FISBA AG and all its subsidies (FISBA) take the protection of your personal data and the protection of your privacy very seriously. You can expect us to handle your data sensitively and carefully and that we maintain a high level of data security.
We collect and use your personal data exclusively within the framework of the applicable data protection regulations and in particular of the EU General Data Protection Regulation (GDPR).
In this Privacy Policy, we inform you about the most important aspects of data processing in our company and the data protection claims and rights to which you are entitled. This Privacy Policy applies to all areas of data processing, whether online or offline.

1 Contacts

1.1 Name and address of the Controller

The Controller within the meaning of the data protection laws is:

FISBA AG
Rorschacherstrasse 268
9016 St. Gallen
Schweiz
Tel: +41 71 282 3131
E-Mail: info@fisba.com
Website: www.fisba.com

1.2 Name and address of the Representative

The Representative of the Controller is:
Schwarzschildstrasse 10
12489 Berlin
Deutschland
Tel: +49 30 6392 36 97
E-Mail: info@fisba.com
Website: www.fisba.com

1.3 Name and address of the Data Protection Coordinator

The Data Protection Coordinator of the Controller is:
Patrick Rietmann
Rorschacherstrasse 268
9016 St. Gallen
Schweiz
Tel: +41 71 232 31 15
E-Mail: patrick.rietmann@fisba.com
Website: www.fisba.com

2 Scope and Purpose of the Collection, Processing and Use of Personal Data

The GDPR defines personal data as “information relating to an identified or identifiable natural person ("data subject“)”. Online identification characteristics such as IP addresses are considered personal data, provided that they are not specifically anonymized.
We process your personal data for the following purposes:
· Optimization of the website (adaptation of the website to your needs)
· Customer support
· Newsletters
· Job applications
· Performance of contractual duties

2.1 Visiting the Website

When you visit our website, our servers temporarily store the following data in a log file, the so-called server log files:
· IP address of the enquiring computer
· Date and time of the access/retrieval
· Name and URL of the retrieved data
· Operating system of your computer and the browser you use
· Access status/HTTP status code
· Last visited website
· Data amount transferred

The legal basis for the temporary storage of data and the logfiles is the legitimate interest. Legitimate interest exists to
· deliver the contents of our website correctly as well as optimise the contents of our website as well as the advertising
· provide prosecution authorities with the necessary information for prosecution in the case of a cyber-attack
· further improve our offer and our website
· collect statistical data.
This data is not stored together with other personal data. The log file data will be deleted after 14 days.

2.2 Enquiries and Contact Form

On our website you have the opportunity to contact us via a contact form and/or by e-mail. In this case, the information you provide will be processed for the purpose of processing your request and handling it.
If you wish to contact us, the following information (* mandatory) is required. The other information is voluntary:
· Company*
· First name*
· Surname*
· Telephone number*
· E-mail address*
· Country*
· If applicable folder number*
· If applicable amount ordered*
· If applicable EAN product code*
· If applicable description of the damage*
· Serial number
· If applicable reason for enquiry*

The communication of data in fields marked as mandatory serves to process your inquiry. The voluntary provision of further data makes it easier for us to process your inquiry and enables us to provide you with more detailed information.
The personal data transmitted by you will not be merged with other data.
The basis for processing your personal data is our legitimate interest in processing your request. If the contacting serves the performance of a contract to which you are a contractual party, or in order to take steps prior to entering into a contract, this is an additional legal basis for processing the data.
You have the right to withdraw the consent for processing your data at any time. Please send your withdrawal to the following e-mail address: dataprivacy@fisba.com. In such case, your request will not be processed any further.

2.3 Newsletter

You have the option of subscribing to our newsletter. With this newsletter we inform you about us and our offers. For this we need your e-mail address and your declaration that you agree to receive the newsletter.
The legal basis for the processing of your personal data, among others, is the availability of your consent after you have registered for the newsletter is. Your consent will therefore be obtained for the processing of your personal data during the registration process and reference will be made to this privacy policy.
By providing your e-mail address, you agree that we may use it to send you the newsletter in order to inform you about news from the respective company division.
Apart from your consent, we also use our legitimate interest as a legal basis for processing your personal data in order to send you our newsletter. Regarding our existing customers, our legitimate interest in sending you our newsletter is based on our existing legal relationship. Concerning new or potential customers, we assume that when you give us your contact details (e.g. by handing over your business card) and we inform you about our data processing (e.g. by referring to this privacy policy), we have a legitimate interest in sending you our newsletter. In both cases, our legitimate interest replaces your explicit consent as a legal basis for the processing of your data.
We use the so-called double opt-in procedure to subscribe to our newsletter. This means that we will send you a confirmation e-mail to the specified e-mail address, in which we ask you to confirm that you wish to receive the newsletter. Your confirmation is made by clicking on an activation link contained in the confirmation e-mail.
The personal data transmitted by you will not be merged with other data.
You have the option to unsubscribe from the newsletter at any time and to withdraw your consent. To do this, click on the corresponding button (link) in the newsletter sent to you. You will find this link to cancel the newsletter at the end of each newsletter. Alternatively, you have the option of sending your withdrawal of consent to the following e-mail address: dataprivacy@fisba.com.
Your registration data will be stored until you unsubscribe from the newsletter.

2.4 Online job applications

When you apply for a job with us, we process your personal data to evaluate your application. During the application process, in addition to your personal details, education, work experience and skills, postal and contact addresses as well as the documents belonging to the application, such as letter of motivation, CV and certificates, will be processed. This data is stored, evaluated, processed or forwarded internally exclusively within the scope of your application. They may also be edited for statistical purposes (e.g. reporting). In this case, it is not possible to draw any conclusions about individual persons.
Processing may also take place by other electronic means. This is particularly the case if you send us your application documents for example by e-mail.
Fields marked as mandatory applicant data (*mandatory) are required in order to assign your application and to be able to contact you regarding your application and to check the chances of success of your application.
· Salutation*
· First name*
· Family name*
· Address*
· Country, postcode and town/city*
· E-mail address*
· Landline number
· Mobile number*
· Nationality*
· Date of birth*
· Residence / settlement permit
· Photos and other files (CV, letter of motivation, certificates etc.) are to be attached

The basis for processing is our legitimate interest in processing your application. You can object to this data processing at any time. In this case, we will not review your application and return the documents to you or delete the documents, should you have submitted them electronically.
Your application data will be stored separately from the other user data and will not be merged with them.
If we conclude an employment contract with you, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the legal regulations. If the application procedure ends without employment, your application data will be stored for three months for documentation purposes and then deleted, unless you have given us your consent to use your data for further application procedures with us and to contact you again in connection therewith.
Notwithstanding the foregoing, you have the option of having your electronic data erased at any time. You can send your request for erasure to the following e-mail address: dataprivacy@fisba.com.

2.5 Visiting exhibitions

If you visit us at an exhibition, we process your master data (e.g. names and addresses as well as your contact data).
The legal basis for the processing of your personal data is the performance of a contract to which you are a contractual party.

2.6 In Connection with Customers, Suppliers, Service Providers

In order to fulfil our contractual and pre-contractual obligations, we process master data (e.g. names and addresses as well as your contact data) and contractual data (e.g. services used, names of contact persons, payment information).
The legal basis for the processing of your data is the performance of a contract to which you are the contractual party, or in order to take steps prior to entering into a contract.
If we store the data because of a contractual relationship with you, this data remains stored for at least as long as the contractual relationship exists, and at most as long as periods of prescription or possible claims from us are running or legal or contractual retention periods exist.

3 Erasure

We process and store your personal data only for the period which is required to achieve the storage purpose or the laws or provisions which we are subject to, provide for. If the storage purpose lapses or if a prescribed storage period expires, the personal data are erased routinely and corresponding to the legal provisions.
In addition, we erase your data when you request us to do so via dataprivacy@fisba.com and we do not have any statutory or other retention or security obligations for this data.

4 Disclosure to Third Parties

We treat your personal data confidentially and only pass them on if you have expressly consented to this, if we are legally obliged to do so or if this is necessary for the enforcement of our rights, in particular for the enforcement of claims arising from the contractual relationship.
Furthermore, we pass your personal data on to third parties as far as this is necessary in the context of the use of the website or for the possible provision of services requested by you. The use of the data forwarded for this purpose by third parties is strictly limited to the aforementioned purposes. If the level of data protection in a country in which the data is processed does not comply with the applicable data protection regulations, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the European Economic Area (EEA) at all times.
We disclose your personal data to the following category of recipients:
· shareholders of the FISBA group
· service operators
· commercial partners, e.g. licence holders and distributors
· authorities

5 Cookies

5.1 What are cookies?

When you visit a website, a cookie may be stored on your operating system. Cookies are small text files that are stored on your terminal device with the help of your browser. This cookie contains a character string that enables the unique identification of the browser when the website is called up again.
By means of a cookie, information and offers on our website can be optimized in your interest. Cookies enable us to recognize visitors. The purpose of this recognition is to make it easier for you to use our website. This is also our legitimate interest in data processing.

5.2 Which data are stored in the cookies?

Only pseudonymous data is stored in the cookies we use. When the cookie is activated, an identification number is assigned to it. Your personal data will not be assigned to this identification number. Your name, your IP address or similar data, which would enable a direct assignment of the cookie to you, will not be stored in the cookie. Based on cookie technology, we only receive pseudonymous information.

5.3 What types of cookies do we use?

Temporary cookies
We use temporary cookies. These are automatically deleted when you log out or close your browser. This includes in particular the session cookies. They store a so-called session ID, with which different requests of your browser can be assigned to the session. We use these types of cookies to ensure the operation and functionality of our website.
Non-personal cookies
Non-personal cookies do not transmit any personal data to us, e.g. statistics cookies. They help us understand how visitors interact with the site by anonymously gathering and reporting information.
Third-party cookies
We also use functions of some web analysis services that help us to make our internet offer and the website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (so-called third-party cookies). Further information on the use of third-party cookies can be found in the section «Analysis Tools» (see section 6).

5.4 How can you prevent the use of cookies or delete them?

Acceptance of cookies is not a prerequisite for visiting our website. Most Internet browsers accept cookies automatically. If you do not wish this, you can set your browser so that it informs you about the setting of cookies and you only allow this in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs.
The procedure for checking and deleting cookies depends on the browser you are using. Please refer to your browser's help menu.
You can find out more about this option for the most frequently used browsers via the following links:
• Explorer: support.microsoft.com/en-en/help/17442/windows-internet-explorer-delete-manage-cookies
• Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
• Safari: https://support.apple.com/en-en/guide/safari/sfri11471/mac

6 Analysis Tools

6.1 Google (Universal) Analytics

On the basis of our legitimate interests we use Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). Google uses cookies. We use Google Analytics including the functions of Universal Analytics. Universal Analytics allows us to analyse the activities on our pages across devices (e.g. for access via laptop and later via a tablet). This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyse a user's activities across devices.
The information about your use of this website (including your IP address) generated by the cookie is transmitted to a Google server in the USA and stored there. Google is certified under the Swiss-US and EU-US Privacy Shield Framework and because of this, is obligated to provide a standard of data protection that is comparable to EU and Swiss data protection law. Further information can be found under https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Google uses this information by our order so as to evaluate your use of our website, to create reports regarding website activities and to provide services to us with regards to other website and Internet use. The IP address of your browser transmitted via Google Analytics will not be merged with other data of Google.
We use Google Analytics only with activated IP anonymization. This means that the IP address of the users is abbreviated by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in cases of exception will the full IP address be transmitted to a Google server in the USA and then abbreviated there.
You can prevent the acquisition and transmission of the data created by the cookie and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en). An opt-out cookie is set, which prevents the future acquisition of your data when visiting this website. However, we would like to point out to you, that you may not be able to use all functions of this website in full in this case. To prevent Universal Analytics from collecting data across different devices, you must opt out on all systems used. Further information on Universal Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376.
For more information on Google Analytics' Terms of Use and Privacy Policy, please visit www.google.com/analytics/terms/en.html and www.google.com/intl/en/policies/.

7 Your rights

7.1 Right to access

You have the right to request information from us as to whether and which of your personal data we process.

7.2 Right to rectification

You have the right to request the rectification of your inaccurate personal data and, if necessary, the completion of incomplete personal data in our systems.

7.3 Right to erasure

You have the right to request that your personal data be erased, e.g. if the data is no longer needed for the purposes pursued. However, if we are obliged to retain your data due to legal or contractual retention obligations, we can therefore only restrict or block your data to the extent necessary in such cases.

7.4 Right to restriction of processing

You have the right to ask us to restrict the processing of your personal data.

7.5 Right to data portability

If applicable, you have the right to receive your personal data in a structured, common and machine-readable format or to request the transmission of this data to a third party.

7.6 Right to object

You have the right to object to the processing of your personal data at any time in accordance with the statutory provisions.

7.7 Withdrawal of consent

You have the right to withdraw your consent to the processing of your personal data at any time, in principle with effect for the future.

7.8 Right to complaint

If applicable, you have the right of appeal to a competent supervisory authority if you believe that the processing of your personal data violates data protection regulations.
For questions regarding our privacy policy and for information regarding your rights under sections 7.1 - 7.8 and for assertion of these rights, please contact us or our Data Protection Coordinator at the contact details given in section 1 of this Privacy Policy. If necessary, we reserve the right to ask for your identification in a suitable manner for the processing of inquiries.

8 Use of the Website by Minors

The website is directed at an adult audience. Minors, in particular children below the age of 16 years, are prohibited from transmitting their data to us, or to register for a service. If we discover that such data has been transmitted to us, this data will be deleted from our database. The parents (or legal representative) of the child can contact us and apply for the deletion or cancellation/deregistration. For this we need a copy of an official document which identifies you as parents or guardian.

9 Data Security

We undertake technical and organisational safety precautions to protect your personal data against manipulation, losses and destruction or against the access of unauthorized persons and to guarantee the protection of their rights and the compliance with the applicable data protection provisions.
The undertaken measures shall guarantee the confidentiality and integrity of your data as well as the availability and capacity of our systems and services when processing your data permanently. They should also reinstate rapid restoration of the availability of data and the access to them in the case of a physical or technical incident.
Our security measures also include the encryption of your data. All information you enter online is transmitted via an encrypted transmission path. This means that this information cannot be viewed by unauthorized third parties at any time.
Our data processing and our security measures are continuously improved according to the technological development.
We also take our own in-house data protection very seriously. Our employees and the service providers ordered by us are obligated to confidentiality and compliance with the data protection provisions. Moreover, access to personal data is granted them only as far as it is necessary.

10 Links to Websites of other Providers

All information you enter online is transmitted via an encrypted transmission path. As a result, this information cannot be viewed by unauthorized third parties at any time. After clicking on the link, we no longer have any influence on the processing of any data transmitted to third parties by clicking on the link (such as the IP address or the URL on which the link is located), as the conduct of third parties is naturally beyond our control. We cannot therefore accept any responsibility for the processing of your personal data by third parties. If the use of other providers' websites involves the collection, processing or use of your personal data, please observe the data protection information of the respective providers.

11 Changes of the Privacy Policy

We explicitly reserve the right to change this Privacy Policy at any time. All changes and additions are at the sole discretion of the company. Current status is September 2018.