DATA PRIVACY

The protection of your personal data is of particular importance to us. Therefore, your data are processed by us exclusively in accordance with the relevant legal provisions (Swiss Data Protection Act (DSG), European General Data Protection Regulation (GDPR), German Federal Data Protection Act (BDSG), German Telecommunications Digital Services Data Protection Act (TDDDG)). With this Privacy Policy, we would like to inform you about the most relevant aspects of data processing when using this website, when sending us application documents or in connection with our newsletter, including, in particular, the scope, purpose of and legal basis for processing.

We may amend this Privacy Policy at any time with effect for the future.

We therefore recommend that you check the Privacy Policy regularly.

1 Controller

Controller of the data processing within the meaning of data protection law is:
ACLARIS GmbH, Lindau, Rebstein branch office (Zweigniederlassung) (hereinafter ACLARIS)
CH- 9445 Rebstein
Telephone: +41 71 7759 274
E-Mail: info@aclaris-water.com

2 Name and address of data protection officer

Data protection officer of ACLARIS is:
Priverion GmbH
Europaallee 41
8021 Zürich, Schweiz
Telephone: +41 44 586 97 90
E-Mail: hello@priverion.com

3 Provision of website, log files
3.1 Description and scope of data processing
When the ACLARIS website is used for information purposes only, we collect personal data, which is automatically transmitted to our server by the user’s browser. The processing of such data is necessary to display our website to the user and to ensure the website’s stability and security. In this respect, the following data are collected:
(a) IP address
(b) Date and time of the request
(c) Content of the request (specific page)
(d) Access status/HTTP status code
(e) Website from which the resource has been requested (referrer URL)
(f) Web browser and operating system
(g) Language and version of the browser software
(h) Type of device used
The user’s IP address is transmitted when a page view is sent, anonymised directly after transmission and processed without any personal reference. The data are stored in the log files of our system. Such data are neither merged with other personal data of the user nor are they analysed for marketing purposes.
3.2 Purpose of and legal basis for data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
The legal basis for the processing is our legitimate interest in displaying our content to the user and ensuring the stability and security of the website (Art. 6 (1) lit. f GDPR and Art. 31 para. 1 DSG).
3.3 Duration of storage
The data are erased as soon as they are no longer required to fulfil the purpose for which they were collected. If data are collected for providing a website, this is the case when the respective session has ended. Data stored in log files are stored for a period of 8 weeks.
4 Contact form and contact by e-mail
4.1 Description and scope of data processing
There is a contact form on our website which may be used to contact us electronically. If a user makes use of this option, we process the name of the user, his/her e-mail address, the company name, the time of contact and other data entered in the input mask and transmitted to us.
Alternatively, contact can be made via the e-mail address provided. In this case, the user’s personal data which are transmitted with the e-mail are stored including data and time of the e-mail.
4.2 Purpose of and legal basis for data processing
The personal data is processed for the purpose of responding to the contact and further communication, where applicable.
The legal basis for the processing of the data is the user’s consent (Art. 6 (1) lit. a GDPR and Art. 31 para. 1 DSG, respectively). If contact is made with the intention to enter into a contract, the additional legal basis is the implementation of pre-contractual measures (Art. 6 (1) lit. b GDPR and Art. 31 para. 2 lit. a DSG, respectively).
4.3 Duration of storage
The data will be erased as soon as they are no longer required to fulfil the purpose for which they were collected and the erasure does not conflict with any statutory retention obligations.
5 Applications
5.1 Description and scope of data processing
If you apply to us as an intern or employee, we process the data you provide, in particular, your master and contact data as well as your CV, cover letter, references and our internal notes on the application process. We do not ask for and do not process any special categories of personal data (particularly sensitive data), such as data concerning health or your religious denomination, unless you provide us with such information without being asked or because you want us to take into account special legal requirements (law on severely disabled persons).
5.2 Purpose of and legal basis for data processing
We process the data collected as part of an application process in order to review the application, conduct and document interviews and contact applicants to inform them of our decision on the application.
The legal basis for the processing of such data is the implementation of pre-contractual measures (Art. 6 (1) lit. b GDPR and Art. 31 para. 2 lit. a DSG, respectively) or a consent to the continued processing of data given in view of future vacancies (Art. 6 (1) lit. a GDPR or Art. 31 para. 1 DSG).
5.3 Duration of storage
We store applicant data for as long as it is required for the aforementioned purposes and erase the data relating to rejected applications within 6 months as of notification of our decision, unless the applicant has consented to longer storage in view of possible future vacancies. In case an application is successful, the respective applicant data will be transferred to the personnel file.
6 Cookies/analytic tools
6.1 Google Analytics
(a) Description and scope of data processing
We use the web analytics service Google Analytics from Google Ireland Limited with which we can measure the advertising return on investment “ROI” and track user behaviour with video, websites and applications.
The contact details of the provider of the web analytics service are:
Google Ireland Limited
Google Building Gordon House
4 Barrow St, Dublin, D04 E5W5, Ireland
The contact details of the data protection officer of Google Ireland Limited are available at https://support.google.com/policies/contact/general_privacy_form.
When you visit our website, Google Ireland Limited collects personal data by means of cookies, pixels and JavaScript which are automatically transmitted to Google Ireland Limited by the user’s browser.
Users of our website who do not want their data to be used in Google Analytics can download and install a browser add-on developed by Google Analytics for their web browser. The add-on and further information are available at https://tools.google.com/dlpage/gaoptout?hl=de.
The processing of personal data is required for the analysis of user behaviour and for marketing development. In this respect, the following data are collected:
(i) Page views
(ii) First visit to the website
(iii) Start of the session
(iv) Websites visited
(v) Your ‘click path’, interaction with the website
(vi) Scrolls (whenever a user scrolls to the bottom of the page (90%))
(vii) Clicks on external links
(viii) Internal search queries
(ix) Interaction with videos
(x) File downloads
(xi) Ads viewed / clicked on
(xii) Language settings
(xiii) Your approximate location (region)
(xiv) Date and time of the visit
(xv) Your IP address (in truncated form)
(xvi) Technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
(xvii) Your internet provider
(xviii) Referrer URL (via which website/advertising medium you accessed this website)
The data collected are transmitted to the following recipients:
(i) Alphabet Inc.
(i) Google LLC
(ii) Google Ireland Limited
If this service is used, the collected data may be transferred to another country. Please note that, in the context of this service, the data may be transferred to a country that does not have the necessary data protection standards. A list of the countries to which the data are transferred may be found below. For more information on security measures, please refer to Google Ireland Limited’s privacy policy or contact Google Ireland Limited directly.
For the USA, the European Commission has adopted its adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are located all over the world and a transfer to third countries (such as, for example, Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider. An adequacy decision also exists for Japan.
Click here to read the data processor’s privacy policy: https://policies.google.com/privacy?hl=de https://policies.google.com/privacy?hl=de
Click here to read the data processor’s cookie policy: https://policies.google.com/technologies/cookies?hl=de https://policies.google.com/technologies/cookies?hl=de
Click here for revocation on all domains of the processing company: https://safety.google/privacy/privacy-controls/ https://safety.google/privacy/privacy-controls/
(b) Purpose of and legal basis for data processing
The personal data are processed for the purpose of analysing user behaviour in relation to flash, video, websites and applications as well as for the development of marketing by optimisation of the website and advertising measures.
The legal basis for the processing of the data is the user’s consent (Art. 6 (1) lit. a GDPR, section 25 para. 1 sentence 1 TDDDG and Art. 31 para. 1 DSG, respectively).
(c) Duration of storage
Google Analytics stores cookies in the user’s web browser for a period of two years from the last visit to the website.
The recorded data are stored together with a randomly generated user ID. According to Google, certain user-related data, such as age, gender or interests, are deleted by default if the respective user has been inactive for two months. Other user-related data are automatically deleted after 14 months. Other data remain stored in aggregated form for an unlimited period.
6.2 Google Tag Manager
(a) Purpose of and legal basis for data processing
We use Google Tag Manager on our website for tag management. Google Tag Manager is a tag management system provided by Google Ireland Limited. Google Tag Manager allows website tags to be centrally integrated via a user interface. Tags are small code sections that can track activities. Script codes from other tools are integrated via the Google Tag Manager. The Tag Manager makes it possible to control at what time a specific tag is triggered; it is therefore required for tag management.
The contact details of the platform provider are:
Google Ireland Limited
Google Building Gordon House
4 Barrow St, Dublin, D04 E5W5, Ireland
The contact details of the data protection officer of Google Ireland Limited are available at https://support.google.com/policies/contact/general_privacy_form.
The processing is required for tag management. In this respect, the following data are collected:
Aggregated data on tag triggering
The data collected are transmitted to the following recipients:
(i) Alphabet Inc.
(i) Google LLC
(ii) Google Ireland Limited
If this service is used, the collected data may be transferred to another country. Please note that, in the context of this service, the data may be transferred to a country that does not have the necessary data protection standards. You may find a list of the countries to which the data are transferred below. For more information on security measures, please refer to Google Ireland Limited’s privacy policy or contact Google Ireland Limited directly.
For the USA, the European Commission has adopted its adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are located all over the world and a transfer to third countries (such as, for example, Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider. An adequacy decision also exists for Japan.
The data may be transferred to the following third countries:
(i) United States of America
(ii) Singapore
(iii) Chile
(iv) Taiwan
(v) Japan
Click here to read the data processor’s privacy policy: https://policies.google.com/privacy?hl=de https://policies.google.com/privacy?hl=de
Click here to read the data processor’s cookie policy: https://policies.google.com/technologies/cookies?hl=de https://policies.google.com/technologies/cookies?hl=de
(b) Purpose of and legal basis for data processing
The processing of the personal data is necessary to enable tag triggering and tag management.
The legal basis for the processing is our legitimate interest (Art. 6 (1) lit. f GDPR, Art. 31 para. 2 lit. a DSG).
(c) Duration of storage
The data are erased as soon as they are no longer required to fulfil the purpose for which they were collected.
7 Newsletter
7.1 Description and scope of data processing
If we have collected your e-mail address in connection with the sale of goods or services, we may subsequently use it to send you a newsletter. In this case, only product information on similar goods or services offered by us will be sent via the newsletter. You have the possibility to object to further receipt of the newsletter at any time by clicking on the link contained in every newsletter.
Equally, you may subscribe to our free newsletter by giving your consent, which may be withdrawn at any time. The subscription to the newsletter can be cancelled by the user at any time. A link for this purpose is contained in every newsletter. If you subscribe to our newsletter, we collect and process your e-mail address and a documentation of your consent for this purpose.
Based on your consent, we can also evaluate your user behaviour when sending the newsletter. For this purpose, we work together with the provider HubSpot Inc. When you open an e-mail sent via HubSpot, a file contained in the e-mail (a ‘web beacon’) connects to HubSpot’s servers in the USA. Thus, it can be determined whether a newsletter message was opened and which links, if any, were clicked on. Moreover, technical information is collected (for example, time of access, IP address, browser type and operating system). An allocation to individual newsletter recipients is therefore possible. Such an allocation is used exclusively for the statistical analysis of newsletter campaigns.
Recipient of the data collected is HubSpot Inc., 25 1ST St Ste 200 Cambridge, Massachusetts 02141-1802 (USA). Insofar as your data are transferred to the USA, this is done on the basis of an adequacy decision in accordance with Art. 45 GDPR. HubSpot has certified itself in accordance with the requirements of the EU US Data Privacy Framework.
If you do not wish to have your user behaviour analysed by Hubspot, you can unsubscribe from the newsletter using the link provided in the newsletter.
7.2 Legal basis for processing
The legal basis for sending the newsletter following a sale of goods or services is our legitimate interest, Art. 6 (1) lit. f GDPR, section 7 para. 3 German Unfair Competition Act (UWG), Art. 31 para. 1 DSG. If you have subscribed to our newsletter, the legal basis for the processing and sending of the newsletter is your consent, Art. 6 (1) lit. a GDPR, Art. 31 para. 1 DSG.
7.3 Duration of storage
The data are erased as soon as they are no longer required to fulfil the purpose for which they were collected. If you object to the further receipt of our newsletter by activating the link embedded in the newsletter or cancel a newsletter subscription, we will store some data (objection or cancellation of the newsletter, e-mail address) for a period of up to three years to ensure that no new registration takes place after an objection or cancellation of the newsletter and to thus avoid unwanted mailings.
8 Data security
To protect your personal data from unauthorised access and misuse, we take appropriate technical and organisational security measures, such as issuing instructions, training, IT and network security solutions and encryption of data carriers and transmission.
Generally, we do not collect any special categories of personal data (no particularly sensitive data). If this is still the case in exceptional cases, we will inform you thereof and obtain your consent (Art. 6 (1) lit. a GDPR, Art. 6 para. 7 lit. a DSG). Particularly sensitive personal data are exclusively processed by qualified employees who have signed a corresponding confidentiality agreement.
9 Rights of data subjects
You have the right to obtain information about the personal data stored in relation to you, including, in particular, the source of the data, the recipients and the purpose of the storage of such data. Provided that the relevant requirements are met, you also have the right to request (i) rectification of incorrect personal data, (ii) erasure of the personal data processed by us and (iii) restriction of the processing of personal data. Under applicable data protection law, you may also have the right to object to the processing of personal data on grounds relating to your particular situation. Any consent given may be withdrawn at any time.
To exercise your rights, you can contact us or our data protection officer informally at any time using the contact details provided above.
If you are of the opinion that the processing of your data violates applicable data protection law or your data protection rights have been violated in any other way, you can lodge a complaint with a competent supervisory authority at any time. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
10 Amendments
This Privacy Policy may be amended by us at any time without prior notice. Applicable is the current version published on our website. If this Privacy Policy forms part of an agreement concluded with you, we will inform you of any amendments made within the scope of an update by e-mail or other suitable means.