Privacy Policy

In this privacy policy, Gudo AG (hereinafter: «Gudo AG» or «we») explains what personal data we process, for what purposes, how and where, particularly in connection with our website and our other services. In this privacy policy, we also provide information about the rights of individuals whose data we process.

Responsibility and contact details

Gudo AG is responsible for the data processing described here. Enquiries regarding data protection can be sent to us by post or email:

Gudo AG
Enrico Maraffio
12 Gass
5242 Lupfig

Telephone: +41 44 929 69 30
Email: info@gudo.com

General note

We process personal data, in particular in the following categories of processing.

• Customer data relating to customers for whom we provide or have provided services;
• Personal data that we receive indirectly from our customers in the course of providing our services;
• When visiting our website;
• When attending one of our events;
• When we communicate;
• In the context of other contractual relationships, e.g. as a supplier, service provider or consultant;
• When applying;
• Where we are required to do so for legal or regulatory reasons;
• When we are fulfilling our due diligence obligations or other legitimate interests, for example to avoid conflicts of interest, mitigate risks, ensure data accuracy, safeguard security, or enforce our rights.

You can find more detailed information in the descriptions below for each category of processing.

Processing of personal data

Personal data refers to any information relating to an identified or identifiable individual.

We process personal data in accordance with Swiss data protection law. Furthermore, where the EU GDPR applies, we process personal data in accordance with the following legal bases in relation to Article 6(1) of the GDPR:

• Consent (Article 6(1)(a) of the GDPR) – The data subject has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.
• Performance of a contract and pre-contractual enquiries (Article 6(1)(b) of the GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures taken at the data subject’s request.
• Legal obligation (Article 6(1)(c) of the GDPR) – The processing is necessary for compliance with a legal obligation to which the controller is subject.
• Protection of vital interests (Article 6(1)(d) of the GDPR) – Processing is necessary to protect the vital interests of the data subject or of another natural person.
• Legitimate interests (Article 6(1)(f) of the GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

We process personal data for as long as is necessary for the relevant purpose(s) or as required by law; this means for the duration of the entire business relationship (from the initial contact and processing through to the termination of a contract) and beyond, in accordance with statutory retention and documentation requirements. In doing so, it is possible that personal data may be retained for the period during which claims may be brought against our company (i.e. in particular during the statutory limitation period) and insofar as we are otherwise legally obliged to do so or legitimate business interests require it (e.g. for evidential and documentation purposes). Personal data that is no longer required for processing is anonymised or deleted. Individuals whose data we process generally have a right to erasure.

Safety measures

We implement technical and organisational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, input of, and disclosure of the data, ensuring its availability and its segregation. Furthermore, we have established procedures to ensure that data subjects’ rights are upheld, that data is deleted, and that appropriate action is taken in the event of a data breach. Furthermore, we take the protection of personal data into account right from the development and selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default.

Disclosure of personal data to third parties and transfers abroad

We may have personal data processed by third parties acting on our behalf, or process it jointly with third parties or with the assistance of third parties, or transfer it to third parties. Such third parties include, in particular, service providers whose services we use. We ensure that such third parties also maintain an appropriate level of data protection.

The following categories of recipients may receive personal data from us:

• Service providers (e.g. other IT service providers, hosting providers, suppliers, consultants, solicitors, insurance companies);
• Third parties in connection with our legal or contractual obligations, public authorities, government bodies, and courts.

Such third parties are located in general in Switzerland and within the European Economic Area (EEA). However, such third parties may also be located in other countries and worldwide, provided that their data protection laws comply with Opinion of the Federal Data Protection and Information Commissioner (EDÖB) ensures an adequate level of data protection, or where an adequate level of data protection is ensured for other reasons, such as through a relevant contractual agreement—in particular on the basis of standard contractual clauses—or through relevant certification. In exceptional cases, such a third party may be located in a country without adequate data protection, provided that the data protection requirements, such as the explicit consent of the data subject, are met.

Purposes of data processing

We may process your personal data for a number of purposes. Primarily, we process this data so that we can provide our services to you.

Provision of services

We primarily process personal data that we receive in the course of our contractual relationships with our customers and other contractual relationships with business partners, as well as from them and other individuals involved in such relationships.

Our customers’ personal data consists, in particular, of the following information:

• Contact details (e.g. surname, first name, address, telephone number, email address, other contact details);
• Personal information (e.g. date of birth, occupation, title, job title, passport/ID number, social security number, etc.);
• Financial information (e.g. bank details);
• Contract master data (e.g. contractual relationship, product or contract interest);
• Supplier information, contact details (e.g. information about suppliers, including contact persons);
• Order history (e.g. records of previous orders and transactions);
• Electronic identification data (e.g. user data, IP address, electronic signature, connection and log data, cookies);
• Application and employment data (e.g. social security details, salary details, work schedules, working hours, holiday and sick leave).

We process this personal data for the purposes described on the following legal grounds:

• The conclusion or performance of a contract with the data subject or for the benefit of the data subject, including the initiation of contract negotiations and any enforcement (e.g. advice);
• Compliance with a legal obligation (e.g. where we are fulfilling our obligations or are required to disclose information).
• Protection of legitimate interests (e.g. for administrative purposes, to improve our quality, to ensure security, to manage risk, to enforce our rights, to defend ourselves against claims, or to assess potential conflicts of interest)
• Consent (e.g. to send you marketing information).

Use of our website

No personal data needs to be disclosed in order to use our website. However, each time the site is accessed, the server collects a range of user information, which is temporarily stored in the server’s log files.

When this general information is used, it is not linked to any specific individual. The collection of this information or data is technically necessary in order to display our website and to ensure its stability and security. This information is also collected to improve the website and analyse its usage.

This includes, in particular, the following information:

• Information that you provide to us via our website;
• Technical information, information about user behaviour or website settings that is automatically transmitted to us or our service providers (e.g. IP address, date and time of the request, UDI, device type, browser, number of clicks on the page, opening of the newsletter, clicking on links, etc.).

We process this personal data for the purposes described on the following legal grounds:

• Protection of legitimate interests (e.g. for administrative purposes, to improve our quality, to analyse data or to promote our services);
• Consent (e.g. to the use of cookies or the newsletter).

Direct communication, visits and events

When you contact us (e.g. by telephone, email, contact form or chat) or we contact you, we process the personal data required for this purpose. We also process this personal data when you visit us. In this case, you may be required to provide your contact details before your visit or at reception. We will retain these for a certain period of time in order to protect our infrastructure and our information.

If you send us enquiries via the contact form, we will store the information you provide in the form, including your contact details, for the purpose of processing your enquiry and in case we need to follow up with further questions. We will not pass on this information without your consent.

We use appropriately secure applications for conducting telephone conferences, online meetings, video conferences and/or webinars («online meetings»).

When organising and running events, we process personal data for the purposes of event management and participant support, including the administration of registrations, communication with participants and coordination with service providers.

In particular, we process the following information:

• Contact details (e.g. surname, first name, address, telephone number, email address);
• Communication metadata (e.g. IP address, duration of communication, communication channel);
• Other information that the user uploads, provides or creates whilst using the video conferencing service, as well as metadata used for the maintenance of the service provided;
• Personal details (e.g. occupation, role, title, employer);
• The time and reason for the communication or visit.

We process this personal data for the purposes described on the following legal grounds:

• Fulfilment of a contractual obligation with or for the benefit of the data subject, including the initiation of a contract and any enforcement (provision of a service);
• Protection of legitimate interests (e.g. security, traceability, and the management and administration of customer relationships);
• Consent.

Newsletter

Based on the consent you have expressly given, we will send you our newsletter or similar information on a regular basis by email to the email address you have provided.

To receive the newsletter, simply provide your email address. When you sign up for our newsletter, the data you provide will be used exclusively for this purpose. Subscribers may also be informed by email of matters relevant to the service or registration (for example, changes to the newsletter content or technical issues).

You may withdraw your consent to the storage of your personal data and its use for sending the newsletter at any time. A link to do so is included in every newsletter. You can also unsubscribe directly on this website at any time, or notify us of your request using the contact details provided at the end of this privacy policy.

Applications

You can submit your application for a position with us by post or via the email address provided on our website. Your application documents and all personal data provided to us will be treated as strictly confidential, will not be disclosed to any third party, and will only be processed for the purpose of considering your application for a position with us. Unless you give your consent to the contrary, your application file will either be returned to you or deleted/destroyed once the application process has been completed, provided it is not subject to a statutory retention obligation. The legal basis for the processing of your data is your consent, the performance of the contract with you and our legitimate interests.

In particular, we process the following information:

• Contact details (e.g. surname, first name, address, telephone number, email address);
• Personal details (e.g. occupation, role, title, employer);
• Application documents (e.g. cover letter, certificates, CV);
• Assessment information (e.g. HR consultant evaluations, references, assessments).

We process this personal data for the purposes described on the following legal grounds:

• Protection of legitimate interests (e.g. recruitment of new staff); including the initiation of contracts and any enforcement;
• Consent.

Retention period for personal data

We process personal data for as long as is necessary for the relevant purpose or purposes, or as required by law; this means for the duration of the entire business relationship (from the initial contact and processing through to the termination of a contract) and beyond, in accordance with statutory retention and documentation requirements. In this context, it is possible that personal data may be retained for the period during which claims may be brought against our company (i.e. in particular during the statutory limitation period) and insofar as we are otherwise legally obliged to do so or legitimate business interests require it (e.g. for evidential and documentation purposes). Personal data that is no longer required for processing is anonymised or deleted. Individuals whose data we process generally have a right to erasure.

Rights of data subjects

Data subjects whose personal data we process have the rights set out in the relevant data protection legislation. You have the following rights in relation to our processing of personal data:

• The right to access the personal data we hold about you, the purpose of the processing, the source of the data, and the recipients or categories of recipients to whom the personal data is disclosed;
• The right to have your data corrected if it is incorrect or incomplete;
• The right to restrict or prevent future processing of your personal data or its disclosure to third parties;
• the right to request the erasure of the personal data processed;
• Right to data portability;
• the right to object to the processing of data or to withdraw consent to the processing of personal data at any time, with effect for the future, without giving any reason;

To exercise these rights, please contact us at the address given above.

Data subjects whose personal data we process have the right to lodge a complaint with a competent supervisory authority. The supervisory authority responsible for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Please note that we reserve the right to invoke the legal restrictions applicable to us, for example where we are obliged to retain or process certain data, have an overriding interest in doing so, or require such data to assert claims.

The existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.

Use of social media

We maintain a presence on social media and other online platforms in order to communicate with interested parties and provide information about our services. In doing so, personal data may also be processed outside Switzerland and the European Economic Area.

The General Terms and Conditions (GTC), Terms of Use, privacy policies and other provisions of the individual operators of such online platforms apply in each case. These provisions provide information, in particular, on the rights of data subjects, including, in particular, the right of access.

Use of the website

SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential information, such as the enquiries you send to us as the website operator. You can recognise an encrypted connection by the fact that the address bar of your browser changes from „http://“ to „https://“ and by the padlock symbol in your browser bar.

If SSL or TLS encryption is enabled, the data you send to us cannot be intercepted by third parties.

Cookies

We may use cookies on our website. Cookies – whether our own (first-party cookies) or those from third parties whose services we use (third-party cookies) – are pieces of data that are stored in your browser. Such stored data need not be limited to traditional text-based cookies. Cookies cannot execute programs or transmit malware such as Trojans and viruses.

When you visit our website, cookies may be stored temporarily in your browser as «session cookies» or for a specific period as so-called permanent cookies. «Session cookies» are automatically deleted when you close your browser. Persistent cookies have a specific storage period. In particular, they enable us to recognise your browser the next time you visit our website and thereby, for example, measure the reach of our website. However, persistent cookies can also be used for online marketing, for example.

You can disable or delete cookies at any time, either in full or in part, via your browser settings. Without cookies, however, you may not be able to access all features of our website. Where necessary, we will actively seek your explicit consent to the use of cookies.

Below you will find links to the support documents for the most popular web browsers, which explain how to manage and delete cookies.

Chrome: https://support.google.com/accounts/answer/32050

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectslug=delete-cookies-remove-info-websites-stored

Internet Explorer: https://support.microsoft.com/de-de/topic/lschen-von-cookiedateien-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc

If you are using a different web browser, please refer to your browser’s official support documentation.

Server log files

We may collect the following information for each visit to our website, provided that this information is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time, including time zone; Internet Protocol (IP) address; access status (HTTP status code); operating system, including user interface and version; browser, including language and version; individual sub-pages of our website accessed, including the amount of data transferred; the last webpage accessed in the same browser window (referrer).

This information is required in order to provide our online services on a long-term, user-friendly and reliable basis, and to ensure data security and, in particular, the protection of personal data – including where this is carried out by or with the assistance of third parties.

Third-party services

We use third-party services to ensure that our website remains available, user-friendly, secure and reliable. These services also enable us to embed content on our website. These services – such as hosting and storage services, video services and payment services – require your Internet Protocol (IP) address, as they would otherwise be unable to transmit the relevant content. These services may be located outside Switzerland and the European Economic Area (EEA), provided that adequate data protection is ensured.

For their own security, statistical and technical purposes, third parties whose services we use may also process data relating to our website and from other sources – including cookies, log files and web beacons – in an aggregated, anonymised or pseudonymised form.

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the data controller for this website is based outside the European Economic Area or Switzerland, data processing via Google Analytics is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as «Google».

The statistics we collect enable us to improve our service and make it more interesting for you as a user. This website also uses Google Analytics to analyse visitor traffic across devices, which is carried out using a user ID. If you have a Google account, you can disable cross-device analysis of your usage in the settings there under «My data», «Personal data».

The legal basis for the use of Google Analytics is the consent you have given. The IP address transmitted by your browser as part of Google Analytics is not combined with other data held by Google. Please note that on this website, Google Analytics has been extended with the code «_anonymizeIp();» to ensure the anonymised collection of IP addresses. This means that IP addresses are processed in a truncated form, thereby ruling out any possibility of personal identification. Where the data collected about you is personally identifiable, this is therefore immediately excluded and the personal data is deleted without delay.

Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website and internet usage to the website operator.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we would like to point out that, in this case, you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available via the following link: Disable Google Analytics.

You can also prevent Google Analytics from being used by clicking on this link: Disable Google Analytics. This will save a so-called opt-out cookie on your device, which prevents Google Analytics from processing personal data. Please note that if you delete all cookies on your device, these opt-out cookies will also be deleted, meaning that you will need to set the opt-out cookies again if you wish to continue preventing this form of data collection. The opt-out cookies are set per browser and computer/device and must therefore be activated separately for each browser, computer or other device.

Use of Google Tag Manager

Google Tag Manager is a solution that allows us to manage so-called website tags via a single interface, enabling us, for example, to integrate Google Analytics and other Google marketing services into our website. The Tag Manager itself, which implements the tags, does not process users’ personal data. With regard to the processing of users’ personal data, please refer to the following information on Google services. Terms of Use: https://www.google.com/intl/de/tagmanager/use-policy.html.

General Disclaimer

All information on our website has been carefully checked. We endeavour to ensure that the information we provide is up to date, accurate and complete. Nevertheless, the possibility of errors cannot be entirely ruled out, and we therefore cannot guarantee the completeness, accuracy or timeliness of the information, including that of a journalistic or editorial nature. Claims for damages, whether material or non-material, arising from the use of the information provided are excluded, unless there is evidence of wilful misconduct or gross negligence.

Changes

We may amend this privacy policy at any time without prior notice. The current version published on our website shall apply. Where this privacy policy forms part of an agreement with you, we will notify you of any changes by email or by other appropriate means should it be updated.

Questions about data protection

If you have any questions regarding data protection, please send us an email or contact the data protection officer within our organisation, whose details are listed at the beginning of this privacy policy.

As of January 2024