Privacy Policy
Protecting your privacy is of utmost importance to us.
We are committed to handling your data responsibly.
We consider it a matter of course to comply with the Swiss Federal Data Protection Act (DSG), the Ordinance on the Federal Data Protection Act (VDSG), and other applicable data protection regulations, such as the EU General Data Protection Regulation (GDPR).
Personal data refers to any information that identifies you or makes you identifiable, such as your first and last name, address, and e-mail address.
When this privacy policy talks about the processing of your personal data, we are referring to any handling of your personal data. This includes the storage, processing, use and deletion of the data.
We collect personal data in a transparent manner and in compliance with the principles of proportionality and purpose limitation. The data will only be processed insofar and for as long as this is necessary for our tasks and duties.
This Privacy Policy tells you how we handle your data when you visit our website,, when you obtain services from us, or when you otherwise interact with us under a contract, communicate with us, or otherwise deal with us.
We may also inform you about how we process your data in separate documents, such as consent forms, contract terms, additional privacy statements, forms, and notices.
The most current version at the time of use applies.
We reserve the right to revise this Privacy Policy without prior notice.
1 Contacting us
1.1 Requests in connection with data protection
If you have any questions in connection with data protection and for information regarding your rights as well as claiming your rights, please send us your request to: [email protected]
1.2 Name and Contact of the Data Controller
Data controller – according to data protection law:
knecon AG
Suracherstrasse 1
8142 Uitikon
Switzerland
Tel: +41 44 491 2652
E-mail: [email protected]
1.3 Name and Contact of the Privacy Officers
We are advised on the implementation of data protection by our Privacy Officer:
Michèle Balthasar
Dr. iur. Rechtsanwältin
Balthasar Legal AG
Kurvenstrasse 1
8006 Zürich
Switzerland
Website: www.balthasar-legal.ch
E-mail: [email protected]
1.4 Name and Contact of the EU Representative
Our EU Data Protection Representative serves as an additional contact point for supervisory authorities and data subjects, for processing of personal data falling within the scope of the GDPR:
knecon Technologie GmbH
Q7, 23
68161 Mannheim
Germany
E-mail: [email protected]
2 Origin of the Data
We generally collect personal data directly from you. Most of the data we process is provided by you (or your end device), e.g., when using our services, using our website and apps, or communicating with us). You are not obliged to disclose your data; exceptions may apply in individual cases (e.g., due to legal obligations). However, if you want to enter into contracts with us or use our services, for example, you will need to disclose certain data to us. The use of our website is also not possible without data processing. Using our website always involves the processing of data.
We may also obtain data from publicly accessible sources (e.g., debt collection registers, land registers, commercial registers, media or the internet incl. social media) or receive such data from (i) public authorities, (ii) your employer or client who either has a business relationship with us or is otherwise involved with us, and (iii) other third parties (e.g., clients, counterparties, legal protection insurers, credit agencies, address dealers, associations, contractual partners, internet analysis services). This includes, in particular, the data we process in the course of initiating, concluding and executing contracts, as well as data from correspondence and conversations with third parties, but also all other categories of data.
3 Type, Scope and Purpose of the Data Processing
3.1 Visiting our Web Pages
When you visit our web pages, our servers automatically save the following data temporarily in a log file, the so-called server log files:
- IP address of the requesting computer,
- Date and time of access/request,
- Name and URL of the requested data,
- Operating system of your computer and browser you are using,
- Country from which our webpage is accessed,
- Time zone difference to Greenwich Mean Time (GMT),
- Access status/HTTP status code,
- Last webpage visited,
- Language and version of the browser software,
- Browser settings,
- Name of your internet access provider,
- Data volume transferred in each case,
- Activated browser plug-ins.
The purpose of processing this data is to enable the use of our web pages (establish a connection), to ensure permanent system security and stability, to optimize our offers; the data is also used for statistical purposes. No personal user profile is created.
The legal basis for processing your personal data is our legitimate interest in processing this data.
3.2 Contact Form
Our website allows you to contact us via a contact form and/or via e-mail. To do so, you will need to enter your e-mail address and your message. Further information can be provided voluntarily.
We process your information on the legal basis of our legitimate interest to correspond with you or for the purpose of processing and managing your request.
3.3 Communication
We use various collaboration tools for conference calls, online meetings, and video conferences (hereinafter collectively referred to as “online meetings”). These tools process different types of data. The amount of data processed depends, among other things, on which data is provided before or during participation in an online meeting. The data processed might include, for example:
- First and last name, participant name if applicable, company e-mail address
- Meeting metadata: e.g., date, time, meeting ID, phone numbers, location
- Audio, video, and chat content
- name of the meeting and password for meeting participation if applicable
- profile picture if applicable
- other personal data provided by the data subjects during the meeting if applicable.
If online meetings are to be recorded, this will be transparently communicated in advance and, where necessary, consent will be requested. Send your objection to the contact listed in Article 1 or to the following e-mail address: [email protected].
Processing this data is in our legitimate interest. Our legitimate interest in these cases is in the effective conduct of the meetings. If the meeting is conducted within the framework of a contractual relationship, the legal basis for data processing when conducting online meetings is the contract.
3.4 Job Application Procedure
If you apply for a job with us, we process the personal data that we receive from you as part of the application process. In addition to your personal details, education, work experience, and skills, comments on previous employment, as well as availability / notice period, this includes the usual correspondence data such as postal address, e-mail address, and phone number.
In addition, we process all documents you submit in connection with the application, such as cover letters, CVs, references, certificates, diplomas, and other documents provided by you. Applicants can voluntarily provide us with further information. In addition, we process all documents submitted by you in connection with the application, such as a cover letter, CV/résumé, and references. In addition, applicants may voluntarily provide us with additional information. This data is stored, evaluated, processed, or forwarded solely in connection with your application. Furthermore, they may be processed for statistical purposes (e.g., reporting). In this case, no conclusions can be drawn about individual persons.
Your applicant data will be stored separately from other user data and will not be merged with it.
Your applicant data is processed to fulfill our (pre)contractual obligations during the application process. The basis for processing your personal data is our legitimate interest in processing your application.
You can object to this data processing at any time and withdraw your application. Please send your objection to the contact person named in the job advertisement or to [email protected].
If we enter into an employment contract with you, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with the statutory provisions.
If the application process ends without employment, your personal data will be stored for another 60 days for documentation purposes and then deleted. If you have given us permission to use your data for further application procedures with us and to contact you again, we will retain your data for a longer period of time.
You can later revoke your consent at any time by sending an e-mail to [email protected] or the e-mail mentioned in the job advertisement.
3.5 Use of Client Data for Marketing Purposes
We also use your personal data for the following purposes:
- Maintaining business relationships,
- Informing existing B2B customers about certain services,
- Recommending services that may be of interest to you.
You may object to this data processing at any time. If you object, we will no longer process your personal data for this purpose. Please send your objection to the following e-mail address: [email protected].
3.6 Provision of Contractual Services
We also process personal data to the extent necessary in each case to provide you with our contractual or pre-contractual services, and to perform other services requested by you. The data processed in this context, the type, scope, purpose, and necessity of its processing, are determined by the underlying contractual relationship.
The processed data includes master data (e.g., name and address), contact data (e.g., e-mail address and phone number) as well as contractual data (e.g., services used, terms of the contract, contractual communication, names of contacts) and payment data (e.g., bank details, payment history).
The data is deleted when it is no longer required to fulfill contractual or legal obligations, whereby the necessity of retaining the data is reviewed at irregular intervals. Otherwise, the statutory retention periods apply.
3.7 Security Purposes and Access Controls
We obtain and process personal data to ensure the appropriate security of our IT and other infrastructure (e.g., buildings) and to continuously improve it. This includes, for example, monitoring and controlling electronic access to our IT systems as well as physical access to our premises (including using procedures involving the processing of biometric data), analysis and testing of our IT infrastructures, system and error checks, and the creation of security copies. For documentation and security purposes (preventive and incident investigation), we also keep access logs or visitor lists in relation to our premises and use surveillance systems (e.g., security cameras). We use appropriate signs to draw your attention to surveillance systems at the relevant locations.
Processing your personal data is in our legitimate interest
3.8 Risk Management and Corporate Governance
Risk management and corporate governance: We obtain and process personal data for risk management (e.g., to protect against criminal activities) and corporate governance. This includes, among other things, our business organization (e.g., resource planning) and corporate development (e.g., acquisition and sale of business units or companies).
Processing your personal data is in our legitimate interest.
4 Cookies
Our website and other digital offers use cookies and similar technologies. For further information about our cookies, please see our Cookie Policy.
5 Use of Marketing and Analytics Services
5.1 Google Services
We use the following services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or, if your habitual residence is in the European Economic Area (EEA) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (in short: Google):
- Google Analytics 4
- reCAPTCHA
- Google Fonts
Google generally uses cookies. The cookies used by Google enable us to analyze the use of our website. The information generated by the cookies about your use of our website (including your IP address) is transmitted to a Google server in Ireland or the USA and stored there.
Google states to be able to process personal data for advertising products in any country where Google or Google’s subcontractors maintain facilities. For information about the locations of Google’s data centers, please see www.google.com/about/datacenters/locations/.
For further information about the processing of personal data by Google and about privacy settings, see the Google Privacy Policy and Privacy Controls.
5.1.1 Google Analytics 4
This website uses Google Analytics 4, a web analysis service provided by Google, which enables an analysis of your use of our website.
Google Analytics uses cookies that are stored on your device (notebook, tablet, smartphone, etc.) to help us analyze how you use our website. The obtained statistics/reports allow us to evaluate the user behavior on our website and make our offer more attractive.
Google Analytics 4 does not use cookies by default when you visit the website unless you expressly agree to it. Instead, information about your usage behavior is collected and processed through so-called pings (small data packets sent to the host of an end device). The transferred information includes your IP address; Google, however, truncates the last digits to prevent direct personal references.
The anonymization of IP addresses is activated by default on Google Analytics 4. This means that Google shortens your IP address within Switzerland or the EU/EEA before transmitting it. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there.
All data processing described above, including data transmission by pings and the possible setting of Google Analytics cookies, will only take place if you have expressly consented.
Without your consent, Google Analytics 4 will not be used during your website activity. You can revoke your consent at any time with future effect. To exercise your right of revocation, please deactivate this service in the Cookie Consent Tool provided on the website.
We have entered into a data processing agreement with Google that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties. With regard to the transfer of data to the USA, Google refers to standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection. Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found here: Privacy Policy – Privacy & Terms – Google.
Google Analytics 4 uses the “demographic details” functionality and can generate statistics that make statements about the age, gender, and interests of website visitors. This is done by analyzing advertising and information from third-party providers. In this way, target groups for marketing activities can be identified. However, the collected data cannot be attributed to a specific person and is deleted after a storage period of two months.
Google signals: As an extension to Google Analytics 4, Google Signals can be used on the website to obtain cross-device report. If you have activated “Ads Personalization” and linked your devices to your Google account, Google can analyze your usage behavior across devices to use Google Analytics 4 and create database models, including on cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop the cross-device analysis, you can deactivate the “Ads Personalization” functionality in the settings of your Google account. To do this, follow the instructions you will find here: [UA] Activate Google signals – Analytics Help
User-IDs: The “User-IDs” functionality can be used on the website as an extension to Google Analytics 4. When you log in to this account on multiple devices, your activities, including conversions, can be analyzed on a cross-device basis.
Google uses this information to evaluate your pseudonymous use of our websites, to compile reports on website activity, and to provide us with other services related to website and internet use. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. When visiting our websites, your user behavior is recorded in the form of events (such as page views, purchase activities incl. sales, interaction with the website, or your “click path”) as well as other data such as your approximate location (country and city), technical information about your browser and the end devices you use or the referrer URL, i.e. via which website/ad you came to our website.
You can prevent the collection and transmission of data generated by the cookie and related to your use of our websites (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on to disable Google Analytics. If you wish to object to interest-based advertising by Google, you can use the settings and opt-out options provided by Google.
If you allow cookies to be stored, Google Analytics retains your data for two months. Data for which the end of this retention period has been reached is automatically deleted. An overview of the data use in Google Analytics and the measures taken by Google to protect your data can be found in the Google Analytics Help Center.
5.2 reCAPTCHA
Captcha is the abbreviation for “completely automated public Turing test to tell computers and humans apart”. It is a test designed to distinguish humans from machines/robot (“bot”) programs.
reCAPTCHA is a captcha service from Google that aims to distinguish whether a certain action on the Internet is performed by a human or by a computer program. reCAPTCHA is used during newsletter registration.
For further information on data processing and protection by reCAPTCHA, please see: Google – Terms of Service & Privacy Policy.
5.3 Google Fonts
In order to display our content correctly and in a graphically appealing manner across browsers, we may use script and/or font libraries (Google Fonts) to display fonts on our website. Google Fonts are transferred to the cache of your browser to avoid multiple loading. If your browser does not support Google Fonts or prevents access, the content will be displayed in a standard font.
Calling script or font libraries automatically triggers a connection to the library operator. Google could theoretically collect personal data (e.g., the IP address) and forward it to a server in Ireland or the USA.
For further information on Google Fonts, please see Frequently Asked Questions | Google Fonts | Google Developers and the Google Privacy Policy: Google – Terms of Service & Privacy Policy.
You can prevent data processing by Google Fonts by disabling JavaScript execution in your browser or installing a JavaScript blocker. Please note that this may result in functional restrictions on the website.
5.4 Cookie Consent with Complianz
Our website uses the “Complianz GDPR/CCPA Cookie Consent” technology to obtain your consent for storing certain cookies in your browser and documenting it in compliance with data protection laws. The provider of this technology is Complianz B.V., Atoomweg 6b, 9743 AK Groningen, Netherlands (hereinafter: Complianz).
When you visit our website, a Complianz cookie is stored in your browser; it stores the consents you have given or your objection to these consents.
The collected data will be stored until you request us to delete it or delete the Complianz cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. For detailed information on data processing by Complianz, please see complianz.io/privacy-statement.
The Complianz cookie consent technology is used in order to obtain the legally required consents for the use of cookies.
5.5 WPML
WPML uses cookies to determine the visitor’s current language, the last visited language, and the language of users who have logged in.
While using the plugin, WPML will share Data about the site via the installer. It will not share any data about the user.
- WPML Media Translation
WPML Media Translation will transmit the email address and name of each manager, the assigned translator, and the content to be translated to the Advanced Translation Editor and contracted translation services. - WPML Translation Management
WPML Translation Management will transmit the e-mail address and name of each manager, as well as the assigned translator and the content itself to the Advanced Translation Editor and translation services used. - WPML String Translation
WPML String Translation will send all strings to WPML’s Advanced Translation Editor and to the used translation services.
6 Social Media
We operate pages and other online presences on social media networks and other platforms operated by third parties and process data about you in this context. In this context, we obtain data directly from you (e.g., when you communicate with us or comment on our content) and from the platforms (e.g., statistics).
On our website we use social plugins (plugins) from various social networks. These plugins allow you to share content or recommend products, for example.
The plugins used are the following:
- LinkedIn
Our online offer may include functionalities and content of the LinkedIn service. This may include, for example, content such as images, videos, or texts and buttons that allow users to share content of this online offer within LinkedIn. If the users are members of the LinkedIn platform, LinkedIn can associate the call of the above-mentioned content and functionality with their LinkedIn profiles. Service provider: LinkedIn Irland Unlimited Company, Wilton Place, Dublin 2, Irland, Parent Company: LinkedIn Corporation, 1000 W. Maude Avenue Sunnyvale, CA 94085, USA; Datenschutzerklärung: LinkedIn Privacy Policy; Cookie Policy: de.linkedin.com/legal/cookie-policy. - Xing
Our online offer may include functionalities and content of the Xing service. This may include, for example, content such as images, videos, or texts and buttons that allow users to share content of this online offer within Xing. If the users are members of the Xing platform, Xing can associate the call of the above-mentioned content and functionality with their Xing profiles. Service provider: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany; Privacy Policy: Privacy at XING.
7 Disclosure of Data to Third Parties
As a matter of principle, we will treat your personal data as confidential and will only pass it on if you have expressly consented to it, if we are legally obliged or entitled to do so, or if this is necessary to enforce our rights, in particular, to enforce claims arising from our contractual relationship.
In addition, we disclose your personal data to third parties to the extent that this is necessary or appropriate in the context of the use of the website or for the possible provision of the services requested by you.
We disclose your personal information to the following categories of recipients:
- Companies of our group
- IT Service Providers
- Third parties to whom we have outsourced certain support services, such as translation work or document reviews
- Third parties we engage to provide additional services, such as law firms and fiduciaries
- Third parties who are also involved in the implementation or organization of events and seminars
- Authorities and courts, if applicable
In the case of disclosure to third parties, the legal regulations governing the disclosure of personal data to third parties are, of course, complied with. If we use subcontractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of your personal data in accordance with the relevant legal regulations.
8 Data Transfer Abroad
If we also transfer your personal data to third parties abroad (i.e., outside of Switzerland or the European Economic Area (EEA)), these parties are obligated to comply with data protection to the same extent as we are. If the data protection level in the country concerned is not adequate, we will ensure that the protection of your personal data has such a level.
We ensure this, in particular, by concluding so-called standard contractual data protection clauses of the EU Commission with the companies concerned, and/or by the existence of Binding Corporate Rules (BCR) recognized by a European data protection authority at the companies concerned and/or by the existence of further guarantees that comply with the applicable law. Where this is not possible, we base the data transfer on your express consent or the necessity of the transfer for the fulfillment of the contract.
9 Retention Period
We process and store your personal data only for the period of time required to achieve the stated purpose or if this is provided for in laws or regulations to which we are subject. If the purpose of retention no longer applies or if a prescribed retention period expires, your data will be routinely blocked or deleted in accordance with the statutory provisions.
In addition, we will delete your data if you request us to do so at [email protected] and if we have no legal or other obligation to retain or store this personal data.
10 Data Security
We take technical and organizational security measures to protect your personal data against manipulation, loss, destruction, or against access by unauthorized persons and to ensure the protection of your rights and compliance with applicable data protection laws.
The measures taken are intended to ensure the confidentiality and integrity of your data and to ensure the availability and resilience of our systems and services in processing your data on a permanent basis. They are also intended to ensure the rapid restoration of the availability of your data and access to it in the event of a physical or technical incident.
Our security measures also include encryption of your data. When transmitting your data to us, we use Transport Layer Security (TLS) encryption. All information that you enter online is transmitted via an encrypted transmission path. This means that this information cannot be viewed by unauthorized third parties at any time.
Our data processing and security measures are continuously adjusted in line with technological developments.
We also take our internal data protection very seriously. Our employees and the service providers appointed by us are obliged to maintain confidentiality and to comply with the data protection regulations. Moreover, they are only granted access to personal data to the extent necessary.
11 Your Rights
You have the following rights in relation to your personal data:
- Right of access: You have the right to know why your personal data is needed, what happens to it, and how long it is retained.
- Right to rectification: You have the right to amend, correct, delete, or block your personal data at any time.
- Right to erasure: You have the right to request erasure of your personal data at any time.
- Right to restrict processing: You have the right to request all your personal data from the data controller and to transfer it in full to another data controller.
- Right to object: You can object to the processing of your data. You can object to the processing of your data. We comply with your objection, unless there are legitimate reasons for processing.
- Right to withdraw consent: If you give us your consent to process your data, you have the right to revoke this consent and have your personal data deleted.
In order for us to exclude any unlawful use of data, we must identify you (e.g., with a copy of your ID card, if necessary).
Please note that conditions, exceptions or restrictions apply to these rights (e.g., for the protection of third parties or business secrets or due to our professional confidentiality).
You can contact us regarding your rights using the contact information mentioned in section 1 or at the following e-mail address: [email protected].
You may also file a complaint with the local supervisory or the Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB; in English: Swiss Federal Data Protection and Information Commissioner (FDPIC)) if you believe that the processing of your personal data violates data protection law.