Introduction and general information
Thank you for your interest in our website. The protection of your personal data is very important to us. Below you will find information on how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the statutory data protection regulations.
Responsible according to the GDPR
BAX GROUP AG
Gotthelfstrasse 22a
Definitions
Our privacy policy should be simple and understandable for everyone. In this data protection declaration, the official terms of the General Data Protection Regulation (GDPR) are generally used. The official definitions are explained in Art. 4 GDPR.
Web hosting
This website is hosted by an external service provider (hoster). This website is hosted in Zurich. Personal data that is recorded on this website is stored on the host’s servers. This can be v. a. be IP addresses, contact requests, meta and communication data, website accesses and other data generated via a website.
We have concluded an order processing contract with the provider in accordance with the requirements of Art. 28 GDPR, in which we oblige him to protect our customers’ data and not to pass them on to third parties.
Server log files
When you visit our website, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status
- Web browser and operating system used
- (Complete) IP address of the requesting computer
- Amount of data transferred
We collect the listed data in order to ensure a smooth connection to the website and to enable the user to conveniently use our website. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or the log files is Art. 6 Para. 1 lit. f GDPR. For reasons of technical security, in particular to ward off attempted attacks on our web server, we store this data for a short time. Based on this data, we are unable to draw any conclusions about individual persons. After seven days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. The data may also be processed anonymously for statistical purposes. These data are never stored together with other personal data of the user, compared with other databases or passed on to third parties.
Cookies
Our website uses so-called “cookies”. Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically resolves them.
Cookies have different functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or to display advertising.
Technically necessary cookies are stored on the basis of Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services. Other cookies are only stored with your consent on the basis of Art. 6 Paragraph 1 lit. a GDPR. The consent can be revoked at any time for the future. The legal basis can also be derived from Art. 6 Para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are carried out at the request of the data subject.
If cookies are used for analysis purposes, we will inform you about this inform separately in the context of this data protection declaration and obtain consent.
You can set your browser to allow you
- be informed about the setting of cookies,
- Allow cookies only in individual cases,
- exclude the acceptance of cookies for certain cases or in general,
- activate the automatic deletion of cookies when you close the browser.
The cookie settings can be managed under the following links for the respective browser:
- Google Chrome
- Mozilla Firefox
- Edge (Microsoft)
- Safari
- Opera
Most browsers also offer a so-called “Do-Not-Track function”. When this function is activated, the respective browser informs advertising networks, websites and applications that you do not want to be “tracked” for the purpose of behavior-based advertising and the like.
Information and instructions on how to edit this function can be found under the following links, depending on the provider of your browser:
- Google Chrome
- Mozilla Firefox
- Edge (Microsoft)
- Safari
- Opera
You can also prevent so-called scripts from being loaded by default. “NoScript” only allows JavaScripts, Java and other plug-ins to be run on trustworthy domains of your choice. Information and instructions on how you can edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/ ).
Please note that if you deactivate cookies, the functionality of our website may be restricted.
Change of cookie settings
You can revoke or change your cookie settings at any time. To do this, call up the cookie settings again via www.bax-group.com/cookie .
Contact form and contact by email
If you send us inquiries using the contact form or e-mail, your details from the inquiry form or your e-mail, including the personal data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. Entering an e-mail address is required to provide contact information; providing your first and last name and your telephone number is voluntary. We will never pass this data on without your consent. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 Paragraph 1 lit. f GDPR and, if applicable, Art. 6 Paragraph 1 lit. Your data will be deleted after your request has been processed, provided that there are no statutory retention requirements. In the case of Article 6 (1) (f) GDPR, you can object to the processing of your personal data at any time.
Web form for sending applications
If you apply to us using our web form, we collect personal data. This includes, in particular, your contact details (such as first name, surname, name additions, private address, (mobile) telephone number, email address) as well as other data you have provided about your career (e.g. curriculum vitae, qualifications and degrees, Professional experience) and your person (e.g. cover letter, personal interests). This can also include special categories of personal data (e.g. information on a severe disability). As a rule, your personal data is collected directly from you as part of the application process and is encrypted during the electronic transmission. The data comes from the application form to be completed online and from the uploaded files.
The data processing serves to initiate an employment relationship. The primary legal basis for this is Section 26 (1) BDSG. In addition, consent according to Article 6 Paragraph 1 lit. a, 7 GDPR i. V. m. § 26 Abs. 2 BDSG as data protection law permission regulation. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.
Within our company, only those persons and positions (e.g. human resources) have access to your personal data who absolutely need them to carry out the application process or to fulfill our legal obligations. For this purpose, your applications may be forwarded to the responsible person responsible for review. Under no circumstances will your personal data be passed on to third parties without authorization.
Your data on an application for a specific job advertisement will be processed by us during the ongoing application process. After the application process has ended (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system six months after the application process has ended. If you are accepted, we reserve the right to keep your application longer if the start date is more than six months in the future.
Google Analytics
Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies”.
Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with other services related to the use of the website and the Internet. The IP address sent by your browser as part of Google Analytics will not be combined with other Google data. The processing takes place in accordance with Art. 6 Para. 1 lit. a GDPR on the basis of the consent you have given.
We only use Google Analytics with activated IP anonymization. This means that Google will only process your IP address in abbreviated form.
We have concluded an order processing contract with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.
Since personal data is transferred to the USA, further protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be ensured even through this contractual extension, we will endeavor to reach additional regulations and commitments from the recipient in the USA.
The terms of use of Google Analytics and information on data protection can be accessed via the following links:
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. A deletion of the data at user and event level with cookies, user IDs (e.g. user ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers ]) are linked, takes place no later than 14 months after their survey.
You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and from analyzing your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at https: // tools.google.com/dlpage/gaoptout?hl=de is available.
Google Maps
Our homepage uses the online map service provider Google Maps via an interface. This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functionalities of Google Maps, it is necessary to save your IP address. The legal basis for the processing of your personal data is the consent you have given in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.
By using the service, personal data is transferred to the USA. The legal basis for the transfer of your personal data to the USA is the consent you have given in accordance with Article 49 Paragraph 1 Sentence 1 lit. Please note that there is a risk for you for such transfers of personal data without an adequacy decision and without suitable guarantees. The risk is that American authorities (in particular the intelligence services) may access the personal data due to the legislation in the USA. Legal protection options or information about the handling of your data by the US authorities are only possible to a very limited extent or not at all. A level of data protection according to the requirements of the GDPR cannot therefore be guaranteed.
Further information on handling user data can be found in Google’s data protection declaration: https://www.google.de/intl/de/policies/privacy/Opt-out: https://www.google.com/settings/ads/
Google Ads Remarketing
Our website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
If you have given us your consent, this function enables the advertising target groups created with Google Ads Remarketing to be linked with the cross-device functions of Google AdWords and Google DoubleClick. The legal basis is the consent you have given in accordance with Article 6, Paragraph 1, Sentence 1, Letter a of the GDPR. In this way, interest-related, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).
If you have given your consent, Google will link your web and app browser history to your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you log in with your Google account.
To support this function, Google Analytics records authenticated user IDs, which are temporarily linked to our Google Analytics data in order to define and create target groups for cross-device advertising.
You can permanently object to cross-device remarketing / targeting by deactivating personalized advertising in your Google account; follow this link: https://adssettings.google.com/
Since personal data is transferred to the USA, further protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be ensured even through this contractual extension, we will endeavor to find additional regulations and commitments from the recipient in the USA.
Further information and the data protection provisions can be found in Google’s data protection declaration at: https://www.google.com/policies/technologies/ads/
Google Fonts
We integrate the fonts (“Google Fonts”) from the provider Google, whereby the user data is used solely for the purpose of displaying the fonts in the user’s browser. The integration takes place on the basis of our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform representation and taking into account possible licensing restrictions for their integration. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://fonts.google.com/ ; Data protection declaration: https://policies.google.com/privacy .
Appearances in social media
In the following you will find information on the handling of your data that is collected through your use of our social media presence on social networks and platforms. Your data will be processed in accordance with statutory regulations.
1. Providers
1.1. Facebook fan page
1.1.1. Responsible body
In the event that the data you have transmitted to us is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland, is responsible for data processing in addition to or on our behalf Meaning of the GDPR. For this purpose, we have concluded an agreement with Facebook in accordance with Art. 26 GDPR on joint responsibility for the processing of data (controller addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. You can view this agreement under the following link: https://www.facebook.com/legal/terms/page_controller_addendum .
Since a transfer of personal data by Facebook Ltd. in the USA to Facebook Inc., among others, further protective mechanisms are required to ensure the data protection level of the GDPR. For this purpose, the provider uses standard data protection clauses in accordance with Art. 46 Paragraph 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe.
If you would like to exercise your rights as a visitor to the site (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both Facebook and us.
You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in:
1.1.3. Data processing for statistical purposes using page insights
Facebook provides so-called page insights for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. This is aggregated data that provides information about how people interact with our site. Page insights can be based on personal data that is recorded in connection with a visit or interaction of people on or with our site and in connection with the content provided. Please note which personal data you share with us via Facebook. Your data can be processed for market research and advertising purposes, even if you are not logged into Facebook or do not have a Facebook account. So z. B. from the usage behavior and the resulting interests of the user user profiles are created. The user profiles can in turn be used to e.g. B. To place advertisements inside and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies, which are stored on your end device. Furthermore, data that is independent of the devices used by the users can also be stored in the user profiles; especially if the users are members of the respective platforms and are logged in to them. The legal basis for processing is Article 6 (1) (f) GDPR. Our legitimate interest lies in the optimized presentation of our offer, effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on data collection and further processing by Facebook. As a result, we cannot provide any information about the extent, location and duration of the data stored by Facebook. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing deletion obligations, which evaluations and links with the data are made by Facebook and to whom the data is passed on by Facebook. If you want to avoid the processing of your personal data by Facebook, please contact us in another way.
1.2. Other social media providers
1.2.1. Responsible body
If your personal data is processed by a provider listed below, this provider is responsible for data processing within the meaning of the GDPR. For the assertion We point out your data subject rights that these can most effectively be asserted with the respective providers. Only they have access to the data collected from you. If you still need help, please do not hesitate to contact us.
We have an online presence on the social media platforms of the following providers:
- Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland
- Instagram Inc., Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland
- LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
- XING SE, Dammtorstrasse 29-32, 20354 Hamburg, Germany
- Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA
1.2.2. Data protection officer
You can find information on how to contact the data protection officer of the other social media providers here:
2. General information on social media platforms
2.1. Responsible body
The person responsible for data processing within the meaning of the GDPR is the body named at the beginning of this data protection declaration, insofar as we process data transmitted by you via one of the social media platforms.
2.2. Our data protection officer
If you have any concerns about data processing that is carried out by us as the person responsible, you can contact our data protection officer using the contact details given at the beginning of this data protection declaration.
3. General data processing on the social media platforms
3.1. Data processing for market research and advertising
As a rule, personal data is processed on the company website for market research and advertising purposes. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. Using the collected data, usage profiles can be created. These are used to place advertisements inside and outside the platform that presumably correspond to your interests. Furthermore, data can be saved in the usage profiles regardless of the devices you are using. This is regularly the case if you are a member of the respective platforms and logged in to them.
3.2. Data processing when contacting us
We collect personal data ourselves when you e.g. You can contact us using the contact form or a messenger service such as Facebook Messenger. Which data is collected depends on the information you provide and the contact details you have provided or released. These are stored by us for the purpose of processing the request and in the event of follow-up questions. We will never pass the data on to third parties without your consent. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 Paragraph 1 lit. f GDPR and, if applicable, Art. 6 Paragraph 1 lit. b GDPR, if your request is aimed at concluding a contract. Your data will be deleted after your request has been processed, provided that there are no statutory retention requirements. We assume final processing if it can be inferred from the circumstances that the matter in question has been finally clarified.
3.3. Data processing for contract processing
If your contact via a social network or other platform is aimed at concluding a contract for the delivery of goods or for the provision of services with us, we will process your data to fulfill the contract or to carry out pre-contractual measures or to provide the desired services. In this case, the legal basis for processing your data is Article 6 (1) (b) GDPR. Your data will be deleted when it is no longer required for the execution of the contract or it is certain that the pre-contractual measures do not lead to a contract that corresponds to the purpose of making contact. Please note that even after the contract has been concluded, it may be necessary to save personal data of our contractual partners in order to meet contractual or legal obligations.
3.4. Data processing based on consent
If you are asked by the respective providers of the platforms for your consent to the processing for a specific purpose, the legal basis for the processing is Art. 6 Para. 1 lit. a., Art. 7 GDPR. A given consent can be revoked at any time with effect for the future.
4. Data transfer and recipient
When visiting and using the platforms listed above, personal data may be transferred to the USA or other third countries outside the EU, which is why further protective mechanisms are required in these cases to ensure the data protection level of the GDPR. Further information on whether and which suitable guarantees the providers can provide for this can be found in the list below.
We have no influence on the processing of your personal data by the provider and how it is handled. We also have no information on this. For further information, please check the data protection declaration of the respective provider and, if necessary, use the options for opt-out / personalization with regard to data processing by the provider:
– Twitter
– Instagram
– Google
– LinkedIn
– XING
– Pinterest
External links
Social networks are only included on our website as a link to the corresponding services. After clicking on the integrated text / image link, you will be redirected to the website of the respective provider. User information is only transmitted to the respective provider after it has been forwarded. For information on how your personal data is handled when using these websites, please refer to the respective data protection provisions of the providers you use.
Data transfer and recipient
Your personal data will not be transmitted to third parties unless we have explicitly pointed this out in the description of the respective data processing. – if you have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR, – disclosure is necessary in accordance with Art. 6 Para. 1 S. 1 lit.f DSGVO for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data – in the event that there is a legal obligation for the disclosure in accordance with Art. 6 Para. 1 S. 1 lit. c GDPR and – as far as this according to Art. 6 Para. 1 S. 1 lit.b DSGVO is necessary for the processing of contractual relationships with you. We also use external service providers that we have carefully selected and commissioned in writing to process our services. They are bound by our instructions and are regularly checked by us. With whom we have concluded order processing contracts in accordance with Art. 28 GDPR, if necessary. These are service providers for web hosting, sending e-mails as well as maintenance and servicing of our IT systems etc. The service providers will not pass this data on to third parties.
Data security
In accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons, we make suitable technical and organizational measures to ensure a level of protection appropriate to the risk. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.
Duration of storage of personal data
The duration of the storage of personal data is based on the relevant statutory retention periods (e.g. from commercial law and tax law). After the respective period has expired, the relevant data is routinely deleted. If data is required for contract fulfillment or contract initiation or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you exercise your right of revocation or objection.
Your rights
In the following you will find information on the data subject rights that the applicable data protection law grants you to the person responsible with regard to the processing of your personal data:
The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right of appeal, the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details.
The right, in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us.
The right, in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, unless processing to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or Defense of legal claims is necessary.
The right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if you dispute the accuracy of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you do Need to assert, exercise or defend legal claims or you have objected to processing in accordance with Art. 21 GDPR
The right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible.
The right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our above-mentioned registered office or, if applicable, that of your usual place of residence or work.
The right to revoke consent given in accordance with Art. 7 Paragraph 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.
Right to object
If your personal data are processed by us on the basis of legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is applicable Reasons that arise from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct mail, you have a general right of objection without the requirement to state a particular situation.
If you would like to make use of your right of withdrawal or objection, an email to dataprivacy@bax-group.com .
Legal Obligations
The provision of personal data for the decision on the conclusion of a contract, the fulfillment of the contract or the implementation of pre-contractual measures is voluntary. However, we can only make the decision within the framework of contractual measures if you provide such personal data that are necessary for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.
Automated decision making
Automated decision-making or profiling in accordance with Art. 22 GDPR does not take place.
Subject to change
We reserve the right to adapt or update this data protection declaration if necessary, taking into account the applicable data protection regulations. In this way, we can adapt them to current legal requirements and take changes to our services into account, e.g. B. when introducing new services. The most recent version applies to your visit.
Status of this data protection declaration: 26.02.2021
