REFCO Manufacturing Ltd.
6285 Hitzkirch – Switzerland
Telefon: +41 41 919 72 82
Telefax: +41 41 919 72 83
Data protection officer
We are not obliged to appoint a data protection officer. If you have any concerns regarding data protection, you can contact us at the following email address: firstname.lastname@example.org
Your rights as a data subject
Firstly, we would like to inform you about your rights as a data subject. These rights are standardised in Art. 15-22 GDPR. They include:
- The right of access (Art. 15 EU-DS-GVO),
- The right to erasure (Art. 17 EU-DS-GVO),
- The right to rectification (Art. 16 EU-DS-GVO),
- The right to data portability (Art. 20 EU-DSGVO),
- The right to restriction of processing (Art. 18 EU-DS-GVO),
- The right to object to the processing of personal data (Art. 21 EU-DS-GVO).
Please contact us at email@example.com to exercise these rights, if you have any questions about data processing in our company or if you wish to revoke your consent. You also have the right to appeal to a data protection authority.
Rights of objection
Please note the following with regard to rights of objection:
If we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling insofar as it is related to direct advertising.
If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes. Objecting is free of charge and can be done informally, preferably by emailing firstname.lastname@example.org
In the event that we process your data to safeguard legitimate interests, you may object to such processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing that override your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims.
Purposes and legal bases of data processing
The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise from Art. 6 GDPR in particular.
We use your data to make initial business contact, to fulfil contractual and legal obligations, to implement the contractual relationship (Art. 6 para. 1 lit. b) GDPR), to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.
Your consent to your data being processed may also constitute a “permission requirement” in terms of data protection law (Art. 6 para. 1 lit. a) GDPR). Before you consent, we will inform you about the purpose of the data processing and your right of revocation.
Should your consent also apply to the processing of special categories of personal data, we will explicitly notify you of this during the consent process. Special categories of personal data pursuant to Art. 9 GDPR are only processed if this is made necessary by legal regulations and if there is no reason to assume that your legitimate interest in exemption from processing prevails.
We also collect your data to ensure the website is provided without any errors and to analyse your user behaviour. We collect this data on the basis of our legitimate interest (Art. 6 para. 1 lit. f) GDPR) of making the content visually available to every visitor. We also have a legitimate interest in the website’s security (hacker attacks).
A detailed description of the analysis of user behaviour can be found below.
Disclosure to third parties
We will only disclose your data to third parties in line with statutory provisions or with your appropriate consent. Otherwise, the data will not be disclosed to third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or criminal prosecution authorities).
Data recipients / recipient categories
Within our company, we ensure that your data is only received by those individuals who need it to fulfil their contractual and legal obligations. In many cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection contracts have been concluded with all service providers. In particular, we engage service providers for web and mobile applications, as web providers and hosting service providers. The right to access work materials containing customer data is conferred only after the order has been placed, and is granted, wherever possible, exclusively for anonymised data.
Third-country transfer / intention to transfer to a third country
Data will only be transferred to third countries (countries outside the European Union or the European Economic Area) to the extent that this is necessary for the performance of the contractual obligation, is required by law or if you have given us your consent to do so.
We transmit your personal data using global server infrastructure from Microsoft.
We transmit your personal data to a server in the USA as part of our use of Google Analytics.
Here, compliance with the level of data protection is guaranteed by the data protection contracts with the provider.
Data retention periods
We store your data as long as it is required for the respective processing purpose. Please note that numerous retention periods require that data (must) continue to be stored. This applies in particular to retention obligations under commercial or tax law (e.g. Commercial Code, Tax Code, etc.). If there are no further retention obligations, the data will be routinely deleted once the purpose has been achieved.
In addition, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence within statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.
Secure transmission of your data
In order to provide the best protection for the data retained by us against accidental or intentional manipulation, loss, destruction or access by unauthorised individuals, we use appropriate technical and organisational security measures. With the help of security experts, we regularly review the security levels and adapt them to new security standards. The transfer of data between app and server is also encrypted to the latest encryption standards. Only we can decrypt this data. There is also the option of using alternative means of communication (e.g. post). The data transmitted to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols. In addition, we offer our users content encryption in our contact forms and when submitting applications. Only we can decrypt this data. We also offer the option of using alternative means of communication (e.g. post).
Obligation to provide data
Various types of personal data are necessary for the establishment, performance and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it offers.
We have summarised the details of this for you in the above-mentioned point. In certain cases, data must also be collected or made available on the basis of statutory provisions. Please note that it is not possible to process your enquiry or to perform the underlying contractual obligation without providing this data.
Categories, sources and origin of data
The data we process depends on the respective context, for example, whether you place an order online or submit an enquiry via our contact form, whether you send us an application or submit a complaint.
Please note that for special processing scenarios we may also make information available separately in a particular place, e.g. on the pages for uploading application documents or sending an enquiry.
We collect and process the following data when you visit our website:
Web browser, browser version and operating system of user
- Referrer URL
- Hostname of the accessing computer
- Time of te server request
This data will not be merged with other data sources.
For technical security reasons (in particular to prevent attempts to hack our web server), this data is stored in accordance with Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation, as well as the security of its website – for which the server log files must be recorded. After 7 days at the latest, the data is anonymised by shortening the IP address so that no reference to the user is established.
For an enquiry, we collect and process the following data:
- Surname, first name
- Company name, if applicable
- Contact details (street, postal code, town/city, country, telephone, fax)
- Data collection by the reCAPTCHA system (see below) to protect against span enquiries