Processing


To the extent permitted by the applicable law, we process personal data in particular for the following purposes:


  • Initiation, conclusion, performance and processing of contracts, particularly within the scope of client relationships;
  • Provision, further development and improvement of our services, development of new offerings, operation, maintenance, optimization and ensuring the security of our systems and infrastructure;
  • Management of users and contact persons, identity checks, logins and other authentication procedures;
  • Maintenance, administration and expansion of our client relationships, communication with clients, business partners, counterparties, authorities and third parties;
  • Implementation of promotions, marketing activities and events, provision of personalized content and information;
  • Quality assurance, internal training and preparation of evaluations (e.g. statistics, reports);
  • Compliance with legal, regulatory and professional obligations, including internal policies;
  • Legal enforcement and participation in civil, administrative or criminal proceedings, handling of complaints and responses to enquiries from authorities and governmental bodies;
  • Processing of personal data from correspondence with third parties, namely clients, counterparties, courts, authorities and their employees or other contact persons (e.g. name, contact details, role within the organization or employment relationship);
  • Obtaining publicly accessible information, for example from commercial registers, official publications or websites.


5. Legal Basis


We use personal data for the above purposes on the following legal basis, to the extent required under the applicable data privacy law:


  • Performance of a contract;
  • Compliance with legal obligations;
  • Consent given to us or to third parties;
  • Legitimate interests of us or of third parties, in particular:
  • Offering and providing services;
  • Advertising and marketing;
  • Maintaining contact and communication with users;
  • User management, identity checks, logins;
  • Compliance with legal and regulatory obligations, legal enforcement, civil, administrative and criminal proceedings, complaints, investigations and responses to enquiries from authorities.


6. Disclosure and Transfer of Data


We may disclose and transfer data as follows:


Data Processors

We may engage third parties to provide certain services (e.g. in IT, operation of applications, administration, dispatch, etc.) and to process and store data (“data processors”). Data processors may have access to personal data and may process it on our behalf. We require them to comply with data privacy law and to process data only in the manner we do it ourselves.


Data processors that may receive personal data may be located in any country, particularly in Switzerland, EU/EEA states and the USA.


Contractual Partners

We may transfer data to contractual partners (e.g. distribution partners, service providers, financial institutions, etc.). This may occur, for example, for the fulfilment of contractual obligations, the provision of specific services, debt collection and marketing purposes, analysis of use and operation of our services, systems and infrastructure, and for payment processing.


Possible recipients may also include purchasers or potential purchasers of business units, companies or parts thereof. Contractual partners may access personal data and process it for their own purposes (for example, for contract performance or compliance with their own legal obligations). They are themselves required to comply with applicable data privacy laws. Contractual partners who may receive personal data may be located in any country, particularly in Switzerland, EU and EEA states and the USA.


In the course of our legal practice, we also disclose personal data to foreign agents, clients, counterparties and their legal representatives – particularly when asserting rights or claims on your behalf, or when communicating within a client relationship. Business partners with whom we coordinate or jointly provide services may also obtain access to your data.


In certain situations, we may disclose data to authorities, government bodies and other third parties. We do so where officially requested or where, in our assessment, we are obliged to do so.


7. Retention Period


We store personal data as long as necessary for the purpose for which it was collected. Certain personal data is subject to legally binding retention obligations, which we comply with. Personal data generated in connection with the use of our services (e.g. protocols, logs, analyses, etc.) and not subject to such retention or limitation periods is generally deleted earlier, once we do no longer have an interest in processing it.


Data may be retained for longer in anonymized form. Unless expressly agreed otherwise by contract, we are not obliged to retain data for a specific period.


8. Data Security


We apply appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties.


Our security measures are continuously improved in line with technological developments.


9. Your Rights (Data Subject Rights)


Every data subject has the right to obtain information about the personal data relating to them. They also have the right to request rectification, deletion and restriction of the processing of their personal data, as well as to object to such processing. Exercise of such rights generally requires clear proof of identity.


If the processing of personal data is based on consent, the data subject may withdraw that consent at any time. In certain cases, the data subject has the right to receive the data generated when using online services in a structured, commonly used and machine-readable format that allows further use and transfer. Requests relating to these rights should be addressed to the address mentioned above.


We reserve the right to restrict data subject rights in accordance with the applicable law and, for example, not to provide full information or not to delete data. Furthermore, we draw your attention to the fact that deleting your personal data may mean that services can no longer be provided or used in full or in part.


We note that the exercise of certain rights may affect existing contractual agreements, for example leading to limitations in the use of our services or to early termination of contracts, and may involve costs. In such instances, we will inform you in advance unless already contractually governed.


Every data subject has the right to lodge a complaint with the competent data privacy authority. In the case of a controller in Switzerland, this is the Swiss Federal Data Protection and Information Commissioner. For a controller in the Principality of Liechtenstein, the competent authority is the Liechtenstein Data Privacy Office.


10. Cookies, Web Analytics and Tracking Tools


We may use various common technologies to collect, store and evaluate data when you visit our website and use our services. These include, in particular, cookies that can identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser used.


When you revisit a service, it can recognise your browser or device using the cookie. Cookies can store user settings and other information. We may use session cookies. These may be necessary to provide basic functionalities of the services and may be deleted automatically after using our services. In addition, we may use temporary and permanent cookies that remain stored on your computer or mobile device for longer. The information collected via cookies enables us to improve our website and services in line with customer needs and to offer you tailored content.


You may block or delete the use of cookies in your browser settings. Please note that if cookies are not permitted, certain functions of a service may not be fully available, and that deleting cookies may also delete any opt-out cookies you have set. Such opt-out cookies would need to be reactivated upon revisiting the respective service.


Otherwise, you will be recognized as a new user and your data will be collected again.


In addition to cookies, we may use web analytics and tracking tools to measure and evaluate the use of our website and services, to personalize services, and to display tailored offers and advertising. The terms of use and privacy policies of the respective third-party providers apply to the data processing carried out by such tools.

11. Integration of Third-Party Services


We integrate services and content from third parties on our website, which may enable you to interact with such third parties. For this purpose, any data provided may be transferred to these third parties for the processing and execution of the respective service or may be processed directly by them.


Please note that the terms of use and privacy policies of these third parties apply to their respective data processing activities.


Version 1.0.0