When you visit and interact with the website of EXALOS AG, Switzerland, or otherwise contact us, we may collect, use, share and process information relating to you (“Personal Data”)*.
We highly value your right to privacy. Any information you entrust to us will be treated responsibly. We are committed to ensuring that your privacy is being protected.
If you provide us with personal data of other persons (such as family members, colleagues), please make sure the respective persons are aware of this Data Protection Statement and only provide us with their data if you are allowed to do so and such personal data is correct.
The Data Protection Statement of EXALOS AG, Switzerland, is fully compliant with the standards introduced by the European data protection law, known as the General Data Protection Regulation (GDPR), as well as the Swiss data protection legislation (FADP). Companies outside of the European Union or the European Economic Area (EEA) must comply with the GDPR in certain cases, especially if a citizen of the EU is involved. We are also compliant to the California Online Privacy Protection Act (see VII.).
- Who is collecting the data?
- What data is being collected?
- What is the legal basis for processing this data?
- Will the data be shared with any third parties?
- How Personal Data is being used by us or our partners.
- How long will the data be stored?
- What rights does the data subject have?
- Which steps we take to ensure the protection of your Personal Data.
- How can you raise a complaint?
Usage of this website by Children: Our website is fully customized for persons at the age above 16 years. Younger children need a permit from their parents to transmit personal data to us. Otherwise we do not collect their data.
* Personal Data or Personally Identifiable Information, as described in the European and US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
For an explanation of the used terms, please see “Definitions” at the end of this declaration.
I. What Data we use and why
1. General principles
The use of this web offer for information purposes is basically possible without any indication of personal data.
However, if you wish to take advantage of special services from our company through our website, personal data processing may be required. Basically, we process your personal data only to the extent necessary to provide our online offers, content and services.
In case of data exchange, we use your data only for processing contracts concluded with you, for the technical administration or to answer your inquiries, e. g. to our offers.
The collection and use of your personal data takes place regularly only after your informed consent or if the processing of the data is permitted by law. In addition, personal identifiable information voluntarily provided to us will only be stored until the purpose is fulfilled.
Our employees are committed to privacy and confidentiality. The transfer to other companies or data collectors does not take place, with the exception of website services, explained in Part IV.
We endeavor to ensure the security of your data within the framework of applicable data protection laws and technical possibilities. Our catalog of protection measures can be found in the section “Data Security”. We point out that the data transmission in the Internet, e. g. by e-mail or other communication protocols, may have security issues and is usually stored on the servers of the provider. A complete protection from access to your data by third parties is not possible.
2. What data is collected by EXALOS AG, Switzerland?
You have the opportunity to register on our website for various services, providing a small amount of personal data to us.
Personal data is all information that relates to a specific or identifiable person. This may be, for example, your name, your postal address, e-mail address and telephone number. The personal data that is sent to us, can be derived from the respective input mask used for the registration.
This personal data can be processed by us. Processing means any process or series of operations related to personal data, such as collecting, organizing, storing, adapting or modifying, reading, querying, using, with or without the help of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.
The personal data you enter will be collected and stored solely for internal use by us and for your own purposes (e. g. based on a contract). Wherever possible, the data is anonymized. Anonymized means that no conclusions can be drawn on an affected person.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data are routinely deleted, if they are no longer required to fulfil a contract or to initiate a possible contract.
Personal data is collected and processed in particular in the following cases:
a) Request forms
If you are interested in a special offer from EXALOS AG, Switzerland, you can submit a request using our prepared form (e. g. for download of product specifiactions). Which personal data is transmitted, is given with the appropriate input mask. Your data may be collected manually in a third-party software (e. g. “cloud”), imported automatically or manually in internal databases. The processing of relevant offers to your request can be done manually or by software. You can be informed by e-mail, letter or by phone about a fitting offer.
You have the possibility to unsubscribe from this service at any time, by using a dedicated unsubscribe option or contact us via e-mail or by phone.
b) Contact Form
Visitors of our website can submit messages via an online contact form. In order to be able to receive a reply, at least the specification of a valid e-mail address is required. All further information can be given voluntarily by the requesting person.
By submitting the message via the contact form, the visitor consents to the processing of the transferred personal data. The data processing takes place exclusively for the purpose of processing and answering inquiries via the contact form.
This is done on the basis of the voluntarily granted consent in accordance with Art. 6 (1) 1 lit. a) GDPR.
The personal data collected for the use of the contact form will be automatically deleted as soon as the request has been completed and there are no reasons for further storage.
3. What data is collected by the provider of the web offer on behalf of EXALOS AG, Switzerland?
The hosting services we use are designed to provide the following services: infrastructure and platform services, computing capacity, storage and database services, security services, and the technical maintenance we use to operate this website.
In doing so, we or our hosting provider processes stock data, contact data, contract data, usage data, meta and communication data of visitors to this website.
The legal basis, which requires no consent, is the legitimate interest of EXALOS AG, Switzerland, in the efficient and secure provision of our website to our customers in accordance with. Art. 6 (1) p. 1 lit. f) with Art. 28 GDPR.
If you use the website of EXALOS AG, Switzerland, we may automatically collect information about your usage and your interaction with us. The information is stored in secure server log files and regularly evaluated by us or authorized service personal. Such access data includes:
Name and URL of retrieved website pages;
- Date and time of retrieval;
- transferred amount of data;
- Message about successful retrieval (HTTP response code);
- Browser type and browser version;
- Operating system;
- Referer URL (i.e. the previously visited page);
- Websites that are accessed by the user’s system through our website;
- the internet service provider of the visitor;
- IP address and the requesting provider;
We use this protocol data without any assignment to you or other profiling for purely statistical evaluations for the purpose of operation, security and optimization of our website. We do not use automatic decision-making or profiling.
4. How does our website handle Do Not Track signals
We are honouring Do-Not-Track signals when a Do-Not-Track (DNT) browser mechanism is in place.
II. Our Newsletter: Registration and Tracking
It may be possible, to subscribe to a newsletter, provided by EXALOS AG, Switzerland.
To confirm your subscription, you need to fill out a simple signup form, which basically only needs your e-mail address. This registration will be logged. After subscribing, you will receive a message to the given email address, asking to confirm your registration. This so-called “Double Opt-In“ is a necessary protection, so third parties cannot register your e-mail address to our newsletter.
You can revoke your consent to receive the newsletter and thus unsubscribe from the newsletter at any time. We save the registration details as long as they are needed for sending the newsletter.
We are using a designated software for the distribution of the newsletter to our subscribers, which guarantees a legally compliant data protection.
You have the possibility to unsubscribe from the newsletter at any time. Each newsletter includes a link for unsubscription. If this link is missing, we ask you to contact the person responsible for the privacy of our website (see our Imprint).
By registering for the newsletter of EXALOS AG, Switzerland, you expressly agree to the processing of the transmitted personal data (your e-mail address).
Legal basis for sending the newsletter is your consent according to Art. 6 (1 ) 1 lit. a) in conjunction with Art. 7 GDPR.
In accordance with applicable law, we may include visible and invisible image files in our newsletters and other marketing e-mails. If such image files are retrieved anonymously from our servers, we can determine whether and when you have opened the e-mail, so that we can measure and better understand how subscribers use our offers and further customize them.
You may disable this feature in your e-mail program, which will usually be a default setting.
By using our websites and consenting to the reception of e-mails you agree to our use of such techniques. If you object, you must configure your browser or e-mail program accordingly.
This website can store information, a so-called cookie, on the user’s computer to improve the functionality of this service and the content. Cookies used on this website do not violate your privacy. They are not used to store any personal information. Our cookies cannot be traced back to an individual user.
Our usage of Cookies is limited. It is not necessary to accept cookies to visit our website.
1. What is a Cookie and how do we use it?
We may use two different kinds of cookies:
- Session cookies, which are deleted the moment you quit your browser.
- Permanent cookies, which are stored for a longer period of time (e. g. one year) or permanently.
The collection of unpersonalized data with the help of Cookies is in our legitimated interest and justified by Art. 6 (1) 1 lit. f) GDPR.
2. Cookie usage example.
This website can provide download, newsletters and email subscription services. Cookies may be used to remember if a user is already registered for a download of product information and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.
When you submit data to through a form such as those found on the contact page, cookies may be set to remember your user details for future correspondence.
Your browser provides an option, to ask for permission every time a cookie tries to be stored. The browser includes also an option, to accept website cookies and block all third party cookies. Usually, your browser’s help section will provide information on how to change your cookie settings.
Please keep in mind, there are no industry standard options for disabling cookies without disabling the functionality and features they add to the website. It is recommended that you don´t restrict the usage of all cookies used by this website, to get the unlimited service.
4. Declaration of Consent
By using this website you agree to store user information on cookie files and allow these files to remain on your computer after the browser session has ended, so they may be used upon your next visit. You can decide to retract this permission by refusing cookies in your browser settings.
5. Cookies used by Google Analytics
Please read our declaration regarding Google Analytics.
IV. Data collected by third party services
In order to continuously improve the quality of our services, our website includes the following technologies from third party companies and service providers:
1. Google Analytics
Our web analysis includes the anonymous collection and analysis of data from visitors of this websites. The analysis serves the statistical collection of web use for the continuous improvement of our website and services. This is our legitimate interest in accordance with Article 6 (1) 1 lit. f GDPR.
This website is using Google Analytics from Google Inc., the most widespread and trusted analytics solution on the web. This service is helping us to understand how visitors use this web service and improve the usage experience. Information about the website usage (e. g. time of visiting) – including your IP address – will be transmitted to Google in the USA and stored. Google can use this information for the purpose of evaluating your use of this website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
Google is certified to the Privacy Shield Agreement between the European Union, Switzerland and the United States. Google fully agrees to comply with the standards and regulations of European data protection law. Further information can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
We are using IP anonymization. This means, that IP addresses, used during the Internet connection will be abridged by Google and anonymised when accessing our website from a Member State of the European Union or another Contracting State to the Agreement, including Switzerland. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google has officially declared that they will not associate your IP address with any other data held by Google. Google may pass these personal data collected through the technical procedure to third parties.
This website is not using the feature “demographic data”, offered by Google Analytics.
Google will use the collected information on our behalf to evaluate the use of this website. It will compile detailed reports on website activity and provide us with other services related to the internet usage.
For the application of Google Analytics cookies can be stored on your computer (for the explanation of cookies please see above). With the help of these cookies, Google can analyze the use of our website. With each call-up to one of the individual pages of this Internet site, the Internet browser of the data subject will automatically submit data through the Google Analytics component. During this technical procedure, Google collects personal information, such as the IP address of the data subject, to understand the origin of visitors and clicks, and subsequently create commission settlements. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
You can prevent the storage of cookies by a corresponding setting of your browser software and thus permanently deny the setting of cookies. Blocking cookies in general will also prevent Google Analytics from setting any cookie on the information technology system of the data subject. However, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.
Cookies already in use by Google Analytics can be deleted at any time via an integrated web browser option.
For more information on Google Analytics cookies, please visit the official Google Analytics page (https://www.google.com/analytics/).
2. Google Maps
3. Google YouTube
On this website, we may integrate components of YouTube. YouTube enables video publishers to publish video clips free of charge, including the option of free viewing, review and commenting on them. YouTube allows it to publish all kinds of videos, e.g. user movies, TV broadcasts, music videos and marketing videos, including product descriptions.
With each call-up to one of the individual pages of this website with an integrated YouTube video, the Internet browser is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/.
During this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in on a YouTube account, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and assigned to the respective YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component when you are visiting our website. If you are logged in at your Youtube account at the time of the call to our website, this occurs regardless of whether you click on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for you, the delivery may be prevented if you log off from your account before a call-up to our website is made.
YouTube and Google provide information about the collection, processing and use of personal data by YouTube’s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/
4. External Script Libraries
We are using several script libraries and font libraries (e. g. Google Web Fonts) to present the best possible user experience. During the access of our website, a connection to the providers of these libraries (e. g. Google) will be established. The providers may collect these connection data.
5. Social Plugins (e. g. “Like” Button)
On our website social plugins of different providers of social networks can be integrated. By means of these plugins, information, which may also include personal data, can be used by the respective social networks.
This is our legitimate interest in accordance with Article 6 (1) 1 lit. f) GDPR, as it is the main purpose of using plugins of social networks to make our business offers known to a wide audience, inlcuding potential customers.
The social networks are responsible for the privacy-compliant handling of the data of their users. The privacy policies of the respective social networks provide information on the collection, processing and use of these personal data. No personal data of social plugins are stored from us.
If the visitors to our website are simultaneously logged in to a social network, it can be assumed that personal data will be transmitted to them.
V. Our Implementation of the California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
- You can change your personal information by emailing us.
VII. Your rights as data subject
Based on the GDPR (EU) and the Swiss privacy law, your rights on your private data are protected. Some of these rights are complex, and not all of the details have been included in this summary. Please read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
You may exercise any of your rights in relation to your personal data by a written notice to us by mail or by email to our data protection manager (see: Contacting us).
Your principal rights under data protection law are:
1. the right of confirmation and access to your data;
2. the right to rectification;
3. the right to erasure;
4. the right to restrict processing;
5. the right to object to processing;
6. the right to a transfer of your data and to data portability;
7. the right to complain to a supervisory authority;
8. the right to withdraw consent.
1. The right of confirmation, information and access to your data
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information.
There is no right of access if the disclosure of the information for special reasons, for example due to a predominant legitimate interest of third parties, is contrary to this. The right of access is also excluded if the data are stored only because they can not be deleted due to statutory retention periods or serve exclusively for purposes of data protection or data protection control, if the disclosure would require a disproportionate effort and processing for other purposes by appropriate technical and organizational measures are excluded.
If the right to information is not excluded and your personal data is processed by EXALOS AG, Switzerland, you can require the following information:
- What is the purpose of the processing?
- Categories of your personal data;
- Recipients or categories of recipients to whom your personal data are disclosed, in particular to recipients in third countries;
- If possible, the planned duration for which your personal data will be stored or, if that is not possible, the criteria for determining the duration of the storage;
- The existence of a right of appeal to a data protection supervisory authority;
- If the personal data has not been collected from you as the data subject, the available information about the origin of the data.
Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
If your personal data are transmitted to a third country or to an international organization, you have the right to be informed about the appropriate guarantees under Art. 46 GDPR in connection with the transfer.
2. The right to rectification
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
3. The right to erasure
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw consent to consent-based processing.
- You object to the processing under certain rules of applicable data protection law.
- You have objected to the processing of personal data not disclosed to us and there are no legitimate reasons for the processing.
- Your personal data have been unlawfully processed by us.
- The deletion of personal data is required to fulfil a legal obligation to which we are subject.
However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation;
- or for the establishment,
- exercise or defence of legal claim.
There is also no entitlement to cancellation if, in the case of lawful, non-automated data processing, the erasure is not possible or only with disproportionately high outlay due to the special nature of the storage and your interest in deletion is low. In this case, the deletion is replaced by the restriction of processing.
4. The right to restrict processing
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are:
- you contest the accuracy of the personal data; processing is unlawful but you oppose erasure;
- we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims;
- and you have objected to processing, pending the verification of that objection.
Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it:
- with your consent;
- for the establishment,
- exercise or defence of legal claims;
- for the protection of the rights of another natural or legal person;
- or for reasons of important public interest.
5. The right to object to processing
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for:
- the performance of a task carried out in the public interest or in the exercise of any official authority vested in us;
- or the purposes of the legitimate interests pursued by us or by a third party.
If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
Additionally you have the right to object to our processing of your personal data for direct marketing purposes, including profiling for direct marketing purposes. If you make such an objection, we will cease to process your personal data for this purpose.
You have also the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
6. The right to a transfer of your data and data portability
To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format.
In exercising your right to data portability, you have the right to obtain that the personal data are transmitted directly by us to another person responsible, as far as this is technically feasible.
However, the right of data transfer does not apply where it would adversely affect the rights and freedoms of others.
7. The right to complain to a supervisory authority
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection.
You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
8. The right to withdraw consent
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
VIII. Transfer of data to third parties, no data transfer to non-EU countries
Basically, we restrict the use of personal data within our company. If and to the extent that we engage third parties in the performance of contracts, e. g. logistic service providers or legal authorities, they will only receive personal data to the extent that the transmission is required for the corresponding service.
In the event that we outsource certain parts of the data processing (“order processing”), we contractually obligate processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the data subject’s rights – stated above.
We do not purposely transmit data to bodies or persons outside the EU, with exception of the previously declared cases.
IX. Data Security
EXALOS AG, Switzerland, endeavors to ensure the security of your data within the scope of current and reasonable technical possibilities. We comply very closely with the applicable data protection laws.
Your personal data will be transmitted encrypted with us. This applies to your orders, emails and also to possible customer logins.
We use the generally recognized SSL coding system (Secure Socket Layer). We expressly point out that the transmission of data on the Internet (e. g. in the case of communication by e-mail) can have security gaps. A complete protection of the data from access by third parties is not possible.
To safeguard your data, EXALOS AG, Switzerland, maintains technical and organizational security measures according to Art. 32 GDPR, which we constantly adapt to the state of the art technology. The servers we use are regularly backed up carefully and the backups are also protected against improper access.
X. Contacting us for data protection reasons
According to important changes in the law of EU, USA or Switzerland we may need to amend this policy and to keep up with new developments and possibilities on the global internet.
IX. Data Security
According to important changes in the law of EU, USA or Switzerland we may need to amend this policy and to keep up with new developments and possibilities on the global internet.
Definition of the Used Terms
a) Personal Data
Personal data means any information relating to an identified or identifiable natural person – the so-called “data subject” (see below). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by us.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling stands for any form of automated processing of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data with the result, that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
f) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the given law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
i) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.