DATA PROTECTION IS A MATTER OF TRUST AND YOUR TRUST IS IMPORTANT TO US
Data protection, responsible person and data protection officer
In the following, we inform you about the collection of personal data when using our website and offers. Personal data is all data that can be personally related to you as a user of a website, e.g. name, address, e-mail addresses, user behavior. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, collection, deletion, storage, modification, destruction and use of personal data. This data protection statement informs you about the rights of persons whose personal data we process. The person responsible for the processing of your personal data through this website is
Epu Design GmbH, Seftigenstrasse 310, 3084 Wabern bei Bern, Tel. 079 849 45 73, E-Mail: email@example.com
You can reach our data protection officer at the e-mail address firstname.lastname@example.org of our postal address with the addition “The data protection officer”.
We process personal data in accordance with Swiss data protection law, such as in particular the Federal Data Protection Act (FADP) and the Ordinance to the Federal Data Protection Act (DPO).
Collection and storage of personal data as well as type and purpose of their use
When visiting the website
When you visit our website www.epudesign.com, information is automatically sent to the server of our website by the browser used on your end device. This information is temporarily stored in a so-called log file.
The following information is collected without your intervention, stored and automatically anonymized after 30 days:
- IP address of the requesting computer
- date and time of access
- name and URL of the file accessed
- the website from which the access was made (referrer URL)
- browser type and version as well as other information transmitted by the browser (such as the operating system of your computer, the name of your access provider, geographical origin, language setting, etc.)
The aforementioned data is processed by us for the following purposes:
- to enable the use of the website (connection establishment)
- to ensure a comfortable use of our website
- to ensure system security and stability on a permanent basis
- to enable the technical administration of the network infrastructure
- to enable the optimization of the internet offer
- for internal statistical purposes
Our legitimate interest follows from the data collection purposes listed above. The data collection is necessary in order to be able to provide our offer permanently, user-friendly, secure and reliable. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person. As a matter of principle, we only process personal data with the consent of the person concerned, unless the processing is permitted for other legal reasons, for example to fulfil a contract with the person concerned and for corresponding pre-contractual measures. Data subjects whose personal data we process have the rights under Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of the personal data processed.
Data subjects whose personal data we process have the right to lodge a complaint with a responsible supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner.
When using our contact form
If you have any questions, we offer you the possibility of contacting us via a form provided on the website. In doing so, it is necessary to provide a valid e-mail address and a message so that we know who the enquiry is from and that we can answer it. Further information can be provided voluntarily.
Contacting us / contact form
You have the possibility to contact us (e.g. via contact form, letter post, e-mail, telephone or via social media channels). If you contact us, your details will be processed in order to handle the contact request and its processing. Your details may be stored in our CRM customer relationship management system or comparable enquiry organization. The personal data that will be transmitted can be seen from the respective input mask that is used to contact you or from the additional data that you transmit to us. The personal data you enter will be collected and stored exclusively for internal use and for our own purposes. We may arrange for the data to be passed on to one or more order processors, who will also use the personal data exclusively for an internal use that is attributable to our use.
By registering on our website, we store the IP address assigned by the Internet service provider (ISP), the date as well as the time of registration. The data is stored because it is the only way to prevent misuse of our services and, if necessary, to enable us to investigate criminal offences that have been committed. In this respect, the storage of the data is necessary for our security. As a matter of principle, this data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution. The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
When you leave a comment or other post, we may store your IP address for 30 days. This is done for our security, in case someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author. The data provided in the context of comments and contributions will be permanently stored by us until you object.
With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.
We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the contents of the Newsletter are specifically described during registration, they are decisive for the consent of the user. Otherwise, our newsletters contain information about our services and us.
Double opt-in and logging
Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so no one can register with a foreign e-mail address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with the dispatch service provider are also logged.
To register for the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter your name so that we can address you personally in the newsletter.
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove consent previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.
Data processing by staff, infrastructure, software and tools
Our employees are trained and sensitized in data protection.
We use Office365 from Microsoft for the collection, processing and use of personal and non-personal data. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft is certified under the Privacy Shield agreement, thereby providing a guarantee of compliance with European data protection law. The “Privacy Shield” is an agreement between the European Union (EU) and the USA, or Switzerland and the USA, which guarantees compliance with European and Swiss data protection standards in the USA.
We use third-party services in order to be able to provide our offer in a permanent, user-friendly, secure and reliable manner. Such services are also used to embed content on our website. Such services – for example hosting and storage services, video services and payment services – require your Internet Protocol (IP) address, as such services cannot otherwise transmit the corresponding content. Such services may be located outside of Switzerland and the European Economic Area (EEA), provided that adequate data protection is guaranteed.
For your own security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our offer and from other sources – including cookies, log files and counting pixels – in aggregated, anonymized or pseudonymized form.
We also maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users to be able to inform them about our services there. We would like to point out that user data may be processed outside the European Union.
Furthermore, data may be stored in the user profiles irrespective of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them). For a detailed description of the respective processing and the options to object (opt-out), we refer to the information of the providers linked below. In the case of requests for information and the assertion of user rights, we would like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly.
Integration of third-party services and content (plugins)
Within our online offer, we use content or service offers from third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation and in the interest of an appealing presentation of our online offer) in order to integrate their content and services, such as videos or articles. Such integration always requires that the third-party providers of the content are aware of your IP address, as they cannot send the content to your browser without the IP address. The IP address is therefore required for the display of the content.
We endeavor to use content whose respective providers only use your IP address to deliver the content. Third-party providers may use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may be stored in cookies on your device and may contain, among other things, technical information about your browser and operating system, referring websites, time of visit and other information about your use of our website, as well as being linked to such information from other sources.
We use “Bexio” for processing offers, order confirmations and invoicing. The provider is Bexio AG, Alte Jonastr. 24, CH-8640 Rapperswil. When processing offers, order confirmations and invoicing, personal and non-personal data are processed. We have concluded an order data processing agreement with Bexio in which we oblige Bexio to protect our customers’ data and not to pass it on to third parties.
Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law. The “Privacy Shield” is an agreement between the European Union (EU) and the USA, or Switzerland and the USA, which guarantees compliance with European and Swiss data protection standards in the USA.
We use Zapier for the collection, processing and use of personal and non-personal data. The provider is Zapier, Inc, 548 Market St #62411, San Francisco, California 94104, USA.
Zapier is certified under the Privacy Shield agreement, thereby providing a guarantee of compliance with European data protection law. The “Privacy Shield” is an agreement between the European Union (EU) and the USA, or Switzerland and the USA, which guarantees compliance with European and Swiss data protection standards in the USA.
Data protection for applications
In the case of an application, we process the data you voluntarily provide to us for the purpose of carrying out and processing the application process. The recipients of the data are exclusively the persons in our HR department who are involved in the application process and who may pass on your application to other group companies if you have applied directly to these group companies or if we believe that your application could be of interest to one of our group companies.
If your application is rejected, it will be stored for 6 months after the end of the application process. This storage period results from the possible assertion of claims under the AGG and our associated legitimate interest in being able to defend ourselves against such claims.
If you have voluntarily consented to being included in our applicant pool, we can also agree a different period with your consent. You can revoke this consent at any time with effect for the future.
The use of these functional cookies represents a legitimate interest on our part. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the website more user-friendly and effective.
When you visit our website, cookies can be stored in your browser temporarily as “session cookies” or for a certain period of time as so-called permanent cookies. Session cookies are automatically deleted when you close your browser. Permanent cookies have a specific storage period. In particular, they enable us to recognize your browser the next time you visit our website and thus, for example, to measure the reach of our website. Permanent cookies can be used for online marketing, for example.
Google analytics / tracking cookies
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, which means that they cannot be linked to a specific person. If the data collected about you is related to a person, this will be immediately excluded and the personal data is deleted immediately.
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). We use Google Analytics to analyze how our website is used, including, for example, measuring the reach of our website and the success of third-party links on our website. This is a service of the American Google LLC. For users in the European Economic Area (EEA) and Switzerland, the Irish company Google Ireland Limited is responsible. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on the nature, extent and purpose of data processing can be found in Google’s privacy and security policy and data protection statement in each case, in the guide to data protection in Google products (including Google Analytics), in the information on how Google uses data from websites on which Google services are used and in the information on cookies at Google. In addition, it is possible to use the “Browser Add-on to deactivate Google Analytics” and to object to personalized advertising.
For sending our newsletters, we use the services of MailChimp. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on MailChimp servers in the USA.
With the help of MailChimp we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacons) connects to MailChimp’s servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
Objection to data collection
If you do not want MailChimp to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe directly on the website. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing procedures already carried out remains unaffected by the revocation. The data you provide us with for the purpose of receiving the newsletter will be stored until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remain unaffected by this.
Facebook pixel, facebook custom audiences and facebook conversion
Within our online offer, the so-called “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used.
With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine you as a visitor to our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
The processing of data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, general information on the display of Facebook ads can be found in Facebook’s data usage policy. Specific information and details on the Facebook Pixel and how it works can be found in the Facebook help section.
Eu-us privacy shield
Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law.
We have a legitimate interest in analyzing user behavior to optimize both our website and our advertising.
Order data processing contract
For the processing of data for which Facebook acts as data processor, we have concluded a data processing contract with Facebook in which we oblige Facebook to protect our customers’ data and not to pass it on to third parties.
We integrate the videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland.
When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, YouTube enables you to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
We can integrate the videos of the platform “Vimeo” of the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA.
We integrate the maps of the “Google Maps” service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland.
The data processed may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually executed in the context of the settings of the mobile devices). The data may be processed in the USA.
Google Maps is used in the interest of an appealing presentation of our online offers and to make it easy to find the places we indicate on the website.
We operate the Facebook fan page https://www.facebook.com/epudesign/ in order to get in touch with users who use Facebook. Facebook processes the data generated by the use of this fan page outside the EU. Facebook compensates for the resulting deficits with a Privacy Shield certification (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). With this, Facebook undertakes to comply with EU data protection standards. Facebook regularly uses the personal data that is collected when you use our fan page for its own advertising, analysis and market research purposes, e.g. for profiling your interests and user behavior in order to show you customized advertisements. If you are registered with Facebook, Facebook can assign your activity on our fan page directly to you. In addition, Facebook provides us with various aggregated data. It is not possible for us to draw any conclusions about individual persons. We use this insights data to make our offer more relevant to you.
Facebook pages, groups, social plugins
We use Facebook pages, Facebook groups and Facebook social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The pages, groups and plugins can provide you with interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable to you by one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. You can view the list and appearance of Facebook social plugins. When you call up a function of our online offer that contains such a plugin, your device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your device and integrated by it into the online offer. Your usage profile can be created from the processed data. We therefore have no influence on the extent of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge. By integrating the plugins, Facebook receives the information that you have accessed the corresponding page of our online offer. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If you are not a member of Facebook, there is still the possibility that Facebook will find out and store your IP address. According to Facebook, only an anonymized IP address is stored in Europe.
EU-US Privacy Shield: Facebook is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law. The use of Facebook pages, groups and social plugins is in the interest of an attractive presentation of our online offers and an easy location of the places we indicate on the website as well as the use of data for marketing and targeting purposes.
Objection to data collection
If you are a Facebook member and do not want Facebook to collect data about you via our online offer and link it to your membership data stored on Facebook, you must log out of Facebook and delete your cookies before using our online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings or via the US site aboutads.info or the EU site youronlinechoices.com. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Within our online offer, functions and contents of the service Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated.
This may include, for example, content such as images, videos or texts and buttons with which you can express your liking of the content and subscribe to the authors of the content or our posts. If you are a member of the Instagram platform, Instagram can assign the call-up of the above-mentioned content and functions to your profile.
Within our online offer, functions and contents of the service LinkedIn, offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, may be used.
This may include, for example, content such as images, videos or texts and buttons with which you can express your liking for the content and subscribe to the authors of the content or our posts. If you are a member of the LinkedIn platform, LinkedIn can assign the call-up of the above-mentioned content and functions to your profile. We can also integrate scripts and measures that allow us to use marketing and statistical functions in LinkedIn.
EU-US Privacy Shield: LinkedIn is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law. The use of LinkedIn functions is in the interest of an appealing presentation of our online offers and an easy findability of the places we indicate on the website as well as the use of data for marketing and targeting purposes. Objection to data collection: LinkedIn data collection opt-out.
Within our online offer, functions and contents of the service XING, offered by XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany, may become available.
This may include, for example, content such as images, videos or texts and buttons with which you can make known your liking of the content and subscribe to the authors of the content or our contributions. If you are a member of the XING platform, XING can assign the call-up of the above-mentioned content and functions to your profile. We can also integrate scripts and measures that allow us to use marketing and statistical functions on XING.
The use of the XING functions is in the interest of an appealing presentation of our online offers and an easy findability of the places we indicate on the website as well as the use of the data for marketing and targeting purposes. Objection to data collection: XING Data Collection Opt-Out.
This data protection declaration is currently valid and has the status February 2022.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current data protection declaration can be accessed and printed out by you at any time on the website at
https://epudesign.com/datenschutz and can be printed out.
Misprints, errors and changes reserved.