1. Preamble
1.1 Purpose
This Privacy Policy provides information on how and for what purposes Pestalozzi Group processes personal data which you disclose to us or which we collect from you.
Pestalozzi Group includes all following independent legal entities:
• Pestalozzi Holding AG, Riedstrasse 1, 8953 Dietikon, UID: CHE-148.679.784
• Pestalozzi AG, Riedstrasse 1, 8953 Dietikon, UID: CHE-105.940.075
• Gabs AG, Bahnhofstrasse 17, 8274 Tägerwilen, UID: CHE-101.300.818
• Transstahl AG, Silbernstrasse 5, 8953 Dietikon, UID: CHE-104.011.747
• PG Service und Betriebs-AG, Riedstrasse 1, 8953 Dietikon, CHE-100.132.234
• Willy Schneider AG, Gheidgraben 2, 4600 Olten, UID: CHE-184.251.353
• Willy Schneider Oberriet AG, Kellenstrasse 38, 9463 Oberriet SG; UID: CHE-434.126.931
1.2 Definitions
According to the swiss Data Protection Act (DPA) Art. 5 lit. a, ‘personal data’ are all data and information relating to an identified or identifiable natural person or which lead to a direct or indirect unique identification of a person, regardless of whether this takes a physical or electronic form. This includes:
• names,
• unique identification numbers,
• location data,
• any other data relating to the
• physical,
• genetic,
• psychological,
• economic,
• cultural or
• social identity of a person.
The processing of the following personal data falls under the category of ‘personal data requiring special protection’ according to DPA Art. 5 lit.c:
• Religious, ideological, political or trade union-related views or activities
• Health, privacy or racial or ethnic affiliation
• Genetic data
• Biometric data that uniquely identifies a natural person
• Data about administrative or criminal prosecutions or sanctions
• Data about social assistance measures
1.3 Controller and contact details
The name and address of the Controller responsible for processing your personal data are as follows:
Pestalozzi AG
Peter Mattenberger
Data Protection Consultant
Riedstrasse 1
CH-8953 Dietikon
Telephone: +41 44 743 22 89
Email: peter.mattenberger@pestalozzi.com
Please contact this person if you have any questions relating to data protection.
2. General data origin and data categories
2.1 Origin and categories
We primarily process personal data that we receive or collect from our customers, interested parties, website visitors and business partners in the course of our business activities. In addition, we may also process personal data that we have obtained from publicly accessible sources (e.g. websites or public registers such as the commercial register, etc.). Finally, we may also have received your personal data from our business partners, official bodies or authorities or from other third parties.
The personal data we process may include personal and contact information (e.g. name, address, title, gender, date of birth, telephone number and email address), financial information for payment purposes (e.g. bank account details), information about the use of our website (e.g. IP address) and information of any kind from correspondence, contacts and interactions with us.
2.2 Processing purposes
We generally process your personal data for purposes that are necessary in relation to our business activities and the provision of our services. In particular, this refers to:
• Communication with you, in particular to be able to provide you with information, to process your requests and inform you about new developments;
• Conclusion or execution of contracts with you, your employer and customers (including invoicing);
• Operation of infrastructure, which includes the website or apps used, in order to provide you with our services and evaluate and improve them;
• Use of cookies or other tools on the website;
• Marketing (e.g. mailings with unsubscribe link, special occasions), newsletters, relationship management;
• Market analysis, planning, development of products & services;
• Statistical purposes;
• Compliance (adherence to national and international laws, industry standards, directives, etc.);
• Legal procedures, investigations;
• Maintaining security, access control;
• Business management, risk management;
• Corporate transactions (e.g. M&A);
• Media relations, PR, publications;
• Shareholder services, investor relations;
• Training, instruction, continuing education;
• IT and building security measures (e.g. access controls, visitor lists, network and mail scanners, telephone badging);
• Crime and fraud prevention.
2.3 Processing duration
We process and store your personal data
• For as long as this is necessary for the respective purpose of the processing;
• For as long as we have a legitimate interest in storing such data (to enforce or defend against claims, for archiving purposes and to ensure IT security);
• For as long as they are subject to a legal obligation to retain data (e.g. CoO or GeBüV).
2.4 Data recipients
We may disclose personal data, to the extent permitted, to the following categories of recipients:
• Providers to whom we have outsourced certain services (e.g. IT and hosting providers, photographers, payment service providers, etc.);
• Vendors, subcontractors and other business partners, as well as companies within the Pestalozzi Group;
• Auditors;
• Domestic and foreign authorities, official agencies or courts;
• Third parties who collect data about you via a website or app.
2.5 Third parties
Third parties who operate services on behalf of Pestalozzi AG are referred to as data processors here. Pestalozzi AG will draw up contracts with the data processors, guaranteeing the requirements and measures for compliance with data protection. The data processors will take the appropriate security measures to protect your personal data and will be instructed by Pestalozzi AG to process only the data explicitly specified by Pestalozzi AG as the client.
If you would like more information about our contracted data processors, please contact the Data Protection Consultant named in 1.3.
2.5.1 International data transfer
In principle, we process your personal data in Switzerland. However, in certain cases (e.g. if using certain service providers or software applications) your personal data may also be transferred abroad. In this case, Pestalozzi prefers to use partners in the member states of the European Union and the EEA wherever possible. Where this is not possible, it may use partners in other third countries worldwide, in particular the USA.
If we transfer data to a country without adequate legal data protection (known as insecure third countries), we ensure an adequate level of protection by using appropriate contracts, as provided by law, or rely on the legal exceptions of consent, contract performance, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects. Nevertheless, we would like to point out that data transmitted abroad is no longer protected by Swiss law, and foreign laws or official orders may require the disclosure of such data to authorities and other third parties.
3. Data security
We have taken technical and organisational security measures to protect your personal data from loss, destruction, manipulation and unauthorised access. Our security measures are constantly being revised and optimised in line with technological developments. If you use a service of our website or our online shop, your personal data will be transmitted to us. We encrypt such data using suitable technical means to prevent them falling into the wrong hands.
4. Technical means
A list of the tools used to analyse and, if necessary, process data on our public websites can be found in the Cookie Policy of the Pestalozzi Group.
5. Protection of personal data
The Pestalozzi Group attaches great importance to the protection of your personal data. Since both the protection of privacy and the protection of our business partners, customers and applicants are of particular importance to us, we will treat your personal data confidentially in accordance with the applicable data protection regulations.
6. Your rights
6.1 Access, rectification and erasure
Within the scope of the data protection law applicable to you and insofar as provided therein, you have the right to free access, rectification and erasure, the right to restrict data processing and otherwise to object to our data processing or to the release of certain personal data for the purpose of transfer to another entity (known as data portability).
6.2 Revocation
If data processing is based on your consent, you can revoke this at any time after giving your consent, with effect for the future. However, this does not affect the lawfulness of processing carried out on the basis of consent up until its revocation.
6.3 Contact
To exercise your rights under 6.1 and 6.2, please contact peter.mattenberger@pestalozzi.com.
6.4 Legal enforcement
Every data subject also has the right to enforce their claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
7. Adjustments to this Privacy Policy
We expressly reserve the right to amend this Privacy Policy at any time. If such adjustments are made, we will immediately publish the adjusted Privacy Policy on our website. The Privacy Policy published on our website is valid in each case. Please note that data protection regulations and data protection practices, e.g. at Google, are always subject to change.
8. Further provisions
Should individual provisions of these Terms of Use and Privacy Policy prove to be invalid, ineffective or unenforceable, this shall not affect the validity, effectiveness and enforceability of the remaining parts of the Terms of Use and Privacy Policy. Any questions and disputes arising in connection with the use of Pestalozzi Group services shall – to the extent permitted by law – be governed exclusively by Swiss law, expressly excluding its conflict of law provisions. Mandatory conflict of laws provisions remain reserved. The exclusive place of jurisdiction is Dietikon; mandatory places of jurisdiction are reserved.