Privacy policy

Information on the handling of personal data

We are delighted that you are interested in our website - and therefore in our company. The protection of your private rights and freedoms is important to us. We only use your data for the purposes intended. As it is important to us that you know at all times to what extent we collect, use and, if necessary, transfer your data to third parties, we will inform you in detail below about the processing of your personal data collected by us or stored by us.

Visiting our website is generally possible without providing (personal) data. If there are any exceptions to this for selected services, we will explain these in the following sections. When processing personal data, we strictly adhere to the provisions of the EU General Data Protection Regulation (GDPR) and any other data protection regulations.

Name and address of the controller

SIGA Services AG

Rütmattstrasse 7
6017 Ruswil
Switzerland

Phone: +41 41 499 69 69
E-mail: webmaster@siga.swiss
Website: https://siga.swiss

Name and address of the data protection officer

Jörg ter Beek
Cortina Consult GmbH
Hafenweg 24
48155 Münster
Germany

Data protection team for general data protection inquiries:
Team e-mail: dsb.siga@cortina-consult.de
Website: https://cortina-consult.com/

Actuality of the privacy policy

To ensure that we always have up-to-date data protection information in connection with the services of our website, we use the CLOUD DSE service of Cortina Consult GmbH, Hafenweg 24 in 48155 Münster. In this process, the contents of our privacy policy are hosted on the servers at Cortina Consult and managed centrally. Necessary changes are implemented promptly by Cortina Consult and immediately displayed via direct integration on our website.

Rights of data subjects

Chapter III of the EU General Data Protection Regulation (GDPR) provides for extensive rights for data subjects, which we explain to you below in relation to the processing of your personal data:

Right to information

This requirement concerns in particular information on the following details of data processing:

  • Processing purposes
  • Data categories
  • Recipients or categories of recipients, if applicable
  • If applicable, the planned storage duration or the criteria for determining this duration.
  • Note on the respective right of correction, deletion, restriction or objection
  • Existence of the right to complain to a supervisory authority
  • If applicable, origin of the data (if not collected from you)
  • If applicable, existence of automated decision-making including profiling, including meaningful information about the logic involved, the scope and the effects to be expected
  • If applicable, (planned) transfer to a third country or international organization
Right to rectification

We will correct any erroneous data immediately, provided that you inform us of the circumstance accordingly.

Right to erasure (right to be forgotten)

If the processing is no longer necessary and one of the following conditions is met:

  • Discontinuation of the purpose of processing
  • Withdrawal of their consent and absence of any other legal basis for processing
  • Objection to processing without an important reason to the contrary
  • Unlawful processing
  • Required to fulfill a legal obligation
  • Data collection was carried out in accordance with Art. 8 (1) GDPR
Right to restriction of processing

Provided that one of the following conditions is met:

  • You dispute the accuracy of your data (restriction can be made for the duration of the review on our side)
  • In the event of unlawful processing and if the data is not to be deleted, restriction of processing shall take the place of deletion
  • If the processing purposes cease to apply, at the same time you need your data for the assertion, exercise or defense of legal claims
  • After you have lodged an objection pursuant to Art. 21 (1) GDPR and for the duration of the examination as to whether our legitimate reasons outweigh yours.
Right to data portability

If it is technically possible and does not affect the rights and freedoms of other persons, we will - at your request - transfer your data to another recipient (responsible party).

Right to object

If we collect or have collected and process personal data from you (on the basis of Art. 6 (1) e or f or Art. 9 (2) a GDPR), you have the right to object to the data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, e.g. if we can demonstrate compelling interests worthy of protection for the processing that outweigh your interests or processing serves the assertion, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time. This also applies to profiling, insofar as it is related to such direct advertising. You also have the right to object to processing of your data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

Automated decisions in individual cases including profiling

If we collect or have collected and process personal data from you, you have the right not to be subject to any decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or you have expressly consented to the processing. In any case, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on our part, to express our own point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

For Germany

A list of the competent supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection or at the following link: https: //www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

General information on data processing on the website

The following information applies to data processing on our website in general. If there are exceptions or additions to this information, these are described in detail in the respective sections.

Information on data security

We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. In addition, we have implemented SSL encryption (SHA256) on our website to protect your data. However, despite regular checks, complete protection against all dangers is not possible.

Our legitimate interest

Our legitimate interest, as defined in Article 6 (1) f GDPR, is based on the performance of our business activities in order to maintain our ability to operate and secure the employment of our employees.

General deadlines for data deletion

After the purpose of storage has ceased, the retention periods are generally at least six or ten years. As a rule, data is deleted immediately in accordance with our deletion concept, provided that this does not conflict with any retention obligation, necessity for contract fulfillment or a legitimate interest.

Deletion or blocking of personal data

We store your personal data only for the period required to fulfill the specified purpose. After the purpose no longer applies and after expiration of any existing retention periods, your data will be deleted immediately. If deletion is not possible, the data will be blocked instead.

Collection of general data and information

As soon as you visit our website, our web server collects some general data and technical information - as shown in the table below:

Data collected

Purpose of the survey

browser types and versions usedcorrect display of the page content
Operating system used, visitor origin (referrer, e.g. Google), subpages clicked onOptimization of our website content as well as our advertising
Date and time of access to the website as well as IP address and internet service provider of the visitorEnsuring the permanent functionality of our IT systems (for the operation of the website) and prevention of misuse

Other data and information for security in the event of attacks

Providing relevant information to law enforcement agencies in the event of a cyberattack

Obligation to provide personal data

Under certain circumstances (e.g. due to legal or contractual regulations), an obligation arises for you to provide us with your personal data. Examples of such processing as follows:

Nature or purpose of the processing

Need

Conclusion of a sales contract (e.g. your address)Fulfillment of the contractual obligation (e.g. delivery of the goods to your address)
In the employee context (e.g. transmission of data to the tax office)Compliance with legal requirements (e.g. tax regulations)
Cookies

We use so-called cookies on our website on the basis of legitimate interest. These are small text files that are stored on your terminal device with the help of the browser. When you call up a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. By means of a cookie, the information and offers on our website can be optimized in your sense. Cookies allow us to recognize visitors. The purpose of this recognition is to facilitate your use of our website. We use temporary cookies. These are automatically deleted when you close the browser. These include, in particular, session cookies. They store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to the website. We use this type of cookies to ensure the operation and functionality of our website.

In addition, we use session-spanning cookies. These remain on your hard drive beyond the session. Thanks to these cookies in particular, we can make our offer more user-friendly.

Preference cookies allow a website to remember information that affects the way a website behaves or looks, such as your preferred language or the region you are in.

You can view and delete the cookies stored on your computer and configure the handling of cookies in general via the settings of your browser. You can obtain further information on this from the manufacturer or in the help function of your Internet browser. However, deactivating cookies may mean that you cannot use all the functions of our portal.

You can use the following links to find out about this option for the most commonly used browsers:
BrowserURL
Edgehttps://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
Google Chromehttps://safety.google/intl/en/chrome/
Safarihttps://www.apple.com/legal/privacy/en-ww/
Operahttps://legal.opera.com/privacy/
Firefoxhttps://www.mozilla.org/en-US/privacy/

Information about specific data processing on the website

If necessary, in deviation from or in addition to the above general information, you will find below details on the individual data processing on our website.

Specific services
Facebook Connect
Purpose of processingThis is a single sign-on application service that allows users to log in to third-party websites using their Facebook account.
Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)United States of America

    Data transfer is based on the EU-U.S. Data Privacy Framework through which Meta Platforms, Inc. is certified.

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Profile information, browser information, user agent, usage data, profile picture, age, IP address, gender, geographic location, referrer URL, HTTP header, email address
    Change of purpose if necessarynone
    Fast Fonts
    Purpose of processingProvision of briefs
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, Massachusetts 01801, United States of America
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)United States of America
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Referrer URL, Customer ID, URL, IP address, User agent
    Change of purpose if necessarynone
    Data protection officer of the providerprivacy@monotype.com
    Privacy policy of the providerhttps://www.monotype.com/legal/privacy-policy
    Flockler
    Purpose of processingEmbedding social media content on websites
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Flockler Oy; Rautatienkatu 21 B, 33100 Tampere, Finland
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)none
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).IP address, referrer URL, user agent
    Change of purpose, if applicablenone
    Data protection officer of the providerprivacy@flockler.com
    Privacy policy of the providerhttps://flockler.com/privacy-policy
    Google Adsense
    Purpose of processingMarketing.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Google LLC, Google Ireland Limited, Alphabet Inc.
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)If applicable, transfer, storage and processing in the USA, Google LLC

    The data transfer is based on the EU-U.S. Data Privacy Framework via which Google LCC is certified.

    If known: Duration of data storageData are deleted as soon as they are no longer needed for the processing purposes.
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Ads viewed, click path, IP address, mouse movements, usage data.
    Change of purpose if necessarynone
    Google Analytics
    Purpose of processingCreation of usage profiles to optimize the cost-benefit factor on the website
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)If applicable, transfer, storage and processing in the USA, Google LLC

    The data transfer is based on the EU-U.S. Data Privacy Framework via which Google LCC is certified.

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject himself.
    If applicable, categories of pb data (if not collected directly from the data subject)which pages and functions are called up or clicked on during the website visit (click behavior), IP address assigned by the Internet service provider (ISP) in anonymized form, previously visited website (referrer), subpages visited, time spent on the website, frequency of visit, date, access location, time of visit, user agent
    Change of purpose if necessarynone
    Opt-OutInstallation of the browser plugin: https://tools.google.com/dlpage/gaoptout, See also under Cookies
    Data protection officer of the providerhttps://support.google.com/policies/contact/general_privacy_form
    Privacy policy of the providerhttps://policies.google.com/privacy?hl=en
    Google APIs
    Purpose of the processing of general data
    Data typePurpose of the survey
    Provision and improvement of functionalities on the website
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Safeguarding legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)If applicable, transmission, storage and processing in the USA, Google LLCThe data transfer is based on the EU-U.S. Data Privacy Framework via which Google LCC is certified.
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)The data may be transferred to Google LLC in the USA.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Change of purpose if necessarynone
    Google Fonts
    Purpose of processingUniform representation of the fonts
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)If applicable, transfer, storage and processing in the USA, Google LLC

    The data transfer is based on the EU-U.S. Data Privacy Framework via which Google LCC is certified.

    If known: Duration of data storageUnknown duration
    See General time limits for data deletion.
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).IP address, access time, access date
    Change of purpose if necessarynone
    Opt-OutUse a browser that does not support Google Fonts
    See also under Cookies
    Privacy info of the addinhttps://www.google.com/policies/privacy/
    Google Maps
    Purpose of processingProvision of maps.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Google Ireland Limited, Google LLC, Alphabet Inc, United States of America
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)If applicable, transfer, storage and processing in the USA, Google LLC

    The data transfer is based on the EU-U.S. Data Privacy Framework via which Google LCC is certified.

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).IP address, date and time of visit, location information, URL, usage data, search terms, geographic location, user agent
    Change of purpose if necessarynone
    Data protection officer of the providerhttps://support.google.com/policies/contact/general_privacy_form
    Privacy policy of the providerhttp://www.google.com/intl/de/policies/privacy/
    Google reCaptcha
    Purpose of processingBot protection, spam prevention, fraud detection
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)If applicable, transfer, storage and processing in the USA, Google LLC

    The data transfer is based on the EU-U.S. Data Privacy Framework via which Google LCC is certified.

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Screen resolution, browser language, browser plug-ins, click path, date and time of visit, IP address, user behavior, time spent on a page, user input, device information, mouse movements, geographic location, device operating system, user agent
    Change of purpose if necessarynone
    Data protection officer of the providerhttps://support.google.com/policies/contact/general_privacy_form
    Privacy policy of the providerhttps://policies.google.com/privacy?hl=en
    Google Tag Manager
    Purpose of processingSimplified management of the analysis tools through central control and management of the collected analysis mechanisms
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)If applicable, transfer, storage and processing in the USA, Google LLC

    The data transfer is based on the EU-U.S. Data Privacy Framework via which Google LCC is certified.

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).Which pages and functions are called up or clicked on during the website visit (click behavior), IP address assigned by the Internet service provider (ISP) in anonymized form, previously visited website (referrer), sub-pages visited, time spent on the website, frequency of visit, date, access location, time of visit
    Opt-OutSee also under cookies
    Data protection officer of the providerhttps://support.google.com/policies/contact/general_privacy_form
    Privacy policy of the providerhttps://policies.google.com/privacy?hl=en
    GStatic
    Purpose of processingImprove network performance for the end user when using versch. Google services
    Legal basis (according to Art. 6 / 9 GDPR)
  • Safeguarding legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)Google LLC; 1600 Amphitheatre Parkway, Mountain View, CA 93043-1351, United States of America
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)United States of America, Google LLC

    Data transfer is based on the EU-U.S. Data Privacy Framework through which Google LLC is certified.

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Privacy info of the addinhttps://www.google.com/policies/privacy/
    Change of purpose, if applicablenone
    Hootsuite
    Purpose of the processing of general data
    Data typePurpose of the survey
    Plan, create and publish social media content on various platforms to promote online presence and engagement.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Hootsuite Inc, 111 East 5th Avenue, Vancouver, BC, V5T 4L1, CanadaPrivacy Policy: https://www.hootsuite.com/de/legal/privacy
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Change of purpose if necessarynone
    Hotjar
    Purpose of processingCreation of usage profiles to optimize the website with regard to the cost-benefit factor
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).Date and time of visit, Device type, Geographic location, IP address, Mouse movements, Pages visited, Referrer URL, Screen resolution, Own device identifier, Language information, Device operating system, Browser type, Clicks, Domain name, Own user ID, User agent.
    Change of purpose, if applicablenone
    Opt-OutSee under cookies and https://www.hotjar.com/legal/compliance/opt-out
    Data protection officer of the providerdpo@hotjar.com
    Privacy policy of the providerhttps://www.hotjar.com/legal/policies/privacy
    Instagram
    Purpose of processingDisplay Instagram content, retargeting or marketing.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Meta Platforms Ireland Limited, Meta Platforms Inc, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Meta Platforms Ireland Limited, Meta Platforms Inc., Worldwide

    Data transfer is based on the EU-U.S. Data Privacy Framework through which Meta Platforms, Inc. is certified.

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Device information, interactions with the embed, IP address, referrer URL, user agent.
    Change of purpose, if applicablenone
    Data protection officer of the providerhttps://www.facebook.com/help/contact/540977946302970
    Privacy policy of the providerhttps://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect
    jQuery
    Purpose of processingProvision of content or JavaScript
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)OpenJS Foundation, 1 Letterman Drive, Building D, Suite D4700, San Francisco, CA 94129, United States of America, https://openjsf.org/wp-content/uploads/sites/84/2019/11/OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)United States of America
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation
    Consequences of non-compliance (in case of failure to provide the required data)Not all functions of the website may be accessible without barriers.
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Log file data, IP address, user agent, access time
    Change of purpose if necessarynone
    LinkedIn Ads
    Purpose of processingWebsite optimization, advertising
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)LinkedIn Ireland Unlimited Company, LinkedIn Inc
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)LinkedIn, California, USA
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).none
    Privacy info of the addinhttps://www.linkedin.com/legal/cookie_policy
    Change of purpose, if applicablenone
    Mailchimp
    Purpose of processingProvision of information in the form of electronic circulars
    Legal basis (according to Art. 6 / 9 GDPR)Informed consent (Art. 6 para. 1 lit. a DSGVO)
    Recipient (if applicable)The Rocket Science Group LLC; 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308, United States of America
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)United States of America, The Rocket Science Group LLC, Intuit

    Data transfer is based on the EU-U.S. Data Privacy Framework through which Intuit and The Rocket Science Group LLC are certified.

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data. Newsletters are sent exclusively after registration via a double opt-in procedure (voluntarily given and revocable informed consent pursuant to Article 6 (1) a DSGVO) or after a purchase contract has been successfully concluded and the e-mail address has been collected in this process (pursuant to Section 7 (3) UWG).
    Consequences of non-compliance (in case of failure to provide the required data)Non-compliance (i.e. not providing the required data) would result in the newsletter not being delivered to you.
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).E-mail address, time of registration
    Change of purpose, if applicablenone
    Newsletter trackingOur newsletters contain so-called tracking pixels, which are 1x1 pixel graphics that we embed in our HTML-formatted emails. This graphic is loaded by our web server, which registers the number of downloads. We use this technique for statistical purposes to measure the reach and success of our newsletter campaigns and to best tailor our content to your interests. This data is not passed on to third parties. You can object to the use of this technology at any time by, for example, preventing the download of graphics from the Internet within your mail program or the receipt of HTML e-mails. When you unsubscribe from our newsletter, the data assigned to the respective e-mail address, if any, will be automatically deleted.
    Data protection officer of the providerprivacy@mailchimp.com
    Privacy policy of the providerhttps://mailchimp.com/legal/privacy/
    MaxMind
    Microsoft Azure
    Purpose of processingFunctionality, optimization
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Microsoft Corporation One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)United States of America, Microsoft Corporation

    Data transfer is based on the EU-U.S. Data Privacy Framework through which Microsoft Corporation is certified.

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).IP address, date and time of visit, user agent, referrer URL
    Change of purpose if necessarynone
    Microsoft Dynamics 365
    Purpose of processingThis is a customer relationship management (CRM) software. It is used for the following purposes: Advertising, Legal Compliance, Personalization, Customer Management, Development, Service Improvement, Service Delivery, Troubleshooting, Analytics.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Microsoft Ireland Operations Limited; One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)United States of America, Microsoft Corporation

    Data transfer is based on the EU-U.S. Data Privacy Framework through which Microsoft Corporation is certified.

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).IP address, user agent, device information, user details if applicable (e.g. within contact forms).
    Change of purpose if necessarynone
    Data protection officer of the providerhttps://www.microsoft.com/en-GB/concern/privacy
    Privacy policy of the providerhttps://privacy.microsoft.com/de-de/privacystatement
    Microsoft PowerBI
    Purpose of processingAnalysis, marketing, optimization, provision of services
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Microsoft CorporationOne Microsoft WayRedmond, WA 98052-6399USA
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)United States of America, Microsoft Corporation

    Data transfer is based on the EU-U.S. Data Privacy Framework through which Microsoft Corporation is certified.

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Browser type, device operating system, device type, visit duration, geographic location, Internet service provider, IP address, timestamp
    Change of purpose if necessarynone
    Microsoft Teams (online meetings)

    You have the option of registering for online meetings on our homepage. The mandatory information required for the organization of online meetings is marked separately. Other information is voluntary. SIGA will use your information to plan the online meetings and to contact you accordingly. As part of the organization of the online meetings, you will receive an appointment invitation from us to the e-mail address provided.

    We use the tool "Microsoft Teams" to conduct telephone conferences, online meetings, video conferences and/or online seminars (hereinafter: "Online Meetings"). "Microsoft Teams" is a service provided by Microsoft Corporation, which is headquartered in the United States. When using "Microsoft Teams", various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an "online meeting":

    User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional),
    department (optional)
    Meeting metadata: Topic, description (optional), attendee IP addresses, device/hardware information.

    For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.

    Fordial-in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

    Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Microsoft Teams" applications.

    In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name. If we want to record "online meetings", we will transparently inform you in advance and ask for your consent. The fact of recording will also be displayed to you in the "Microsoft Teams" app. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will generally not be the case.

    For purposes of recording and following up on online meetings, we may also process questions asked by meeting participants. Automated decision-making within the meaning of Art. 22 DSGVO is not used. You can view the privacy policy of "Microsoft Teams" here.(https://privacy.microsoft.com/de-de/privacystatement).

    Oribi
    Purpose of processingTechnical support, optimization, analytics, website security, operations, development
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Oribi Ltd, 33 HaBarzel Street, Tel Aviv, 6971049, Israel.Amazon.com, Inc
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)United States of America, Israel
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the data, the described data processing cannot take place.
    Consequences of non-compliance (in case of failure to provide the required data)Without the data, the described data processing cannot take place.
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Browser information, usage data, caller URL, number of visits, geographic location, IP address
    Change of purpose if necessarynone
    Privacy policy of the add-inhttps://oribi.io/privacy
    Data protection officer of the add-inprivacy@oribi.io
    Protel (Hotel bookings SIGA Guesthouse)
    Purpose of the processing of general data
    Data typePurpose of the survey
    Personal master dataMaking hotel reservations, managing guest reservations and providing hotel services.
    Purpose of the processing of special categories of personal data
    Data typePurpose of the survey
    NationalityMaking hotel reservations, managing guest reservations and providing hotel services.
    AllergiesMaking hotel reservations, managing guest reservations and providing hotel services.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Recipient (if applicable)ggfs. protel hotelsoftware GmbH, Europaplatz 8, 44269 Dortmund, GermanyPrivacy policy: https://www.protel.net/de/rechtlich/privacy-policy/
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe provision of personal data in connection with the hotel booking is usually necessary to complete the booking process and fulfill the contract.
    Consequences of non-compliance (in case of failure to provide the required data)If the required data is not provided, SIGA may not be able to make a booking or manage reservations.
    If applicable, existence of an automated decision-making processA purely automatic decision-making process takes place.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Change of purpose if necessarynone
    X (formerly Twitter)
    Purpose of processingThis service is used to display posts from X (formerly Twitter).
    Recipient (if applicable)Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, IrelandX Corp, California, United States
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)If applicable, forwarding, processing and storage in the USA, X Corp.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Which pages and functions are called up or clicked on during the website visit (click behavior), IP address assigned by the Internet service provider (ISP), time spent on the website, all information shared on Twitter, user agent, browser type, referrer URL, URL.
    Change of purpose if necessarynone
    Data protection officer of the providerhttps://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp
    Privacy policy of the providerhttps://twitter.com/de/privacy
    Xing
    Purpose of processingThis service is used to display posts from Xing.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 lit. a DSGVO)
  • Recipient (if applicable)Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)none
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).IP address, timestamp, interactions with the embed, user agent, browser type, referrer URL, URL.
    Change of purpose if necessarynone
    Data protection officer of the providerDatenschutzbeauftragter@xing.com
    Privacy policy of the providerhttps://privacy.xing.com/en/privacy-policy
    YouTube videos
    Purpose of processingThis is a video player service from Google.
    Legal basis (according to Art. 6 / 9 DSGVO)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Alphabet Inc, Google LLC, Google Ireland Limited
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)If applicable, transfer, storage and processing in the USA, Google LLC

    The data transfer is based on the EU-U.S. Data Privacy Framework via which Google LCC is certified.

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Change of purpose if necessarynone

    Scope and purpose of the collection, processing and use of personal data

    Personal data is "information relating to an identified or identifiable natural person". Online identifiers, such as IP addresses, may be considered personal data unless they are specifically anonymized. We process your personal data for the following purposes:

    Visit the website

    When you visit our website, our servers temporarily store the following data in a log file, the so-called server log files:

    • IP address of the requesting computer
    • Date and time of access/retrieval
    • Name and URL of the retrieved data
    • Your computer\'s operating system and the browser you are using
    • Country from which our website is accessed
    • Name of your internet access provider
    • Time zone difference to Greenwich Mean Time (GMT)
    • Content of the request (specific page)
    • Access status/HTTP status code
    • Amount of data transferred in each case
    • last visited website
    • Browser settings
    • Language and version of the browser software
    • Activated browser plugins

    We have a legitimate interest in the temporary storage of your personal data and log files. This legitimate interest exists in order to

    • deliver the content of our website correctly
    • to optimize the content of our website and the advertising for it
    • to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack
    • to further improve our offer and our website
    • to collect statistical data
    • process orders in our online store

    Newsletter

    If you would like to subscribe to our newsletter, we need your e-mail address. For the processing of your data after registration for the newsletter, it is our legitimate interest to provide existing business customers (business-to-business) with information and advertising about our products.

    We use the so-called double opt-in procedure for newsletter registration. This means that after you have entered your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. Confirmation takes place by clicking on an activation link contained in the confirmation e-mail.

    The newsletter is sent via "MailChimp". Further information on data processing with MailChimp can be found under "Specific services" in the section "Information on specific data processing on the website".

    Contact us

    On our website, you have the option of contacting us via a contact form and/or by e-mail. Which data is collected in the case of a contact form can be seen from the relevant contact form

    This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration.

    Our and your legitimate interest lies in responding to your request. If the purpose of the contact is to fulfill a contract to which you are a party or as an inquiry in the context of pre-contractual measures, this is an additional legal basis for the processing of your personal data.

    You can object to this data processing at any time. Please send your request to object to the following e-mail address webmaster@siga.swiss

    Use for advertising purposes

    We also use your personal data on the basis of our legitimate interest for the following purposes:

    • to constantly improve your shopping experience and make it customer-friendly and individualized for you
    • to communicate with you about your orders
    • and existing business customers (business-to-business) to communicate occasionally about specific products or marketing campaigns for which we need your e-mail address
    • and to recommend products or services that may be of interest to you

    As a data subject, you have the right to object to or unsubscribe from our direct marketing at any time: webmaster@siga.swiss

    Online meeting

    You have the option of registering for online meetings on our homepage. The mandatory information required for the organization of online meetings is marked separately. Further information is voluntary.

    SIGA will use your details to plan the organization of the online meetings and to contact you accordingly. As part of the organization of the online meetings, you will receive an appointment invitation from us to the e-mail address provided.

    We use Microsoft Teams to conduct online meetings. With regard to data processing by Microsoft Teams, please refer to the corresponding entry under "Specific services" in the section "Information on specific data processing on the website".

    Online store

    General information

    If you wish to use the services of our online store store.siga.swiss, it is necessary for you to provide us with the data required to process the order. The mandatory information required for processing the contract is marked separately. Further information is voluntary.

    As part of order processing, the service providers we use receive the necessary data for order and order processing. This data also includes your e-mail address and telephone number, e.g. in order to be able to arrange an individual delivery date with you. You can find more information on data protection with these providers on their websites.

    Setting up a customer account

    When you open a customer account, you receive password-protected direct access to your inventory data stored with us (e.g. name and address). In the customer account, you can view data on your completed, open and recently shipped orders, among other things.

    We require your correct name, address and payment details in order to process your order. We need your e-mail address so that we can confirm receipt of your order and its dispatch and generally so that we can communicate with you. We also use your e-mail address to identify you (as your login name) when you log in to your customer account.

    We require your correct name, address and payment details in order to process your order. We need your e-mail address so that we can confirm receipt of your order and its dispatch and generally so that we can communicate with you. We also use your e-mail address to identify you (as your login name) when you log in to your customer account.

    Use of the customer account

    You can use your customer account to log in to our online store. If you do not log out of your customer account, you will automatically remain logged in on the device you are using for a certain period of time. This function allows you to access the online store more quickly

    If you create a customer account or revise data you have already entered, the data you have entered will be saved in your account settings and can be used for further orders without having to be entered again.

    Your personal data is used for the purpose of processing your order if you have created a customer account in our online store, and also to facilitate further orders. To prevent unauthorized access to your personal data by third parties, the order process is encrypted using TLS technology.

    We store the IP address and the time of the respective user action as part of the registration and renewed logins as well as the use of our online services. This data is stored on the basis of our legitimate interests and to protect against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so. We process usage data (e.g. the websites visited on our online offering, interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes in a user profile, e.g. to show you product information based on the services you have used so far.

    Online applications

    If you apply for a position with us, we will process your details in order to process your application. During the application process, your personal details, postal and contact addresses and the documents relating to your application, such as your letter of motivation, CV and references, are stored in the applicant database. Applicants can also voluntarily provide us with additional information. This data is only stored, evaluated, processed or forwarded internally as part of your application. The data may be processed for statistical purposes (e.g. reporting). It is not possible to draw conclusions about individual persons. By submitting your application to us, you consent to the processing of your data for the purposes of the application process

    Otherwise, your application data will be processed on our behalf by a host provider on the basis of contracts in accordance with Art. 28 GDPR.

    The legal basis for the processing of your personal data is the common interest in the processing of your application. If the processing of the application data serves the fulfillment of a contract to which you are a party or the implementation of pre-contractual measures, this is an additional legal basis.

    If we conclude an employment contract with you, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the application process ends without employment, your personal data will be stored for a further six months for documentation purposes and then deleted, unless you have given us your consent to use your details for further application processes with us.

    Notwithstanding the above, you have the option of having your electronic data deleted at any time. You can send your request for deletion to the person named as the contact person in the job advertisement or to hr@siga.swiss.