Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate and disclose and make use of personal information.
We are pleased that you are visiting our Website and that you are interested in our company and our products. We take the protection of your data very seriously and we want you to feel safe while you are navigating our Internet sites. This is why we have published this data protection declaration. With a view to the General Data Protection Regulation of the EU (GDPR), it reveals which personalized data we process in which way and to what purpose. Even though the GDPR is a regulation of the European Union, it is relevant for us. The Swiss Data Protection Legislation (“DPL“) is strongly influenced by European Legislation, and the future revision of the DPL will adopt many regulations of the GDPR. Moreover, companies outside the European Union have to abide by the GDPR under certain circumstances if they offer goods and services to people in the EU. Therefore, we have decided to orient this data protection declaration totally on the GDPR. In conformity with the applicable data protection regulation we inform you below about which personalized data we gather during your visit on our Website (www.sotax.com), during your registration as a client (customer account), within the contact forms, which purpose we use this data for, and how we use it to optimize our services for you.
1. Entity, person responsible for data protection, EU representative
(1) The responsible address in accordance with article 4 #7 of the General Data Protection Regulation of the EU (GDPR) is:
subsequently called “SOTAX“, “we” or “us“. Further information regarding the provider can be found on our masthead (→ SOTAX AG).
(2) The persons responsible for data protection can be reached as follows: by email to dataprotection(a)sotax.com or via our mailing address with the addition of “c/o data protection delegate“
(3) SOTAX GmbH, Wallbrunnstrasse 24, 79539 Loerrach, Germany is a designated EU Representative in accordance with article 27 GDPR of SOTAX AG.
2. Providing the website and the log files
(1) If you only visit our Website for information, i.e. if you do not register or transmit information to us in any other way, we only gather the personalized data which your browser automatically sends to our server. When you want to peruse our Website we collect the following data which is technically necessary for us to display the Website to you correctly and to ensure stability and security (the legal basis is article 6 section 1 page 1 letter f) GDPR):
- IP address
- date and time of the inquiry
- time zone difference to Greenwich Mean Time (GMT)
- contents of the inquiry (actual page)
- access status / http status code
- data volume transmitted
- website from which the request originates
- operating system and its surface
- language and version of the browser software.
(2) The users’ IP addresses are deleted or anonymized after termination of the use. In case of anonymization, the IP addresses are altered in a way that the individual bits of information about personal or factual relations can no longer be attributed to a certain or identifiable person or only with a disproportionate effort of time, costs, and labor.
(1) In addition to the above-mentioned log files data, cookies are saved on your computer when you visit our Website. Cookies are small text files which are attributed on your hard disc to the browser you use and are saved there. They provide certain information to the entity who places the cookie (in this case we). Cookies cannot execute any programs or transfer viruses to your computer. They are used to make the offer on the Internet more user-friendly and more effective.
a) This website uses the following types of cookies, whose extent and way of functioning is explained below:
- session cookies (see b)
- permanent cookies (see c).
b) Session cookies save a so-called session ID with which different requests your browser makes can be attributed to a joint session. Session cookies are deleted as soon as you log out or close the browser. When you restart the browser and return to the Website, the Website will not recognize you. You have to log in again (provided a log in is necessary) or you have to reset your templates and preferences if the Website offers this function. Then a new session cookie is created which saves your Information and remains active until you leave the site again and close your browser.
c) Permanent cookies are automatically deleted after a fixed time, which can differ from cookie to cookie. You can delete these cookies at any time in the security settings of your browser.
a) Settings and function
When you access our Website the choice of language and country established or entered by yourself is saved in cookies so you do not have to make the choice again for repeat visits. It is ascertained beforehand if your browser supports cookies and this information is deposited in an additional cookie. Subsequently you are shown localized contact information for your country and language, which is also saved. The legal basis for this is article 6 section 1 page 1 letter b) GDPR.
We use advertising cookies so we can gauge the effectiveness of our advertising and deduce optimizations from this. The legal basis for this is article 6 section 1 page 1 letter f) GDPR.
In order to improve our Internet offers for our customers and other interested parties continuously, we are using the advertising analytics service Google Analytics. Through the use of these cookies Google gives us information about the use of our Internet site. We learn for example how often and in which sequence the individual pages have been accessed and how much time users spend on average on our pages. We also learn if users have visited our Internet site at an earlier time already. The legal basis for this is article 6 section 1 page 1 letter f) GDPR.
→ See also chapter 6. Web analysis services.
(4) Control over cookies
You can configure your browser setting in accordance with your wishes and for example regulate or refuse the acceptance of third-party cookies or all cookies as you wish. Existing cookies can be deleted via your browser settings. We point out to you that in that case you might not be able to use all the functions of this Website.
4. Registration function (user account)
(1) You can register as a user on our Website. Within the registration process you are told what the required mandatory information is. Data entered during the registration process will be used for the use of the offer. You can be informed by e-mail about offer- and registration-relevant news, such as a change of the extent of our offers or technical conditions. When you cancel your user account, data relevant to this user account is deleted, except if it is necessary to store it for commercial or tax-related reasons, in accordance with article 6 section 1 page 1 letter c) GDPR.
(2) When you are making use of our registration function and taking advantage of a user account, we save the IP address and the exact time of each user activity. This storage is due to our as well as the users’ justified interest to protect against misuse and other illicit usage. Such data is basically not passed on to third parties, except as necessary in pursuit of our claims or if required for legal reasons in accordance with article 6 section 1 page 1 letter c) GDPR. The IP addresses are deleted or anonymized after seven days at the latest.
5. Contact form and e-mail contact
(1) Our Internet site features contact forms, which can be used to contact us electronically. If a user makes use of this possibility, the data entered on the entry form is transmitted to us and saved. The data in question, particularly personal data, address data, contact information and messages (free text field) are directly visible on the respective entry form.
At the moment of sending the following data is saved:
- the user’s IP address
- date and time the form is sent
(2) Regarding the processing of this data we refer you to this data protection declaration in the context of the sending process. As an alternative we can be contacted via the e-mail addresses displayed. In that case the personalized data transmitted with the e-mail is saved. Such data is exclusively used to process the request.
(3) The legal basis for the processing of data transmitted in connection with using the contact form or sending an e-mail is article 6 section 1 page 1 letter f) GDPR. If the purpose of any e-mail contact is to sign a contract, the additional legal basis for data processing is article 6 section 1 page 1 letter b) GDPR.
(4) Processing of personalized data from the entry form is only used for making contact. In the case of initial contact by e-mail we also have a required justified interest here in processing the data. Any other personalized data processed during the sending process only serves to avoid any misuse of the contact forms and to ensure the security of our information technology systems.
(5) Data is deleted as soon as it is no longer needed to achieve the goal of its collection. For personalized data from the entry form of the contact form as well as data sent by e-mail, this is the case when the respective dialog with the user is terminated. A conversation is terminated when it can be deduced from the circumstances that the matter in question has been resolved completely. Any other personalized data processed during the sending process is deleted after seven days at the latest.
6. Web analysis services
SOTAX uses Google Analytics and the Google Tag Manager. The legal basis for this is article 6 section 1 page 1 letter f) GDPR.
(1) Google Analytics
a) This Website uses Google Analytics, a web analysis service of Google Inc. (“Google"). Google Analytics uses so-called “Cookies", text files that are saved on your computer and allow an analysis of your use of the Website. The information the cookies create about your use of this Website is generally transmitted to a Google server in the USA and saved there. When IP anonymization is activated on this Website, however, Google abbreviates your IP address within the member states of the European Union or in other contract states of the agreement about the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there. As ordered by the operator of this Website, Google will use this information to evaluate your use of the Website in order to set up reports about Website activities and to enable further services in connection with the use of the Website and the Internet vis-a-vis the Website operator.
b) The IP address your browser submits to Google Analytics does not get coupled with other Google data.
c) With the respective setting of your browser software you can prevent cookies from being saved. We point out to you though that in that case you might not be able to use all the functions of this Website to their full extent. However, you can also prevent Google from collecting data created by a cookie and relating to your use of the Website (including your IP address) as well as processing of such data by Google by downloading and installing the browser plug-in Google provides.
d) This Website uses Google Analytics with the extension “_anonymizeIp()". This processes IP addresses in abbreviated form, and thus they cannot be associated with an individual person. Thus, as far as the data collected about you can be attributed to an individual person, such a connection is excluded right away and the personalized data is deleted immediately.
e) We use Google Analytics to analyze the use of our Website and to improve it regularly. Statistics thus gathered lets us improve our offers and make it more attractive for you as a user. For exceptional cases in which personalized data is transferred to the USA, Google is subject to the EU-US Privacy Shield, www.privacy-shield.gov/EU-US-framework. The legal basis for the use of Google Analytics article is 6 section 1 page 1 letter f) GDPR.
f) Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: www.google.com/analytics/terms/de.html, data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.defintl/de/policies/privacy.
(2) Google Tag Manager
a) As part of Google Analytics, this Website uses the Google Tag Manager. Tags are small code elements on our Website that serve, among other things, to measure traffic and visitor behavior, the effects of online advertising and social channels, to apply remarketing and sighting on targeting groups and to test and optimize their Website. Google Tag Manager is a solution with which SOTAX can manage Website tags across a surface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain. The tool triggers other tags which in turn gather data, depending on the circumstances. Google Tag Manager does not access this data. When there has been deactivation on the domain or cookie level, this is retained for all tracking tags implemented with the Google Tag Manager.
b) Further information about Google Tag Manager can be found on the Internet
(3) Google Adwords Retargeting
a) Furthermore, so-called retargeting tags of the company Google Inc. 600 Amphitheatre Pkwy, Mountain View, CA 94043, USA are implemented on our pages. Retargeting tags get set up on the Website with the help of cookies and so-called counting pixels. When you visit our pages, retargeting tags establish a direct connection between your browser and the Google server. This way Google receives the information that your terminal has visited our page. Thus the terminal you have used can be added to a retargeting target
group list. Information thus gathered can be used for the display of advertisements on Internet pages you access with your terminal. We point out that Google reveals to us none of the contents of the transmitted data and its use.
b) Further information about this issue can be found in the data protection declaration of Google (http://www.google.de/intl/de/policies/privacy/). If you do not wish that any data is collected within Google Remarketing / Retargeting, you can choose the respective setting under the so-called “Google display options“ (http://www.google.com/settings/ads) and on the page http://www.youronlinechoices.eu/.
7. Social Media
(1) We are currently using the following social media plug-in: LinkedIn. The provider of this plug-in can be identified by the marking on the box above its initials or by the logo. We offer you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thus activate it will the plug-in provider receive the information that you have called up the respective Website of our online offer. In addition, the data mentioned under § 3 of this declaration is transmitted. According to the respective providers in Germany, the IP address is anonymized right after its collection in the case of Facebook and Xing. Thus, with the activation of the plug-in, personalized data relating to you is transmitted to the respective plug-in provider and saved there (in the USA in the case of US providers). Since the plug-in provider uses particularly cookies to collect data we recommend that you delete all the cookies in your browser via the security settings before you click on the greyed-out box.
(2) Neither do we have any influence on the data collected and the data processing procedures, nor do we have any knowledge of the full extent of the data collection, the purpose of its processing and how long it is being kept. We have no information either about the deletion of the gathered data by the plug-in provider.
(3) The plug-in provider saves the data collected about you as user profiles and uses them for advertising, market research and/or needs-oriented design of his Website. Such an evaluation is mainly done (also for not logged-in users) to display needs-oriented advertising and in order to inform other users of the social network about your activities on our Website. You have the right to object to the creation of these user profiles, for which you have to contact the respective plug-in provider. With the plug-ins we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of plug-ins is article 6 section 1 page 1 letter f) GDPR.
(4) Data transfer occurs no matter if you have an account with the plug-in provider and are logged in there or not. When you are logged in with the plug-in provider the data we gather from you is attributed directly to the account you have with the plug-in provider. When you click the activated button and for instance link the page, the plug-in provider also saves that information in your user account and publicly notifies your contacts. We recommend that after using a social network you log out regularly, but most particularly before you activate the button, as this prevents attribution to your profile at the plug-in provider.
(5) Further information about purpose and use of data collecting and its processing by the plug-in provider can be found in the providers’ data protection declaration(s) listed below. You can also find further information there about your respective rights and setting options to protect your privacy.
(6) Addresses of the respective plug-in provider(s) and URLs with their data protection notifications:
LinkedIn has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-framework.
8. Inclusion of YouTube videos
Use of YouTube
(1) In our online offer we have included YouTube videos, which are saved on http://www.YouTube.com and can be played directly from our Website. They are all integrated in “extended data protection mode", which means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only once you play the videos will the data named in chapter 2 Providing the Website and the log files be transferred. We have no influence on this data transfer.
(2) When you visit the Website, YouTube learns that you have accessed the respective sub-page of our Website. In addition, the data listed in chapter 3 Cookies (Visiting the Website) of this declaration is transferred. Data transfer occurs no matter whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in with Google, your data is attributed directly to your account. If you do not wish such attribution to your YouTube profile, you have to log out prior to activating the button. YouTube saves your data as a user profile and uses it for advertising, market research and / or needs-oriented display of its Website. Such an evaluation occurs particularly (even for users who are not logged in) for the purpose of creating needs-oriented advertising and in order to inform other users of the social network about your activities on our Website. You have the right to object to the creation of such user profiles, for which you have to contact YouTube.
(3) Further information about purpose and extent of data collection and its processing by YouTube can be found in the data protection declaration. You can also find further information there about your respective rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google processes your personalized data also in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-framework.
9. Automated decision finding
We basically do not use any fully automated decision finding in accordance with article 22 GDPR to establish and conduct a business relation.
For target-oriented information about our products and so we can advise you, we or service providers on our account respectively may use web analysis tools, particularly tracking technology as applicable. This allows needs-oriented communication and advertising. In this regard we refer you to chapter 6. Web analysis services.
11. Your rights
When personalized data of you is processed, you are a ‘person concerned’ in the sense of the GDPR and you have the following rights vis-a-vis us as the responsible party. If you want to assert your rights or wish further information, please contact us or our data protection representative:
(1) Rights according to article 15 ff. GDPR
You are entitled to Information according to article 15 GDPR. Under certain legal conditions you are entitled to Rectification according to article 16 GDPR, to the Right of Restriction of Processing according to article 18 GDPR and the Right to Erasure (“Right to be Forgotten”) according to article 17 GDPR. In addition, you are entitled to the release of data you have provided in a structured, com-mon and machine-readable format (Right to Data Portability) according to article 20 GDPR, provided the processing is done with automated means and is based on consent according to article 6 section 1 letter a) or article 9 section 2 letter a) or on a contract according to article 6 section 1 letter b) GDPR.
(2) Revocation of consent according to article 7 section 3 GDPR
If processing is based on your consent, you can revoke your consent to the processing of personalized data with us at any time. Please note that revocation is only applicable for future instances. Processing that has occurred prior to your revocation is not affected by it.
(3) Right to lodge a complaint
You have the right to lodge a complaint with us or a data protection supervisory authority (Article 77 GDPR).
(4) Right to object according to article 21 GDPR
In addition to the rights mentioned above, you have the right to object as follows:
a) Right to object based on individual cases
You have the right to object at any time, for reasons stemming from your particular situation, to the processing of personalized data relating to you, which is gathered in accordance with article 6 section 1 page1 letter e) GDPR (Data procession in the interest of the public) and article 6 section 1 page1 letter f) GDPR (Data procession based on balancing of interests); this is also applicable for proﬁling based on this regulation in the sense of article 4 #4 GDPR. If you object we will no longer process your personalized data, except if we can present compelling legitimate grounds for such processing which outweigh your interest, rights and liberties, or if the processing serves to assert, execute or defend legal claims.
b) Right to object to processing for advertising purposes
In individual cases we process your personalized data for direct advertising. You have the right at any time to object to processing of personalized data relating to you for the purpose of such advertising; this is also applicable for proﬁling as far as it is in connection with such direct advertising. If you object to processing for the purpose of such direct advertising, we will no longer process your personalized data for this purpose.
An objection can be addressed in any form to the place mentioned in chapter 1. Entity, Person responsible for data protection, EU Representative of this data protection declaration.
(1) We have taken technological and organizational safety precautions to protect your personalized data against loss, destruction, manipulation and unauthorized access. All our staff members and all third parties involved in data processing are obligated to adhere to the requirements of the GDPR and to confidential use of personalized data.
(2) If personalized data is gathered and processed through contact forms, information is transferred in encrypted form in order to prevent misuse by third parties. Our safety precautions are continuously revised to reflect technological developments.