Privacy Policy
In this Privacy Policy we provide you with information about the personal data that we process in relation to our activities and operations, including our website www.indel.ch. We inform you in particular for what purpose, how and where we process personal data, as well as the types of personal data that we process. We also provide you with information about the rights available to the people whose data we process.
Additional privacy policies and other legal documents, such as general terms and conditions of business (GTC), terms of use or terms of participation may apply to individual or additional activities and operations.
We are subject to Swiss data protection law as well as any applicable foreign data protection law, such as, in particular, European Union (EU) law and the General Data Protection Regulation (GDPR).
The European Commission recognised in its decision of 26 July 2000 that Swiss data protection law ensures an adequate level of data protection. The European Commission confirmed this decision on the adequacy of Swiss data protection legislation in its report of 15 January 2024.
1. Contact addresses
Controller:
INDEL AG
Tüfiwis 26
CH-8332 Russikon
Aktivieren Sie Javascript um diese geschützte E-Mail Adresse zu sehen.
In individual cases, there may be other controllers for the processing of personal data or joint controllership with at least one other controller.
2. Definitions and legal bases
2.1 Definitions
Personal data means any information concerning an identified or identifiable natural person.
Sensitive personal data includes data on trade union, political, religious or ideological views or activities; data on health, privacy or ethnic or racial origin, genetic data, biometric data that uniquely identify a natural person, data on criminal or administrative sanctions or prosecutions, and data on social welfare measures.
Processing means any operation which is performed on personal data, irrespective of the means and processes used, such as the consultation, alignment, adaptation, archival, storage, retrieval, sharing, obtaining, recording, collection, erasure, disclosure, ordering, organisation, saving, alteration, dissemination, cross-referencing, destruction or usage of personal data.
A data subject is a natural person whose personal data we process.
The European Economic Area (EEA) comprises the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.
The General Data Protection Regulation (GDPR) refers to the processing of personal data as the “processing of personal data” and the processing of sensitive personal data as the “processing of special categories of personal data” (Art. 9 GDPR).
2.2 Legal bases
We process personal data in accordance with Swiss data protection law, including in particular the Swiss Federal Act on Data Protection (Swiss Data Protection Act, FADP) and the Swiss Ordinance on Data Protection (Swiss Data Protection Ordinance, DPO).
Where and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data with reference to at least one of the following legal bases:
- Point (b) of Article 6(1) GDPR where the processing of personal data is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract.
- Point (f) of Article 6(1) GDPR where the processing of personal data is necessary in order to uphold legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Legitimate interests include in particular our interest in conducting our activities and operations on an ongoing basis, in a user-friendly manner, securely and reliably and being able to communicate concerning them, the guarantee of information security, protection against misuse, the enforcement of legal claims available to us and compliance with Swiss law.
- Point (c) of Article 6(1) GDPR where the processing of personal data is necessary for compliance with a legal obligation to which we are subject under any applicable law of a member state of the European Economic Area (EEA).
- Point (e) of Article 6(1) GDPR where the processing of personal data is necessary for the performance of a task carried out in the public interest.
- Point (a) of Article 6(1) GDPR where the processing of personal data occurs with the consent of the data subject.
- Point (d) of Article 6(1) GDPR where the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person.
3. Nature, scope and purpose
We process personal data that are necessary to enable us to conduct our activities and operations on an ongoing basis, in a user-friendly manner, securely and reliably. These personal data may include in particular master data and contact data, browser and device data, data relating to content, meta data, usage data, location data, sales data as well as data relating to contracts and payments.
We process personal data for the duration necessary for the respective purpose or purposes or required by law. Any personal data that no longer need to be processed are anonymised or erased.
We may arrange for personal data to be processed by third parties. We may process personal data in conjunction with or transmit personal data to third parties. Such third parties include in particular specialist providers that furnish services to us. We guarantee compliance with privacy rights also by any such third parties.
As a general rule, we only process personal data with the consent of the data subject. Where and insofar as processing is permitted on account of another legal basis, we may dispense with obtaining consent. We may process personal data without consent for example for the performance of a contract, in order to comply with legal obligations or in order to uphold overriding interests.
We also process personal data that we receive from third parties, that we obtain from publicly accessible sources or that we collect when carrying out our activities and operations, where and insofar as such processing is permitted by law.
4. Communications
We process personal data so that we can communicate with third parties. In this context, we process, in particular, data that a data subject transmits when contacting us, for example by letter or email. We may store such data in an address book or similar tool.
Third parties who transmit data about other persons are obliged to guarantee data protection for such data subjects. Among other things, the accuracy of the personal data transmitted must be ensured.
5. Job applications
We process personal data relating to job applicants, where they are necessary for assessing suitability for an employment relationship or for the subsequent management of an employment relationship. The necessary personal data are contained in particular in any information requested, for example in relation to a job advert. We may publish job advertisements with the help of suitable third parties, for example in electronic and printed media or on job portals and job platforms.
We also process personal data that job applicants provide or publish voluntarily, in particular within a covering letter, curriculum vitae or other job application documents as well as online profiles.
Where and insofar as the General Data Protection Regulation (GDPR) is applicable , we process personal data relating to job applicants in particular in accordance with point (b) of Article 9(2) GDPR.
6. Data security
We implement appropriate technical and organisational measures to guarantee a level of data security that is commensurate with the respective risk. With the measures we have in place, we guarantee in particular the confidentiality, availability, traceability and integrity of the personal data we process, without being able to guarantee absolute data security.
Our website can be accessed and our other online presence takes place via transport encryption (SSL /TLS, in particular according to Hypertext Transfer Protocol Secure, abbreviated to HTTPS). Most browsers mark transport encryption with a small padlock in the address bar.
Our digital communication – as is the case in general for any digital communication – is subject to mass observation without any requirement for a specific cause or suspicion as well as other monitoring by security authorities in Switzerland, elsewhere in Europe, the United States of America (USA) and other countries. We are unable to exercise any direct influence on the respective processing of personal data by secret services, police agencies and other security authorities. We also cannot rule out the possibility that individual data subjects are being specifically monitored.
7. Personal data abroad
We process personal data as a general rule in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries and process them or arrange for them to be processed in those countries.
We may export personal data to all countries or territories in the world or elsewhere in the universe, provided that the local laws guarantee adequate data protection in accordance with a decree of the Swiss Federal Council or – where and insofar as the General Data Protection Regulation (GDPR) is applicable – in accordance with the relevant decision of the European Commission.
We may transmit personal data to countries the laws of which do not guarantee adequate data protection, provided that data protection is otherwise guaranteed, in particular on the basis of standard contractual clauses or other suitable guarantees. Under exceptional circumstances, we may export personal data to countries without adequate or suitable data protection, provided that the specific prerequisites under data protection law are met, such as for example the express consent of the data subject or a direct connection with the conclusion or performance of a contract. Upon request, we are pleased to provide information to data subjects concerning any guarantees or to provide copies of any guarantees.
8. Rights of data subjects
8.1 Rights under data protection law
We guarantee all rights to data subjects in accordance with the applicable data protection law. Data subjects have in particular the following rights:
- Information: Data subjects may obtain confirmation as to whether we are processing personal data concerning them, and, if so, which personal data. Data subjects will also receive any information that is necessary in order to exercise their rights under data protection law and to ensure transparency. This information includes the personal data processed as such, although also, amongst other things, information concerning the purpose of processing, the duration of storage, any disclosure or export of data to another country as well as the origin of personal data.
- Rectification or restriction of processing: Data subjects may obtain the rectification of inaccurate personal data, have incomplete personal data completed and obtain the restriction of processing of their data.
- Erasure and objection: Data subjects may obtain the erasure of personal data (“right to be forgotten”) and object to any future processing of their data.
- Surrender of data and data portability: data subjects may obtain the surrender of personal data or the transfer of their data to another controller.
Where permitted by law, we may defer, restrict or reject the exercise of rights by data subjects. We may refer data subjects to any prerequisites that must be met for the exercise of their rights under data protection law. We may for example refuse to provide information either entirely or in part in order to uphold a business secret or to protect other persons. We may for example also refuse to erase personal data either entirely or in part by invoking statutory retention requirements.
Under exceptional circumstances, we may charge costs for the exercise of rights. We shall inform data subjects in advance concerning any costs.
We are obliged to identify by appropriate means any data subjects who exercise their right of access or any other rights. Data subjects are obliged to cooperate.
8.2 Legal protection
Data subjects have the right to enforce their rights under data protection law by taking legal action or lodging a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
European data protection supervisory authorities – where and insofar as the General Data Protection Regulation (GDPR) is applicable – are organised as members of the European Data Protection Board (EDPB). In some Member States of the European Economic Area (EEA), the data protection supervisory authorities are structured at the federal level, in particular in Germany.
9. Usage of the website
9.1 Cookies
We may use cookies. Cookies – either our own cookies (first-party cookies) or cookies of third parties whose services we use (third-party cookies) – are data that are stored in the browser. Any such stored data need not be limited to traditional cookies in text form.
Cookies can be stored in the browser either temporarily as “session cookies” or for a particular period of time as “permanent” cookies. “Session cookies” are automatically erased when the browser is closed. Permanent cookies are stored for a particular period of time. Cookies make it possible in particular to recognise a browser the next time our website is visited, thereby for instance measuring the reach of our website. Permanent cookies can also be used for instance for online marketing.
Cookies can be disabled or erased either entirely or in part in the browser settings at any time. Without cookies, it is possible that our website may no longer be fully available. We actively request your express consent to the use of cookies – at least if and to the extent necessary .
It is possible to opt out in general from numerous services that use cookies to measure the success and reach of the website or for advertising via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
9.2 Logs
We may log at least the following information for each access to our website and our other online presence, where and insofar as this information is transmitted to our digital infrastructure during such access: Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual pages on our website that are accessed including the volume of data transmitted, and the last website visited using the same browser window (referrer).
We log this information, which may also contain personal data, in log files. The information is required in order to provide our online presence on an ongoing basis, in a user-friendly manner and reliably. The information is also required to ensure data security – including by third parties or with the help of third parties.
9.3 Tracking pixels
We may integrate tracking pixels into our online presence. Tracking pixels are also referred to as web beacons. Tracking pixels – which may also be operated by third parties whose services we use – are small, normally invisible images or scripts formulated in JavaScript that are automatically loaded whenever our online presence is accessed. Tracking pixels may record at least the same information as log files.
10. Notifications and mess
We send notifications and messages by email and via other communication channels, such as for instance instant messaging or SMS.
10.1 Measurement of success and reach
Notifications and messages may contain online links or tracking pixels that record whether an individual message has been opened and whether any online links have been clicked on. These online links and tracking pixels may register how notifications and messages have been used also by a specific person. We need these statistical records relating to usage in order to measure success and reach, so that we can accordingly send notifications and messages in a more effective and user-friendly manner that takes account of the needs and reading habits of recipients and also do so securely and reliably on an ongoing basis.
10.2 Consent and objection
As a general rule, you need to consent to the usage of your email address and any other contact address for you, unless it can be lawfully used for any other reason. We can use the “double opt-in” procedure to obtain any consent requiring double confirmation. In this case, you will receive a message with instructions for the double confirmation. For evidence and security purposes, we may log any such consent obtained, including IP address and timestamp.
As a general rule, you can object at any time to the receipt of notifications and messages such as newsletters. By objecting in this manner, you can also object at the same time to the collection of statistics relating to usage for the purpose of measuring success and reach. The above does not apply in relation to any notifications and messages that are necessary in relation to our activities and operations.
11. Social Media
We are present on social media platforms and other online platforms in order to communicate with interested persons and to provide information concerning our activities and operations. It is possible that personal data may be processed also outside Switzerland and the European Economic Area (EEA) within the ambit of such platforms.
The general terms and conditions of business (GTC), the terms of use and the privacy policies and other provisions of the individual operators of these platforms are also applicable. These provisions contain information in particular concerning the rights that data subjects have directly against the respective platform, such as for instance the right of access.
12. Third-party services
We use the services of specialist third parties to be able to conduct our activities and operations on an ongoing basis, in a user-friendly manner, securely and reliably. These services enable us, amongst other things, to incorporate functions and content into our website. When embedding such functions and content, the services used record at least temporarily the IP addresses of users for mandatory technical reasons.
Third parties whose services we use may process data in relation to our activities and operations in aggregated, anonymised or pseudonymised form for necessary security-related, statistical or technical purposes. These may include for instance data relating to performance or usage in order to be able to offer the particular service.
We use in particular:
- Google services: providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; general information concerning data protection: “Our privacy principles”, Privacy Policy, “We are committed to complying with applicable data protection laws”, “Google Product Privacy Guide”, “How Google uses information from sites or apps that use our services” (information from Google), “Types of cookies and other technologies used by Google”, “Settings for personalized ads”.
- Microsoft services: providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom and Switzerland / Microsoft Corporation (USA) for users in the rest of the world; general information concerning data protection: “Privacy at Microsoft”, “Data protection and privacy”, Privacy Policy, “Privacy dashboard”.
12.1 Digital infrastructure
We use services of specialist third parties in order to be able to use digital infrastructure required within the ambit of our activities and operations. These include for example hosting and storage services from selected providers.
We use in particular:
- METANET: hosting; provider: METANET AG (Switzerland); information concerning data protection: Privacy Policy, “Technical and organisational measures”.
12.2 Audio and video conferences
We use specialist services for audio and video conferences in order to be able to communicate online. We may for example hold virtual discussions or conduct online training and webinars. The legal documents relevant for the individual services such as privacy policies and terms of use also apply in the event of participation in audio or video conferences.
Depending upon your circumstances at home, we recommend that you switch your microphone to mute as the default setting and blur the background or post a virtual background when participating in audio or video conferences.
We use in particular:
- Skype: Audio and video conferencing; Skype-specific providers: Skype Communications SARL (Luxembourg) /Microsoft Corporation (USA) /Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom and Switzerland; information concerning data protection: “Skype Legal”, “Data Protection & Privacy”.
- TeamViewer Meeting: Video conferencing; provider: TeamViewer Germany GmbH (Germany); information concerning data protection: Privacy Policy, “Privacy Notice”.
12.3 Online collaboration
We use third-party services to enable online collaboration. Any directly visible terms and conditions of these services, such as their terms of use or privacy policies, apply in conjunction with this Privacy Policy.
We use in particular:
- Microsoft Teams: Platform for productive collaboration, in particular with audio and video conferencing; provider: Microsoft; information specific to Teams: “Privacy and Microsoft Teams”.
12.4 Digital audio and video content
We use the services of specialist third parties in order to enable the direct playback of digital audio and video content, such as for example music or podcasts.
We use in particular:
- YouTube: video platform; provider: Google; information specific to YouTube: “Privacy and safety center”, “Your Data in YouTube”.
12.5 Fonts
We use third-party services in order to incorporate selected fonts as well as icons, logos and symbols into our website.
We use in particular:
- Google Fonts: Fonts, provider: Google; information specific to Google Fonts: “Your Privacy and Google Fonts”, “Privacy and Data Collection”.
13. Measurement of success and reach
We endeavour to establish how our online content is used. In this regard we may for example measure the success and reach of our activities and operations as well as the efficacy of third-party links on our website. However, we may for example also take samples and compare how different parts or versions of our online content are used (“A/B test” method). Based on the results of the measurement of success and reach, we may in particular rectify errors, enhance popular content or make improvements to our online content.
In most cases, the IP addresses of individual users are stored when measuring success and reach. In such cases, IP addresses are generally truncated (“IP masking”), thereby complying with the principle of data minimisation thanks to the resulting pseudonymisation.
Cookies may be used and user profiles created when measuring success and reach. Any user profiles generated include for example the individual pages visited or the content viewed on our website, information concerning the size of the screen or browser window and the – at least approximate – location. As a general rule, any user profiles are created exclusively in pseudonymised form and are not used to identify any specific individual users. Some third-party services to which users are logged in may potentially allocate usage of our online content to the user account or user profile for the respective service.
We use in particular:
- Google Analytics: Measurement of success and reach; provider: Google; information specific to Google Analytics: Measurement, including across multiple browsers and devices (cross-device tracking) and using pseudonymised IP addresses, which are only transferred untruncated to Google in the USA under exceptional circumstances, “Safeguarding your data”, “Google Analytics Opt-out Browser Add-on”.
- Google Tag Manager: Incorporation and management of other services for measuring success and reach along with other services of Google and of third parties; provider: Google; information specific to Google Tag Manager: “Data collected by Google Tag Manager”; further information concerning data protection can be obtained from the individual services incorporated and managed.
14. Video surveillance
We use video surveillance to prevent criminal offences, to preserve evidence in the event of criminal offences, to exercise and assert our own legal claims, to defend ourselves against third-party legal claims and to exercise our domiciliary rights. Where and insofar the General Data Protection Regulation (GDPR) is applicable , these are overriding legitimate interests pursuant to point (f) of Article 6(1) GDPR, in the case of sensitive personal data with reference to point (f)9 of Article 9(2) GDPR.
We store recordings from our video surveillance for as long as they are required for the preservation of evidence or another specified purpose.
We may save recordings from our video surveillance and transmit them to competent authorities, in particular judicial or law enforcement authorities, provided that the transmission is necessary for a stated purpose, in our other legitimate overriding interest or due to legal obligations.
15. Final provisions
We may amend or supplement this Privacy Policy at any time. We shall provide information concerning any such amendments or supplements in a suitable manner, in particular by publication of the relevant up-to-date Privacy Policy on our website.