The HOFFMANN NEOPAC Group Website (referred to hereinafter as "HOFFMANN NEOPAC") is governed by Swiss data privacy laws, in particular according to the Federal Act on Data Protection (FADP) and any applicable foreign data privacy laws such as the General Data Protection Declaration (GDPR) of the European Union (EU). The EU acknowledges that the Swiss data privacy laws guarantee an appropriate level of data protection.
Access to our Website is provided by means of transport encryption (SSL/TLS).
We are delighted that you have expressed an interest in our firm. Data protection is particularly important to us. The HOFFMANN NEOPAC Website may in principle be used without any indication of personal data. However, if an individual wishes to avail of the services offered by our firm via our Website, it may be necessary to process personal data. If the processing of personal data is necessary and no legal basis is provided for the said processing, we will generally request the approval of the data subject.
The processing of personal data such as the name, address, email address or telephone number of the data subject is carried out in accordance with the statutory data protection provisions. Our firm wishes to inform the public by means of this data protection declaration about the nature, scope and purpose of the personal data that we record, use and process. The data subjects will also be informed about their rights by means of this data protection declaration.
As the data controller, HOFFMANN NEOPAC has implemented various technical and organizational measures in order to guarantee complete protection of the personal data processed via this Website as far as possible. However, Internet based data transfers may present security flaws, which means that absolute protection cannot be guaranteed. Therefore, each data subject will have the right to transmit personal data to us by alternative means, for example by telephone.
The data protection declaration drawn up by HOFFMANN NEOPAC is based on the concepts used by European legislators and regulators when issuing the General Data Protection Declaration (GDPR). Our data protection declaration is intended to be clear and easy to understand both for the public and for our customers and business partners. In order to guarantee this, we would like to explain the concepts used at the outset.
We use the following concepts among others in this data protection declaration:
a) Personal data
Personal data is all information which relates to an identified or identifiable individual (referred to hereinafter as the "data subject"). An individual is considered to be identifiable if they can be identified directly or indirectly, in particular by means of association with identifying information such as a name, a reference number, location data, an on-line reference or one or more specific characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of this individual.
b) Data subject
A data subject is any identified or identifiable individual whose personal data is processed by the responsible party.
Processing is any procedure carried out with or without the help of automated processes or any such series of procedures relating to personal data such as collection, recording, organization, ordering, storing, adaptation, amendment, reading, retrieval, use, disclosure by means of transmission, circulation or any other form of provision, comparison, linking, limitation, deletion or destruction.
d) Limitation of processing
The limitation of processing is the marking of saved personal data with the aim of limiting its processing in the future.
Profiling is any kind of automated processing of personal data which consists of this personal data being used to evaluate specific personal aspects concerning an individual, and in particular to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behavior, residence or relocation of this individual.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be associated with a specific individual without additional information, insofar as this additional information is kept separately and is subject to technical and organizational measures which guarantee that the personal data cannot be associated with an identified or identifiable individual.
g) Data controller
The data controller is a natural or legal entity, authority, facility or other body which makes decisions concerning the processing of personal data either independently or in cooperation with other parties.
The processor is a natural or legal entity, authority, facility or other body which processes personal data on behalf of the data controller.
A recipient is a natural or legal entity, authority, facility or other body which has been provided with personal data which may or may not be a third party.
j) Third party
A third party is a natural or legal entity, authority, facility or other body apart from the data subject, the data controller, the processor and individuals authorized under the direct responsibility of the data controller or processor to process personal data.
Consent is any statement of intent provided on a voluntary basis by the data subject for the specific case involved in an informed, unambiguous manner in the form of a declaration or other clear, affirmative act whereby the data subject states that they agree to the processing of their personal data.
Anfragen von Aufsichtsbehörden oder betroffenen Personen an den Datenschutzbeauftragten erfolgen in der Regel per E-Mail, können aber auch per Briefpost eingereicht werden:
This is information about you that you provide to us by:
This information may include, for example, your name, address, email address and telephone number, information on your business relationship with us and information on your professional role, background and interests.
We may also obtain certain information from other sources. For example:
By using cookies and Web beacons, we are able to provide users of this Website user-friendly services which would not be possible without the cookie setting.
The data subject may prevent the setting of cookies by our Website at any time by means of the corresponding settings in their Internet browser and may permanently block cookie settings in this way. Cookies which have already been set may also be deleted at any time via an Internet browser or other software program. Web beacons may be blocked at any time in the Internet browser settings or with corresponding browser extensions. This is possible with all the common Internet browsers. If the data subject deactivates the cookie settings and blocks Web beacons, it is possible that not all the functions of our Website will be fully usable.
The HOFFMANN NEOPAC Website records a series of general data
and information each time it is accessed by an individual or automated
system. This general data and information is stored in a log file on the
server. The following information may be recorded:
(1) browser type and versions used,
(2) the operating system used by the accessing system,
(3) the Website from which an accessing system arrives at our Website (so-called referred),
(4) the sub-Websites which are controlled by an accessing system on our Website,
(5) the data and time of Website access,
(6) an Internet protocol address (IP address),
(7) the Internet service provider of the accessing system and
(8) other similar data and information which may avert danger in the event of attacks on our IT systems.
HOFFMANN NEOPAC does not draw any conclusions concerning the data
subject in the context of the use of this general data and information.
This information is used instead to
(1) present the content of our Website accurately,
(2) optimize the content of our Website and associated advertising,
(3) guarantee the long-term functional capability of our IT systems and Website technology and
(4) provide the law enforcement agencies with the necessary information for criminal proceedings in the event of a cyber-attack. This anonymously recorded data and information is evaluated statistically by HOFFMANN NEOPAC in order to enhance data protection and security within our firm and to guarantee an optimum level of protection for the personal data that we process. The anonymous data in the server log files is stored separately from all the personal data provided by any data subject.
The data subject has the option of registering on the data controller's Website by entering personal data. The personal data to be provided to the data controller is determined from the input mask used for the registration. The personal data entered by the data subject will be recorded and filed exclusively for internal use by the data controller and for the purposes of the latter. The data controller may allow for the transmission of personal data to one or more processors, for example a parcel service provider, who will also use the personal data exclusively for internal purposes, for which the data controller will be responsible.
By registering on the data controller's Website, the IP address, date and time of registration entered by the Internet service provider (ISP) of the data subject will also be saved. This data is saved so as to ensure that this is the only way of preventing the abuse of our services and may be used, if necessary, to clarify any criminal acts which have been committed. In this respect, it is necessary to save this data for the protection of the data controller. This data may not in principle be transmitted to third parties unless there is a statutory obligation to do to or this transmission is carried out in the context of criminal proceedings.
The registration of the data subject including their voluntary provision of personal data enables the data controller to offer the individual content or services which can only be offered to registered users due to the nature of the matter at hand. Registered individuals have the option of amending the personal data provided at the time of registration at any time or deleting it completely from the data controller’s database.
The data controller will provide all data subjects at any time upon request with information as to which of their personal data has been saved. Furthermore, the data controller may delete personal data at the request or indication of the data subject provided that no statutory retention obligations exist to prevent this. All the data controller’s employees will remain available in this context as contact partners for the data subject.
Users of the HOFFMANN NEOPAC Website will be offered the possibility of subscribing to the different newsletters issued by our firm. The personal data to be provided to the data controller when signing up for the newsletter is determined from the input mask used in this context.
HOFFMANN NEOPAC will keep its customers, business partners and
representatives informed on a regular basis via the newsletter of any
offers provided by the firm and any other operational details. Our
firm's newsletters can in principle only be received by the data subject
(1) the individual possesses a valid email address and
(2) the individual has signed up to receive the newsletter.
A confirmation email will be sent as part of the double opt-in procedure for legal reasons to the email address first entered by the data subject in order to receive the newsletter. This confirmation email is used to determine whether the owner of the email address has authorized receipt of the newsletter as a data subject.
When an individual signs up for a newsletter, we also save the IP address provided by the Internet service provider (ISP) for the computer system used at the time of registration by the data subject as well as the date and time of registration. It is necessary to register this data in order to trace the (potential) misuse of an individual’s email address at a later point and this registration therefore provides legal protection for the data controller.
The personal data recorded when subscribing to the newsletter will only be used for the purpose of sending our newsletter. Moreover, subscribers to the newsletter may be informed by email if this is necessary for the operation of the newsletter services or an associated registration as is the case if a newsletter offer is amended or the technical circumstances surrounding the case are altered. The personal data recorded within the framework of the newsletter services will not be passed on to third parties. The subscription to our newsletter may be cancelled at any time by the data subject. Consent to the storage of personal data provided by the data subject for the purpose of sending the newsletter may be revoked at any time. A corresponding link is provided in each newsletter which can be used to revoke this consent. There is also an option to unsubscribe from the newsletter at any time directly via the contact form on the data controller's Website or to notify the data controller by alternative means.
All newsletters will be sent by HOFFMANN NEOPAC. This procedure is carried out via the “MailChimp” service provider whose data protection declaration can be downloaded here.
The HOFFMANN NEOPAC newsletters contain so-called Web beacons. A Web beacon is a miniature graphic image which is embedded in emails which are sent in HTML format to make log file recording and analysis possible. This allows for the statistical evaluation of the success or failure of on-line marketing campaigns. Thanks to the embedded Web beacons, HOFFMANN NEOPAC is able to determine whether and when an email has been opened by a data subject and which links have been activated by the individual in the email.
The personal data recorded by means of the Web beacons contained in the newsletters is saved and evaluated by the data controller in order to optimize the sending of newsletters and adapt the content of future newsletters more effectively to the interests of the data subjects. This personal data is not passed on to third parties. The data subjects are authorized to revoke the associated declaration of consent granted by means of the double opt-in procedure at any time. The data controller will delete this personal data following revocation. HOFFMANN NEOPAC will automatically interpret the suspension of receipt of the newsletter as revocation.
In accordance with the legal requirements, the HOFFMANN NEOPAC Website contains information which allows rapid electronic contact to be established with our firm and direct communication to be made with us, which also comprises a general email address. If a data subject makes contact with the data controller by email or via a contact form, the personal data transmitted by the individual will be automatically saved. This personal data transmitted on a voluntary basis by a data subject to the data controller will be saved for processing purposes or in order to make contact with the individual. This personal data will not be passed on to third parties.
HOFFMANN NEOPAC offers users the possibility, by means of a blog which can be found in the data controller's shop, to leave individual comments on specific blog contributions. A blog is a Website portal which can generally be consulted by the public in which one or more individuals, known as bloggers or Web bloggers, can post articles or share their thoughts in so-called blog posts. Blog posts can usually be commented on by third parties.
If a data subject comments on a blog published on this Website, the details provided when the comments were made are also saved and published as well as the user name (pseudonym) chosen by the individual in addition to the comments made by the individual. The IP address provided by the individual’s Internet service provider (ISP) is also recorded. The IP address is saved for security reasons and in case the data subject violates third party rights or posts illegal content in a comment. This personal data is therefore saved to protect the interests of the data controller so that he/she may be absolved from liability in the event of an infringement. This personal data will not be transmitted to third parties unless this transmission is required by law or serves as legal defense for the data controller.
This Website uses Conversion Tracking in order to improve the site and advertising activities.
This Website uses Google AdWords Conversion Tracking, a Web analysis services provided by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google") in order to improve the site and advertising activities. The Conversion Tracking cookie is set when a user clicks on an ad inserted by Google. These cookies become invalid after a maximum of 90 days and are not used for personal identification purposes. If you visit certain pages of our Website within this period, we and Google can see that you have clicked on the ad and have been taken to this page. Every Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the Websites of AdWords customers. The conversion cookie information obtained is used to create conversion statistics for us. We are able to determine the total number of users who have clicked on our ads and have been taken to our Website. However, we do not receive any information relating to your personal identification.
If you do not wish to be involved in tracking, you can easily deactivate the Google Conversion Tracking cookie from the user settings of your Internet browser. You will not then be included in the Conversion Tracking statistics.
a) LinkedIn (Website)
Our Website uses the functions of the LinkedIn network. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
A connection with the LinkedIn servers is created every time one of our pages containing LinkedIn functions is called up. LinkedIn is notified that you have visited one of our pages via its IP address. If you click on the “Recommend Button” on LinkedIn and are logged into your LinkedIn account, LinkedIn is able to correlate your visit to our Website with you and your user account. We should point out that, as a site provider, we are not aware of the content of the data transmitted or how it is used by LinkedIn.
Further information can be found in the LinkedIn data protection declaration available at: https://www.linkedin.com/legal/privacy-policy.
b) Twitter (Website and shop)
Our Website uses so-called social plug-ins ("plug-ins") provided by the Twitter micro-blogging service which are operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). The plug-ins are identified by a Twitter logo, for example in the form of a blue "Twitter bird". An overview of the Twitter plug-ins with their visual appearance is provided here: https://about.twitter.com/en_us/company/brand-resources.html
If you call up a page on our Website which contains one of these plug-ins, your browser will create a direct connection with the Twitter server. The content of the plug-in will be transmitted from Twitter directly to your browser and incorporated in the page. Through this incorporation, Twitter receives the information that your browser has called up the corresponding page on our Website even if you do not possess a Twitter profile or are not logged into Twitter. This information (including your IP address) will be transmitted from your browser directly to a Twitter server where it will be saved.
If you are logged into Twitter, Twitter may directly associate the visit to our Website with your Twitter account. If you interact with the plug-ins, for example by activating the "Tweet" button, the corresponding information will again be transmitted directly to a Twitter server where it will be saved. The information will also be published in your Twitter account where your contacts are displayed.
The purpose and scope of data collection and the subsequent processing and use of data by Twitter in addition to your associated rights and configuration options to protect your privacy can be obtained from the data protection information provided by Twitter. https://twitter.com/privacy
If you do not want Twitter to associate the data collected via our Website directly to your Twitter account, you must log out of Twitter before visiting our site. You can also completely block the downloading of Twitter plug-ins by means of browser add-ons, e.g. by using the "NoScript" script blocker (http://noscript.net/).
c) YouTube (Website and shop)
Our Website uses so-called social plug-ins ("plug-ins") provided by YouTube which are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube"). YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The plug-ins are identified by means of a YouTube logo, for example in the form of a "YouTube button".
Each time an individual page is called up on this Website operated by the data controller and in which a YouTube component has been integrated (YouTube video), the Internet browser in the IT system of the data subject will be automatically promoted by the corresponding YouTube components to download a presentation of the latter from YouTube. Further information on YouTube can be obtained from https://www.youtube.com/yt/about/de/. Within the framework of this technical procedure, YouTube and Google obtain information about which specific sub-pages of our Website the data subject has visited.
If the data subject is logged into YouTube at the same time, YouTube recognizes which specific sub-pages of our Website the data subject has visited when a sub-page containing a YouTube video is called up. This information is collected by YouTube and Google and associated with the corresponding YouTube account of the data subject.
YouTube and Google are therefore always notified via the YouTube components that the individual has visited our Website if the latter is logged into YouTube when visiting the site; this is the case regardless of whether the data subject clicks on a YouTube video. If the data subject does not want this information to be transmitted to YouTube and Google, they may prevent this transmission by logging out of their YouTube account before calling up our Website.
The data protection regulations published by YouTube, which can be consulted athttps://www.google.de/intl/de/policies/privacy/, provide information on the collection, processing and use of personal data by YouTube and Google.
d) Facebook (shop)
Our Website uses so-called social plug-ins ("plug-ins") provided by the social network Facebook which are operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plug-ins are identified by means of a Facebook logo or the "Facebook social plug-in" add-on. An overview of the Facebook plug-ins with their visual appearance is provided here: https://developers.facebook.com/docs/plugins
Your browser will create a direct connection with the Facebook servers when you call up a page on our Website which contains one of these plug-ins. The content of the plug-in is transmitted by Facebook directly to your browser and incorporated into the page. This incorporation notifies Facebook that your browser has called up the corresponding page on our Website even if you do not have a Facebook profile or have not logged into Facebook. This information (including your IP address) is transferred from your browser directly to a Facebook server in the USA where it is stored.
If you are logged into Facebook, Facebook is able to link the visit to our Website directly to your Facebook profile. If you interact with the plug-in, for example by activating the "Like" button or leaving a comment, this information is also transferred directly to a Facebook server where it is saved. The information is also published on your Facebook profile and can be seen by your Facebook friends.
The purpose and scope of data collection and the subsequent processing and use of data by Facebook in addition to your associated rights and configuration options to protect your privacy can be obtained from the data protection information provided by Facebook: http://www.facebook.com/policy.php
If you do not want Facebook to link the data collected via our Website directly with your Facebook profile, you will need to log out of Facebook before you visit our Website. You can also completely block the downloading of Facebook plug-ins by using add-ons for your browser, e.g.
for Mozilla Firefox: https://addons.mozilla.org/de/firefox/addon/facebook-blocker/
e) Instagram (shop)
Our Website uses so-called social plug-ins (“plug-ins”) provided by Instagram which are operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plug-ins are identified by means of an Instagram logo, for example in the form of an "Instagram camera" add-on. An overview of the Instagram plug-ins with their visual appearance is provided here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges
Your browser will create a direct connection with the Instagram servers when you call up a page on our Website which contains one of these plug-ins. The content of the plug-in is transmitted by Instagram directly to your browser and incorporated into the page. This incorporation notifies Instagram that your browser has called up the corresponding page on our Website even if you do not have an Instagram profile or have not logged into Instagram. This information (including your IP address) is transferred from your browser directly to an Instagram server in the USA where it is stored.
If you are logged into Instagram, Instagram is able to link the visit to our Website directly to your Instagram profile. If you interact with the plug-in, for example by activating the "Instagram" button or leaving a comment, this information is also transferred directly to an Instagram server where it is saved. The information is also published on your Instagram profile and can be seen by your contacts.
The purpose and scope of data collection and the subsequent processing and use of data by Instagram in addition to your associated rights and configuration options to protect your privacy can be obtained from the data protection information provided by Instagram: https://help.instagram.com/155833707900388/
If you do not want Instagram to link the data collected via our Website directly with your Instagram account, you will need to log out of Instagram before you visit our Website. You can also completely block the downloading of Instagram plug-ins by using add-ons for your browser, e.g. using the "NoScript" script blocker (https://noscript.net/).
f) Google Maps (Website)
This Website uses the Google Maps product provided by Google Inc. By using this Website, you declare that you agree to the collection, processing and use of the data which is automatically collected by Google Inc, its representatives and third parties.
Google may publish summarized statistics concerning the user's activities or may pass this information on to users and partners such as publishers, advertisers or associated Websites.
Der Verantwortliche verarbeitet und speichert personenbezogene Daten
der betroffenen Person nur für den Zeitraum, der zur Erreichung des
Speicherungszwecks erforderlich ist oder sofern dies durch den
Europäischen Richtlinien- und Verordnungsgeber oder einen anderen
Gesetzgeber in Gesetzen oder Vorschriften, welchen der Verantwortliche
unterliegt, vorgesehen wurde.
Entfällt der Speicherungszweck oder läuft eine vom Europäischen Richtlinien- und Verordnungsgeber oder einem anderen zuständigen Gesetzgeber vorgeschriebene Speicherfrist ab, werden die personenbezogenen Daten routinemässig und entsprechend den gesetzlichen Vorschriften gesperrt oder gelöscht.
If you wish to avail of one of the following rights, please contact us as specified in section 3.
You can also present complaints concerning our processing of your personal data to the Federal Data Protection and Information Commissioner (FDPIC), www.edoeb.admin.ch).
a) Right to obtain confirmation
All data subjects have the right, granted by the Swiss legislative body or European legislators and regulators, to request confirmation from the data controller as to whether personal data concerning them is being processed. If the data subject wishes to make us of this right to confirmation, he/she may contact our data protection officer at any time.
b) Right to information
All data subjects concerned by the processing of personal data are granted the right by the Swiss legislative body or European legislators and regulators to obtain free information at any time from the data controller concerning their stored personal data together with a copy of this information. The European legislators and regulators will also provide the data subject with information on the following:
If a data subject wishes to avail of this right to information, he/she may contact our data protection officer at any time.
c) Right of rectification
All data subjects concerned by the processing of personal data are granted the right by the Swiss legislative body or European legislators and regulators to request the immediate rectification of incorrect personal data that concerns them. The data subject also has the right to request the completion of incomplete personal data, taking the processing purposes into account, including by means of complementary declaration.
If a data subject wishes to avail of this right of rectification, he/she may contact our data protection officer at any time.
d) Right of deletion (right to be forgotten)
All data subjects concerned by the processing of personal data are granted the right by European legislators and regulators to request that the data controller deletes personal data that concerns them immediately if one of the following grounds applies and if processing is not necessary:
If personal data has been made public by HOFFMANN NEOPAC and our firm is obliged to delete personal data accorder in its capacity as data controller according to Article 17 para. 1 of the GDPR, HOFFMANN NEOPAC will take appropriate steps, including those of a technical nature taking into account the technology available and implementation costs, in order to notify other data controllers who process the publicized personal information that the data subject has requested that these other data controllers delete all links to this personal data or copies or duplicates of this personal data insofar as processing is not required. Our data protection officer will take the necessary steps in individual cases.
e) Right to limit processing
All data subjects concerned by the processing of personal data are granted the right by European legislators and regulators to request that the data controller limits processing if one of the following circumstances applies:
f) Right to data portability
All data subjects concerned by the processing of personal data are granted the right by European legislators and regulators to receive the personal data that concerns them, which has been provided by the data subject to the data controller, in a structured, current, machine-readable format. They also have the right to pass on this data to another data controller without restriction by the data controller to whom the personal data was provided insofar as processing is based on consent according to Article 6 para. 1 a) or Article 9 para. 2 a) of the GDPR or on a contract according to Article 6 para. 1 b) of the GDPR and processing was carried out by means of an automated procedure insofar as the processing is not required for the completion of a task which is in the public interest or in the exercise of official authority which has been transferred to the data controller.
When exercising his/her right to data portability according to article 20 para 1 of the GDPR, the data subject also has the right to arrange for personal data to be transmitted directly from one data controller to another if this is technically feasible and provided that this does not violate the rights and freedom of other individuals.
If the data subject wishes to avail of the right to data portability, he/she may contact our data protection officer at any time.
g) Right to object
All data subjects concerned by the processing of personal data are granted the right by European legislators and regulators to present objections at any time against the processing of personal data that concerns them on the basis of Article 6 paras. e) and f) of the GDPR on grounds which stem from their specific situation. This also applies to profiling underpinned by these provisions.
HOFFMANN NEOPAC will no longer process personal data in the case of an objection unless we are able to prove that essential grounds for protection exist which outweigh the interests, rights and freedoms of the data subject or processing serves to present, assert or defend legal claims.
The data subject has the right to present an objection against the processing of personal data at any time if HOFFMANN NEOPAC processes said data for direct advertising purposes. This also applies to profiling insofar as it relates to such direct advertising. If the data subject objects to HOFFMANN NEOPAC processing data for the purposes of direct advertising, we will no longer process personal data for this purpose.
The data subject also has the right, on grounds stemming from their specific situation, to present an objection against the processing of their personal data by HOFFMANN NEOPA for scientific or historical research purposes or for statistical purposes according to Article 89 para. 1 of the GDPR unless this processing is required in order to fulfil a task which is in the public interest.
If the data subject wishes to avail of the right to object, he/she may contact our data protection officer directly. The data subject may also exercise the right to object by means of an automated procedure, whereby technical specifications will be applied, in the context of the use of information society services, notwithstanding guideline 2002/58/EC.
h) Automated decisions in individual cases including profiling
All data subjects concerned by the processing of personal data are granted the right by European legislators and regulators not to be bound by an exclusive decision based on automated processing (including profiling) which produces a legal effect or otherwise significantly restricts them insofar as the decision (1) is not required for the conclusion or fulfilment of a contract between the data subject and the data controller or (2) is authorized on the basis of the legal provisions of the EU or the member states governing the data controller and these legal provisions contain appropriate measures to maintain rights and freedoms and the legitimate interests of the data subject or (3) has been reached with the specific consent of the data subject.
If the decision (1) is required for the conclusion or fulfilment of a contract between the data subject and the data controller or (2) if it is reached with the specific consent of the data subject, HOFFMANN NEOPAC will take appropriate steps to guarantee the rights and freedoms and legitimate interests of the data subject, including at least the right to initiate the intervention of an individual on behalf of the data controller, to present a personal opinion and to challenge the decision.
If the data subject wishes to assert rights relating to automated decisions, he/she may contact our data protection officer at any time.
i) Right to revoke consent according to data protection regulations
All data subjects concerned by the processing of personal data are granted the right by the Swiss legislative body or European legislators and regulators to revoke consent to the processing of personal data at any time.
If the data subject wishes to avail of the right to revoke consent, he/she may contact our data protection officer at any time.
The data controller collects and processes personal data provided by applicants for the purpose of completing the application procedure. Processing may also be carried out electronically. This applies in particular when an applicant transmits corresponding application documents to the data controller by electronic means, for example by email or via a Web form on the Website. If the data controller concludes an employment contract with an applicant, the data transmitted for the purpose of processing the employment relationship is saved according to the statutory requirements. If no employment contract is concluded with the applicant, the application documents will be automatically deleted two months after notification of the refusal decision provided that the legitimate interests of the data controller do not prevent their deletion.
Article 6 a) of the GDPR provides our firm with the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is required in order to fulfil a contract to which the data subject is a party, as is the case with processing operations required for the delivery of goods or the provision of another service or return service, processing is carried out on the basis of Article 6 b) of the GDPR. The same applies for processing operations required for the implementation of pre-contractual measures, for example in the case of requests for our products or services. If our firm is bound by a legal obligation whereby the processing of personal data is required, for example for the fulfilment of tax obligations, processing is based on Article 6 c) of the GDPR. In a few rare cases, the processing of personal data may become necessary in order to protect the essential interests of the data subject or another individual. This could be the case, for example, if a visitor to our firm were injured and his/her name, age, health insurance details or other essential information had to be passed on to a doctor, hospital or other third party. In this case processing would be based on Article 6 d) of the GDPR. Processing operations could ultimately be based on Article 6 f) of the GDPR. This legal basis applies to processing operations which are not covered by any of the legal provisions outlined above if processing is required to protect the legitimate interests of our firm or a third party insofar as the interests do not outweigh the basic rights and basic freedoms of the individual concerned. We are authorized to carry out processing operations of this kind because they have been specifically referred to in European legislation. This legislation states that a legitimate interest can be assumed to exist when the data subject is a customer of the data controller (recital 47 section 2 of the GDPR).
If the processing of personal data is based on Article 6 f) of the GDPR, our legitimate interest is the accomplishment of our business activity for the benefit of the well-being of all our employees and shareholders.
The length of time during which personal data is stored corresponds to the applicable statutory retention period. Upon expiry of the deadline, the corresponding data will be routinely deleted provided that it is no longer required for the fulfilment or initiation of the contract.
We should point out that the provision of personal data is required by law to a certain extent (e.g. tax regulations) or may stem from contractual regulations (e.g. information on contract partners). In some cases, it may be necessary when a contract is concluded for a data subject to provide us with personal data which we subsequently have to process. The data subject may, for example, be obliged to provide us with personal data when they have concluded a contract with our firm. Failure to provide personal information would result in the contract not being concluded with the individual concerned. The individual concerned must contact one of our employees before providing personal data. Our employee will explain to the individual concerned, based on the case in point, whether the provision of personal data is legally or contractually required or is necessary for the conclusion of the contract, whether there is an obligation to provide personal data and the potential consequences of failure to provide personal data.
As a responsible firm, we refrain from automatic decision-making and profiling.
We may adapt our data protection declaration at any time by publishing it on this Website.
HOFFMANN NEOPAC AG, May 2018