The protection of your personal data and your privacy are very important to us. We therefore protect your data in accordance with the applicable data protection law.
This document is the joint data privacy statement of Emil Ebneter & Co. AG as well as its subsidiaries Appenzeller Alpenbitter AG, Crowning’s AG, Zafferana AG and EECO Immobilien AG (hereinafter referred to as Emil Ebneter & Co. AG) and applies to all websites, including
along with the associated sub-pages, as well as to our company accounts on LinkedIn, YouTube, Instagram and Facebook, TripAdvisor and Google Business Profiles.
Our websites are generally structured in such a way that you can visit them without having to disclose any personal data. When you visit our website, we ask for your consent to certain data processing activities, which you can accept or reject.
If you decide to disclose personal data to us, we consider it our duty to handle this personal data very carefully and within the framework of the legal requirements.
This data privacy statement is intended to provide you with comprehensive information about the data processing that we carry out and applies to all data processing by Emil Ebneter & Co. AG, regardless of whether we receive your personal data online or offline and regardless of the communication channel (such as internal company websites, other company websites on the Internet, by telephone, e-mail, post or through personal contact).
The party responsible for data processing on our channels is:
Emil Ebneter & Co. AG
Telephone: +41 71 788 37 88
E-mail address: datenschutz(at)emil-ebneter.ch
What is personal data?
Personal data (data) is any information that relates to an identified or identifiable person, which may be a natural or a legal person. Examples of such data are a name, address, telephone number or e-mail address. This term does not include anonymised data or information that does not indicate or suggest the identity or factual circumstances of an identifiable individual, such as the number of visitors to a website.
Some personal data is worthy of particularly protection. This includes data on religious, ideological, political or trade union views or activities, health, an individual’s private sphere or race, social assistance measures, administrative or criminal prosecutions and sanctions. We will process this type of data only with your explicit consent, unless another legal basis makes such data processing necessary.
What personal data does Emil Ebneter & Co. AG process and for what purpose?
Depending on the individual case, we process personal data for different purposes. In addition to other points, we use the personal data listed below for the purpose described in each case:
When you contact us or we contact you (in writing, by e-mail or by telephone), we process personal data such as your name, contact details (address, e-mail address or telephone number) and the content and date of the respective messages. This data is used to provide the requested service, give you related information, process the request and communicate with you. It is important for us that you can contact us. We may also forward messages to the responsible subsidiary or department within Emil Ebneter & Co. AG.
b) Visiting websites
We engage the services of contracted service providers in Switzerland, which we use for the purpose of designing and operating our website, and who receive your data for the purpose described above. We carefully select and commission these service providers; moreover, they are bound by our instructions and are subject to regular inspections. If data is processed outside Switzerland, we ensure through contractual means that a level of data protection appropriate for Switzerland is established. We are happy to provide information about our contracted service providers upon request.
When you use our website, we process personal data such as your IP address, log data, the time of the website visit, duration of the visit, pages viewed, device-specific information and all data that is available to us through online offerings. This may include data such as your email address, username and credit card information. Depending on the service offered, we may also process information on the use of your user account, your location or your purchasing behaviour.
We use this personal data to provide the online services and to improve our IT security. This processed data enables us to put together and process appropriate offers for you or your company and to create further offers. We also use personal data to continuously develop our online services. Through your use of the online services, we get to know you better and thus offer you individual services. Finally, we process personal data in connection with online services to better understand the behaviour and interests of our customers. You are not obliged to provide us with personal data, but without it we may not be able to process an enquiry or offer an online service.
The cookies we use are either “session cookies” (which are automatically deleted after you close your browser) or “persistent cookies” (which remain stored on your end device until a specified expiry date). We distinguish between four types of cookies that can be used:
- Essential cookies are required for the secure operation of our website. They enable us to transmit and display our website content to you, enable you to navigate the website and enable us to quickly detect and rectify technical problems.
- Preference cookies enable you to use the website more conveniently by remembering options you have chosen (such as selecting a language) or by providing functions you have requested (such as remembering a selection or performing a function).
- Statistics cookies enable the compilation of statistics and analyses. They collect pseudonymised or anonymised data to gain knowledge about website usage, improve our offering or quickly identify and rectify technical problems.
- Marketing cookies enable the display of personalised content by collecting and analysing your usage behaviour. This is also done outside our websites by allowing these cookies to follow you. Cookies from third-party providers are also used and pseudonymised data relating to your surfing behaviour is passed on to them, evaluated by them and subjected to further use.
Statistics and marketing cookies do not require your consent, but their use is based on legitimate interests.
We also use analysis services such as Google Analytics. These services collect detailed data about visits to the corresponding websites, although this data is usually not personal. Finally, we reserve the right to use functions from providers such as Facebook, which may result in the provider in question processing data about you.
c) Use of the online shop
If you would like to place an order in our online shop, we require certain data to process your order and conclude the contract. To place your order, you must log in to the online shop as a customer or register as such. You must provide login data (e-mail address and password) for the account and fill in the marked fields correctly (surname, first name, address, mobile phone number, e-mail address, date of birth). These mandatory details are marked with an asterisk , further details are voluntary. We process the data that you provide in order to handle your order and based on our legitimate interests in a successful customer relationship.
The data in your account is also saved for future purchases. After logging in, you can edit the data yourself under “My account”. You can also request the deletion of all data, including your user account, by contacting datenschutz(at)emil-ebneter.ch.
Due to requirements under commercial and tax law, we are obliged to store your address, payment data and order data for the legally prescribed period. To prevent unauthorised access to your personal data by third parties, the ordering process is encrypted.
You can sign up for a newsletter with us. We only send newsletters with your consent.
Our newsletters use tracking pixels (web beacons). These are small, non-visible embedded images or objects that send back information from you after you open the e-mail you receive. This allows us to carry out measurements for creating statistics about the relevance of our offer. It also enables us to evaluate your user behaviour accordingly. In addition, we store information about the browser you are using and the settings you have made in your operating system, as well as information about the Internet connection you are using to reach our website. We also receive receipt and read confirmations from the newsletter sent to you, as well as information about the links you have clicked in the newsletter. This data processing enables us to tailor our advertising approach to your interests and optimise the products and services offered on our website.
address and telephone number. You can stop receiving our newsletter at any time and thus revoke your consent by clicking the unsubscribe link in the newsletter or by sending an email to info(at)emil-ebneter.ch.
We may store the unsubscribed email address for up to three years in order to provide proof that consent was previously granted. This is limited to a possible defence against claims. An individual deletion request can be made at any time, provided that confirmation is provided of the former existence of consent. After you have withdrawn your consent, your data will be used for other purposes only if you have expressly consented to this or if further processing is justified, in which case we will inform you accordingly.
To send newsletters, we use the services of Abacus Research AG, based in Wittenbach (SG), Switzerland.
e) Marketing measures by e-mail
We reserve the right to use your e-mail address for direct advertising or to send you information about similar products of ours that you have already purchased, if you have not objected to this use. After weighing up our interests, these e-mails serve our legitimate interests in addressing our existing customers through advertising means. As a prerequisite, we will clearly inform you, both at the time of collecting the e-mail address and at each use, that you can object to said use at any time.
f) Telephone and postal advertising
We reserve the right to use your first name and surname as well as your telephone number and postal address for our own advertising purposes so that we can inform you of interesting offers about us, our products or services by telephone or send them to you by post. Telephone advertising will only take place with your consent. After weighing up our interests, advertising approaches by post serve our legitimate interests in addressing our customers and potential interested parties through advertising means.
You can revoke your consent to being contacted for advertising purposes or object to the storage and use of your data for the above-mentioned purposes at any time by sending a message to datenschutz(at)emil-ebneter.ch. Your contact details will then be deleted. Further processing of your data remains possible insofar as its use is further permitted or legally authorised.
g) Company accounts on LinkedIn, Instagram, Facebook, YouTube, TripAdvisor and Google Business Profiles
Some companies of Emil Ebneter & Co. AG maintain company accounts on LinkedIn, Instagram, Facebook, YouTube, TripAdvisor and/or Google Business Profiles. Our websites contain links to our company accounts on these platforms. We can see all the information that visitors voluntarily provide to our company accounts on these platforms by liking, sharing or leaving a comment on one of our posts. Your data will also be processed if you communicate with us within the platform used.
We are also provided with statistical data about visitors to our company’s account on the respective platform. This includes data evaluating visitors’ interactions with our individual posts, a follower demographic and information on their origin, as well as web traffic and activity relating to our corporate account on the respective platform. It is not possible for us to view the visitors’ personal data. We see only general data without any personal reference.
Data processing by the platform operator after you use a link on our website takes place regardless of whether you have a user account on the platform and are logged in there. If you are logged in, your data will be directly assigned to your user account. We recommend that you log out regularly after using such a platform, as this allows you to avoid data being assigned to your profile.
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA: https://www.linkedin.com/legal/privacy-policy
LinkedIn is a US company. There is therefore a possibility that data will also be processed in the USA. We expressly point out that the USA is not considered a safe third country under Swiss data protection law and that, due to the regulations in place in the USA, there is the possibility that US companies may be obliged to hand over data to security authorities. Data subjects do not currently have sufficient legal remedies to take action against this. We therefore cannot rule out the possibility that US authorities may process, evaluate or store such data in the USA for surveillance purposes. We have no influence on this.
Meta Platforms, Inc., 1601 Willow Road Menlo Park, California 94025, USA (Facebook and Instagram):
Facebook and Instagram are companies of Meta Platforms Inc, a US company. There is therefore a possibility that data will also be processed in the USA. We expressly point out that the USA is not considered a safe third country under Swiss data protection law and that, due to the regulations in place in the USA, there is the possibility that US companies may be obliged to hand over data to security authorities. Data subjects do not currently have sufficient legal remedies to take action against this. We therefore cannot rule out the possibility that US authorities may process, evaluate or store such data in the USA for surveillance purposes. We have no influence on this.
Google LLC, 1600 Amphitheatre Parkway Mountain View, California 94043, USA (YouTube): https:// www.policies.google.com/privacy
YouTube is a company of Google LLC, a US company. There is therefore a possibility that data will also be processed in the USA. We expressly point out that the USA is not considered a safe third country under Swiss data protection law and that, due to the regulations in place in the USA, there is the possibility that US companies may be obliged to hand over data to security authorities. Data subjects do not currently have sufficient legal remedies to take action against this. We therefore cannot rule out the possibility that US authorities may process, evaluate or store such data in the USA for surveillance purposes. We have no influence on this.
TripAdvisor is a company of Google LLC, a US company. There is therefore a possibility that data will also be processed in the USA. We expressly point out that the USA is not considered a safe third country under Swiss data protection law and that, due to the regulations in place in the USA, there is the possibility that US companies may be obliged to hand over data to security authorities. Data subjects do not currently have sufficient legal remedies to take action against this. We therefore cannot rule out the possibility that US authorities may process, evaluate or store such data in the USA for surveillance purposes. We have no influence on this.
h) Visits to our company premises
When you enter our company premises, video recordings are made in specially marked areas for security and evidentiary purposes. This provides us with information about the time you spend in these areas. All personal data collected via video is available only to specific employees. It is collected for your own safety and that of employees, as well as for evidentiary purposes. If crimes are suspected, we may provide these recordings to law enforcement authorities. If you do not want to be filmed, we must ask you not to enter these areas.
You can also use Wi-Fi services. In this case, we collect device-specific data connected to your use of the Wi-Fi services. We process this information to provide you with Wi-Fi services and for IT security purposes. The use of a Wi-Fi service is voluntary. It is, however, not possible to use the Wi-Fi service without the corresponding processing of your personal data.
i) Company tours and customer events
When we hold events (whether for advertising or sponsorship purposes, cultural or sporting events), we process personal data such as your name, contact details, participation and additional data (such as your date of birth), depending on the event. We process this information for purposes relating to customer events, as well as to establish direct contact with you and get to know you better. Participation in company tours and customer events is voluntary, but is normally not possible without the processing of your personal data.
j) Business partners
If you are one of our business partners (a supplier, business customer, cooperation partner or service provider), we process various items of personal data about the contact persons at your company, depending on the field of activity. This includes their name, role, title, contact details, e-mail address and other details available through third-party providers.
We must process such personal data for the performance of our contract (i.e. for purchasing services from you or providing services to you or, if we want to and are able to work with you, to check that your business complies with the required safety standards, or in order to schedule the working time of our and, if required, your employees). However, this data also serves to improve our customer orientation, customer satisfaction and customer loyalty. None of your employees is obliged to provide us with personal data. However, if you do not provide us with the necessary personal data, we will not be able to work with you. In exceptional cases, we may even be legally obliged to process such personal data.
We process personal data such as names, roles, contact details, email addresses and other personal details for our internal administration. This includes the processing of data for archiving purposes and in order to review and improve internal processes, including with regard to the fulfilment of contractual obligations.
l) Job applications
If you submit a job application to us, we will process your personal data in connection with your application (e.g. name, date of birth, CV, qualifications, certifications; including sensitive personal data where required) to assess whether you are qualified for the relevant position and to discuss possible employment with you. With your consent, we can also leave your application open if we or you decide against employment now, but want to leave open the prospect of employment at a later date. Providing the relevant personal data is voluntary, but we cannot process a job application without the necessary data.
m) Compliance with legal requirements
To comply with legal requirements, we use preventive measures to guarantee compliance or to detect and prevent abuse (e.g. use of a fraud reporting system, internal investigations or the disclosure of documents to authorities). We may also process personal data to comply with legal requirements or to respond to requests from government authorities.
n) Protection of rights
We process personal data (for example, of counterparties) in various combinations to ensure the protection of our rights. We file claims in and out of court as well as against local and foreign authorities or defend ourselves against claims. In connection with this, the authorities can demand that we hand over documents containing personal data.
How and on what legal basis does Emil Ebneter & Co. AG process personal data?
1) How does Emil Ebneter & Co. AG process personal data?
a) Linking of personal data
We may analyse your personal data and link it to other information, such as non-personal statistical data and other personal data we have collected about you, in order to obtain information about your preferences and affinities for certain products or services.
b) Protection of personal data
Appropriate technical and organisational security measures are used to ensure the security of your personal data, i.e. to protect it from unauthorised or unlawful further processing, data loss, unintentional changes or disclosure and unauthorised access. However, the electronic transmission of information in particular poses a security risk that cannot be completely ruled out. If you transmit data electronically, you do so at your own risk.
2) On what legal basis is personal data processed?
We process your personal data on the following legal basis:
- Necessity for the fulfilment of contracts
- Compliance with legal requirements
- Consent (if the processing is based on specific consent)
- Legitimate interests (including the purchase and transportation of products and services, advertising and marketing campaigns, support and communication tailored to customer behaviour, activities, concerns and needs, market studies, improvement and development of new products and services, protection of customers, suppliers, employees and other persons, as well as of data, secrets and assets entrusted to Emil Ebneter & Co. AG, security of systems and facilities, maintenance and organisation of business activities including IT systems, corporate governance and development, sale and acquisition of businesses and other corporate transactions)
- Compliance with legal and regulatory requirements and internal rules (e.g. prevention of fraud, misconduct and criminal offences, as well as investigations related to improper conduct, complaints and actions taken against us, participation in legal proceedings, bringing and defending against lawsuits)
3) How long is personal data stored?
We do not store your personal data that was collected for specific purposes for longer than necessary. We retain personal data for as long as we have a legitimate interest in storing, archiving and ensuring IT security, as well as to meet ongoing limitation periods (usually ten years, in some cases five years or one year). The legal obligation to retain personal data also applies.
4) Does Emil Ebneter & Co. AG share my personal data with other recipients?
Our employees may have access to your personal data to the extent necessary for the purposes described and for their work. They act in accordance with our instructions and are bound by confidentiality and secrecy when handling your personal data.
We may also transfer your personal data to third-party data processors. Data processors are obliged to process personal data exclusively on our behalf and in accordance with our instructions.
We may also investigate and carry out business transactions such as mergers or the acquisition or sale of a single part of an entity or its assets. In this context, it may be necessary to transfer personal data to another company. For reasons of confidentiality, it is not always possible to inform you in advance if your data is affected in such cases. We will, however, notify you as soon as possible in each individual case and do our best, within commercially reasonable limits, to process as little personal data as possible.
In addition, we may disclose your personal data to other recipients if required by law. We also reserve the right to disclose your personal data in the event of a court order, in the filing or defence of a legal claim or for other necessary legal grounds.
The recipients of your personal data may be located abroad, which includes countries outside the EU, UK and EEA. The countries involved may not have laws that protect your personal data to the same extent as in Switzerland, the EU, the UK or the EEA. If we transfer your personal data to such a third country, we will take appropriate measures to protect your data, for example by entering into a data transfer agreement. These measures include contracts confirmed, published and recognised by the European Commission and the Swiss Federal Data Protection Commission that are designed to ensure the necessary data protection at recipients in third countries. We may also transfer personal data to recipients that are part of the US Privacy Shield programme.
5) What rights do I, as a data subject, have with regard to my personal data?
It is important for us to point out that you can object to the processing of your personal data at any time or revoke your consent to the processing of the data at no cost. If you withdraw your consent and effectively opt out of processing for a specific purpose, we will no longer use your data for that purpose.
In accordance with the applicable laws, you also have the following rights:
a) Right to information
You have the right to be informed transparently, clearly and comprehensively about how we process your personal data and what rights you have in connection with this process. We comply with this obligation through this data privacy statement. Contact us if you would like more information.
b) Right to access
You have the right at any time to request information about your personal data that is stored and processed by us. This allows you to check which of your personal data we process and thus ensure that it is used in accordance with the applicable data protection regulations. The right to information may be restricted or exempted in cases where there is insufficient identification, there is a need to protect the rights and freedoms of other data subjects, the right of access is demanded excessively or the comprehensive provision of data would involve a disproportionate amount of effort.
c) Right to rectification
You have the right to have incorrect or incomplete personal data corrected and completed and to be informed of the correction.
d) Right to erasure
You have the right to request the erasure of your personal data if it is no longer required for the intended purpose, if consent has been effectively revoked, if a legally effective objection has been lodged or if the personal data have been processed unlawfully.
The right to erasure may be excluded if the personal data is necessary for the exercise of freedom of expression and information, to carry out legal tasks or tasks in the public interest, or to investigate, exercise or defend legal claims.
e) Right to restriction of processing
In certain circumstances, you have the right to request that the processing of your personal data be restricted (e.g. no further processing or the removal of published personal data).
f) Right to data portability
You have the right to receive your personal data that you have provided to us in a commonly used and machine-readable format, provided that the processing is based on your consent or is necessary for the performance of the contract and the processing carried out is performed automatically.
g) Right to lodge a complaint
You have the right to lodge a complaint with a competent supervisory authority about the way in which we handle or process your personal data. Alternatively, you can inform us accordingly at datenschutz(at)emil-ebneter.ch.
h) Right to withdraw consent
If you have consented to the processing of your personal data for a specific purpose, you can withdraw your consent at any time without restrictions. The revocation of your consent has no effect on the lawfulness of the processing of your data that was collected before the revocation. If you withdraw your consent, we may no longer use your personal data for these purposes.
i) Right to object
If we process your personal data on the basis of our legitimate interests, you can object to the processing at any time. When objecting, you must state the reasons why you do not want us to process your personal data. If your objection is justified, we will stop processing your personal data. You can also object to processing for direct marketing purposes.
6) Updates, ambiguities and exercise of rights
b) Ambiguities and exercise of rights
If you have any questions about data protection or if you wish to exercise your rights, withdraw consent or object to data processing, please contact the responsible office indicated above. If you have any questions about data protection, you can contact us at any time.
Last updated: 25 August 2023