Privacy policy

ANTA SWISS AG privacy policy

The ANTA SWISS AG privacy policy provides you with information about what personal data we process in connection with our activities and operations. This specifically includes information about why, how and where we process personal data, how long the personal data is stored, and whether personal data is disclosed to third parties in Switzerland and abroad. We also inform you about your rights when your personal data is processed.

We are bound by the revised Federal Data Protection Act and any applicable foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR).

1. Contact address

In charge of the processing of personal data is

Thomas Strebel

ANTA SWISS AG

Hasentalstrasse 3

8934 Knonau

Switzerland

+41 44 818 84 84

 

2. Terms and legal basis

2.1. Terms

Personal data is any information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.

2.2. Legal basis

We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection ACT (FDPA), the Ordinance to the Federal Data Protection ACT (DPO) and to the extent that the General Data Protection Regulation (GDPR) is applicable, personal data pursuant to at least one of the legal bases defined in Art. 6 GDPR and therefore in compliance with the Swiss revDPA.

3. Personal data (type, scope, purpose and duration)

We process the personal data that is needed to perform our activities and tasks in a consistent, user-friendly, secure and reliable manner. Such personal data usually falls into the following categories

  • Inventory and contact data
  • Browser and device data
  • Content data, meta or ancillary data and usage data
  • Location data
  • Sales data and
  • contract and payment data.

The personal data we collect will be stored only for as long as necessary to fulfil the respective purpose. Under certain circumstances, legal requirements or other obligations may lead to a longer storage period. Personal data no longer needed for processing will be anonymised or erased.

We may process personal data through third parties. We can also collaborate with third parties to process personal data or transfer the data to third parties. These third parties are, in many instances, specialised providers whose services we use.

As a matter of principle, we only process personal data with the data subject’s consent, unless the processing is permitted for other legal reasons, such as the fulfilling a contract between the data subject and the data controller or for corresponding pre-contractual measures, to protect our overriding legitimate interests, as the processing is evident from the circumstances or has been notified in advance.

We process in particular information that a data subject has voluntarily and personally provided to us when contacting us, for example, by letter, e-mail or telephone. We process this information only insofar as it is necessary for fulfilling the purpose of the processing or to complete the order. In order for us to fulfil your request, you will need to complete the mandatory marked fields when filling out forms. If we receive data about other persons that has been transmitted, the persons transmitting the data must ensure this data is protected and accurate.

3.1. Categories of recipients of personal data

Within the scope of our business activities, we work with various suppliers and service providers who may have access to certain personal data. These recipients may include:

  • suppliers responsible for shipping or logistics
  • service providers who provide our IT infrastructure or cloud services
  • external consultants or partners who support us with certain processes.

We carefully select our suppliers and service providers and make sure they have appropriate safeguards in place to ensure the confidentiality and security of your data.

4. Use of the website

When using our website, personal data may be processed via the following functions and modes of operation:

4.1. Newsletter

If you subscribe to a newsletter on our website, you will need to provide an email address. As soon as you are no longer subscribed to our newsletter, this data is deleted immediately.

We also process personal data we receive from third parties, obtain from publicly accessible sources or collect within the scope of our activities and operations, insofar as such processing is permitted for legal reasons.

4.2. Cookies

Cookies on the website may be used to enable certain functions and make visiting the website more appealing to users. Cookies are small text files which are stored on your computer. Most of the cookies used are erased from your hard drive once the browser session comes to an end (session cookies). Other cookies will remain on your computer so we can recognise you again during your next visit to our website (permanent cookies).

You can prevent the storage of cookies in your browser by restricting or switching off the storage and reading of cookies Please note that certain functions on the website may not work properly without cookies.

4.3. Server log files

When you access our website, we may collect the following information if it is transmitted by your browser to our server infrastructure or can be identified by our web server:

  • Date and time including time zone;
  • Internet Protocol (IP) address;
  • Access status (HTTP status code);
  • Operating system including user interface and version;
  • Browser including language and version;
  • Individual sub-pages of our website accessed, including the amount of data transferred;
  • Last website visited in the same browser window (referrer).

We save this information, which can also be classified as personal data, as server log files. We need this information to make our website available in a consistent, user-friendly and reliable manner and to ensure data security and to protect personal data, including through third parties or with the assistance of third parties.

4.4. Tracking pixels

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. These types of pixels, including those from third parties whose services we use, are small, usually invisible images which are automatically retrieved when you visit our website. They can be used to collect the same information as server log files.

4.5. Children

Our website is not intended for children. We do not knowingly collect personal data from children under the age of 16 unless we have their parents’ express consent. If we are notified or otherwise fear that, in contravention of the above, the personal data of a child under the age of 16 has been improperly collected, we will take all reasonable steps to delete that personal data.

5. SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as any enquiries that you send to us as the site operator. You can recognize an encrypted connection when you see the address bar of your browser change from “http://” to “https://” and the padlock symbol appears in your browser bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

6. Third-party services

For the usability, security and reliability of our website, we use third-party plugins, which have either helped in the background when the website was designed or actively provide certain features for the users on the website. We only use plugins and other third-party services if they enhance the user experience. We use the plugins listed below, although not every one of them processes personal data.

6.1 .Social media icons

We are present on social media platforms and other online platforms to engage with interested individuals and keep them informed about our activities and projects. These sites or services are offered and operated by third parties. Each of these sites has its own privacy policy.

We also use plugins from the social networks LinkedIn and YouTube on our website. These providers also use cookies, among other things. When using the websites and activating the plugins, user data is automatically transmitted to these companies. The respective provider’s data protection provisions and the general terms and conditions of user also expressly apply here. Users must be aware that data can be collected via these services and also passed on to third parties. If users simultaneously use an account of a service, the operator can assign this transmitted information directly to the respective personal account.

In connection with such platforms, personal data can also be processed outside of Switzerland and the European Economic Area (EEA).

ANTA SWISS AG has no control over how the data is collected or used by such operators. It also has no influence over the extent, location, and duration of data storage by such operators, and to what extent they comply with any existing deletion obligations, or what analyses or links they undertake with the data. ANTA SWISS AG is unable to identify whom the third-party providers pass this data on to.

The legal basis for the use of social media plugins lies in our legitimate interest in providing a user-friendly website and the consent of the user (Art. 6, para 1, lit. a and f GDPR).

6.2. YouTube

We have embedded YouTube videos into our website to directly present you with engaging content. YouTube is a video portal which has been owned by Google since 2006. It is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with an embedded YouTube video, your browser automatically connects to YouTube servers. This connection can involve various data transfers. Google Ireland Limited is responsible for data processing in the European region.

This integration allows us to provide you with videos and an optimised user experience. YouTube provides a code for this, which we use on our website. This provides you with helpful content and optimises the visibility of our site in search engines.

While visiting a page containing an embedded YouTube video, YouTube sets at least one cookie that stores your IP address and our URL. If you are signed in to your YouTube account, interactions on our page can be associated with your profile. This data includes session duration, bounce rate, approximate location and technical information. Other data may include ratings, social media shares and adds to your favourites.

Users who are not logged in receive a unique identifier for device linking. The preferred language setting is saved, for example. Some interaction data is not stored due to fewer cookies set.

YouTube data is stored on Google servers, mostly in the USA. Your data is distributed to increase retrieval speed and security. Google stores data for different periods of time, some can be deleted, some is automatically erased after a certain period of time.

You can delete data in the Google account manually or use the automatic delete function. You can erase or disable cookies to reduce data collection. Our data collection is based on consent or legitimate interest in accordance with GDPR. Information about data processing can be found in our privacy policy.

As YouTube is a subsidiary of Google, they share the same privacy policy. If you want to learn more about how we handle your data, we recommend we recommend the privacy policy at https://policies.google.com/privacy?%20hl=en&hl=en-GB.

6.3. LinkedIn

Plug-ins from the social network LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA, are installed on our website. You can recognise the LinkedIn plug-in (“LinkedIn Recommended” button) by the LinkedIn logo. When you visit a page of our website which contains such a plug-in, a direct connection is established between your browser and the LinkedIn server. LinkedIn thereby receives the information that you have visited our site with your IP address. If you click the LinkedIn button while you are logged into your LinkedIn account, you can link the contents of our pages to your LinkedIn profile. This lets LinkedIn assign the visit to our pages to your user account. Please note that as the provider of these pages we have no knowledge of the content of the transmitted data or its use by LinkedIn. For further information, go to: https://de.linkedin.com/legal/privacy-policy.

6.4. Google Analytics

We use the Google Tag Manager service from Google. “Google” is a group of companies consisting of Google Ireland Ltd (service provider), Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliates of Google LLC.

We use Google Analytics on the basis of our legitimate interests to analyse and regularly improve our website, as well as to regularly improve our content and make it more interesting for you based on the statistics obtained. Additionally, the use of Google Analytics is based on your consent to track your browsing behaviour on our websites and evaluate it analytically. We have also concluded an order processing agreement with Google.

The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. These cookies may include, for example: IP address, number, date and time of visit, duration of visit, your access page from which you use the website (referrer URL), the pages visited on our website, browser type/version and operating system used. Google will use this information on our behalf because we have a legitimate interest in analysing user behaviour to optimise the content on our website as well as our advertising. Google uses this information to evaluate your use of our website, compile reports on website activity, and to provide us with other services related to the use of the website and internet usage. Likewise, pseudonymised user profiles can be created from the processed personal data.

We have activated the IP anonymisation function on this website (IP masking). This means that your IP address is shortened by Google within member states of the European Union, in other contracting states to the Agreement on the European Economic Area and in Switzerland before being transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there.

You have the option to stop cookies from being stored by modifying your browser settings. Please note that if you do so, you may not be able to fully use all the functions of this website. You can also prevent Google from collecting and processing personal data generated by the cookie and related to your use of the website, including your IP address, by downloading and installing the browser plugin from the following link: https://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, or within browsers on mobile devices, you can prevent Google Analytics from collecting your personal data by clicking on the following link: Disabling collection of personal data by Google Analytics for this website. In this case, a special opt-out cookie will be placed on your device to prevent the future collection of your usage personal data when visiting this website. If you delete your saved cookies, you will need to click on this link again. For more information on how Google Analytics handles user personal data, refer to Google’s privacy policy at https://support.google.com/analytics/answer/6004245?hl=en.

Furthermore, Google may review users’ use of the website and combine the personal data collected with other information about the user that Google has independently collected from other websites visited by the user and use it for its own purposes (e.g. to monitor advertising) under its own responsibility based on its own privacy policy. For further information on this and how Google processes personal data, refer to Google’s respective privacy policies. https://policies.google.com/?hl=en-GB; https://policies.google.com/technologies/partner-sites.

6.5. Google Tag Manager

We use the Google Tag Manager service from Google. “Google” is a group of companies consisting of Google Ireland Ltd (service provider), Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliates of Google LLC.

We have concluded an order processing contract with Google. Google Tag Manager is an auxiliary service and only processes personal data for technically necessary purposes. It ensures the loading of other components, which in turn may collect data. Google Tag Manager does not access this data.

For more information on Google Tag Manager, refer to Google’s privacy policy.

Please note that American authorities, such as intelligence agencies, could potentially gain access to personal data that is inevitably exchanged with Google on the basis of the Internet Protocol (TCP) when this service is integrated, due to American laws such as the Cloud Act.

6.6. WordPress

We use the WordPress website building system for our website. It is provided by the WordPress Foundation, 660 4th Street, Box 119, San Francisco, CA 94107, USA.

WordPress also processes data on servers in the USA and other places. However, standard contractual clauses ensure that the European data protection standard is adhered to. These standard contractual clauses are model templates provided by the European Commission. By using them, WordPress commits to maintaining the European level of protection when processing personal data, even if the data is processed in the USA.

The legal basis for the aforementioned data processing lies in the explicit consent and our legitimate interest in the commercial operation of our website, as well as the consent of the data subjects (Art. 6, para. 1, lit. a and f GDPR).

Further information can be found in the WordPress privacy policy .

6.7. Hosting

We use third-party services from third parties to provide us with the digital infrastructure needed in connection with our activities and tasks. This includes our hosting provider.

Our website is hosted by

METANET AG

Josefstrasse 218

8005 Zurich

Switzerland

Further information can be found in METANET’s  .

6.8. Email Encoder Bundle for protecting email addresses and phone numbers

We use Email Encoder Bundle to protect the email addresses on this website. This makes email addresses unreadable to spam bots.

6.9. Brevo (newsletter)

You can subscribe to our newsletter on our website for free. We use Brevo, an email delivery service provided by Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin. Brevo is an email marketing tool which allows us to send customised newsletters. Our newsletter service analyses your interactions to tailor our services to your needs. We receive information about whether and when you open the newsletter and click on links. This data helps us to better tailor our services to your needs.

Your information is saved when you register, including your IP address and click behaviour in the newsletter. By registering, you consent to receive the newsletter.Your data for the newsletter tool is stored on German servers.

At Brevo, personal data is deleted after two years, or you can personally request that it be deleted. We delete data that we send to Brevo when you unsubscribe from the newsletter.

You can cancel your newsletter subscription at any time, usually by clicking on a link at the end of the email. If the link is missing, please email us. After unsubscribing, your data will be deleted from our and Brevo’s servers in Germany. You have the right to information about your data or to have it erased, blocked or rectified.

The newsletter is sent out by Brevo with your consent (Article 6 para. GDPR). We log your registration process in compliance with the law. For more information on data processing, please see Brevo’s privacy policy at https://www.brevo.com/legal/privacypolicy/.

6.10. WPML Multilingual CMS and WPML String Translation (“WPML”)

WPML are plugins from OnTheGoSystems Ltd., Wanchai, Hong Kong. They are multilingual plugins for WordPress used to display the website in different languages. Our legitimate interest in using these plugins is that we want to offer our users website content in multiple languages. When using our website, WPML may store a cookie on your device so that the selected language setting can be saved. This means that personal data may be stored and evaluated.

You can prevent WPML from processing your personal data by blocking the storage of third-party cookies on your computer, using the “Do not track” function of a supported browser, disabling the execution of script code in your browser or by installing a script blocker in your browser.

The legal basis for the use of WPML plugins lies in our legitimate interest in providing a user-friendly website and the content of the person using it (Art. 6, para. 1, lit. a and (f) GDPR).

As Hong Kong does not meet the FDPIC’s requirements for sufficient data security, the plugin will only be activated if the user explicitly consents.

6.11. Contact Form 7

The Contact Form 7 plugin is a service for creating contact forms. The plugin is used only to forward entered form data to our company’s email address. No additional storage takes place, such as in the WordPress database. Further information and Contact Form’s applicable privacy policy can be found at https://wordpress.org/plugins/contact-form-7/ and https://rocklobster.in/ . Contact Form is open source software. All communication between the browser and the server takes place exclusively via HTTPS (SSL/TLS) encryption.

6.12. Wordfence

For the security of our website, we use the WordPress security plug-in Wordfence, which is provided by Defiant, Inc. from the USA (1700 Westlake Ave N Ste 200, Seattle, WA 98109, USA). Please note that, according to the European Court of Justice, there is currently no sufficient level of data protection for data transfers to the USA, which may pose risks to the legality and security of data processing.

However, in order to maintain the European level of data protection, Wordfence uses standard contractual clauses (Art. 46, para. 2 and 3 GDPR) for the processing of data by recipients in third countries such as the USA. These clauses are model templates developed by the European Commission and aim to ensure that your data complies with European data protection standards, even if it is transferred and stored in third countries. These standard contractual clauses are based on an implementing decision of the European Commission and can be viewed at the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32021D0914.

The data processing terms and conditions (Data Protection Regulation), corresponding with the standard contractual clauses, can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.

More details about the data processed by Wordfence and Wordfence’s privacy policy can be found at https://www.wordfence.com/privacy-policy.

6.13. 123FormBuilder

For the forms on our website, we use 123FormBuilder by 123FormBuilder, Flavia Palace, Vladimirescu n° 10, Ground Floor 300195, Timisoara, Romania, EU, www.123formbuilder.com, as part of our legitimate interest in providing technically flawless online content and its economically efficient design and optimisation pursuant to Art.6, Para. 1., lit. GDPR.

123FormBuilder receives all the data that you enter into our forms and also collects usage data for this purpose. Before using any form, you must give your consent to the processing of your data within the scope of this statement for which we refer you to our general statement on contact forms (paragraph 6 of this privacy policy).

For more information about 123FormBuilder’s data processing, refer to 123FormBuilder’s privacy policy at: www.123formbuilder.com/termsofservice.html#data-privacy

7. Personal data abroad

We process personal data in Switzerland and in the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, especially for processing there or to have it processed. We only transmit personal data to third parties passively through the integration of plugins, etc. We do not actively transmit any personal data to third parties.

We may export personal data to all countries and territories, provided that the legislation of the respective country or the international organisation ensures adequate data protection in accordance with the decision of the Swiss Federal Council. Even without a decision from the Federal Council, the data may be exported as long as the appropriate data protection is ensured through:

  • a treaty under international law;
  • data protection clauses in a contract between the persons responsible or the contracting authority and its contractual partner, which have been notified in advance to the Swiss Federal Data Protection and Information Commissioner (FDPIC);
  • specific safeguards drawn up by the competent federal body and communicated in advance to the FDPIC;
  • standard data protection clauses that the FDPIC has approved, issued or recognised in advance;
  • standard data protection regulations that have been previously approved by the FDPIC or by a data protection authority of a country which ensures adequate protection; or
  • the Federal Council provides for other appropriate guarantees.

Furthermore, data may be exported abroad if the data subject has expressly consented to the disclosure, or if the disclosure is directly related to the conclusion or execution of a contract between the controller and the data subject or between the controller and its contractual partner in the interests of the data subject, or if the disclosure is necessary for the protection of overriding public interests or for the establishment, exercise or enforcement of legal claims before a court or other competent foreign authority. Disclosure is also permitted if it is necessary to protect the life or physical integrity of the data subject or a third party and it is not possible to obtain the consent of the data subject within a reasonable period of time. In addition, the export of data abroad is permitted if the data subject has made the data generally accessible and has not explicitly prohibited its processing, or if the data can be found in a legally provided register that is public or accessible to persons with a legitimate interest, provided that the legal requirements for access are fulfilled in the individual case.

Insofar as the General Data Protection Regulation (GDPR) is applicable, we may export data abroad as long as the respective country ensures an adequate level of data protection according to the decision of the European Commission.

We can transfer personal data to countries whose laws do not provide adequate data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or other appropriate safeguards (Art. 46, para. 2 GDPR). Standard clauses are model templates provided by the European Commission. By using them, the provider undertakes to comply with the European level of protection when processing personal data, even when transferring data to a country without adequate data protection. Even without such guarantees, the transmission of data may be permissible. This is particularly the case if the data subject expressly consents to the proposed transmission of data after being informed of the risks involved, or if the transmission is necessary for the performance of a contract between the data subject and the controller or for the implementation of pre-contractual measures at the data subject’s request. Furthermore, the transfer may be permissible if it is necessary for the conclusion or fulfilment of a contract concluded by the data controller with another person in the interest of the data subject. The other grounds are stated in Art. 49, para. 1 GDPR.

8. Rights of data subjects

Data subjects whose personal data we process have rights under Swiss data protection law and, if applicable, the General Data Protection Regulation (GDPR).

These include the right to be informed free of charge about the processing, the origin, the storage period, or if this is not possible, about the criteria for determining the period, and the respective purpose for the processing of their personal data, as well as the right to rectification, deletion, restriction of data processing, data transfer or blocking of the processed personal data within the legally prescribed framework. Furthermore, data subjects have the right to be informed whether automated individual decisions exist and also about the logic on which the decisions are based. The right to information can only be limited or postponed by legal restrictions.

Furthermore, data subjects who have disclosed personal data to ANTA SWISS AG have the option of requesting such data in a standard electronic format, provided that it is processed automatically.

Data subjects whose personal data we process may, if the General Data Protection Regulation (GDPR) applies, also request a free confirmation as to whether we process their personal data and, if so, request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability and have their personal data rectified, deleted, blocked or completed. They may also revoke consent given at any time with effect for the future and object to the processing of their personal data at any time.

Data subjects whose personal data we process, have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

9. Data security

We take suitable technical and organisational measures to ensure data security that is commensurate with the respective risk. Unfortunately, we cannot guarantee absolute data security.

Our website can be accessed using transport encryption (SSL / TLS, specifically with Hypertext Transfer Protocol Secure (HTTPS)).

Access to our online content is subject, as with any use of the Internet, to mass monitoring without cause and without suspicion, and to other forms of monitoring by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We have no direct control over the way intelligence services, police authorities and other security agencies handle personal data.

10. Notifications and messages

We send notifications and communications (e.g. newsletters) by email and, if you provide us with other contact information, potentially through other communication channels.

10.1. Consent and objection

We will only send you communications if you consent to us sending you communications through, for example, your email address, unless the usage is permitted for other legal reasons. To obtain your consent, we use the “double opt-in” process whenever possible. This means that you will receive an email with a web link that you need to click on to confirm to prevent any misuse by unauthorised third parties. We may log such consent including the Internet Protocol (IP) address, date and time for use as evidence and security.

You can generally object to receiving notifications and communications, such as newsletters, at any time. In making such an objection, you can simultaneously object to the statistical recording of use for performance and reach measurement. However, we reserve the right to make any necessary notifications and communications in connection with our activities and operations.

11. References

The ANTA SWISS AG has no control over external sites to which it refers, nor over external sites that refer to the website. Consequently, ANTA SWISS AG cannot guarantee that the information contained therein will be free of malware or accurate. The information on such websites is fully and solely the responsibility of the respective third parties. No responsibility or liability whatsoever is accepted for such websites or services.

12. Final provisions

We may amend and supplement this privacy policy at any time. We will inform you about such amendments and supplements in the appropriate manner, in particular by publishing the respective current privacy policy on our website.

Updated on 1 September 2023