Gegevensbescherming

1.   General information and contact details

1.1  The company

Aebi Schmidt Holding AG, which has its registered office in Frauenfeld, Switzerland, together with its companies which are part of the Aebi Schmidt Group (hereinafter ‘Aebi Schmidt’, ‘us’ or ‘we’), are obliged to protect and respect your privacy. This global privacy policy (hereinafter ‘privacy policy’) explains the types of personal data we collect, what purposes we collect this data for, who we share data with and what measures we have taken to guarantee that your data is secure. We will also inform you of your rights and opt-out options with respect to your personal data and how to contact us regarding data protection practices.

Our data protection practices may vary depending on the country we are operating in to ensure that we adhere to local customs and legal requirements.

1.2 Controller

The controller for data processing is:

Aebi Schmidt Holding AG
Schulstrasse 4
CH-8500 Frauenfeld
Switzerland
E-mail: info@aebi-schmidt.com

1.3   Data protection officer

If you have any questions about this privacy policy, please contact our Group Data Protection Officer:

Group Data Protection Officer
Leutschenbachstrasse 52, 8050 Zurich, Switzerland
E-mail address: DPO@aebi-schmidt.com

 

2.   Our data protection principles

Aebi Schmidt is bound to the following data protection principles:

  • We collect personal data or store it if this is required to provide and improve our services (such as websites, e-mail and other online tools), our products and customer experiences.
  • You have the option of checking the personal data we store which concerns you. You can check that it is accurate and indicate your preferences.
  • We ensure that your personal data is secure and protected at all times.
  • We are transparent in the way that we inform you about how we use personal data we store which concerns you.
  • We only use your personal data for the purposes for which you entrusted it to us.
  • We do not sell your personal data. We only pass on your data in accordance with this privacy policy or if you ask us to do so.

 

3. Scope of this privacy policy

This privacy policy applies to the use of all online services or other tools you can use to interact with our company (hereinafter Aebi Schmidt ‘web services’). As such, the intention of this privacy policy is to inform users of our website about the type, scope and purpose of the collection and use of personal data by the Aebi Schmidt Group’s website operator.

 

4.   Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter ‘data subject’) (e.g. name, address, telephone number, date of birth). The use of certain website services may require you to provide personal data, for example to subscribe to a newsletter.

Personal data is only processed under certain circumstances and for specific purposes.

 

5.   When is personal data processed?

To provide our website, we or third parties process personal data as part of:

  • Websites: Personal data is processed through log files, cookies, analysis tools, social media plugins and plugins from other providers
  • Communications: Personal data is processed on the basis of your consent when you sign up for communications.
  • Contact forms: Personal data is processed via contact forms within the context of suggestions and questions about our offering.
  • Logins: For internal use only.

 

6.   Processing purposes

Aebi Schmidt processes personal data for the following purposes:

  • To provide the website to users
  • To optimise the website (e.g. market research and reach measurement)
  • To personalise the website for users
  • To send newsletters by e-mail
  • For data security for users

 

7. Legal bases for data processing

We process your data on the following legal bases:

  • If we obtain consent from you to process personal data, this serves as the legal basis for processing personal data.
  • When processing personal data needed to perform a contract to which you are party, this serves as the legal basis.
  • If the processing of personal data is necessary to comply with a legal obligation which we are subject to, this serves as the legal basis.
  • In rare cases, it may be necessary for us to process personal data to protect the vital interests of a data subject or natural person.
  • If processing is necessary to safeguard a legitimate interest pursued by us or a third party, this serves as the legal basis for processing. If we share your data with external service providers for individual features and services, we will inform you of the respective operations in detail. The external service providers are carefully selected and are bound to our instructions.
  • We oblige service providers to ensure that personal data is not shared with third parties, and is erased after the contract has been performed and the statutory storage periods have expired, unless you have consented to further storage. Our employees are bound to confidentiality with respect to your personal data.
  • If personal data is processed on the basis of a legal obligation, this serves as the legal basis. As an example, this may be the case if personal data is shared with third parties, if personal data is stored, or if there are retention periods.

 

8.   Sharing data with third parties

We generally only share your personal data with third parties if we have a legitimate interest in doing so or if you have consented to this.

Your data may also be shared with third parties if we are obliged to do so on the basis of legal provisions or an enforceable administrative ruling or court order.

We use external service providers for data processing. Service providers are generally involved as ‘processors’ who are only permitted to process website users’ personal data under our instructions. As an example, your e-mail address may be shared with a service provider so that we are able to send you a newsletter you have requested.

We also provide personal data to third parties or processors who are not based in the EU/EEA or Switzerland. In this case, before we share any data, we either ensure that the recipient guarantees an adequate level of data protection (e.g. on the basis of an adequacy decision for the country in question or standard European Union contractual clauses) or we ensure that you as the user have consented to this.

To guarantee an adequate level of data protection, we can provide you with an overview of recipients from third countries, together with a copy of the terms they have explicitly agreed to. Please refer to the information under point 1.3.

 

9.   Duration of storage and retention periods

We store your data for as long as necessary to provide our website services and associated services, or for as long as we have a legitimate interest in further storage. In all other cases, we erase your personal data with the exception of data we are required to keep to fulfil legal obligations (e.g. retention obligations).

 

10. Your rights and exercising your rights

You have the following rights which you can exercise against us:

10.1   Right of access

All data subjects have the right to obtain from the controller confirmation as to whether or not personal data concerning them is stored, and to receive a copy of this. Data subjects also have the right to obtain confirmation as to whether or not personal data is transmitted to a third country.

10.2   Right to rectification

All data subjects have the right to obtain the rectification of inaccurate personal data without undue delay. Taking into account the purposes of the processing, data subjects shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

10.3   Right to erasure (‘right to be forgotten’)

All data subjects shall have the right to obtain from the controller the erasure of personal data without undue delay if this data is no longer necessary in relation to the purposes for which it was collected or processed. The same applies if users withdraw consent or object to processing and there are no overriding legitimate grounds for the processing or personal data has been unlawfully processed. In addition, users may assert this right if the controller is subject to a legal obligation to erase data or the personal data was collected in relation to the offer of information society services.

10.4   Right to restriction of processing

All data subjects shall have the right to obtain from the controller restriction of processing under certain conditions.

10.5   Right to object

All data subjects have the right to object to the processing of personal data concerning them if the processing is based on a legitimate interest of the controller/a third party or if it is necessary for the performance of a task in the public interest. If personal data is processed for direct marketing purposes, you may object to this at any time.

10.6   Right to data portability

All data subjects have the right to receive personal data concerning them, which they have provided, in a structured, commonly used and machine-readable format. 

10.7   Right to withdraw consent given under data protection law

All data subjects have the right to withdraw consent given to process personal data at any time. Generally, you may contact the supervisory authorities where you have your place of work.

10.8   Right to lodge a complaint with a competent data protection authority

You have the right to lodge a complaint with a data protection authority. To do so, you can contact the competent data protection authority for your place of residence or the data protection authority responsible for us.

 

11.   Scope of data processing

11.1   Handling login details/server log files

Working closely with our hosting providers, we strive to protect databases from unauthorised access, loss, misuse or falsification as effectively as possible. When using our website for information purposes, we or our service providers only collect personal data that your browser transmits to our server:

  • Server location: EU, Germany
  • Storage period for server logs: 7 (seven) days max./6 (six) months max. (backup)


When accessing our web pages, the following data will be stored in log files in order to display our website to you and to ensure stability and security:

  • IP address
  • Date and time of the server request
  • Browser settings, type and version
  • Content of the query (actual site)
  • Access status/HTTP status code
  • Information transmitted about the operating system
  • Time zone difference relative to Greenwich Mean Time (GMT)

This usage data also forms the basis for statistical, anonymous evaluations to identify trends that our company can use to improve its offering accordingly. According to the Swiss Federal Act on the Surveillance of Post and Telecommunications [Bundesgesetz betreffend die Überwachung des Post- und Fernmeldeverkehrs, CH BÜPF], there is a statutory retention requirement for connection data from the past six months. Server log files are stored for a maximum of 7 days and are then erased. Data is stored for security reasons—to be able to clarify cases of abuse, for example. If data has to be kept to be used as evidence, it is excluded from erasure until the matter has been settled.

11.2   Purpose of log files

Data is stored for security reasons—to be able to clarify cases of abuse, for example. If data has to be kept to be used as evidence, it is excluded from erasure until the matter has been settled:

  • When clarifying suspicious or disruptive technical events.
  • To arrange emergency measures or to notify people about any individual emergency measures taken if there are hacking or virus problems.
  • In the most extreme case, log files are needed to properly instruct the investigating authorities

11.3   Contact options via our website

The Aebi Schmidt website contains details that allow you to contact our company quickly and electronically, and to contact us directly, which also includes a valid e-mail address. If a data subject contacts the controller responsible for processing by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored for processing purposes. This personal data is not shared with third parties.

11.4   Data processing when establishing contact

Data when establishing contact is personal data that you provide when using the contact form or when contacting us by email. The data we use to contact you includes mandatory data, without which we cannot process your request, and additional voluntary data to address you personally and enable us to efficiently process your request.

The following personal data is collected for electronic contact using the contact form (* = mandatory data):

  • Salutation*
  • First name*
  • Surname*
  • Company affiliation
  • Street
  • ZIP code
  • Place
  • Country*
  • Email*
  • Phone number

You may also establish contact with us using the email addresses provided. In this case, the personal data you send by email shall be stored. The data is used solely for processing the communication and may be transferred to the responsible Aebi Schmidt Group company for this purpose. The data processed for the communication shall not be transferred to third parties outside the Aebi Schmidt Group.

11.5 Use of data for marketing purposes

We shall only transfer your personal data to non-affiliated companies for their own direct marketing purposes if we have informed you and received your express consent to this effect. Please refer to our cookie policy for information about this practice and your choices about not having this information used by these companies.

 

12.   Duration of personal data storage

The criterion for the duration of personal data storage is the respective legal retention period.

 

13.   Technologies

When processing the data, it is in our special interest to safeguard natural persons’ data protection rights.

13.1      Matomo Analytics

Our website uses Matomo. Matomo is an open-source web analytics platform. When storing log data that is sensitive under data protection legislation, the variant with its own server may guarantee greater user privacy, since the data is not automatically shared with third parties.

Please read the Matomo privacy policy at www.matomo.org to find out how visitors’ privacy is protected. Please contact Matomo’s Data Protection Team on privacy@matomo.org if you have any questions regarding Matomo.

 

14.   Use of social plugins

14.1   YouTube plugin

Our website uses plugins from YouTube, a site operated by Google. The operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit any of our YouTube plugin-enabled sites, a connection with YouTube servers shall be established. The YouTube server shall receive information about our web pages that you have visited. If you are logged into your YouTube account, you are enabling YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this from happening by logging out of your YouTube account. You can also adjust your marketing preferences in your Google Account here. We use YouTube in line with our legitimate interest of making our website look appealing. The necessary legal basis for data processing is provided by Art. 6 (1) (f) of the EU’s GDPR. Further information about handling user data can be found here in YouTube’s privacy policy.

 

15.   Data and information security

We use state-of-the-art methods to guarantee the security of your data during transfer. We use SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption, perfect forward secrecy and HTTPS, in conjunction with the highest encryption level your browser supports to enable communication between your terminal device and our servers. This is usually a 256-bit encryption. An encrypted connection is recognisable by the fact that the browser’s address bar changes from ‘http://’ to ‘https://’ and by a padlock icon appearing in your browser bar.

Aebi Schmidt undertakes reasonable efforts to protect personal data that it collects or receives through this website against loss, misuse or unauthorised access, theft, disclosure, modification, damage or destruction.

Nevertheless, Aebi Schmidt does not give any guarantee for the security of your personal data. We exclude all liability and damages associated with loss, misuse or unauthorised access, disclosure, modification or destruction to the fullest extent permitted by law. We recommend that you take all the security measures available to you to protect personal data submitted through this website.

 

16. Availability of the privacy policy

You can access various parts of our privacy policy from any page on our website under the ‘Privacy’ heading.

 

17.   Validity, updates and translations of this privacy policy

We reserve the right to update this privacy policy at any time. We shall duly inform you of any updates that incorporate significant modifications to the processing of your personal data and request your renewed consent if necessary.

 

This privacy policy was last updated in November 2020.