Personal data is information that can be used to identify a natural person. In particular, this includes your name, date of birth, address, telephone number and email address, but also your IP address.
Data is considered anonymous if no personal reference to the user can be established.
Your rights as a data subject
Firstly, we would like to inform you about your rights as a data subject. These rights are standardised in Art. 15-22 GDPR. They include:
- The right of access (Art. 15 EU-DS-GVO),
- The right to erasure (Art. 17 EU-DS-GVO),
- The right to rectification (Art. 16 EU-DS-GVO),
- The right to data portability (Art. 20 EU-DSGVO),
- The right to restriction of processing (Art. 18 EU-DS-GVO),
- The right to object to the processing of personal data (Art. 21 EU-DS-GVO).
Please contact us at firstname.lastname@example.org to exercise these rights, if you have any questions about data processing in our company or if you wish to revoke your consent. You also have the right to appeal to a data protection authority.
Responsible body and data protection officer
REFCO Manufacturing Ltd.
6285 Hitzkirch – Switzerland
Phone: +41 41 919 72 82
Telefax: +41 41 919 72 83
Data protection officer
We are not obliged to appoint a data protection officer. If you have any concerns regarding data protection, you can contact us at the following email address: email@example.com.
Rights of objection
Please note the following with regard to rights of objection:
If we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling insofar as it is related to direct advertising.
If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes. Objecting is free of charge and can be done informally, preferably by emailing firstname.lastname@example.org
In the event that we process your data to safeguard legitimate interests, you may object to such processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing that override your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims.
Aims and legal bases of data processing
The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise from Art. 6 GDPR in particular.
We use your data to make initial business contact, to fulfil contractual and legal obligations, to implement the contractual relationship (Art. 6 para. 1 lit. b) GDPR), to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.
Your consent to your data being processed may also constitute a “permission requirement” in terms of data protection law (Art. 6 para. 1 lit. a) GDPR). Before you consent, we will inform you about the purpose of the data processing and your right of revocation.
Should your consent also apply to the processing of special categories of personal data, we will explicitly notify you of this during the consent process. Special categories of personal data pursuant to Art. 9 GDPR are only processed if this is made necessary by legal regulations and if there is no reason to assume that your legitimate interest in exemption from processing prevails.
We also collect your data to ensure the website is provided without any errors and to analyse your user behaviour. We collect this data on the basis of our legitimate interest (Art. 6 para. 1 lit. f) GDPR) of making the content visually available to every visitor. We also have a legitimate interest in the website’s security (hacker attacks).
A detailed description of the analysis of user behaviour can be found below.
Disclosure to third parties
We will only disclose your data to third parties in line with statutory provisions or with your appropriate consent. Otherwise, the data will not be disclosed to third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or criminal prosecution authorities).
Data recipients / recipient categories
Within our company, we ensure that your data is only received by those individuals who need it to fulfil their contractual and legal obligations. In many cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection contracts have been concluded with all service providers. In particular, we engage service providers for web and mobile applications, as web providers and hosting service providers. The right to access work materials containing customer data is conferred only after the order has been placed, and is granted, wherever possible, exclusively for anonymised data.
Third-country transfer / intention to transfer to a third country
Data will only be transferred to third countries (countries outside the European Union or the European Economic Area) to the extent that this is necessary for the performance of the contractual obligation, is required by law or if you have given us your consent to do so. We transmit your personal data using global server infrastructure from Microsoft. We transmit your personal data to a server in the USA as part of our use of Google Analytics. Here, compliance with the level of data protection is guaranteed by the data protection contracts with the provider.
Data retention periods
We store your data as long as it is required for the respective processing purpose. Please note that numerous retention periods require that data (must) continue to be stored. This applies in particular to retention obligations under commercial or tax law (e.g. Commercial Code, Tax Code, etc.). If there are no further retention obligations, the data will be routinely deleted once the purpose has been achieved.
In addition, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence within statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.
Secure transmission of your data
In order to provide the best protection for the data retained by us against accidental or intentional manipulation, loss, destruction or access by unauthorised individuals, we use appropriate technical and organisational security measures. With the help of security experts, we regularly review the security levels and adapt them to new security standards. The transfer of data between app and server is also encrypted to the latest encryption standards. Only we can decrypt this data. There is also the option of using alternative means of communication (e.g. post). The data transmitted to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols. In addition, we offer our users content encryption in our contact forms and when submitting applications. Only we can decrypt this data. We also offer the option of using alternative means of communication (e.g. post).
Obligation to provide data
Various types of personal data are necessary for the establishment, performance and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it offers.
We have summarised the details of this for you in the above-mentioned point. In certain cases, data must also be collected or made available on the basis of statutory provisions. Please note that it is not possible to process your enquiry or to perform the underlying contractual obligation without providing this data.
Categories, sources and origin of data
The data we process depends on the respective context, for example, whether you place an order online or submit an enquiry via our contact form, whether you send us an application or submit a complaint.
Please note that for special processing scenarios we may also make information available separately in a particular place, e.g. on the pages for uploading application documents or sending an enquiry.
We collect and process the following data when you visit our website:
Web browser, browser version and operating system of user
- Referrer URL
- Hostname of the accessing computer
- Time of te server request
This data will not be merged with other data sources.
For technical security reasons (in particular to prevent attempts to hack our web server), this data is stored in accordance with Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation, as well as the security of its website – for which the server log files must be recorded. After 7 days at the latest, the data is anonymised by shortening the IP address so that no reference to the user is established.
For an enquiry, we collect and process the following data:
Surname, first name
- Company name, if applicable
- Contact details (street, postal code, town/city, country, telephone, fax)
- Data collection by the reCAPTCHA system (see below) to protect against span enquiries
Cookies, Google Analytics
Cookies (Art. 6 para. 1 lit. f) GDPR / Art. 6 para. 1 lit. a) GDPR when consent has been given)
Our website uses “cookies” in several places. They serve to make our web presence more user-friendly, more effective and safer. Cookies are small text files that are placed and stored on your terminal device.
These cookies enable us to analyse how users use our websites. This helps us to design the website content according to visitors’ needs. In addition, cookies enable us to measure the effectiveness of a particular advertisement and to place it depending on topics in which users are interested, for example. The legal basis for this is Art. 6 para. 1 lit. f) or, if consent has been given, Art. 6 para. 1 lit. a) GDPR.
We use the following cookies:
Our own cookies:
This type of cookie is controlled directly by REFCO Manufacturing Ltd. Depending on the purpose, these are permanently stored – even after the end of the session – (“persistent” cookies, e.g.: opt-out cookies) or are deleted when the browser is closed (“session” cookies, which are only valid for one browser session).
So-called temporary/permanent cookies, which are automatically deleted after the specified time (usually 6 months), are used here. These temporary or permanent cookies are stored on your terminal device and are deleted automatically after the specified time. Our partner companies’ cookies also contain only pseudonymous, and mostly anonymous data. This data enables our partners to track which products you have viewed, whether something has been purchased, which products have been searched for, etc. Some of our advertising partners also collect information about other websites you previously visited or products you were interested in, for example. This helps to display customised advertisements. Pseudonymous data will never be merged with your personal data.Most web browsers automatically accept cookies. Of course, you can also manually deactivate, restrict or even delete cookies on your terminal device by changing your browser or software settings. Please note that disabling cookies may prevent some of the functions of our website from working correctly.
Google Analytics (Art. 6 para. 1 lit. f) GDPR)
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files that are stored on your computer and help to analyse how you use a website. The information generated by the cookie about your use of this website will generally be transmitted to a Google server in the United States and stored there. Storing Google Analytics cookies and the use of this analysis tool are based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its web and advertising presence.
Google reCAPTCHA (Art. 6 para. 1 lit. f) GDPR)
Automated individual case decisions
We do not use purely automated processes to make decisions.
Links to other providers
Our website also contains (clearly identifiable) links to the websites of other companies. Where links to websites of other providers are available, we have no influence on their contents. No guarantee or liability can therefore be assumed for these contents. The respective provider or operator of the sites is always responsible for their contents.
The linked sites were checked for possible legal violations and obvious infringements at the time they were linked. No illegal content was identified at the time of linking. However, it is unreasonable to expect that the linked sites be continuously monitored without concrete evidence of a legal violation. If we become aware of any legal violations, such links will be removed immediately.
Contact form / email contact (Art. 6 para. 1 lit. a, b GDPR)
Our website includes a contact form that can be used to contact us electronically. If you write to us using the contact form, we will process the data you provide in the contact form in order to contact you and to respond to your questions and requests.
This complies with the principle of data economy and avoidance as you only need to enter the data that we absolutely need to contact you, i.e. your email address and the message field itself. In addition, your IP address will be processed for technical reasons and for legal protection purposes. All other data is voluntary and can be entered if desired (e.g. for more personalised answers to your questions).
We implement appropriate security measures in order to offer the best possible protection of the security and confidentiality of your data. Your enquiry will be transmitted to us in encrypted form.
If you contact us by email, we will process the personal data provided in the email solely for the purpose of handling your enquiry. If you do not use the available forms to contact us, no further data will be collected.
Advertising purposes – existing customers (Art. 6 par. 1 lit. f) GDPR)
REFCO Manufacturing Ltd. would like to maintain a customer relationship with you and to send you information and offers about our products / services. We therefore process your data in order to send you corresponding information and offers by email.If you do not want this, you can object, at any time, to the use of your personal data for the purpose of direct advertising; this also applies to profiling insofar as it is related to direct advertising. If you object, we will no longer process your data for this purpose.
Objecting is free of charge and can be done informally, without giving reasons, preferably by calling +41 41 919 72 82, emailing email@example.com or by post to REFCO Manufacturing, Data Protection, Industriestrasse 11, 6285 Hitzkirch, Switzerland.