Who is responsible for this website?

  • We are proud to welcome you on our website!

If you have any questions, don't hesitate to contact us.

Privacy Statement of SINCONA AG

Version as of September 1, 2023

Principle

(1) In this privacy policy, we, SINCONA AG (hereinafter "SINCONA"), explain how we collect and process personal data in the course of our business activities, in particular personal data about customers, suppliers, business partners, professional and other associations, visitors to our website, participants in events, recipients of newsletters and other bodies or their respective contact persons and employees. This is not an exhaustive description; other documents may govern specific matters. Personal data is understood to be all information that relates to a specific or identifiable person. 2.

2. by surfing on our homepage, you agree to the processing of data (access data, services, cookies and the like).

3. this privacy policy applies regardless of the domains or devices used (for example smartphone or desktop computer).

4. SINCONA complies with the legal provisions of the Federal Data Protection Act (FADP), the Ordinance to the Federal Data Protection Act (FADP), the Telecommunications Act (TCA) and other data protection provisions, for example the General Data Protection Regulation of the European Union (hereinafter DSGVO).

5. The data protection declaration is information about the type, scope and purpose of the use of personal data by SINCONA. It is a unilateral declaration for which the consent of the customer, supplier or other business partner is not required. SINCONA therefore reserves the right to unilaterally change the content of the privacy policy at any time and without notice. It is recommended that you regularly consult the SINCONA privacy policy on our website.

Handling of personal data

1. consent to data processing by sending a request

By sending an inquiry, you consent to the processing of your personal data by SINCONA and agree to be contacted by SINCONA for the purpose of processing your inquiry or mandate or otherwise through all possible communication channels (call to private mobile or landline number, email to private mail account, SMS, messaging functions from social networks).

2. information on order processing

2.1 A prerequisite for the goal-oriented activity of SINCONA is complete and correct information by the customer, the supplier or other business partner about all relevant circumstances - including those which only arise in the course of a contractual relationship. SINCONA also relies on you to provide all necessary documents in a timely manner.

2.2 Unless you issue different instructions in individual cases or the circumstances clearly indicate otherwise, SINCONA may exchange order-related information with employees as well as with third parties called in.

3 Electronic communication

3.1 In the interest of rapid processing, SINCONA communicates regularly by e-mail. E-mail communication is unencrypted unless you expressly request a different form of communication.

3.2 The transmission of information electronically (by e-mail, fax or via Internet applications) is generally associated with risks - in particular the risk of knowledge and manipulation by unauthorized third parties or incorrect delivery. Such risks can be reduced by encrypted transmission, e.g. by encrypting e-mail attachments or using a delivery platform.

3.3 If you do not provide any instructions regarding communication, you authorize SINCONA to communicate electronically without encryption, despite knowledge of the corresponding risks. This instruction can be changed by you at any time. In order to avoid ambiguities, corresponding instructions must be communicated to SINCONA in writing.

Responsibilty

SINCONA is responsible for compliance with the applicable data protection regulations. If you have any concerns regarding data protection, you can inform us of them at the following contact address:

Michael Hardmeier
SINCONA AG
Limmatquai 112
8001 Zurich
Tel. +41 44 215 10 90
info@sincona.com

Collection and processing of personal data

We process personal data (data that directly or indirectly identifies natural persons) that we receive from you or involved third parties in the context of the initiation, implementation and execution of a contractual relationship or that we collect ourselves.

1. establishment of contact/provision of contractual services

1.1 When contacting us (by telephone, in writing or by e-mail), personal data will be processed for the purpose of handling the contact request and processing in connection with a specific service/order.

1.2 Personal data is stored in our Customer Relationship Management System ("CRM System").

2. collection of access data and log files

2.1 We collect data on each access to the web server based on our legitimate interests. The access data includes the name of the domain accessed, the date and time of access, the volume of data transferred, notification of successful access, the language and version of the browser software, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

2.2 Log file information is stored temporarily for security reasons (e.g. for the clarification of abuse or fraud) and deleted after 30 days. Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.

3. record keeping

If you enter into a contractual relationship with SINCONA, we store all information arising in the context of the contractual relationship in our ERP software and physical documents additionally in the order dossier in paper form. The electronic as well as the physical order dossier is accessible to all SINCONA employees. Original files are usually forwarded to you directly. You are responsible for the storage of the same. There is no entitlement to the keeping or archiving of an order dossier.

4. scope


In the course of a contractual relationship (which may be in preparation), SINCONA collects specific data from you. This includes in particular the following data:
- Basic data (such as name, gender, title, birthday or company, registered office, etc.)
- Contact data (address, private and business telephone number or private and business mobile number, private and business e-mail address, etc.).
- Other order-specific information, which is usually provided directly by you, but can also be obtained, for example, through Internet research or from data supplied by third parties.
- If you supply personal data via a third party (e.g. via a contact person), it is your responsibility to inform the third party concerned about the processing by us.

Purposes of data processing and legal basis

When you use our services, use our website or otherwise deal with us, we obtain and process various categories of your personal data. In principle, we may obtain and process this data in particular for the following purposes:

- Communication: we process personal data so that we can communicate with you as well as with third parties, or authorities, via e-mail, telephone, letter or otherwise (e.g. to answer inquiries, in the context of contract initiation or processing). This also includes that we may occasionally send you information about developments in our company. This may, for example, take the form of newsletters (electronically, by post, by telephone). You can refuse such communication at any time or refuse or revoke your consent to such communication.
- Initiation and conclusion of contracts: With a view to concluding a contract with you, we may in particular obtain and otherwise process your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g. contact persons), contract content, date of conclusion, creditworthiness data and any other data that you provide to us or that we collect from public sources or third parties.
- Administration and processing of contracts: We obtain and process personal data so that we can comply with our contractual obligations to you and other contractual partners (e.g., suppliers, external service providers or project partners) and, in particular, so that we can provide and collect contractual services. This also includes data processing for the enforcement of contracts and accounting. For this purpose, we process in particular the data that we receive or have collected in the course of the initiation, conclusion and execution of the contract, as well as data that we create in the course of our contractual services or that we collect from public sources or other third parties. Such data may include, in particular, interview transcripts, notes, internal and external correspondence, contractual documents and the like.
- Operation of our website: In order to operate our website in a secure and stable manner, we collect technical data, such as IP address, information about the operating system and settings of your terminal device, region, time and type of use. In addition, we use cookies and similar technologies.
- Improvement of our electronic offers: In order to continuously improve our website and other electronic offerings, we collect data about visitors' behavior and preferences by, for example, analyzing how visitors navigate through our website.
- Registration: In order to use certain offers and services, you must register (directly with us or via our external login service providers). For this purpose, we process the data disclosed as part of the respective registration.
- Job application: If you apply for a job with us, we obtain and process the relevant data for the purpose of reviewing the application, carrying out the application process and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. For this purpose, in addition to your contact data and the information from the corresponding communication, we also process in particular the data contained in your application documents and the data as we can additionally obtain about you, for example from job-related social networks, the Internet, the media and from references, if you consent to us obtaining references.
- Other Purposes: Other purposes include, for example, training and educational purposes and administrative purposes (e.g., accounting). We may listen to or record telephone or video conferences for training, evidence, and quality assurance purposes. In such cases, we will notify you separately.

Personal data may only be processed within SINCONA to the extent permitted by law. In principle, only such information may be collected and processed that is necessary for the operational performance of tasks and is directly related to the purpose of processing.

Processing of personal data is only permissible if one of the following permissible circumstances exists, namely
- if the data subject has given his or her consent;
- for the fulfillment of expressed customer concerns;
- if necessary for the initiation/fulfillment of a contract;
- in the case of legal permission; or
- in the case of legitimate interest, without the interests or fundamental rights and freedoms of the data subject being overridden.

Use of the website and other digital services such as cookies and the like.

When using our website (including newsletters and other digital services), data is generated that is stored in logs (especially technical data). In addition, we may use cookies and similar techniques to recognize website visitors, evaluate their behavior and recognize preferences.

When you access and use our website, we automatically collect and store relevant log data and device-specific information for a limited period of time. This information includes, but is not limited to, specific information about how you use our website, IP address, access dates and times, hardware and software information, as well as device-specific and other similar information. We process this data based on and as necessary for us to operate, maintain and improve our websites.

Our websites use Google Analytics, a service provided by Google LLC, USA, which monitors and records the way our websites are used. Google Analytics does this by placing small text files called cookies on your computer or other devices. Cookies record information about the number of visitors to these websites, visits to individual pages, and the duration for which these websites are visited. This information is available in aggregate form and is not identifiable with regard to the individual. This integration of Google Analytics is basically done via anonymized IP addresses by shortening them within the EU/EEA. Google is subject to the CH-US and the EU-US Privacy Shield.

Data transfer to third parties and data transfer abroad

Your personal data will not be disclosed, sold or otherwise transferred to third parties, unless this is necessary for the purpose of contract execution or to fulfill our legal duties, or unless you have expressly consented to it. Categories of recipients include, but are not limited to:

- External service providers;
- Dealers, suppliers, auxiliary persons;
- Business partners with whom we need to coordinate our services;
- Domestic and foreign government agencies and authorities;
- Industry organizations and associations.

We process and store personal data mainly in Switzerland, but potentially also in other European countries or around the world. If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if it is a matter of data that you have made generally accessible and you have not objected to its processing.

Duration of storage of personal data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as beyond that in accordance with the legal storage and documentation obligations. In this context, it is possible that personal data will be retained for the period during which claims can be asserted against our company (i.e. in particular during the statutory period of limitation) and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes).

Data security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization and controls.

SINCONA draws your attention to the fact that certain IT services are used which may be associated with data security risks (e.g. e-mail or video conferencing). It is your responsibility to inform SINCONA of your wish for special security measures.

Profiling

The personal data is not used as the basis for any automated decision-making. We do not carry out profiling with the personal data.

Rights of the data subject

Within the scope of the data protection law applicable to you and insofar as provided therein (such as in the case of the GDPR), you have the right to information, correction, deletion, the right to restrict data processing and otherwise object to our data processing, as well as to the release of certain personal data for the purpose of transferring it to another entity (so-called data portability). Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to retain or process certain data, if we have an overriding interest in doing so (insofar as we are entitled to rely on this) or if we require the data in order to assert claims. If costs are incurred by you, we will inform you in advance.

You have a right to object on a case-by-case basis. You may object to the processing of your personal data at any time on grounds relating to your particular situation.

Please note that the exercise of these rights may conflict with contractual agreements and this may have consequences such as the premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated.

The exercise of such rights usually requires that you clearly prove your identity (e.g. by means of a copy of your identity card, where your identity is otherwise not clear or cannot be verified). To assert your rights, you may contact the data controller (as indicated in this Privacy Policy).

Every data subject also has the right to enforce his or her claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Swiss Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

Applicability of the EU General Data Protection Regulation

We do not assume that the EU General Data Protection Regulation ("GDPR") is applicable in our case. However, if this should exceptionally be the case for certain data processing, then exclusively for the purposes of the DSGVO and the data processing subject to it, the present provision shall additionally apply.

We base the processing of your personal data in particular on the fact that
- it is necessary as described under "Purposes of data processing and legal basis".
it is necessary for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b DSGVO;
- it is necessary for the legitimate interests of us or of third parties as described under "Data Processing Purposes and Legal Grounds", namely for communicating with you or third parties to operate our website, for improving our electronic offerings and registering for certain offers and services, for security purposes, for compliance with Swiss law and internal regulations for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and for the protection of other legitimate interests (Art. 6 para. 1 lit. f DSGVO);
- it is required or permitted by law on the basis of our mandate or position under the law of the EEA or a member state (Art. 6 para. 1 lit. c DSGVO) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d DSGVO);
- you have separately consented to the processing, for example, via a corresponding declaration on our website (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a DSGVO).

Changes

The privacy policy, the technical data processing as well as the description of the rights as a user and client can be adapted at any time, should this be necessary due to changed legal situations, adaptations of the service or the data processing. Users are requested to access these statements on a regular basis.

***