Version dated July 29, 2024
With this Privacy Notice, we inform you about the processing of personal data (also referred to as “personal data”) by the companies of the Exentis Group (hereinafter collectively referred to as “Exentis”, “we” or “us”). We take the protection of personal data very seriously.
In the following, we explain which data we collect, process and use, when and for what purposes.
This Privacy Notice is subject to Swiss law. As the European General Data Protection Regulation (“GDPR”) may have to be observed for certain forms of data processing, this Privacy Notice is also aligned with the GDPR. It also includes additional disclosures that apply to USA residents (see section 10).
If you provide us with personal data of other persons (e.g. data of employees), please ensure that these persons are aware of this Privacy Notice and only provide us with their personal data if you are authorized to do so and if this personal data is correct.
1. Responsible person and data protection officer / contact details
Depending on the data processing, the following companies may be responsible for your data:
Exentis Group AG is the controller pursuant to Art. 4 para. 7 GDPR for data processing in connection with our website (hereinafter section 4.2) and through cookies (see separate Cookie Notice: https://www.exentis-group.com/en/cookie-notice).
Exentis Group AG
Im Stetterfeld 2
CH-5608 Stetten
Switzerland
privacy@exentis-group.com
You can contact us at any time by post or e-mail.
You can contact the person responsible for data protection at our company at any time, e.g. by e-mail to privacy@exentis-group.com or at our postal address with the addition “for the attention of the Data Protection Officer”.
In connection with the processing of personal data from business contracts (sections 4.1 a) and 4.1 c) below), the Group company that concludes the contract with you or the company for which you are acting is responsible in each case. The contact details can be found on the relevant contract.
When processing the personal data of investors (section 4.1 b) below), the company in which the investment is made is the controller. The contact details can be found on the relevant documents.
2. Your rights
You have the following rights under the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR):
- Right to information (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR; “right to be forgotten”)
- Right to restriction of processing (Art. 18 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to data portability (Art. 20 GDPR)
Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so or need it to assert claims.
You also have the right to enforce your claims in court or, depending on the applicable data protection law, to complain to a data protection supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged infringement about the processing of your personal data by us if you believe that the processing of your personal data is unlawful.
The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
If you have given us your consent to process your data, you can revoke this at any time with effect for the future. This does not affect the legality of the processing of your data until you withdraw your consent.
To assert your rights or for other data protection concerns, you can contact us at any time via the contact channels listed in section 1 above and/or the contact channels listed in our imprint.
We would like to point out that in the context of the use of our website and the use of our services offered on it, you will not be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.
3. Additional information on your right to object
We would also like to point out that if your personal data is processed on the basis of a legitimate interest in the context of the balancing of interests pursuant to Art. 6 para. 1 lit. f GDPR and/or your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data at any time.
4. From whom we process which data and for what purposes
4.1 Data processing in the business environment
a) As part of our business activities, we process data of employees of customers, service providers and business partners
We process the personal data we collect primarily in order to conclude and process contracts with our customers and business partners and for the purchase of products and services from our suppliers and subcontractors. In this context, we mainly process contact details (legal basis: fulfillment of the contract, Art. 6 para. 1 lit. b GDPR).
b) We process investor data in the context of investments
We process investor data insofar as this is necessary in connection with an investment. This is the information communicated to investors in the relevant documents (legal basis: fulfillment of the contract, Art. 6 para. 1 lit. b GDPR; fulfillment of a legal obligation, Art. 6 para. 1 lit. c GDPR).
c) As part of our business activities, we process data from interested parties
We also process personal data if you contact us directly in order to process your request and, if necessary, as part of other pre-contractual measures. Here we process the data you communicate to us (legal basis: fulfillment of the contract, implementation of pre-contractual measures, Art. 6 para. 1 lit. b GDPR or your consent, Art. 6 para. 1 lit. a GDPR).
4.2 Data processing via our website / electronic services
a) From website users for sending newsletters
You can subscribe to our newsletter on our website. To subscribe to the newsletter, you must provide your e-mail address. Providing your title and your first name and surname is voluntary and only serves the purpose of being able to address you personally in the newsletter. The legal basis for the processing described above is your consent, Art. 6 para. 1 lit. a GDPR.
We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. We also store the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation e.g. by clicking on the unsubscribe link provided in every newsletter e-mail or e.g. by sending a message to the contact details given in the imprint.
b) From website users, so that we can provide you with tickets or participation in training courses
For example, you can receive free tickets for a trade fair visit by entering your details on our website, which will then be sent to us. From time to time, we will make online training courses available and you can register for these with your data on a landing page. The registration data will be transferred to HubSpot. If you wish to participate in training courses organized by us, including digital/virtual ones, or book tickets for trade fairs via our website, we collect the following data from you: Company address, first and last name and e-mail address.
We process the aforementioned data in order to properly process your booking of admission tickets for the respective event and to enable you to participate in the desired event. Following the booking, you will receive a confirmation by e-mail. The tickets you have booked will be sent to you by separate e-mail after conclusion of the contract – unless otherwise agreed for an event; (legal basis: fulfillment of the contract, Art. 6 para. 1 lit. b GDPR).
c) From website users, so that we can give you access to documents
If you are interested, you can download various documents containing further information about Exentis. To do so, you must complete a registration form on our website, which we use to collect the following data from you: Company address, first and last name and e-mail address, and in which you confirm the processing of your personal data. The registration data will be transferred to HubSpot; (legal basis: fulfillment of the contract, Art. 6 para. 1 lit. b GDPR).
d) From website users for making appointments
You can book an appointment directly with one of our sales managers via our website. To do this, you need to fill out an appointment booking form on the website, which we use to collect the following data from you: Company address, first and last name and e-mail address. The registration data is transferred to HubSpot; (legal basis: fulfillment of the contract, Art. 6 para. 1 lit. b GDPR).
e) From website users for the purposes of advertising, market and opinion research
We use your personal data, e.g. your e-mail address and telephone number, for advertising, market and opinion research. Our use is normally based on your consent (Art. 6 para. 1 lit. a GDPR), unless we have the option in a specific situation or under a specific applicable law to base the processing on an exception to consent or to assume our overriding self-interest (Art. 6 para. 1 lit. f GDPR).
f) From website users to our use for analysis purposes
We process your personal data to evaluate the use of our website (e.g. visits, pages visited, length of stay, etc.) and to evaluate the use of our newsletters (open rate, click rate, unsubscriptions, etc.). We base this processing on our legitimate interest or your consent, depending on the specific processing (Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. a GDPR).
g) From website users so that we can contact you
When you contact us by e-mail, post or telephone using the contact channels listed in the imprint or under section 1, the data you provide (e.g. your e-mail address and name as well as the content of your request) will be stored by us in order to process and answer your questions or concerns. Depending on the content of your request, the legal basis for the processing described above is Art. 6 para. 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller) or Art. 6 para. 1 lit. b GDPR (performance of the contract).
h) Log files / information transmitted by your browser for the use of our website
If you use our website for purely informational purposes, i.e. if you do not use one of the services offered on our website, we only collect the data that your browser transmits to our server. For the use of cookies on our website, please consult the separate information in our Cookie Notice (https://www.exentis-group.com/en/cookie-notice).
Each time you use the internet, your web browser automatically transmits certain information that we store in so-called log files. This involves the following data, which is required to display our website to you and to ensure stability and security: IP address (Internet Protocol address), date and time of the request, content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software. It is not possible for us to draw conclusions about individual persons from this data. We store this data temporarily for reasons of technical security, e.g. to prevent attacks on our web server. The legal basis for the processing described above is Art. 6 para. 1 lit. f GDPR (processing is necessary to safeguard our legitimate interests).
5. Obligation to provide personal data
As part of our business activities, you must provide the personal data required to enter into and conduct a business relationship and to fulfill the associated contractual obligations (you do not generally have a legal obligation to provide us with data). Without this data, we will generally not be able to conclude or execute a contract with you (or the entity or person you represent). If you wish to make use of the services offered on our website, you must in turn provide the personal data required for the respective service. If you do not provide us with this data, we will not be able to provide you with the requested service.
6. Data transfer to third parties/recipients, use of service providers – Transfers abroad
We also disclose your data to third parties as part of our business activities and for the purposes set out in section 4, insofar as this is permitted and appears appropriate to us, either because they process it for us or because they wish to use it for their own purposes. We ensure that we only disclose or transfer your personal data to third parties if this is necessary to fulfill the contract with you, if we have a legitimate interest, if you have given your consent and/or if we are obliged to do so by law or by official or court orders. In addition, we use service providers who provide and use services for us in connection with web hosting, as well as cloud or web-based software solutions from service providers that enable us to manage and host personal data in the cloud with them in order to relieve our own servers and work effectively with new software solutions. We have concluded order processing agreements with the respective service providers, which ensure that the respective service providers do not process the data for their own purposes, but only within the scope of our instructions and on our behalf.
The recipients are therefore essentially the following bodies:
- Service providers of ours (within our Group and externally, such as banks, insurance companies), including processors (such as IT providers, e.g. HubSpot Inc. in the USA)
- Dealers, suppliers, subcontractors and other business partners
- Customers
- Domestic and foreign authorities, official bodies or courts
- Acquirers or parties interested in acquiring business units, companies or other parts of the Exentis Group
- Other parties in potential or actual legal proceedings
- Other companies of the Exentis Group
all “recipients” together.
These recipients are mainly located in the EEA or Switzerland. However, some of our recipients (in particular service providers and a Group company) are located outside Switzerland and the EEA, mainly in the USA, a country with inadequate data protection under Swiss and EU law. If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection law (for this we use the revised standard contractual clauses of the European Commission, which are available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? for Switzerland together with the necessary adjustments under Swiss law), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption clause.
7. Storage period and deletion of data
Even without a special request, we naturally comply with our obligations to delete personal data (e.g. in accordance with Art. 17 GDPR) and therefore only store data for as long as is necessary for the provision of the desired service or the respective purpose.
For example, we only store the data in connection with the sending of our newsletter for as long as you are registered for the newsletter and we delete the data as soon as storage is no longer necessary, e.g. after you have unsubscribed from the newsletter or revoked your consent.
Please note, however, that deletion will be replaced by blocking or restriction of processing if deletion conflicts with statutory retention obligations that we must fulfill, or if we must protect our legitimate interests, namely to protect ourselves from claims or to enforce such claims.
8. Data security
Despite the licensed SSL encryption we use for the website, we would like to point out that Internet-based data transmission has security gaps that lie outside our web server, such as nodes in the international network.
9. Amendments
We may amend this Privacy Notice at any time without prior notice. The current version published on our website applies.
10. Further information for users from the USA
a) California’s Shine the Light Law
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website who are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an e-mail to na_sales@exentis-group.com or write to us at Exentis North America Inc., 183 Bucknam Street, Everett, MA 02149. You may only make one such request during the course of a calendar year. We do not disclose any personal data to third parties for their direct marketing purposes without your approval. We “share” personal data within the Exentis group of companies for marketing purposes.
b) Amendments and updates to this Privacy Notice
We will notify you of any material amendments to this Privacy Notice. Please review this Privacy Notice whenever you visit the website or use our services or when prompted when we collect personal data from you offline to check if there have been any changes, so that you know the terms that apply to you at that time. At the top of this Privacy Notice, you can see when this Privacy Notice has been updated. Continued use of our website or use of our services following such changes constitutes the acceptance of those changes.
c) Rights of data subjects
Additionally, to the rights under section 2 of this Privacy Notice, you have the following the rights:
- Right not to be discriminated against: We will not discriminate against you for exercising any of your rights pursuant to this Privacy Notice.
- Right to appeal: You may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted via e-mail to na_sales@exentis-group.com. If we deny your appeal, depending on your state of residency, you may be able to file a claim with the respective State Attorney General. You may be able to find more information about the process and contact information on the respective Attorney General’s website.
- If you do not wish to receive any marketing e-mails from us, please let us know by making use of the opt-out option provided to you in every e-mail we send you.
Please be informed that if you make certain requests (e.g., request to delete personal data), we may no longer be able to offer you the use of the website or portions thereof. We are not under any obligation to maintain a back-up of personal data.
d) Response to consumer requests
We will respond to your request related to your personal data only if we can verify your identity or your authority to make the request, and if we can confirm that the personal data relates to you or the person on whose behalf you are submitting the request.
Please be informed that if you make certain requests, we may no longer be able to offer you the use of the website or portions thereof. We are not under any obligation to maintain a back-up of such personal data.
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at na_sales@exentis-group.com.
We endeavor to respond to the substance of your verified consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding receipt of your request. Upon your request, unless it is impossible or involves disproportionate effort, we will also provide you with disclosures beyond the 12-month period for personal data. If we cannot comply with your request, the response we provide will also explain the reasons why. We will provide your personal data in a format that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
You may only submit a request to know once within a 12-month period unless the applicable data privacy law states otherwise.
We do not charge a fee to process or respond to your verifiable consumer request unless your request is without basis or excessive, in particular if we have received repeated similar requests from you. If we determine that the request warrants charging a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
e) Minors
We do not “sell” and/or “share” the personal data of consumers we know to be under eighteen (18) years of age unless we receive affirmative authorization from the parent or guardian of a minor under the age of eighteen (18).
If you wish to submit a privacy request, or ask a question, on behalf of your minor child please contact us directly at na_sales@exentis-group.com. Note that you must provide sufficient information to allow us to reasonably verify your child is the person about whom we collected personal data, and you are authorized to submit the request on your child’s behalf (i.e., you are the child’s legal guardian or authorized representative).
f) U.S. contact information
If you have any questions or comments about this Privacy Notice, the ways in which we collect and use your personal data, your choices and rights, or wish to exercise your rights under this Privacy Notice, please contact us at:
Phone: +1 978 987 1729
Website: https://www.exentis-group.com/exentis-usa
E-mail: na_sales@exentis-group.com
Mailing Address: Exentis North America Inc., 183 Bucknam Street, Everett, MA 02149
If you need to access this Privacy Notice in an alternative format due to a disability, please contact na_sales@exentis-group.com or +1 978 987 1729.