Privacy policy

Privacy Policy

This privacy policy explains how we process personal data in connection with our activities and our website www.herzogsystemsag.com. In particular, we explain:

what data we process for which purposes how and where we process this data and what rights data subjects have Additional privacy notices may apply for individual or specific activities. We are subject to Swiss data protection law. The European Commission recognized Switzerland as providing an adequate level of data protection in 2000 and reconfirmed this status in January 2024. 

1. Contact Address

herzog systems ag
Feldhofstrasse 65
CH-9230 Flawil
Switzerland
sales@herzogsystemsag.com

In individual cases, other parties may be responsible for data processing or we may process data jointly with third parties.

2. Terms and Legal Basics

2.1 Definitions

  • Data subject: any identified or identifiable natural person whose data is processed
  • Personal data: all information relating to an identified or identifiable person
  • Sensitive personal data: e.g., health data, religious beliefs, ethnic origin, criminal data
  • Processing: any handling of personal data (e.g., storing, deleting, transferring, analyzing)
  • EEA: EU member states plus Liechtenstein, Iceland, and Norway

2.2 Legal Basis

We process personal data in accordance with:

  • the Swiss Federal Act on Data Protection (FADP) and the Data Protection Ordinance (DPO)
  • the EU General Data Protection Regulation (GDPR), where applicable (e.g., for EU-based individuals)

This includes processing based on:

  • necessity for contract performance
  • legitimate interests
  • legal obligations
  • consent
  • protection of vital interests
  • processing of special categories of personal data under Art. 9 GDPR

3. Type, Scope and Purpose of Data Processing

We process data required to operate our business securely and reliably. This includes, for example:

  • browser and device data
  • communication data
  • usage data
  • contact and master data
  • contract and payment data

We collect data:

  • directly from data subjects
  • from third parties
  • from public sources

We process data:

  • based on consent, or
  • where processing is permitted without consent (e.g., overriding interests, legal obligations)

We delete or anonymize personal data when it is no longer required and legal retention periods have expired.

 

4. Disclosure of Data to Third Parties

We may disclose personal data to third parties or allow them to process data on our behalf, including:

  • banks and authorities
  • IT service providers
  • logistics providers
  • marketing agencies
  • insurance companies
  • legal advisors

 

5. Communication

We process data to communicate with individuals (e.g., by email or mail). Data may be stored in address and communication systems.

Anyone transmitting personal data of third parties must ensure that doing so is legally permissible.

 

6. Job Applications

We process personal data as part of recruitment processes, including:

  • information provided in application documents
  • voluntarily submitted additional data
  • publicly accessible online profile data

Applicants may be included in a talent pool upon request.

 

7. Data Security

We take technical and organizational measures to ensure data security (confidentiality, integrity, availability).

Access to our website is encrypted using SSL/TLS (HTTPS).

We point out that digital communication can be subject to lawful monitoring by security authorities — we cannot control this.

 

8. Data Processing Abroad

We generally process personal data in Switzerland or the EEA.

We may also transfer personal data to other countries:

  • if the country ensures an adequate level of protection
  • or if suitable safeguards exist (e.g., standard contractual clauses)
  • or in exceptional cases, with explicit consent

 

9. Rights of Data Subjects

Data subjects have the following rights:

  • Right of access
  • Right to rectification
  • Right to restriction of processing
  • Right to erasure
  • Right to object
  • Right to data portability

We may restrict these rights if legal exceptions apply (e.g., retention obligations).

Verification of identity is required, and costs may be charged in exceptional cases.

Complaints may be submitted to the Swiss Federal Data Protection and Information Commissioner (FDPIC) or an EU supervisory authority.

 

10. Use of the Website

10.1 Cookies

We use first-party and third-party cookies (e.g., for analytics or marketing purposes).
Cookies can be disabled or deleted in browser settings at any time.

10.2 Log Files

We record technical access data in log files (IP address, date, browser, operating system, etc.) for operational security.

10.3 Web Beacons

We use tracking pixels (web beacons) to collect usage data. Third-party providers may use similar technologies.

 

11. Social Media

We operate social media profiles. The respective platform’s privacy policies also apply.

 

12. Third-Party Services

We use services from external providers, such as:

  • Google (Analytics, Tag Manager, YouTube)
  • Microsoft (Teams)
  • Hetzner (Hosting)
  • Vimeo, YouTube (Video embedding)

These providers may technically require collection of IP addresses and usage data.

 

13. Analytics and Performance Measurement

We measure our website’s reach and performance (e.g., via Google Analytics). This may include:

  • pseudonymized processing of IP addresses
  • use of cookies
  • creation of anonymized usage profiles

14. Amendments

We may update this privacy policy at any time. The latest version is published on our website.