Privacy Policy

Responsibility for online offers on the website www.adesso.ch: adesso Schweiz AG, Vulkanstrasse 106, 8048 Zurich, Switzerland, in short: adesso, (hereinafter also we/us).

Read on to find out more about how we protect your privacy and how personal data is processed within the framework of our websites and/or online offers, in particular for the purposes for which we process your data, to what extent and for how long we do this, and the rights you have in this regard.

If you have any questions regarding the processing of your personal data, contact our data protection officer via the contact details provided in Section II.

adesso Schweiz AG
Vulkanstrasse 106
8048 Zurich
Switzerland
T +41 58 520 97 10
E info@adesso.ch
Website: www.adesso.ch

Data Protection Officer
Dominik Langer
adesso Schweiz AG
Vulkanstrasse 106
8048 Zurich
T +41 58 520 97 10
E datenschutz@adesso.ch

adesso is subject to Swiss law. In the context of processing personal data, adesso complies with the requirements of the Swiss Federal Data Protection Act (Bundesgesetz über den Datenschutz, “DSG”) and the associated Ordinance to the Federal Act on Data Protection (Verordnung zum Datenschutzgesetz, “VDSG”). Where applicable, adesso takes into account the European General Data Protection Regulation (“GDPR”).

The definitions and terms are based on the DSG, the VDSG, and, where applicable, Regulation (EU) 679/2016 on the protection of data subjects with regard to the processing of personal data, on the sharing of such data, and repealing Directive 95/46/EC (hereinafter "General Data Protection Regulation" or “GDPR”). In particular, the definitions of Art. 3 DSG or Art. 5 revDSG and, where applicable, Art. 4 and Art. 9 of the GDPR apply. In the context of this data protection declaration, we use the following particular terms:

(1) 'Personal data' means any information relating to an identified or identifiable natural person (hereinafter 'data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

(2) 'Processing' refers to any operation or set of operations which is performed on personal data, whether by automatic means or not, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, data query, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(3) 'Restriction of processing' means the marking of stored personal data with the intent of limiting or blocking future processing.

(4) 'Profiling' means any automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

(5) 'Pseudonymization' means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

(6) 'Controller' means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

(7) 'Processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

(8) 'Recipient' means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party.

(9) 'Third party' refers to any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.

(10) 'Consent' means any freely given specific, informed and unambiguous indication of the data subject's wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies their agreement to personal data relating to him or her being processed.

1. Scope of the processing of personal data

As a matter of principle, we only process personal data of our users to the extent that this is necessary for the provision and supply of our services as well as for the provision of our web or online offers (including apps), unless otherwise stated in this privacy policy below.

The collection and use of personal data for other purposes regularly only takes place

(i) with the consent of the user,

(ii) where the processing is carried out for the purposes of performance of the contract, or

(iii) to safeguard legitimate interests unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

(iv) if the processing of the data is provided for by law.

2. Legal bases

Insofar as personal data is processed on the basis of the consent of the data subject, Article 6 (1) (a) GDPR serves as the legal basis for the processing, insofar as the GDPR is applicable.

If processing personal data for the performance of a contract to which the data subject is a party, the legal basis is Art. 6 (1) (b) GDPR where the GDPR applies; this also applies to processing that is necessary for the performance of pre-contractual measures.

If personal data is processed in order to comply with a legal obligation to which we are subject, the legal basis is Article 6 (1) (c) GDPR, insofar as the Regulation applies. In the event that the vital interests of the data subject or another natural person make it necessary to process personal data, the legal basis is Article 6 (1) (d) of the Regulation, insofar as the Regulation applies.

If processing is carried out to protect a legitimate interest of our company or a third party, and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR is the legal basis for the processing, insofar as the GDPR is applicable.

3. Obtaining consent / Right of withdrawal

If we need your consent for data processing, we usually obtain this electronically. Consent is given by placing a tick in the corresponding field for the purpose of documenting the granting of consent. The content of the declaration of consent is recorded electronically.

Right of revocation: Be aware that once consent has been given, it can be revoked at any time with effect for the future – in whole or in part; the lawfulness of the processing carried out on the basis of the consent up to the revocation remains unaffected by this. Please address any revocation to the contact details mentioned in Section II (responsible body or data protection officer).

4. Recipients of personal data

To provide our web and/or online services, we occasionally use service providers who act on our behalf and according to our instructions (order processors). These service providers may receive personal data or come into contact with personal data in the course of providing their services.

We ensure that our service providers provide sufficient guarantees that appropriate technical and organizational measures are in place, and that processing operations are carried out in such a way that they comply with legal requirements and ensure the protection of the rights of the data subject.

adesso also reserves the right to disclose your personal data to third parties. This is particularly in order to fulfil contractual and legal obligations. If personal data are transferred to third parties, we ensure that this is done exclusively in accordance with the legal requirements.

5. Processing of data in so-called third countries

Your personal data will generally be processed in Switzerland or within the EU or the European Economic Area ("EEA").

Only in exceptional cases (e.g., in connection with the involvement of service providers for the provision of web analytics services) may information be transferred to so-called "third countries". "Third countries" are countries outside Switzerland or the European Union and/or the EEA which, from Switzerland's perspective, do not have adequate data protection legislation.

If the information transferred also includes personal data, we will ensure prior to such transfer by means of sufficient guarantees that an adequate level of data protection is ensured by the respective recipient in the third country or that you have given your consent to this or, if the GDPR is applicable, another permissible circumstance (e.g., Art. 49 GDPR) exists.

An adequate level of data protection can be ensured by concluding the so-called "EU standard contractual clauses (SCC)" and/or by taking additional technical and organizational measures. We can provide you with further information on the appropriate and adequate safeguards to ensure an adequate level of data protection upon request; the contact details can be found at the beginning of this data protection information.

6. Data deletion and storage period

Personal data is inactivated and, if technically possible, archived or deleted as soon as the purpose of processing ceases to apply. Further processing of the data after the purpose of processing has ceased to apply will only be carried out if this is provided for by law (e.g., to comply with statutory retention obligations) and/or if adesso has a legitimate interest in storing the data (e.g., for the purpose of legal defense against any claims).

7. Data subject rights

The DSG and, where applicable, the GDPR grant the person affected by a processing of personal data certain rights (so-called “data subject rights”). The individual data subject rights are explained in more detail in Section XI. If you would like to exercise one or more of these rights, you can contact us at any time. To do so, use the contact options provided in Section II.

Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected (hereinafter referred to as "log data"):

• Information about the browser type and version used
• The operating system of the user
• The IP address of the user
• Date and time of access
• Websites from which the user's system accesses our website
• Websites that are accessed by the user's system via our website

It is not possible for us to identify you by means of this data alone. For this, we would also require the data stored by third parties, in particular the data stored by your internet provider. This provider knows which specific internet connection was provided with the stored IP address at the time of the stored visit. If several users use one internet connection, it is not possible to determine the specific user using the IP address alone. Your internet provider is generally not authorized to disclose the data it holds to us. Only in the case of illegal behavior related to your IP address (e.g., an attack on our systems via your IP address) would we pass on the stored data to the law enforcement authorities, if necessary, who can then establish your identity, taking into account the data of your internet provider.

1. Purpose and legal basis

The log data, in particular the IP address, is collected and processed for the purpose of providing the user with the content contained on our website, i.e., for the purpose of communication between the user and our web or online offer. A temporary storage of the IP address is necessary for the duration of the respective communication process. This is required for addressing the communication traffic between the user and our web and/or online offer or is required for the use of our web and/or online offer. The legal basis for this data processing, if applicable, is Art. 6 para. 1 (b) and (f) GDPR.

Any processing and storage of the IP address in log files that goes beyond the communication process is carried out for the purpose of ensuring the functionality of our web and online offers, for the purpose of optimizing these offers, and for ensuring the security of our information technology systems. Insofar as the GDPR is applicable, Art. 6 para. 1 (f) GDPR (safeguarding legitimate interests) serves as the legal basis.

2. Data deletion and storage period

The data are deleted as soon as no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session – the website visit – has ended. Any additional storage of log data, including the IP address, for the purpose of system security takes place for a maximum period of seven days from the end of the page access by the user. A further processing and/or storage of log data is possible and permissible, provided that the IP addresses of the users are deleted after the expiry of the aforementioned storage period of seven days or are distorted in such a way that an assignment of the log data to an IP address is no longer possible.

3. Possibility of objection and removal

The collection of log data for the provision of the website including their storage in log files within the aforementioned limits is absolutely necessary for the operation of the website. There is therefore no possibility of objection on the part of the user. The processing of log data for analysis purposes deviates from this and depends on the web analysis tools used and the type of data analysis (personal / anonymous / pseudonymous) in accordance with Section VII.

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. Cookies do not contain any programs and cannot place any malicious code on your computer. When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Our cookies do not contain any personal data, so your privacy is protected.

Depending on the respective type of cookie and the possibility of assigning a cookie to an IP address, it is generally possible to establish a personal reference to the user. We do not make such an assignment, and IP addresses are anonymized immediately in order to exclude such an assignment (see in detail under Section VIII).

We distinguish between (i) technically necessary cookies, (ii) analysis cookies and (iii) third-party cookies:

(i) We use technically necessary cookies to make our web and/or online offer more user-friendly. The following data are stored in technically necessary cookies and transmitted to our systems:

"branch id": This cookie is used to remember the branch when clicking on branches in the navigation, and then permanently displays this branch navigation point in the primary navigation until another branch is selected. After the end of the session, the cookie expires.

"adesso-saved-pages": This contains information on all saved pages (link, image, headline, descriptive text) when the user presses the "Save page" button. This is currently valid for 30 days and is extended if a new page is added or deleted during this time.

(ii) We use analysis cookies (also known as session cookies) to analyze the surfing behavior of users on our web and/or online offers for the purpose of advertising, market research or to design our offers in line with requirements. Such analysis may include, among other things, the following:

• Frequency of page views
• Use of website functions such as forms
• Visiting hours
• Search terms entered
• Number of sessions
• Origin of the visitors
• Bounce rate
• Pages per session
• Browser and operating system

The data about users collected in this way are anonymized by technical precautions. It is then no longer possible to assign the data to the calling user.

(iii) Third-party cookies are cookies that are not provided by our web servers but by third-party providers. This includes, for example, the integration of the "Like" button. When this button is clicked, Facebook places its "own" cookie in the user's browser. Third-party cookies can never be searched for and/or evaluated by us.

The third-party providers are solely responsible for the use of such cookies; there is no possibility for us to influence their use and processing; you can prevent third-party cookies from being set by taking the measures described in Section VII.3 and Section VIII.

1. Purpose and legal basis

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. We require technically necessary cookies for the following applications:

- Target group-oriented presentation of information and navigation control

- For the use of the "Saved Pages" function

The user data collected through technically necessary cookies are not used to create user profiles. The legal basis for the use of technically necessary cookies is, if applicable, Art. 6 para. 1 (b) GDPR, insofar as the possibility of establishing a personal reference to the user exists and the use is necessary for the purpose of providing our web and/or online offers in terms of contract fulfilment; otherwise, if the GDPR is applicable, Art. 6 para. 1 (f) GDPR forms the legal basis, as the use is also for the purpose of safeguarding legitimate interests for the purpose of providing web and/or online offers.

Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer (see above).

2. Data deletion and storage period

Cookies are stored on the respective end device of the user (smart device/PC) and transmitted from there to our website. A distinction is made between so-called permanent cookies and session cookies. Session cookies are stored for the duration of a browser session and deleted when the browser is closed. Permanent cookies are not deleted when the respective browser session is closed but are stored on the user's end device for a longer period of time. You can find an overview of the cookies used under "VI. Use of cookies".

3. Possibility of objection and removal

When accessing our website, users are informed about the use of cookies by an information banner. You have the option of allowing us to use all cookies or rejecting their use in part or in full.

As a user, you have full control over the use and storage of cookies. By changing the settings in your internet browser, you can generally deactivate or restrict the transmission of cookies. You can delete cookies that have already been stored at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent. You can find more information on the use of cookies at http://www.meine-cookies.org/ or youronlinechoices.com.

You can object to the use of cookies to create pseudonymous usage profiles (see above for analysis cookies) at any time with effect for the future; you can exercise your right of objection via the info banner or via the aforementioned settings options of your browser.

In order to optimize our websites and adapt them to the changing habits and technical requirements of our users, we use tools for so-called web analysis. We measure, for example, which elements are visited by users, whether the information they are looking for is easy to find, etc. This information only becomes interpretable and meaningful when a larger group of users is considered. For this purpose, the collected data are aggregated, i.e., combined into larger units.

This way we can adapt the design of pages or optimize content if, for example, we find that a relevant proportion of visitors are using new technologies or cannot find an existing piece of information or find it difficult to find.

We carry out the following analysis or use the following web analysis tools on our web and online offers:

1. Analysis of log data

Log data are used for analysis purposes exclusively on an anonymous basis; in particular, they are not linked to personal data of the user and/or to an IP address or a cookie. Such an analysis of log data is therefore not subject to the data protection provisions of the DSG or, if applicable, the GDPR.

2. Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses "cookies", which enable an analysis of the use of the website by our customers on a pseudonymous and/or anonymous basis. The use of Google Analytics takes place, insofar as the GDPR is applicable, on the basis of consent (Art. 6 para. 1 (a) GDPR).

The information generated by the cookie regarding your use of the website will be transmitted to and stored by Google on servers in the United States of America. In the case of activation of IP anonymization on this website, however, your IP address will be shortened by Google within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google uses the aforementioned information to evaluate the use of the website on our behalf, to compile reports on website activity, and to provide other services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

3. Piwik PRO

Our website uses the web analytics service Piwik PRO. Piwik PRO uses technologies that enable the recognition of the user across pages for the analysis of user behavior (e.g., cookies or device fingerprinting). The provider of this technology is Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin, Germany, website: https://www.piwikpro.de (hereinafter "Piwik PRO").

The information collected by Piwik PRO about the use of our website is stored on the provider's server. The IP address is anonymized before storage.

With the help of Piwik PRO, we are able to collect and analyze data about the use of our website by website visitors. This enables us to find out, among other things, when which page views were made and from which region they came. We also collect various log files (e.g., IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g., clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 para. 1 (f) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 (a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g., device fingerprinting) as defined by the Telecommunications-Telemedia Data Protection Act TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz). The consent can be revoked at any time.

IP anonymization

We use IP anonymization for the analysis with Piwik PRO. In this case, your IP address is shortened before analysis so that it can no longer be clearly assigned to you.

Job processing

We have concluded a contract on order processing (AVV) with the abovementioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

4. Google Tag Manager

Google Tag Manager is a solution with which tags can be managed via an interface, e.g., for Google Analytics. The Tag Manager does not process any personal user data. Further information on the processing of personal user data can be found in the usage guidelines: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

On our website we offer various services for which registration via forms is necessary. In detail:

1. Newsletter

a) Registration

If you would like to receive our newsletter, we require a valid email address from you. In order to be able to check whether you are the owner of the specified email address or whether its owner agrees to receive the newsletter, we send an automated email to the specified email address after the first registration step (so-called double opt-in). Only after confirmation of the newsletter registration via a link in the confirmation email do we include the specified email address in our distribution list. We do not collect any further data beyond the email address and the details for confirming the registration. Registrations are logged in order to be able to prove the process in accordance with legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address at the shipping service provider.

b) Dispatch with Inxmail

The newsletter dispatch and the double-opt-in process are carried out via the software of the company Inxmail GmbH (Wentzingerstr. 17, 79106 Freiburg, www.inxmail.de). Inxmail is a service with which, among other things, the dispatch of newsletters is organized and analyzed. The data you enter for the purpose of receiving the newsletter is stored on Inxmail's servers in Germany. Voluntary details such as title, first name and surname are only used to personalize the newsletter. For analysis purposes, we use so-called newsletter tracking in our newsletters. In this process, recipient actions (e.g., opening a mailing, clicking on text and image links, downloading images with an email program) are recorded and stored anonymously for statistical purposes. It is not possible to draw conclusions about individual users from the stored data.

We have concluded an order processing agreement with Inxmail, in which we oblige Inxmail to protect our customers' data, not to process it for its own purposes, and not to pass it on to third parties.

Your data is processed exclusively for the purpose of sending the newsletter you have ordered. The legal basis for this processing, if applicable, is Art. 6 para. 1 (a) or f GDPR. You can cancel the receipt of our newsletter at any time, i.e., revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter; the explanations on the right to revoke consent under Section IV.3 apply in addition.

2. Download of information material

On our website we offer a variety of materials such as white papers or studies that can be downloaded free of charge. In order to send you the desired documents, we require your email address. In addition, you can provide further voluntary information such as your first name, surname and company. If you agree in the form to be contacted by email or telephone, we will send an automated email to the specified email address after the first registration step (so-called double opt-in). Only after confirmation of the contact data via a link in the confirmation email will the data provided be stored in our systems. You can revoke this consent at any time by sending an email to datenschutz@adesso.de. Registrations are logged in order to be able to prove the process in accordance with legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address at the shipping service provider. If you do not consent to being contacted, your data will be automatically deleted after 60 days. The dispatch of materials and the double opt-in process described above are also carried out via the service provider Inxmail.

Marketing automation

We use a marketing automation tool to carry out marketing campaigns, for analysis purposes and to address customers and potential customers in a target group-specific manner. The tool is used to provide landing pages, contact, registration and download forms, to send emails and to analyze form activities and click behavior.

Microsoft Dynamics 365 Marketing

The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (hereinafter Microsoft).

The system components integrated in our online offer (e.g. forms) use so-called "cookies", which are stored on the user's computer and which enable an analysis of the use of the website by us. In particular, the following information is recorded: client id, geographical location, type of browser, duration of visit and pages viewed.

The use of Microsoft Dynamics 365 Marketing is based on Art. 6 (1) (f) GDPR, where applicable. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. Insofar as corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 (a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g., device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time. For more information on privacy, users should refer to Microsoft's privacy policy at https://privacy.microsoft.com/en-gb/privacystatement. For more information on the use of cookies in connection with the system, users can visit https://learn.microsoft.com/en-gb/dynamics365/marketing/cookies.

Job processing

We have concluded a contract on order processing (AVV) with the abovementioned provider. This is a contract required by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. Registration for events

We offer the possibility to register for our events on our website. As part of the registration process, we require the first and last name, company name and email address. The data are used, among other things, to provide interested parties with information about the event before, during and after the event.

The processing of your personal data, if applicable, is based on Art. 6 para. 1 (a) GDPR. You can revoke your consent at any time. The explanations on the right to revoke consent under Section IV.3 apply in addition. Without consent, participation in the events is not possible.

Your personal data will only be used for the purpose of advertising and/or marketing if you have given your consent (if applicable, Art. 6 (1) (a) GDPR) or if there is another legal basis that permits advertising and/or marketing even without consent.

1. Google Ads

We use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on the basis of your consent (if applicable, Art. 6 para. 1 (a) GDPR).

We use the online advertising program "Google AdWords" on our website and, in this context, conversion tracking. Google Conversion Tracking is an analysis service provided by Google Inc. When you click on an ad placed by Google, a cookie for conversion tracking is stored on your computer. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we will be able to recognize that you clicked on the ad and were redirected to that page. Each Google AdWords customer receives a different cookie. Thus, there is no possibility that cookies can be tracked across AdWords customers' websites.

The information obtained with the help of the conversion cookie is used to create conversion statistics. This tells us the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified.

You have the right to object to the processing of personal data concerning you. To do this, you can prevent the storage of cookies by selecting the appropriate technical settings in your browser software. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent. You will then not be included in the conversion tracking statistics.

Furthermore, you can deactivate personalized advertising for you in Google's advertising settings. You can find instructions on how to do this at https://support.google.com/ads/answer/2662922?hl=en.

Further information and Google's privacy policy can be found on the following links:

https://policies.google.com/privacy?gl=de&hl=en

https://policies.google.com/technologies/ads?hl=en

https://adssettings.google.com/authenticated

Bing Ads

On our pages, we use the conversion tracking of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Bing Ads stores a cookie on your computer if you have accessed our website via a Microsoft Bing advertisement. In this way, we, and Microsoft Bing, can recognize that someone has clicked on an advertisement, been redirected to our website and reached a previously determined target page (conversion page). We only learn the total number of users who clicked on a Bing advertisement and were then redirected to the conversion page. No personal information about the identity of the user is disclosed.

If you do not want information about your online activity to be used by Microsoft as described above, you can refuse the setting of a cookie required for this purpose. For more information about privacy and cookies used by Microsoft and Bing Ads, visit Microsoft's website at https://privacy.microsoft.com/en-gb/privacystatement.

2. Social networks / Social media plug-ins

We have integrated buttons (plug-ins) of various social networks on our websites so that you can also use the interactive options of the social networks you use on our websites. These plug-ins provide various functions, the subject matter and scope of which are determined by the operators of the social networks. To better protect your personal data, we use a 2-click procedure. By pressing the button directly next to the respective plug-in, the plug-in is activated, which is indicated by the color change of the plug-in's button from grey to colored. You can then use the respective plug-in by clicking on the button of the plug-in. Be aware that the IP address of your browser session can be linked to your own profile with the respective social network if you are registered (logged in) there at that time. Likewise, your visit to our website can be linked to your profile with the social network if it recognizes you via a social network cookie that was previously set and is still present on your computer.

Please be aware that we are not the provider of social networks and have no influence on data processing by the respective providers. More information on the scope of data can be found under the following links or addresses:

2.1 Facebook

Plug-ins of the social network “Facebook”, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our pages. You can recognize the Facebook plug-ins by the Facebook logo or the "Like" button on our site. You can find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/.

If you activate the plug-in, a direct connection between your browser and the Facebook server is established via the plug-in. Facebook then receives the information that you have visited our site with your IP address. If you click the Facebook "Like" button while you are logged into your Facebook account, you can refer to content on our pages in your Facebook profile.

As the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook and we are not responsible for the data processing by Facebook. For more information, see Facebook's privacy policy at https://en-gb.facebook.com/policy.php.

2.2 Twitter

Functions of the social network “Twitter” are integrated on our pages. These functions are offered by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data is transmitted to Twitter. As the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. You can find more information on this in Twitter's privacy policy at https://twitter.com/en/privacy.

2.3 Instagram

Our websites use the Instagram plug-in, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plug-ins are marked with an Instagram logo, for example in the form of an "Instagram camera". An overview of the Instagram plug-ins and their appearance can be found at: https://help.instagram.com/2284971015132274?cms_id=2284971015132274

When you access a page of our website that contains such a plug-in, your browser establishes a direct connection to the Instagram servers. The content of the plug-in is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plug-ins, for example by clicking the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed there to your contacts. For the purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights in this regard and setting options for protecting your privacy, please refer to Instagram's privacy policy: https://about.instagram.com/blog/announcements/instagram-community-data-policy/

If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website. You can also prevent the loading of Instagram plug-ins with add-ons for your browser, e.g., with the script blocker "NoScript" (http://noscript.net/) - see also Section VI.3.

2.4 YouTube

Our websites use the provider YouTube to integrate videos. YouTube is operated by YouTube LLC with headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. On some pages, we also use a YouTube plug-in. When you call up a page with such a plug-in, a connection to the YouTube servers is automatically established and the plug-in is displayed. The YouTube server is informed of which of our Internet pages you have visited. If you are a YouTube member and logged into YouTube at the same time as visiting our site, YouTube can assign this information to your personal user account. When using the plug-in, such as clicking on the start button of a video, this information is also assigned to your user account.

If you do not wish such allocation, you can prevent this by logging out of your YouTube user account and other user accounts of YouTube LLC and/or Google Inc. before using our pages; alternatively, you can delete the corresponding cookies of these companies (see Section VI.3). Further information on data processing and notes on data protection by YouTube (Google) can be found at https://policies.google.com/privacy?hl=en.

2.5 LinkedIn

Functions of the social network "LinkedIn" are integrated on our pages. These functions are offered by LinkedIn Ireland Limited, 77 Sir John Rogerson's Quay, Dublin 2, Ireland. By using the "InShare" button, the websites you visit are linked to your LinkedIn account and made known to other users. In the process, data is also transferred to LinkedIn. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. Further information on this can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy?

LinkedIn Insight Tag

Our website uses the Insight Tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data processing by LinkedIn Insight Tag

With the help of the LinkedIn Insight Tag, we receive information about the visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g., career level, company size, country, location, industry and job title) of our website visitors and so better tailor our site to respective target groups. Furthermore, we can use LinkedIn Insight Tags to ascertain whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also take place across devices (e.g., from PC to tablet). LinkedIn Insight Tag also offers a retargeting function, with which we can display targeted advertising outside the website to visitors to our website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data are then deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use them in the context of its own advertising measures. For details, please refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal basis

The use of LinkedIn Insight is based on Art. 6 para. 1. (f) GDPR. The website operator has a legitimate interest in effective advertising measures including social media. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 (a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g., device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Objection to the use of LinkedIn Insight Tag

You can object to the analysis of usage behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

2.6 Xing

Our pages include functions of the "Xing" service, which is operated by XING AG, Gänsemarkt 43, 20354 Hamburg. When you activate and use the plug-in, your browser establishes a direct connection with the Xing servers. The content of the plug-in is transmitted by Xing directly to your browser, which then integrates it into the website. By activating the plug-ins, Xing receives the information that you have accessed the corresponding page of our website. If you are logged in to Xing, Xing can assign the visit to your Xing account. The purpose and scope of the data collection and the further processing and use of the data by Xing, as well as your rights in this regard and setting options for protecting your privacy, can be found in Xing's privacy policy.

adesso Schweiz AG uses a chatbot service to offer job applicants a special application experience on our website. The chatbot is intended to open up an additional communication channel, answer simple questions, and forward more complex requests to the appropriate contact person for processing. When using the chatbot, no metadata such as IP address is stored, so that only the content of the input may allow conclusions to be drawn about the person.

The chatbot is used anonymously and can, at the customer's request, process entries that contain personal data such as name, postal address, email, telephone number or customer number. These data are processed in the interest of the customer and only used for the purpose of contacting the customer and to retrain the Natural Language Classifier model (reclassification). An automated deletion of the chat logs takes place after 60 days of retention. The chatbot service is hosted on encrypted databases in ISO-certified data centers of the IBM Cloud in Frankfurt (FFM). If applicable, your data are processed within the chatbot service on the basis of your consent (within the meaning of Art. 6 (1) (a) GDPR).

adesso Schweiz AG has no interest in the processing and storage of personal data requiring special protection within the meaning of the Data Protection Act (DSG), such as racial and ethnic origin, political opinions, religious or ideological beliefs or trade union membership, or the processing of genetic data, biometric data for the unique identification of a natural person, health data or data relating to a natural person's sex life or sexual orientation. The customer, applicant or other enquirer undertakes not to post such information in the chat.

We grant the enquirer an unlimited right to the deletion (right to be forgotten, RTBF) of their data concerning the processing of personal data within the Chatbox. To exercise this right, email with the subject "Right to be forgotten" to datenschutz@adesso.ch.

Polyfill.io

We use the Polyfill.io service of "The Financial Times Ltd" based in London, England. This enables us to reproduce content in the best possible quality even on older versions of browsers. When you access a website that uses the Polyfill service, your browser downloads all the necessary Polyfill files to display the website successfully or optimized in your browser. In order to provide the Polyfills, the service receives certain technical information from your browser, including browser details, connection information (such as your IP address) and the URL of the website that made the request to the service. The information is used to determine which Polyfills are required by your browser. The legal basis for this processing is Art. 6(1) (f) GDPR. The processing is based on our legitimate interest in enhancing your user experience, and for the general optimization of our website. The data are deleted as soon as the purpose of collection has been fulfilled. For further information on the handling of the transferred data, please refer to the Polyfill.io privacy policy at https://polyfill.io/v3/privacy-policy/.

You can prevent the collection as well as the processing of your data by Polyfill.io by deactivating the execution of script code in your browser or by installing a script blocker in your browser (you can find these, for example, at noscript.net or ghostery.com).

Our website contains a contact form which the user can use to contact us electronically. If the user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

• Title
• First name*
• Surname*
• Position
• Company
• Phone number*
• Email address*
• Field for message*
• Street/House number
• Postcode/Place

*Compulsory information required for the purpose of registration is marked with an asterisk as a mandatory field (also in the input mask).

The following data are also processed and stored at the time the message is sent:

IP address of user

Date and time of dispatch

Alternatively, it is possible to contact us via the email address provided on our website. In this case, the user's personal data transmitted with the email will be stored. Under no circumstances will the data be passed on to third parties unless we need to use third parties to process the enquiry.

1. Purpose and legal basis

The data are processed exclusively for the purpose of processing the respective enquiry or user request. The other data collected during the sending process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Insofar as data processing is carried out for the purpose of fulfilling a customer order or a customer enquiry, the legal basis for the processing of the data, insofar as applicable, is Art. 6 (1) (b) GDPR, regardless of whether contact is made via the contact form or by email. If the user has given their consent, Article 6 (1) (a) GDPR is also the legal basis for processing, if applicable. The legal basis for the collection of additional data during the sending process is Art. 6 para. 1 f. GDPR; the legitimate interest here lies in preventing misuse and ensuring system security (see Section VI.1).

2. Data deletion and storage period

The data are generally deleted as soon as no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective communication with the user has ended and/or the user's enquiry has been conclusively answered. The communication is terminated, or a final answer is given if it can be inferred from the circumstances that the matter in question has been conclusively clarified. Instead of deletion, storage with blocking takes place if further storage of the data is necessary for the reasons stated in Section III.4.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

3. Possibility of objection and removal

The user has the option at any time to cancel the communication with us and/or withdraw the request and object to a corresponding use of their data. In such a case, the communication cannot be continued. All personal data stored in the course of contacting us will be deleted in this case, subject to further storage of the data for the reasons stated in Section IV.6.

4. Use of Google reCAPTCHA

To ensure sufficient data security when submitting forms, we use the reCAPTCHA service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland in certain cases. This is primarily to distinguish whether the input is made by a natural person or improperly by machine and automated processing. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. Further information on the data protection guidelines of Google Inc. can be found at https://policies.google.com/privacy?hl=en.

We publish current job advertisements of adesso Schweiz AG on our website. You can apply to us by post, email or by using the online application form.

Our website contains an application form which the user can use for electronic applications. If the user makes use of this option, the data entered in the input mask will be transmitted to us and stored.

As part of the application process, in addition to the form of address, title, surname and first name, the usual correspondence data such as postal address, email address and telephone numbers and date of birth are stored. In addition, during the application process, we process application documents such as covering letter, curriculum vitae/résumé, education and training qualifications, references, and a photograph.

These data will only be stored, evaluated, processed or forwarded internally as part of the application. We will not process application documents for other purposes or pass them on to third parties.

If you start with us at adesso, your application documents, or at most excerpts thereof, will be placed in your personnel file. If you have applied but receive a negative reply, your details will be stored for another six months after the application process has been completed, and then deleted.

If we are unable to offer you the position you have applied for, we reserve the right to keep your application documents in the event that another suitable position becomes available. Before we do this, however, we will contact you and ask for your consent to keep your application documents.

The persons affected by the data processing on our website are entitled to the following data protection rights according to the DSG and, if applicable, according to the GDPR:

1. Right of access (if applicable, Art. 15 GDPR)

You have the right to request information on whether or not we are processing personal data relating to you. If personal data relating to you are processed by our company, you have the right to information about:

The identity and contact details of the responsible person

The personal data being processed as such

The purposes of processing

The retention period of the personal data or, if this is not possible, the criteria for determining this period

The available information on the origin of the personal data, insofar as it has not been obtained from you

Where applicable, the existence of an automated individual decision and the logic on which the decision is based

Where applicable, the recipients or categories of recipients to whom personal data are disclosed

If your data are disclosed to recipients abroad, we will also inform you of the countries to which the data is disclosed and how appropriate data protection is ensured.

Furthermore, if the GDPR applies, you have the right to be informed whether your personal data are the subject of automated decision-making within the meaning of Article 22 of the GDPR and, if this is the case, which decision-making criteria form the basis of such automated decision-making (logic) and what effects and scope the automated decision may have for you.

You have the right to request a copy of your personal data. We generally provide copies of data in electronic form unless you have indicated otherwise.

To ensure that we do not disclose information about the data concerning you to unauthorized persons, we must identify you before providing the information. We therefore ask you to enclose a copy of your identity document with your request. The first copy is free of charge; a reasonable fee may be charged for further copies. The provision is subject to the rights and freedoms of other persons who may be affected by the transmission of the data copy. Provided that your request does not conflict with any legal obligations or other overriding interests, we will provide you with the information within 30 days.

2. Right of rectification (if applicable, Art. 16 GDPR)

You have the right to demand that we correct your data if they are incorrect, inaccurate and/or incomplete; the right to correction includes the right to completion through supplementary declarations or notifications. Correction and/or completion must be carried out immediately - i.e., without culpable hesitation.

3. Right to erasure (if applicable, Art. 17 GDPR)

You have the right to request that we delete your personal data insofar as:

The personal data are no longer necessary for the purposes for which they were collected and processed.

The data processing is based on consent given by you and you have revoked the consent unless there is another legal basis for the data processing.

You have objected to data processing (if applicable) pursuant to Art. 21 GDPR and there are no overriding legitimate grounds for further processing.

You have objected to data processing for the purpose of direct marketing (if applicable) pursuant to Art. 21 (2) GDPR.

Your personal data have been processed unlawfully.

It is data of a child collected in relation to information society services (if applicable) pursuant to Art. 8(1) GDPR.

A right to delete personal data does not exist as soon as the right to freedom of expression and information precludes the request for deletion.

The processing of personal data is necessary (i) for compliance with a legal obligation (e.g., legal retention obligations), (ii) for the performance of public tasks and interests under Union law and/or EU Member State law (this includes public health interests) or (iii) for archiving and/or research purposes.

The personal data are necessary for the assertion, exercise or defense of legal claims.

The deletion must take place immediately - i.e., without culpable delay. If personal data have been made public by us (e.g., on the Internet), we must ensure, as far as is technically possible and reasonable, that third party data processors are also informed of the deletion request, including the deletion of links, copies and/or replications.

4. Right to restriction of processing (if applicable, Art. 18 GDPR)

You have the right to have the processing of your personal data restricted in the following cases:

If you have disputed the accuracy of your personal data, you can demand that your data not be used for other purposes for the duration of the accuracy check and be restricted in this respect.

In the event of unlawful data processing, instead of data deletion (if applicable) under Art. 17(1)(d) of the GDPR, you may request restriction of data use under Art. 18 of the GDPR.

If you need your personal data for the assertion, exercise or defense of legal claims, but your personal data is otherwise no longer required, you may request us to restrict processing to the aforementioned legal pursuit purposes.

If you have objected to data processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether our interests in processing outweigh your interests, you may request that your data not be used for other purposes for the duration of the review and be restricted to this extent.

Personal data the processing of which has been restricted at your request may – subject to retention – only be processed (i) with your consent, (ii) to assert, exercise or defend legal claims, (iii) to protect the rights of other natural or legal persons, or (iv) for reasons of important public interest. In the event that a restriction on processing is lifted, you will be informed in advance.

5. Right to data portability (if applicable, Art. 20 GDPR)

If the legal requirements are met, you can ask our data controller to hand over your personal data in a standard electronic format or to transfer your personal data to another data controller.

6. Right to object (if applicable, Art. 21 GDPR)

In the case of processing of personal data for the performance of tasks in the public interest (Art. 6 para. 1 (e) GDPR) or for the performance of legitimate interests (Art. 6 para. 1 (f) GDPR), you may object to the processing of personal data relating to you at any time with effect for the future. In the event of an objection, we must refrain from any further processing of your data for the aforementioned purposes, unless further processing is required due to legal obligations or overriding interests.

7. Legal protection options / Right to complain to a supervisory authority

In the event of complaints, you can contact the competent supervisory authority at any time. The competent supervisory authority in Switzerland is the Data Protection and Information Commissioner (FDPIC).

We reserve the right to change this privacy policy at any time. The version published on our website shall apply.