Privacy Policy

Thank you for your interest in our company!

BRUGG Group AG operates a website with general information. BRUGG Group AG attaches great importance to the protection of privacy and complies with the statutory data protection regulations. The following explains how your personal data is processed.

1. RESPONSIBLE PARTY


The responsible party in terms of data protection law is:

BRUGG Rohrsystem AG 
Industriestrasse 39
5314 Kleindöttingen / Schweiz

Tel.: +41 56 268 78 78
E-mail: pipes@remove-this.brugg.com

and

BRUGG Rohrsysteme GmbH
Adolf-Oesterheld-Strasse 31
31515 Wunstorf / Deutschland

Tel.: +49 5031 170 0
E-mail: info.brg@remove-this.brugg.com

and

BRUGG German Pipe GmbH
Darrweg 43
D-99734 Nordhausen / Deutschland

Tel.: +49(0)36 31 462 67 0
E-mail: info@remove-this.german-pipe.com


Joint responsibility

Data is processed by multiple companies in many areas. This joint responsibility is regulated by an agreement between the companies. The companies use the same database solution within the framework of their activities and access a common database as far as is necessary. Each company is responsible for the lawful processing of personal data and the granting of rights of data subjects, including the provision of mandatory information. The companies shall support each other in this regard to the extent necessary.


Data protection officer

We have appointed an external data protection officer for the German companies BRUGG Rohrsysteme GmbH and BRUGG German Pipe GmbH. You can reach this officer at:

c/o activeMind.legal Rechtsanwaltsgesellschaft GmbH
Potsdamer Str. 3
D- 80802 München / Deutschland

Tel.: +49 (0)89 / 91 92 94 – 900
E-mail: brugg-rohrsysteme@remove-this.activemind.de

 

2.  PROCESSING ACTIVITIES

 

A.  ACCESSING OUR WEBSITE (SERVER LOG FILES)


Type of processing

When you access our website, meaning even if you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) contains, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address, referrer URL, date and time of access and the like.

It is processed in particular for the following purposes:

•   Ensuring problem-free connection of the website
•   Ensuring smooth use of the website, and
•   Ensuring and evaluating system security and stability, in particular for detection of abuse, as well as
•   For technically error-free presentation and optimisation of our website

We do not use your data to draw conclusions about your person. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

Processing is based on our legitimate interest in improving the stability and functionality of our website and ensuring system security and detection of abuse.
 

Data recipients

We use service providers who act as our order processors to operate and maintain our website.

All service providers are contractually obliged to treat your data confidentially.  
 

Transfer to third countries

Data processing of EU data in Switzerland cannot be ruled out. There is an adequacy decision of the EU Commission for Switzerland.
 

Duration of storage

Data is stored in server log files in a form that allows for the identification of the persons concerned for a maximum period of 14 days, unless a security-relevant event occurs (e.g. a DDoS attack).

In the event of such an event, server log files will be stored until the elimination and complete clarification of the security-relevant event.
 

Provision prescribed or required

The provision of the above-mentioned personal data is neither legally nor contractually prescribed. However, without the IP address and the cookie identifier, the service and functionality of our website are not guaranteed. In addition, individual services may not be available or may be restricted.


Objection

Please read the information about your right to object below.

 

B.  CONTACT
 

Type of processing

The data you provide will be stored for the purpose of individualised communication with you.  It is necessary to provide a valid e-mail address, first name and surname as well as your request for this purpose. This enables us to allocate the request and then respond to it. The provision of further data is optional.

Our website contains a contact form that can be used to contact us electronically. If you use this option, the data entered in the input mask will be transmitted to us and stored. 

The following data is also stored at the time the message is sent:

(1) Date and time of your request
(2) URL from which the request was made

(3) Country and language if necessary 

An alternative is to contact us using the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail is stored. This includes the date and time the e-mail was sent, the e-mail address, IP addresses and information about the servers involved in the e-mail communication. You can also contact us using the telephone number provided. In this case, we collect log data that includes your telephone number and the duration of the call. We do not record conversations as a matter of principle.

Regardless of the communication method you select, we collect the content of your request.

The data is processed on the basis of a legitimate interest to enable you to contact us easily. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions. If you contact us to request an offer, the data entered in the contact form will be processed to carry out pre-contractual measures.
 

Data recipients

Recipients of the data may be technical service providers who act as order processors for the operation and maintenance of our website and our e-mail server. In addition, a service team is available for your requests.

All service providers are contractually obliged to treat your data confidentially.
 

Transfer to third countries

Data processing of EU data in Switzerland cannot be ruled out. There is an adequacy decision of the EU Commission for Switzerland.
 

Duration of storage

Data will be deleted no later than 12 months after the request has been processed.

If a contractual relationship is established, we are subject to the statutory retention periods and delete your data after six or ten years.
 

Provision prescribed or required

The provision of your personal data is voluntary. However, we can only process your request if you provide us with the required data and the reason for the request.


Objection

Please read the information about your right to object below.

 

C. SENDING OF THE NEWSLETTER
 

Type of processing

Your data will only be used to send you the newsletter you have subscribed to by e-mail and, if you have also consented to this, to evaluate how you use the newsletter and any content linked to it. Your name is given in order to be able to address you personally in the newsletter and to identify you if you wish to exercise your rights as a data subject.

In order to verify that a registration is actually performed by the owner of an e-mail address, we use the “double opt-in” procedure (DOI procedure) for online registration. This means that following your newsletter subscription, you will receive an e-mail in which you must reconfirm your newsletter subscription.

The following data is also stored at the time of DOI confirmation:

•    Place, date and time of your registration
•    IP address
•    E-mail address
•    If necessary Title, first name, surname

In addition, we evaluate your reading and usage behaviour in order to constantly improve our newsletter and adapt it to your needs and interests.

We send our newsletter based on your consent.


Data recipients

We use a service provider for sending the newsletter who acts as our order processor.

All service providers are contractually obliged to treat your data confidentially.
 

Transfer to third countries

Data processing of EU data in Switzerland cannot be ruled out. There is an adequacy decision of the EU Commission for Switzerland.
 

Duration of storage

The data will only be processed in this context if the corresponding consent has been given.
 

Provision prescribed or required

The provision of your personal data is voluntary, based solely on your consent. There are no disadvantages for you. Unfortunately, we cannot send you our newsletter without your consent.
 

Revocation of consent

You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time. There is a corresponding link in each newsletter. The revocation can also be made through the other contact options provided on the website.

 

D. APPLICATIONS
 

Type of processing

You can submit your application online to activeMind AG, activeMind.legal Rechtsanwaltsgesellschaft mbH and activeMind.legal UK Ltd on our application portal. We will process the data you provide exclusively for the purpose of assessing your professional suitability and contacting you.

The following data is also stored at the time the message is sent:

•     Date and time of your request
•     URL from which the request was made
 

An alternative is to contact us using the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail is stored. This includes the date and time the e-mail was sent, the e-mail address, IP addresses and information about the servers involved in the e-mail communication.

You can also contact us using the telephone number provided. In this case, we collect log data that includes your telephone number and the duration of the call. We do not record conversations as a matter of principle.

Processing is carried out for the purpose of establishing an employment relationship within the framework of pre-contractual measures, which are carried out upon request.
 

Data recipients

Within the companies, access to their data is given to those bodies that need it to fulfil contractual, legal and supervisory duties.

Our website is maintained by service providers who act as our order processors.

We use personnel management software for our application process, which helps us to manage the application process and job advertisements.

All service providers are contractually obliged to treat your data confidentially.
 

Transfer to third countries

Data processing of EU data in Switzerland cannot be ruled out. There is an adequacy decision of the EU Commission for Switzerland.


Duration of storage

If your application is rejected, it will be deleted 6 months after the decision is announced.

If an employment relationship is established, the application documents are stored for at least the period of employment.
 

Provision prescribed or required

The provision of your personal data is voluntary. However, it is not possible to process the application without this information.

 

E.  WEBINARS
 

Type of processing

To conduct live webinars, we use the webinar solution of the GoToWebinar webinar software (LogMeIn). The tool is tailored precisely to the needs of conducting webinars. It allows for effective delivery of content to a larger number of participants via the Internet and helps maintain the quality of the webinars. After the webinar, we may make the presentation and additional information available to participants with a download link.

A detailed list of the categories of data collected and processed by GoToWebinar, as well as the exact purpose of processing in each case, can be found at https://www.logmein.com/de/trust/privacy.

GoToWebinar makes it possible for administrators to make extensive settings relevant to data protection. We configure the tool in such a way that only the personal data that is absolutely necessary for implementation of the webinar is processed and the collected data is protected in the best possible way. This is how we enable the most secure use that also protects private data.

An acceptable level of data protection is guaranteed by end-to-end encryption enforced by the system. This limits the transmission of data to the service provider to the data provided by the user during registration and the metadata associated with participation in the seminar. The registered user is responsible for the data he or she discloses during registration. Pseudonymous use is possible in principle. Additional information on encryption technology can be found here. All webinars are recorded in order to make the content available to participants afterwards. Audio and video functions are deactivated by default for all participants during recording. The recording processes the questions asked by online seminar participants. The recordings do not include videos or images of the participants.

The use of GoToWebinar (LogMeIn) is based on a legitimate interest in practical and user-friendly implementation of the webinar, including a good user experience for the purpose of customer acquisition and the external image of the company.
 

Data recipients

Personal data processed in connection with participation in webinars will not be passed on to third parties as a matter of principle.

Recipients are also technical service providers for registration management within the scope of order processing. In the case of GoToWebinar (LogMeIn), this is LogMeIn, Inc., 333 Summer Street, Boston, Massachusetts 02210 USA.
 

Transfer to third countries

Data processing of EU data in Switzerland cannot be ruled out. There is an adequacy decision of the EU Commission for Switzerland.

Processing also takes place in the USA. Guarantees exist in the form of concluded standard contractual clauses. The guarantee of a level of data protection that is approximately the same as within the EU is best achieved through the technical restriction of data transmission. The standard contractual clauses can be viewed under “APPENDIX 1” here: https://logmeincdn.azureedge.net/legal/20191226/DPA/LMI-Customer-Data-Processing-Addendum-2019-v2-DE-SAMPLE.pdf.


Duration of storage

Data is only collected by us in the context of the respective live session. As a rule, no recording takes place or only in the case of prior, separate consent of the participants. Recording enabled by the system via GoToWebinar is prevented for all participants. Registration data is deleted after this purpose no longer exists.  This usually takes place after a maximum storage period of 6 months in our system.


Provision prescribed or required

The provision of your personal data is voluntary. We can only offer the webinar if we can processed the associated data.
 

Objection

Please read the information about your right to object below.

 

F. CUSTOMER SURVEYS

 

Type of processing

We conduct surveys with our business partners from time to time. We will contact you by e-mail for this purpose. For the evaluation of the survey, your personal data is always processed pseudonymously as part of the survey. It is not possible for us to draw any direct conclusions about you as a person. 

If we ask you to be contacted at a later date during the survey, you will be asked separately. We will only contact you if you have explicitly given your consent to this.  Pseudonymized processing is excluded in this case. 

The purpose and legitimate interest of processing in the context of online surveys is customer satisfaction and the optimization of our products.

 

Recipient of the data

We use the UmfrageOnline tool from enuvo GmbH, Huobstrasse 10, 8008 Pfäffikon SZ, Switzerland, to conduct online surveys. We have concluded a data processing contract with the service provider. The service provider is contractually obliged to treat your data confidentially.

 

Third country transfer

Data processing of EU data in Switzerland cannot be ruled out. The EU Commission has issued an adequacy decision for Switzerland.

 

Storage duration

Your e-mail address will be deleted immediately after the evaluation of the survey. 

 

Provision prescribed or required

The provision of your personal data is voluntary. 

 

Objection

You are entitled to object to the use of your e-mail address for the aforementioned purpose at any time with effect for the future. The revocation can be made via the contact options provided on the website.

 

G. CUSTOMER INTERVIEWS

 

Type of processing

If you have given us your consent, we will interview you in person (virtually via MS Teams or on site) about our products, your needs, your perception of our company and developments in the market. This interview will be recorded by us (audio recording or video and audio recording). Further information on security at Microsoft Teams can be found here: Microsoft Teams Security Guide - Overview - Microsoft Teams | Microsoft Learn. 

The recordings remain with the employee who conducts the interview. They will not be passed on to third parties. 

The purpose of processing these surveys is to determine customer satisfaction and needs, to optimize our products, internal processes and our marketing communication.

 

Recipient of the data

Within the company, only the employee who conducts the interview has access to the recordings. 

We use MS Teams to conduct virtual interviews. We have concluded a data processing contract with Microsoft.

 

Third country transfer

Data processing of EU data in Switzerland cannot be ruled out. The EU Commission has issued an adequacy decision for Switzerland.

 

Storage duration

The recording will be deleted within two months of project completion at the latest. 

 

Provision prescribed or required

The provision of your personal data is voluntary. You will not suffer any disadvantages if you do not participate. 

 

Objection

You are entitled to object to the recording. If you do not give your consent to our employee, the interview will not be recorded. 

 

H. COOKIES
 

Basic information

A cookie is a small data set that is created when a website is visited and is temporarily stored on the system of the website user. If the server of this website is called up again by the user of the website, the browser of the user of the website sends the previously received cookie back to the server. The server can evaluate the information obtained with this process. Above all, cookies can make it easier to navigate a website.

Detailed information on the subject of cookies, and which cookies are used on this website (after your consent), can be found in our cookie consent tool, which you can access at any time by clicking on the icon (blue tick) at the bottom left of your web browser.
 

Deleting cookies

You can reject any category of cookie, with the exception of technically necessary cookies. To do so, click on the icon at the bottom left of your web browser and make the desired settings in the cookie consent banner that appears.

You can also delete individual cookies or the entire cookie inventory by means of your browser settings. You will also receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you will find the necessary information under the following links:

•   Mozilla Firefox: https://support.mozilla.org/kb/clear-cookies-and-site-data-firefox 
•   Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
•   Google Chrome: https://support.google.com/accounts/answer/61416
•   Opera: http://www.opera.com/help 
•   Safari: https://support.apple.com/guide/safari/sfri11471/mac 

You can also prevent the loading of so-called scripts by default. NoScript only allows JavaScript, Java and other plugins to run on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (for instance, for Mozilla Firefox: https://addons.mozilla.org/de/firefox/addon/noscript/).
 

USE OF TECHNICALLY NECESSARY COOKIES

We use cookies to make our website more user-friendly. Some elements of our website require that the browser used to call up the website can be identified even after a page change.

Technically necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. Some functions of our website cannot be used without cookies. For these functions, it is necessary that the browser be recognised even after a page change.

Processing is based on our legitimate interest in a user-friendly design of our website and in the documentation of consent.

You can obtain detailed information on the subject of cookies and which cookies are used on this website at any time by clicking on the icon (blue tick) at the bottom left of your web browser.

The provision of the above-mentioned personal data is neither legally nor contractually prescribed. However, without this data, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted.

Please read the information about your right to object below.
 

USE OF NOT TECHNICALLY NECESSARY COOKIES

We also use cookies on the website that enable an analysis of the surfing behaviour of the user. These cookies are used to make the use of the website more efficient and attractive.

Detailed information on the subject of cookies, and which cookies are used on this website (after your consent) and information on how you can prevent data transmission (tracking), can be found at any time by clicking on the icon (blue tick) at the bottom left of your web browser.

With the help of the web analysis tools, the behaviour of visitors to the website can be evaluated and interests analysed. We create a pseudonymous user profile for this purpose.

The provision of your data is voluntary, based solely on your consent. However, we would like to point out that, in this case, you may not be able to use all the functions of this website to their full extent.

 

I. FACEBOOK PIXEL
This website uses Facebook's visitor action pixel to measure conversions. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy. This allows Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the website operator.

The use of Facebook Pixel is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures including social media. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

You can find further information on protecting your privacy in Facebook's data protection information: https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function "Custom Audiences" in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/

 

J. YOUR RIGHTS

Every data subject has the right to information, the right to rectification, the right to deletion, the right to restriction of processing, the right to object and the right to data portability.

However, restrictions apply to the right to information and the right to delete data.

You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

You also have the right to lodge a complaint with a relevant data protection supervisory authority.

 

K.  DATA SECURITY

We only handle personal data to the extent that this is possible in accordance with data protection regulations. In doing so, we also strive to take all necessary technical and organisational security measures to adequately protect your personal data from unauthorised access and misuse at all times.

Insofar as we store or process personal data, this is done in a high-security computer centre. To protect the security of your data during transmission, we use encryption procedures (e.g. SSL) via HTTPS. Our servers are secured by means of a firewall and virus protection. Back-up and recovery procedures as well as role and authorisation concepts are a matter of course for us.

Our employees are obliged to observe the regulations of applicable data protection laws when handling data.

 

L.  CHANGE IN DATA PROTECTION REGULATIONS

We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements or in order to make changes to our services in the privacy policy, for instance when introducing new services. The new privacy policy will then apply to your next visit.

The version dated 15.01.2023 currently applies.

 

M.  INFORMATION ABOUT YOUR RIGHT TO OBJECT  


Right to object on a case-by-case basis

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of a balance of interests; this also applies to profiling based on this condition.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
 

Recipient of an objection

The objection can be made informally with the subject “Objection”, stating your name, address or other identification to:
 

BRUGG Rohrsysteme AG
Industriestrasse 39
5314 Kleindöttingen / Schweiz
E-mail: pipes@remove-this.brugg.com 
 

BRUGG Rohrsysteme GmbH
Adolf-Oesterheld-Strasse 31
31515 Wunstorf / Deutschland
E-mail: info.brg@brugg.com 
 

BRUGG German Pipe GmbH
Darrweg 43
D-99734 Nordhausen / Deutschland
E-mail: info@remove-this.german-pipe.com

OUR HANDLING OF YOUR DATA AND YOUR RIGHTS – INFORMATION

in accordance with Art. 13, 14 and 21 of the EU General Data Protection Regulation (GDPR) and information in accordance with Art. 19 of the Federal Act on Data Protection (Data Protection Act - DSG).  

 

Responsible party, joint responsibility and data protection officer

See above 1. RESPONSIBLE PARTY

 

Type of personal data collected 

We process the following personal data that we receive from you as part of our business relationship: 

• Company name with legal form and address 
• Title and name 
• Telephone numbers 
• Fax numbers 
• E-mail addresses 
• Field of activity or position 
• Information about your enquiry (incl. usage data) 
• Product and service interests 
• Other data that you voluntarily provide to us in the course of communication 

 

We process your data for the following purposes and on the following legal basis 

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Federal Act on Data Protection (Data Protection Act - DSG): 

 

For the fulfilment of contractual obligations   

• our contract or for the implementation of pre-contractual measures 
• of ancillary contractual services (e.g. warranty notifications or collection by the manufacturer) 

 

Due to legal requirements  

We are subject to various legal commitments that entail data processing. These include, for example 

• Tax laws and statutory accounting 
• the fulfilment of requests and requirements from supervisory or law enforcement authorities 
• the fulfilment of tax control and reporting obligations 

In addition, the disclosure of personal data may become necessary in the context of official/judicial measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims. 

 

As part of the balancing of interests  

Where necessary, we process your data beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Examples of such cases are 

• If you contact us by e-mail or telephone, the data you enter will be stored for the purpose of personalised communication with you 
• Assertion of legal claims and defence in legal disputes 
• Saving additional contacts in the CRM system for communication 
• Sending newsletters to existing customers, provided the processing activity has not been objected to 
• Data processing in the context of events 

 

Based on your consent 

If you have given us your consent to process your personal data, processing activities will only take place in accordance with the purposes and to the extent agreed in the declaration of consent. Any consent given can be revoked at any time with effect for the future. The revocation of consent only takes effect for the future and does not affect the legality of the data processed until the revocation. Examples of such cases are 

• Sending newsletters to interested parties 
• Creation and use of image and video recordings with sound as part of events 

 

Who receives my data? 

Within our company 

• Employees for contact with you and contractual cooperation (including the fulfilment of pre-contractual measures) 
• Within the BURGG Group as an international organisation 

 

In the context of data processors 

Your data may be passed on to service providers who work for us as data processors: 

• Support or maintenance of EDP or IT applications 
• Accounting 
• Data destruction 
• CRM system provider 
• ERP system provider 
• Microsoft Teams video conferencing system 
• Marketing and mailing service provider  
• Service provider in the context of technical support for the organisation and implementation of events 
• Trade fair lead capture 
• E-mail system  

All service providers are contractually bound and in particular committed to treating your data confidentially. 

 

Other third parties 

Data will only be passed on to recipients outside our company in compliance with the applicable data protection regulations. Recipients of personal data may be, for example 

• Public bodies and institutions (e.g. financial or law enforcement authorities) in the event of a legal or official commitment 
• Credit and financial service providers (processing of payment transactions) 
• Tax consultant or business and payroll tax and tax auditor (statutory audit mandate) 
• External data protection officer 

 

Is data transferred to a third country or an international organisation? 

We regularly transfer data within the BRUGG Group, which is an international organisation. We have concluded an agreement to ensure an appropriate level of data protection. 

Data is transferred to other bodies in countries outside the European Economic Area (so-called third countries) if 

• it is required by law (e.g. reporting obligations under tax law), 
• it is necessary for the fulfilment of a contractual service, 
• you have given us your consent or 
• this is legitimised by the legitimate interest under data protection law and does not conflict with any higher interests of the data subject worthy of protection. 

However, we use service providers for certain tasks who may have their headquarters, parent company or data centres in a third country. A transfer is permitted if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR) or if Switzerland certifies that this country has an equivalent level of data protection. If the Commission has not taken such a decision or if this country is not certified as having an equivalent level of data protection, the companies or the service provider may only transfer personal data to service providers in a third country if suitable guarantees are provided (standard contractual clauses that have been adopted by the EU Commission or the supervisory authority in a specific procedure and/or standard data protection clauses that the FDPIC has approved, issued or recognised in advance) and enforceable rights and effective legal remedies are available. 

We have also contractually agreed with our service providers that there must always be data protection guarantees with their contractual partners in compliance with the European level of data protection. We will provide you with a copy of these guarantees on request. 

Beyond this, we do not transfer any personal data to bodies in third countries or international organisations. 

 

How long will my data be stored? 

We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. It should be noted that the employment relationship is a continuing obligation that is designed for a longer period of time. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted. 

There are exceptions, 

• insofar as statutory retention obligations are to be fulfilled ; 
• for the preservation of evidence within the scope of the statutory statute of limitations.  

If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions apply.  

The same applies to data processing based on your consent. As soon as this consent is revoked by you for the future, the personal data will be deleted unless one of the above exceptions applies.  

 

What data protection rights do I have under the GDPR? 

You have the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing activities under Art. 18 GDPR, the right to object under Art. 21 GDPR and the right to data portability under Art. 20 GDPR. 

National law may provide for restrictions and exceptions (e.g. Sections 34 and 35 BDSG for the right to information and the right to erasure). 

If you have given us your consent, you can revoke it at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing activities carried out on the basis of the consent until the withdrawal. Processing activities that took place before the revocation are not affected. 

 

What data protection rights do I have under the DSG? 

You have the following rights in relation to personal data concerning you: 

• the right to receive information about which of your personal data we store and how we process it, 
• the right to receive a copy of your personal data in a commonly used format,  
• the right to rectification of your personal data,  
• the right to erasure of your personal data,  
• the right to object to the processing of your personal data. 

Please note that exceptions apply to these rights. To the extent permitted by law, we may refuse your request to exercise these rights. 

You can revoke your consent to the processing of personal data at any time. Please note that the cancellation is only effective for the future. Processing that took place before the revocation is not affected. 

For information about the personal data processed by us, please send your request for information to: pipes@remove-this.brugg.com

You also have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC). 

The competent supervisory authority for the German company/companies is 

In addition, you have the right to lodge a complaint with a competent data protection supervisory authority in the federal state of your residence or with the authority responsible for us as the controller (Art. 77 GDPR). A list of supervisory authorities (for the non-public sector) with addresses can be found at
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or https://www.edpb.europa.eu/about-edpb/about-edpb/members_en 

The competent supervisory authority for the Swiss company/companies is 

The Federal Data Protection and Information Commissioner (FDPIC): 

https://www.edoeb.admin.ch/edoeb/de/home/deredoeb/kontakt/anzeigeformular_betroffene.html  

 

Is there an obligation to provide data? 

As part of the contractual relationship, you must provide the personal data that is necessary for the establishment, execution and termination of the contractual relationship and for the fulfilment of the associated contractual obligations or that we are legally committed to collecting. Without this data, we will generally not be able to conclude or fulfil the contract with you. 

The processing activity of your data on the basis of our legitimate interest is carried out on a voluntary basis and as long as our legitimate interest exists.  

The sending of newsletters to you and the creation of image, video and sound recordings as well as the provision of your personal data for planning and organisational purposes is voluntary. Please note, however, that it will not be possible to send you a newsletter, create and use recordings or enable you to participate in the event if you provide incomplete information or no information at all. 

 

Does automated decision-making, including profiling, take place? 

We do not use fully automated decision-making in accordance with Art. 22 GDPR to fulfil the contractual relationship. If we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, insofar as this is required by law.  

We do not process your data with the aim of automatically evaluating certain personal aspects. 

 

Information about your right to object in accordance with Art. 21 GDPR 

Individual right of objection 

You have the right to object, on grounds relating to your particular situation, at any time to the processing activity of personal data concerning you which is based on Article 6 para. 1 lit. f GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4 no. 4 GDPR. 

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing activity which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. 

Recipient of the objection 

The objection can be made informally with the subject "Objection", stating your name, address and date of birth, and should be addressed to the contact details of the data protection officer given above.  

 

 

Changes to our privacy policy 

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes in processing procedures in the privacy policy, e.g. when introducing new services.  

Status: November 2024