Privacy policy

With this privacy policy we inform about the processing of personal data in connection with our activities and operations, including our website under the domain name bachler.ch. In particular, we inform for what purpose, how and where we process which personal data. We also inform about the rights of persons whose data we process.

For individual or additional activities and operations we may publish further privacy policies or other information on data protection.

We are subject to Swiss law as well as, where applicable, foreign law such as, in particular, that of the European Union (EU) with the European General Data Protection Regulation (GDPR).

The European Commission recognized with an decision of 26 July 2000 that Swiss data protection law provides an adequate level of protection. By a report of 15 January 2024 the European Commission confirmed this adequacy decision.

1. Contact addresses

The controller in the sense of data protection law is:

Bächler Top Track AG
Lohrensäge 2
6020 Emmenbrücke

info@bachler.ch

In individual cases third parties may be responsible for the processing of personal data or there may be joint responsibility with third parties. Upon request we will gladly inform affected persons about the respective responsibility.

Data protection officer or data protection advisor

We have the following data protection officer or the following data protection advisor as a point of contact for affected persons and authorities for inquiries related to data protection:

Claus Dangel
Lohrensäge 2
6020 Emmenbrücke

clausdangel@bachler.ch

2. Terms and legal bases

2.1 Terms

Affected person: Natural person about whom we process personal data.

Personal data: All information relating to an identified or identifiable natural person.

Particularly sensitive personal data: Data about trade union, political, religious or philosophical opinions and activities, data about health, intimate life or membership of an ethnicity or race, genetic data, biometric data that uniquely identify a natural person, data on criminal and administrative sanctions or prosecutions, and data on social assistance measures.

Processing: Any handling of personal data, regardless of the means and methods used, for example querying, matching, adjusting, archiving, retaining, reading, disclosing, obtaining, collecting, gathering, deleting, revealing, ordering, organizing, storing, modifying, distributing, linking, destroying and using personal data.

European Economic Area (EEA): Member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.

2.2 Legal bases

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (FADP) and the Ordinance on Data Protection (DPO).

Where and insofar as the European General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:

• Art. 6(1)(b) GDPR for processing personal data necessary for the performance of a contract with the data subject and for the implementation of pre-contractual measures.
• Art. 6(1)(f) GDPR for processing personal data necessary to safeguard legitimate interests — including the legitimate interests of third parties — provided the fundamental freedoms and rights and interests of the data subject do not override them. Such interests include, in particular, the long-term, user-friendly, secure and reliable conduct of our activities and operations, ensuring information security, protection against misuse, enforcement of our legal claims and compliance with Swiss law.
• Art. 6(1)(c) GDPR for processing personal data necessary to comply with a legal obligation to which we are subject under applicable law of Member States of the European Economic Area (EEA).
• Art. 6(1)(e) GDPR for processing personal data necessary for the performance of a task carried out in the public interest.
• Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
• Art. 6(1)(d) GDPR for processing personal data necessary to protect the vital interests of the data subject or another natural person.
• Art. 9(2) ff. GDPR for the processing of special categories of personal data, in particular with the consent of the data subjects.

The European General Data Protection Regulation (GDPR) refers to the processing of personal data as processing of personal data and the processing of particularly sensitive personal data as processing of special categories of personal data (Art. 9 GDPR).

3. Nature, scope and purpose of processing personal data

We process the personal data that are necessary for us to be able to carry out our activities and operations in a long-term, user-friendly, secure and reliable manner. The processed personal data may in particular fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data. The personal data may furthermore constitute particularly sensitive personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of carrying out our activities and operations, insofar as such processing is permitted.

We process personal data insofar as necessary with the consent of the data subjects. In many cases we may process personal data without consent, for example to comply with legal obligations or to safeguard overriding interests. We may also ask data subjects for their consent even if their consent is not required.

We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data in particular depending on statutory retention and limitation periods.

4. Disclosure of personal data

We may disclose personal data to third parties, have them processed by third parties or process them jointly with third parties. Such third parties may, for example, be specialized providers whose services we use.

In the context of our activities and operations we may in particular disclose personal data to banks and other financial service providers, authorities, educational and research institutions, advisors and lawyers, advocacy groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister and subsidiary companies, organizations and associations, social institutions, telecommunications companies, insurers and payment service providers.

5. Communication

We process personal data in order to communicate with individual persons as well as with authorities, organizations and companies. In doing so we process in particular the data that a data subject provides to us when contacting us, for example by post or e-mail. We may store such data in an address book or with comparable tools.

Third parties who transmit data to us about other persons are obliged to ensure the data protection of these data subjects independently. In particular they must ensure that such data are correct and may be transmitted.

6. Job applications

We process personal data about applicants insofar as they are necessary for assessing suitability for employment or for the subsequent performance of an employment contract. The required personal data result in particular from the information requested, for example within the scope of a job advertisement. We may publish job advertisements with the help of suitable third parties, for example in electronic and printed media or on job portals and job platforms.

We also process those personal data that applicants voluntarily disclose or publish, in particular as part of cover letters, CVs and other application documents as well as online profiles.

Where and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data about applicants in particular in accordance with Art. 9(2)(b) GDPR.

7. Data security

We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. With our measures we in particular ensure the confidentiality, availability, traceability and integrity of the personal data processed, without, however, being able to guarantee absolute data security.

Access to our website and our other digital presence takes place using transport encryption (SSL / TLS, in particular Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn against visiting a website without transport encryption.

Our digital communication is subject — as fundamentally any digital communication is — to bulk surveillance without cause and suspicion by security authorities in Switzerland, in the rest of Europe, in the United States of America (USA) and in other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police authorities and other security agencies. We also cannot rule out that a data subject is being specifically monitored.

8. Personal data abroad

We process personal data primarily in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular to process them there or have them processed there.

We may export personal data to all countries on Earth and elsewhere in the universe, provided that the law there ensures adequate data protection in accordance with the decision of the Swiss Federal Council and — where and insofar as the GDPR is applicable — also in accordance with the decision of the European Commission.

We may transfer personal data to states whose law does not provide adequate data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard contractual clauses or other appropriate safeguards. Exceptionally we may export personal data to states without adequate or appropriate data protection if the special data protection requirements are met for this, for example the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request we will gladly inform affected persons about any safeguards or provide a copy of any safeguards.

9. Rights of data subjects

9.1 Data protection claims

We grant data subjects all claims under applicable law. Data subjects in particular have the following rights:

• Access: Data subjects may request information on whether we process personal data about them and, if so, which personal data are concerned. Data subjects will also receive the information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data as such, but also, among other things, information on the processing purpose, the retention period, any disclosure or any transfer of data to other countries and the origin of the personal data.
• Correction and restriction: Data subjects may have incorrect personal data corrected, incomplete data completed and the processing of their data restricted.
• Opportunity to present their own position and human review: Data subjects may present their own position and request human review in the case of decisions based solely on automated processing of personal data which produce legal effects concerning them or similarly significantly affect them (automated individual decisions).
• Deletion and objection: Data subjects may request deletion of personal data ("right to be forgotten") and object to the processing of their data with effect for the future.
• Data disclosure and data portability: Data subjects may request the disclosure of personal data or the transfer of their data to another controller.

We may postpone, restrict or refuse the exercise of data subjects' rights within the legally permissible framework. We may inform data subjects of any conditions to be met for the exercise of their data protection claims. For example, we may refuse to provide information with reference to confidentiality obligations, overriding interests or the protection of other persons, in whole or in part. We may also refuse deletion of personal data in whole or in part, in particular with reference to statutory retention obligations.

We may exceptionally charge fees for the exercise of rights. We will inform data subjects in advance about any charges.

We are obliged to identify data subjects requesting access or asserting other rights by appropriate measures. Data subjects are obliged to cooperate.

9.2 Legal remedies

Data subjects have the right to enforce their data protection claims in court or to file a report or complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC / EDÖB).

European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some Member States of the European Economic Area (EEA), the data protection supervisory authorities are federally structured, particularly in Germany.

10. Use of the website

10.1 Cookies

We may use cookies. With cookies — our own cookies (first-party cookies) as well as cookies from third parties whose services we use (third-party cookies) — these are data that are stored in the browser. Such stored data are not necessarily limited to traditional text cookies.

Cookies can be stored temporarily in the browser as "session cookies" or for a certain period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies enable, in particular, recognizing a browser on the next visit to our website and thus, for example, measuring the reach of our website. However, permanent cookies can also be used for online marketing.

Cookies can be disabled, restricted or deleted entirely or in part at any time in the browser settings. The browser settings often also allow automatic deletion and other management of cookies. Without cookies our website may no longer be available in full. We request — at least where and insofar as required under applicable law — the explicit consent to the use of cookies.

For cookies that are used for success and reach measurement or for advertising, an overall objection ("opt-out") is possible for many services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging

For each access to our website and our other digital presence we may log at least the following information, insofar as these are transmitted to our digital infrastructure during such accesses: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, called subpage of our website including transferred amount of data, previously visited web page in the same browser window (referrer).

We log such information, which may also constitute personal data, in log files. The information is necessary to provide our digital presence in a long-term, user-friendly and reliable manner. The information is also necessary to ensure data security — also by third parties or with the help of third parties.

10.3 Tracking pixels

We may embed tracking pixels in our digital presence. Tracking pixels are also referred to as web beacons. Tracking pixels — also from third parties whose services we use — are usually small, invisible images or scripts written in JavaScript that are automatically requested when accessing our digital presence. Tracking pixels can capture at least the same information as logging in log files.

11. Social media

We are present on social media platforms and other online platforms in order to communicate with interested persons and to inform about our activities and operations. In connection with such platforms personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The terms and conditions as well as privacy policies and other provisions of the individual operators of such platforms also apply. These provisions in particular inform about the rights of data subjects directly vis-à-vis the respective platform, such as the right of access.

For our social media presence on Facebook, including the so-called page insights, we are — where and insofar as the General Data Protection Regulation (GDPR) is applicable — jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). The page insights provide information about how visitors interact with our Facebook presence. We use page insights to provide our social media presence on Facebook effectively and in a user-friendly manner.

Further information about the nature, scope and purpose of data processing, information about the rights of data subjects and the contact details of Facebook as well as Facebook's data protection officer can be found in the Facebook privacy policy. We have concluded the so-called "Controller Addendum" with Facebook and have thereby in particular agreed that Facebook is responsible for ensuring the rights of data subjects. For the so-called page insights the corresponding information can be found on the page "Information about Page Insights" including "Information about Page Insights Data".

12. Services of third parties

We use services of specialized third parties in order to be able to carry out our activities and operations in a long-term, user-friendly, secure and reliable manner. With such services we can, among other things, embed functions and content into our website. When embedding in this way, the services used necessarily record at least temporarily the IP addresses of users for technical reasons.

For necessary security-relevant, statistical and technical purposes third parties whose services we use may process data related to our activities and operations in aggregated, anonymized or pseudonymized form. These may, for example, be performance or usage data in order to be able to provide the respective service.

In particular we use:

• Services from Google: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) partly for users in the European Economic Area (EEA) and in Switzerland; general information on data protection: "Principles on privacy and security", "More information on how Google uses personal data", Privacy Policy, "Google is committed to complying with applicable data protection laws", "Guide to privacy in Google products", "How we use data from sites or apps on which our services are used", Cookie Policy, "Ads you can control" (settings for personalized advertising).
• Services from Microsoft: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), in Switzerland and in the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; general information on data protection: "Privacy at Microsoft", "Privacy and data protection", Privacy statement, "Data and privacy settings".

12.1 Digital infrastructure

We use services from specialized third parties to obtain the necessary digital infrastructure in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.

In particular we use:

• Cyon: Hosting; provider: cyon GmbH (Switzerland); information on data protection: "Data protection", Privacy policy.

12.2 Audio and video conferences

We use specialized services for audio and video conferences in order to be able to communicate online. For example, we can hold virtual meetings or conduct online training and webinars. The legal texts of the individual services such as privacy policies and terms of use also apply in addition to participation in audio and video conferences.

We recommend, depending on life situation, to keep the microphone muted by default when participating in audio or video conferences and to blur the background or use a virtual background.

12.3 Online collaboration

We use services from third parties to enable online collaboration. In addition to this privacy policy, the terms of use or privacy policies of the services used may also apply directly where visible.

In particular we use:

• Microsoft Teams: Platform for productive collaboration, particularly with audio and video conferences; provider: Microsoft; Teams-specific information: "Security and compliance in Microsoft Teams", including "Privacy".

12.4 Social media functions and social media content

We use services and plugins from third parties to embed functions and content from social media platforms as well as to enable sharing of content on social media platforms and in other ways.

12.5 Map material

We use services from third parties to embed maps in our website.

In particular we use:

• Google Maps including the Google Maps Platform: mapping service; provider: Google; Google Maps-specific information: "How Google uses location information".

12.6 Digital content

We use services from specialized third parties to embed digital content in our website. Digital content includes in particular image and video material, music and podcasts.

12.7 Fonts

We use services from third parties to embed selected fonts as well as icons, logos and symbols in our website.

In particular we use:

• Font Awesome: icons and logos; provider: Fonticons Inc. (USA); information on data protection: Privacy policy.
• Google Fonts: fonts; provider: Google; Google Fonts-specific information: "Your Privacy and Google Fonts", "Privacy and data collection" (Google Fonts).

13. Extensions for the website

We use extensions for our website to utilize additional functions. We may use selected services from suitable providers or use such extensions on our own digital infrastructure.

In particular we use:

• Google reCAPTCHA: spam protection (distinguishing between desired human content and undesired bot content and spam); provider: Google; Google reCAPTCHA-specific information: "What is reCAPTCHA?".

14. Success and reach measurement

We try to measure the success and reach of our activities and operations. In this context we may also measure the effect of third-party notices or examine how different parts or versions of our digital presence are used ("A/B test" method). Based on the results of success and reach measurement we can in particular fix errors, strengthen popular content or make improvements.

For success and reach measurement the IP addresses of individual users are in most cases recorded. In this case IP addresses are generally truncated ("IP masking") so that the corresponding pseudonymization follows the principle of data minimization.

Cookies can be used for success and reach measurement and user profiles may be created. Any user profiles created may include, for example, the pages visited or content viewed on our digital presence, information about the size of the screen or the browser window and the — at least approximate — location. As a rule any user profiles are created exclusively in pseudonymized form and are not used to identify individual users. Individual third-party services where users are logged in may possibly attribute the use of our online offering to the user account or user profile at the respective service.

In particular we use:

• Google Tag Manager: embedding and management of services from Google and third parties, in particular for success and reach measurement; provider: Google; Google Tag Manager-specific information: Privacy policy for Google Tag Manager; further information on data protection can be found with the individual embedded and managed services.

15. Final notes on the privacy policy

We created this privacy policy using the privacy generator from Datenschutzpartner.

We may update this privacy policy at any time. We inform about updates in an appropriate manner, in particular by publishing the current privacy policy on our website.