This statement provides you with information on how we handle and protect personal data on our website.
We explain in this statement:
who processes personal data,
which personal data we process
the purposes for which we process personal data
the legal basis on which we process personal data
to whom we disclose personal data,
how long we store personal data,
whether you are obliged to provide us with personal data, and
what rights you have as a data subject in the European Union.
The Swiss Data Protection Act applies to our data processing. Under certain circumstances, the European General Data Protection Regulation may also apply, which we abbreviate to GDPR below.
Date of the last change: November 5, 2018
1. Who processes personal data?
The controller within the meaning of data protection law is:
If you have any questions or concerns about data protection, please contact:
2. Who processes personal data?
When you visit our website (www.areg.ch), our server creates a so-called log file. We collect and process the following data in this log file:
The IP address from which our website was accessed. This is a number used on the Internet to communicate on the Internet.
The date and time of access to our website.
HTTP protocol information, such as protocol type, protocol version, http requests, status codes, information on the transferred data. This is technical data that is generated during network traffic on the Internet.
Error messages that occurred during access.
The type and version of browser used by the user, as well as their operating system and the model of computer or mobile device.
The website from which the user accesses our website.
When you use our contact form, we collect and process the following data:
First name and surname
Date and time the message was sent
Message you are sending us
Our contact page uses a plugin from Google Maps. Google Maps is a map service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. When you access the contact page, your browser establishes a direct connection with the Google server and the map content is transmitted by Google directly to your browser. Personal data (including IP address, date and time of the visit, location data) may be transmitted to Google. We have no influence on the further processing of personal data by Google. Further information on the protection of privacy by Google can be found here.
3. Who processes personal data?
We collect and process personal data for the following purposes:
With reference to log files: we use this data to track and solve technical problems, to troubleshoot, to defend against attacks on our infrastructure, to support analysis in the event of a hacker attack and to compile visitor statistics for our website. We do not use this data for direct marketing, profiling or automated decisions in individual cases.
With reference to contact form data: We use this data to understand your described request and to contact you regarding it. We do not use this data for direct marketing, profiling or automated decision-making in individual cases.
4. On what legal basis do we process your personal data?
If the GDPR applies to the processing of your personal data, we must provide you with the legal basis for data processing at this point.
We collect and process personal data on the following legal bases:
With regard to log files: We may process the data because we have a legitimate interest in accordance with Article 6(1)(f) GDPR. This consists of tracking and solving technical problems, finding errors, fending off attacks on our infrastructure, preparing analyses in the event of a hacker attack and compiling visitor statistics. With reference to contact form data. The contact form may contain personal data about our customers as well as about third parties.
If the data relates to the customer: We may process the data as this is necessary pursuant to Article 6(1)(b) GDPR for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract.
If the data does not relate to the customer: We may process the data because we and our customers have a legitimate interest in accordance with Article 6(1)(f) GDPR. This consists of offering, providing and invoicing services to our customers in the area of the share register and the General Meeting.
With regard to cookies: We may process the data because we have a legitimate interest pursuant to Article 6(1)(f) GDPR. This is to ensure the security and functionality of our website and to offer you a pleasant user experience on the website.
5. To whom do we disclose your personal data?
We disclose personal data to the following persons:
to processors who process personal data on our behalf, in particular IT service providers.
6. Do we transfer your personal data to third countries?
All our processors (e.g. IT service providers) process personal data in Switzerland. The Swiss Data Protection Act provides an adequate level of data protection. You can access the European Commission's adequacy decision here.
We reserve the right to transfer data to third countries in connection with the use of social plugins (see section 2.1). Google is a member of the Privacy Shield and thus offers an adequate level of data protection in accordance with the GDPR and Article 6(1) of the Swiss Data Protection Act. You can access the European Commission's adequacy decision here and the guidelines on the Privacy Shield from the Federal Data Protection and Information Commissioner here.
7. How long do we store your personal data?
We store personal data as follows:
With reference to log files: the data remains on our systems until it is no longer required for operational purposes and the legally or contractually stipulated periods have expired, after which it is automatically deleted. The maximum storage period for most data is one year.
With reference to data from the contact form: We delete the data from the contact form after we have processed your request.
With regard to cookies: Most of our cookies are deleted after the session between your browser and our server has ended. Certain cookies for saving user settings (e.g. language settings) are deleted after one year.
8. Do I have to provide my personal data?
In order for us to provide you with our services, you must provide us with at least the following data: Your contact and billing details.
9. What rights do you have as a data subject in the European Union?
If your personal data is processed and the GDPR is applicable, you have the following rights vis-à-vis us:
Right to information. You can request confirmation from us as to whether we process personal data concerning you. If so, you can request information from us about this personal data and the following information:the purposes for which we process it
the categories of personal data that we process
the recipients or categories of recipients to whom the personal data have been or will be disclosed
the planned duration of storage of the personal data or, if specific information on this is not possible, criteria for determining the duration of storage
the existence of a right to rectification or erasure of personal data, a right to restriction of processing or a right to object to such processing
the existence of a right to lodge a complaint with a supervisory authority
any available information as to the source of the data if the personal data are not collected from the data subject
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
Right to rectification. You have a right to rectification and/or completion if the processed personal data is incorrect or incomplete. We must carry out the rectification without undue delay.
Right to restriction of processing. Under the following conditions, you may request the restriction of the processing of your personal data:if you contest the accuracy of the personal data for a period enabling us to verify the accuracy of the personal data;
if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
if we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
if you have objected to the processing and it is not yet certain whether our legitimate reasons outweigh your reasons.
If the processing of personal data has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of one of its Member States.
If the restriction of processing has been lifted in accordance with the above conditions, we will inform you when we lift the restriction.
Obligation to erase. You may request that we erase the personal data without undue delay and we are obliged to erase this data without undue delay where one of the following grounds applies:
The personal data are no longer necessary for the purposes for which we collected or otherwise processed them.
You object to the processing and there are no overriding legitimate grounds for the processing.
The personal data has been processed unlawfully.
The right to erasure does not exist if the processing is necessary for the establishment, exercise or defence of legal claims.
Right to information. If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom the personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
Right to object. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data that we process on the legal basis of a legitimate interest.
In this case, we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Right to lodge a complaint with a supervisory authority. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data infringes the GDPR. You can find a list of supervisory authorities here.