Data protection statement

November 10th, 2023


The protection of your personal data is important to us. We therefore conduct our activities in accordance with the applicable legal provisions on the protection of personal data and data security. We would like to inform you below about what data we as the HUBER+SUHNER Group collect and use from you as customers, suppliers and website visitors and for what purposes. 

This Data Protection Statement is designed to comply with the Swiss Federal Data Protection Act (FDPA) and the EU General Data Protection Regulation (GDPR). The latter is the standard for data protection throughout the HUBER+SUHNER Group.

Data controller for processing in accordance with the GDPR

The data controller within the meaning of the GDPR and other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:  


HUBER+SUHNER AG 

Degersheimerstrasse 14  

9100 Herisau  

Switzerland 

www.hubersuhner.com 

Telephone number +41 44 952 22 11  

Representative of the data controller according to Art. 27 GDPR is: 

HUBER+SUHNER GmbH 

Mehlbeerenstraße 6  

82024 Taufkirchen 

Germany

The respective HUBER+SUHNER Group company is responsible for the processing if the data collection takes place outside the website. All HUBER+SUHNER Group companies are obliged to comply with data protection on the basis of an Intercompany Group Data Transfer Agreement. A list of all HUBER+SUHNER companies can be found under the following link: 

The HUBER+SUHNER Group has not appointed a data protection officer, with the exception of the Group companies in Germany. The data protection officer within the meaning of Art. 37 GDPR of HUBER+SUHNER GmbH, HUBER+SUHNER Cube Optics AG and HUBER+SUHNER BKtel GmbH is Nils Möllers, Siemensstraße 12, 48341 Altenberge, info@keyed.de, +49 2505 639797.

What is personal data?

The term personal data is defined in national data protection laws and in the GDPR. According to the GDPR, this is individual information about personal or factual circumstances of an identified or identifiable natural person. This includes, for example, your civil name, your address, your telephone number or your date of birth.

Scope of anonymous data collection and data processing

Unless otherwise stated in the following sections, no personal data is collected, processed or used when you use our websites. However, through the use of analysis and tracking tools, we obtain certain technical information based on the data transmitted by your browser (e.g. browser type/version, operating system used, websites visited on our site including length of visit). We only analyse this information for statistical purposes.

Relevant legal bases for the processing of personal data

  1. Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) of the GDPR serves as the legal basis for the processing of personal data. 
  2. When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. 
  3. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis. 
  4. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) GDPR serves as the legal basis.
  5. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing.

Use of cookies 

The Internet pages of HUBER+SUHNER AG use cookies. Cookies are data that are stored by the Internet browser on the user's computer system. The cookies can be transmitted to a page when it is called up and thus enable the user to be identified. Cookies help to simplify the use of websites for users. 

It is possible to object to the setting of cookies at any time by changing the settings in the Internet browser accordingly. Cookies that have been set can be deleted. Please note that if cookies are deactivated, it is possible that not all functions of our website can be used to their full extent. The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal user data. When accessing our website, users are informed about the use of cookies by an information banner and referred to this Data Protection Statement. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a) GDPR if the user has given consent to this. To find out whether and to what extent cookies are used on our website, please refer to our cookie banner and our information in this Data Protection Statement. We use the CookieScript service from Objects Ltd., Laisves st. 60, LT-05120, Lithuania, to display the cookie banner. CookieScript sets technically necessary cookies. The legal basis for setting these cookies is Art. 6 para. 1 lit. c) GDPR, as we are legally obliged to implement a cookie banner that complies with data protection regulations.  Further information on data protection at CookieScript can be found at: 

Creation of log files

HUBER+SUHNER AG uses an automated system to collect data and information each time the website is accessed. This data is stored in the log files of our server. The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. 

The following data may be collected:  

  1. Information about the browser type and version used 
  2. The user's operating system 
  3. The user's internet service provider 
  4. The IP address of the user 
  5. Date and time of access 
  6. Websites from which the user's system accesses our website (referrer) 
  7. Websites that are accessed by the user's system via our website

Duration of storage of personal data

Personal data is stored for the duration of the respective statutory retention period. After this period has expired, the data is routinely deleted unless it is required for the initiation or fulfilment of a contract. 

Routine erasure and blocking of personal data 

The data controller processes and stores personal data of the data subject only for as long as is necessary to achieve the purpose of storage. Data may be stored beyond this period if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. As soon as the storage purpose no longer applies or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or erased.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller: 

Possibility to contact us

Contact forms are available on the HUBER+SUHNER AG website which can be used for electronic contact. Alternatively, contact can be made via the e-mail address provided for the data controller/above. If the data subject contacts the data controller via one of these channels, the personal data transmitted by the data subject is automatically stored. The data is stored solely for the purpose of processing or contacting the data subject. The contact details are automatically forwarded to our CRM system in order to initiate processing by the responsible employee. The legal basis for the processing of the data is Art. 6 para. 1 lit. a) GDPR if the user has given consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f) GDPR. We have a legitimate overriding interest in that we process your personal data as contact data in the context of product enquiries in order to determine suitable offers and information for you. We therefore have an overriding legitimate interest in processing your personal data as contact data for both pre-contractual and contractual purposes for your company. The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended and no retention periods prevent deletion. The conversation has ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified, in particular that the business relationship with the company in whose name the contact was made has ended.

Categories of recipients

Where permitted or required by law or where you have given your consent, we also share your personal data with other recipients who provide services for us. We limit the disclosure of your personal data to what is necessary. In some cases, our service providers receive your personal data as data processors and are then strictly bound by our instructions when handling your personal data (data protection agreements in accordance with Art. 28 GDPR). In some cases, the recipients act independently with your data that we transfer to them. The following categories of service providers/recipients may receive your data 

  • Providers of email marketing software via newsletters 
  • Providers of hosting services for the operation of our servers 
  • Providers of e-commerce platforms 
  • Providers of business spend management platforms 
  • Service providers in the area of applications to support the selection of applicants 
  • Service providers for development work, including programming, development, maintenance and support of software applications 
  • Service providers for postal services 
  • Enterprise resource planning system (ERP) providers 
  • Provider of contract databases 
  • Customer Relationship Management System (CRM) providers
  • External legal advice 
  • Marketing agencies/ website support 
  • Other IT service providers (e.g. system houses) 
  • Other services and tools

The service providers commissioned by us must fulfil strict confidentiality requirements. They are only given the necessary access to your data in order to fulfil the assigned tasks. 

In the event of suspicion of a criminal offence, data may be passed on to law enforcement authorities.

The conversation has ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified, in particular that the business relationship with the company in whose name the contact was made has ended.

Integration of other third-party services and content

Description and purpose 

Third-party content, such as videos, fonts or graphics from other websites, may be integrated into this online offering. This always presupposes that the providers of this content (hereinafter referred to as "third-party providers") recognise the IP address of the user. Without the IP address, they would not be able to send the content to the respective user's browser. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence on whether the third-party providers store the IP address, e.g. for statistical purposes. Insofar as we are aware of this, we will inform users of this. We would like to provide and improve our online offering through these integrations.  


Legal basis 

The legal basis for the integration of other third-party services and content is Art. 6 para. 1 lit. a) GDPR. However, Art. 6 para. 1 lit. f) GDPR can also be used as a legal basis. Our overriding legitimate interest lies in the intention to present our online presence accordingly and to provide user-friendly and economically efficient services on our part. Further information can be found in the respective data protection information of the providers. 


Right of cancellation and objection 

You have the right to withdraw your consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons and is effective for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal. 

If the legal basis is our overriding legitimate interest, you also have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. 

Further information on your rights can be found above in our Data Protection Statement under "Rights of data subjects".


Contractual or legal obligation for the provision of personal data 

There is no contractual or legal obligation to provide the data. However, failure to provide this data may mean that you will not be able to use the relevant function or will not be able to use it to its full extent.


Data transfer to third countries 

The data controller may transfer personal data to a third country. In principle, the data controller can provide various suitable guarantees to ensure that an adequate level of protection is established for the processing operations. It is possible to transfer data on the basis of an adequacy decision, internal data protection regulations, approved codes of conduct, standard data protection clauses or an approved certification mechanism pursuant to Art. 46 para. 2 lit. a) - f) GDPR. 


If the data controller carries out a transfer to a third country on the legal basis of Art. 49 para. 1 a) GDPR, you will be informed at this point about the possible risks of a data transfer to a third country.


There is a risk that the third country that receives your personal data may not have an equivalent level of protection compared to the protection of personal data in the European Union. This may be the case, for example, if the EU Commission has not issued an adequacy decision for the respective third country or if certain agreements between the European Union and the respective third country are declared invalid. Specifically, there are risks in some third countries with regard to the effective protection of EU fundamental rights through the use of surveillance laws (e.g. USA). 

In such a case, it is the responsibility of the data controller and the recipient to assess whether the rights of the data subjects in the third country enjoy an equivalent level of protection as in the Union and can also be effectively enforced.


However, the level of protection for natural persons guaranteed by the GDPR must not be undermined when personal data is transferred to controllers, data processors or other recipients in third countries or to international organisations, even if personal data is transferred from a third country or from an international organisation to controllers or data processors in the same or another third country or to the same or another international organisation.


An adequacy decision (EU-US Data Privacy Framework) has been in place for the USA since 10 July 2023. However, data transfers can only be based on this adequacy decision if the US company receiving the data is certified in accordance with the EU-US Data Privacy Framework. In addition, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons to ensure the protection of personal data.

Newsletter

If you subscribe to the HUBER+SUHNER newsletter, the data in the respective input mask will be transmitted to the data controller. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people's e-mail addresses. When you register for the newsletter, the date and time of registration are saved in our CMS. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to unauthorised third parties. However, data required for the purpose of sending the newsletter may be transmitted to corresponding service providers. There is also an exception if there is a legal obligation to pass on the data. Subscription to the newsletter can be cancelled by the data subject at any time. A corresponding link can be found in every newsletter for this purpose. Consent to the storage of personal data can also be revoked at any time. The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 para. 1 lit. a) GDPR if the user has given consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 para. 3 UWG. 

Further functions of the website

Use of the online shop

As a user of our website, you have the option of registering for our online shop in the associated customer portal.  

By registering for the HUBER+SUHNER online shop, you create a user profile in our CRM system. During registration, the user's IP address and the date and time of registration are stored. In addition, we use cookies to ensure the functionality of the online shop. This includes collecting user data for the purpose of authenticating access. This also enables us to provide you with a profile view of your instance and to guarantee the core functionalities of the online shop. Otherwise, we use this data to provide you with the product search and various e-commerce, ordering and quality processes.


The data is stored exclusively for internal use at HUBER+SUHNER and may be passed on to external service providers - currently in particular to our ERP system as soon as an order is triggered. The data will not be passed on to unauthorised third parties.


Legal basis 

The legal basis for the processing of your personal data is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. We have a legitimate overriding interest in that we process your personal data in the online shop to enable you to place an order for your company. The processing thus serves to implement pre-contractual and contractual measures with customers.


Transfer to third countries 

By using the service, personal data may be transferred to a third country. In the event of a transfer of personal data, the provider ensures the level of protection of the GDPR by complying with Art. 44 et seq. GDPR. If there is no adequacy decision with the third country in which the data importer is based or, in the case of a transfer to the USA, a provider does not have certification in accordance with the EU-US Data Privacy Framework, the transfer is subject to other suitable guarantees.  


Duration of data storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In addition, the data will be deleted if you withdraw your consent or request the deletion of your personal data. An exception applies if there is a legal obligation to retain the data. Further information on the storage period of cookies can be found in the cookie banner.  


Objection 

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f), therefore you have the right to object to the processing of your personal data at any time in accordance with Art. 21 para. 1 GDPR. If you exercise your right, processing for this purpose will no longer take place. Further information on this can be found above in our privacy policy under "Rights of data subjects".


Contractual or legal obligation 

There is no contractual or legal obligation to provide the data. However, failure to provide this data may mean that you will not be able to use this service or will not be able to use it to its full extent.

Use of customer data

What is customer data? 

Customer data within the meaning of our Data Protection Statement is personal data of employees of our customers, suppliers, service providers, distributors and other partners with whom we maintain contractual relationships. As a rule, this is the following personal data provided to us Surname, first name, business e-mail address and telephone and, if applicable, fax number, business address, function. 


Purpose and legal basis 

We process your data for the purpose of processing enquiries, offers, orders, order confirmations, complaints and contractual obligations for the sale of our products. In this context, we process the following data: First name, surname, e-mail address, telephone number and, if applicable, fax number and job title. The legal basis for the processing of your data is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest lies in our intention to provide our customers with the best possible order processing. This includes both the provision of the ordered products and the associated services. We also have an overriding legitimate interest in fulfilling our contractual obligations to our customers. 

We store the aforementioned contact data in our CRM in order to send you information, e.g. in the form of direct mailings, if this is permitted or if you have consented to this. 

In individual cases, we pass on your name, e-mail address and telephone number to our distributors so that orders can be processed better and faster. We also pass this data on to our sales partners for communication purposes so that they can contact you and thus optimise order processing. You have the right to object to the transfer of data to our sales partners for legitimate reasons in accordance with Art. 21 GDPR. You can view the sales partners here under the following link: 


https://www.hubersuhner.com/en/locations

If we have entered into a confidentiality agreement, a framework agreement or similar long-term agreement with the customer, we store the contact details mentioned in our contract database.


Recipients 

Where permitted or required by law or where you have given your consent, we also share customer data with other recipients who provide services for us. We limit the disclosure of your personal data to the extent necessary. In some cases, our service providers receive your personal data as data processors and are then strictly bound by our instructions when handling your personal data (data protection agreements in accordance with Art. 28 GDPR). In some cases, the recipients act independently with your data that we transfer to them. The following categories of service providers/recipients may receive customer data 

  • Providers of email marketing software via newsletters 
  • Providers of hosting services for the operation of our servers 
  • Providers of e-commerce platforms 
  • Providers of quality management platforms 
  • Provider of business spend management platforms 
  • Provider of cloud software (office software) for communication  
  • Service provider in the area of applications to support the selection of applicants 
  • Service providers for development work, including programming, development, maintenance and support of software applications 
  • Service provider for postal services 
  • Enterprise resource planning system (ERP) provider 
  • Provider of contract databases 
  • Customer Relationship Management System (CRM) provider
  • External legal advice 
  • Marketing agencies/ website support 
  • Other IT service providers (e.g. system houses) 
  • Other services and tools

The service providers commissioned by us must fulfil strict confidentiality requirements. They are only given the necessary access to customer data in order to fulfil the assigned tasks. 


Transfer to third countries 

By using the service, personal data may be transferred to a third country. In the event of a transfer of personal data, the provider ensures the level of protection of the GDPR by complying with Art. 44 et seq. GDPR. If there is no adequacy decision with the third country in which the data importer is based or, in the case of a transfer to the USA, a provider does not have certification in accordance with the EU-US Data Privacy Framework, the transfer is subject to other suitable guarantees. 


Duration of data storage 

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In addition, the data will be deleted if you withdraw your consent or request the deletion of your personal data. An exception applies if there is a legal obligation to retain the data. 


Objection 

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f), therefore you have the right to object to the processing of your personal data at any time in accordance with Art. 21 para. 1 GDPR. If you exercise your right, processing for this purpose will no longer take place. Further information on this can be found above in our privacy policy under "Rights of data subjects".


Contractual or legal obligation 

There is no contractual or legal obligation to provide the data. 

Data security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress. In addition, we ensure data security on an ongoing basis by constantly monitoring, auditing and optimising our data protection and data security organisation. 

Conclusion

This Data Protection Statement amends the one dated December 5th, 2022 and was created by the data protection management system within hellotrust, a brand of Keyed GmbH. HUBER+SUHNER AG reserves all rights to make changes and updates to this Data Protection Statement. The latest version according to the website shall be applicable.