We, Avobis Group AG, with registered office at Brandschenkestrasse 38/40, 8001 Zurich, Switzerland, registered in the Commercial Register of the Canton of Zurich under the number CHE-336.092.082 (company), are the operator of the website www.avobis.ch (website) and, unless otherwise stated in this data protection declaration, are responsible for the data processing listed in this data protection declaration.
On this website you will find information on various companies of the Avobis Group (an overview of the group companies can be found here). The individual group companies use the data in accordance with their internal group guidelines. When you contact the individual group companies and when you use other Avobis Group websites, the respective group companies are solely responsible for the collection, processing and use of your personal data and for data processing in compliance with the law in accordance with the current data protection declaration of the respective group company.
In order for you to know what personal data we collect from you and for what purposes we use it, please read the following information. Our data protection policy is based primarily on the legal requirements of Swiss data protection law, in particular the Federal Data Protection Act (FADP), and the European General Data Protection Regulation (GDPR), the provisions of which may be applicable in individual cases.
Please note that the following information is reviewed and amended from time to time. We therefore recommend that you consult this data protection declaration regularly. Furthermore, other companies are responsible under data protection law for individual data processing operations listed below or are jointly responsible with us, so that in these cases the information provided by these providers is also authoritative.
If you have any questions about data protection or would like to exercise your rights, please contact our data protection representative by sending an email to: firstname.lastname@example.org.
You can reach our EU data protection representative at:
MLL EU-GDPR GmbH
If you contact us by telephone or e-mail, your personal data will be processed. We process the data that you have provided to us, such as your name, your e-mail address or telephone number and your request. We process this data in order to implement your request (e.g. to provide you with information about our products and services, to support you in the execution of contracts, to incorporate your feedback in the improvement of our products and services, etc.).
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR in the implementation of your request or, if your request is directed towards the conclusion or execution of a contract, the necessity for the implementation of the required measures within the meaning of Art. 6 Para. 1 lit. b GDPR.
If you contact us via the contact form on our website, your personal data is processed.
In this case, we collect the following data, with mandatory data in forms marked with an asterisk (*):
The data that you have provided us with in your message will also be processed. In addition, the time of receipt of the request is documented. We process this data in order to implement your request (e.g. to provide you with information about our products and services, to support you in the processing of your contract, to incorporate your feedback in the improvement of our products and services, etc.). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR in the implementation of your request or, if your request is directed towards the conclusion or execution of a contract, the necessity for the implementation of the required measures within the meaning of Art. 6 Para. 1 lit. b GDPR.
If you register for our newsletter e-mails (e.g. when visiting our website), the following data is collected. Mandatory data are marked with an asterisk (*) when registering:
To avoid misuse and to ensure that the owner of an e-mail address has actually given his or her consent to receive newsletter e-mails, we use the so-called double opt-in for registration. After sending the registration, you will receive an e-mail from us with a confirmation link. In order to definitely register for the newsletter e-mails, you must confirm this link. If you do not confirm your e-mail address using the confirmation link within 24 hours, your data will be deleted and no newsletter e-mails will be sent to this address.
By registering, you consent to the processing of this data in order to receive newsletter e-mails from us about market developments, company news and our products and services. These newsletter e-mails may also include invitations to participate in competitions, to provide feedback or to evaluate our products and services. The collection of the salutation and the first and last name allows us to assign the registration to a possibly already existing customer account and thus to personalise the content.
We will use your data for sending newsletter e-mails until you revoke your consent. Revocation is possible at any time, in particular via the unsubscribe link contained in all newsletter e-mails.
Our newsletter emails may contain a so-called web beacon, 1×1 pixel (tracking pixel) or similar technical aids. A web beacon is an invisible graphic that is linked to the user ID of the respective subscriber. For each newsletter email sent, we receive information on which email addresses it was successfully transmitted to, which email addresses have not yet received the newsletter email and for which email addresses the transmission failed. It is also shown which e-mail addresses have opened the newsletter e-mail and for how long, and which links have been clicked. Finally, we also receive information about which subscribers have unsubscribed from the mailing list. We use this data for statistical purposes and to optimise the newsletter e-mails with regard to frequency and time of dispatch as well as the structure and content of the newsletter e-mails. This allows us to better tailor the information in our newsletter emails to the individual interests of the recipients.
The web beacon is deleted when you delete the newsletter e-mail. You can prevent the use of web beacons in our newsletter e-mails by setting the parameters of your e-mail program so that HTML is not displayed in messages. You will find information on how to configure this setting in the help files of your e-mail software application, e.g. here for Microsoft Outlook.
By subscribing to the newsletter e-mails, you also consent to the statistical evaluation of user behaviour for the purpose of optimising and adapting the newsletter e-mails.
Webkinder may wish to use some of this data for its own purposes (e.g. to send marketing emails or for statistical analysis). Webkinder is responsible for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information on data processing by Webkinder can be found here.
You have the opportunity to apply spontaneously or in response to a specific job advertisement for employment with our company. In doing so, we process the personal data provided by you.
We use the data you provide to check your application and suitability for employment. Application documents of unsuccessful applicants are anonymised (for statistical purposes) at the end of the application process, unless you explicitly agree to a longer retention period or we are not legally obliged to retain them for a longer period.
The legal basis for processing your data for this purpose is the execution of a contract (pre-contractual phase) in accordance with Art. 6 para. 1 lit. b GDPR.
It may be that Abacus wishes to use some of this data for its own purposes (e.g. for the delivery of marketing emails or for statistical analyses). Abacus is the controller for these data processing operations and must ensure compliance with data protection laws in connection with these data processing operations. Information about data processing by Abacus can be found here.
If it is possible to clearly identify you, we will store and link the data described in this data protection declaration, i.e. in particular your personal details, your contact details, your contract details and your surfing behaviour on our websites, in a central database. This serves the efficient administration of customer data, allows us to adequately process your requests and enables the efficient provision of the services requested by you and the processing of the associated contracts.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR in the efficient administration of user data.
We also evaluate this data in order to further develop our products and services in a needs-oriented manner and to be able to display and suggest the most relevant information and offers to you. We also use methods that predict possible interests and future orders based on your use of our website.
For central data storage and analysis in the CRM system, we use a software application from salesforce.com inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA (salesforce).
As a result, your information may be stored in a database maintained by salesforce, which may allow salesforce to access your information as necessary to provide you with the software and to assist you in using the software. Information on the processing of data by third parties and any transfer abroad can be found in section 5 of this data protection declaration. Further information on data processing in connection with salesforce can be found here.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR in carrying out marketing activities.
Without the support of other companies, we would not be able to provide our products and services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to these companies to a certain extent. We share your personal data with selected third party service providers only to the extent necessary to provide you with the best possible service.
Various third-party service providers are already explicitly mentioned in this data protection declaration. They are, moreover, the following service provider in connection with the hosting of our website: WEBKINDER AG, Morgartenstrasse 17, 6003 Lucerne, Switzerland (Webkinder). Further information on data processing in connection with Webkinder can be found here. The legal basis for this transfer is the necessity for the fulfilment of a contract within the meaning of Art. 6 Para. 1 lit. b GDPR.
Furthermore, we transfer your data to companies affiliated with us. You can find an overview of our affiliated companies here. Insofar as we transfer your data to companies associated with us, we act together with these companies associated with us as jointly responsible parties.
In addition, your data may be passed on, in particular to authorities, legal advisors or debt collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to carry out due diligence or to complete the transaction.
Our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the protection of our rights and compliance with our obligations or the sale of our company or parts thereof forms the legal basis for this data processing.
We are also entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing mentioned in this data protection declaration. Individual data transfers have been mentioned above in section 3. It goes without saying that the legal provisions on the disclosure of personal data to third parties will be complied with. The countries to which data is transferred include those which, according to the decision of the Federal Council and the EU Commission, have an adequate level of data protection (such as the member states of the EEA or, from the point of view of the EU, Switzerland), but also those countries (such as the USA) whose level of data protection is not considered adequate (see Appendix 1 of the Data Protection Ordinance (DPA) and the website of the EU Commission). If the country in question does not have an adequate level of data protection, we ensure that your data is adequately protected by these companies by means of suitable guarantees, unless an exception (cf. Art. 49 GDPR) is specified in the individual case of data processing. Unless otherwise stated, these are the choice of companies certified under the Privacy Framework Agreement or standard contractual clauses within the meaning of Art. 46 (2) (c) of the GDPR, which can be found on the websites of the Federal Data Protection and Information Commissioner (FDPIC) and the EU Commission. If you have any questions about the measures taken, please contact our contact person for data protection (see section 2).
Some of the third-party service providers mentioned in this data protection declaration are based in the USA. For the sake of completeness, we would like to point out to users resident or domiciled in Switzerland or the EU that there are monitoring measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland or the EU to the USA. This is done without any differentiation, limitation or exception based on the objective pursued and without any objective criterion that makes it possible to limit the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the interference associated with both the access to and the use of these data. Furthermore, we would like to point out that in the USA, data subjects from Switzerland or the EU do not have any legal remedies or effective legal protection against general access rights of US authorities that would allow them to obtain access to the data concerning them and to obtain their correction or deletion. We explicitly draw your attention to this legal and factual situation in order to enable you to make an appropriately informed decision about consenting to the use of your data.
We would also like to point out to users resident in Switzerland or a member state of the EU that, from the point of view of the European Union and Switzerland, the USA does not have an adequate level of data protection – partly because of the statements made in this section. Insofar as we have explained in this data protection declaration that recipients of data (such as Google) are based in the USA, we will ensure that your data is adequately protected by our third-party service providers by choosing companies that are certified under the Privacy Framework Agreement or by means of contractual arrangements with these companies and any additional appropriate guarantees that may be required.
When you visit our website, the servers of our hosting provider WEBKINDER AG, Morgartenstrasse 17, 6003 Lucerne, Switzerland, temporarily store every access in a log file. The following data is collected without your intervention and stored until automatically deleted by us:
This data is collected and processed for the purpose of enabling the use of our website (connection establishment), to permanently guarantee system security and stability, and to enable error and performance analysis and optimisation of our website (see also section 6.4 for the last points).
In the event of an attack on the network infrastructure of the website or if there is a suspicion of other unauthorised or improper use of the website, the IP address and the other data are evaluated for the purpose of clarification and defence and, if necessary, used in the context of civil or criminal proceedings to identify the user concerned.
The purposes described above constitute our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR and thus the legal basis for data processing.
Cookies are information files that your web browser stores on your computer’s hard drive or memory when you visit our website. Cookies are assigned identification numbers by which your browser is identified and by which information contained in the cookie can be read.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in providing a user-friendly and up-to-date website.
You may also be able to configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. On the following pages you will find explanations of how you can configure the processing of cookies in selected browsers.
Disabling cookies may prevent you from using all the features of our website.
For the purpose of demand-oriented design and continuous optimisation of our website, we use the web analysis services listed below. In this context, pseudonymised usage profiles are created and cookies are used (please also refer to section 6.2). The information generated by the cookie about your use of this website is usually transmitted together with the log file data listed in section 6.1 to a server of the service provider, where it is stored and processed. This may also involve transfer to servers abroad, e.g. the USA (cf. on this, in particular on the lack of an adequate level of data protection and on the guarantees provided, sections 5.2 and 5.3).
By processing the data, we obtain the following information, among others:
On our behalf, the provider will use this information to evaluate the use of the website, in particular to compile website activity and to provide other services associated with website and Internet use for the purposes of market research and demand-oriented design of these websites. For these processing operations, we and the providers can be considered jointly responsible under data protection law up to a certain extent.
The legal basis for this data processing with the following services is your consent within the meaning of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time or refuse processing by rejecting or deactivating the relevant cookies in your web browser settings (see section 6.2) or by making use of the service-specific options described below.
For the further processing of the data by the respective provider as the data protection (sole) controller, in particular also any possible forwarding of this information to third parties, such as to authorities on the basis of national legal regulations, please refer to the respective data protection information of the provider.
We use the web analysis service Google Analytics from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).
Contrary to the description in section 6.4.1, Google Analytics (in the version used here, “Google Analytics 4”) does not log or store IP addresses. In the case of accesses originating from the EU, IP address data is only used to derive location data and then deleted immediately. When collecting measurement data in Google Analytics, all IP searches take place on EU-based servers before the traffic is routed to Analytics servers for processing. Google Analytics uses regional data centres. If a connection is established in Google Analytics to the nearest available Google data centre, the measurement data is sent to Analytics via an encrypted HTTPS connection. At these centres, the data is further encrypted before being forwarded to Analytics’ processing servers and made available on the platform. The most suitable local data centre is determined on the basis of the IP addresses. This may also result in data being transferred to servers abroad, e.g. the USA (cf. on this, in particular on the lack of an adequate level of data protection and on the guarantees provided, section 5.2).
Users can prevent the collection of the data generated by the cookie and related to the website use by the user concerned (incl. the IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to the browser plug-in, users can click this link to prevent Google Analytics from collecting data on the website in the future. This will place an opt-out cookie on the user’s terminal device. If users delete cookies (see section 6.2 Cookies), the link must be clicked again.
We use the web analysis service Hotjar Ltd, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe (Hotjar). This may involve the transmission of the data described about the use of the website to Hotjar’s servers in Ireland for the processing purposes explained (see clause 5).
Users can prevent the collection of the data generated by the cookie and related to the website use by the user concerned (incl. the IP address) to Hotjar as well as the processing of this data by Hotjar by clicking on the following link and following the instructions: https://www.hotjar.com/policies/do-not-track/.
We use the web analysis service Google Maps from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. (Google Maps). In the process, the data described about the use of the website may be transmitted to Google’s servers in the USA for the processing purposes explained (see section 6).
Users can prevent the collection of the data generated by the cookie and related to the website usage by the user concerned (incl. the IP address) to Google as well as the processing of this data by Google by clicking the following link and following the instructions: https://policies.google.com/privacy?hl=en&gl=de
We use Vimeo.com Inc., 330 West 34th Street, New York 10001, USA (Vimeo) on our website to display videos. With the help of a plug-in, we can thus show you interesting video material directly on our website. By embedding Vimeo videos, your browser connects to the Vimeo servers. In the process, data is transferred from you to Vimeo. This includes your IP address, technical information about your browser type, your operating system and other basic device information. It is also transmitted which of our Internet pages you have visited and what actions you have taken.
If you are logged in to Vimeo as a registered member, more data may be collected as more cookies may have already been set in your browser. In addition, your actions on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while visiting our website.
For the use of your data in connection with the playing of a video, please refer to the provider’s data protection information. Further information on data processing and notes on data protection by Vimeo can be found at https://vimeo.com/privacy
On our website, we have included links to our profiles in the social networks of the following providers:
If you click on the icons of the social networks, you will automatically be redirected to our profile in the respective network. This establishes a direct connection between your browser and the server of the respective social network. This provides the network with the information that you have visited our website with your IP address and clicked on the link. This may also result in data being transmitted to servers abroad, e.g. in the USA (cf. on this, in particular on the lack of an appropriate level of data protection and on the guarantees provided, sections 5.2 and 5.3).
If you click on a link to a network while you are logged into your user account with the network concerned, the content of our website may be linked to your profile so that the network can assign your visit to our website directly to your account. If you want to prevent this, you should log out before clicking on the corresponding links. A connection between your access to our website and your user account takes place in any case if you log in to the respective network after clicking on the link. The respective provider is responsible under data protection law for the associated data processing. Please therefore refer to the data protection information on the website of the network.
The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR in the use and promotion of our social media profiles.
On our website, you can use social media plugins from the providers listed below:
We use the social media plugins to make it easier for you to share content from our website. The social media plugins help us to increase the visibility of our content on social networks and in this respect contribute to better marketing.
The plugins are deactivated by default on our website and therefore do not send any data to the social networks when you simply call up our website. To increase data protection, we have integrated the plugins in such a way that a connection is not automatically established with the servers of the networks. Only when you activate the plugins by clicking on them and thus give your consent to the transmission and processing of data by the providers of the social networks, does your browser establish a direct connection to the servers of the respective social network.
The content of the plugin is transmitted directly to your browser by the social network and integrated into the website by the browser. This provides the respective provider with the information that your browser has accessed the corresponding page of our website, even if you do not have an account with this social network or are not currently logged in to it. This information (including your IP address) is transmitted by your browser directly to a server of the provider (usually in the USA) and stored there (cf. on this, in particular on the lack of an adequate level of data protection and on the guarantees provided, sections 5.2 and 5.3). We have no influence on the scope of the data that the provider collects with the plugin, although from a data protection perspective we can be considered jointly responsible with the providers up to a certain extent.
If you are logged into the social network, it can assign your visit to our website directly to your user account. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g. that you like one of our products or services) may also be published on the social network and may be displayed to other users of the social network. The provider of the social network may use this information for the purpose of placing advertisements and designing the respective offer to meet the needs of the user. For this purpose, usage, interest and relationship profiles may be created, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our website and to provide other services associated with the use of the social network. The purpose and scope of the data collection and the further processing and use of the data by the providers of the social networks as well as your rights in this regard and setting options for protecting your privacy can be found directly in the data protection information of the respective provider.
If you do not want the provider of the social network to assign the data collected via our website to your user account, you must log out of the social network before activating the plugins. Your consent within the meaning of Art. 6 (1) lit. a GDPR forms the legal basis for the data processing described. You can revoke your consent at any time by declaring your revocation to the provider of the plugin in accordance with the information in their data protection information.
We use services of various companies to provide you with interesting offers online. This involves analysing your user behaviour on our website and the websites of other providers in order to be able to show you online advertising that is individually tailored to you.
Most technologies for tracking your user behaviour and for the targeted display of advertising (targeting) work with cookies (see also section 6.2), with which your browser can be recognised across various websites. Depending on the service provider, it may also be possible for you to be recognised online even when using different end devices (e.g. laptop and smartphone). This can be the case, for example, if you have registered with a service that you use with several devices.
In addition to the data already mentioned, which is generated when websites are called up (log file data, see section 6.1) and when cookies are used (section 6.2) and which may be passed on to the companies involved in the advertising networks, the following data in particular is used to select the advertising that is potentially most relevant to you:
We and our service providers use this data to identify whether you belong to the target group we are addressing and take this into account when selecting advertisements. For example, after you have visited our site, you may be shown ads for the products or services you have consulted when you visit other sites (re-targeting). Depending on the scope of the data, a profile of a user may also be created which is automatically evaluated, whereby the advertisements are selected according to the information stored in the profile, such as membership of certain demographic segments or potential interests or behaviour. Such ads may be displayed to you on various channels, including our website or app (as part of on- and in-app marketing) as well as ads served through the online advertising networks we use, such as Google.
The data may then be analysed for the purpose of billing the service provider and assessing the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve future campaigns. This may also include information that the performance of an action (e.g. visiting certain sections of our websites or sending information) can be attributed to a certain advertising ad. We also receive aggregated reports from the service providers of ad activity and information about how users interact with our website and our ads. The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in your web browser settings (see section 6.2). You can also find further options for blocking advertising in the information provided by the respective service provider, such as Google.
We only store personal data for as long as is necessary to carry out the processing explained in this data protection declaration within the framework of our legitimate interests. In the case of contractual data, storage is required by statutory retention obligations. Requirements that oblige us to retain data result from the provisions on accounting and from tax law regulations. According to these regulations, business communication, concluded contracts and accounting vouchers must be stored for up to 10 years. As soon as we no longer need this data to perform the services for you, the data is blocked. This means that the data may then only be used if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any obligation to retain it and no longer any justified interest in retaining it.
We use appropriate technical and organisational security measures to protect your personal data stored with us against loss and unlawful processing, namely unauthorised access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and data protection. Furthermore, these persons are only granted access to personal data to the extent necessary for the fulfilment of their tasks.
Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot therefore give any absolute guarantee as to the security of information transmitted in this way.
Provided that the legal requirements are met, you have the following rights as a person affected by data processing:
Provided that the legal requirements are met, you have the following rights as a person affected by data processing:
Right of access: you have the right to request access to your personal data stored by us at any time, free of charge, if we are processing it. This gives you the opportunity to check what personal data we process about you and whether we process it in accordance with the applicable data protection regulations.
Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will also inform the recipients of the data concerned of the adjustments we have made, unless this is impossible or involves disproportionate effort.
Right to deletion: You have the right to have your personal data deleted under certain circumstances. In individual cases, especially in the case of legal obligations to retain data, the right to deletion may be excluded. In this case, the deletion may be replaced by a blocking of the data if the conditions are met.
Right to restriction of processing: You have the right to demand that the processing of your personal data be restricted.
Right to data transmission: You have the right to receive from us, free of charge, the personal data you have provided to us in a readable format.
Right to object: You can object to data processing at any time, especially in the case of data processing in connection with direct marketing (e.g. marketing e-mails).
Right of withdrawal: You have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful as a result of your revocation.
To exercise these rights, please send us an e-mail to the following address: email@example.com.
Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way your personal data is processed.
In the event of questions of interpretation between the different language versions of this data protection declaration, the German version shall prevail.
Status: August 2023