Privacy

Data Privacy Policy of Mechafin AG and Mechafin UK Ldt.
Chrummacherstr. 3, 8954 Geroldswil, Switzerland

The protection and security of personal data is one of our top priorities. We therefore strictly follow the rules of the DSG (CH) [Swiss Data Protection Law] and of the GDPR (EU) in their respectively most recent versions.

Please find information below about which categories of data are gathered and for what purpose, and we furthermore also about the tools that are used on our website. By using our website, you declare your consent to the gathering, processing and use of data as described below.

This Data Privacy Policy applies only to our website and its subpages. Our webpages may contain links to the websites of other providers, to which this policy does not apply. If you leave our websites via a link, it is recommended to read the data privacy policy of the respective website carefully.

Data transmission/data logging
During a visit to this website, the webserver automatically records logfiles, which cannot be attributed to any one definitive person. This data includes, e.g. the browser type and version, operating system used, referrer URL (webpage visited before), IP address of the requesting computer, access date and time of the server query and the file query of the client (file name and URL). This data is gathered and processed for the purposes of enabling the use of this website (establishing the connection), permanently assuring system security and stability, allowing us to optimise our online offer and to use the data for internal statistical purposes. This is our justified interest in the data processing pursuant to Art. 6 (1) lit. f) GDPR. Transmission to third parties for commercial or non-commercial purposes is ruled out and it does not take place.

Use of personal data
Personal data is gathered or processed only if you provide this information voluntarily, e.g. in the context of a request. If no required reasons

are given in connection with the processing of business, you can revoke the previously granted consent to the storing of your personal data at any time in writing (e.g. by email). Your data will not be passed on to third parties, unless a transmission is required on the basis of legal regulations.

Access to, change and deletion of your data
In accordance with applicable law, you can enquire with us at any time in writing whether and what personal data is stored about you. You will receive a corresponding response to this as soon as possible but certainly within the legally prescribed period, provided that you can identify yourself accordingly.

Contact by email: datenschutz@mechafin.ch

Or in writing to our company address:

Mechafin AG
Data Protection Officer
Chrummacherstr. 3
CH-8954 Geroldswil
Switzerland

Security of your data
Your personal data that is made available to us is secured by taking all technical and organisational safety measures so that it is not accessible to unauthorised third parties. In the transmission of very sensitive data or information, it is recommendable to send it through the post, as complete data security cannot always be guaranteed when using email.

Information that you entrust to us via the website is transmitted securely by means of modern internet technology and it is used exclusively for the designated purposes. We use a transmission method that is based on the SSL protocol (Secure Sockets Layer Protocol). The latter enables encryption of the complete data traffic between your browser and our server. Your data is thereby protected on the transmission path against manipulation and unauthorised accesses by third parties.

Changes to this Data Privacy Policy
We will update this policy on the protection of your personal data from time to time. You should read this policy occasionally to keep updated about how we protect your data and continuously improve the contents of our website. Should we make significant changes to the gathering, use and/or transfer of the personal data that you provide to us, we will point this out to you by means of a clear and well visible note on the website. By using the website, you declare your consent to the terms of this policy on the protection of personal data. If you have any questions about this Data Privacy Policy, please contact us via our contact page.

Your registration on our website
When registering for the use of our personalised services, some personal data is gathered, such as name, address, contact and communication details like the phone number and email address. If you have registered with us, you can access contents and services that we offer exclusively to registered users. Registered users furthermore have the possibility to edit or delete the data entered in the course of the registration at any time whenever necessary. Of course, we will also inform you at any time about the personal data that we have stored about you. We will also be happy to correct or delete this data on your request, unless legal retention obligations are opposed. To contact us in this context, please use the contact details specified at the end of this Data Privacy Policy.

Please note: Any password you may have set will be stored in encrypted form. No employee of our company can read it or is authorised to ask you your password over the phone or in writing.

Opening a customer account
To place orders in the online shop, you can order as a guest or you can open a customer account. During the registration for a customer account, we gather the following data: company name, salutation, first and last name, postal address, email address,

phone number (in case of queries), password. Please note: Any password you may have set will be stored in encrypted form. No employee of our company can read it or is authorised to ask you your password over the phone or in writing.

The data is gathered for the purpose of providing the customer with a password-protected direct access to his/her basic data that is stored with us. The customer can view his/her completed and open data there or manage or edit his/her personal data.

The legal basis for the processing of the data for this purpose is the consent given by you pursuant to Art. 6 (1) lit. a) EU GDPR.

Shopping at the online shop
If you would like to place orders in our online shop, we require the following data for the execution of the contract: first and last name, invoice address (and if different, delivery address), login data, i.e. email address and password (for registered customers). Please note: Any password you may have set will be stored in encrypted form. No employee of our company can read it or is authorised to ask you your password over the phone or in writing.

Unless noted otherwise in this Data Privacy Policy or you have given separate consent, we will use the aforementioned data exclusively to execute the contract, notably to process your orders, deliver the ordered products and ensure correct payment.

The legal basis for the data processing for this purpose is the fulfilment of a contact pursuant to Art. 6 (1) lit. b) EU GDPR.

Newsletter
When signing up to receive our newsletter, the data entered by you will be used exclusively for this purpose. Subscribers can also be informed by email about circumstances that are relevant for the service or subscription (for example, change of the newsletter offer or technical conditions).

For an effective subscription, we need a valid email address. To check that it was in fact by the owner of an email address who subscribed to the newsletter, we use the double opt-in procedure. For this purpose, we log the subscription of the newsletter, the sending of a confirmation email and the receipt of the reply requested in the confirmation email. No further data is gathered. The data is used exclusively for mailing the newsletter and it is not transmitted to third parties.

You can revoke the consent to the storing of your personal data and its use for mailing the newsletter at any time. To do so, a corresponding link is included in each newsletter. Furthermore, you can inform us at any time about your wish via the contact option specified at the end of this Data Privacy Policy.

Contact form
If you contact us by email or by means of the contact form, the information provided by you will be stored for the purposes of processing your enquiry and for potential follow-up questions.

Deletion or blocking data
We adhere to the principles of data avoidance and data economy. We therefore store your personal data only for as long, as this is required to reach the purposes specified herein or as prescribed according to the various storage periods that are mandated by law. When the respective purpose no longer applies or these periods have lapsed, the corresponding data will be routinely blocked or deleted in accordance with legal regulations.

Cookies
We use so-called “session cookies” on some of our webpages in order to make the use of our webpages easier for you. These are small text files that are saved on your hard drive only for the duration of your visit to our website and they will be deleted again, depending on the settings of your browser software, when you exit the browser.

 These cookies do not retrieve any information about you that is saved on your hard drive and they do not compromise your computer or data. Most browsers are configured to automatically accept cookies. You can, however, deactivate the storing of cookies or adjust your browser settings so that it will point out to you when cookies are sent. Deactivating cookies can entail that you will not be able to use all features of our website.

Social plug-ins
Social plug-ins of AddThis (Oracle) are used on our website. You can recognise the plug-ins by the relevant logo that designates them.

Through these plug-ins, information, which can also include personal data, is sent to the providers of the services, who might use it under certain circumstances. We prevent the unknown and unintentional gathering and transmission of data to the service provider by means of a 2-click solution. To activate a desired social plug-in, it must first be activated by a click on the relevant button. The gathering of information and its transmission to the service provider is triggered only by activation of the plug-in. We ourselves do not gather any personal data by means of the social plug-ins or through its use.

Integration of third-party services and contents
It can happen that contents of third parties, for example, videos of YouTube, map material of Google Maps, RSS feeds or graphics of other websites are integrated within our online offer. This always presupposes that the providers of these contents (hereinafter referred to as “External Providers”) recognise the user’s IP address. This is required because they cannot send contents to the browser of the respective user without the IP address.
The IP address is therefore required to display these contents. We work towards using only such contents of providers that respectively use the IP address merely to deliver the contents. However, we have no influence over whether the External Providers store the IP address, e.g. for statistical purposes. We inform the users of this if we know of it.

List of plug-ins
We have no influence over which data is gathered by an activated plug-in and how it is used by the provider. It must be assumed at this time that a direct connection to the services of the provider will be established and that at least the IP address and device-specific information is gathered and used. Likewise, there is the possibility that the service providers attempt to store cookies on the computer that is being used. Please find out from the data privacy policies of the respective service provider which data specifically is gathered in the process and how it is used. Note: If you are simultaneously signed in to Facebook, Facebook can identify you as a visitor of a certain website.

Google Tag Manager
We use Google Tag Manager, which is a function to embed tags in our website. It records the IP address and stores it for a short time when http requests are received so to be able to correct errors in the embedding.

Google Analytics
Google Analytics is an analysis tool that prepares data statistics about the usage of our website by the users. It sends information about pages called up and the users’ actions (e.g. the duration, sequence and URL of visits and page retrievals, the page from which the user was referred, and information about the used device, operating system, browser and settings and the approximate location) to the servers of Google. It uses cookies and similar tools, e.g. so-called tracking pixel to be able to recognise recurring visitors and to attribute various actions and visits across different devices and across sessions; this is done by means of anonymous attributes such as random identification numbers. No personal data is transmitted to Google; IP addresses that are used for the regional attribution are “masked” ahead of time for this purpose (truncated by certain digits). Google explains more details in its Privacy Policy. You can deactivate Google Analytics for your browser by means of an add-on.

Google Adwords Conversion
Google AdWords Conversions and Google DoubleClick Floodlight permit us to identify how clicks on ads or information on Google platforms effectively result in transactions and similar actions by users on our website. These functions use temporary cookies of Google and they do not process any personal user data. To prevent the application of these cookies, you can use the options provided by Google or adjust the corresponding browser settings.

Google Maps
This website uses the service Google Maps to display maps and create directions. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. By using this website, you declare your consent to the gathering, processing and use of your personal data that is gathered automatically by Google, one of its representatives or External Providers. Additional Terms of Use for Google Maps/Earth
Google Privacy Policy

Google Fonts
This website uses the service Google Fonts to display fonts. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. By using this website, you declare your consent to the gathering, processing and use of your personal data that is gathered automatically by Google, one of its representatives or External Providers. You can find more information about this in the Privacy Policy of Google.

YouTube videos
On some of our websites, we embed YouTube videos. Operator of the corresponding plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, a connection to servers of YouTube will be established. In the process, YouTube will be told which pages you are visiting. If you are logged in to your YouTube account, YouTube can attribute your browsing pattern to you personally. You can prevent this by logging out of your YouTube account.

If a YouTube video is started, the provider uses cookies that gather information on the user behaviour. Those who have deactivated the storing of cookies for the Google Ad program do not have to expect such cookies when viewing YouTube videos. YouTube, however, also stores impersonal usage information in other cookies. If you would like to prevent this, you have to block the storing of cookies in your browser. You can find more information about data privacy at YouTube in the provider’s data privacy policy at: https://www.google.de/intl/de/policies/privacy/

Adobe Typekit
This website uses the service Typekit to display fonts. The operator of this service is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. To provide the Typekit service, Adobe can gather information about the font types that are made available on the website. By using this website, you declare your consent to the gathering, processing and use of the data that is gathered automatically by Adobe. You can find more information about data privacy at Typekit in the provider’s data privacy policy at: https://www.adobe.com/privacy/policy.html
https://www.adobe.com/privacy/policies/typekit.html

AddThis (share feature)
This website uses the service AddThis. The AddThis tools permit us to let you share our news, photos, videos and other contents via browser or website plug-ins instantaneously by email or the known social networks (Facebook, Tumblr, Xing, Google Plus, Pinterest, WhatsApp or LinkedIn, Twitter) and other targets. The operator of this service is Oracle Company, 1900 Oracle Way, Reston, VA 20190, USA.

If you share contents via email, please note that you will be responsible for the sent email addresses. In the interest of the most comprehensive protection of your data possible, the buttons on our websites and in our apps are merely integrated as links to the corresponding services. This ensures that a data transfer to the respective operator of the social network does not take place without prior activation by you.

As soon as you click on a button without being logged in to the social network, the login mask of the clicked network will open in a new window. It will place a cookie on your hard drive at the same time. If you click the button for the social network as an already logged in user, this network will be able to attribute the visit to your user account at the social network. Pages of External Providers are operated exclusively by the latter. We have neither any influence on the data gathered or the data processing there nor do we know the full extent of the data gathering, purposes and storage periods. Please find information on the handling of your personal data when using these webpages in the respective privacy policies of the providers.

You can find more information about data privacy at AddThis in the provider’s data privacy policy at: http://www.addthis.com/privacy/privacy-policy
https://www.oracle.com/legal/privacy/privacy-policy.html

MailChimp
To create and mail newsletters, we use the service of MailChimp. The operator of this service is the Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.

MailChimp places pixel gifs, also known as web beacons, in the emails sent out via MailChimp. These are tiny graphics files that contain unique identifiers, which enable MailChimp to detect when a newsletter subscriber has opened a newsletter email or clicked on certain links. These technologies gather the subscriber’s email address, IP address, date and time that is linked for each campaign on each opening and clicking. By means of this data, MailChimp creates reports for Gimota about how an email campaign was conducted and which actions the subscribers have executed. You can find more information about data privacy at MailChimp in the provider’s data privacy policy at: https://mailchimp.com/legal/cookies/

Your rights of access, correction, blocking, deletion and objection
You have the right to receive information about your personal data that is stored with us. You also have the right to correction, blocking or deletion of your personal data, unless it is such data that must be stored mandatorily for the processing of business. To do so, please contact our Data Protection Officer.

Contact by email: datenschutz@mechafin.ch

Or in writing to our company address:

Mechafin AG
Data Protection Officer
Chrummacherstr. 3
8954 Geroldswil
Switzerland

So that a blocking of data can be considered at all times, the data must be kept in a blocking file for control purposes. You can also request the deletion of the data if no a statutory obligation for archiving applies. If there is such an obligation, we will block your data on request.

You can make changes or revoke a consent with effect for the future by sending a corresponding message to us.

Changes in our Data Privacy Policies
We reserve the right to adjust this Data Privacy Policy from time to time, so that it is always consistent with the current legal requirements or to implement changes to our services in the Data Privacy Policy, e.g. if new services are launched. The new Data Privacy Policy will then apply for your returning visit.

This Data Privacy Policy voids all previous policies. This version is a translation. In the event of a discrepancy between the original German version and the translation, the German version shall take precedence.

Geroldswil, 24 May 2018 / Mechafin AG