1. Scope and persons responsible
We process personal data in accordance with the provisions of the Swiss Data Protection Act (hereinafter ‘DPA’) and, where and to the extent applicable, the EU General Data Protection Regulation (hereinafter ‘GDPR’). If we deem it appropriate, we may issue further privacy policies in complement to this policy.
The name and address of the data processor are:
Phone: +41 71 757 14 14
Please address any queries on data protection to Soplar at the address above.
2. Origins and categories of data
We primarily process the personal data that we receive or gather as part of our business activity from our clients, interested parties, website visitors, suppliers, buyers and other business partners. In parallel, we may also process personal data that we have obtained from sources in the public domain (e.g., websites or public registers, such as the Commercial Register). Finally, we may also receive your personal data from our business partners, official bodies and authorities, or other third parties.
In particular, the personal data we process includes, depending on the situation, personal details and contact details (e.g., name, address, gender, date of birth, phone number, and email address), delivery address, financial information for payment purposes (e.g., bank details), data on the usage of our website (e.g., IP addresses) and information of any nature on your correspondence, contact and interaction with us.
3. Purpose of and legal basis for processing Generally as part of our business activity
We primarily process your personal data for those purposes that are necessary in connection with our business activity and the performance of our services. In this regard, we process your personal data for the following purposes in particular:
- to communicate with you, especially to provide you with information or to process your requests. If you contact us via email/the contact form, you authorise us to reply to you via the same channel. Please note that emails are transmitted via public internet in an unencrypted form; therefore, it cannot be ruled out that they may be viewed, accessed and manipulated by third parties. We shall not be liable – to the extent permitted by law – for any loss or damage suffered by you in the event of defective transmission, counterfeit content, or network disruptions (interruptions, overloads, unauthorised access or blocking);
- to provide you with our services and our website, and to evaluate and improve them;
- to be able to deliver our products to you;
- to be able to organise events and training programmes;
- to administer our business relationship with you (including invoicing);
- to inform you of any new developments or send you any other information about our products and services;
- for IT and building security measures (e.g., access control, visitor lists, network and email scanning and telephone records);
- to enforce legal claims and mount a defence in connection with any legal disputes and official proceedings;
- to meet our legal obligations in Switzerland and abroad.
We process your personal data for the purposes set out above, depending on the situation, on the following legal bases in particular:
- processing your personal data is required for the performance of a contract with you;
- you have granted your consent for your personal data to be processed;
- processing your personal data is required to meet a legal obligation;
- processing is required to protect essential interests of the person concerned or another natural person: or
- we have a legitimate interest in processing your personal data.
If you work with us as a sponsor, we may process your personal data for the following purposes in particular:
- for processing sponsoring services (including invoicing and payment processing);
- for administering and promoting sponsors;
- for documentation and reporting on our websites.
When processing your personal data for the purposes listed above, we rely on the following legal bases, depending on the situation, in addition to the legal bases set out in Sect. 3.1:
- processing your personal data is required for the performance of a contract with you;
- you have consented to your data being processed;
- we have a legitimate interest in processing the personal data gathered by us. Our legitimate interests consist in particular in administering, improving, and advertising our sponsoring offers.
3.3 Visits to our websites
You do not have to disclose any personal data in order to visit our websites. However, every time a website is loaded, the server does gather a range of user information, which is temporarily stored in the server’s log files. The information gathered includes the IP address, the date and time of access, the time difference from the GMT time zone, the name and URL of the file loaded, the website from which access was gained, the browser used, and the operating system used.
When this general information is used, it is not attributed to any specific person. Gathering this information and data is necessary from a technical perspective in order to display our websites to you and to guarantee their stability and security. This information is also gathered to improve the websites and analyse their use. The legal basis for temporarily saving information and log files is constituted by our legitimate interest in providing you our websites at a sufficient level of quality and being able to improve those websites on an ongoing basis.
3.4 Contact form and email
You can contact us via the contact forms on our websites. The personal data you send to us will be saved and used to respond to your request. The legal basis for this personal data processing is constituted by your consent and our legitimate interest in processing your request.
Our business customers can request a user login from Soplar, enabling them to contact our support team via our help desk and to access the catalogues and guides available in our customer centre. One mandatory item of information when applying for a user login is your email address.
We use this personal data for the following purposes in particular, in addition to the processing purposes set out in Sect. 3.1:
- for verifying and allocating the user login and opening your user account, as well as for handling any enquiries you send us in connection with your user account;
- for providing our customer centre and our support hotline, as well as for handling any enquiries you send us in connection with our customer centre and our support hotline.
The legal bases for this data processing are the performance of a contract with you, your consent, and our legitimate interest. Our legitimate interest consists, in particular, in ensuring you can access our customer centre and our support hotline.
Our websites may use ‘cookies’. Cookies are text files saved in the internet browser or by the internet browser on the user’s computer system or mobile end device. Each cookie contains a distinctive string of characters that allows the browser or the mobile end device to be clearly identified the next time the website or app is visited.
On our website, we use only those cookies that are technically necessary to ensure our website continues to function. These cookies typically indicate important actions, such as the number of enquiries made, the processing of your data protection settings, and the filling out of forms. Although you can block these cookies in your browser, certain parts of our website may no longer work for you as a result.
The legal basis for data processing when using technically necessary cookies is our legitimate interest, which lies primarily in ensuring the functionality and the continual improvement of our website.
You may object to cookies being used, either (i) by choosing the corresponding settings in your browser; or (ii) by using appropriate cookie-blocking software (e.g., Ghostery, etc.).
3.7 Google reCAPTCHA
Google reCAPTCHA is designed to ensure that our websites are used by natural persons only. This prevents misuse by computer programs to the greatest extent possible. For this purpose, Google reCAPTCHA analyses various information, e.g., the IP address of the querying end device, or the interaction with and time spent on the website.
The legal basis for the processing of your data in connection with Google reCAPTCHA is our prevailing legitimate interest in creating an appropriate level of data security, particularly in order to avoid attacks, misuse, and spam.
3.8 Social media plugins
We may use the social media plugins set out in the table below on our websites. We use a ‘two-click solution’, whereby, in principle, no personal data is transferred to the provider of the plugins when you initially visit our websites. Only if you click on the marked plugin field to activate the plugin will the plugin provider receive the information that you have visited our website. The data set out in Sect. 3.3 of this statement is also transferred. The legal basis for the processing of your data in connection with social media plugins is our legitimate interest in allowing the use of social media plugins by our users.
|Plugins||Providers and privacy policies|
|LinkedIn Ireland Unlimited Company
|Meta Platforms Ireland Limited
|Meta Platforms Ireland Limited
|New Work SE
You may apply for a position with us by post, via the email addresses listed on our websites, or via the contact form provided. Application documents and any personal data disclosed to us therein will be handled in strict confidentiality, will not be passed on to any third parties, and will be processed solely for the purpose of handling your application for a position with us. Unless you consent to the contrary, your application file will either be returned to you or destroyed after the application process is complete, unless there is a statutory duty to conserve it. The legal bases for processing your data is constituted by your consent, the performance of the contract with you, and our legitimate interests.
4. Disclosing personal data to recipients and abroad
4.1 Disclosing personal data to recipients
- other companies associated with Soplar;
- providers to which we have outsourced certain services (e.g., IT and hosting providers, photographers, payment service providers, banks, insurers, etc.);
- distributors, suppliers, subcontractors, and other business partners;
- Swiss and foreign authorities, official bodies or courts.
4.2 Disclosing personal data abroad
As a matter of general principle, we process your personal data in Switzerland. However, it may be, in certain circumstances (e.g., when having recourse to specific service providers or when using specific software applications), that your personal data may also be transferred abroad, predominantly to the Member States of the European Union and the European Free Trade Association (EFTA), although partially also to other countries worldwide.
If we transfer data to a country without an appropriate statutory level of data protection, we will use corresponding contractual agreements as stipulated by law (based of the European Commission's ‘standard contractual clauses’) to ensure an adequate degree of protection, or we will rely on the statutory exceptions to consent; contract execution; the determination, exercise, or implementation of legal claims; prevailing public interests; published personal data, or because it is necessary to protect the integrity of the persons concerned.
5. Retention period
We process and save your personal data only for as long as necessary for the relevant processing purpose or where there is another legal basis (e.g., a statutory retention period) for doing so. We will retain personal data that we hold as a result of a contractual relationship with you for as long as that contractual relationship persists and there are statutes of limitations for potential claims from us or there are contractual retention periods. As soon as your personal data is no longer required for the abovementioned purposes, it will, as a matter of principle and to the extent possible, be set to passive, deleted, or anonymised.
6. Your rights
As part of the data protection law applicable to you and to the extent stipulated thereunder, you have the right of access to, the rectification of, and the erasure of your personal data. You also have the right to restrict the processing of your personal data and to object to our processing of the data or disclosure of certain personal data for the purpose of transferring it to another body ('data portability’). Please note, however, that we reserve the right to apply the restrictions stipulated by law, such as where we are under an obligation to retain or process certain data, where we have a predominant interest in doing so (if we are entitled to seek to avail ourselves of such an interest) or if we need to do so in order to enforce any claims. If this will result in you incurring any costs, we will inform you in advance.
Where data processing is based on your consent, you may revoke that consent at any time after you have given it, with effect for the future. The legality of the processing carried out based on your consent before you revoked it will not thereby be affected.
Furthermore, any person concerned has the right to enforce their rights judicially or to submit a complaint to the responsible data protection authority. The responsible data protection authority for Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).
7. Data security
We take technical and organisational measures to protect your personal data against unauthorised access, misuse, loss, and destruction. In particular, we set up firewalls, logging and encryption, have authorisation concepts, regularly organise training sessions, and have implemented additional protective measures to ensure that your personal data is protected with as few loopholes as possible.