Privacy Policy

With this privacy policy, we inform about which personal data we process in connection with our activities and tasks including our emmentaler-schaukaeserei.ch website. We particularly inform about why, how, and where we process which personal data. We also inform about the rights of persons whose data we process.

Additional privacy statements and other legal documents such as terms and conditions (T&C), terms of use, or participation conditions may apply to individual or additional activities and tasks.

We are subject to Swiss data protection law and, if applicable, foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law provides adequate data protection.

1. Contact addresses

Responsibility for the processing of personal data:

Frank Jantschik
Emmentaler Schaukäserei AG
Schaukäsereistrasse 6
3416 Affoltern i.E.

info@e-sk.ch

We point out if there are other responsible parties for the processing of personal data in individual cases.

2. Definitions and legal bases

2.1 Definitions

Personal data are all details that relate to a specific or identifiable natural person. An affected person is a person whose personal data we process.

Processing includes every handling of personal data, regardless of the means and methods used, such as querying, matching, adapting, archiving, retaining, reading, disclosing, obtaining, collecting, deleting, revealing, organizing, storing, modifying, distributing, linking, destroying, and using personal data.

The European Economic Area (EEA) includes the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.

2.2 Legal bases

We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (Datenschutzgesetz, DSG) and the Data Protection Ordinance (Datenschutzverordnung, DSV).

We process - if and insofar as the General Data Protection Regulation (GDPR) is applicable - personal data according to at least one of the following legal bases:

• Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the fulfillment of a contract with the data subject and for the implementation of pre-contractual measures.
• Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect the legitimate interests of us or third parties, unless the fundamental freedoms and rights and interests of the data subject prevail. Legitimate interests include our interest in carrying out our activities and tasks in a sustainable, user-friendly, safe and reliable manner, as well as being able to communicate about them, ensuring information security, protecting against abuse, asserting our legal claims, and complying with Swiss law.
• Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we may be subject under applicable law of member states in the European Economic Area (EEA).
• Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task in the public interest.
• Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
• Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.

3. Type, Scope, and Purpose

We process those personal data that are necessary to be able to carry out our activities and tasks in a sustainable, user-friendly, secure, and reliable manner. Such personal data can in particular fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales data, and contract and payment data.

We process personal data for the duration necessary for the respective purpose or purposes or as required by law. Personal data that is no longer necessary is anonymized or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties are in particular specialized providers whose services we use. We also ensure data protection with such third parties.

We only process personal data with the consent of the data subject unless the processing is permitted for other legal reasons. Processing without consent may, for example, be permitted to fulfill a contract with the data subject and for corresponding pre-contractual measures, to protect our predominant legitimate interests because the processing is evident from the circumstances or after prior information.

In this context, we process in particular information that a data subject voluntarily provides to us when making contact - for example by regular mail, email, instant messaging, contact form, social media or phone - or when registering for a user account. We may store such information, for example, in an address book, in a customer relationship management system (CRM system) or with comparable tools. If we receive data about other people, the transmitting persons are obliged to ensure data protection towards these people and to ensure the accuracy of this personal data.

We also process personal data that we obtain from third parties, procure from publicly accessible sources or collect during the exercise of our activities and tasks, provided and to the extent that such processing is legally permissible.

4. Applications

We process personal data about applicants to the extent necessary to assess their suitability for employment or for the subsequent execution of an employment contract. The necessary personal data results in particular from the requested information, for example in the context of a job advertisement. We also process personal data that applicants voluntarily communicate or publish, especially as part of cover letters, curriculum vitae and other application documents, and online profiles.

We process - if and to the extent the General Data Protection Regulation (GDPR) applies - personal data about applicants in particular according to Art. 9 para. 2 lit. b GDPR.

5. Personal data abroad

We process personal data primarily in Switzerland and the European Economic Area (EEA). However, we can also export or transfer personal data to other countries, especially to process or have them processed there.

We can export personal data to all states and territories on Earth and elsewhere in the universe, provided the local law, according to the decision of the Swiss Federal Council, ensures adequate data protection and - if and insofar as the General Data Protection Regulation (GDPR) applies - according to the decision of the European Commission, ensures adequate data protection.

We can transfer personal data to countries whose law does not guarantee adequate data protection, provided data protection is guaranteed for other reasons, especially based on standard data protection clauses or with other appropriate guarantees. Exceptionally, we can export personal data to countries without adequate or suitable data protection if the special data protection requirements are met, for example, the explicit consent of the affected persons or a direct connection with the conclusion or execution of a contract. We are happy to provide affected persons with information about any guarantees upon request or provide a copy of any guarantees.

6. Rights of affected persons

6.1 Data protection claims

We grant affected persons all claims according to the applicable data protection law. Affected persons have the following rights in particular:

• Information: Affected persons can request information on whether we process personal data about them and, if so, which personal data it is. Affected persons also receive the information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data as such, but also, among other things, information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
• Correction and restriction: Affected persons can correct incorrect personal data, complete incomplete data, and request the restriction of their data processing.
• Deletion and objection: Affected persons can request the deletion of personal data ("right to be forgotten") and object to the processing of their data in the future.
• Data release and data transfer: Affected persons can request the release of personal data or the transfer of their data to another responsible person.

We may postpone, restrict, or refuse the exercise of the rights of affected persons within the legally permissible framework. We can point out any requirements that need to be met for the exercise of their data protection claims. For example, we can refuse the provision of information with reference to trade secrets or the protection of other persons, either entirely or partially. We can also refuse the deletion of personal data, either entirely or partially, with reference to legal retention obligations.

We may exceptionally charge for the exercise of rights. We will inform affected persons in advance of any costs.

We are obliged to identify affected persons who request information or assert other rights using appropriate measures. Affected persons are obliged to cooperate.

6.2 Right to complain

Individuals have the right to enforce their data protection rights in court or to file a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for private entities and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Individuals have – if and to the extent the General Data Protection Regulation (GDPR) applies – the right to file a complaint with a competent European data protection supervisory authority.

7. Data Security

We take appropriate technical and organizational measures to ensure data security that is commensurate with the respective risk. However, we cannot guarantee absolute data security.

Access to our website is encrypted (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate encrypted transport with a padlock in the address bar.

Our digital communication is – as in principle all digital communication – subject to mass surveillance without cause or suspicion, as well as other monitoring by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the processing of personal data by intelligence services, police authorities, and other security agencies.

8. Use of the Website

8.1 Cookies

We may use cookies. Cookies – our own cookies (first-party cookies) as well as cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data need not be limited to traditional text-form cookies.

Cookies can be temporarily stored in the browser as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies, in particular, allow us to recognize a browser the next time our website is visited and, for example, to measure the reach of our website. However, permanent cookies can also be used for online marketing.

Cookies can be deactivated or deleted in the browser settings at any time, either completely or in part. Without cookies, our website may not be fully available. We request – at least when and where required – explicit consent to the use of cookies.

For cookies used for performance and reach measurement or advertising, a general objection ("opt-out") is possible for numerous services through the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

8.2 Server log files

We can record the following information for every access to our website if it is transmitted from your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the specific sub-page of our website accessed including the amount of data transferred, the last website accessed in the same browser window (referrer).

We store such information, which may also constitute personal data, in server log files. The information is necessary to provide our website in a permanent, user-friendly, and reliable manner and to ensure data security and, in particular, the protection of personal data – also by third parties or with the help of third parties.

8.3 Tracking pixel

We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels - also from third parties, whose services we use - are small, usually invisible images that are automatically retrieved when visiting our website. With tracking pixels, the same information as in server log files can be recorded.

9. Notifications and Communications

We send notifications and messages via email and other communication channels such as instant messaging or SMS.

9.1 Success and Reach Measurement

Notifications and communications may contain web links or tracking pixels that capture whether an individual message was opened and which web links were clicked. Such web links and tracking pixels can also record the use of notifications and messages in a personalized manner. We need this statistical recording of use for success and reach measurement in order to be able to send notifications and messages effectively, user-friendly, continuously, securely and reliably based on the needs and reading habits of the recipients.

9.2 Consent and Objection

You must basically explicitly consent to the use of your email address and your other contact addresses, unless the use is permitted for other legal reasons. Whenever possible, we use the "double opt-in" process for any consent, which means that you will receive an email with a web link that you must click to confirm, so that no abuse can occur by unauthorized third parties. We may log such consents, including Internet Protocol (IP) address as well as date and time, for evidence and security reasons.

You can basically object to receiving notifications and messages such as newsletters at any time. With such an objection, you can also object to the statistical recording of use for success and reach measurement. This does not affect required notifications and messages related to our activities and operations.

9.3 Service Providers for Notifications and Communications

We send notifications and messages with the help of specialized service providers.

10. Social Media

We are present on social media platforms and other online platforms to communicate with interested parties and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The general terms and conditions (GTC) and terms of use as well as privacy statements and other provisions of the individual operators of such platforms also apply. These provisions provide information in particular about the rights of affected persons directly vis-à-vis the respective platform, including, for example, the right to information.

For our Facebook social media presence, including the so-called Page Insights, we are - to the extent that the General Data Protection Regulation (GDPR) applies - jointly responsible with Meta Platforms Ireland Limited (Ireland). The Meta Platforms Ireland Limited is part of the Meta Companies (among others in the USA). The Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to effectively and user-friendly provide our Facebook social media presence.

Further information about the type, scope and purpose of data processing, information on the rights of affected persons, and the contact details of Facebook as well as the data protection officer of Facebook can be found in the Facebook privacy policy. We have concluded the so-called "Addendum for Data Controllers" with Facebook and have in particular agreed that Facebook is responsible for ensuring the rights of affected persons. For the so-called Page Insights, the relevant information can be found on the page "Information about Page Insights", including "Information about Page Insights Data".

11. Third Party Services

We use services from specialized third parties to be able to carry out our activities and tasks permanently, user-friendly, safe, and reliably. With such services, we can, among other things, embed functions and content into our website. When embedding, the services used for technical reasons at least temporarily capture the Internet Protocol (IP) addresses of the users.

For necessary security-related, statistical, and technical purposes, third parties, whose services we use, can process data in connection with our activities and tasks in an aggregated, anonymized, or pseudonymized manner. These are, for example, performance or usage data to be able to offer the respective service.

We especially use:

• Services from Google: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: "Principles on Data Protection and Security", Privacy Policy, "Google is committed to complying with applicable data protection laws", "Guide to Privacy in Google Products", "How we use data from websites or apps where our services are used" (Information from Google), "Types of cookies and other technologies used by Google", "Personalized Advertising" (Activation / Deactivation / Settings).

11.1 Digital Infrastructure

We use services from specialized third parties to access the required digital infrastructure in connection with our activities and tasks. These include, for example, hosting and storage services from selected providers.

We especially use:

• METANET: Hosting; Provider: METANET AG (Switzerland); Data protection information: Privacy Policy, "Technical-organizational measures".

11.2 Contact Options

We use services from selected providers to communicate better with third parties, such as potential and existing customers.

11.3 Map Material

We use services from third parties to embed maps on our website.

We especially use:

• Google Maps including Google Maps Platform: Map service; Provider: Google; Google Maps-specific information: "How Google uses location information".

11.4 Digital Audio and Video Content

We use services from specialized third parties to enable the direct playback of digital audio and video content, such as music or podcasts.

We especially use:

• Vimeo: Video platform; Provider: Vimeo Inc. (USA); Privacy information: Privacy Policy, "Privacy".
• YouTube: Video platform; Provider: Google; YouTube-specific information: "Privacy and Security Center", "My Data on YouTube".

11.5 Fonts

We use services from third parties to embed selected fonts as well as icons, logos, and symbols on our website.

We especially use:

• Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: "Privacy and Google Fonts", "Privacy and Data Collection".

11.6 Payments

We use specialized service providers to securely and reliably process payments from our customers. The legal texts of individual service providers, such as General Terms and Conditions (GTC) or privacy statements, additionally apply for the processing of payments.

We specifically use:

• Worldline (formerly SIX Payment Services): Processing of mobile and online payments; Providers: Worldline Switzerland AG (Switzerland) / Worldline Financial Services (Europe) S.A. (Luxembourg) / Worldline Payment Services (Germany) GmbH (Germany) / Worldline Financial Services (Europe) S.A., Branch Austria; Privacy information: Privacy Policy, "Customer Information on Data Protection".

11.7 Identity Verification

We use third-party services to verify the identity of users. We particularly need these services for age verification for content and services that we can only offer to adults, and for identity verification for offers where "Know Your Customer" (KYC) obligations exist.

12. Extensions for the Website

We use extensions for our website to access additional features.

13. Success and Reach Measurement

We try to determine how our online offer is used. In this context, we can, for example, measure the success and reach of our activities and actions, as well as the impact of third-party links to our website. We can also try out and compare how different parts or versions of our online offer are used (the "A/B test" method). Based on the results of the success and reach measurement, we can particularly fix errors, strengthen popular content, or make improvements to our online offer.

For success and reach measurement, in most cases, the Internet Protocol (IP) addresses of individual users are saved. In this case, IP addresses are generally shortened ("IP masking") to follow the principle of data economy.

For success and reach measurement, cookies may be used, and user profiles created. Possible user profiles may include, for example, the individual pages visited or viewed content on our website, information about the size of the screen or browser window, and the approximate location. Generally, any user profiles are created in a pseudonymized form and are not used to identify individual users. Some third-party services where users are logged in may associate the use of our online offer with the user account or user profile of the respective service.

We particularly use:

• Google Analytics: Success and reach measurement; Provider: Google; Specific Google Analytics information: Measurement across various browsers and devices (Cross-Device Tracking) as well as with pseudonymized Internet Protocol (IP) addresses, which are only exceptionally fully transmitted to Google in the USA, "Privacy", "Browser Add-on to deactivate Google Analytics".
• Google Tag Manager: Integration and management of other services for success and reach measurement as well as other Google services and third parties; Provider: Google; Specific Google Tag Manager information: "Data captured with Google Tag Manager"; additional privacy information can be found in the individual integrated and managed services.

14. Video Surveillance

We use video surveillance for the prevention of crimes and for securing evidence in the event of crimes as well as for exercising our property rights. If and insofar as the General Data Protection Regulation (GDPR) applies, this represents overriding legitimate interests according to Art. 6 Para. 1 lit. f GDPR.

We store recordings from our video surveillance as long as they are necessary for evidence purposes.

We may secure recordings due to legal obligations, to enforce our own legal claims, and in case of suspicion of criminal offenses and transmit them to the competent authorities, such as the courts or law enforcement agencies.

15. Final Provisions

We can adjust and supplement this privacy policy at any time. We will inform about such adjustments and supplements in an appropriate form, especially by publishing the current privacy policy on our website.