Security and confidentiality
Rychiger AG takes the protection of your personal data seriously. We handle all personal data as confidential, and in accordance with statutory data protection regulations and this Privacy Notice.
Rychiger AG (hereinafter also referred to as “we”, “us”) procures and processes personal data relating to you and other individuals (referred to as “third parties”). The term “data” is used interchangeably with the term “personal data” here.
We have written this privacy statement to inform you of the collection and processing of your personal data and explain to you what we do with your personal data when you visit www.rychiger.com (hereinafter referred to as the “website”), purchase our services or products, otherwise associate with us in the course of a contract, communicate with us, or otherwise interact with us.
If you provide us with personal data relating to others, please ensure that these individuals are familiar with this privacy statement and that you are authorized to share the relevant personal data with us.
This privacy statement is based on the requirements of the Swiss Data Protection Act (“DSG”) and the EU General Data Protection Regulation (“GDPR”). However, whether and the extent to which these laws are applicable depends on the individual circumstances at hand.
The data controller as defined under privacy legislation is Rychiger AG, based in Steffisburg:
You can contact us regarding any privacy concerns or to exercise your rights as defined under Section 12 using the following contact details:
Alte Bernstrasse 135
The term “personal data” refers to data that relates to identified or identifiable individuals, i.e. the identity of said individuals can be inferred from the data itself or from the data in conjunction with additional data. Under Section 4 you will find information regarding the data we process within the framework of this privacy statement. “Processing” refers to any means of handling personal data, e.g. its purchase, storage, retention, use, modification, disclosure, or erasure. In this privacy statement, the term “process” should be interpreted in accordance with both the Swiss Data Protection Act (DSG) and the GDPR.
We process different categories of data relating to you. The most important categories are listed below:
- Technical data: When you use our website or other electronic services (e.g. free WLAN), we record the IP address of your device and other technical data to ensure the functionality and security of these services. This data also includes logs which record the use of our systems. We generally retain technical data for 24 months. To ensure the functionality of these services, we may also assign you or your device a unique code (e.g. in the form of cookie, see Section 13). Generally speaking, this technical data itself cannot be used to infer your identity. However, this data may be linked with other categories of data (and therefore potentially with your identity) in connection with user accounts, registrations, access controls, or contract administration.
- Registration data: Certain features or services (e.g. sending newsletters, free WLAN access, ticket system, etc.) may only be used with a user account or by registering either directly with us or via our external login service provider. To do this you must provide certain data, and we will record data relating to your use of the feature or service. We generally retain registration data for a period of 12 months after you have stopped using the service or deleted your user account.
- Communication data: If you get in touch with us via contact form, email, phone, or chat, by mail or any other means of communication, we record the data exchanged between you and us, including your contact details and the marginal data relating to the communication. If we want or are required to determine your identity, we record data to identify you (e.g. a copy of an ID). We generally retain this data for 12 months following our last interaction with you. This period may be longer insofar as this is necessary for verification purposes or for compliance with statutory or contractual requirements or for technical reasons. Emails in personal inboxes and written correspondence are generally stored for several years.
- Master data: We use the term master data to refer to the basic data we require in addition to contractual data (see below) for the administration of our contractual and other business relationships or for marketing and promotional purposes, such as name, contact details and information, e.g. regarding your role or job, your bank detail(s), your date of birth, customer history, authorizations, signature authorizations, and declarations of consent. We process your master data if you are a customer or another business contact or if you are acting on behalf of any such individual (e.g. as a contact person for a business partner), or because we want to approach you for our own purposes or the purposes of a contractual partner (e.g. in the course of marketing and advertising, with invitations to events, with newsletters, etc.). We receive master data from you yourself (e.g. at trade fair events, during a purchase, or in the course of registration), from bodies representing you, or third parties, e.g. our contractual partners, associations, and mailing list brokers and from publicly accessible sources such as public registers or the internet (websites, social media, etc.). We generally retain this data for 10 years following our last interaction with you, but at least ten years following the end of the contract. This period may be longer insofar as this is necessary for verification purposes or for compliance with statutory or contractual requirements or for technical reasons.
- Contractual data: This is data obtained during the conclusion of a contract and/or the administration of a contract, e.g. information about contracts and the services to be provided, as well as data obtained in advance of the conclusion of a contract, the information necessary or used to administer the contract, and information regarding feedback (e.g. complaints or feedback on satisfaction, etc.). We generally collect this data from you, contractual partners, and third parties involved in the administration of the contract, but also from third-party sources (e.g. suppliers of credit rating data) and from publicly accessible sources. We generally retain this data for 10 years following our last contractual activity with you, but at least 10 years following the end of the contract. This period may be longer insofar as this is necessary for verification purposes or for compliance with statutory or contractual requirements or for technical reasons.
- Behavioral and preference data: Depending on the relationship we have with you, we try to get to know you and better target our products, services, and features to you. To do so, we collect and use data relating to your behavior and preferences. We do this by analyzing data relating to your behavior in our domain, and we may also supplement this data with data from third parties – including from publicly accessible sources. On the basis of this we can, for instance, calculate the probability of you using certain services or behaving in a certain way. Some of the data we process for this is already known to us (e.g. if you use our services), or we obtain this data by logging your behavior (e.g. how you navigate our website). We anonymize or delete this data once it is no longer relevant for our purposes, which may be the case anywhere from 2-3 weeks to 24 months depending on the type of data (in the case of product and service preferences). This period may be longer insofar as this is necessary for verification purposes or for compliance with statutory or contractual requirements or for technical reasons. Section 12 provides more detail regarding how tracking works on our website.
- Application data: If you apply for a position within our company, we will receive information about you from you or third parties that advertise positions on our behalf. This includes contact details (e.g. name, address, date of birth, marital status, etc.), information you have disclosed to us in the selection process, as well as other information relating to your professional and academic qualifications. We may process other information about you provided to us by third parties (e.g. information from official registers, references, as well as information from public and professional networks). Insofar as you have given us your consent, we will use your personal data to contact you regarding any future job advertisements, provided that we have a legitimate interest in the retention of your data or for as long as the retention is prescribed or permitted under the applicable law. Unless an employment contract has been concluded with you, your personal data will be deleted within no more than six months.
- Other data: There are other situations in which we collect data from you too. For instance, we obtain data (such as files, evidence, etc.) which may refer to you in connection with official or court proceedings. We may also collect data for health and safety reasons (e.g. as part of safety plans). We may receive or produce photos, videos, and audio recordings in which you may be recognizable (e.g. at events, via security cameras, etc.). We may also record data on who accesses certain buildings at what time or who has corresponding access rights (including for access controls, based on registration data or visitor lists, etc.), who takes part in events or campaigns at what time, or who uses our infrastructure and systems at what time. The period for which this data is retained varies depending on the respective purpose and is limited to what is strictly necessary. This ranges from a few days right through to a few years or longer when it comes to reports on events with pictures.
Much of the data referred to here (Section 4) is provided to us by you (e.g. via forms, in the course of communications with us, in connection with contracts, when using the website, etc.). You are under no obligation to do so, subject to specific cases, e.g. in the context of binding security concepts (statutory obligations). If you wish to conclude contracts with us or use our services, in line with your contractual obligation under the relevant contract you must furthermore provide us with data, in particular master, contractual, and registration data. The processing of technical data is unavoidable when using our website. If you wish to gain access to certain systems or buildings, you must provide us with registration data.
Insofar as is permitted, we also obtain data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial register, the press or online, including social media) or receive such information from other companies within the Rychiger Group, from authorities, and other third parties.
We process your data for purposes we will explain in the following. For more information relating to online activities, see Sections 13, 14, and 15. These purposes and/or the objectives underlying these constitute legitimate interests on the part of ourselves and any potential third parties. See Section 6 for further details regarding the legal bases for our processing.
We process your data for purposes associated with communicating with you, specifically answering inquiries and asserting your rights (Section 12) and contacting you in the event of any queries. We primarily use communication data and master data for this. We retain this data to document our communications with you, for training purposes, for quality assurances, and for queries.
We process data for the initiation, management, and processing of contractual relations.
We process data for marketing purposes and to maintain relationships, e.g. to send our customers and other contractual partners personalized advertising for our own products and services and those of third parties. This may take place in the form of newsletters and other regular methods of contact (electronic, by mail, by phone), via other channels for which we have contact information for you, but also in the course of individual marketing campaigns (e.g. events, competitions, etc.) and may also include free services (e.g. invitations, vouchers, etc.). You may reject such means of contact at any time (see the end of this Section 5) or refuse or revoke consent to being contacted for advertising purposes. With your consent, we can target our online advertising more appropriately to you (see Section 13).
We also process your data for market research, to improve our services and our business, and product development.
We may also process your data for security purposes and for access control.
We process personal data to ensure compliance with laws, directives, and recommendations issued by administrative bodies and internal regulations.
We also process data for the purposes of risk management and as part of a circumspect approach to corporate governance, including business organization and corporate development.
We process your data to allow us to assess whether you are qualified for the position you have applied for.
We may process your data for other purposes, e.g. as part of our internal processes and administration or for training and quality assurance purposes.
Where we ask for your consent for certain data processing, we will inform you separately of the relevant processing purpose. You may revoke consent at any time with effect for the future in writing (by mail) or, unless otherwise indicated or agreed, via email. You can find our contact information in Section 2. See Section 13 for how to revoke your consent for online tracking. If you have a user account, you can revoke consent or contact us via the relevant website or other service if necessary. Once we have received your message revoking your consent, we will cease to process your data for the purposes you originally consented to, unless we have another legal basis for this. Revoking your consent will not impact the legality of the processing carried out on the basis of this consent up to the point of revocation.
Where we do not ask for your consent for processing, said processing of your personal data is performed based on our need for such processing to initiate or perform a contract with you (or the entity representing you) or a legitimate interest on our part or that of a third party specifically in pursuing the purposes outlined above in Section 5 and the associated objectives and being able to take corresponding measures. Our legitimate interests also include compliance with statutory regulations, insofar as these are not already recognized as a legal basis under the respective applicable data protection legislation anyway (e.g. in the case of the GDPR, the law in the EEA, and in Switzerland).
If we receive sensitive data (e.g. data relating to health, details of political, religious or ideological views, or biometric identification data), we may also process your data on the basis of other legal grounds, e.g. in the event of disputes based on the need for said processing for any legal proceedings or the enforcement of defense of legal claims. Other legal grounds may apply in certain cases. We will inform you of this separately where necessary.
We transmit your personal data to third parties in connection with our contracts, website, our products and services, our legal obligations, and to protect our legitimate interests and the additional purposes listed in Section 5, specifically to the following categories of recipient:
- Service providers: We work with service providers in Switzerland and internationally that process data relating to you on our behalf or in conjunction with us or that have received data relating to you from us on their own responsibility (e.g. IT providers, shipping companies, advertising service providers, login service providers, banks, insurance companies, debt collection companies, credit agencies, or address verifiers).
- Contractual partners including customers: This refers in the first instance to customers and other contractual partners of ours because data transmission is implicit in these contracts. If you act on behalf of any such contractual partner yourself, we may also transmit data relating to you in this context. The recipients include other contractual partners with whom we cooperate.
- Regulatory authorities: We may share personal data with administrative bodies, courts, and other regulatory authorities in Switzerland and internationally where we are legally obliged or entitled to do so or we deem this necessary to protect our legitimate interests. The regulatory authorities are responsible for processing the data relating to you they receive from us.
- Group companies: We may transmit your personal data to other firms within the Rychiger Group.
- Other individuals: This is in reference to other cases where third parties are enlisted for the purposes outlined in Section 5.
All of these categories of recipients may themselves enlist third parties, meaning your data will be accessible to these, too. We can restrict processing by certain third parties (e.g. IT providers), but not of others (e.g. regulatory authorities, banks, etc.).
Otherwise (e.g. during an application process), only those individuals who need to process the data based on their role have access internally to your personal data.
Our website is hosted by ongoing GmbH, 6312 Steinhausen. In order to optimize and maintain our website, we log any technical errors which occur when users access our website. Furthermore, the following data, which is transmitted by the browser of your device, is registered automatically when using our website:
- IP address
- Date and time of query
- Pages, files, and data accessed
- Status code (e.g. 404)
- The website from which our website was accessed
- Top-level domain (e.g. “.com”)
- Web browser used, version, language
- Device operating system used
- The transmission protocol used (e.g. HTTP/2)
This data is collected and stored to optimize processes and sequences, particularly those in connection with the use of our website, e.g. the security and stability of the computer system, in accordance with Section 5.
As explained in Section 7, we also share your data with other recipients. Not all of these are located in Switzerland. As such, your data could be sent to Europe or the USA and, in exceptional cases, to any other country worldwide.
If a recipient is located in a country without adequate data protection legislation, we contractually bind the recipient to compliance with the applicable data protection legislation (for this we use the revised standard contractual clauses of the European Commission which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), provided they are not already subject to a regulatory framework recognized by law and we cannot apply an exemption clause. Exceptions apply chiefly to legal proceedings overseas, but also in cases of overriding public interest, or if the performance of a contract requires any such disclosure, if you have given your consent, or if it is data which has been made generally accessible, the processing of which you have not objected to.
Please note that data exchanged online is often routed via third states. This means your data can end up overseas even if the sender and recipient are located in the same country.
We generally delete your personal data as soon as it is no longer necessary to fulfill the purpose for which it was collected, unless a longer retention period is necessary to fulfill statutory obligations (e.g. retention and documentation obligations), contractual, or pre-contractual obligations, or our legitimate business interests (e.g. for the assertion, exercise, or defense of legal claims). You can find out more about the storage duration for your data in Section 4 of this privacy statement.
We take appropriate technical and organizational measures (“TOMs”) to maintain the confidentiality, integrity, and availability of your personal data, to protect it against unauthorized or unlawful processing, and to counteract the risks of loss, accidental alteration, unwanted disclosure, or unauthorized access.
Such measures include, for example, the encryption and pseudonymization of data, logging, access restrictions, the storage of backup copies, instructions for our employees, confidentiality agreements, and controls. We also require our contract processors to take appropriate TOMs. However, security risks cannot be ruled out entirely and certain residual risks are unavoidable.
We do not use profiling and do not process any data for automated decision-making. This excludes profiling for the purposes of direct marketing, with any processing in this context performed on the basis of our legitimate interest as defined under Section 6.
The applicable data protection law grants you the right, in certain circumstances, to object to the processing of your data, in particular for the purposes of direct marketing, profiling for direct marketing purposes, and other legitimate interests in the processing.
To make it easier for you to control the processing of your personal data, you also have the following rights in connection with our data processing activities, depending on the applicable data protection law:
- The right to receive information from us as to whether and which of your data we process;
- The right to have us correct your data if it is incorrect;
- The right to request that your data be deleted;
- The right to request that we issue certain personal data in a standard electronic format or that we transmit it to another data controller;
- The right to revoke consent where our processing activities are based on your consent;
- The right to demand any additional information necessary to exercise these rights.
If you wish to exercise any of the above rights vis-à-vis us, please contact us in writing or by email. You can find the relevant contact details in Section 2 of this privacy statement. In order for us to be able to rule out misuse, we need to identify you (e.g. with a copy of your ID, if this is not otherwise possible).
You also have these rights vis-à-vis other entities that work with us on their own responsibility. Please contact them directly if you wish to exercise your rights in connection with their processing. You can find information on our key cooperation partners and service providers in Section 7, and further information in Section 13.
Please note that these rights are subject to requirements, exceptions, or limitations under the applicable data protection law (e.g. to protect third parties or trade secrets). We will inform you accordingly if necessary.
If you do not agree with our administration of your rights or privacy, please let us know. You are also entitled to file a complaint with your country’s data protection regulatory authority, particularly if you are located in the EEA, the UK, or Switzerland.
You can find a list of the regulatory authorities in the EEA here:
You can reach the UK’s regulatory authority here:
You can reach the Swiss regulatory authority here:
On our website we use various different kinds of technology that allow us and third parties enlisted by us to recognize you every time you use our website and, under certain circumstances, track you over several visits. We provide you with information regarding this in this section.
This is essentially so we can differentiate your accesses (via your system) from those of other users so we can guarantee the functionality of the website, run analyses, and personalize your experience. The intention here is not to discover your identity, even if we can do so where we or third parties enlisted by us can identify you by combining registration data. Even without registration data, the forms of technology used are designed to recognize you as an individual user on every page visit. For instance, our server (or third-party servers) might assign you or your browser a specific identification number (referred to as a “cookie”).
We use these technologies on our website and permit certain third parties to do so too. You can program your browser to block, deceive, or delete certain cookies or alternative technologies. You can also enhance your browser with software that blocks tracking by certain third parties. You can find out more on your browser’s help pages (usually under the heading “Privacy”) or on the websites of the third parties we have listed below.
A distinction is made between the following cookies:
- Necessary and functional cookies: Some cookies are necessary for the functioning of the website itself or for certain features. For example, they enable you to switch between pages without losing any information entered in a form. They also make sure that you stay logged in. These cookies are only temporary (“session cookies”). Other cookies are necessary so that the server can store decisions or inputs made by you beyond a session (i.e. a visit to the website) if you use this feature (e.g. selected language, consent given, the automatic login function, etc.). These cookies can take anywhere up to 24 months to expire.
We currently use services provided by the following service providers and advertising contractors (insofar as they use your data or cookies set by your browser to manage advertising):
We currently use the following plugins and tools on our website:
We may run pages and other online presences on social networks and other platforms operated by third parties (fan pages, channels, profiles, etc.) and use the personal data outlined in Section 4 and below. We receive this data from you and the platforms when you come into contact with us through our online presence (e.g. when you communicate with us, comment on our content, or visit our website). At the same time, the platforms analyze your use of our online presences and link this data with other data about you held by the platforms (e.g. regarding your behavior and preferences). They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalize advertising) and to manage their platforms (e.g. what content they show you).
We process this data for the purposes set out in Section 5, specifically for communication, for marketing purposes (including advertising on these platforms, see Section 13), and for market research. For information on the relevant legal bases, see Section 6. Content published by you (e.g. comments on an announcement) may be redistributed by us ourselves (e.g. in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or to you in accordance with the Acceptable Use Policy (e.g. inappropriate comments).
For further information on the processing activities of the operators of the platforms, please refer to the platforms’ privacy policies. These policies also provide information regarding the countries in which your data is processed, which rights of information, deletion, and other data subject rights you have, and how you can exercise these or obtain further information. We currently use the following platforms:
We can amend this privacy statement at any time without providing prior notice because it does not form part of a contract with you. The current version published on our website is the valid version.
Most recent update: November 22, 2023