08 January 2020
We, the Polymetrix AG, take the protection of your personal data very seriously. We respect the privacy rights of individuals and we treat your personal data confidentially and in accordance with the statutory personal data protection regulations and our Data Protection Policy.
If you have any questions about our Data Protection Policy, you can always contact us.
In this Data Protection Policy, we, Polymetrix AG, explain how we collect and otherwise process personal data. This is not an exhaustive description; other data protection declarations, or general terms and conditions, conditions of participation and similar documents may regulate specific issues. Personal data is understood to be all information that relates to a specific or identifiable natural person.
The use of this website is possible without providing personal data. Your information is always provided on a voluntary basis. Your data will not be passed on to third parties for advertising purposes etc. without your express consent.
If you provide us with personal data of other persons such as family members, work colleagues, etc., please make sure that the person(s) are aware of this Data Protection Policy and only provide us with the data if you are allowed to do so and if the personal data is correct.
This data protection declaration is based on the EU General Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union, it is important to us. The Swiss Data Protection Act (DSG) is strongly influenced by EU law, and companies outside the European Union or EEA must comply with the GDPR under certain circumstances.
Personal data means all data relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an on-line pseudonym/alias or to one or more factors specific to that person, such as an expression of his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Person Concerned means any identified or identifiable natural person whose Personal Data are processed by the Controller.
Processing is any operation, whether or not automated and/or performed upon Personal Data, such as retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored Personal Data with the aim of restricting their future processing.
Profiling is any automated processing of personal data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance at work, economic situation, health, personal preferences, interests, reliability, conduct, location or change of location of that natural person.
Pseudonymisation is the processing of Personal Data in such a way that the Personal Data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the Personal Data are not attributed to an identified or identifiable natural person.
Controller or data controller
Controller or data controller is the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. Where the purposes and means of such processing are determined by Union or national law, provision may be made for the Controller or for the specific criteria for his or her nomination in accordance with Union or national law.
Processor is a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
The Recipient is any natural or legal person, public authority, agency or other body to whom the Personal Data are disclosed, whether or not that person is a Third Party. However, authorities which may receive Personal Data in the context of a specific investigation mandate under Union or national law shall not be considered as recipients.
Third Party means any natural or legal person, public authority, agency or body other than the data subject, the Controller, the Processor and persons who, under the direct authority of the Controller or Processor, are authorized to process the Personal Data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the Person Concerned’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her;.
Data Processing at Polymetrix AG
Polymetrix AG is responsible for the data processing which we describe here, unless otherwise stated in individual cases. If you have data protection concerns, you can send them to the following contact address:
+41 71 552 10 00
2. Collection and Processing of Personal Data
We primarily process the Personal Data that we receive from our customers and other business partners in the course of our business relationship with them and other persons involved in this relationship or that we collect from users when operating our websites, apps and other applications.
3. Purposes of Data Processing and Legal Basis
We use the Personal Data we collect primarily to conclude and execute our contracts with our customers and business partners, to purchase products and services from our suppliers and subcontractors, and to comply with our legal obligations in Switzerland and abroad. If you work for such a customer or business partner, you may of course also be affected by this in such role with your Personal Data.
In addition, we also process Personal Data of you and other persons, as far as permitted and as we deem appropriate, for the following purposes in which we (and sometimes also Third Parties) have a legitimate interest corresponding to the purpose:
- Offering and further development of our offers, services and websites, apps and other platforms on which we are present;
- communication with Third Parties and Processing of their inquiries (e.g. applications, media inquiries);
- examination and optimization of procedures for the analysis of requirements for the purpose of direct customer contact as well as the collection of Personal Data from publicly accessible sources for the purpose of customer acquisition;
- advertising and marketing (including the organisation of events), unless you have objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time; we will then put you on a blocking list against further advertising mail);
- market and opinion research, media monitoring;
- assertion of legal claims and defense in connection with legal disputes and official proceedings;
- prevention and detection of criminal offences and other misconduct (e.g. carrying out internal investigations, data analysis to combat fraud);
- warranties of our operations, especially our IT, our websites, apps and other platforms;
- video surveillance to protect our property rights and other measures for IT, building and facility security and protection of our employees and other persons and assets belonging to or entrusted to us (e.g. access controls, visitor lists, network and mail scanners, telephone recordings);
- the purchase and sale of business divisions, companies or parts of companies and other transactions under corporate law and, in connection therewith, the transfer of Personal Data as well as measures for business management and, to the extent necessary for compliance with legal and regulatory obligations and internal regulations.
If you have given us your Consent to process your Personal Data for specific purposes, we will process your Personal Data within the scope of and based on this Consent, unless we have another legal basis and we require such basis. A granted Consent can be revoked at any time, but this has no effect on data Processing that has already taken place.
4. Cookies, Tracking and other Technologies related to the use of our Website
Our website offers visitors e-mail addresses to enable them to communicate directly with us. If you contact us by e-mail, the Personal Data you provide will be stored. The Personal Data transmitted on a voluntary basis is stored for Processing and contacting you. This data will not be passed on to Third Parties. This data is only collected to process your request.
Data Collection by the Website Hosting Provider
Our server/hosting provider is GoEast GmbH, Oberstrasse 222, 9014 St. Gallen, Switzerland.
The web servers of GoEast GmbH use Amazon AWS and collect general data and information with every visit to our website. These are stored in the log files of the server. Among other things, the browser used and its version, the operating system, the referrer website, the sub-websites, the date and time of access, an internet protocol address (IP), the internet service provider (ISP) and other data and information that serve to prevent dangers in case of system attacks are recorded.
These general data and information do not allow us to draw conclusions about the person. Rather, this information is used to deliver the content correctly, to optimise the website, to ensure the functionality of our IT systems and to be able to provide the necessary information to the prosecution authorities in the event of a cyber-attack.
The data can be evaluated statistically, but no personal reference is made. The anonymous data of the server log files are stored separately from all Personal Data provided by a person for six months.
We use Mapbox, Mapbox Inc, 1714 14th Street NW, Washington DC, 20009-4309, USA to display interactive maps.
Mapbox requires your IP for data exchange. This data is sent to a server in the USA, processed and possibly stored. Polymetrix AG has no influence on the duration and nature of the transmitted data.
Both we and the third party providers we work with may use scripts, web beacons, tags, cookies, shared local objects and similar technologies, "cookies" associated with your use of the service, third party websites and mobile applications. Cookies may be placed on your computer, mobile device, sent e-mails and on our website. Cookies may transmit information about your use of our service such as IP addresses, browser types, date and time of use.
You can use your browser to make some cookie settings that prevent cookies from being set or permanently disapprove them. Set cookies can also be deleted. However, this may impair the functionality of our website. The settings vary depending on your device and browser. They can usually be found under security settings.
Cookies enable us to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, they do not have to log in again each time they visit our website.
We use imgix to optimize images in real-time. Imgix is operated by imgix Inc. 423 Tehama St., San Francisco, CA 94103, USA. When loading the image your IP address is transmitted to imgix. Imgix is committed to comply with the European Data Protection Regulations and is certified by the EU-US Data Protection Agreement "Privacy Shield". You can ask imgix questions about data protection via firstname.lastname@example.org.
5. Data Transfer and Data Transmission abroad
Within the scope of our business activities and for the purposes set out in Clause 3, we also disclose data to Third Parties, insofar as permitted and deemed appropriate, either because they process them for us or because they wish to use them for their own purposes. This concerns in particular the following parties:
- Service provider, retailers, suppliers, subcontractors and other business partners;
- domestic and foreign authorities, official offices or courts;
- the media;
- the public, including visitors to websites and social media;
- competitors, industry organisations, associations, organisations and other bodies;
- buyers or parties interested in acquiring business units, legal entities of
- other parties in possible or actual legal proceedings;
all of whom are potential Recipients.
These Recipients are partly domestic, but can be anywhere on earth. In particular, you must expect your data to be transferred to all countries in which Polymetrix AG is represented by group companies, branches or other offices, as well as China, other countries in Europe and the USA, where the service providers we use are located. If we transfer data to a country without adequate legal data protection, we will ensure an adequate level of protection as required by law by means of appropriate contracts or so-called Binding Corporate Rules or rely on the legal exceptions of consent, contract processing, the determination, exercise or enforcement of legal claims, overriding public interests, the published Personal Data or because it is necessary to protect the integrity of the persons concerned. You can obtain a copy of the contractual guarantees mentioned above from the contact person mentioned under Clause 1 at any time. However, we reserve the right to blacken copies for reasons of data protection or confidentiality or to submit extracts, only.
6. Duration of Storage of Personal Data
We process and store your Personal Data for as long as it is required for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the Processing, i.e. for the duration of the entire business relationship (from the initiation, Processing to the termination of a contract) and beyond that in accordance with the legal storage and documentation obligations. It is possible that Personal Data may be retained for the time during which claims may be asserted against our company and / or insofar as we are otherwise legally obliged to do so or justified business interests require it (e.g. for evidence and documentation purposes). As soon as your Personal Data is no longer required for the above-mentioned purposes, it will be deleted or made anonymous as a matter of principle and as far as possible. For operational data (e.g. system protocols, logs), generally shorter retention periods of twelve months or less apply.
7. Data Security
We take appropriate technical and organizational security measures to protect your Personal Data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, controls.
For security reasons and to protect the transmission of confidential content, we use SSL encryption. An encrypted connection can be recognized by the fact that the URL in the browser begins with "https://" instead of "http://" and by the closed lock symbol in the browser line. With activated SSL-encryption Third Parties have no access to the data transmitted by you without spending enormous efforts.
8. Obligation to provide Personal Data
Within the scope of our business relationship, you must provide us with the Personal Data required for the commencement and execution of a business relationship and the fulfilment of the associated contractual obligations (as a rule, you do not have a legal obligation to provide us with data). Without this data, we will generally not be in a position to conclude or execute a contract with you (or the body or person you represent). Nor can the website be used if certain information to secure data traffic (such as IP address) is not disclosed.
9. Rights of the Person Concerned
Within the framework of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR), you have the right to information, correction, deletion, the right to limit data Processing and otherwise object to our data Processing, as well as to the release of certain Personal Data for the purpose of transfer to another location (so-called data portability). Please note, however, that we reserve the right to assert the restrictions provided for by law on our part, for example if we are obliged to store or Process certain data, if we have an overriding interest in doing so (insofar as we are entitled to invoke this right) or if we need them for the assertion of claims. We will inform you in advance if any costs are to be incurred by you. We have already informed you about the possibility of revoking your Consent in Clause 3. Please note that the exercise of these rights may conflict with contractual agreements and that this may have consequences such as premature termination of the contract or cost implications. In this case we will inform you in advance, if this is not already contractually stipulated.
The exercise of such rights generally requires that you clearly prove your identity (e.g. by means of a copy of your identity card, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given above.
Furthermore, every Person Concerned has the right to enforce his or her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
We may change this Data Protection Policy at any time without prior notice. The current version published on our website applies. If the Data Protection Policy is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.