Data Protection Guidelines
40 years cutting edge

Data Protection Guidelines

May 2018

1 Scope

Komax Holding AG and its subsidiaries (hereinafter referred to as Komax Group) provide this Privacy Policy that sets out the company’s practices regarding the collection and disclosure of data. This Privacy Policy applies to all websites that contain a direct link to this policy and that are governed by the Komax Group (hereinafter referred to as the Komax website). By accessing or using the Komax website, you consent to your data being collected and used according to the description provided in this Privacy Policy.
Personal data includes all information relating to an identified or identifiable person. These data protection provisions are an integral part of the Terms of Use, which can be accessed here.
We undertake to handle your personal data in a responsible manner. We therefore consider it a matter of course that we observe the legal requirements of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Telecommunications Act (TCA) and other provisions of Swiss legislation on data protection. We also comply with the provisions of the General Data Protection Regulation (EU) with regard to the personal data of users from the European Union.
Please be aware that the following information may be reviewed and amended from time to time. We therefore recommend that you read this Privacy Policy regularly. The specific data processed and the manner in which this is done depends on the agreed services.
When you visit our website www.komaxgroup.com, your personal data will be collected by us to the following extent and used for the following purposes:

2 Description and scope of data processing

When visiting this site, the web server automatically records log files that are not able to be linked to a certain person. In particular, this data contains the browser type and version, the operating system used, the referrer URL (the previously visited site), the IP address of the computer accessing the website, the access date and time of the server request, and the file request of the client (file name and URL). This data is only used for statistical analysis purposes. Some pages on the Komax website may only be viewed by a user following prior registration. By registering, the user voluntarily makes their personal data available. There is no obligation to register.
The following data is collected in conjunction with the use of the Komax website: - Email address
- Information from interactions on the Komax website
- Services and content used
- Information about the computer or end device used, the internet connections used, page view statistics, the IP address and standard web log information (duration of use, etc.).

3 Purpose and legal basis for data processing

We process personal information in accordance with the provisions of the European General Data Protection Regulation and the Swiss Data Protection Act:

3.1 For the fulfillment of contractual provisions

Data is processed as part of the performance of our contracts with our customers or as part of the performance of precontractual measures carried out on request. The purposes of data processing are primarily based on the specific product or service supplied by us.
The personal data collected in this manner is used for the entire processing of your purchase, including all later warranty claims, technical administration matters, etc.
Further details on the purposes of data processing are provided in the relevant contract documents and terms and conditions of business.

3.2 For the balancing of interests

Where necessary, the processing of your data may go beyond the scope of fulfillment of the contract to safeguard the legitimate interests of the Komax Group or third parties. Examples:
- Consultation of and exchange of data with information agencies (e.g. debt collection register)
- Examination and optimization of methods for requirement analysis to be able to address the customer directly
- Advertising or market and opinion research, providing you have not objected to the use of your data
- Enforcement of legal claims and defense in the event of a legal dispute
- Safeguarding of IT security and IT operations
- Prevention and investigation of criminal acts
- Measures relating to business management and the further development of products and services
- We also collect personal data from publicly accessible sources for customer acquisition purposes.

3.3 Based on your consent

If you have provided us with your consent to process personal data for specific purposes, the legality of this processing is based on your consent. Consent may be withdrawn at any time. This also applies to the withdrawal of declarations of consent issued to us prior to the application of the GDPR. The withdrawal of consent does not affect the legality of the data processed prior to this revocation.

3.4 Due to legal provisions or in the public interest

The Komax Group is also subject to various legal obligations in connection with which we are obliged to process and store your data.

4 Use of Google Analytics

Google Analytics, a web analysis service provided by Google Inc., is activated on the Komax website. Google Analytics uses cookies (text files) that are saved on the user’s computer to enable their use of the website to be analyzed. The information generated by the cookies about the use of this website (incl. IP address) is sent to and stored on a Google server in the USA. Google uses this information to evaluate the use of the website by the user, to compile reports about website activity and internet usage, and to provide services associated with the use of the website and the internet. Google may transfer this information to third parties where legally required to do so or where third parties process this data on behalf of Google. Google does not, under any circumstances, link the user’s IP address with other data collected by Google Inc.
If the user does not want to have their visit to the Komax website analyzed by Google Analytics, they may install the Google Analytics opt-out browser add-on. According to Google, this add-on informs the Google Analytics JavaScript that no information about the visit to the website may be transmitted to Google Analytics.

5 Cookies and data protection

Cookies are employed on the Komax website to store data used to provide the user with a better, quicker and more secure browsing environment. Cookies are small text files stored in the memory of a user’s browser or device when a website is accessed or a message is displayed. Cookies enable a website to identify a specific device or a specific browser the next time it is accessed. Cookies have different functions. They may be required for the operation of the server, to improve performance and to make additional features available. The cookies used on the Komax website are primarily session cookies, i.e. cookies that are automatically deleted by the user’s server after the end of the session. The website may also contain permanent cookies or flash cookies that are stored for a longer period of time on the user’s device.
Cookies may be disabled or removed by tools that are available for most commercial browsers. The settings need to be configured separately for each browser used. Certain features, services and tools on the Komax website are only available in conjunction with the use of cookies. If cookies are disabled, certain website features, services, applications and tools may not be able to be used. In certain cases, passwords may need to be entered more regularly during a browser session.
In general, cookies on the Komax website enable relevant data to be stored on the user’s browser or end device and then retrieved at a later date, thus allowing the user’s browser to be identified by the server of the Komax Group or internal systems.
Cookies are protected to ensure that they are only able to be analyzed by authorized parties. Personal data can be collected using cookies. The user is made aware of this on the website prior to these cookies being enabled. As stated before, these cookies can be disabled.

6 Retention of your personal data

We process and store your data to the extent that it is required to fulfill our contractual and legal obligations. Data that is no longer required for the fulfillment of contractual or legal obligations is deleted at regular intervals. Please note that certain types of data must be stored for a given period in accordance with the law. We are therefore obliged to store data of this kind until these periods expire. We lock this data in our system and use it solely to meet our legal requirements.

7 Disclosure of data to third parties

We only disclose your data to third parties if you provide us with your express consent, if we are otherwise legally entitled to do so or if required for the assertion of our rights. Moreover, we may disclose your personal data to other companies affiliated with the Komax Group if these companies consent to handle this data in accordance with the provisions of this Privacy Policy. Your personal data may also be disclosed to third parties that handle data on our behalf or in our name so that this data can be further processed in accordance with the purpose(s) for which it was originally collected or for other legally permissible purposes, e.g. for the provision of services, to evaluate the benefits of this website or for marketing, data management or technical support purposes. These third parties are under contractual obligation to us to exclusively use personal data for the agreed purposes, to refrain from selling or otherwise disclosing data to other third parties, except in the event that this is legally required, permitted by us or described in this Privacy Policy. Any personal data collected from you may also be disclosed to third parties in the event that the business – including the related customer data – is sold, assigned or transferred, whether in whole or in part. In this case, we would oblige the buyer, assignee or transferee to handle personal data in accordance with the provisions of this Privacy Policy. Personal data may also be disclosed to third parties in the event that we are legally obliged to do so, e.g. by virtue of a court order or official regulations, or if this is required to support criminal or legal proceedings or other legal investigations or proceedings in Switzerland or abroad.

8 Transfer of personal data abroad

We are entitled to disclose your data to third-party companies abroad providing that this is required to execute your orders, this is prescribed by law or you have provided us with your consent. These third-party companies are obliged to safeguard your privacy to the same extent as we do. If the data protection level in a country is considered insufficient in comparison to Swiss standards or by the standard of the EU General Data Protection Regulation, we will conclude a contract to ensure that your personal data is protected according to Swiss standards and the provisions of the EU General Data Protection Regulation at all times.

9 Security

We take reasonable technical and organizational security measures that appear sufficient to safeguard your personal data from manipulation, partial or complete loss and unauthorized access by third parties. Our security measures are updated on an ongoing basis to reflect developments in technology. Personal data is transferred in an encrypted format. This applies to login data. The Komax website uses the HTTPS (Hypertext Transfer Protocol Secure) coding system for this purpose. Absolute protection is not able to be guaranteed, but the website and other systems are safeguarded by technical and organizational measures against the loss, destruction, access, alteration and processing of personal data. We also take data protection at internal level within the Komax Group extremely seriously. Our employees and the service providers contracted by us are bound to secrecy and to comply with data protection regulations. Moreover, access to personal data is only granted insofar as this is necessary.

10 Rights of the data subject

Insofar as is permitted by the applicable legislation, you have the right to information, rectification, restriction, deletion, data portability and objection with regard to your personal data (as does your legal successor, representative and/or proxy). 10.1 Right to information
You may request confirmation from the responsible party as to whether your personal data is being processed by us.
If your personal data is being processed, you may request receipt of the following information from the responsible party:
- The purposes for which the personal data is processed;
- The categories of personal data processed;
- The recipients and/or recipient categories to which your personal data has been or will be disclosed;
- The planned duration of storage of your personal data or, if there is no specific information available here, criteria for determining the duration of storage;
- The existence of a right to rectification or deletion of your personal data, the right to restrict the processing of this data by the responsible party or the right to object to this processing;
- The existence of a right of appeal to a supervisory authority;
- All available information about the origin of the data if the personal data is not collected from the person in question;
- The existence of an automated decision-making process.
You are entitled to request information as to whether your personal data is being transmitted to a third country or an international organization. In this context, you may request to be informed of the appropriate guarantees associated with the transmission of this data.

10.2 Right to rectification

You are entitled to have your personal data rectified or completed by the responsible party if this data is incorrect or incomplete. The responsible party shall correct this information without delay.

10.3 Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:
- For a period of time that enables the responsible party to check the accuracy of the personal data if you dispute the accuracy;
- Processing is unlawful and you decline the deletion of your personal data and instead request the restriction of the use of your personal data;
- The responsible party no longer requires the personal data for processing purposes, but you require this data for asserting, exercising or defending legal claims; or
- If you have submitted an objection to the processing of this data and are not yet certain of the legitimate reasons of the responsible party as compared to your reasons.

10.4 Right to deletion

You may request your personal data to be deleted without delay from the party responsible. They are obliged to delete this data promptly if one of the following criteria applies:
- Your personal data is no longer required for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which the processing of this information relied and there is no other legal reason for processing it.
- You issue an objection to the processing of your data and there are no other overriding legitimate reasons for processing this data.
- Your personal data was unlawfully processed.

10.5 Right to data portability

You have the right to receive the personal information that you made available to the responsible party in a structured, conventional and machine-readable format. Furthermore, you have the right to transfer this data to another responsible party without interference by the responsible party to whom the personal data was made available, providing that the processing is based on consent or a contract and processing is carried out via automated means.

10.6 Right to object

You have the right to submit an objection against the processing of your personal data at any time on grounds relating to your particular situation.
The responsible party will no longer process your personal data unless they can provide compelling legitimate grounds for doing so that supersede your interests, rights and freedoms, or if the processing is necessary for the assertion, exercise or defense of legal claims.

10.7 Right to withdrawal of declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent up to the point of withdrawal.

11 Contact address

If you wish to contact us about our use of your personal data or wish to object to the processing or your personal data, please inform us by email at datenschutz.din@komaxgroup.com. If you contact us, please state the specific data that you want us to correct, update or delete. Please add corresponding proof of identification. Requests to delete personal data are subject to all legal and ethical reporting, archiving and storage obligations that apply to us.

12 Notes for minors and adults

This website is intended for an adult audience. Minors – in particular children under 13 years of age – are prohibited from disclosing personal data to us and registering for services. If we determine that data of this kind has been disclosed to us, it will be deleted from our database. The parents (or legal guardians) of the child may contact us and request for the data to be deleted or for the registration to be canceled. We require a copy of an official document that proves you are the parent(s) or legal guardian.

13 Consent

You consent to the following. You may withdraw your consent at any time with future effect. - I consent to the Komax Group sending me information about various products and services offered by the Group periodically by email. I can withdraw my consent at any time. - I consent to cookies being used to collect, store and take advantage of usage data for retargeting purposes. This website uses various services that all collect usage data through cookies. - I consent to data provided by me and other usage data being analyzed with the aim of presenting me with personalized and/or special offers and services. An analysis of usage data can lead to the creation of user profiles. User profiles are created in pseudonymous form and are not consolidated with personal data.
- I consent to my data being disclosed to affiliated companies or to third parties in Switzerland or abroad for advertising purposes.