DSVGO

Pri­vacy policy

We are very plea­sed about your inte­rest in our com­pany. Data pro­tec­tion is of a par­ti­cu­larly high prio­rity for the manage­ment of OSTERWALDER AG. The use of the Inter­net pages of the OSTERWALDER AG is pos­si­ble wit­hout any indi­ca­tion of per­so­nal data. Howe­ver, if a data sub­ject wants to use spe­cial ser­vices of our enter­prise via our web­site, pro­ces­sing of per­so­nal data could become necessary. 

If the pro­ces­sing of per­so­nal data is neces­sary and there is no legal basis for such pro­ces­sing, we gene­rally obtain the con­sent of the data subject.

The pro­ces­sing of per­so­nal data, such as the name, address, e‑mail address, or tele­phone num­ber of a data sub­ject shall always be in line with the coun­try-spe­ci­fic data pro­tec­tion regu­la­ti­ons appli­ca­ble to the OSTERWALDER AG. 

By means of this data pro­tec­tion decla­ra­tion, our com­pany would like to inform the public about the type, scope and pur­pose of the per­so­nal data coll­ec­ted, used and pro­ces­sed by us. Fur­ther­more, data sub­jects are infor­med of their rights by means of this data pro­tec­tion declaration.

As the con­trol­ler, the OSTERWALDER AG has imple­men­ted num­e­rous tech­ni­cal and orga­niza­tio­nal mea­su­res to ensure the most com­plete pro­tec­tion of per­so­nal data pro­ces­sed through this web­site. Nevert­hel­ess, Inter­net-based data trans­mis­si­ons may be sub­ject to secu­rity vul­nerabi­li­ties, so that abso­lute pro­tec­tion can­not be guaranteed. 

For this reason, every data sub­ject is free to trans­mit per­so­nal data to us by alter­na­tive means, for exam­ple by telephone.

1. defi­ni­ti­ons

The data pro­tec­tion decla­ra­tion of OSTERWALDER AG is based on the terms used by the Euro­pean Direc­tive and Ordi­nance when issuing the Data Pro­tec­tion Regu­la­tion (DS-GVO). Our data pro­tec­tion decla­ra­tion should be easy to read and under­stand for the public as well as for our cus­to­mers and busi­ness part­ners. To ensure this, we would like to explain the terms used in advance.

We use the fol­lo­wing terms, among others, in this Pri­vacy Policy:

a) per­so­nal data

Per­so­nal data is any infor­ma­tion rela­ting to an iden­ti­fied or iden­ti­fia­ble natu­ral per­son (her­ein­af­ter “data sub­ject”). An iden­ti­fia­ble natu­ral per­son is one who can be iden­ti­fied, directly or indi­rectly, in par­ti­cu­lar by refe­rence to an iden­ti­fier such as a name, an iden­ti­fi­ca­tion num­ber, loca­tion data, an online iden­ti­fier or to one or more fac­tors spe­ci­fic to the phy­si­cal, phy­sio­lo­gi­cal, gene­tic, men­tal, eco­no­mic, cul­tu­ral or social iden­tity of that natu­ral person.

b) per­son concerned

Data sub­ject is any iden­ti­fied or iden­ti­fia­ble natu­ral per­son whose per­so­nal data are pro­ces­sed by the controller.

c) Pro­ces­sing

Pro­ces­sing means any ope­ra­tion or set of ope­ra­ti­ons which is per­for­med upon per­so­nal data, whe­ther or not by auto­ma­tic means, such as coll­ec­tion, recor­ding, orga­niza­tion, fil­ing, sto­rage, adapt­a­tion or altera­tion, retrie­val, con­sul­ta­tion, use, dis­clo­sure by trans­mis­sion, dis­se­mi­na­tion or other­wise making available, ali­gnment or com­bi­na­tion, rest­ric­tion, era­sure or destruction.

d) Rest­ric­tion of processing

Rest­ric­tion of pro­ces­sing is the mar­king of stored per­so­nal data with the aim of limi­ting their future processing.

e) Pro­fil­ing

Pro­fil­ing is any type of auto­ma­ted pro­ces­sing of per­so­nal data that con­sists of using such per­so­nal data to eva­luate cer­tain per­so­nal aspects rela­ting to a natu­ral per­son, in par­ti­cu­lar to ana­lyze or pre­dict aspects rela­ting to that natu­ral person’s job per­for­mance, eco­no­mic situa­tion, health, per­so­nal pre­fe­ren­ces, inte­rests, relia­bi­lity, beha­vior, loca­tion or change of location.

f) Pseud­ony­miza­tion

Pseud­ony­miza­tion is the pro­ces­sing of per­so­nal data in such a way that the per­so­nal data can no lon­ger be attri­bu­ted to a spe­ci­fic data sub­ject wit­hout the use of addi­tio­nal infor­ma­tion, pro­vi­ded that such addi­tio­nal infor­ma­tion is kept sepa­rate and is sub­ject to tech­ni­cal and orga­niza­tio­nal mea­su­res to ensure that the per­so­nal data is not attri­bu­ted to an iden­ti­fied or iden­ti­fia­ble natu­ral person.

g) Con­trol­ler or per­son respon­si­ble for the processing

The con­trol­ler or per­son respon­si­ble for pro­ces­sing is the natu­ral or legal per­son, public aut­ho­rity, agency or other body which alone or jointly with others deter­mi­nes the pur­po­ses and means of the pro­ces­sing of per­so­nal data. Where the pur­po­ses and means of such pro­ces­sing are deter­mi­ned by Union or Mem­ber State law, the con­trol­ler or the spe­ci­fic cri­te­ria for its desi­gna­tion may be pro­vi­ded for under Union or Mem­ber State law.

h) Pro­ces­sor

Pro­ces­sor means a natu­ral or legal per­son, public aut­ho­rity, agency or other body that pro­ces­ses per­so­nal data on behalf of the Controller.

i) Reci­pi­ent

A reci­pi­ent is a natu­ral or legal per­son, public aut­ho­rity, agency or other body to whom per­so­nal data are dis­c­lo­sed, whe­ther or not a third party. Howe­ver, public aut­ho­ri­ties that may receive per­so­nal data in the con­text of a spe­ci­fic inves­ti­ga­tive task under Union or Mem­ber State law shall not be con­side­red as recipients.

j) Third

Third party means a natu­ral or legal per­son, public aut­ho­rity, agency or other body other than the data sub­ject, the con­trol­ler, the pro­ces­sor and the per­sons aut­ho­ri­zed to pro­cess the per­so­nal data under the direct respon­si­bi­lity of the con­trol­ler or the processor.

k) Con­sent

Con­sent shall mean any freely given indi­ca­tion of the data subject’s wis­hes for the spe­ci­fic case in an infor­med and unam­bi­guous man­ner in the form of a state­ment or any other unam­bi­guous affir­ma­tive act by which the data sub­ject indi­ca­tes that he or she cons­ents to the pro­ces­sing of per­so­nal data rela­ting to him or her.

2. name and address of the controller

The respon­si­ble party within the mea­ning of the Gene­ral Data Pro­tec­tion Regu­la­tion, other data pro­tec­tion laws appli­ca­ble in the Mem­ber Sta­tes of the Euro­pean Union and other pro­vi­si­ons of a data pro­tec­tion nature is:

OSTERWALDER AG
Indus­trial ring 4
3250 Lyss
Switz­er­land

Tel.: +41323871400
Email:


Web­site: www.osterwalder.com

3. coll­ec­tion of gene­ral data and information

The web­site of the OSTERWALDER AG coll­ects a series of gene­ral data and infor­ma­tion with each call-up of the web­site by a data sub­ject or auto­ma­ted sys­tem. This gene­ral data and infor­ma­tion is stored in the log files of the server. 

The fol­lo­wing data may be coll­ec­ted: (1) the brow­ser types and ver­si­ons used, (2) the ope­ra­ting sys­tem used by the acces­sing sys­tem, (3) the web­site from which an acces­sing sys­tem acces­ses our web­site (so-cal­led refer­rer), (4) the sub-web­sites that are acces­sed via an acces­sing sys­tem on our web­site, (5) the date and time of access to the web­site, (6) an Inter­net pro­to­col address (IP address), (7) the Inter­net ser­vice pro­vi­der of the acces­sing sys­tem, and (8) other simi­lar data and infor­ma­tion that serve to avert dan­ger in the event of attacks on our infor­ma­tion tech­no­logy systems.

When using these gene­ral data and infor­ma­tion, the OSTERWALDER AG does not draw any con­clu­si­ons about the data sub­ject. Rather, this infor­ma­tion is nee­ded (1) to deli­ver the con­tent of our web­site cor­rectly, (2) to opti­mize the con­tent of our web­site and the adver­ti­sing for it, (3) to ensure the long-term func­tion­a­lity of our infor­ma­tion tech­no­logy sys­tems and the tech­no­logy of our web­site, and (4) to pro­vide law enforce­ment aut­ho­ri­ties with the infor­ma­tion neces­sary for pro­se­cu­tion in the event of a cyber attack. 

The­r­e­fore, the OSTERWALDER AG ana­ly­zes anony­mously coll­ec­ted data and infor­ma­tion on one hand for sta­tis­ti­cal pur­po­ses and on the other hand for the pur­pose of incre­asing the data pro­tec­tion and data secu­rity of our enter­prise, and ulti­m­ately ensu­ring an opti­mal level of pro­tec­tion for the per­so­nal data we pro­cess. The anony­mous data of the ser­ver log files are stored sepa­ra­tely from any per­so­nal data pro­vi­ded by a data subject.

4. sub­scrip­tion to our newsletter

On the web­site of the OSTERWALDER AG, users are given the oppor­tu­nity to sub­scribe to our enterprise’s news­let­ter. The per­so­nal data trans­mit­ted to the con­trol­ler when the news­let­ter is orde­red is spe­ci­fied in the input mask used for this purpose.

The OSTERWALDER AG informs its cus­to­mers and busi­ness part­ners at regu­lar inter­vals by means of a news­let­ter about enter­prise offers. The news­let­ter of our com­pany can basi­cally only be recei­ved by the data sub­ject if (1) the data sub­ject has a valid e‑mail address and (2) the data sub­ject regis­ters for the news­let­ter mai­ling. For legal reasons, a con­fir­ma­tion e‑mail will be sent to the e‑mail address ente­red by a data sub­ject for the first time for news­let­ter dis­patch using the dou­ble opt-in pro­ce­dure. This con­fir­ma­tion e‑mail ser­ves to verify whe­ther the owner of the e‑mail address as the data sub­ject has aut­ho­ri­zed the receipt of the newsletter.

When regis­tering for the news­let­ter, we also store the IP address of the com­pu­ter sys­tem used by the data sub­ject at the time of regis­tra­tion, as assi­gned by the Inter­net ser­vice pro­vi­der (ISP), as well as the date and time of regis­tra­tion. The coll­ec­tion of this data is neces­sary in order to be able to trace the (pos­si­ble) misuse of the e‑mail address of a data sub­ject at a later point in time and the­r­e­fore ser­ves the legal safe­guar­ding of the controller.

The per­so­nal data coll­ec­ted in the con­text of a regis­tra­tion for the news­let­ter will be used exclu­si­vely for sen­ding our news­let­ter. Fur­ther­more, sub­scri­bers to the news­let­ter could be infor­med by e‑mail if this is neces­sary for the ope­ra­tion of the news­let­ter ser­vice or a rela­ted regis­tra­tion, as could be the case in the event of chan­ges to the news­let­ter offer or chan­ges in the tech­ni­cal cir­cum­s­tances. No per­so­nal data coll­ec­ted as part of the news­let­ter ser­vice will be pas­sed on to third par­ties. The sub­scrip­tion to our news­let­ter can be can­cel­led by the data sub­ject at any time. 

The con­sent to the sto­rage of per­so­nal data that the data sub­ject has given us for the news­let­ter dis­patch can be revo­ked at any time. For the pur­pose of revo­king the con­sent, a cor­re­spon­ding link can be found in each news­let­ter. Fur­ther­more, it is also pos­si­ble to unsub­scribe from the news­let­ter mai­ling directly on the web­site of the con­trol­ler at any time or to notify the con­trol­ler of this in ano­ther way.

5. news­let­ter tracking

The news­let­ters of OSTERWALDER AG con­tain so-cal­led track­ing pixels. A track­ing pixel is a minia­ture gra­phic that is embedded in such emails that are sent in HTML for­mat to enable log file recor­ding and log file ana­ly­sis. This allows a sta­tis­ti­cal eva­lua­tion of the suc­cess or fail­ure of online mar­ke­ting cam­paigns. Based on the embedded track­ing pixel, the OSTERWALDER AG may see if and when an e‑mail was ope­ned by a data sub­ject, and which links in the e‑mail were cal­led up by the data subject.

Such per­so­nal data coll­ec­ted via the track­ing pixels con­tai­ned in the news­let­ters are stored and eva­lua­ted by the con­trol­ler in order to opti­mize the news­let­ter dis­patch and to bet­ter adapt the con­tent of future news­let­ters to the inte­rests of the data sub­ject. This per­so­nal data will not be dis­c­lo­sed to third par­ties. Data sub­jects are entit­led at any time to revoke the sepa­rate decla­ra­tion of con­sent given in this regard via the dou­ble opt-in pro­ce­dure. After revo­ca­tion, this per­so­nal data will be dele­ted by the con­trol­ler. The OSTERWALDER AG auto­ma­ti­cally regards a with­dra­wal from the receipt of the news­let­ter as a revocation.

6. cont­act pos­si­bi­lity via the website

Based on sta­tu­tory pro­vi­si­ons, the web­site of the OSTERWALDER AG con­ta­ins data that enable a quick elec­tro­nic cont­act to our enter­prise, as well as direct com­mu­ni­ca­tion with us, which also includes a gene­ral address of the so-cal­led elec­tro­nic mail (e‑mail address). If a data sub­ject cont­acts the con­trol­ler by e‑mail or by using a cont­act form, the per­so­nal data trans­mit­ted by the data sub­ject will be stored auto­ma­ti­cally. Such per­so­nal data trans­mit­ted on a vol­un­t­ary basis by a data sub­ject to the con­trol­ler will be stored for the pur­pose of pro­ces­sing or cont­ac­ting the data sub­ject. No dis­clo­sure of this per­so­nal data to third par­ties will take place.

7. rou­tine dele­tion and blo­cking of per­so­nal data

The con­trol­ler shall pro­cess and store per­so­nal data of the data sub­ject only for the period neces­sary to achieve the pur­pose of sto­rage or where pro­vi­ded for by the Euro­pean Direc­tive and Regu­la­tion or other legis­la­tor in laws or regu­la­ti­ons to which the con­trol­ler is subject.

If the pur­pose of sto­rage no lon­ger applies or if a sto­rage period pre­scri­bed by the Euro­pean Direc­tive and Regu­la­tion or ano­ther com­pe­tent legis­la­tor expi­res, the per­so­nal data will be rou­ti­nely blo­cked or dele­ted in accordance with the sta­tu­tory provisions.

8. rights of the data subject

a) Right to confirmation

Every data sub­ject shall have the right, gran­ted by the Euro­pean Direc­tive and the Regu­la­tion, to obtain con­fir­ma­tion from the con­trol­ler as to whe­ther per­so­nal data con­cer­ning him or her are being pro­ces­sed. If a data sub­ject wis­hes to exer­cise this right, he or she may, at any time, cont­act any employee of the controller.

b) Right to information

Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data has the right gran­ted by the Euro­pean Direc­tive and Regu­la­tion to obtain at any time from the con­trol­ler, free of charge, infor­ma­tion about the per­so­nal data stored about him or her and a copy of that infor­ma­tion. Fur­ther­more, the Euro­pean Direc­tive and Regu­la­tion has gran­ted the data sub­ject access to the fol­lo­wing information:

-the pro­ces­sing purposes

-the cate­go­ries of per­so­nal data that are processed

-the reci­pi­ents or cate­go­ries of reci­pi­ents to whom the per­so­nal data have been or will be dis­c­lo­sed, in par­ti­cu­lar in the case of reci­pi­ents in third count­ries or inter­na­tio­nal organizations

-if pos­si­ble, the plan­ned dura­tion for which the per­so­nal data will be stored or, if this is not pos­si­ble, the cri­te­ria for deter­mi­ning this duration

-the exis­tence of a right to obtain the rec­ti­fi­ca­tion or era­sure of per­so­nal data con­cer­ning him or her, or the rest­ric­tion of pro­ces­sing by the con­trol­ler, or a right to object to such processing

-the exis­tence of a right of appeal to a super­vi­sory authority

-if the per­so­nal data are not coll­ec­ted from the data sub­ject: All available infor­ma­tion about the ori­gin of the data

-the exis­tence of auto­ma­ted decis­ion-making, inclu­ding pro­fil­ing, pur­su­ant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful infor­ma­tion about the logic invol­ved and the scope and inten­ded effects of such pro­ces­sing for the data subject.

Fur­ther­more, the data sub­ject shall have the right to obtain infor­ma­tion as to whe­ther per­so­nal data have been trans­fer­red to a third coun­try or to an inter­na­tio­nal orga­niza­tion. If this is the case, the data sub­ject also has the right to obtain infor­ma­tion about the appro­priate safe­guards in con­nec­tion with the transfer.

If a data sub­ject wis­hes to exer­cise this right of access, he or she may, at any time, cont­act any employee of the controller.

c) Right to rectification

Any per­son affec­ted by the pro­ces­sing of per­so­nal data has the right gran­ted by the Euro­pean Direc­tive and Regu­la­tion to request the imme­diate rec­ti­fi­ca­tion of inac­cu­rate per­so­nal data con­cer­ning him or her. Fur­ther­more, the data sub­ject has the right to request the com­ple­tion of incom­plete per­so­nal data — also by means of a sup­ple­men­tary decla­ra­tion — taking into account the pur­po­ses of the processing.

If a data sub­ject wis­hes to exer­cise this right to rec­tify, he or she may, at any time, cont­act any employee of the controller.

d) Right to era­sure (right to be forgotten)

Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data has the right, gran­ted by the Euro­pean Direc­tive and Regu­la­tion, to obtain from the con­trol­ler the era­sure wit­hout delay of per­so­nal data con­cer­ning him or her, where one of the fol­lo­wing reasons applies and inso­far as the pro­ces­sing is not necessary:

-The per­so­nal data have been coll­ec­ted or other­wise pro­ces­sed for pur­po­ses for which they are no lon­ger necessary.

-The data sub­ject revo­kes the con­sent on which the pro­ces­sing was based pur­su­ant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO and there is no other legal basis for the processing.

-The data sub­ject objects to the pro­ces­sing pur­su­ant to Article 21(1) of the GDPR and there are no over­ri­ding legi­ti­mate grounds for the pro­ces­sing, or the data sub­ject objects to the pro­ces­sing pur­su­ant to Article 21(2) of the GDPR.

-The per­so­nal data have been pro­ces­sed unlawfully.

-The dele­tion of the per­so­nal data is neces­sary for com­pli­ance with a legal obli­ga­tion under Union or Mem­ber State law to which the con­trol­ler is subject.

-The per­so­nal data was coll­ec­ted in rela­tion to infor­ma­tion society ser­vices offe­red pur­su­ant to Art. 8 (1) DS-GVO.

If one of the afo­re­men­tio­ned reasons applies, and a data sub­ject wis­hes to arrange for the dele­tion of per­so­nal data stored by the OSTERWALDER AG, he or she may, at any time, cont­act any employee of the con­trol­ler. The employee of OSTERWALDER AG will arrange for the era­sure request to be com­plied with immediately.

If the per­so­nal data was made public by the OSTERWALDER AG and our com­pany as the respon­si­ble party is obli­ged to delete the per­so­nal data pur­su­ant to Art. 17 Para. 1 DS-GVO, OSTERWALDER AG shall imple­ment reasonable mea­su­res, inclu­ding tech­ni­cal mea­su­res, to com­pen­sate other data con­trol­lers for pro­ces­sing the per­so­nal data published, taking into account the available tech­no­logy and the cost of imple­men­ta­tion, in order to inform the data sub­ject that he or she has reques­ted from those other data con­trol­lers to erase all links to the per­so­nal data or copies or repli­ca­ti­ons of the per­so­nal data, unless the pro­ces­sing is neces­sary. The employee of the OSTERWALDER AG will arrange the neces­sary in indi­vi­dual cases.

e) Right to rest­ric­tion of processing

Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data has the right, gran­ted by the Euro­pean Direc­tive and Regu­la­tion, to obtain from the con­trol­ler the rest­ric­tion of pro­ces­sing if one of the fol­lo­wing con­di­ti­ons is met:

-The accu­racy of the per­so­nal data is con­tes­ted by the data sub­ject for a period enab­ling the con­trol­ler to verify the accu­racy of the per­so­nal data.

-The pro­ces­sing is unlawful, the data sub­ject objects to the era­sure of the per­so­nal data and requests ins­tead the rest­ric­tion of the use of the per­so­nal data.

-The con­trol­ler no lon­ger needs the per­so­nal data for the pur­po­ses of pro­ces­sing, but the data sub­ject needs it for the asser­tion, exer­cise or defense of legal claims.

-The data sub­ject has objec­ted to the pro­ces­sing pur­su­ant to Article 21 (1) of the GDPR and it is not yet clear whe­ther the legi­ti­mate grounds of the con­trol­ler over­ride those of the data subject.

If one of the afo­re­men­tio­ned con­di­ti­ons is met, and a data sub­ject wis­hes to request the rest­ric­tion of per­so­nal data stored by the OSTERWALDER AG, he or she may, at any time, cont­act any employee of the con­trol­ler. The employee of the OSTERWALDER AG will arrange the rest­ric­tion of the processing.

f) Right to data portability

Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data has the right, gran­ted by the Euro­pean Direc­tive and Regu­la­tion, to receive the per­so­nal data con­cer­ning him or her, which have been pro­vi­ded by the data sub­ject to a con­trol­ler, in a struc­tu­red, com­monly used and machine-rea­da­ble for­mat. He or she also has the right to trans­mit this data to ano­ther con­trol­ler wit­hout hin­drance from the con­trol­ler to whom the per­so­nal data have been pro­vi­ded, pro­vi­ded that the pro­ces­sing is based on con­sent pur­su­ant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a con­tract pur­su­ant to Article 6(1)(b) of the GDPR and the pro­ces­sing is car­ried out by auto­ma­ted means, unless the pro­ces­sing is neces­sary for the per­for­mance of a task car­ried out in the public inte­rest or in the exer­cise of offi­cial aut­ho­rity ves­ted in the controller.

Fur­ther­more, when exer­cis­ing his or her right to data por­ta­bi­lity pur­su­ant to Article 20(1) of the GDPR, the data sub­ject shall have the right to obtain that the per­so­nal data be trans­fer­red directly from one con­trol­ler to ano­ther con­trol­ler, to the ext­ent that this is tech­ni­cally fea­si­ble and pro­vi­ded that this does not adver­sely affect the rights and free­doms of other individuals.

In order to assert the right to data por­ta­bi­lity, the data sub­ject may at any time cont­act any employee of the OSTERWALDER AG.

g) Right of objection

Any per­son affec­ted by the pro­ces­sing of per­so­nal data has the right gran­ted by the Euro­pean Direc­tive and Regu­la­tion to object at any time, on grounds rela­ting to his or her par­ti­cu­lar situa­tion, to the pro­ces­sing of per­so­nal data con­cer­ning him or her car­ried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to pro­fil­ing based on these provisions.

The OSTERWALDER AG shall no lon­ger pro­cess the per­so­nal data in the event of the objec­tion, unless we can demons­trate com­pel­ling legi­ti­mate grounds for the pro­ces­sing which over­ride the inte­rests, rights and free­doms of the data sub­ject, or for the asser­tion, exer­cise or defense of legal claims.

If the OSTERWALDER AG pro­ces­ses per­so­nal data for the pur­pose of direct mar­ke­ting, the data sub­ject shall have the right to object at any time to pro­ces­sing of per­so­nal data pro­ces­sed for such mar­ke­ting. This also applies to pro­fil­ing, inso­far as it is rela­ted to such direct mar­ke­ting. If the data sub­ject objects to the OSTERWALDER AG to the pro­ces­sing for direct mar­ke­ting pur­po­ses, the OSTERWALDER AG will no lon­ger pro­cess the per­so­nal data for these purposes.

In addi­tion, the data sub­ject has the right, on grounds rela­ting to his or her par­ti­cu­lar situa­tion, to object to pro­ces­sing of per­so­nal data con­cer­ning him or her which is car­ried out by the OSTERWALDER AG for sci­en­ti­fic or his­to­ri­cal rese­arch pur­po­ses, or for sta­tis­ti­cal pur­po­ses pur­su­ant to Article 89(1) of the Data Pro­tec­tion Regu­la­tion, unless such pro­ces­sing is neces­sary for the per­for­mance of a task car­ried out in the public interest.

In order to exer­cise the right to object, the data sub­ject may directly cont­act any employee of the OSTERWALDER AG or ano­ther employee. The data sub­ject is also free to exer­cise his/her right to object in con­nec­tion with the use of infor­ma­tion society ser­vices, not­wi­th­stan­ding Direc­tive 2002/58/EC, by means of auto­ma­ted pro­ce­du­res using tech­ni­cal specifications.

h) Auto­ma­ted decis­i­ons in indi­vi­dual cases inclu­ding profiling

Any data sub­ject con­cer­ned by the pro­ces­sing of per­so­nal data shall have the right, gran­ted by the Euro­pean Direc­tive and the Regu­la­tion, not to be sub­ject to a decis­ion based solely on auto­ma­ted pro­ces­sing, inclu­ding pro­fil­ing, which pro­du­ces legal effects con­cer­ning him or her or simi­larly signi­fi­cantly affects him or her, unless the decis­ion (1) is neces­sary for ente­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and the con­trol­ler, or (2) is per­mit­ted by Union or Mem­ber State law to which the con­trol­ler is sub­ject and that law con­ta­ins sui­ta­ble mea­su­res to safe­guard the data subject’s rights and free­doms and legi­ti­mate inte­rests, or (3) is based on the data subject’s expli­cit consent.

If the decis­ion (1) is neces­sary for ente­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and the data con­trol­ler, or (2) it is made with the data subject’s expli­cit con­sent, the OSTERWALDER AG shall imple­ment sui­ta­ble mea­su­res to safe­guard the data subject’s rights and free­doms and legi­ti­mate inte­rests, which include at least the right to obtain the data subject’s inter­ven­tion on the part of the con­trol­ler, to express his or her point of view and to con­test the decision.

If the data sub­ject wis­hes to exer­cise the rights con­cer­ning auto­ma­ted decis­i­ons, he or she may, at any time, cont­act any employee of the controller.

i) Right to revoke con­sent under data pro­tec­tion law

Any per­son affec­ted by the pro­ces­sing of per­so­nal data has the right gran­ted by the Euro­pean Direc­tive and Regu­la­tion to with­draw con­sent to the pro­ces­sing of per­so­nal data at any time.

If the data sub­ject wis­hes to exer­cise the right to with­draw the con­sent, he or she may, at any time, cont­act any employee of the controller.

9. legal basis of the processing

Article 6 I lit. a DS-GVO ser­ves our com­pany as the legal basis for pro­ces­sing ope­ra­ti­ons in which we obtain con­sent for a spe­ci­fic pro­ces­sing pur­pose. If the pro­ces­sing of per­so­nal data is neces­sary for the per­for­mance of a con­tract to which the data sub­ject is a party, as is the case, for exam­ple, with pro­ces­sing ope­ra­ti­ons that are neces­sary for the deli­very of goods or the pro­vi­sion of ano­ther ser­vice or con­side­ra­tion, the pro­ces­sing is based on Article 6 I lit. b DS-GVO. The same applies to such pro­ces­sing ope­ra­ti­ons that are neces­sary for the imple­men­ta­tion of pre-con­trac­tual mea­su­res, for exam­ple in cases of inqui­ries about our pro­ducts or ser­vices. If our com­pany is sub­ject to a legal obli­ga­tion by which a pro­ces­sing of per­so­nal data beco­mes neces­sary, such as for the ful­fill­ment of tax obli­ga­ti­ons, the pro­ces­sing is based on Art. 6 I lit. c DS-GVO. In rare cases, the pro­ces­sing of per­so­nal data might become neces­sary to pro­tect vital inte­rests of the data sub­ject or ano­ther natu­ral per­son. This would be the case, for exam­ple, if a visi­tor were to be inju­red on our pre­mi­ses and as a result his or her name, age, health insu­rance data or other vital infor­ma­tion had to be pas­sed on to a doc­tor, hos­pi­tal or other third party. Then the pro­ces­sing would be based on Art. 6 I lit. d DS-GVO. Finally, pro­ces­sing ope­ra­ti­ons could be based on Art. 6 I lit. f DS-GVO. Pro­ces­sing ope­ra­ti­ons that are not covered by any of the afo­re­men­tio­ned legal bases are based on this legal basis if the pro­ces­sing is neces­sary to pro­tect a legi­ti­mate inte­rest of our com­pany or a third party, pro­vi­ded that the inte­rests, fun­da­men­tal rights and free­doms of the data sub­ject are not over­ridden. Such pro­ces­sing ope­ra­ti­ons are per­mit­ted to us in par­ti­cu­lar because they were spe­ci­fi­cally men­tio­ned by the Euro­pean legis­la­tor. In this respect, it took the view that a legi­ti­mate inte­rest could be assu­med if the data sub­ject is a cus­to­mer of the con­trol­ler (reci­tal 47 sen­tence 2 DS-GVO).

10. legi­ti­mate inte­rests in the pro­ces­sing pur­sued by the con­trol­ler or a third party.

If the pro­ces­sing of per­so­nal data is based on Article 6 I lit. f DS-GVO, our legi­ti­mate inte­rest is the per­for­mance of our busi­ness acti­vi­ties for the bene­fit of the well-being of all our employees and our shareholders.

11. dura­tion for which the per­so­nal data are stored

The cri­ter­ion for the dura­tion of sto­rage of per­so­nal data is the respec­tive sta­tu­tory reten­tion period. After expiry of the period, the cor­re­spon­ding data is rou­ti­nely dele­ted, pro­vi­ded that it is no lon­ger requi­red for the ful­fill­ment or initia­tion of the contract.

12. legal or con­trac­tual requi­re­ments to pro­vide the per­so­nal data; neces­sity for the con­clu­sion of the con­tract; obli­ga­tion of the data sub­ject to pro­vide the per­so­nal data; pos­si­ble con­se­quen­ces of non-provision

We would like to inform you that the pro­vi­sion of per­so­nal data is partly requi­red by law (e.g. tax regu­la­ti­ons) or may also result from con­trac­tual regu­la­ti­ons (e.g. infor­ma­tion on the con­trac­tual part­ner). Some­ti­mes, in order to con­clude a con­tract, it may be neces­sary for a data sub­ject to pro­vide us with per­so­nal data that must sub­se­quently be pro­ces­sed by us. For exam­ple, the data sub­ject is obli­ged to pro­vide us with per­so­nal data if our com­pany con­cludes a con­tract with him or her. Fail­ure to pro­vide the per­so­nal data would mean that the con­tract with the data sub­ject could not be con­cluded. Before pro­vi­ding per­so­nal data by the data sub­ject, the data sub­ject must cont­act one of our employees. Our employee will explain to the data sub­ject on a case-by-case basis whe­ther the pro­vi­sion of the per­so­nal data is requi­red by law or con­tract or is neces­sary for the con­clu­sion of the con­tract, whe­ther there is an obli­ga­tion to pro­vide the per­so­nal data, and what the con­se­quen­ces of not pro­vi­ding the per­so­nal data would be.

13. exis­tence of auto­ma­ted decis­ion making

As a respon­si­ble com­pany, we do not use auto­ma­tic decis­ion-making or profiling.