Privacy policy

Privacy policy, status: 27.03.2025

Principle

In this Privacy Policy, we, QBIC AG (hereinafter “we”, “us”, “QBIC”), explain how we collect and process personal data in the course of our business activities, in particular personal data about customers, suppliers, business partners, professional and other associations, visitors to our websites, participants in events, recipients of newsletters and other bodies or their respective contact persons and employees. This is not an exhaustive description; other documents may regulate specific circumstances. Personal data refers to all information relating to an identified or identifiable person.
By browsing one of our websites, you consent to data processing (access data, services, cookies and the like).
We comply with the statutory provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA) and other data protection regulations, such as the General Data Protection Regulation of the European Union (hereinafter GDPR).
This privacy policy applies regardless of the domains or devices used (e.g. smartphone or desktop computer).
The data protection declaration is information about the type, scope and purpose of the use of personal data by us. It is a unilateral declaration that does not require the consent of the customer, supplier or other business partner. We therefore reserve the right to unilaterally change the content of the privacy policy at any time and without notice. It is recommended that you regularly consult our privacy policy on our website.

Handling of personal data

1. Consent to data processing by sending a request

By submitting a request, you consent to the processing of your personal data by us and agree to be contacted by us to process your request or order or otherwise via all possible communication channels (call to private mobile or landline number, e-mail to private mail account, SMS, messaging functions from social networks).

2. Information on order processing

2.1 A prerequisite for our goal-oriented activity is complete and correct information from the customer, supplier or other business partner about all relevant circumstances – including those that only arise in the course of a contractual relationship. We are also dependent on you providing all necessary documents in good time.

2.2 Unless you issue instructions to the contrary in individual cases or the circumstances clearly indicate otherwise, QBIC may exchange order-related information with employees and third parties involved.

3. Electronic communication / email

3.1 In the interest of rapid processing, we communicate regularly by email. Email communication is generally unencrypted,

3.2 On our website and in direct customer communication, we offer electronic contact options, including general e-mail addresses. If a person contacts us by email or via a contact form, the personal data transmitted will be stored. This serves to process the inquiry and document the communication. The storage also includes information provided voluntarily, e.g. from surveys.

Responsible body

QBIC AG is responsible for compliance with the applicable data protection regulations. If you have any data protection concerns, you can send them to the following contact address:

QBIC AG

In der Luberzen 40, 8902 Urdorf, Switzerland

info@qbic.ch

Collection and processing of personal data

We process personal data (data that directly or indirectly identifies natural persons) that we receive from you or third parties involved or that we collect ourselves in the course of initiating, implementing and processing a contractual relationship.

1. Establishment of contact/provision of contractual services

1.1 When you contact us (by telephone, in writing or by e-mail), your personal data will be processed for the purpose of handling the contact request and processing in connection with a specific service/order.

1.2 Personal data is stored in our Customer Relationship Management System (“CRM System”).

2. Collection of access data and log files

2.1 We collect data about every access to the web servers on the basis of our legitimate interests. The access data includes the name of the domain accessed, the date and time of access, the amount of data transferred, notification of successful access, language and version of the browser software, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

2.2 Log file information is stored temporarily for security reasons (e.g. to clarify acts of abuse or fraud) and deleted again after a reasonable period of time. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

3. File management

If you enter into a contractual relationship with us, we store all information arising from the contractual relationship in our ERP software and also store physical documents in the order dossier in paper form. Employees have access to the electronic and physical order dossier in accordance with the “need to know” principle. Original files are usually forwarded to you directly. You are responsible for storing them. There is no entitlement to the keeping or archiving of an order dossier.

4. Scope

We collect specific data from you in the course of a contractual relationship (possibly in preparation). This includes the following data in particular:

Basic data (such as name, gender, title, date of birth or company, registered office, etc.)
Contact details (address, private and business telephone number or private and business mobile number, private and business e-mail address, etc.)
Further order-specific information, which is usually provided directly by you, but may also originate from Internet research or data supplied by third parties, for example
If you provide personal data about a third party (e.g. via a contact person), it is your responsibility to inform the third party concerned about the processing by us.

Purposes of data processing and legal basis

When you make use of our services, use our website or otherwise deal with us, we obtain and process various categories of your personal data. In principle, we may obtain and process this data for the following purposes in particular:

Communication: We process personal data so that we can communicate with you and with third parties or authorities by e-mail, telephone, letter or other means (e.g. to respond to inquiries, in the context of contract initiation or processing). This also means that we may occasionally send you information about developments in our company. This may take the form of newsletters (electronically, by post or by telephone), for example. You can reject such communication at any time or refuse or revoke your consent to such communication.

Initiation and conclusion of contracts: With regard to the conclusion of a contract with you, we may in particular obtain and otherwise process your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g. contact persons), contract contents, date of conclusion, creditworthiness data and all other data which you provide to us or which we collect from public sources or from third parties.

Administration and processing of contracts: We obtain and process personal data so that we can comply with our contractual obligations towards you and other contractual partners (e.g. suppliers, external service providers or project partners) and, in particular, provide and demand the contractual services. This also includes data processing for the enforcement of contracts and accounting. For this purpose, we process in particular the data that we receive or have collected as part of the initiation, conclusion and execution of the contract as well as data that we create as part of our contractual services or that we collect from public sources or other third parties. This data may include, in particular, minutes of meetings, notes, internal and external correspondence, contractual documents and the like.

Operation of our websites: In order to operate our websites securely and stably, we collect technical data, such as IP address, information about the operating system and settings of your end device, region, time and type of use. We also use cookies and similar technologies.

Improvement of our electronic offerings: In order to continuously improve our website and other electronic offerings, we collect data about visitor behavior and preferences, for example by analyzing how visitors navigate through our website.

Registration: In order to use certain offers and services, you must register (directly with us or via our external login service providers). For this purpose, we process the data provided during the registration process.

Job application: If you apply for a job with us, we obtain and process the relevant data for the purpose of reviewing the application, carrying out the application process and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. In addition to your contact details and the information from the corresponding communication, we also process the data contained in your application documents and the data that we can additionally obtain about you, e.g. from job-related social networks, the Internet, the media and from references, if you consent to us obtaining references.

Other purposes: Other purposes include, for example, training and education purposes and administrative purposes (e.g. accounting). We may listen to or record telephone or video conferences for training, evidence and quality assurance purposes. In such cases, we will inform you separately.

Personal data may only be processed within the QBIC to the extent permitted by law. In principle, only such information may be collected and processed that is necessary for the fulfillment of operational tasks and is directly related to the purpose of processing.

Processing of personal data is only permitted if one of the following permissions applies, namely

with the consent of the data subject;
to fulfill customer requests;
if necessary for the initiation/fulfillment of a contract;
if a legal permit is available; or
where there is a legitimate interest, without the interests or fundamental rights and freedoms of the data subject prevailing.

Use of the website and other digital services such as cookies and the like

When using our website (including newsletters and other digital offers), data is generated that is stored in logs (in particular technical data). We may also use cookies and similar technologies to recognize website visitors, evaluate their behavior and identify preferences.

When you access and use our website, we automatically collect and store log data and device-specific information for a limited period of time. This information includes, among other things, specific information about how you use our website, the IP address, access data and access times, hardware and software information as well as device-specific and other similar information. We process this data on this basis and insofar as this is necessary for us to operate, maintain and improve our website.

Our websites use Google Analytics, a service provided by Google LLC, USA, which monitors and records the way our websites are used. Google Analytics does this by placing small text files called cookies on your computer or other device. Cookies record information about the number of visitors to these websites, the visits to the individual pages and the duration for which these websites are visited. This information is available in aggregated form and is not individually identifiable. This integration of Google Analytics is always carried out using anonymized IP addresses by shortening them within the EU/EEA. Google is subject to the CH-US and the EU-US Privacy Shield.

Our websites use plugins from the YouTube site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy

Data transfer to third parties and data transfer abroad

Your personal data will not be passed on, sold or otherwise transferred to third parties unless this is necessary for the purpose of contract processing or to fulfill our legal obligations or you have expressly consented to this. The categories of recipients include, among others:

External service providers;
Dealers, suppliers, auxiliary persons;
Business partners with whom we have to coordinate our services;
Domestic and foreign authorities and official bodies;
Industry organizations and associations.

We process and store personal data mainly in Switzerland, but potentially also in other European countries or around the world. If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection law (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.

Duration of storage of personal data

We process and store your personal data for as long as is necessary for the fulfillment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, execution to the termination of a contract) as well as beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data may be stored for the period in which claims can be asserted against our company (i.e. in particular during the statutory limitation period) and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes).

Data security

We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization and controls.

We would like to point out that certain IT services are used which may be associated with data security risks (e.g. e-mail or video conferencing).

Profiling

The personal data is not used for automated decision-making. We do not use personal data for profiling.

Rights of the data subject

You have the right to information, rectification, erasure, the right to restriction of data processing and otherwise to object to our data processing and to the disclosure of certain personal data for the purpose of transfer to another body (so-called data portability) within the scope of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR). Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke this) or require it for the assertion of claims. If you incur costs, we will inform you in advance.

You have the right to object on a case-by-case basis. You can object to the processing of your personal data at any time on grounds relating to your particular situation.

Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated.

The exercise of such rights generally requires that you clearly prove your identity (e.g. by means of a copy of your identity card, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact the controller (as specified in this privacy policy).

Every data subject also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

Applicability of the EU General Data Protection Regulation

We do not assume that the EU General Data Protection Regulation (“GDPR”) is applicable in our case. However, should this be the case in exceptional cases for certain data processing, this provision shall also apply exclusively for the purposes of the GDPR and the data processing subject to it.

We base the processing of your personal data in particular on the fact that

* it is necessary as described under “Purposes of data processing and legal bases” for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR;
* it is necessary for the purposes of the legitimate interests pursued by us or by third parties as described under “Purposes of data processing and legal bases”, in particular for communication with you or third parties, to operate our website, to improve our electronic offerings and registration for certain offerings and services, for security purposes, for compliance with Swiss law and internal regulations for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and for the protection of other legitimate interests (Art. 6 para. 1 lit. f GDPR);
* it is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
* you have separately consented to the processing, e.g. via a corresponding declaration on our website (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).

Changes & Miscellaneous

This privacy policy is valid from March 27, 2025 It may be amended by the seller at any time. Users are advised to consult this statement regularly.

This privacy policy is available in several languages. In the event of discrepancies or ambiguities between the language versions, the German version shall prevail.

***