top of page

Privacy policy

Preamble

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").


The terms used are not gender-specific.

​

The following text has been machine translated. The original text in German applies.


Status: 7 July 2024

Table of contents

  • Preamble

  • Controller

  • Overview of the processing operations

  • Relevant legal bases

  • Security measures

  • Provision of the online offer and web hosting

  • Contact and enquiry management

  • Presence in social networks (social media)

  • Processing of data in the context of employment relationships

Person responsible

Ursula Lee
Blumenbergstrasse 28
8634 Hombrechtikon, Schweiz

​

E-mail address: info@ulee.ch

Overview of processing

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  • Inventory data.

  • Employee data.

  • Contact data.

  • Content data.

  • Usage data.

  • Meta, communication and process data.

  • Log data.

Categories of affected persons

  • Employees.

  • Communication partners.

  • Users.

Purposes of the processing

  • Communication.

  • Security measures.

  • Organisational and administrative procedures.

  • Feedback.

  • Provision of our online services and user-friendliness.

  • Establishment and implementation of employment relationships.

  • Information technology infrastructure.

  • Public relations.

  • Business processes and business management procedures.

Relevant legal bases

Relevant legal bases according to the Swiss Data Protection Act: If you are located in Switzerland, we process your data on the basis of the Federal Act on Data Protection ("Swiss FADP" for short). Unlike the GDPR, for example, the Swiss FADP does not generally require that a legal basis for the processing of personal data be specified and that the processing of personal data be carried out in good faith, lawfully and proportionately (Art. 6 para. 1 and 2 of the Swiss FADP). In addition, personal data is only obtained by us for a specific purpose recognisable to the data subject and only processed in a way that is compatible with this purpose (Art. 6 para. 3 of the Swiss FADP).

Safety measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

​​

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

Provision of the online offer and web hosting

We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

​​

  • Processed data types: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, persons involved). Log data (e.g. log files relating to logins or the retrieval of data or access times).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.

  • Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

​

Further information on processing processes, procedures and services:

 

  • Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the event of abusive attacks, so-called DDoS attacks), and to ensure the utilisation of the servers and their stability; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further storage is required for evidentiary purposes is excluded from erasure until the respective incident has been finally clarified.

Contact and enquiry management

When contacting us (e.g. by post, contact form, email, telephone or via social media) and in the context of existing user and business relationships, the data of the enquiring persons are processed insofar as this is necessary to answer the contact enquiries and any requested measures.

​​

  • Processed data types: inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).

  • Data subjects: Communication partners.

  • Purposes of processing: Communication; organisational and administrative procedures; feedback (e.g. collecting feedback via online form). Provision of our online services and user-friendliness.

  • Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

​​

Further information on processing processes, procedures and services:

 

  • Contact form: When contacting us via our contact form, by e-mail or other communication channels, we process the personal data transmitted to us to answer and process the respective request. This generally includes details such as name, contact information and any other information that is provided to us and is required for appropriate processing. We use this data exclusively for the stated purpose of establishing contact and communication; legal basis: fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

​​

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce user rights.

​​

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the resulting interests of users. The latter may in turn be used, for example, to place adverts within and outside the networks that presumably correspond to the interests of the users. Cookies are therefore generally stored on users' computers, in which the user behaviour and interests of the users are stored. In addition, data can also be stored in the user profiles independently of the devices used by the users (especially if they are members of the respective platforms and are logged in there).

​​

For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.

​​

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

​​

  • Types of data processed: Contact data (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or time of creation). Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of Processing: Communication; Feedback (e.g. collecting feedback via online form). Public relations work.

  • Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

​

Further information on processing processes, procedures and services:

​

  • Instagram: Social network that allows you to share photos and videos, comment on and favourite posts, send messages, subscribe to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for third country transfers: Adequacy decision (Ireland).

  • Facebook pages: Profiles within the social network Facebook - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see under "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under "Device information" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, known as "Page Insights", for page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data). The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transfer of data to the parent company Meta Platforms, Inc. in the USA; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for third country transfers: Adequacy decision (Ireland).

Processing of data in the context of employment relationships

In the context of employment relationships, personal data is processed with the aim of effectively organising the establishment, implementation and termination of such relationships. This data processing supports various operational and administrative functions that are necessary for the management of employee relations.

​​

The data processing covers various aspects ranging from contract initiation to contract termination. This includes the organisation and administration of daily working hours, the administration of access rights and authorisations as well as the handling of personnel development measures and employee appraisals. The processing is also used for payroll accounting and the administration of wage and salary payments, which are critical aspects of contract fulfilment.

​​

In addition, data processing takes into account the legitimate interests of the employer responsible, such as ensuring safety in the workplace or recording performance data to evaluate and optimise operational processes. Data processing also includes the disclosure of employee data as part of external communication and publication processes, where this is necessary for operational or legal purposes.

​​

This data is always processed in compliance with the applicable legal framework:

​​

  • Processed data types: Employee data (information on employees and other persons in a company)

  • Data subjects: Employees (e.g. employees, applicants, temporary staff and others).

  • Purposes of processing: Establishment and performance of employment relationships (processing of employee data in the context of establishment and performance). Business processes and business management procedures.

  • Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Processing of special categories of personal data relating to healthcare, employment and social security (Art. 9 para. 2 lit. h) GDPR).

​​

Further information on processing processes, procedures and services:

​

  • Deletion of employee data: Employee data in Switzerland is deleted when it is no longer required for the purpose for which it was collected, unless it must be retained or archived due to legal obligations or due to the interests of the employer. The following retention and archiving obligations are observed:

    • 10 years - retention period for books and records, annual financial statements, inventories, annual reports, opening balance sheets, accounting vouchers and invoices as well as all necessary work instructions and other organisational documents (Art. 958f of the Swiss Code of Obligations (CO)).

    • 10 years - Data required for the consideration of potential claims for damages or similar contractual claims and rights, as well as for the processing of related enquiries based on past business experience and common industry practices, are stored for the statutory limitation period of ten years, unless a shorter period of five years is applicable, which is relevant in certain cases (Art. 127, 130 CO). Claims expire after five years for rent, lease and capital interest payments and other periodic services, for the supply of food, for catering and hospitality debts as well as from craft services, retail sale of goods, medical care, professional work of lawyers, legal agents, attorneys and notaries and from the employment relationship of employees (Art. 128 CO).

bottom of page