- Home
- Data protection policy
Data Protection Policy of Gezolan AG
Version of 12/19/2023
In this Data Protection Policy, we – GEZOLAN AG – explain how we collect and process personal data. This Data Protection Policy is not an exhaustive description; where applicable, specific circumstances are regulated by other data protection policies, general terms and conditions, rules of participation and similar documents. Personal data refers to all information related to a particular or identifiable person.
If you provide us with personal data of other people (e.g., family members or colleagues), please ensure that these people are familiar with this Data Protection Policy, and provide us with their personal data only if you have their consent to do so and the personal data is correct.
This data protection policy complies with the requirements of the EU General Data Protection Regulation («GDPR»), the Swiss Ferdal Act on Data Protection («FADP») and the New Federal Act on Data Protection («nFADP»). Whether and to what extent these laws are applicable, will depend on the particular case.
1. Responsible body and contact
The responsible body for data processing at this website is:
GEZOLAN AG
Werkstrasse 30
6252 Dagmersellen
Phone: +41 62 748 30 40
E-mail: customer-service@gezolan.com
2. Acquisition and processing of personal data
We process primarily personal data that we receive within the framework of business relations with our customers and other business partners from them and other involved parties, or which we collect from users of our websites, apps and other applications.
To the extent allowed, we also acquire certain data from publicly accessible sources (e.g., debt collection registers, land registers, commercial registers, the press, Internet) or receive such information from other companies within the KRAIBURG Group, from government offices and other third parties (e.g., credit information bureaus). In addition to your data that you provide to us directly, the categories of your personal data that we receive from third parties also comprises:
- Information from public registers;
- Information that we acquire in the course of governmental and court proceedings;
- Information related to your occupational functions and activities (so that we can conclude and process transactions with your employer, for example);
- Information about you in correspondence and meetings with third parties;
- Credit information (if we conduct business with you personally);
- Information about you that is given to us from people with whom you are associated (family, advisors, legal representatives), so we can conclude or process contracts with you or involving you (e.g., references, address for deliveries);
- Powers of attorney;
- Information for compliance with statutory regulations, such as combating money laundering and export restrictions;
- Information from banks, insurance companies, sales partners and other contract parties of ours for utilization or rendering of services through you (e.g., payments or purchases made);
- Information from media and the Internet about you (insofar as appropriate in the individual case, e.g., for job applications, press reviews, marketing/sales, etc.);
- Your addresses and, if applicable, interests and other sociodemographic data (for marketing);
- Data in connection with the use of the website (e.g., IP address, MAC address of the end device, information about your device and settings, cookies, date and time of visit, pages visited and content, functions used, referring website, location).
3. Purpose and legal grounds of data processing
We use the collected personal data primarily for concluding and processing contracts with our customers and business partners, in particular within the framework of development, production, marketing and trading of rubber granules and elastic covering systems made of rubber with our customers, and the purchase of products and services from our suppliers and sub-suppliers, as well as fulfillment of our legal obligations at home and abroad. If you are employed by such a customer or business partner, your personal data may also be affected by your position. In addition, we process personal data from yourself and others, insofar as permissible and deemed appropriate by us, for the following purposes, in which we (and occasionally also third parties) have a legitimate interest relevant to the purpose:
- Offering and further developing our offers, services and websites, apps and other platforms on which we are present;
- Communication with third parties and processing of their inquiries (e.g., job applications, media inquiries);
- Review and optimization of processes for demand analysis for the purpose of direct customer contact and collection of personal data from publicly accessible sources for the purpose of customer acquisition;
- Advertising and marketing (including the organization of events), insofar as you have not objected to the use of your data. If you are contacted by us as an existing customer for advertising purposes, you can object to this at any time. Your contact data will be included in a blocking list, and we will no longer contact you for advertising purposes.
- Market and public opinion research, media observation;
- Assertion of legal claims and defense in connection with legal disputes and official proceedings;
- Prevention and clarification of legal offenses and other inappropriate behavior (e.g., in the form of internal examinations, data analysis for combating fraud);
- Guaranteeing our operations, in particular of our IT systems, websites, apps and other platforms;
- Video monitoring for maintaining domestic rights and other measures for IT, building and plant security, and protection of our employees and others, as well as valuables belonging to or entrusted to us (e.g., in the form of access controls, visitor lists, network and mail scanners, recording of phone calls);
- Purchase and sale of business divisions, companies or parts of companies and other company law transactions, and in this connection, the transmission of personal data as well as measures for business controlling and for compliance with statutory and regulatory obligations, as well as internal regulations.
If you have granted us consent to process your personal data for particular purposes (e.g. for registering to receive newsletters or conducting background checks), we process your personal data within the scope and on the basis of this consent, insofar as we have no other legal grounds or require such. Consent that has been granted can be revoked at any time, which, however, has no effect on data already processed.
4. Cookies, plug-ins and analysis tools
To the greatest extent possible, we avoid collecting personal data on our website. However, we do use “cookies”. Cookies are small text files, which cause no damage to the end device. They are stored on the end device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain on the end device until you delete them yourself or until they are deleted automatically by the web browser. Cookies have different functions. Numerous cookies are necessary for technical reasons, since certain website functions would not function without them (e.g., the display of videos). Other cookies are used to evaluate user behavior or to display advertising.
If you have declared your consent, this website uses Google Analytics, a web analysis service of Google Inc (“Google”). The version used is “Analytics 4”. This makes it possible to allocate data, sessions and interactions for multiple devices to a pseudonymous user ID, to analyze the activities of a user across several devices. Google Analytics uses “cookies”, or text files that are stored on your computer and allow analysis of your use of the website. The information generated by the cookie on your use of this website is generally sent to a Google server in the USA and stored there. If IP anonymization is activated on this website, however, your IP address will first be truncated by Google within member states of the European Union or in other contracting states of the Treaty on the European Economic Zone. Only in exceptional cases is the full IP address sent to a Google server in the USA, where it is truncated. We point out that on this website, Google Analytics has been supplemented with IP anonymization, to ensure anonymized collection of IP addresses (so-called IP masking). The IP address from your browser transmitted by Google Analytics will not be stored together with other data from Google. For more information about terms of use and data protection, visit https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=en.
5. Newsletter
If you wish to receive the newsletter offered on the website, we need your e-mail address, as well as information that allows us to confirm that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Any other data will be collected only on a voluntary basis. We use this data only for sending the requested information and do not share it with third parties. The processing of the data you enter in the newsletter registration form takes place solely on the basis of your consent (article 6, paragraph 1, letter a of the GDPR). You can revoke your consent to save the data, the e-mail address and its use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of data processing procedures that have already taken place is not affected by the revocation.
Your data that we store for the purpose of sending the newsletter will be stored by us or by the newsletter service provider until you unsubscribe from the newsletter, and will be deleted from the newsletter distribution list after unsubscribing or if the purpose for storing the data no longer applies. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our discretion within the scope of our legitimate interest according to Art. 6, para. 1, letter f of the GDPR.
After unsubscribing from the newsletter distribution list, your e-mail address will be stored in a blacklist by us or by the newsletter service provider, in order to prevent future mailings. The data from the blacklist will be used for this purpose only and will not be brought together with other data. This serves both your interests and ours in compliance with the statutory regulations for sending newsletters (legitimate interest according to Art. 6, para. 1, letter f of the GDPR). E-mail addresses are stored in the blacklist indefinitely. You can object to storage of your e-mail address if your interests outweigh our legitimate interests.
We use Brevo (formerly Sendinblue), to send our newsletter. Your data is therefore transmitted to Sendinblue GmbH (Köpenicker Straße 126, 10179 Berlin, Germany). Sendinblue GmbH is prohibited from using your data for other purposes than sending the newsletter. Sendinblue GmbH is not permitted to pass on or sell your data. Sendinblue GmbH is a certified German newsletter software provider, which was selected carefully in accordance with the requirements of the GDPR. You can revoke your consent to store your data and its use for sending the newsletter at any time, for example via the unsubscribe link in the newsletter.
6. Disclosure of data and transmission to other countries
Within the scope of our business activities and the purposes stated in section 3, insofar as permissible and deemed appropriate by us, we also disclose data to third parties, either because they process this data for us or use it for their own purposes. This applies in particular to the following parties:
- our service providers (within the KRAIBURG Group and external, such as banks, insurance companies), including order processors (e.g., IT providers);
- retailers, suppliers, subcontractors and other business partners;
- customers;
- national and international authorities, government offices or courts;
- the media;
- the general public, including visitors of websites and users of social media;
- competitors, industry organizations, associations, organizations and other groups;
- purchasers or potential purchasers of business divisions, companies or other parts of the KRAIBURG Group;
- other parties in potential or actual legal proceedings;
- other companies of the KRAIBURG Group;
jointly referred to as recipients.
These recipients can reside within the country or abroad. In particular, you can expect transmission of your data to all countries in which the KRAIBURG Group is represented by group companies, branch offices or other offices (see Locations- (kraiburg.de)) and in other European countries and the USA, where some of our service providers are located (e.g., Microsoft).
For recipients in a country without suitable statutory data protection, we obligate the recipient by contract to comply with the applicable data protection requirements (for this purpose, we use the revised standard contract clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), if the recipient is not already subject to a regulation that is recognized by law for ensuring data protection, and we cannot fall back on an exemption clause. An exception may apply particularly in the case of legal proceedings abroad, however also in cases of predominant public interests, or if the contract fulfillment requires such a disclosure, if you have given your consent or have made the data in question generally accessible, and you have not objected to processing of the data.
7. Duration of storage of personal data
We process and store your personal data as long as necessary for fulfillment of our contractual and statutory obligations or for the purposes pursued by processing of the data, i.e., for example for the duration of the entire business relationship (from initiation and processing through termination of a contract) and beyond in accordance with the statutory archiving and documentation obligations. In this case, it is possible that personal data will be stored for the period in which claims can be asserted against our company and insofar as we are obligated by law to do so or it is necessitated by legitimate interests (e.g., for purposes of evidence and documentation). As soon as your personal data is no longer required for the aforementioned purposes, it will generally be deleted or anonymized to the greatest extent possible. For operational data (e.g., system protocols, logs), shorter archiving periods of twelve months or less generally apply.
8. Data security
We take suitable technical and organizational security measures to protect your personal data against unauthorized access, misuse, manipulation or destruction. Our safety measures are continuously improved in accordance with technological developments.
9. Obligation to make personal data available
Within the framework of our business relationship, you must provide the personal data necessary for establishing and executing a business relationship and the fulfillment of relevant contractual obligations (you generally do not have a statutory obligation to make data available to us). Without this data, we will normally not be able to conclude a contract with you (or the office or person represented by you) or process it. The website likewise cannot be used without providing certain information for ensuring data traffic (such as the IP address).
10. Rights of the data subject
Within the scope of data protection laws that apply to you and insofar as provided for therein (such as in the case of the GDPR), you are entitled to information about, correction and deletion of data, restriction of data processing, and otherwise objection to our processing of your data, in particular for the purpose of direct marketing, profiling for the purpose direct advertising and other legitimate interests for data processing and to the surrender of certain personal data for the purpose of transmission to another location (“data portability”). Please note, however, that we reserve the right on our part to apply the restrictions provided for by law, for example if we are obligated to archive or process certain data, if we have a predominant interest (insofar as we are entitled to invoke the latter) or if necessary for the assertion of claims. In the event that you incur any costs, we will inform you in advance. In section 3, we informed you of the option to revoke your consent. Please note that the execution of these rights may conflict with contractual agreements, which can result, for example, in premature termination of the contract or expenses. In this case, we will inform you if this is not already provided for by the contract.
The execution of such rights generally requires that you clearly prove your identity (e.g., with a verified copy of your ID card or appearance in person). To assert your rights, you can contact us at the address stated in section 1.
Furthermore, each data subject is entitled to enforce their claims in court or to submit a complaint to the responsible data protection authority. The responsible data protection authority for Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
Die Ausübung solcher Rechte setzt in der Regel voraus, dass du deine Identität eindeutig nachweist (z.B. durch eine verifizierte Ausweiskopie oder persönliches Erscheinen). Zur Geltendmachung deiner Rechte kannst du uns unter der in Ziffer 1 angegebenen Adresse kontaktieren.
Jede betroffene Person hat überdies das Recht, ihre Ansprüche gerichtlich durchzusetzen oder bei der zuständigen Datenschutzbehörde eine Beschwerde einzureichen. Die zuständige Datenschutzbehörde der Schweiz ist der Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (http://www.edoeb.admin.ch).
11. Amendments
GEZOLAN is entitled to amend this Data Protection Policy at any time without prior notice. The applicable version is the most current version published on our website. If this Data Protection Policy is part of an agreement with you, we will inform you of any changes in the event of an update by e-mail or other suitable means.