1. General information and contact details
1.1 The company
Our data protection practices may vary depending on the country we are operating in to ensure that we adhere to local customs and legal requirements.
The controller for data processing is:
Aebi Schmidt Holding AG
1.3 Data protection officer
Group Data Protection Officer
Leutschenbachstrasse 52, 8050 Zurich, Switzerland
E-mail address: DPO@aebi-schmidt.com
2. Our data protection principles
Aebi Schmidt is bound to the following data protection principles:
- We collect personal data or store it if this is required to provide and improve our services (such as websites, e-mail and other online tools), our products and customer experiences.
- You have the option of checking the personal data we store which concerns you. You can check that it is accurate and indicate your preferences.
- We ensure that your personal data is secure and protected at all times.
- We are transparent in the way that we inform you about how we use personal data we store which concerns you.
- We only use your personal data for the purposes for which you entrusted it to us.
4. Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter ‘data subject’) (e.g. name, address, telephone number, date of birth). The use of certain website services may require you to provide personal data, for example to subscribe to a newsletter.
Personal data is only processed under certain circumstances and for specific purposes.
5. When is personal data processed?
To provide our website, we or third parties process personal data as part of:
- Websites: Personal data is processed through log files, cookies, analysis tools, social media plugins and plugins from other providers
- Communications: Personal data is processed on the basis of your consent when you sign up for communications.
- Contact forms: Personal data is processed via contact forms within the context of suggestions and questions about our offering.
- Logins: For internal use only.
6. Processing purposes
Aebi Schmidt processes personal data for the following purposes:
- To provide the website to users
- To optimise the website (e.g. market research and reach measurement)
- To personalise the website for users
- To send newsletters by e-mail
- For data security for users
7. Legal bases for data processing
We process your data on the following legal bases:
- If we obtain consent from you to process personal data, this serves as the legal basis for processing personal data.
- When processing personal data needed to perform a contract to which you are party, this serves as the legal basis.
- If the processing of personal data is necessary to comply with a legal obligation which we are subject to, this serves as the legal basis.
- In rare cases, it may be necessary for us to process personal data to protect the vital interests of a data subject or natural person.
- If processing is necessary to safeguard a legitimate interest pursued by us or a third party, this serves as the legal basis for processing. If we share your data with external service providers for individual features and services, we will inform you of the respective operations in detail. The external service providers are carefully selected and are bound to our instructions.
- We oblige service providers to ensure that personal data is not shared with third parties, and is erased after the contract has been performed and the statutory storage periods have expired, unless you have consented to further storage. Our employees are bound to confidentiality with respect to your personal data.
- If personal data is processed on the basis of a legal obligation, this serves as the legal basis. As an example, this may be the case if personal data is shared with third parties, if personal data is stored, or if there are retention periods.
8. Sharing data with third parties
We generally only share your personal data with third parties if we have a legitimate interest in doing so or if you have consented to this.
Your data may also be shared with third parties if we are obliged to do so on the basis of legal provisions or an enforceable administrative ruling or court order.
We use external service providers for data processing. Service providers are generally involved as ‘processors’ who are only permitted to process website users’ personal data under our instructions. As an example, your e-mail address may be shared with a service provider so that we are able to send you a newsletter you have requested.
We also provide personal data to third parties or processors who are not based in the EU/EEA or Switzerland. In this case, before we share any data, we either ensure that the recipient guarantees an adequate level of data protection (e.g. on the basis of an adequacy decision for the country in question or standard European Union contractual clauses) or we ensure that you as the user have consented to this.
To guarantee an adequate level of data protection, we can provide you with an overview of recipients from third countries, together with a copy of the terms they have explicitly agreed to. Please refer to the information under point 1.3.
9. Duration of storage and retention periods
We store your data for as long as necessary to provide our website services and associated services, or for as long as we have a legitimate interest in further storage. In all other cases, we erase your personal data with the exception of data we are required to keep to fulfil legal obligations (e.g. retention obligations).
10. Your rights and exercising your rights
You have the following rights which you can exercise against us:
10.1 Right of access
All data subjects have the right to obtain from the controller confirmation as to whether or not personal data concerning them is stored, and to receive a copy of this. Data subjects also have the right to obtain confirmation as to whether or not personal data is transmitted to a third country.
10.2 Right to rectification
All data subjects have the right to obtain the rectification of inaccurate personal data without undue delay. Taking into account the purposes of the processing, data subjects shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
10.3 Right to erasure (‘right to be forgotten’)
All data subjects shall have the right to obtain from the controller the erasure of personal data without undue delay if this data is no longer necessary in relation to the purposes for which it was collected or processed. The same applies if users withdraw consent or object to processing and there are no overriding legitimate grounds for the processing or personal data has been unlawfully processed. In addition, users may assert this right if the controller is subject to a legal obligation to erase data or the personal data was collected in relation to the offer of information society services.
10.4 Right to restriction of processing
All data subjects shall have the right to obtain from the controller restriction of processing under certain conditions.
10.5 Right to object
All data subjects have the right to object to the processing of personal data concerning them if the processing is based on a legitimate interest of the controller/a third party or if it is necessary for the performance of a task in the public interest. If personal data is processed for direct marketing purposes, you may object to this at any time.
10.6 Right to data portability
All data subjects have the right to receive personal data concerning them, which they have provided, in a structured, commonly used and machine-readable format.
10.7 Right to withdraw consent given under data protection law
All data subjects have the right to withdraw consent given to process personal data at any time. Generally, you may contact the supervisory authorities where you have your place of work.
10.8 Right to lodge a complaint with a competent data protection authority
You have the right to lodge a complaint with a data protection authority. To do so, you can contact the competent data protection authority for your place of residence or the data protection authority responsible for us.
11. Scope of data processing
11.1 Handling login details/server log files
Working closely with our hosting providers, we strive to protect databases from unauthorised access, loss, misuse or falsification as effectively as possible. When using our website for information purposes, we or our service providers only collect personal data that your browser transmits to our server:
- Server location: EU, Germany
- Storage period for server logs: 7 (seven) days max./6 (six) months max. (backup)
When accessing our web pages, the following data will be stored in log files in order to display our website to you and to ensure stability and security:
- IP address
- Date and time of the server request
- Browser settings, type and version
- Content of the query (actual site)
- Access status/HTTP status code
- Information transmitted about the operating system
- Time zone difference relative to Greenwich Mean Time (GMT)
This usage data also forms the basis for statistical, anonymous evaluations to identify trends that our company can use to improve its offering accordingly. According to the Swiss Federal Act on the Surveillance of Post and Telecommunications [Bundesgesetz betreffend die Überwachung des Post- und Fernmeldeverkehrs, CH BÜPF], there is a statutory retention requirement for connection data from the past six months. Server log files are stored for a maximum of 7 days and are then erased. Data is stored for security reasons—to be able to clarify cases of abuse, for example. If data has to be kept to be used as evidence, it is excluded from erasure until the matter has been settled.
11.2 Purpose of log files
Data is stored for security reasons—to be able to clarify cases of abuse, for example. If data has to be kept to be used as evidence, it is excluded from erasure until the matter has been settled:
- When clarifying suspicious or disruptive technical events.
- To arrange emergency measures or to notify people about any individual emergency measures taken if there are hacking or virus problems.
- In the most extreme case, log files are needed to properly instruct the investigating authorities
11.3 Contact options via our website
The Aebi Schmidt website contains details that allow you to contact our company quickly and electronically, and to contact us directly, which also includes a valid e-mail address. If a data subject contacts the controller responsible for processing by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored for processing purposes. This personal data is not shared with third parties.
11.4 Data processing when establishing contact
Data when establishing contact is personal data that you provide when using the contact form or when contacting us by email. The data we use to contact you includes mandatory data, without which we cannot process your request, and additional voluntary data to address you personally and enable us to efficiently process your request.
The following personal data is collected for electronic contact using the contact form (* = mandatory data):
- First name*
- Company affiliation
- ZIP code
- Phone number
You may also establish contact with us using the email addresses provided. In this case, the personal data you send by email shall be stored. The data is used solely for processing the communication and may be transferred to the responsible Aebi Schmidt Group company for this purpose. The data processed for the communication shall not be transferred to third parties outside the Aebi Schmidt Group.
11.5 Use of data for marketing purposes
12. Duration of personal data storage
The criterion for the duration of personal data storage is the respective legal retention period.
When processing the data, it is in our special interest to safeguard natural persons’ data protection rights.
13.1 Matomo Analytics
Our website uses Matomo. Matomo is an open-source web analytics platform. When storing log data that is sensitive under data protection legislation, the variant with its own server may guarantee greater user privacy, since the data is not automatically shared with third parties.
14. Use of social plugins
14.1 YouTube plugin
15. Data and information security
We use state-of-the-art methods to guarantee the security of your data during transfer. We use SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption, perfect forward secrecy and HTTPS, in conjunction with the highest encryption level your browser supports to enable communication between your terminal device and our servers. This is usually a 256-bit encryption. An encrypted connection is recognisable by the fact that the browser’s address bar changes from ‘http://’ to ‘https://’ and by a padlock icon appearing in your browser bar.
Aebi Schmidt undertakes reasonable efforts to protect personal data that it collects or receives through this website against loss, misuse or unauthorised access, theft, disclosure, modification, damage or destruction.
Nevertheless, Aebi Schmidt does not give any guarantee for the security of your personal data. We exclude all liability and damages associated with loss, misuse or unauthorised access, disclosure, modification or destruction to the fullest extent permitted by law. We recommend that you take all the security measures available to you to protect personal data submitted through this website.