Last updated: October 2021
This is not a comprehensive description; specific matters may be governed by other privacy policies or general terms and conditions, terms of participation and similar documents. Personal data means all information relating to a specific or identifiable person.
1. Controller / data protection officer / representative
The person responsible for the data processing described here is HighStep Systems AG, unless otherwise specified. Should you have any concerns regarding data protection, please contact us at:
HighStep Systems AG
info@ highstepsystems . com
2. Collection and processing of personal data
We primarily process personal data belonging to our clients and business partners as well as other persons involved, along with data that we receive through our professional relationships with our clients and other business partners or data on users that we collect by operating our websites, apps and other applications.
If permitted, we also collect certain data from publicly accessible sources (e.g. the debt collection register, property register, news media, Internet) or receive this data from public authorities, other companies as a result of partnerships and other third parties (e.g. credit agencies). Along with the personal data that you provide us with directly, the categories of personal data pertaining to you that we receive from third parties includes, in particular, information from public records; information that we have access to in connection with official and legal proceedings; information in connection with your professional roles and activities (so that we can do business with your employer, for example); information about you gathered from correspondence and discussions with third parties; credit reports (if we enter into business transactions with you personally); information about you provided to us by persons close to you (family, consultants, legal representatives, etc.) in order for us to conclude or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney, etc.); information that allows us to comply with legal obligations such as combating money laundering or export restrictions; information from banks, insurance providers and our sales partners or other business partners in order for us to utilize services offered by you or for you to perform said services (e.g. remitted payments, purchases made); information about you published by the media and on the Internet (when this data is intended for a specific purpose, e.g. for a job application, in a list of authors, press review, marketing/sales, etc.); your address(es) and, where applicable, interests and other sociodemographic data (for marketing purposes); data in connection with your use of the website (e.g. your IP address, the MAC address of your smartphone or computer(s), information about your end device and settings, browser type and version, cookies, the date and time you accessed the website, pages and content viewed, functions used, referring websites, location information).
3. Purpose of and legal basis for data processing
We primarily use the personal data we collect in order to conclude and process contracts with our clients and business partners, in particular within the context of providing editorial services, carrying out advertising work on behalf of our clients and purchasing products and services from our suppliers and subcontractors, as well as to comply with our legal obligations both within Switzerland and abroad. If you work for one of our clients or business partners, your personal data may also be included in this capacity.
Furthermore, we also process your personal data and the personal data of others, insofar as this is permitted and appropriate, for the following purposes in which we (and, at times, third parties) have an interest in accordance with said purpose:
- Offers and further development of our offers, services, websites, apps and other platforms on which we maintain a presence;
- Communication with third parties and processing their inquiries (e.g. applications, media inquiries);
- Testing and optimizing processes for needs analyses for the purpose of direct client contact and the collection of personal data from publicly accessible sources for the purposes of client acquisition;
- Advertising and marketing (including holding events) as long as you have not objected to the use of your data (if we send you advertisements as an existing client, you can withdraw your consent at any time and we will then add you to a list to ensure that you no longer receive ads from us);
- Market and opinion research, media monitoring;
- Assertion of legal claims and defense in connection with legal disputes and official proceedings;
- Preventing and investigating criminal acts and other misconduct (e.g. carrying out internal investigations, data analysis for the purpose of preventing fraud);
- Ensuring the security of our company, in particular the security of our IT systems, websites, apps and other platforms;
- Video monitoring in order to preserve our domiciliary rights and other measures for IT, building and system security and for the protection of our employees and other persons as well as goods that belong to us or have been entrusted to us (e.g. physical access control, visitors lists, network and email scanners, telephone recording);
- Purchasing and sales of divisions, companies or parts of companies and other corporate transactions and, subsequently, the transfer of personal data as well as measures related to business management and compliance with legal and regulatory obligations and internal provisions for HighStep Systems AG.
If you have provided us with consent for the processing of your personal data for specific purposes (for example, when you sign up to receive newsletters or to allow us to perform a background check), we process your personal data within the context of and based on this consent as long as we do not have or require any other legal basis. Consent provided can be revoked at any time; however, this does not affect the data processing that has already occurred.
4. Cookies/tracking and other technologies in connection with the use of our website
We use standard cookies and similar technology on our websites and apps. These cookies allow us to identify your browser or end device. A cookie is a small file that is sent to your computer or automatically saved on your computer or mobile device by your browser when you visit our website or install one of our apps. If you access this website again or use our app, the cookie allows us to recognize you even if we do not know who you are. Along with cookies that are only used during a session and are deleted when your leave the website (“session cookies”), cookies can also be used to save user settings and other information for a certain period of time, e.g. two years (“permanent cookies”). You can change the settings in your browser to reject cookies, only save cookies for a single session or delete cookies at any time. Most browsers are automatically set to accept cookies. We use permanent cookies so that you can save your user settings (e.g. language, auto login), so that we can better understand how you use our offers and content, and so that we can show you information, offers and advertisements that are tailored to you (this can also occur on websites from other companies; however, we will not provide these companies with information that would allow them to identify you personally (if we should be in possession of such information) because they can only see that the person using their website is the same person who visited a specific page on one of our websites). We use certain cookies and our partners also use certain cookies. If you choose to block cookies, it is possible that some functions (e.g. language selection, auto login) will no longer work properly.
We integrate visible and, if permitted, invisible images into our newsletters and other marketing emails that can be called up on our servers and allow us to determine if and when you opened the email so that we can monitor and better understand how you use our offers in order to tailor them to you. You can block these images in your email program; most programs are automatically set to block these images.
When you use our websites and apps, subscribe to newsletters and sign up to receive marketing emails, you agree to the use of this technology. If you want to withdraw your consent to the use of this technology, you must change the settings in your browser or email program.
5. Data transfer outside of Switzerland
Within the scope of our business activities and purposes outlined in Point 3, insofar as this is permitted and appropriate, we also provide data to third parties either for them to process this on our behalf or for them to process it for their own purposes. This includes the following in particular:
- Our service providers (for example, banks, insurance providers), including sub-contractors (such as IT providers);
- Retailers, suppliers, sub-contractors and other business partners;
- Swiss and international authorities, public officials or courts;
- The media;
- The general public, including visitors to websites and social media users;
- Competitors, professional organizations, associations and other bodies;
- Buyers or persons interested in purchasing divisions, companies or other parts of HighStep Systems AG;
- Other parties in possible or actual legal proceedings;
- Other partners in companies belonging to HighStep Systems AG;
All mutual recipients.
These recipients are, in part, located within Switzerland, but could also be domiciled anywhere in the world. You must particularly be prepared for the fact that data will be transferred to all countries in which HighStep Systems AG is represented by partners or other offices as well as other countries in Europe and the US where the service providers we employ are located (for example Adobe, fonts.com, Microsoft, Nine, Typo3). If we transfer data to a country that does not have a commensurate legal data protection policy in place, we use equivalent contracts (based on the standard contractual clauses of the European Commission that can be accessed here, here and here) or what are known as binding corporate rules, as required by law, in order to ensure an adequate level of protection, or else we rely on legal exceptions in terms of consent, contract performance, the determination, exercise or implementation of rights or legal claims, overriding public interests, the published personal data or because it is required in order to protect the integrity of the affected person. You can obtain a copy of the contractual guarantees from the contact person specified in Point 1 if you are unable to access them using the link below. However, we reserve the right to redact these copies or only provide excerpts of the text for the purposes of data protection or to maintain confidentiality.
6. Storage period for personal data
We process and store your personal data for as long as required for the performance of contractual or legal obligations or as otherwise required for the purposes connected with the processing, i.e. for the entire duration of the professional relationship (from the initial contact to the actual transaction all the way to the termination of the contract), as well as beyond that point in compliance with legal retention and documentation periods. It is also possible that we will store personal data for the period in which claims against our company could be asserted or if we are legally obligated to do so for any other reason or for legitimate business interests (e.g. for the purposes of identification and documentation). If we no longer require your personal data for any of the reasons specified above, we will delete it or thoroughly anonymize it to the best of our abilities. In terms of operational data (e.g. system logs), shorter retention periods of 12 months or less generally apply.
7. Data security
We take appropriate technical and organizational measures in order to protect your personal data against unauthorized access and misuse, for example through training, IT and network security solutions, access monitoring and limitations, encoding of data media and transmissions, pseudonymization and regular checks.
8. Obligation to provide personal data
Within the context of our professional relationship, you are obliged to provide us with the personal data that we require in order to initiate and carry out a professional relationship and to comply with our corresponding contractual obligations (there is generally no legal obligation requiring you to provide us with data). Without this data, we will usually be unable to enter into or perform a contract with you (or the entity or person you represent). Our website also cannot be used without the provision of certain information to allow for data transmission (e.g. your IP address).
We process our personal data, in part automatically, with the goal of evaluating certain personal aspects (profiling). We mainly use profiling to be able to inform and advise you about our products in a targeted manner. To do this, we use evaluation tools that allow for responsive communication and advertising, including market and opinion research.
We generally do not use any automated decision-making (as described in Article 22 of the GDPR) when entering into and maintaining business relationships or for other reasons. Should we use automated decision-making in individual cases, we will inform you of this separately, provided that this is legally required, and explain your rights in this situation.
10. Rights of the data subject
In accordance with the applicable data protection legislation and to the extent specified therein (for example, in the case of the GDPR), you have the right to information, correction and deletion of your data, to restrictions on processing, to withdraw your consent to our data processing and to receive certain personal data for the purpose of transmission to a third party (data portability). Please note, however, that we reserve the right to decide whether or not to exercise the legally specified limitations, such as when we are obliged to store or process certain data, have an overriding interest in the processing or storage of this data (to the extent that we can invoke this interest) or require the data in order to assert a claim. Should this result in any costs for you, we will inform you in advance. We have already informed you about your right to withdraw your consent in Point 3. Please note that the exercising of these rights may be in conflict with contractual provisions and could result in consequences such as premature termination of said contract or in costs. We will inform you in advance if this is not already governed by the existing contract.
The exercising of these rights generally requires you to provide clear evidence of your identity (e.g. through a copy of your ID if your identity is otherwise unclear or cannot be verified). To exercise your rights, you can contact us at the address provided in Point 1.
Moreover, every affected person is entitled to assert his or her claims in court or to submit a complaint to the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).