Privacy Policy

With this Privacy Policy, we inform you about the processing of personal data in connection with our activities and operations, including our website under the domain name www.promet.com. In particular, we inform you about what personal data we process, how, and where. We also inform you about the rights of individuals whose data we process.

For individual or additional activities and operations, we may publish further privacy policies or other data protection information.

We are subject to Swiss law and, where applicable, foreign law, such as that of the European Union (EU) with the European General Data Protection Regulation (GDPR).

The European Commission recognized with its Decision of July 26, 2000 that Swiss data protection law ensures an adequate level of data protection. With its Report of January 15, 2024, the European Commission confirmed this adequacy decision.

Table of Contents

• 1. Contact Addresses
• Data Protection Officer or Data Protection Advisor
• 2. Terms and Legal Bases
• 2.1 Terms
• 2.2 Legal Bases
• 3. Nature, Scope, and Purpose of Personal Data Processing
• 4. Automation and Artificial Intelligence (AI)
• 5. Disclosure of Personal Data
• 6. Communication
• 7. Job Applications
• 8. Data Security
• 9. Personal Data Abroad
• 10. Rights of Data Subjects
• 10.1 Data Protection Claims
• 10.2 Legal Protection
• 11. Use of the Website
• 11.1 Cookies
• 11.2 Logging
• 11.3 Tracking Pixels
• 12. Notifications and Messages
• 12.1 Success and Reach Measurement
• 12.2 Consent and Objection
• 13. Social Media
• 14. Third-Party Services
• 14.1 Digital Infrastructure
• 14.2 Audio and Video Conferences
• 14.3 Online Collaboration
• 14.4 Social Media Functions and Social Media Content
• 14.5 Map Material
• 14.6 Digital Content
• 14.7 Fonts
• 14.8 Advertising
• 15. Extensions for the Website
• 16. Success and Reach Measurement
• 17. Final Notes on the Privacy Policy

1. Contact Addresses

Responsible in the sense of data protection law is:

Promet AG
Gähwilerstrasse 56, CH-9533 Kirchberg

info@promet.com

In individual cases, third parties may be responsible for the processing of personal data or there may be joint responsibility with third parties. We are happy to provide information to data subjects upon request about the respective responsibility.

Data Protection Officer or Data Protection Advisor

We have the following Data Protection Officer or Data Protection Advisor as a point of contact for data subjects and authorities for inquiries related to data protection:

Erich Flühler
Gähwilerstrssse 56, 9533 Kirchberg

datenschutz@promet.com

2. Terms and Legal Bases

2.1 Terms

Data Subject: Natural person about whom we process personal data.

Personal Data: All information relating to an identified or identifiable natural person.

Particularly Sensitive Personal Data: Data on trade union, political, religious or philosophical views and activities, data on health, intimate sphere or ethnicity, genetic data, biometric data that uniquely identifies a natural person, data on criminal and administrative sanctions or prosecutions, and data on social assistance measures.

Processing: Any handling of personal data, regardless of the means and procedures used, for example, querying, comparing, adapting, archiving, storing, reading, disclosing, obtaining, collecting, deleting, revealing, ordering, organizing, saving, changing, distributing, linking, destroying, and using personal data.

European Economic Area (EEA): Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.

2.2 Legal Bases

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

We process personal data – if and to the extent that the European General Data Protection Regulation (GDPR) is applicable – according to at least one of the following legal bases:

• Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
• Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect legitimate interests – including the legitimate interests of third parties – unless the fundamental freedoms and rights as well as interests of the data subject prevail. Such interests are in particular the permanent, user-friendly, secure and reliable exercise of our activities and operations, ensuring information security, protection against misuse, enforcement of our own legal claims and compliance with Swiss law.
• Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to comply with a legal obligation to which we are subject according to any applicable law of member states in the European Economic Area (EEA).
• Art. 6 para. 1 lit e GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
• Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
• Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or of another natural person.
• Art. 9 para. 2 ff. GDPR for the processing of special categories of personal data, in particular with the consent of the data subjects.

The European General Data Protection Regulation (GDPR) refers to the processing of personal data as processing of personal data and the processing of particularly sensitive personal data as processing of special categories of personal data (Art. 9 GDPR).

3. Nature, Scope and Purpose of Processing Personal Data

We process personal data that is necessary to be able to carry out our activities and operations permanently, in a user-friendly, secure and reliable manner. The processed personal data may in particular fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data. The personal data may also constitute particularly sensitive personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities and operations, insofar as such processing is permissible.

We process personal data, where necessary, with the consent of the data subjects. We may process personal data in many cases without consent, for example to comply with legal obligations or to protect overriding interests. We may also ask data subjects for their consent even if their consent is not required.

We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data in particular depending on legal retention and limitation periods.

4. Automation and Artificial Intelligence (AI)

We may process personal data automatically or use Artificial Intelligence for the processing of personal data.

We may use profiling to automatically evaluate certain personal aspects relating to data subjects. Profiling is used, for example, to analyze or predict interests, behaviors or personal preferences.

We inform on a case-by-case basis about decisions that are based exclusively on automated processing of personal data and that have legal consequences for the data subjects or significantly affect them (automated individual decisions).

5. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties or process it jointly with third parties. Such third parties are in particular specialized providers whose services we use.

We may disclose personal data, for example, to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, insurance companies, and payment service providers.

6. Communication

We process personal data in order to communicate with individuals as well as with authorities, organizations, and companies. In doing so, we primarily process data that an affected person transmits to us when contacting us, for example by postal mail or email. We may store such data in an address book or with comparable tools.

Third parties who transmit data to us about other persons are obligated to independently ensure the data protection of these affected persons. They must, in particular, guarantee that such data is accurate and may be transmitted.

We use selected services from suitable providers to enable and improve communication with individuals and other communication partners. With such services, we can also manage and otherwise process the data of the affected persons beyond direct communication.

7. Applications

We process personal data about applicants to the extent necessary for assessing suitability for an employment relationship or for the subsequent implementation of an employment contract. The required personal data results in particular from the requested information, for example, in the context of a job advertisement. We may publish job advertisements with the help of suitable third parties, for example in electronic and print media or on job portals and job platforms.

We also process personal data that applicants voluntarily provide or publish, especially as part of cover letters, resumes, and other application documents, as well as online profiles.

We process – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data about applicants in particular according to Art. 9 Para. 2 lit. b GDPR .

We may allow applicants to store their information in our talent pool so that we can consider them for future open positions. We may also use such information to maintain contact and inform about news. If we assume that an applicant is suitable for an open position based on the information provided, we may inform the applicant accordingly.

8. Data Security

We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. With our measures, we ensure in particular the confidentiality, availability, traceability, and integrity of the processed personal data, without being able to guarantee absolute data security.

Access to our website and our other digital presence is via transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn before visiting a website without transport encryption.

Our digital communication is subject – as generally all digital communication – to mass surveillance without cause and suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police agencies, and other security authorities. We also cannot rule out that an affected person is specifically monitored.

9. Personal Data Abroad

We process personal data primarily in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular to process it or have it processed there.

We may export personal data to all countries on Earth and elsewhere in the Universe, provided that the law there ensures adequate data protection according to a decision of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – also according to a decision of the European Commission.

We may transfer personal data to countries whose laws do not ensure adequate data protection, provided that data protection is guaranteed for other reasons, particularly on the basis of standard data protection clauses or other suitable guarantees. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, for example, the explicit consent of the data subjects or a direct connection with the conclusion or execution of a contract. We are happy to provide information about any guarantees or a copy of any guarantees to data subjects upon request.

10. Rights of Data Subjects

10.1 Data Protection Claims

We grant data subjects all claims in accordance with applicable law. Data subjects have, in particular, the following rights:

• Information: Data subjects can request information on whether we process personal data about them and, if so, which personal data. Data subjects also receive the information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data as such, but also information on the processing purpose, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
• Correction and Restriction: Data subjects can have inaccurate personal data corrected, incomplete data completed, and the processing of their data restricted.
• Opportunity for Own Perspective and Human Review: For decisions based solely on automated processing of personal data that have legal consequences for them or significantly affect them (automated individual decisions), data subjects can present their own perspective and request review by a human.
• Deletion and Objection: Data subjects can have personal data deleted (‘right to be forgotten’) and object to the processing of their data with effect for the future.
• Data Release and Data Portability: Data subjects can request the release of personal data or the transfer of their data to another controller.

We may postpone, restrict, or refuse the exercise of data subjects’ rights within the legally permissible framework. We may inform data subjects of any conditions to be met for exercising their data protection claims. For example, we may refuse information in whole or in part with reference to confidentiality obligations, overriding interests, or the protection of other persons. We may also refuse to delete personal data, especially with reference to legal retention obligations, in whole or in part.

We may exceptionally provide for costs for the exercise of rights. We inform data subjects in advance about any costs.

We are obliged to identify data subjects who request information or assert other rights with appropriate measures. Data subjects are obliged to cooperate.

10.2 Legal Protection

Data subjects have the right to enforce their data protection claims through legal action or to file a report or complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), the data protection supervisory authorities are federally structured, especially in Germany.

11. Use of the Website

11.1 Cookies

We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data is not limited to traditional cookies in text form.

Cookies can be stored in the browser temporarily as ‘session cookies’ or for a specific period as so-called permanent cookies. ‘Session cookies’ are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies allow, in particular, recognizing a browser on the next visit to our website and thus, for example, measuring the reach of our website. However, permanent cookies can also be used for online marketing, for instance.

Cookies can be fully or partially deactivated, restricted, or deleted in the browser settings at any time. Browser settings often also allow automated deletion and other management of cookies. Without cookies, our website may no longer be available to its full extent. We actively request – at least if and to the extent required by applicable law – explicit consent for the use of cookies.

For cookies used for success and reach measurement or for advertising, a general objection (‘opt-out’) is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

11.2 Logging

For each access to our website and our other digital presence, we may log at least the following information, if transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of our website accessed including amount of data transferred, website last accessed in the same browser window (referrer).

We log such information, which may also constitute personal data, in log files. This information is necessary to provide our digital presence permanently, user-friendly, and reliably. The information is also necessary to ensure data security – including by or with the help of third parties.

11.3 Tracking Pixels

We may incorporate tracking pixels into our digital presence. Tracking pixels are also referred to as web beacons. Tracking pixels – including those from third parties whose services we use – are typically small, invisible images or JavaScript-formulated scripts that are automatically retrieved when accessing our digital presence. With tracking pixels, at least the same information as in the logging in log files can be collected.

12. Notifications and Messages

12.1 Success and Reach Measurement

Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked. Such web links and tracking pixels may also record the use of notifications and messages on a personal basis. We need this statistical recording of usage for success and reach measurement to be able to send notifications and messages effectively and user-friendly as well as permanently, securely, and reliably based on the needs and reading habits of the recipients.

12.2 Consent and Objection

You must in principle consent to the use of your email address and other contact addresses, unless the use is permissible for other legal reasons. For obtaining a double confirmed consent, we may use the ‘double opt-in’ procedure. In this case, you will receive a message with instructions for double confirmation. We may log obtained consents including IP address and timestamp for evidence and security reasons.

You can in principle object to receiving notifications and messages such as newsletters at any time. With such an objection, you can simultaneously object to the statistical recording of usage for success and reach measurement. Necessary notifications and messages in connection with our activities remain reserved.

13. Social Media

We are present on social media platforms and other online platforms to communicate with interested persons and to inform about our activities. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The General Terms and Conditions (GTC) and terms of use as well as privacy policies and other provisions of the individual operators of such platforms also apply. These provisions inform in particular about the rights of affected persons directly towards the respective platform, which include, for example, the right to information.

14. Third-Party Services

We use services from specialized third parties to be able to carry out our activities and operations permanently, in a user-friendly, safe, and reliable manner. With such services, we can, among other things, embed functions and content into our website. During such embedding, the services used temporarily record the IP addresses of users for technically essential reasons.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data to be able to provide the respective service.

We use in particular:

• Services from Google: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) partly for users in the European Economic Area (EEA) and Switzerland; General information on data protection: “Privacy and Security Principles”, “More information on how Google uses personal data”, Privacy Policy, “Google is committed to complying with applicable data protection laws”, “Privacy Guide for Google Products”, “How we use data from websites or apps where our services are used”, “Types of cookies and similar technologies used by Google”, “Ads you can influence” (“Personalized Advertising”).
• Services from Microsoft: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General information on data protection: “Data Protection at Microsoft”, “Privacy and Data Protection”, Privacy Policy, “Data and Privacy Settings”.

14.1 Digital Infrastructure

We use services from specialized third parties to be able to utilize the required digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

We use in particular:

• Cyon: Hosting; Provider: cyon GmbH (Switzerland); Information on data protection: “Data Protection”, Privacy Policy.

14.2 Audio and Video Conferences

We use specialized services for audio and video conferences to be able to communicate online. With these, we can, for example, hold virtual meetings or conduct online classes and webinars. For participation in audio and video conferences, the legal texts of the individual services, such as privacy policies and terms of use, apply additionally.

We recommend, depending on the life situation, to mute the microphone by default when participating in audio or video conferences, as well as to blur the background or use a virtual background.

We use in particular:

• Skype: Audio and video conferences; Provider: Microsoft; Skype-specific information on data protection: “Legal for Skype”.
• TeamViewer Meeting: Video conferences; Provider: TeamViewer Germany GmbH (Germany); Information on data protection: Privacy Policy, “First-Class Data Protection”.
• Zoom: Platform for collaborative work, especially with video conferences; Provider: Zoom Video Communications Inc. (USA); Information on data protection: “Privacy at Zoom”, Privacy Policy, “Legal Compliance”.

14.3 Online Collaboration

We use third-party services to enable online collaboration. In addition to this privacy policy, any directly visible conditions of the services used, such as terms of use or privacy policies, also apply.

We use in particular:

• Microsoft Teams: Platform for productive collaboration, especially with audio and video conferences; Provider: Microsoft; Teams-specific information: “Security and Compliance in Microsoft Teams”, especially “Data Protection”.

14.4 Social Media Functions and Social Media Content

We use third-party services and plugins to embed functions and content from social media platforms and to enable sharing of content on social media platforms and through other channels.

We use in particular:

• Instagram platform: Embedding of Instagram content; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Privacy information: Privacy Policy (Instagram), Privacy Policy (Facebook).
• LinkedIn Consumer Solutions Platform: Embedding of LinkedIn functions and content, for example with plugins such as the “Share Plugin”; Provider: Microsoft; LinkedIn-specific information: “Privacy”, Privacy Policy, Cookie Policy, Cookie Management / Opt-out of Email and SMS Communication from LinkedIn, Opt-out of Interest-Based Advertising.

14.5 Map Material

We use third-party services to embed maps into our website.

We particularly use:

• Google Maps including Google Maps Platform: Map service; Provider: Google; Google Maps-specific information: “How Google Uses Location Information”.

14.6 Digital Content

We use services from specialized third parties to integrate digital content into our website. Digital content includes, in particular, image and video material, music, and podcasts.

We particularly use:

• Vimeo: Video platform; Provider: Vimeo Inc. (USA); Privacy information: Privacy Policy, “Private Video Hosting”.
• YouTube: Video platform; Provider: Google; YouTube-specific information: “Privacy and Security Center”, “My Data on YouTube”.

14.7 Fonts

We use third-party services to embed selected fonts as well as icons, logos, and symbols into our website.

We particularly use:

• Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: “Your Privacy and Google Fonts”, “Privacy and Data Collection” (Google Fonts).

14.8 Advertising

We use the option to display targeted advertising with third parties such as social media platforms and search engines for our activities and operations.

With such advertising, we aim to reach people who are already interested in our activities and operations or could be interested in them (remarketing and targeting). For this purpose, we may transmit corresponding – possibly also personal – information to third parties who enable such advertising. We can also determine whether our advertising is successful, that is, in particular, whether it leads to visits to our website (conversion tracking).

Third parties with whom we advertise and where you are logged in as a user may be able to associate your use of our website with your profile there.

We particularly use:

• Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: Advertising based on search queries, among other things, using various domain names – especially doubleclick.net, googleadservices.com and googlesyndication.com – for Google Ads, Privacy Policy for Advertising, “Manage Ad Settings Directly from Ads”.
• LinkedIn Ads: Social media advertising; Providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); Privacy information: Remarketing and targeting, particularly with the LinkedIn Insight Tag, “Privacy”, Privacy Policy, Cookie Policy, Opt-out of Personalized Advertising.
• Meta Ads: Social media advertising on Facebook and Instagram; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Privacy information: Targeting, including retargeting, particularly with the Meta Pixel and with Custom Audiences including Lookalike Audiences, Privacy Policy, “Ad Preferences” (login as a user required).
• Microsoft Advertising: Search engine advertising on Bing, DuckDuckGo, Yahoo! and other search engines; Provider: Microsoft; Microsoft Advertising-specific information: “Legal, Privacy and Security”, “Ad Settings” (Opt-out of personalized advertising).

15. Extensions for the Website

We use extensions for our website to be able to utilize additional functions. We can use selected services from suitable providers or use such extensions on our own digital infrastructure.

We use in particular:

• Google reCAPTCHA: Spam protection (distinguishing between desired content from humans and unwanted content from bots and spam); Provider: Google; Google reCAPTCHA-specific information: “What is reCAPTCHA?”.

16. Success and Reach Measurement

We try to measure the success and reach of our activities and operations. In this context, we can also measure the effect of third-party references or check how different parts or versions of our digital presence are used (‘A/B test’ method). Based on the results of the success and reach measurement, we can, in particular, fix errors, strengthen popular content, or make improvements.

For success and reach measurement, in most cases, the IP addresses of individual users are recorded. IP addresses are generally shortened in this case (‘IP masking’) to follow the principle of data minimization through appropriate pseudonymization.

Cookies may be used for success and reach measurement, and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our digital presence, information about the size of the screen or browser window, and the – at least approximate – location. In principle, any user profiles are created exclusively in a pseudonymized manner and are not used to identify individual users. Individual third-party services where users are logged in may possibly associate the use of our online offer with the user account or user profile of the respective service.

We use in particular:

• Clarity: Recording and analysis of user behavior on websites; Provider: Microsoft; Clarity-specific privacy information: “What data does Clarity collect?”, “Data Retention”, Cookie Policy.
• Google Marketing Platform: Success and reach measurement, especially with Google Analytics; Provider: Google; Google Marketing Platform-specific information: Measurement also across different browsers and devices (Cross-Device Tracking) with pseudonymized IP addresses, which are only exceptionally transferred in full to Google in the USA, Privacy Policy for Google Analytics, “Browser Add-on to Deactivate Google Analytics”.
• Google Tag Manager: Integration and management of services from Google and third parties, especially for success and reach measurement; Provider: Google; Google Tag Manager-specific information: Privacy Policy for Google Tag Manager; further privacy information can be found for the individual integrated and managed services.
• Hotjar: Recording of user behavior; Provider: Hotjar Ltd. (Malta); Privacy information: Recording without reference to individual website visitors, for example regarding movements and clicks with a mouse or with other input options, “Privacy and Hotjar”, “Privacy”, Privacy Policy, Cookie Policy, “Security”.

17. Final Notes on the Privacy Policy

We have created this privacy policy with the Privacy Policy Generator from Datenschutzpartner .

We can update this privacy policy at any time. We will inform about updates in an appropriate manner, in particular by publishing the current privacy policy on our website.