Data protection
Preliminary remarks
This data protection declaration is designed to comply with the requirements of the EU General Data Protection Regulation (“ GDPR ”), the Swiss Data Protection Act (“ DSG ”) and the revised Swiss Data Protection Act (“ revDSG ”). However, whether and to what extent these laws are applicable depends on the individual case.
​
Table of contents
1. What is this privacy policy about?
2. Who is responsible for processing your data?
3. What data do we process?
4. For what purposes do we process personal data?
5. On what basis do we process your data?
6. Who do we share your data with?
7. Does your personal data also go abroad?
8. How long do we process your data?
9. How do we protect your data?
10. What rights do you have?
11. Do we use online tracking techniques?
12. What other third-party services and content do we include?
13. Can this privacy policy be changed?
​
1. What is this privacy policy about?
Data protection is a matter of trust, and your trust is important to us. In this data protection declaration we therefore inform you how and why we collect, process and use your personal data.
In this data protection declaration you will find out, among other things:
-
what personal data we collect and process;
-
for what purposes we use your personal data;
-
who has access to your personal data;
-
how long we process your personal data;
-
what rights you have with regard to your personal data; and
-
how you can contact us.
In this data protection declaration we explain how we collect and otherwise process personal data. This is not an exhaustive description; If necessary, other data protection declarations, general terms and conditions, conditions of participation and/or similar documents regulate specific matters. Personal data refers to all information that relates to a specific or identifiable person.
If you provide us with data about other people such as family members, work colleagues, etc., we will assume that you are authorized to do so and that this data is correct. By transmitting data via third parties, you confirm this. Please also ensure that these third parties have been informed of this privacy policy.
2. Who is responsible for processing your data?
The following entity is responsible for the data processing (also referred to as controller, data protection officer or data protection representative) that we describe here:
ToolBox Training and Consultancy
Ankerstrasse 38, 8004 Zurich
Switzerland
You can contact us for your data protection concerns and to exercise your rights in accordance with Section 10 as follows:
Email address: info@toolbox.ch
Telephone: +41 43 540 37 38
3. What data do we process?
We process different categories of data about you. The most important categories are as follows:
-
Basic data
-
Contract data
-
Communication data
-
Behavioral data
-
Technical data
We primarily process the personal data that we receive from these and other people involved in our business relationship with our customers and other business partners or that we collect from their users when operating our website and other applications.
Many of those in this paragraph 3. You provide us with the data mentioned above (e.g. via forms, when communicating with us, in connection with contracts, when using the website, etc.). You are not obliged to do this, subject to individual cases, e.g. within the framework of binding protection concepts (legal obligations). If you want to conclude contracts with us or use services, you must also provide us with data as part of your contractual obligation in accordance with the relevant contract, in particular master, contract and registration data. When using our website, the processing of technical data is unavoidable. If you wish to gain access to certain systems or buildings, you will be required to provide us with registration information.
Basic data
Master data is the basic data about you, such as title, name, contact details or date of birth. We collect master data, among other things, when you first contact us or when you register for our newsletter.
Contract data
Contract data is personal data that arises in connection with the conclusion or execution of the contract, e.g. information on the conclusion of the contract, acquired claims and demands or access (or login data) that are necessary for the processing of the order. We conclude contracts primarily with customers, business partners and job applicants. If you use offers from us based on a contract, e.g. purchase products or use services, we also often collect behavioral and transaction data.
Communication data
If you are in contact with us via the contact form, by email, telephone or chat (e.g. chat plugin, WhatsApp or SMS), by letter or via other means of communication, we collect the data exchanged between you and us, including your contact details and the marginal data of communication. If we want or need to determine your identity, for example when you request information, we collect data to identify you (e.g. a copy of an ID card). We generally retain this data for 6 months from the last exchange with you. This period may be longer if this is necessary for evidentiary reasons or to comply with legal or contractual requirements or for technical reasons.
Behavioral data
When you visit our website or use our services (e.g. view newsletter, visit website), we often collect data about this use. This includes, for example, the pages you click on, the time spent on individual pages, the number of visits and similar activities.
Technical data
If you use our website or other electronic offerings (e.g. WI-FI network when visiting customers, web hosting, forum, etc.), we collect the IP address of your device and other technical data to ensure the functionality and security of these offerings. This data also includes logs that record the use of our systems. To ensure the functionality of these offers, we can also assign you or your device an individual code (e.g. in the form of a cookie, see section 11). The technical data themselves do not allow any conclusions to be drawn about your identity. However, as part of user accounts, registrations, access controls or the processing of contracts, they can be linked to other categories of data (and thus possibly to you personally).
4. For what purposes do we process personal data?
We process your data for the purposes that we explain below. Further information for the online area can be found in sections 11 and 12 . These purposes or the objectives on which they are based represent legitimate interests of us and, if applicable, of third parties. You can find further information on the legal basis for our processing in Section 5 .
-
To communicate with you
-
Order fulfillment
-
Provision of the online offer, its functions and content
-
Safety measures
-
Reach measurement/marketing
5. On what basis do we process your data?
If we ask you for your consent for certain processing operations, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time with future effect by sending us a written notice (by post) or, unless otherwise stated or agreed, by email; You can find our contact details in section 2 . To revoke your consent to online tracking, see Section 11. Where you have a user account, you may also be able to revoke your consent or contact us via the relevant website or other service. Once we have received notice of your withdrawal of consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. Revoking your consent will not affect the legality of the processing carried out based on your consent before its revocation.
Where we do not ask for your consent for processing, we will base the processing of your personal data on the fact that the processing is necessary for the initiation or performance of a contract with you (or the entity you represent) or that we or a third party have a legitimate interest in particular in order to pursue the purposes and associated objectives described above in section 4 and to be able to carry out corresponding measures. Our legitimate interests also include compliance with legal regulations, unless this is already recognized as a legal basis by the applicable data protection law (e.g. in the case of the GDPR, the law in the EEA and Switzerland).
6. Who do we share your data with?
Depending on the service used, data is stored on servers at external service providers (e.g. web hosting service providers, accounting software with cloud storage, etc.). We carefully select our service providers and contractually ensure that they manage your data in accordance with the revDSG or the GDPR. We have concluded an order processing agreement (AVV) with the relevant providers, regardless of whether the server location is in Switzerland or the EU. A list of service providers is listed in our AVV.
7. Does your personal data also go abroad?
As explained in Section 6 , we also disclose data to other parties. These are not only in Switzerland. Your data can therefore be processed in both Europe and America; but in exceptional cases in every country in the world.
If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose we use the European Commission's revised Standard Contractual Clauses, which can be found here: https://eur-lex.europa.eu/eli/ dec_impl/2021/914/oj?can be accessed) unless it is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception provision. An exception may apply in particular in legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract requires such disclosure, if you have given your consent or if it concerns data that you have made generally accessible and the processing of which you have not objected to.
8. How long do we process your data?
We process and store your personal data for as long as it is necessary to fulfill our contractual and legal obligations or for other purposes pursued by the processing, i.e. for example for the duration of the entire business relationship (from initiation, processing to termination of a contract) as well as in accordance with the legal retention and documentation obligations. It is possible that personal data will be retained for the period in which claims can be asserted against our company and to the extent that we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidentiary and documentation purposes). As soon as your personal data is no longer required for the purposes mentioned above, They will generally and as far as possible be deleted or anonymized. For operational data (e.g. system logs, logs), shorter retention periods of twelve months or less apply.
9. How do we protect your data?
We take appropriate security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to counteract the risks of loss, accidental alteration, unwanted disclosure or unauthorised access.
10. What rights do you have?
Within the framework of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR), you have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing, in particular that for direct marketing purposes , profiling carried out for direct advertising and other legitimate interests in processingas well as the release of certain personal data for the purpose of transferring it to another location (so-called data portability). Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (to the extent that we are entitled to rely on this) or use them for the assertion of requirements. If you incur any costs, we will inform you in advance. We have already discussed the possibility of revoking your consent in Section 3informed. Please note that exercising these rights may conflict with contractual agreements and this may have consequences such as early termination of the contract or cost consequences. We will inform you in advance if this is not already contractually stipulated.
The exercise of such rights generally requires that you provide clear proof of your identity (e.g. by providing a copy of your ID, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in Section 2 .
Every data subject also has the right to enforce their claims in court or to file a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner ( https://www.edoeb.admin.ch ).
11. Do we use online tracking techniques?
We do not use any active online tracking techniques or analysis services (such as Google Analytics or AWStats) on our website. But even without online tracking techniques or analysis services, the technologies used are designed in such a way that you can be recognized as an individual visitor each time you view a page, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (so-called “Cookies”).
What are cookies?
Cookies are individual codes (e.g. a serial number) that our server or a server of our service providers or advertising contract partners transmit to your system when you connect to our website and that your system (browser, mobile) accepts and stores until the programmed expiry date. With each further access, your system transmits these codes to our server or the third party's server. This way you will be recognized even if your identity is unknown.
Other techniques can also be used with which you are more or less likely to be recognized (ie distinguished from other users), for example “fingerprinting”. Fingerprinting combines your IP address, the browser you use, screen resolution, language choice and other information your system tells each server to create a more or less unique fingerprint. This means you can avoid cookies.
Whenever you access a server (e.g. when using a website or an app or because an image is visible or invisible integrated into an email), your visits can be “tracked”. If we integrate offers from an advertising contract partner or provider of an analysis tool on our website, they can track you in the same way, even if you cannot be identified in individual cases.
How can cookies and similar technologies be deactivated?
You can configure your browser settings to block certain cookies or similar technologies or to delete existing cookies and other data stored in the browser. You can also expand your browser with software (so-called “plug-ins”) that blocks tracking by certain third parties. You can find out more about this in the help pages of your browser (usually under the keyword “data protection”). Please note that if you block cookies and similar technologies, our website may no longer function fully.
What types of cookies and similar technologies do we use?
A distinction is made between two types of cookies (techniques with similar functions such as fingerprinting are included here): necessary cookies and performance cookies. Since we do not record and analyze the use of our website, we only use necessary cookies, but not performance cookies.
Necessary cookies:
Some cookies are necessary for the website to function as such or for certain functions. For example, they ensure that you can switch between pages without losing information entered in a form. They also ensure that you stay logged in. These cookies only exist temporarily (“session cookies”). If you block them, the website may not work. Other cookies are necessary so that the server can store decisions or inputs you make beyond a session (i.e. a visit to the website) if you use this function (e.g. selected language, consent given, the automatic login function, etc.). . These cookies have an expiry date of up to 16 months.
12. What other third-party services and content do we include?
Within our online offering, we use content or service offerings from third-party providers based on our legitimate interests (ie interest in the security, optimization and economic operation of our online offering within the meaning of Art. 6 Para. 1 lit. f. GDPR) in order to improve their content and To integrate services such as videos or fonts (hereinafter referred to as “content”).
Google ReCaptcha
We integrate the function to detect bots, for example when making entries in online forms (“ReCaptcha”) from the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Data protection declaration: https://www.google.com/policies/privacy
Opt-out: https://adssettings.google.com/authenticated
Google Fonts
We incorporate the fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Data protection declaration: https://www.google.com/policies/privacy
Opt-out: https://adssettings.google.com/authenticated
Google Maps
We integrate the maps from the “Google Maps” service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The data processed may include, in particular, users' IP addresses and location data, which, however, are not collected without their consent (usually carried out as part of the settings of their mobile devices). The data can be processed in the USA.
Data protection declaration: https://www.google.com/policies/privacy
Opt-out: https://adssettings.google.com/authenticated
UpdraftPlus
We use “UpdraftPlus” to completely secure this website. UpdraftPlus, trademark of Simba Hosting Ltd.
UK registered company number: 8570611, VAT number: 202 1260 80, Product development and marketing in co-operation with XIBO Ltd, Cardiff, UK.
Privacy Policy: https://updraftplus.com/data-protection-and-privacy-centre
Privacy Policy for using the integrated Dropbox app: https://updraftplus.com/faqs/what-is-your-privacy-policy-for -the-use-of-your-dropbox-app
13. Can this privacy policy be changed?
This privacy policy does not form part of a contract with you. We can adapt this data protection declaration at any time. The version published on this website is the current version.