Privacy policy

With this privacy policy, we inform you about the processing of personal data in connection with our activities and operations, including our www.herzogsystemsag.com website. In particular, we provide information on what, how, and where we process which personal data. We also inform you about the rights of persons whose data we process.

For specific or additional activities and operations, further privacy policies or other data protection information may apply.

We are subject to Swiss data protection law. The European Commission recognized by decision of July 26, 2000, that Swiss data protection law ensures an adequate level of data protection. In a report dated January 15, 2024, the European Commission confirmed this adequacy decision.

1. Contact Addresses

Responsibility for the processing of personal data: 

herzog systems ag 

Feldhofstrasse 65 

CH-9230 Flawil 

Switzerland 

sales[at]herzogsystemsag.com

In individual cases, third parties may be responsible for processing personal data, or there may be joint responsibility with third parties.

2. Terms and Legal Bases

2.1 Terms

• Data subject: The natural person whose personal data we process.
• Personal data: All information relating to an identified or identifiable natural person.
• Sensitive personal data: Data concerning religious, ideological, political, or trade union views or activities; data concerning health, the intimate sphere, or racial or ethnic origin; genetic data; biometric data that uniquely identifies a natural person; data concerning administrative or criminal sanctions and proceedings; and data concerning social assistance measures.
• Processing: Any handling of personal data, irrespective of the means and procedures applied, such as collecting, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
• European Economic Area (EEA): Member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.

2.2 Legal Bases

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Data Protection Act, FADP) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

Insofar as the European General Data Protection Regulation (GDPR) is applicable, we process personal data bzw. personenbezogene Daten gemäss mindestens einer der folgenden Rechtsgrundlagen:

• Art. 6 Abs. 1 lit. b DSGVO for the required processing of personal data for the performance of a contract with the data subject as well as to take steps prior to entering into a contract.
• Art. 6 Abs. 1 lit. f DSGVO for the required processing of personal data to protect legitimate interests – including the legitimate interests of third parties – unless overridden by the fundamental freedoms, fundamental rights, and interests of the data subject. Such interests include, in particular, the permanent, user-friendly, secure, and reliable conduct of our activities and operations, ensuring information security, protection against abuse, enforcement of our own legal claims, and compliance with Swiss law.
• Art. 6 Abs. 1 lit. c DSGVO for the required processing of personal data to fulfill a legal obligation to which we are subject under any applicable law of member states within the European Economic Area (EEA).
• Art. 6 Abs. 1 lit. e DSGVO for the required processing of personal data for the performance of a task carried out in the public interest.
• Art. 6 Abs. 1 lit. a DSGVO for the processing of personal data with the consent of the data subject.
• Art. 6 Abs. 1 lit. d DSGVO for the required processing of personal data to protect the vital interests of the data subject or of another natural person.
• Art. 9 Abs. 2 ff. DSGVO for the processing of special categories of personal data, in particular with the consent of the data subjects.

The European General Data Protection Regulation (GDPR) refers to the processing of personal data as "Verarbeitung personenbezogener Daten" and the processing of sensitive personal data as "Verarbeitung besonderer Kategorien personenbezogener Daten" (Art. 9 GDPR).

3. Type, Scope, and Purpose of Processing Personal Data

We process the personal data required to conduct our activities and operations permanently, in a user-friendly, secure, and reliable manner. The processed data may fall into categories such as browser and device data, content data, communication data, metadata, usage data, master data (including inventory and contact details), location data, transaction data, contract data, and payment details.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect during our activities, provided such processing is legally permissible.

Where required, we process personal data with the consent of the data subject. In many cases, we can process data without consent, for instance, to fulfill legal obligations or to safeguard overriding interests. We may still request consent even if it is not strictly legally required.

We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data in accordance with statutory retention and limitation periods.

4. Disclosure of Personal Data to Third Parties

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. These third parties include specialized providers whose services we utilize.

For instance, we may disclose data to banks and financial service providers, authorities, educational and research institutions, advisors and lawyers, interest groups, IT service providers, cooperation partners, credit agencies, logistics and shipping companies, marketing agencies, media outlets, social institutions, telecommunication companies, and insurance firms.

5. Communication

We process personal data to communicate with third parties. Within this scope, we process data that a data subject transmits when contacting us (e.g., via postal mail or email). We may store this data in an address book or similar tools.

Third parties who transmit data about other individuals are obliged to ensure data protection compliance towards those affected, including ensuring the accuracy of the transmitted data.

6. Job Applications

We process personal data about applicants to the extent necessary to assess suitability for an employment relationship or for the subsequent execution of an employment contract. The required data arises from the information requested, for example, in a job advertisement. We may publish job openings with the help of suitable third parties (e.g., electronic media, job portals, or career platforms).

Furthermore, we process data that applicants voluntarily provide or publish, particularly as part of cover letters, resumes, certificates, and online profiles.

Insofar as the GDPR is applicable, we process personal data about applicants primarily in accordance with Art. 9 Abs. 2 lit. b DSGVO.

We may allow applicants to store their details in our talent pool for future openings. We may also use this data to maintain contact and share updates. If an applicant appears suitable for a position, we may contact them accordingly.

7. Data Security

We take appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. Through our measures, we ensure the confidentiality, availability, traceability, and integrity of the processed data, although absolute data security cannot be guaranteed.

Access to our website and online presence is encrypted via transport encryption (SSL / TLS, specifically HTTPS). Most browsers warn you if you visit a website that does not use transport encryption.

Our digital communication—like basically all digital communication—is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, Europe, the USA, and other countries. We cannot exert direct influence on this processing by intelligence agencies, police forces, or other security authorities. We cannot rule out that a data subject is being targeted for monitoring.

8. Personal Data Abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly to process it or have it processed there.

We may export personal data to any country or territory on Earth, provided that its local laws ensure adequate data protection according to the decision of the Swiss Federal Council and, where applicable, the European Commission.

We may transfer data to countries whose laws do not provide adequate protection, provided data protection is ensured by other means, such as Standard Contractual Clauses (SCCs) or other appropriate safeguards. Exceptionally, we may export data to countries without adequate protection if specific legal conditions are met, such as explicit consent or a direct connection to the conclusion or performance of a contract. We gladly provide information on or copies of any safeguards upon request.

9. Rights of Data Subjects

9.1 Data Protection Claims

We grant data subjects all rights in accordance with applicable data protection laws. Data subjects have the following rights:

• Access: You can request information on whether we process personal data about you, and if so, which data. You also receive information needed to assert claims and ensure transparency, such as purposes, retention periods, potential disclosures, data exports, and the origin of the data.
• Rectification and Restriction: You can have inaccurate data corrected, incomplete data completed, and the processing of your data restricted.
• Erasure and Objection: You can have your data deleted ("right to be forgotten") and object to the future processing of your data.
• Data Portability: You can request the release of your personal data or its transfer to another controller.

We may defer, restrict, or deny the exercise of these rights within the legally permissible framework. We will inform you about any legal requirements or conditions. For example, we may withhold information to protect confidentiality obligations, overriding interests, or third-party rights. We may also refuse erasure based on statutory retention requirements.

In exceptional cases, we may charge a fee for exercising these rights. We will always inform you of any costs in advance. We are required to verify your identity through appropriate measures before handling your request, and data subjects are obliged to cooperate.

9.2 Right to Legal Redress

Data subjects have the right to enforce their claims through legal action or to file a complaint with a competent data protection supervisory authority.

The supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC / EDÖB).

European data protection authorities are organized as members of the European Data Protection Board (EDPB). In some EEA member states (such as Germany), the supervisory authorities have a federal structure.

10. Website Usage

10.1 Cookies

We may use cookies. Cookies—both our own (first-party) and those of third parties whose services we use (third-party)—are data stored in your browser. This stored data is not limited to traditional text-form cookies.

Cookies can be stored temporarily as "session cookies" (deleted automatically when you close your browser) or for a specific duration as "permanent cookies" (allowing us to recognize your browser on your next visit to measure reach or for online marketing).

You can disable or delete cookies at any time via your browser settings. Without cookies, our website may not function fully. Where required, we actively request your explicit consent for cookie usage.

For cookies used for reach measurement or advertising, a general opt-out is possible via platforms like AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging

For every access to our website, we may log the following details provided they are transmitted to our digital infrastructure: Date and time (including time zone), IP address, access status (HTTP status code), operating system (including interface and version), browser (including language and version), the specific sub-page accessed, volume of data transferred, and the previously visited page (referrer).

We log this information in log files. It is necessary to provide our online presence reliably, permanently, and securely, and to guarantee data security—including through or with the help of third parties.

10.3 Tracking Pixels

We may integrate tracking pixels (also known as web beacons) into our online presence. Tracking pixels—including from third parties—are typically small, invisible images or JavaScript-based scripts that are retrieved automatically upon access. They can collect the same information as log files.

11. Social Media

We are present on social media and other online platforms to communicate with interested individuals and provide updates about our activities. In connection with these platforms, personal data may also be processed outside of Switzerland and the EEA.

The General Terms and Conditions (GTC), terms of use, privacy policies, and other provisions of the respective platform operators apply. These provisions inform you about your rights directly against the platform, such as the right to access.

12. Third-Party Services

We use services from specialized third parties in order to carry out our activities and operations permanently, in a user-friendly, secure, and reliable manner. With these services, we can embed functions and content into our website. For technically necessary reasons, these services capture the IP addresses of users at least temporarily.

For required safety-related, statistical, and technical purposes, third parties whose services we use may process data in an aggregated, anonymized, or pseudonymized form (e.g., performance or usage data).

We use particularly:

• Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) partially for users in the European Economic Area (EEA) and Switzerland; General information on data protection: «Privacy and Security Principles», «How Google uses information from sites or apps that use our services», Privacy Policy, «Google is committed to complying with applicable data protection laws», «Privacy Guide in Google Products», «Types of cookies and similar technologies used by Google», «Ads you can control» («Personalized Advertising»).
• Google Analytics: We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited (Ireland) and Google LLC (USA) (hereinafter "Google").
  • Purpose: Google Analytics uses cookies and similar technologies to analyze the use of our website (e.g., clicked links, downloads, time spent on site) and to create reports on website activity. This helps us to continuously improve our website and our services.
  • IP Anonymization: We use Google Analytics with IP anonymization enabled. This means that your IP address will be shortened by Google within member states of the European Union, in other contracting states of the Agreement on the European Economic Area, and in Switzerland before being transmitted to the USA. According to the provider, the IP address will not be linked to other Google data.
  • Objection (Opt-Out): You can prevent the collection of your data by Google Analytics by refusing your consent in our cookie banner. Alternatively, you can download and install the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout.
• Google Tag Manager: We use the Google Tag Manager provided by Google. This service is used purely to manage website tags (such as Google Analytics mentioned above) via an interface. The Tag Manager itself does not collect any personal data or set any cookies; it merely ensures that our other tools are loaded correctly.
• Microsoft Services: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the EEA, Switzerland, and the UK / Microsoft Corporation (USA) for the rest of the world; General info: «Privacy at Microsoft», «Privacy and confidentiality», Privacy Policy, «Data and privacy settings».

12.1 Digital Infrastructure

• Hetzner: Hosting and other infrastructure; Providers: Hetzner Online GmbH / Hetzner Cloud GmbH (both Germany); Privacy info: Privacy Policy, «Data Protection FAQ».

12.2 Online Collaboration

• Microsoft Teams: Platform for productive collaboration, particularly audio and video conferences; Provider: Microsoft; Specific info: «Security and compliance in Microsoft Teams», particularly «Privacy».

12.3 Digital Content

• Vimeo: Video platform; Provider: Vimeo Inc. (USA); Privacy info: Privacy Policy, «Private video hosting».
• YouTube: Video platform; Provider: Google; YouTube-specific info: «Privacy and Safety Center», «My Data on YouTube».

12.4 Fonts

We use third-party services to embed selected fonts, icons, logos, and symbols into our website.

13. Success and Reach Measurement

We try to measure the success and reach of our activities. In this context, we can also measure the impact of third-party references or test how different parts or versions of our online offer are used ("A/B testing" method). Based on the results, we can fix errors, boost popular content, or make improvements.

For success and reach measurement, IP addresses of individual users are captured in most cases. These are generally shortened ("IP masking") via pseudonymization to follow the principle of data minimization.

Cookies may be used and user profiles may be created during this process. Profiles may include visited pages, viewed content, screen size, browser window size, and approximate location. Profiles are strictly pseudonymized and not used to identify individuals. If you are logged into a third-party service, your usage may be mapped to your profile with that provider.

We use particularly:

• Google Marketing Platform: Success and reach measurement, especially with Google Analytics; Provider: Google; Platform-specific info: Measurement across different browsers and devices (Cross-Device Tracking) with pseudonymized IP addresses, which are only exceptionally transmitted in full to Google in the USA; Google Analytics Privacy Policy, «Browser Add-on to deactivate Google Analytics».
• Google Tag Manager: Integration and management of Google and third-party services, especially for success and reach measurement; Provider: Google; Tag Manager-specific info: Google Tag Manager Privacy Policy; further information can be found within the individual integrated services.

14. Final Provisions

We created this privacy policy using the privacy generator by Datenschutzpartner.

We may adjust and amend this privacy policy at any time. We will inform you of such adjustments and amendments in an appropriate form, particularly by publishing the current privacy policy on our website.