Alu Menziken Privacy Notice
1….. What is this Privacy Notice about?
2….. Who is the controller for processing your data?
3….. How do we process data in relation with our products?
4….. How do we process data in relation with advertising?
5….. How do we work together in the group?
6….. How do we work with service providers?
7….. Can we disclose data abroad?
8….. How do we process data in relation with our website?
9….. How do we process data through social media?
10…. Are there other processing purposes?
11…. How long do we process personal data?
12…. What is the legal basis for our processing?
This Privacy Notice explains how we process personal data in relation with our business and with our website. If you would like more information about our data processing, please feel free to contact us (sec. 2). “Personal data” means any information that can be related with a specific individual, and “processing” means any handling of personal data, such as collecting, using, and sharing it.
For each data processing, there are one or several companies acting as the «controller», which means they are primarily responsible to ensure compliance with applicable data protection laws. The processing set out in this Privacy Notice is carried out by members of the Alu Menziken group (the “Group”). The Group includes Alu Menziken Extrusion AG, Switzerland, Alu Menziken Euromotive GmbH, Austria, and Alu Menziken SRL, Romania (see www.alu-menziken.com/en/privacy-policy).
Usually the Group company with which you are in contact in view of a potential or existing contract is the «controller». Several Group companies may act together as “joint controllers” for processing activities carried out jointly for several members of the Group, such as customer relationship management, marketing, and our website. You may contact any of these companies, but we feel free to contact us directly at the following address for any questions related to our data processing:
Alu Menziken Extrusion AG
Alte Aarauerstrasse 11
CH-5734 Reinach
When you use our products and services (collectively «products»), we process data for onboarding of conclusion of an agreement and for its performance and management. However, we are a B2B company, and the personal data processed is therefore limited:
- We may advertise our services (see sec. 4).
- We process personal data if we are in contact with you or the company you work with in view of an agreement, for example when we discuss an agreement or otherwise communicate with each other. This is mostly data you provide to us, such as your name, your contact details, date of birth, information collected through applications and forms, as well as your role with your company and similar job-related information. We may also process data about members of the management as part of the general information we use about companies with which we may cooperate.
- Before entering into an agreement, we may collect creditworthiness information about our contractual partner, which may include information about related individuals. For this purpose, we obtain address and creditworthiness information from Creditreform Essen, a credit reporting agency. We use this data for address verification and creditworthiness checks and then delete it (except the current address).
- Where useful in view of a potential agreement, we may obtain data from public registers (such as the commercial register), the media and the internet.
- If we enter into an agreement, we process the data collected in the onboarding process as well as information about the agreement, which may be linked to individuals related to our contractual partner. We also process personal data during and after the agreement, such as information about the purchase of products, payments, contacts with customer service, claims, complaints, returns, about termination and – if there should be disputes in relation with the agreement – also in relation with them and related proceedings.
- We also process the data set out above for statistical purposes (such as which products sell best, in which regions and when, etc.). These statistics help with the improvement and development of products and business strategy generally.
If you share data with us that relates to other individuals (such as other staff working with you), we understand that the data provided are correct and that you act within your rights when sharing it with us. We ask that you inform these individuals about our data processing (such as by pointing them to this Privacy Notice).
You are not under an obligation to provide data to us, except in some cases such as when it is required to comply with a contractual obligation. However, we have to process data for legal and other reasons when we conclude and execute contracts. The use of our website would also not be possible without some data processing (see sec. 8).]
We also process personal data in order to advertise our services and services of third parties:
- Newsletter: We send out electronic information and newsletters, which may include advertising for our products as well as offerings by companies with which we cooperate. We will ask for your consent before sending out electronic marketing, except for certain offers to existing customers. In addition to your name and e-mail address, we also process information about which services you have used, whether you open newsletters and which links you click on. For this purpose, a service provider we use includes invisible images that are loaded from a server via a coded link and transmits related information. This is a common method that helps us assess the effect of newsletters and optimize them. You can object by setting your email program accordingly (e.g. by switching off automatic loading of images).
- Market research: We also process data to improve and develop new services, e.g., information about purchases made or reactions to newsletters or information from customer surveys and polls or from social media, media monitoring services and public sources.
The members of the Group procure services centrally from the Group, such as customer relationship management, accounting and IT services, and the Group companies work with each other in other matters as well and may exchange personal data for these purposes. They may share personal data with each other in order to manage customers and related individuals centrally, or conduct marketing for offerings provided by more than one Group company. Group companies may also use data received from other group companies for their own purposes, like those set out in sec. 9 below.
We use services from various third parties, especially IT services (examples are hosting providers, data analytics providers and cloud-based software providers), shipping and logistics services and services from banks, the post, consultants and other providers.
Most recipients of data, particularly Group companies, are located either in Switzerland or within the EEA. However, some of our service providers as well as their subcontractors may have locations in other countries including the US, but also others potentially worldwide. We may also share data with authorities abroad if we are legally compelled to do so or, for example in relation with a sale of assets or with legal proceedings (see sec. 9). Not all of these countries have adequate data protection. We therefore use appropriate safeguards, in particular the EU standard contractual clauses, which can be found here[1]. We may share data abroad without such safeguards in some cases, as permitted under applicable data protection law, e.g. with your consent or where the disclosure is necessary for the performance of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.
How do we process data in relation with our website?
Every time you use one of our websites, some data is collected and temporarily stored in log files (log data), including the IP address of the device used, information about the internet service provider, the device operating system, the referring URL, the browser used, date and time of access, and content accessed when visiting a website. We use this data to provide our website, to ensure security and stability, to optimize our website and for statistical purposes.
Our websites also use cookies. These are small files that your browser stores on your device. Cookies allow us to separate individual visitors from others, but usually without identifying visitors. Cookies may also include information about content accessed and the duration of the visit. Certain cookies («session cookies») are deleted when the browser is closed. Others («persistent cookies») are stored for a certain period of time so that we can recognize recurring visitors. We may also use other technologies such as pixels or browser fingerprints. Pixels are invisible images that are loaded from a server and transmit certain information through a coded link. Fingerprints are information about the configuration of your device that make your device distinguishable from others. You can configure your browser in the settings so that it blocks certain cookies, or deletes cookies and other stored data. You can find out more about this in the help pages of your browser (usually under the keyword «Privacy»).
Cookies and other technologies may also be placed by third party services providers. These may be located outside of Switzerland and the EEA (for more information, see sec. 7).
Two examples for service providers are Google Analytics and Dealfront. We may use other providers as well but usually they collect and process data in a similar manner:
- We use Google Analytics on our website, an analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd (Google Building Gordon House, Barrow St, Dublin 4, Ireland). Google collects certain information about the behavior of users on the website and about the terminal device used. The IP addresses of visitors are shortened in Europe before being forwarded to the USA. Google provides us with evaluations based on the recorded data, but also processes certain data for its own purposes. Information on the data protection of Google Analytics can be found here[2], and if you have a Google account yourself, you can find further details here[3] . If you wish to object to our use of Google Analytics for your visits, feel free to install Google’s opt-out browser plug-in available at https://tools.google.com/dlpage/gaoptout?.
- Another provider used is Dealfront (provided by Liidio Oy as part of Dealfront Group) to analyze user behavior. Dealfront collects the IP address of visitors along with related information such as the company name or industry code. Dealfront matches the IP visitor’s IP address against a list of known companies.
In addition, we may use third-party provided components on our website to provide additional features or make using the website more customer-friendly. Two examples are Google Maps and Google Fonts:
- We use the “Google Maps” component of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). Each time “Google Maps” is called Google sets a cookie to process user settings and data. This cookie is not deleted when the browser is closed, but expires after a certain period of time, unless you delete it manually beforehand. The scope and purpose of this data collection, the further processing and use of the data by “Google” itself and the use of “Google Maps” and the information obtained via “Google Maps” can be found in Google’s data protection information and the Google terms of use, which you can access at https://maps.google.com/help/terms_maps. If you do not agree with this processing you may deactivate the Java Script function in your browser.
- We also use fonts provided by Google. When you access a page, your browser loads the font to display text and fonts. When fonts are called Google can see that our website has been accessed from your IP address. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy notice at https://policies.google.com/privacy.
We operate our own pages on social networks and similar platforms such as LinkedIn, YouTube and Facebook). If you communicate with us or comment on or redistribute content, we use data mostly for communicating with you as well as for marketing and statistical purposes (see sec. 4 and 10). We have the right but not the obligation to review content before or after publication and delete content without notice, when possible. Where rules of decency and conduct are breached we may report the user to the provider for blocking or deletion.
Please note that the provider of the platform may collect and use data as well, under its own terms and conditions. Where we act as a joint controller with the provider, we have an agreement with the provider in place. You may obtain additional information from the relevant provider. More information about the provider’s data processing can be found in its notice.
Yes. Typical (though not necessarily frequent) cases are as follows:
- Communication: When we are in contact with you (like when you are in contact with customer service), we process the content as well as information about the nature, timing and location of the communication. For your identification, we may also process information about proof of identity. Telephone conversations with us may be recorded but you will be informed before the recording starts.
- Job applications: If you apply for a job with us, we will process the data we receive from you for the application process, and we may process data collected from public sources such as job-related social media. The data will be processed to review the application, to enter into an employment relationship with successful candidates, and for non-personal statistical purposes. We delete the data from unsuccessful applications except for your name, address, and the application date, and unless you agree that we keep information in case there are other opportunities in the future.
- Compliance with legal requirements: We may disclose information to authorities as required by law or in order to comply with internal regulations.
- Prevention: We process data to prevent crime and other misuse, for example fraud prevention or for internal investigations.
- Legal proceedings: Where we are involved in legal proceedings (e.g. court or administrative proceedings), we process data such as information about other parties to the proceedings and individuals involved such as witnesses and disclose data to such parties, courts and authorities, possibly also abroad.
- IT security: We also process data for monitoring, controlling, analyzing, securing and assessing our IT infrastructure, as well as for backups and archives.
- Competition: We process data about our competitors and the market environment in general (e.g. the political situation, the association landscape, etc.). We may also process data about key persons, such as their name, contact details, role or function and public statements.
- Transactions: If we sell or acquire assets, business units or companies, we process data to prepare and execute transactions, e.g. information about customers or their contact persons or employees, and we may also disclose such information to potential buyers or sellers.
- Other purposes: We process data to the extent necessary for other purposes such as training and education, administration (e.g. contract management, accounting, enforcement and defense of claims, evaluation and improvement of internal processes, preparation of anonymous statistics and evaluations; acquisition or disposal of receivables, businesses, parts of businesses or companies and safeguarding other legitimate interests.
We process your personal data as long as it is necessary for the purposes of the processing (in case of a contract, usually the duration of the contractual relationship), as long as we have a legitimate interest in keeping data (such as to enforce legal claims, for archiving purposes, and for maintaining IT security) and as long as data is subject to a statutory retention obligation (for certain data, for example, a ten-year retention period applies). After these periods have expired, we delete or anonymize your personal data.
Depending on applicable law, data may only be processed on the basis of legal grounds. This does not apply under the Swiss Data Protection Act, but it does where the European General Data Protection Regulation (GDPR) applies. In that case, these are the legal bases that apply to our processing:
- processing is necessary for the performance of a contract or to take steps at your request during the pre-contractual stage (article 6(1)(b) GDPR);
- to protect legitimate interests, so long they are not outweighed by contrary interests (article 6(1)(f) GDPR). This applies, for example, for our processing in relation with a contract with the company you work for, in order to ensure compliance and safeguard our rights, ensure the security of our systems and sites, monitor performance, keep documentation, conduct statistical analyses, assessing or make corporate transactions, and sharing data within the Group;
- with your separate consent (article 6(1)(a) GDPR.
You have certain rights, subject to conditions and restrictions under applicable law:
- You may request a copy of your personal data and further information about our data processing;
- you may object to our data processing, especially in relation with direct marketing (e.g. our newsletter);
- you may have incorrect or incomplete personal data corrected or completed;
- you may receive the personal data that you have provided to us in a structured, common and machine-readable format, where the processing is based on your consent or is necessary for the performance of the contract with you;
- where we process data on the basis of consent, you may withdraw consent at any time, with effect going forward.
If you wish to exercise your rights feel free to contact us (sec. 2). We will usually have to verify your identity first. You are also free to make a complaint with the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC; www.edoeb.admin.ch), in Austria, the Datenschutzbehörde (www.dsb.gv.at), and in Romania, the National Supervisory Authority (www.dataprotection.ro).
[1] Link to https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914.
[2] Link to https://support.google.com/analytics/answer/6004245.
[3] Link to https://policies.google.com/technologies/partner-sites?hl=de.