Data Protection Policy and Provision of Information

Data protection

In the information provided below, we explain what personal data we collect, what we do with it and who you can contact if you have any concerns. We are committed to protecting your personal data. We handle your personal data confidentially and process your data exclusively within the framework of legal regulations.

 

1. Who is responsible for processing your data and who can you contact about this?

We are Celsio Kälte- und Klima AG (hereinafter referred to as “Celsio”), headquartered in Dällikon, Switzerland. If you have any questions about this data protection statement, wish to assert your data protection rights or have other concerns regarding data protection, please contact us at the following address:

Celsio Kälte- und Klima AG
Langwiesenstrasse 7
8108 Dällikon
Switzerland
datenschutz@celsio.ch 
 

 

2. What data do we process, for what purpose and on what legal basis?

2.1    Customer and supplier master data management, including contract preparation

In order to manage master data on customers and suppliers, including preparing quotations and contracts for our customers, we process the following personal data about employees of (potential) customers and suppliers:

• First name, last name, academic title
• Work contact details (work telephone number, work address, work email address)
• Company/employer and position within the company
• Attribute as contact person for deliveries/services and for special offers
• In the case of sole traders, we process further company-specific data such as the individual’s VAT identification number, bank details, company turnover, contractual data and any quotations offered or received

We process the aforementioned personal data on the basis of our legitimate interests, namely initiating contracts, expanding our business activities, acquiring new customers, suppliers and projects, and solidifying our relationships with existing customers and suppliers.

2.2    Contract execution and ongoing customer care and supplier management

In order to execute existing contracts, provide customer care and manage relationships with suppliers, we process the following data about our customers and suppliers and/or their employees:

• First name, last name, academic title
• Work contact details (work telephone number, work address, work email address)
• Company/employer and position within the company
• Attribute as contact person for deliveries/services and for special offers
• Correspondence sent and received in the context of contracts and/or projects 
• In the case of sole traders, we process further company-specific data such as the individual’s VAT identification number, bank details, company turnover, contractual data and any quotations offered or received

We process the aforementioned personal data to initiate contracts and fulfil existing contracts. 

Where necessary in this context and based on our legitimate interest, we may transmit the aforementioned personal data to the following recipients:

• Courts, administrative agencies, public bodies
• Insurance providers
• Cooperation partners
• Legal representatives
• Recipients communicated by our customers and/or suppliers
• Banks

Having regard to our legal retention obligations in accordance with the Swiss Code of Obligations (Obligationenrecht – OR), we store the aforementioned personal data for 10 years from the end of the year in which the respective contract or transaction was fulfilled or completed. If necessary, this term may also be exceeded if the personal data is required for judicial, administrative and/or tax-related proceedings; in this case, the retention or processing extends until the final, legal conclusion of the respective proceedings.

2.3    Applicant management

In order to process applications, including applications for apprenticeship positions, to conduct application procedures, including the pre-selection process, to conduct interviews, to facilitate personnel decisions and, if necessary, to retain records of applicants, we process the following personal data:

• Master data (first and last name, academic title, date of birth and, if applicable, nationality)
• Contact details (address, telephone number, email address)
• Education details (data on school, university and other education)
• Professional experience/qualifications (data on previous employers and roles)
• Application documents (CV, cover letter, certificates provided)
• Skills and linguistic proficiency

As a fundamental rule, your application documents and related submissions should not contain any special categories of personal data (e.g. data regarding your ethnicity, religious or philosophical beliefs, political views, union membership, health data, biometric data, genetic data or data regarding your sex life or sexual orientation – referred to collectively as “sensitive data”). If your application contains sensitive data, we will not process this data in the context of the application process and will not use it as the basis for hiring decisions – unless it is significant to the application, e.g. details of disabilities; instead, we will simply store this sensitive data with other application documents. 

In the context of this purpose, we process your personal data to conduct the application process and/or for contract initiation. 

If we reject your application, we will retain your application for consideration for future vacancies if you give us your consent to do so. 

If your application is successful, we will continue to process you application data as part of your personnel file. If we reject your application, we will retain your personal data for a period of 6 months (or 12 months for applicants with disabilities) from the date on which we communicate our decision to you. If you consent to our retaining your data in our records, we will process your personal data until you revoke your consent.

2.4    Processing enquiries submitted via our contact form

In order to process enquiries submitted via the contact form on our website, we process the following personal data so that we can respond to your enquiries, requests and complaints:

• First name and last name (or name provided)
• Email address
• Subject (free text)
• The contents of your message or enquiry

In this case, we process your personal data on the basis of our legitimate interest, which lies in being able to respond to your enquiry or, in the case of an enquiry regarding a product or service, to initiate a contract.

We process your personal data in the course of processing your enquiry for as long as necessary to provide a final answer.

 

3. Changes of purpose

We will inform you before Celsio processes your data for any purpose other than those stated herein. We expressly reserve the right to issue specific data protection statements and to update this data protection statement.

 

4. Who can we disclose your data to and from whom do we obtain your data?

Further to the information provided in Point 2, in this section we set out other potential recipients of your personal data.

Your data will only be disclosed within the Celsio organisational structure on a need-to-know basis to bodies, companies and employees that require your data to fulfil a specific purpose and in the context of the respective legal basis. In addition, your data may be disclosed to processors (e.g. IT service providers) we engage if they require your data to fulfil their task. We contractually obligate all processors to handle your data confidentially and exclusively within the context of providing the specific service. 

In the event that, in this context, data is transmitted to a country without adequate data protection legislation, we will conclude standard contractual clauses (2010/87/EC and/or 2004/915/EC and/or (EU) 2021/914) and make additional security arrangements with the respective recipients.

For example, your personal data may be transmitted to the following recipients: 

 4.1. External service providers and processors

Our external service providers and processors include IT service providers, service providers engaged for the purpose of contract fulfilment (customer support and assembly partners), contract management or claim settlement, postal and courier services, outsourced personnel management, translation agencies and advertising agencies.

4.2. Courts and authorities

Celsio also has certain legal obligations it can only fulfil by disclosing your personal data to the required extent to authorities (such as social insurance agencies, fiscal authorities or law enforcement agencies) or courts.

4.3. Other recipients

In the context of the contractual relationship and in particular in relation to our performance obligation, we may – depending on the circumstances – be required to disclose your personal data to other parties (such as lawyers, industrial representatives or auditors).

 

5. How long will we store and process your data?

We store your personal data for as long as necessary to fulfil the respective purpose. For example, we store your data for the duration of the contractual relationship (from initiation to performance until termination of the contract) provided that there is a legal basis or legal obligation for processing or storing your data, such as to fulfil legal retention and documentation obligations, and insofar as it is necessary to do so for any legal prosecution and/or defence or other related proceedings. 

We also take the legal statute of limitations into consideration, which is between 10 and 20 years in accordance with the Swiss Code of Obligations (OR). After fulfilling and/or achieving the purposes listed under Point 2, we will delete personal data subject to technical and organisational specifications, provided that no other legal retention periods apply and that there are no judicial or official proceedings pending.

 

6. Cookies

Our website uses cookies. These are small text files that are placed on your end device through your browser. Cookies do not damage your device. We use cookies to make our services more user-friendly. Some cookies remain on your computer until you delete them. They enable us to recognise your browser on your next visit. If you do not want this to happen, you can configure your browser so that it informs you when cookies are placed and enables you to permit this on a case-by-case basis. Deactivating cookies may diminish the functionality of our website. If you wish to revoke or amend your consent to the use of cookies, please click on this **link** to open the Cookie Manager. This page provides details of all cookies used on this website. 

We process cookies required for technical purposes, e.g. to ensure the website’s functionality and security, on the basis of our legitimate interest. We process all cookies not required for technical purposes on the basis of your consent and only place such cookies on your end device if you have given your consent.

 

7. Web analytics, monitoring and optimisation

Web analytics (also known as “reach measurement”) serves to evaluate flows of visitors to our website and can include the behaviour, interests and demographic information about our visitors, such as their age or gender, as pseudonymised values. Reach measurement allows us to identify the time at which our website and its functions are most frequently used or reused. It also allows us to determine which areas are in need of improvement.

In addition to web analytics, we also use test methods for a number of purposes, including to test and optimise different versions of our website or parts thereof.

In order to achieve this, we create user profiles and store them in a file (“cookie”) or use similar methods with the same purpose. The information collected can include, for example, the content viewed, pages visited and elements used there, along with technical details such as the user’s browser, computer system and details of use duration. If users have given their consent to collection of location data, this data may also be processed depending on the provider.

Users’ IP addresses are also stored. However, we use IP masking (i.e. IP pseudonymisation by truncating IP addresses) in order to protect users. In general, no plain data that could be directly attributed to a user (e.g. email address, name) is collected in the course of web analytics, A/B testing or optimisation; instead, such processes use pseudonyms. This means that neither we nor the provider of the software used know a user’s actual identity; instead, we are only aware of the information stored in their profiles for the respective process.

Notes on legal bases: If we ask users for their consent to use third-party providers, this consent serves as the legal basis for data processing. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and user-friendly services). Please refer to the information on the use of cookies in our data protection statement.

Types of data processed: Usage data (e.g. pages visited, interest in content, access times), metadata/communication data (e.g. end device information, IP addresses).

Data subjects: Users (e.g. website users, users of online services).

Processing purposes: Reach measurement (e.g. access statistics, recognition of returning visitors), profiles with user-related information (creation of user profiles).

Security measures: IP masking (pseudonymisation of IP addresses).

Legal bases: Consent, legitimate interests.

Services used and service providers:

Google Analytics: Reach measurement and web analytics. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Further information:

• Website: https://marketingplatform.google.com/intl/en/about/analytics/
• Privacy policy: https://policies.google.com/privacy
• Types of processing and data processed: https://privacy.google.com/businesses/adsservices 
• Google Ads data processing terms and standard contractual clauses for data transfers to third countries: https://business.safety.google/adsprocessorterms. 

Matomo: The information generated by the cookie regarding your use of this website will only be stored on our server and will not be disclosed to third parties. Service provider: Self-hosted web analytics/reach measurement. Website: https://matomo.org/. Data deletion: Cookies are saved for a maximum of 13 months.

 

8. Profiling

We do not use automated decision-making or profiling (within the meaning of Article 22 GDPR). In the event that we introduce profiling, we will inform data subjects separately about the procedure (logic) involved.

 

9. What are your data protection rights?

You may assert, at any time,

• the right of access to your stored data, the right to rectification of your stored data, the right to erasure of your stored data and the right to restriction of processing of your stored data,
• the right to object to processing based on our legitimate interest, and
• the right to data portability in accordance with the requirements of data protection law.

If the processing of personal data is based on your consent, you may revoke this consent at any time, without giving a reason, with effect for the future; we will lawfully process your personal data until we receive such revocation of your consent.

Do you have any questions about data protection at Celsio? Do you want to assert your rights as a data subject, revoke your consent or lodge a complaint? If so, please contact the address provided under Point 1 or, alternatively, contact our data protection officer (datenschutz@celsio.ch). 

Where applicable, you have the right to lodge a complaint about how we process your data with the relevant supervisory authority.