Verarbeitung personenbezogener Daten durch die für das Online-Bewerbungsverfahren verantwortliche Stelle
1. General
This Privacy Policy explains how we, GEMA International AG, Neuhofstrasse 5A, 6340 Baar, Switzerland (hereinafter referred to as “we”, “us” or the like) collect and process personal data in connection with the operation and use of our website and its associated applications.The responsible and legally compliant handling of data is important to us. We comply at all times with applicable law, in particular Swiss data protection law and any applicable foreign data protection law, such as the EU European General Data Protection Regulation (EU-GDPR), according to whose standard this Privacy Policy is based.If you are acting on behalf of a company, we may assume that you are authorized to act on behalf of such company in connection with the acceptance of this Privacy Policy (apparent authority), regardless of the internal regulations and/or circumstances of that company and entries in the corresponding company/commercial register and without further verification of such authorization. When we refer to “you”, “your” or the like in this Privacy Policy, this always also refers to the company on behalf of which you are acting and the employees of such company.
2. Collection and processing of personal data
Personal data means any information relating to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, in particular its collection, storage, archiving, use, modification, disclosure, and deletion.We primarily process personal data that we receive from you or collect about you in connection with the operation and use of our website and its associated applications. The input of personal or business data on our website and its associated applications is voluntary.In addition to the personal data that you provide us directly (e.g. when registering for a newsletter or using a contact form), the categories of personal data that we receive about you from third parties in particular include information from public registers (e.g. debt collection register or company/commercial register), credit information (if we conduct business with you) as well as data in connection with the use of our website and its associated applications (e.g. IP address, MAC address, settings, and other information about the device used, date and time of the visit, webpages and contents accessed, functions used, referring website, location details).
If you provide us with personal data of other persons (e.g. family members, work colleagues), you must ensure that these persons have agreed to such provision and have taken note of the contents of this Privacy Policy.
3. Purpose of data processing and legal basis
We process personal data primarily for the following purposes:
Ensuring the operation of our website and its associated applications
Responding to inquiries you send us via contact forms on our website and its associated applications
Compliance with our legal obligations in Switzerland and abroad
In addition, we process personal data of you and other persons, to the extent permitted by law and where appropriate, also for the following purposes which are in our legitimate interest:
Further development of our website and its associated applications as well as of our offers and services
Marketing (e.g. sending newsletters), provided that you have not objected to this use of your personal data
Assertion of legal claims and defense in connection with legal disputes and official proceedings
We process personal data in accordance with Swiss data protection law and, where applicable, with the EU-GDPR. In relation to the EU-GDPR, we process personal data with the consent of the data subject (art. 6 para. 1 lit. a EU-GDPR), for the performance of a contract to which the data subject is party and for taking corresponding steps prior to entering into a contract (art. 6 para. 1 lit. b EU-GDPR), to comply with a legal obligation to which we are subject under any applicable EU law or under any applicable law of a country in which the EU-GDPR is wholly or partially applicable (art. 6 para. 1 lit. c EU-GDPR) and to protect the legitimate interests pursued by us or by third parties, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Legitimate interests are in particular our business interests to operate our website and its associated applications, information security, the enforcement of our own legal claims and compliance with applicable law (art. 6 para. 1 lit. f EU-GDPR).
If you have given us your consent to process your personal data for specific purposes (e.g. when registering for a newsletter), we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. A given consent can be withdrawn at any time, but this does not affect data processed prior to such withdrawal.
4. Retention period for personal data
We process and retain your personal data as long as required for the purposes pursued with the processing or for the performance of our contractual obligations and compliance with legal obligations as well as beyond this duration in accordance with legal retention and documentation obligations.Personal data may be retained for the period during which claims can be asserted against our company (e.g. in particular during the statutory limitation period) or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g. for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized, to the extent possible. In the case of long-term retention obligations, we limit the processing as much as possible.
5. Transfer of personal data
Within the scope of the purposes stated in section 3 and our business activities, we disclose your personal data, to the extent permitted by law and where appropriate, to third parties in Switzerland and abroad, in particular to our service providers, suppliers and auxiliary persons (e.g. hosting providers, software suppliers, IT service providers, newsletter service providers, debt collection service providers, banks, legal advisors/counsels) as well as to authorities, official offices or courts.If we transfer data to a country without adequate legal data protection, we ensure an appropriate level of protection as legally required by way of using appropriate contracts or we rely on the statutory exceptions, in particular the exceptions of consent, the performance of contracts as well as the establishment, exercise or enforcement of legal claims.
6. Newsletter
On our website, you are given the opportunity to subscribe to our newsletter. The input mask used for this purpose determines what personal data are transmitted.Newsletters may only be received if you have a valid e-mail address. A confirmation e-mail will be sent to the e-mail address registered by you. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.During the registration for the newsletter, we also store your IP address as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later point in time, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. The subscription to our newsletter may be terminated at any time. The consent to the storage of personal data, which you have given for sending the newsletter, may be revoked at any time. For the purpose of revocation of your consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter by communicating this to us in a different way.
8. Rights of data subjects
Persons about whom we process personal data have the right to request confirmation from us whether we process personal data and, if so, information about our processing of their personal data. Furthermore, data subjects may, if provided for under the data protection law applicable to them (in particular the EU-GDPR), restrict the processing of their personal data, exercise their right to data portability or have their personal data rectified, erased (“right to be forgotten”) or blocked, withdraw consents granted and object to the processing of their personal data. The exercise of the aforementioned rights usually requires that you clearly prove your identity. For this purpose, please send us a copy of your identification document if your identity is not otherwise clear or cannot be verified.
We reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain personal data, have an overriding interest (insofar as we may invoke such interest) or need the data for asserting claims. Please note that the exercise of the aforementioned rights may be in conflict with contractual agreements between you and us (e.g. on the provision of services that we are providing to you) and that this may result in consequences such as premature contract termination or costs. If this is the case, we will inform you in advance.
In addition, persons about whom we process personal data have the right to enforce their rights in court or to lodge a complaint with the competent data protection authority. The data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). Information on the FDPIC can be found under the following link:
https://www.edoeb.admin.ch/edoeb/en/home.html
Data subjects and supervisory authorities can contact us by e-mail or by letter at the addresses listed in section 9.
9. Controller
The “controller” of the data processing as described in this Privacy Policy is GEMA International AG. In case of any data protection related concerns, you can contact our data protection officer (art. 37 EU-GDPR) by e-mail or by letter as follows:
GEMA International AG
Heiko Friedrich
Neuhofstrasse 5A
6340 Baar
Switzerland
data-privacy@thegema.com
10. Data security
We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse (e.g. encryption of data media and data transmissions, access restrictions). The access to our website and its associated applications is via SSL/TLS encryption.
11. Amendments
We may amend this Privacy Policy at any time without prior notice. The current version published on this website applies.