Data protection statement for company presences on social networks

January 17, 2025


We welcome you to our company profiles on social networks and appreciate your interest. The protection of your personal data is important to us. We therefore conduct our activities in accordance with the applicable legal provisions on the protection of personal data and data security. We would like to inform you below about which data from your visit is used for which purposes. Further information on data protection can be found in our general data protection statement.

Joint Controllership for processing in accordance with the GDPR


Joint Controllership within the meaning of the General Data Protection Regulation and other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is held by


HUBER+SUHNER AG

Degersheimerstrasse 14

9100 Herisau

Switzerland


and the social network providers listed below under "Social media company presences".


EU representative


HUBER+SUHNER GmbH

Mehlbeerenstr. 6 

82024 Taufkirchen

Data Protection Officer of HUBER+SUHNER GmbH


Keyed GmbH

Nils Möllers

Siemensstraße 12

48341 Altenberge

What is personal data?


The term "personal data" is defined in the EU GDPR. According to this, this is individual information about the personal or factual circumstances of an identified or identifiable natural person. This includes, for example, your civil name, your address, your telephone number or your date of birth. 

Relevant legal bases for the processing of personal data


  1. Insofar as we require consent for the processing of personal data consent of the data subject, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
  2. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
  3. Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.
  4. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) GDPR serves as the legal basis.

  5. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing. The data provided by you directly and by the social network is used exclusively for the purpose of brand management, increasing visibility, customer and prospect communication as a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR in order to be able to offer you the most interesting information for you.

Use of cookies


As a rule, social networks on which HUBER+SUHNER AG maintains a company profile use cookies. Cookies are files that are stored by the Internet browser on the user's end device. Cookies can be transmitted to a page when it is called up and thus enable the individual user to be assigned. Cookies help to simplify the use of social networks for users.

It is possible to object to the setting of cookies at any time by changing the settings in your Internet browser. Cookies that have been set can be deleted. Please note that if cookies are deactivated, it may not be possible to use all the functions of a social network to their full extent. When accessing a social network, users are only informed about the processing using cookies and cookie-like technologies by the privacy notice in connection with the cookie consent management of the respective social network. This processing does not take place within the scope of Joint Controllership. We therefore refer below under "Social media company presences" to the privacy notices of the respective social networks.

Rights of the data subject


If your personal data is processed, you are a data subject under the GDPR and have the following rights towards the controller: 

Right of access by the data subject pursuant to Art. 15 GDPR

You can request confirmation from the data controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the data controller:

  1. the purposes for which the personal data are processed;

  2. the categories of personal data that are processed;

  3. the recipients or categories of recipients to whom your personal data have been or will be disclosed;

  4. the planned duration of the storage of your personal data or, if specific information on this is not possible, criteria for determining the storage period;

  5. the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the data controller or a right to object to such processing;

  6. the existence of a right of appeal to a supervisory authority;

  7. all available information about the origin of the data if the personal data is not collected from the data subject;

  8. the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether your personal data is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in the context of the transfer.

Right to rectification pursuant to Art. 16 GDPR

You have a right to rectification and/or completion towards the data controller if the processed personal data concerning you is incorrect or incomplete. The data controller must carry out the rectification without delay.

Right to erasure pursuant to Art. 17 GDPR

You have the right to obtain from the data controller the erasure of your personal data without undue delay and the data controller shall have the obligation to erase this data without undue delay where one of the following grounds applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You withdraw your consent on which the processing is based according to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and where there is no other legal ground for the processing.
  3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  4. Your personal data has been processed unlawfully.
  5. The deletion of personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the data controller is subject.
  6. The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.


If the data controller has made your personal data public and is obliged to delete it in accordance with Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.


The right to erasure does not exist if the processing is necessary


  1. to exercise the right to freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
  3. for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h) and i) and Art. 9 para. 3 GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in para. 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  5. for the assertion, exercise or defense of legal claims.

Right to restriction of processing pursuant to Art. 18 GDPR

You may request the restriction of the processing of your personal data under the following conditions:

  1. if you dispute the accuracy of your personal data for a period of time that enables the data controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. the data controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
  4. if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the data controller outweigh your reasons.


If the processing of your personal data has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

Right to notification pursuant to Art. 19 GDPR

If you have asserted the right to rectification, erasure or restriction of processing against the data controller, the data controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right towards the data controller to be informed about these recipients.

Right to data portability pursuant to Art. 20 GDPR

You have the right to receive your personal data, which you have provided to the data controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another data controller without hindrance from the controller to which the personal data has been provided, provided that


  1. the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and
  2. the processing is carried out by automated means. In exercising this right, you also have the right to have your personal data transmitted directly from one data controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Right to object pursuant to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The data controller will no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility of exercising your right to object by automated means using technical specifications.

Right to revoke the declaration of consent under data protection law pursuant to Art. 7 para. 3 GDPR

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 77 GDPR.

Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision


  1. is necessary for the conclusion or performance of a contract between you and the data controller,
  2. is authorized by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. with your express consent.


However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in a. and c., the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

Corporate social media presences


HUBER+SUHNER maintains company profiles on the social networks listed below to promote its products and services and to communicate with interested parties or customers. The following data processing activities take place within the framework of the respective company presences:

  • Posting of information, contributions, photos etc.
  • Reactions to user comments
  • Visibility of the followers
  • Retrieve statistics on user behavior (e.g. click rates, country code, etc.) sorted by country, job, etc.


Furthermore, as the operator of a company profile in one of the social networks, we can only view the information stored in your public profile, and only if you have such a profile and interact with our company content (e.g. by commenting, sharing, liking, etc.) or following our company profile. 

If you are logged in and visit our company profile, consume our company content or become our follower, the respective provider of the social network processes personal data of the user (e.g. personal information, IP address, etc.).

Based on this, the respective provider provides us with anonymous usage statistics. We cannot view the individual usage data that the provider collects to compile these statistics. 

This data processing serves our (and your) legitimate interest in improving the user experience when visiting our respective company profile in a target group-oriented manner. 

In addition, the following providers use so-called cookies, which are stored on your end device when you visit our company profiles even if you do not have your own profile in the network of this provider or are not logged into it during your visit to our company profile. These cookies allow the providers to create user profiles processed for market research and advertising purposes based on your preferences and interests and to show you customized advertising (inside and outside the social network). Cookies remain on your end device until you delete them. Details on this can be found in the respective privacy notice of the provider listed below. For further information, please refer to the privacy notice of the respective social network.

Contacting us to assert rights of the data subject


We forward requests regarding the rights of data subjects (Art. 15 - 22 GDPR) to the primary data controller LinkedIn Ireland Unlimited Company via a corresponding form. This also includes requests for access to, correction, deletion and/or objection or restriction of data, as well as requests from supervisory authorities in the context of the processing of data under the General Data Protection Regulation.

Receiver


It cannot be ruled out that the data will be transmitted to third parties by the social network. For more information, please refer to the privacy notice of the social network. We do not transmit the data to third parties.

Transfer to third countries


It cannot currently be ruled out that personal data will be transferred to the United States of America. An adequacy decision (EU-US Data Privacy Framework) and a Swiss-US Data Privacy Framework have been in place for the USA since July 10, 2023. 


LinkedIn Corporation is currently (as of June 2024) certified in accordance with the EU-US Data Privacy Framework and Swiss-US Privacy Framework. 


Google LLC is currently (as of June 2024) certified in accordance with the EU-US Data Privacy Framework and Swiss-US Privacy Framework. 


X Corp. is currently (as of June 2024) certified in accordance with the EU-US Data Privacy Framework and Swiss-US Privacy Framework. 

Duration of data storage


Personal data is stored for the duration of the respective statutory retention period. After this period has expired, the data is routinely deleted, unless there is a need to initiate or fulfill a contract or we have a legitimate interest in further processing.

Routine deletion and blocking of personal data


The data controller processes and stores personal data of the data subject only for as long as is necessary to achieve the purpose of storage. Data may be stored beyond this period if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. As soon as the purpose of storage ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.

Contractual or legal obligation to provide data


There is no contractual or legal obligation to provide the data.

Possibility of objection


You can prevent the collection and forwarding of personal data (in particular your IP address) and the processing of this data by the social network by deactivating the execution of script code in your browser, installing a script blocker in your browser or activating the "Do Not Track" setting in your browser.

You have the right to object to the processing operations, in particular the processing of direct messages, towards HUBER+SUHNER AG. You can send your justified objection in accordance with Art. 21 GDPR to the above-mentioned contact details of HUBER+SUHNER AG.

Security


The appropriate level of security is essentially determined by the providers of the social networks. Irrespective of this, we have taken technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress. In addition, we ensure data protection on an ongoing basis by constantly auditing and optimizing our data protection organization.

This data protection statement was created by Keyed GmbH.