24. August 2023
1. Responsibility / data protection officer
The management of FERRO is responsible for the data processing that we carry out. If you have any data protection concerns, you can inform us accordingly at the following contact address: Ferro Recycling, Data Protection, Hohlstrasse 532, 8048 Zurich or via e-mail at: firstname.lastname@example.org.
2. Collection and processing of personal data
We primarily process the personal data that we receive from our customers and other business partners in the course of our mutual business relationship and other persons involved in it, or that we collect from their users when operating our websites, apps and other applications.
To the extent permitted, we also take certain data from publicly accessible sources (e.g. enforcement registers, land registers, commercial registers, press, internet) or receive such data from authorities and other third parties (such as credit rating agencies or address dealers). In addition to the personal data that you give us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and legal proceedings, information in connection with your professional functions and activities (e.g. so that we can conclude and process transactions with your employer by your help), information about you in correspondence and discussions with third parties, creditworthiness information (insofar as we process transactions with you personally), information about you received by people close to you (family, advisors, legal representatives, etc.) in a matter that allows us to conclude or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney, information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of ours on the utilisation or provision of services by you (e.g. payments made, purchases made), information from the media and Internet on your person (insofar as this is appropriate in the specific case, e.g. in the context of a job application, press review, marketing/sales, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, details of your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location details)).
3. Purposes of data processing and legal basis
We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners, thus in particular in the context of the collection of sheet steel packaging with our customers as well as the purchase of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations in Switzerland and abroad. If you work for such a customer or business partner, your personal data may of course also be affected in this capacity.
In addition, where permitted and deemed appropriate, we also process personal data about you and other persons for the following purposes in which we (and sometimes third parties) have a legitimate interest:
- Offering and further development our offers, services and websites, apps and other platforms on which we are present;
- Communicating with third parties and processing their enquiries (e.g. applications, media enquiries);
- Review and optimisation of needs analysis for direct client engagement and collection of personal data from publicly available sources for client acquisition;
- Advertising and marketing (including the organisation of events), insofar as you have not objected to the use of your data (if we send you advertising as our existing customer, you can object to this at any time)
- Market and opinion research, media monitoring;
- Assertion of legal claims and defence in connection with legal disputes and authority proceedings;
- Prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud);
- Guarantees of our operations, in particular IT, our websites, Apps and other platforms;
- Video surveillance to maintain house rights and other measures in conection to IT, building and facility security as well as protection of our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings);
- Purchase and sale of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of personal data as well as measures for business management and insofar as for compliance with legal and regulatory obligations
Insofar as you have given us consent to process your personal data for certain purposes (e.g. when you register to receive newsletters), we process your personal data within the scope of and based on this consent, insofar as we have no other legal basis and we require such a basis. Consent which has been given can be revoked at any time, but this has no effect on data processing that has already taken place.
We will not sell, disclose or otherwise share your personal data without your consent. However, personal data may occasionally be disclosed to third parties who act for or on behalf of us or who process data on our behalf in accordance with the original purpose for which it was collected. When disclosing this personal data to third parties, we will require them to ensure that the processing is carried out in accordance with and within the scope of the purpose stated at the time of collection.
We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (FADP).
We process personal data - if and to the extent that the General Data Protection Regulation (GDPR) is applicable - in accordance with at least one of the following legal bases:
- Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the performance of a contract with the data subject as well as for the implementation of pre-contractual measures.
- Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and rights and interests of the data subject prevail. Legitimate interests are, in particular, our interest in being able to carry out our activities and operations permanently, in a user-friendly, secure and reliable manner and to communicate about them, the guarantee of information security, protection against misuse, the enforcement of our own legal claims and compliance with Swiss law.
- Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to comply with a legal obligation to which we are subject under any applicable law of Member States in the European Economic Area (EEA).
- Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task which is in the public interest.
- Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
- Article 6(1)(d) of the GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
4. Cookies / tracking and other technologies related to the use of our website
In the case of mere informational use of the website, e.g. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security:
IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request came, browser, operating system and its interface, language and version of the browser software.
In addition to the data mentioned above (section 4.), cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive with respect to the browser you are using and which provide certain information to the party setting the cookies (in this case, us). Cookies cannot execute programs or transfer viruses to your computer. They serve to make the overall internet offer more user-friendly and effective.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (b)
- Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
d) You can configure your browser settings according to your preferences and e.g. refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of this website.
4.2 Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
4.2.1 IP anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
4.2.2 Browser Plugin
4.3. Further functions and offers of our website
In addition to the purely informational use of our website, we offer various services that you can use if you are interested, such as registering as a collection point or obtaining collection containers or information material via our webshop. For this purpose, you usually have to provide further personal data which we use to provide the respective service and for which the above mentioned data processing principles apply.
In some cases, we use external service providers to process your data. These have been carefully selected by us, checked and commissioned with regard to the data protection standards which are applicable to the external providers. They are bound by our instructions and are regularly monitored.
Furthermore, we may transmit your personal data to third parties if services are offered by us together with partners. You will receive further information while you are providing your personal data in the order process and in the confirmation of the collection point registration.
4.4. Market research and satisfaction analysis
We may transmit your personal data to an external market research institute for satisfaction analysis. The market research institute will pseudonymise your data and transmit it to us anonymously. The personal data obtained from the market research will not be used for advertising and marketing purposes. The satisfaction analysis serves to enable us to make our service and our offer more customer-friendly.
4.5. Use of our webshop
If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. Mandatory information required for the processing of contracts has been marked separately, further information (not mandatory) is voluntary. We process the data you provide to process your order. We may also process the data you provide to inform you of relevant changes to our services. We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. To prevent unauthorised access to your personal data by third parties, the ordering process is encrypted using SSL technology.
4.6. Use of social media plug-ins
We currently use Facebook and Twitter social media plug-ins. We use the so-called two-click solution. This means that when you visit our site, no personal data is transmitted to the providers of the plug-ins. You can recognise the provider of the plug-in via the "Share function" listed in our news articles with the name "Facebook" or "Twitter". We give you the opportunity to communicate directly with the provider of the plug-in through the link. Only when you click on the link and thereby activate it, does the plug-in provider receive the information that you have accessed the corresponding website. In addition, the data mentioned under section 4.1 (Cookies) of this declaration are transmitted.
Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084
Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc, 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
4.7. Integration of YouTube videos
We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. By visiting the website, YouTube receives the information that you have accessed on the corresponding sub-page of our website. In addition, the data mentioned under section 4.1 of this declaration is transmitted. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
4.8. Integration of Google Maps
On this website we use the offering of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under section 4.1 of this declaration will be transmitted. This occurs regardless of whether Google provides a user account by which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
4.9. Google reCAPTCHA
With the aim of ensuring that our website is protected and secure, we use "Google reCAPTCHA" on our website. The provider of the service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
The purpose of reCAPTCHA is to check whether data entries on our website, for example in a contact form, are made by a human or by an automated program.
For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on our website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not made aware that an analysis is taking place.
5. Data transfer and data transmission to abroad
We process personal data in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular in order to process it or have it processed there.
We may export personal data to all states and territories on earth as well as elsewhere in the universe, provided that the law there ensures adequate data protection according to assessment of the Federal Data Protection and Information Commissioner (FDPIC) or according to the decision of the Swiss Federal Council and - if and insofar as the General Data Protection Regulation (GDPR) is applicable - according to decision of the European Commission .
We may transfer personal data to countries whose law does not guarantee adequate data protection, provided that data protection is guaranteed for other reasons, in particular on the basis of standard data protection clauses or with other appropriate guarantees. For exceptional reasons, we may export personal data to countries without adequate or appropriate data protection if the special data protection law requirements are met, for example the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. We will be happy to provide data subjects with information about any guarantees or a copy of any guarantees on request.
6. Duration of the retention of personal data
We process and store your personal data for as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise the purposes pursued with the processing, e.g. for example for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as beyond that in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as a matter of principle and as far as possible. For operational data (e.g. system logs, logs), shorter retention periods of twelve months or less generally apply.
7. Data security
We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions or encryption of data carriers and transmissions.
8. Obligation to provide personal data
In the context of our business relationship, you must provide such personal data as is necessary for the establishment and performance of a business relationship and the fulfilment of the associated contractual obligations (you do not generally have a legal obligation to provide us with data). Without this data, we will generally not be able to enter into or perform a contract with you (or the entity or person you represent). Also, the website cannot be used if certain information to secure traffic (such as IP address) is not disclosed.
9. Profiling and automated decision making
For the establishment and implementation of the business relationship and also otherwise, we generally do not use any fully-automated decision-making (such as regulated in Art. 22 DSGVO). Should we use such procedures in individual cases, we will inform you individually about this, insofar as this is required by law, and inform you about the associated rights.
10. Rights of the data subject
Within the framework of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR), you have the right to information, correction, deletion, the right to restriction of data processing and otherwise the right to object to our data processing, in particular that for the purposes of direct marketing and other legitimate interests in processing, as well as to the release of certain personal data for the purpose of transfer to another body (so-called data portability). Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require it for the assertion of claims. If you incur costs, we will inform you in advance. We have already informed you about the possibility of revoking your consent in section 3. Please note that exercising these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract or costs. We will inform you in advance if this is not already contractually regulated.
The exercise of such rights usually requires that you clearly prove your identity (e.g. by a copy of your ID card where your identity is otherwise not clear or cannot be verified). To exercise your rights, you can contact us at the address given in section 1.
Every data subject also has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).