1. GENERAL INFORMATION
The protection of your personal data is very important to Growcer. It is important to us to inform you about which personal data we collect while visiting our web pages and when registering, how they are used and what options are available to you. This data protection notice provides answers to the most important questions.
2. WHAT GENERAL DATA AND INFORMATION IS COLLECTED BY GROWCER?
The Growcer website acquires a number of general data and information each time a person or an automated system accesses the website. This general data and information is stored in the log files of the server. You can enter the: used browser types and versions, the operating system used by the requesting system, the website from which an accessing system reaches our website (so-called referrer), the subwebsites which are accessed via an accessing system on our website, the date and time of access to the website, an Internet Protocol (IP) address, the Internet service provider of the accessing system and other similar data and information used for security purposes in the event of attacks on our information technology systems.
3. WHEN AND FOR WHAT PURPOSE DOES GROWCER COLLECT GENERAL DATA AND INFORMATION?
Growcer does not use the general data and information to identify the person targeted. Rather, this information is required to correctly deliver the contents of our website, to optimize the contents of our website as well as the advertising for it, to ensure the permanent functionality of our information technology systems and the technology of our website and to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. These anonymously collected data and information are therefore evaluated by Growcer statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.
4. WHEN DOES PERSONAL DATA HAVE TO BE PROVIDED, IS THERE AN OBLIGATION TO DO SO AND WHAT ARE THE CONSEQUENCES OF NOT BEING PROVIDED?
Growcer collects, stores or uses data only for its own business purposes. Principally, our websites are available to all users without the collection of personal data. Personal data will only be requested, processed and used to the extent necessary to provide services or content that you have requested. The availability of personal data is partly required by law (e.g. due to tax regulations) or may result from contractual regulations (e.g. information on the contractual partner). When concluding a contract, it may be necessary that you provide us with personal data which must subsequently be processed by Growcer, otherwise the contract with you cannot be concluded. You may contact our data protection officer before providing personal data. The latter can clarify on a case-by-case basis whether the provision of your personal data is required by law or contract or necessary for the conclusion of the contract and what consequences the failure to provide the personal data has.
5. USAGE OF COOKIES
6. USAGE OF GOOGLE ANALYTICS
7. GOOGLE TAG MANAGER
This website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager.
8. USAGE OF LINKEDIN ANALYTICS FOR WEB ANALYSIS
LinkedIn Analytics, a web analysis service of LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA), collects and stores data on this website from which user profiles are created using pseudonyms. These usage profiles are used to analyse visitor behaviour and are evaluated to improve and design our offer in line with demand. Cookies may be used for this purpose. The pseudonymised user profiles are not combined with personal data about the bearer of the pseudonym without the express consent of the data subject to be given separately. You can object to the collection and storage of data by LinkedIn for the purpose of web analysis at any time with effect for the future. You can find more information following the link: https://www.linkedin.com/legal/privacy-policy
9. USAGE OF GOOGLE REMARKETING AND DOUBLECLICK
10. USAGE OF ADROLL RETARGETING TECHNOLOGY
11. WHAT IS „CONVERSION TRACKING“ AND HOW IS IT USED?
Our websites use Google Conversion Tracking. When you access our websites via a Google ad, Google AdWords stores a cookie on your computer. This cookie loses its validity after 30 days and serves only to recognize whether they visit our web pages within this time. It is not possible to draw any conclusions about you personally. The information collected using the conversion cookie is used to compile statistics on our conversion rate. This means that we know how many users come from a Google ad. If you do not wish to participate in the tracking process, you can deactivate cookies for conversion tracking by setting your browser settings to block cookies from the „googleadservices.com“ domain.
12. WHAT IS „A/B TESTING“ AND HOW IS IT USED?
We continuously improve the user-friendliness of our website and workflows for our customers. For this purpose, we use A/B testing technology from time to time. This involves modifying small parts of our website for certain user groups in order to be able to measure improvements or deteriorations under real conditions. In order to be able to carry out the selection of test variants and the measurement of these tests properly, our website technology uses a short-lived session cookie as well as a cookie, which can be valid for a longer period of time (up to several years). Both cookies do not allow any conclusions to be drawn about your person and we do not pass on any further data to third party providers. If you do not wish to participate in the A/B tests, you can disable cookies for conversion testing by setting your browser to block cookies.
13. EMBEDDED VIDEOS AND IMAGES FROM EXTERNAL WEBSITES.
Some of our pages contain embedded content from Google (Google Forms and Google Captcha), YouTube (Google), Citrix (GoToWebinar registration) or Instagram. With the sole call of a side from our Internet offer with merged videos or pictures from our YouTube and/or Instagram channel no personal data, with exception of the IP address, are transmitted. In the case of Google and YouTube, the IP address is transmitted to Google Inc, 600 Amphitheatre Parkway, MountainView, CA 94043, USA, in the case of GoToWebinar/Citrix to Citrix Systems, Inc. 4988 Great America Parkway Santa Clara, CA 95054, USA and in the case of Instagram to Instagram Inc. 181 SouthPark Street Suite 2 San Francisco, California 94107, USA.
14. SOCIAL PLUG-INS FROM FACEBOOK, TWITTER AND LINKEDIN
15. WHERE IS YOUR DATA USED?
Your data will be used in Switzerland. Data processing also takes place abroad only in individual cases and to the extent permitted by law.
16. HOW SAFE ARE YOUR DATA?
To prevent unauthorized access and misuse of your data, we have taken extensive technical and operational security precautions in accordance with Swiss law.
17. WILL YOUR DATA BE TRANSMITTED TO THIRD PARTIES?
Yes, some data must be forwarded under strict contractual and legal conditions. To external service providers for data processing: When service providers come into contact with our customers‘ personal data, this takes place within the framework of so-called order data processing. This is expressly provided for by law (§ 11 Federal Data Protection Act). Growcer remains responsible for the protection of your data even in this case. The service provider works exclusively in accordance with our instructions, which we ensure through strict contractual regulations, technical and organisational measures and supplementary controls. We do not pass on any further data to third parties unless you have given your express consent or this is provided for by law.
18. NEWSLETTER INFORMATION ON THE NEWSLETTER AND CONSENTS
With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter you agree to the receipt and the described procedures.
CONTENTS OF THE NEWSLETTER
We will only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter „newsletters“) with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described within the scope of a registration, they are decisive for the consent of the users. In addition, our newsletters contain information on legal topics, especially in the field of marketing law, data protection and our law firm (this may include references to blog articles, lectures or workshops, our services or online appearances).
DOUBLE-OPT-IN AND LOGGING
The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can log in with other e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. Also the changes of your data stored with MailChimp are logged.
USAGE OF THE „MAILCHIMP“ MAIL SERVICE PROVIDER
The newsletter is sent via „MailChimp“, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The e-mail addresses of our newsletter recipients, as well as their further data described in the context of these notes, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp can use this data according to its own information to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for economic purposes, in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write them down or pass them on to third parties. We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement „Privacy Shield“ and thus commits itself to comply with EU data protection regulations. Furthermore, we have concluded a „Data-Processing-Agreement“ with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process them on our behalf in accordance with their data protection regulations and in particular not to pass them on to third parties. The data protection regulations of MailChimp can be viewed here.
To subscribe for the newsletter, it is sufficient in principle if you enter your e-mail address. Optionally, we ask you to enter your first and last name. This information is only used to personalise the newsletter. Furthermore, we ask you also optionally to indicate companies. We only use this information to adapt the contents of the newsletter to the interests of our readers.
STATISTICAL SURVEYS AND ANALYSES
The newsletters contain a so-called „web-beacon“, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavour, nor that of MailChimp, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
ONLINE ACCESS AND DATA MANAGEMENT
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time your consents to its dispatch via MailChimp and the statistical analyses expire. A separate cancellation of the dispatch via MailChimp or the statistical evaluation is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter.
LEGAL BASIS OF THE BASIC DATA PROTECTION REGULATION
In accordance with the provisions of the Basic Data Protection Regulation (BDPR) applicable from 25 May 2018, we inform you that your consents to the sending of e-mail addresses are based on Art. 6 para. 1 lit. a, 7 BDPR and § 7 para. 2 no. 3 and para. 3 UWG. The use of the shipping service provider MailChimp, carrying out statistical surveys and analyses as well as logging of the registration procedure, are based on our legitimate interests pursuant to Art. 6 Para. 1 lit. f DSGVO. We are interested in using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of our users. We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the statutory provisions of Art. 21 BDPR. The objection may be lodged in particular against processing for direct marketing purposes.
19. CONTACTING GROWCER
If a website user contacts Growcer via e-mail or contact form, the information provided by him/her will be stored for the purpose of processing the request and for possible follow-up questions.
20. HANDLING YOUR PERSONAL DATA
We only handle personal data as far as this is possible in accordance with data protection regulations. We also take all necessary technical and organisational security measures to adequately protect your personal data from unauthorised access and misuse at all times. Insofar as we store or process personal data, this is done within a high-security computer centre. To protect the security of your data during transmission, we use encryption methods (e.g. SSL) via HTTPS. Our servers are protected by firewall and virus protection. Back-up and recovery procedures as well as role and authorization concepts are a matter of course for us. Our employees are obliged to observe the regulations of the Telemedia Law, the Federal Data Protection Law and the EU-BDPR when handling data.
21. HANDLING OF CUSTOMER DATA WITH THE CRM SYSTEM THAT IS USED
For processing customer service inquiries and for customer communication by e-mail or telephone in accordance with your consent, your personal customer data will be stored and processed in our Salesforce CRM system. The CRM itself is a local installation on a dedicated server and is only managed by the Growcer in its own data center on site. The data is backed up regularly on a backup server that is also managed locally. Your data (company, first name, surname, address, telephone number, e-mail etc.) will be encrypted unchanged (i.e. neither anonymized nor pseudonymized) using a standardized procedure within the program and is not accessible to the provider Salesforce itself. Data provided or transmitted with the establishment of contact or in a personal conversation will be used in this system for sales, business and advertising purposes for further use. If you no longer agree, you can object to this at any time by writing or by contacting us as explained under point 16.
22. HOW LONG DOES THE DATA REMAIN STORED?
We abide by the principles of data avoidance and data economy. We therefore only store your personal data for as long as this is necessary to achieve the purposes stated herein or as provided for in the various storage periods provided for by law. After the respective purpose or expiry of these periods, the corresponding data will be blocked or deleted as a matter of routine and in accordance with statutory regulations.
23. YOUR RIGHTS TO BE INFORMED, TO RECTIFY, BLOCK, DELETE AND CONTRADICT.
You have the right to obtain information about your personal data stored by Growcer at any time. You also have the right to correct, block or, apart from the prescribed data storage for business transactions, delete your personal data. Please contact the data protection officer of Growcer. You can make changes or withdraw your consent by notifying us accordingly with effect for the future. The stored personal data will be deleted if you revoke your consent to its blocking. To ensure that data can be locked at any time, this data must be kept in a lock file for control purposes. You can also request the deletion of the data, as far as no legal archiving obligation exists. If such an obligation exists, we will block your data on request. You have the right granted by the European legislator of directives and regulations to obtain, at any time and free of charge, information from the controller concerning your personal data stored and a copy of this information. You are also entitled to the following information: the processing purposes the categories of personal data to be processed the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organisations if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration the existence of a right to have your personal data concerning you rectified or deleted or to have the data controller restrict or object to such processing the existence of a right of appeal to a supervisory authority if the personal data is not collected from the data subject: All available information about the origin of the data the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) BDPR, and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the person concerned You also have a right of access to information on whether personal data has been transferred to a third country or to an international organisation. If this is the case, you also have the right to obtain information about the appropriate guarantees in connection with the transmission. If you wish to make use of this right to information, you can contact our data protection officer or another employee of the data controller at any time. You also have the right granted by the European legislator to request the immediate correction of inaccurate personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration. If you wish to make use of this right of correction, you can contact our data protection officer or another employee of the data controller at any time. You also have the right granted by the European regulator to require the data controller to delete the personal data concerning you immediately, provided that one of the following reasons applies and insofar as the processing is not necessary: The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary. The data subject withdraws his/her consent on which the processing was based pursuant to Article 6(1)(a) BDPR or Article 9(2)(a) BDPR, and there is no other legal basis for processing. The data subject objects to the processing in accordance with Article 21(1) of the BDPR and there are no overriding legitimate grounds for processing or the data subject objects to the processing in accordance with Article 21(2) of the BDPR. The personal data have been processed unlawfully. The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject. The personal data was collected in relation to information society services offered pursuant to Art. 8 para. 1 BDPR. If one of the above-mentioned reasons applies and you wish to have personal data stored at Growcer deleted, you can contact our data protection officer or another employee of the person responsible for processing at any time. The data protection officer of Growcer or another employee will arrange for the request for deletion to be complied with immediately. If the personal data was made public by Growcer and our company is responsible according to Art. 17 Abs. 1 BDPR to delete personal data, Growcer shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other persons responsible for data processing who process the published personal data, that the data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other persons responsible for data processing, insofar as processing is not necessary. The data protection officer of Growcer or another employee will take the necessary steps in individual cases. They also have the right granted by the European legislator of directives and regulations to require the controller to restrict processing if one of the following conditions is met: You will be denied the accuracy of your personal data for a period of time that enables the person responsible to verify the accuracy of the personal data. The processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data. The data controller no longer needs the personal data for the purposes of processing, but you do need them to assert, exercise or defend legal claims. You have filed an objection against the processing pursuant to Art. 21 para. 1 BDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons. If one of the above conditions is met and you wish to request the restriction of personal data stored by Growcer, you can contact our data protection officer or another employee of the person responsible for the processing at any time. The data protection officer of Growcer or another employee will arrange for the processing to be restricted. You have the right granted by the European regulator to receive the personal data concerning you provided by you to a responsible person in a structured, common and machine-readable format. You also have the right to transmit this data to another data controller without obstruction by the controller to whom the personal data have been made available, provided that the processing is based on the consent pursuant to Art. 6 para. 1 letter a) BDPR or Art. 9 para. 2 letter a) BDPR or on a contract pursuant to Art. 6 para. 1 letter b) BDPR and that the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority which was transferred to the controller. Furthermore, when exercising your right to data transferability pursuant to Art. 20 para. 1 BDPR, you have the right to obtain that the personal data be transferred directly from one data controller to another data controller, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not affected by this. To assert your right to data transferability, you can contact the data protection officer appointed by Growcer or another employee at any time. You have the right granted by the European legislator of directives and regulations to object at any time for reasons arising from your particular situation to the processing of personal data concerning you on the basis of Article 6(1)(e) or (f) BDPR. This also applies to profiling based on these provisions. In the event of an objection, Growcer will no longer process personal data unless we can prove compelling reasons worthy of protection for the processing that outweigh the interests, rights and freedoms of the person concerned or serve to process, assert, exercise or defend legal claims. If Growcer processes personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising. If you object to Growcer processing for direct advertising purposes, Growcer will no longer process your personal data for these purposes. You also have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out at Growcer. for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) BDPR, unless such processing is necessary to fulfil a task in the public interest. To exercise your right of objection, you can contact the data protection officer of Growcer or another employee directly. You are also free to exercise your right of opposition in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications. You have the right granted by the European regulator not to be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against you or significantly affects you in a similar manner, provided that the decision: is not necessary for the conclusion or performance of a contract between you and the person responsible, or is admissible under Union or Member State legislation to which the person responsible is subject and which contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or with your express consent. Is the Decision necessary for the conclusion or performance of a contract between you and the person responsible, or If it is made with your express consent, Growcer will take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his own position and to challenge the decision. If you wish to assert rights relating to automated decisions, you can contact our data protection officer or another employee of the data controller at any time. You have the right to revoke your consent to the processing of personal data at any time, granted by the European Directive and Regulation giver. If you wish to exercise your right to revoke your consent, you can contact our data protection officer or another employee of the data controller at any time.
24. CHANGES TO OUR DATA PROTECTION POLICIES
We reserve the right to occasionally adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. You generally have a right of revocation with regard to the consents you have given. Please note that (if you do not make use of your right of revocation) the current version of the data protection declaration is the valid one.
25. QUESTIONS TO THE DATA PROTECTION OFFICER
If you have any questions regarding data protection at Growcer, please write us an e-mail or contact our data protection officer directly: Data Protection Officer of Growcer:
Growcer AG c/o Marcel Florian
St. Jakobs-Strasse 200
26. WHO IS THE RESPONSIBLE AUTHORITY?
Responsible body in the sense of data protection law is:
St. Jakobs-Strasse 200
E-mail: [email protected]
Phone: +41 44 585 27 92
Executive Board: Marcel Florian
Chairman of the Supervisory Board: Marcel Florian
Commercial Register Basel-Stadt, CHE‑389.545.952