Data protection

1. Responsible and content of this privacy policy

We, Constri AG (Feldstrasse 20, 5107 Schinznach-Dorf, Switzerland; registered in the Commercial Register of the Canton of Aargau under number CHE-101.967.715) is the operator of the websites www.constri.ch, www.tischbombe.ch, www.prospiel.ch, www.frezzo.ch and www.constri-baumaterial.ch (Websites). Unless otherwise stated, the following explanations apply to all these websites and we are the data controller for the data processing listed in this privacy policy. Please note that some of the data processing mentioned here is not relevant for all websites.

If you purchase goods or services from us, the General Terms and Conditions also apply. Please take note of the following information so that you know what personal data we collect from you and for what purposes we process it. Our data protection policy is primarily based on the legal requirements of Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR), the provisions of which may apply in individual cases.

Please note that the information contained below may be revised and changed from time to time. We therefore recommend that you consult this privacy policy regularly. Furthermore, other companies are responsible under data protection law or jointly responsible with us for individual data processing operations listed below, so that the information provided by these providers is also authoritative in these cases.

2. Data processing when opening a customer account

In order to make purchases in the online stores operated by us and to be supplied with services requested by you, customers can open a customer account (only for www.prospiel.ch, www.frezzo.ch and www.constri-baumaterial.ch).

For the purpose of processing your orders in the online stores or providing the services you have ordered, we collect the following data when you register for a customer account, whereby mandatory information is marked with an asterisk (*) in the corresponding form:

Personal data:

Salutation
First and last name
Billing and delivery address
Company, company address and UID no. for corporate customers
Birthday

Username / email address
password

Further details:

Phone number
E-mail address

We use the personal data to verify your identity and to check the requirements for registration. The e-mail address and password together serve as login data for online access and thus to ensure that the correct person is using the websites under your details. We also need your e-mail address for verification and confirmation of account opening and for future communication with you required for contract processing. We collect the telephone number in order to facilitate the processing of contracts and, if necessary, to contact you via an alternative communication channel with a view to fulfilling the contract. In addition, this data is stored in the customer account for future contract conclusions. For this purpose, depending on the account (e.g. online or offline), we also allow you to store further details in the account (e.g. your preferred online payment method).

Depending on the account, we also use the data to provide an overview of the orders placed and services purchased (see in particular section 3) and an easy way to manage your personal data, to administer our websites and the contractual relationships, i.e. to provide you with the necessary information.i.e. for the establishment, content design, processing and amendment of the contracts concluded with you via your customer account. The data in the customer account can be viewed and changed at any time - with the exception of www.prospiel.ch, where this is only possible to a limited extent.

If the GDPR is applicable, the legal basis for processing your data for the aforementioned purpose is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by removing the information from your customer account or by deleting your customer account or having it deleted by sending us a message.

To prevent fraudulent use of online accounts, you should always keep your login details confidential and log out after each session and delete your browser history, especially if you share the device with others.

3. When shopping in the online store

If you want to order a product in an online store operated by us (only at www.frezzo.ch, www.prospiel.ch and www.constri-baumaterial.ch), we require the following data depending on the store and product, whereby mandatory information in the ordering process is marked with an asterisk (*):

Personal details:

Salutation
First and last name
Billing and delivery address
birthday
company, company address and UID no. for corporate customers

Further details:

Phone number
E-mail address

We use the personal data to determine the identity of our contractual partner and, if not identical, the contact person, before concluding a contract. We need your e-mail address to confirm your order and for any future communication with you that is necessary to process the contract. We store your data together with the order data (e.g. time, order number, etc.), the data on the services ordered (e.g. name, price and features of the product; product data), the payment data (e.g. selected payment method, confirmation of payment and time; see also section 5) as well as the information on the processing and fulfillment of the contract (e.g.(e.g. return of products, use of service or warranty services, etc.) in our central databases (see section 12), so that we can guarantee correct order processing and contract fulfillment. Depending on the contract, it may also be necessary to pass on your data to third parties for processing, in particular to transport companies that deliver the ordered products to you or to providers who provide the services or parts thereof requested by you in accordance with the service description (see also section 14).

If the GDPR is applicable, our legal basis for this data processing is the performance of a contract with you or your company in accordance with Art. 6 para. 1 lit. b GDPR. If you are acting on behalf of a third party (e.g. your employer) who is our contractual partner, your data will be processed on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in identifying the relevant contact persons at our contractual partners and managing our business relationship.

The provision of data that is not marked as mandatory is voluntary. We process this data in order to tailor our products and services to your personal needs in the best possible way, to facilitate the processing of contracts, to contact you via an alternative communication channel if necessary with a view to fulfilling the contract or for statistical recording and evaluation to optimize our products and services. If the GDPR is applicable, the legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by notifying us.

If your order should require the transmission of data of other data subjects (e.g. the delivery address of another person), please contact us.For example, the delivery address of another person), you confirm that you have informed or will inform this third party about the transfer of personal data to us and our data protection declaration and that they agree to this or have not objected. If the GDPR is applicable, the legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in facilitating the conclusion of contracts for the benefit of third parties.

4. When contacting us

When you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. The data that you have made available to us, such as your name, your e-mail address or telephone number and your request, will be processed. In addition, the time of receipt of the request is documented. Mandatory information is marked with an asterisk (*) in contact forms. We process this data in order to implement your request (e.g. providing information about our products and services, assisting with contract processing, incorporating your feedback into the improvement of our products and services, etc.).

If the EU GDPR is applicable, the legal basis for processing lies in our legitimate interest pursuant to Art. 6 para. 1 lit. f EU GDPR in the receipt and implementation of requests. If your request is aimed at the conclusion or execution of a contract, your data will be processed in accordance with the description in section 3 and our legal basis is the necessity for the performance of the contract within the meaning of Art. 6 para. 1 lit. b EU-DSGVO.

5. Data processing during payment processing

If you purchase products, services or vouchers using electronic means of payment, depending on the service and the desired payment method – in addition to the information provided in section 3 mentioned information – the processing of further personal data is required, such as your credit card information or the login to your online payment service provider. By using the payment terminals or entering credit card information online, you transmit this information to the payment service providers involved (e.g. providers of payment solutions, credit card issuers and credit card acquirers). They also receive the information that the means of payment was used in connection with our company, the amount and the time of the transaction. Conversely, we only receive the credit of the amount of the payment made at the relevant time, which we can assign to the relevant voucher number, or information that the transaction was not possible or was canceled. Please also always note the information provided by the respective company, in particular the privacy policy and the general terms and conditions.

If the EU GDPR is applicable, our legal basis is the performance of a contract pursuant to Art. 6 para. 1 lit. b EU GDPR.

Für the payment processing we use services of Worldline Schweiz AG, Hardturmstrasse 201, 8005 Zürich. Wordline or its employees may therefore have access to your data if this is necessary for the provision of the software or services. Information on data processing by Worldline can be found at: https://worldline.com/de-ch/compliancy/privacy. Information about the processing of data by third parties and any data transfer abroad can be found under 14 this privacy policy. The legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) GDPR in the use of third-party providers' services.

It may be that the provider wishes to use some of this data for its own purposes (e.g. for statistical analyses). The provider is responsible for this data processing and must ensure compliance with the data protection regulations in connection with this data processing. Information about data processing by the provider can be found at https://worldline.com/en-ch/compliancy/privacy.

The payment methods offered are also processed via the payment interface of our payment service provider Datatrans, Kreuzbühlstrasse 26, 8008 Zürich. You can find more information about Datatrans' data protection at https://www.weareplanet.com/legal/privacy-policy. Information on the processing of data by third parties and any transfer abroad can be found in section 14 5 of this privacy policy. The legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) GDPR in the use of the services of third-party providers.

6. Prevention of misuse and payment defaults

If we make advance payments, e.g. in the case of a purchase on account in the case of a purchase on account, the necessary data, in particular your personal details, may be transmitted to a credit agency for the (possibly automated) assessment of your creditworthiness in order to prevent fraud and avoid payment defaults. In this context, the credit agency may assign you a so-called score value and carry out so-called profiling (with or without high risk). This is an estimate of the statistical probability of a payment default. The value is determined using mathematical-statistical methods and taking into account credit agency data from other sources. We use the information for a balanced decision on the establishment, execution or termination of the contractual relationship. In particular, we reserve the right, in accordance with the information received, not to offer you the payment method "invoice".

If the EU GDPR is applicable, the legal basis for the processing of your data is our legitimate interest pursuant to Art. 6 para. 1 lit. f EU GDPR in the avoidance of payment defaults and the prevention of abuse.

Für die Datenbearbeitungen verwenden wir Angebote of MF Group AG (Kornhausstrasse 25, 9001 St. Gallen, Switzerland; (Provider)), in particular «Powerpay». Therefore, your data may be stored in a database of the Provider, which may enable the Provider to access your data if this is necessary for the provision of the software and for support in the use of the software. Information on the processing of data by third parties and any transfer abroad can be found in section 14 of this privacy policy. The legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) GDPR in the use of third-party services.

7. Data processing for supplier relationships

If you are contacting us on behalf of suppliers or similar business partners (e.g. your employer), we will be happy to assist you. If you contact us on behalf of suppliers or similar business partners (e.g. your employer), e.g. to provide us with products or services, the following data may be processed:

Personal data:

Salutation
First and last name
Billing and delivery address
Company, company address and VAT number for corporate customers

Further details:

Bank details
E-mail address
Phone number

We use the personal data to determine the identity of our contractual partner and, if not identical, the contact person before concluding a contract. We need your e-mail address and telephone number for the necessary communication with you. We store this data together with the details of the contracts (e.g. contract date and document, service description, price, etc.) in our ERP system in order to be able to monitor, document and ensure the fulfillment of the contract (see section 12). Insofar as this is necessary for the fulfillment of the contract, we will also pass on the required information to any third-party service providers.

Insofar as the EU GDPR is applicable, the legal basis for our data processing is the performance of a contract pursuant to Art. 6 para. 1 lit. b EU GDPR.

8. E-mail marketing

When you register for our marketing e-mails (e.g. a newsletter), the following data is requested. Mandatory information is marked with an asterisk (*) during registration:

Salutation
First and last name
Email address
indicate whether newsletter for private person or corporate customer

After entering the above information, you can unsubscribe from our marketing emails. By registering, you consent to the processing of this data in order to receive newsletters and general marketing e-mails from us about our products and services. These marketing e-mails may also include invitations to take part in competitions, to provide feedback or to rate our products and services. The collection of the salutation and the first and last name allows us to assign the registration to a possibly already existing customer account or contract conclusions and thus to personalize the content of the marketing e-mails. The link allows us to make the offers and content contained in the marketing e-mails more relevant to you and better tailored to your potential needs. In this context, there may also be an automated evaluation of personal aspects (e.g. your interests) and thus a profiling (with or without high risk), to which your consent also refers.

We will use your data for email marketing until you withdraw your consent. You can withdraw your consent at any time. You will find the contact details below in section 26. You will also find an unsubscribe link in all e-mails. The aforementioned consent constitutes our legal basis for the aforementioned processing of your data within the meaning of Art. 6 para. 1 lit. a EU GDPR, insofar as the EU GDPR is applicable.

Our marketing emails may contain a so-called web beacon (also called 1x1 pixel or zählpixel) or similar technical means. A web beacon is a non-visible graphic that is associated with the user ID of the respective subscriber. For each marketing email sent, we receive information on the address file used, the subject and the number of newsletters sent. It is also possible to see which addresses have not yet received the newsletter, to which address it was sent and which addresses failed to receive it. There is also the opening rate, including information on which addresses have opened and unsubscribed from the newsletter and which links have been clicked. We use this data for statistical purposes and to optimize the newsletter in terms of frequency and time of dispatch as well as the content and structure of the emails. This enables us to better tailor the information and offers in our emails to the individual interests of the recipients.

By subscribing to the newsletter, you also consent to the statistical analysis of user behavior for the purpose of optimizing and adapting the marketing emails. In this context, there may also be an automated evaluation of personal aspects (e.g. your interests) and thus profiling (with or without high risk), to which your consent also relates. This consent constitutes our legal basis for the processing of data within the meaning of Art. 6 para. 1 lit. a EU GDPR.

The web beacon will be deleted if you delete the marketing email. You can prevent the use of the web beacon and thus revoke your consent at any time by setting your mail program so that no HTML is displayed in messages, if this is not already the case by default.

You can find information on how to configure this setting in the help section of your email software application, e.g. here for Microsoft Outlook.

We use für www.frezzo.ch for sending marketing emails «Brevo» from Sendinblue SA (17 rue de Salneuve, 75017, Paris, France). For www.prospiel.ch we use the services of «Active Campaign» from ActiveCampaign, LLC (150 N. Michigan Ave Suite 1230, Chicago, IL, USA). Therefore, your data may be stored in a database of these providers, which may allow them to access your data if this is necessary for the provision of the software and for support in the use of the software. Information on the processing of data by third parties and any transfer abroad can be found in section 14 of this privacy policy. If the GDPR is applicable, the legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) EU GDPR in the use of third-party services.

It may be that the providers wish to use some of this data for their own purposes (e.g. for statistical analyses). The providers are responsible for this data processing and must ensure compliance with the data protection regulations in connection with this data processing. For more information, please refer to the providers' privacy policies: https://www.brevo.com/legal/privacypolicy/ or www.activecampaign.com/privacy-policy.

9. Data processing for applications

If you apply to us spontaneously or in response to a specific job advertisement for a position in our company, we will process the personal data you provide (e.g. personal details, CV and contact details).

We use this data to check your application and suitability for employment. Application documents of applicants who are not considered will be deleted after the application process has ended, unless you explicitly consent to a longer retention period or we are not legally obliged to retain them for a longer period.

10. For event registrations

When you register for one of our events (e.g. via ), the following data is collected depending on the event.E.g. via www.eventfrog.ch), the following data is collected depending on the event, whereby mandatory information is marked with an asterisk (*) in the ordering process:

Personal data:

Salutation
First and last name
Invoicing and delivery address
Birthday
company, company address and UID no. for corporate customers

Further details:

Phone number
E-mail address

The personal data is used to determine the identity of the contractual partner and, if not identical, the contact person, before the conclusion of a contract. Your e-mail address will be used to confirm your order and for future communication with you required for contract processing. Your data will be combined with the order details (e.g. time, order number, etc.), the event details (e.g. name, price and event date), the payment details (e.g. selected payment method, confirmation of payment and time; see also section 5) as well as the information on the processing and fulfillment of the contract (e.g. cancellation, utilization of the contract, etc.).(e.g. cancellation, use of services, etc.) in central databases (see section 12), so that correct order processing and contract fulfillment can be guaranteed. Depending on the contract, it may also be necessary to pass on your data to third parties for processing, in particular to transport companies that deliver tickets to you or to providers who are involved in the implementation of the event (see also section 14).

If the EU GDPR is applicable, the legal basis for the processing of your data for the aforementioned purposes is the performance of a contract with you or your company pursuant to Art. 6 para. 1 lit. b EU GDPR. If you are acting on behalf of a third party (e.g. your employer) who is a contractual partner, your data will be processed on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in identifying the relevant contact persons at our contractual partners and managing our business relationship.

The provision of data that is not marked as mandatory is voluntary. The data is processed in order to tailor our products and services to your personal needs in the best possible way, to facilitate the processing of contracts, to contact you via an alternative communication channel if necessary with a view to fulfilling the contract or for statistical recording and evaluation to optimize our products and services. If the GDPR is applicable, the legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by notifying us.

If your order should require the transmission of data of other data subjects (e.g. the delivery address or registration of a new customer), please contact us.For example, the delivery address or registration of another person), you confirm that you have informed or will inform this third party about the transfer of personal data and our data protection declaration and that they agree to this or have not lodged an objection. Insofar as the GDPR is applicable, the legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in facilitating the conclusion of contracts for the benefit of third parties.

Für the data processing we use offers from Eventfrog AG (Neuhardstrasse 38, 4600 Olten, Switzerland; (provider)), in particular the online platform www.eventfrog.ch. Therefore, your data may be stored in a database of the provider, which may enable the provider to access your data if this is necessary for the provision of the software and for support in the use of the software. Information on the processing of data by third parties and any transfer abroad can be found in section 14 of this privacy policy. If the GDPR is applicable, the legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) EU GDPR in the use of third-party services.

The provider may wish to use some of this data for its own purposes (e.g. for statistical analyses or its own contract with you regarding the use of the platform). The provider is responsible for this data processing and must ensure compliance with the data protection regulations in connection with this data processing. Information on data processing by the provider can be found here.

11. Data processing for customer reviews

For the collection of independent customer reviews, the following data is collected and processed:

Salutation
First and last name
Email address
Order number

This data is used to invite you to submit a review by e-mail after you have made a purchase. The invitation e-mails are used exclusively to obtain a rating and do not contain any advertising. You can object to the use of your data for this purpose at any time by using the unsubscribe link in the email or by contacting us in accordance with the conditions set out in section 26 contact information provided in this privacy policy.

Insofar as the EU GDPR is applicable, the legal basis for the processing of your data is our legitimate interest in the performance of transactional evaluation services and the improvement of our services in accordance with Art. 6 para. 1 lit. f GDPR, which prevail in the context of a balancing of interests.

Für the data processing we use for www.prospiel.ch the rating system of Trusted Shops SE, Subbelrather Strasse 15c, 50823 Köln, Germany. For www.frezzo.ch we use the service «Real Reviews» from SAS Skeepers, 18-20 Avenue Robert Schuman, 13002 Marseille, France. Therefore, your data may be stored in a database of these providers, which may allow them to access your data if this is necessary for the provision of the software and for support in the use of the software. Information on the processing of data by third parties and any transfer abroad can be found in section 14 of this privacy policy. If the EU GDPR is applicable, the legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) EU GDPR in the use of the services of third-party providers.

It may be that the providers wish to use some of this data for their own purposes (e.g. for statistical analyses). The providers are responsible for this data processing and must ensure compliance with the data protection regulations in connection with this data processing. For more information, please refer to the providers' privacy policies: https://www.trustedshops.de/impressum-datenschutz or https://de.echte-bewertungen.com/datenschutzrichtlinie/.

12. Storage of your personal data in the ERP system

If a clear assignment to your person is possible, we will process the personal data mentioned in this data protection declaration, i.e. in particular your personal data.i.e. in particular your personal details, your contacts and your contract data are stored and linked centrally in our ERP system. This serves the efficient management of customer and supplier data, allows us to process your requests appropriately and enables the efficient provision of the services you have requested and the processing of the associated contracts.

In the ERP system, there is only one address master for all of our customers or suppliers. All of our brands and sales channels (Frezzo, ProSpiel, Fachgeschäft, Constri fun and Constri bau) are managed in the ERP system and access the address master. However, the various departments/brands can generally only access the address information of their customers or suppliers and not the customers and suppliers of other departments. As an exception, important information on address data (reminders, creditworthiness) can be viewed by all departments.

If the EU GDPR is applicable, the legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in the efficient management of user, customer and supplier data.

We also evaluate the data in our systems in order to further develop our products and services in line with your needs and to be able to display and suggest information and offers that are as relevant to you as possible. We also use methods that predict your interests and future orders based on your use of our websites. Some of these analyses may also be assessed as profiling (with or without high risk). If the EU GDPR is applicable, the legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in carrying out marketing activities.

The ERP system we use is «Comarch» from Polynorm Software AG (Europa-Strasse 18, CH-8152 Glattbrugg.

13. Fulfillment of our legal obligations and protection of our legal interests

Finally, the data mentioned in this privacy policy may also be processed if this is necessary for the fulfillment of legal obligations or for the protection, defense and enforcement of our legal interests, or the rights and interests of third parties, in particular of other customers or our employees. This includes, for example, the investigation of preliminary cases, the preparation and implementation of legal steps (e.g. complaints or notifications) or the provision of information to authorities such as tax and labor authorities. For these purposes, the data may also be disclosed to other authorities and third parties, such as courts, debt enforcement offices, supervisory authorities or lawyers, tax consultants or accountants and auditors.

The legal basis for this data processing is, insofar as it is covered by a legal provision of EEA law or a Member State, the fulfillment of a legal obligation within the meaning of Art. 6 para. 1 lit. c GDPR, or our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in complying with our legal obligations and safeguarding our legal interests.

14. Forwarding and transmission abroad

a. Disclosure to and access by third parties

Without the support of other companies, we would not be able to provide our products and services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to these companies to a certain extent. Your data will be passed on to selected third-party service providers and only to the extent necessary for the optimal provision of our services. The use of the data passed on for this purpose by the third parties is strictly limited to the stated purposes. Various third-party service providers are explicitly mentioned in this privacy policy (see in particular the sections "Newsletter", "Storage of your personal data in the ERP system" and "Tracking tools")

Your data will also be passed on if this is necessary to process the contractual relationship. The legal basis for these transfers is the necessity for the performance of a contract within the meaning of Art. 6 para. 1 lit. b EU GDPR, if the EU GDPR is applicable. The third-party service providers are responsible for this data processing within the meaning of the Data Protection Act and not us. It is the responsibility of these third-party service providers to inform you about their own data processing activities that go beyond the provision of services and to comply with data protection laws.

For the use and administration of our infrastructure and the fulfillment of internal tasks, access to service providers is also indispensable and other third parties may therefore also have access to your data to the extent necessary for the use of the services, such as, for example, providers of software solutions.E.g. providers of software solutions (e.g. for word processing or e-mail dispatch), providers of IT services (e.g. telecommunications providers such as Internet access services), agencies (e.g. in the area of marketing) or security services. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in accessing third-party services.

In addition, your data may be passed on if this is necessary to safeguard our rights and obligations (see section 12). Data may also be disclosed if another company intends to acquire our company or parts thereof or to invest in our company and such disclosure is necessary to carry out due diligence or to complete the transaction. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in the protection of our rights and compliance with our obligations or the sale of our company or parts thereof, insofar as the EU GDPR is applicable.

b. &Transfer of personal data abroad

We are also entitled to transfer your data to third parties abroad if this is necessary in connection with the processing of your inquiries, the provision of services and marketing campaigns.

Please refer to the information on individual data processing in this privacy policy (e.g. section 8 or subsequently in paragraph 16). It goes without saying that the statutory provisions on the disclosure of personal data to third parties are complied with. The countries to which data is transferred include those which, according to the decision of the Federal Council and the EU Commission, have an adequate level of data protection (such as the member states of the EEA or, from the EU's point of view, Switzerland), but also those countries (such as the USA) whose level of data protection is not considered adequate (cf. annex 1 of the General Data Protection Regulation (GDPR) and the website of the EU Commission). If the country in question does not have an adequate level of data protection, we ensure that your data is adequately protected by these companies by means of suitable guarantees, unless an exception is specified for individual data processing (see Art. 49 GDPR). Unless otherwise stated, this involves the selection of companies that are subject to the Privacy Framework Agreement are certified or, in some cases additionally, by standard contractual clauses within the meaning of Art. 46 para. 2 lit. c GDPR, which are based on the websites of the Federal Data Protection and Information Commissioner. Data Protection and Information Commissioner (EDÖB) and the EU Commission can be retrieved. If you have any questions about the measures taken, please contact us (see section 26).

c. Notes on data transfers to the USA

Some of the third-party service providers mentioned in this privacy policy are based or have their servers in the USA. For reasons of completeness, we would like to point out to users resident or domiciled in Switzerland or the EEA that there are surveillance measures by US authorities in the USA which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland or the EEA to the USA. This is done without differentiation, limitation or exception on the basis of the objective pursued and without an objective criterion that makes it possible to limit the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the interference associated with both access to this data and its use. In addition, we would like to point out that in the USA there are no legal remedies or effective legal protection for data subjects from Switzerland or the EEA against general access rights of US authorities that allow them to obtain access to the data concerning them and to obtain its correction or deletion. We explicitly draw your attention to this legal and factual situation in order to enable you to make an appropriately informed decision to consent to or object to the use of your data.

For users residing in Switzerland or a member state of the EEA, we would also like to expressly point out that, from the perspective of the European Union and Switzerland, the USA does not have an adequate level of data protection, partly due to the statements made in this section. Insofar as we have explained in this privacy policy that recipients of data (such as Google) are based in the USA, we are protected by the choice of companies operating under the Privacy Framework Agreement are certified, or, in some cases, supplemented by contractual provisions with these companies and, where applicable, additional data protection provisions. we ensure that your data is adequately protected by these recipients by means of additional appropriate guarantees.

15. Background data processing on our websites

Data processing when visiting our websites (log file data)

When you visit our websites, our servers temporarily store every access in a log file.

The following data is collected without your intervention and stored by us until automated deletion:

the IP address of the requesting computer
Date and time of access
Name and URL of the retrieved data
the website from which our domain was accessed and the last page opened
the operating system of your computer and the browser you are using (incl. type, version and language setting)
Gerätetype in case of access by mobile phones
City or region from which the access was made
the search term used when accessing via search engine
the name of your internet access provider

The collection and processing of this data is carried out for the purpose of enabling the use of the websites (connection establishment) and to ensure system security and stability on a permanent basis. Furthermore, data processing is used for error and performance analysis and to optimize the website based on statistical evaluations and and the target group-specific presentation of the websites (esp. Default setting of the language version of our websites; see also section 16).

In the event of an attack on the data processing systems or in the event of suspicion of other unauthorized or abusive website use, the IP address and other data will be evaluated for clarification and defense purposes and, if necessary, used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned. For further data processing to protect our interests, please refer to section 13.

Insofar as the EU GDPR is applicable, the legal basis for the aforementioned data processing is our legitimate interest in data processing for the purposes described above within the meaning of Art. 6 para. 1 lit. f EU GDPR.

Für the data processing we use the services of Datimo IT-Solutions / Optimo Service AG (Franz Burckhardt-Strasse 11, 8404 Winterthur, Switzerland; provider), which operate the hosting of Constri's servers in their own data centers in Winterthur. Dtherefore, your data may be stored in a database of the provider, which may allow it to access your data if this is necessary for the provision of the services and for support in the use of the services. Information on the processing of data by third parties and any transfer abroad can be found in section 14 of this privacy policy. The legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) GDPR in the use of third-party services.

Finally, when you visit our websites, we use cookies as well as applications and tools that are based on the use of cookies. In this context, the data described here may also be processed. Further information on this can be found in the following sections of this privacy policy, in particular the following section 15 b.

We use cookies on our websites. Cookies are information files that your web browser stores on your computer's hard disk or memory when you visit our websites. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.

Cookies help, among other things, to make your visit to our websites easier, more pleasant and more meaningful. We use cookies for various purposes that are required for your desired use of the websites, i.e. are "technically necessary". For example, we use cookies to be able to identify you as a registered user after you have logged in without you having to log in again each time you navigate the various subpages. The provision of the ordering functions is also based on the use of cookies. Cookies also perform other technical functions required for the operation of websites, such as load balancing, i.e. the distribution of the performance load of the site to different web servers in order to reduce the load on the servers. Cookies are also used for security purposes, e.g. to prevent the unauthorized posting of content. Finally, we also use cookies as part of the design and programming of our websites, e.g. to enable the uploading of scripts or codes.

The legal basis for the processing of data for the above-mentioned purposes lies in our legitimate interest in ensuring the functionality and optimization of the websites (Art. 6 para. 1 lit. f EU GDPR), insofar as the EU GDPR is applicable.

Most web browsers accept cookies automatically. However, when accessing our websites, we ask for your consent to the cookies we use that are not technically necessary, especially when using third-party cookies for marketing purposes. you can make the settings you require via the corresponding buttons in the cookie banner. Details on the individual cookie-based services and data processing can be found within the cookie banner and in the following sections of this privacy policy.

You can also configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie.

On the following pages you will find explanations on how to configure the processing of cookies in the most common browsers:

Disabling cookies may prevent you from using all the features of our websites.

16. Tracking and web analysis tools

a. General information

We use the web analysis services listed below for the purpose of demand-oriented design and continuous optimization of our websites. In this context, pseudonymized user profiles are created and cookies are used (please also refer to section 15.b). The information generated by the cookie about your use of our websites is usually stored together with the data specified in section 15.a collected log file data to a server of the service provider, where it is stored and processed. This may also result in a transfer to servers abroad, e.g. in the USA (see, in particular, the lack of an adequate level of data protection and the guarantees provided, point. 14.b and 14.c).

By processing the data, we receive the following information, among others:

navigation path taken by a visitor on the site (including content viewed and products selected or purchased or services booked);
Dwell time on the website or subpage;
subpage on which the website is left;
country, region or city from which access is made;
final device (type, version, color depth, resolution, width and height of the browser window); and
recurring or new visitor.

On our behalf, the provider will use this information to evaluate the use of the websites, in particular to compile website activity reports and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of our websites. To a certain extent, we and the providers can be regarded as joint controllers under data protection law for this processing.

The legal basis for this data processing with the following services is your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR, insofar as the EU-GDPR is applicable. Some of the data processing may also be assessed as profiling (with or without high risk), to which your consent also extends. You can withdraw your consent or refuse processing at any time by rejecting or deactivating the relevant cookies in your web browser settings (see section 15.b) or make use of the service-specific options described below.

Für the further processing of the data by the respective provider as the (sole) controller under data protection law, in particular also any disclosure of this information to third parties, such as public authorities.B. to authorities due to national legal regulations, please refer to the respective data protection information of the provider.

b. Google Analytics

We use the web analytics service Google Analytics 4 from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or. Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Deviating from the description in paragraph 16.a the following applies here: In order to use Google Analytics 4, we use so-called "server-side tracking". We assign you a unique tracking ID. We transmit this ID, together with other data collected when you visit the websites, to a server independent of Google with a hosting location within the EU. We are supported by «traq» of Buds & Bits GmbH (CH-3510 Konolfingen). When visiting the websites, in addition to the 16.a mentioned data may also include mobile identifiers such as IDFA, UDID, Android ID or Google Advertising ID, Windows Advertising ID or other Windows IDs, IMEI or IMSI, MSISDN.

In order to ensure that Google Analytics receives as little personal data as possible, the tracking ID we create is separated from the above-mentioned personal and device data so that the ID is as anonymized a data set as possible. As soon as this is ensured, we only transmit your ID to Google Analytics 4. This may also result in this information being transferred to the servers of Google LLC in the USA and further processed there (see, in particular, the lack of an adequate level of data protection and the guarantees provided, section 14.b).

The data transmitted to Google is not stored on the server. Logs are deleted after 24 hours.

Google Analytics 4 also enables the creation of statistics with statements about the age, gender and interests of website users on the basis of an evaluation of interest-based advertising and with the inclusion of third-party information via a special function, the so-called "demographic characteristics". This enables the identification and differentiation of groups of website users for the purpose of targeted marketing measures. However, the data collected via the "demographic characteristics" cannot be assigned to a specific person.

We also use the technical extension „Google Signals“, which enables cross-device tracking – i.e. end-to-end tracking. This allows an individual website visitor to be associated with different end devices. However, this only happens if the visitor has logged into a Google service when visiting the website and at the same time has activated the option „personalized advertising“ in their Google account settings. If you do not wish to use „Google Signals“, you can deactivate the „personalized advertising“ option in your Google account settings.

Users may refuse the collection of data generated by the cookie and related to the use of the website by the user concerned (including the IP address). the IP address) to Google and the processing of this data by Google by rejecting or deactivating the relevant cookies in the cookie banner or in the settings of their web browser (see section 15.b) or download and install the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

Für the further processing of the data by Google, please note the privacy policy of Google: https://policies.google.com/privacy?hl=de&gl=en

c. Hotjar

We use the web analytics service Hotjar from Hotjar Ltd. to analyze usage. (St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta). The data described above may be used for the processing purposes explained (see section 16.a) to Hotjar's servers in Ireland (see, in particular, on the adequacy of the level of data protection, section 14.b).

The tool also allows us to create a so-called. „Heatmap“ or "scrollmap" to recognize which areas of our websites are visited and clicked on the most. A usage profile is visually displayed for this purpose. For this purpose, the web analysis tool records mouse events (movements, position and clicks) with the intention of randomly playing back individual website visits and deriving potential improvements for the websites.

Nähere information on Hotjar's compliance with data protection can be found here: www.hotjar.com/privacy. You can opt out of Hotjar's collection of your data at any time on Hotjar's opt-out page and by clicking on „Deactivate Hotjar“ at https://www.hotjar.com/legal/compliance/opt-out.

d. Microsoft Clarity

Some of our websites use the service „Microsoft Clarity“ of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399 USA („Microsoft“)). In doing so, the described data about the use of the websites can be used for the explained processing purposes (see section 16.a) to the Microsoft servers in the USA and stored there (see, in particular on the adequacy of the level of data protection, section 14.b). For more information about Microsoft Clarity's privacy policy, please visit https://clarity.microsoft.com/term.

17. Online advertising and targeting

a. General

We use services from various companies to provide you with interesting offers online. Your user behavior on our websites and websites of other providers is analyzed in order to subsequently display online advertising tailored to your individual needs

Most technologies for tracking your user behavior (tracking) and for the targeted display of advertising (targeting) work alongside log file data (see paragraph 15.a) with cookies (see also paragraph 15.b) or similar technologies and unique identifiers (e.g. advertising ID) with which your browser can be recognized across different websites. Depending on the service provider, it may also be possible for you to be recognized online even when using different end devices (e.g. laptop and smartphone). This may be the case, for example, if you have registered with a service that you use on several devices.

For these purposes, the aforementioned data may reach the companies involved in the advertising networks and be further processed by them. This also results in the data being disclosed to potentially all countries worldwide (see, in particular, the lack of an adequate level of data protection and the guarantees provided, section 14). In addition, the following data in particular is used to select the advertising that is potentially most relevant to you:

information about yourself that you provided when registering or using a service from advertising partners (e.g. your gender, your age group); and
user behavior (e.g. search queries, interactions with advertising, types of websites visited, products or services viewed and purchased, newsletters subscribed to).

We and our service providers use this data to identify whether you belong to the target group we are addressing and take this into account when selecting advertisements. For example, after you have visited our site, you may be shown advertisements for the products or services you have consulted when you visit other sites (re-targeting). Depending on the scope of the data, a user profile may also be created that is automatically evaluated, with the ads being selected according to the information stored in the profile, such as the affiliation to certain demographic segments or potential interests or behaviors. Such advertisements may be displayed to you on various channels, including our websites or app (as part of on-site and in-app marketing) as well as advertisements placed via the online advertising networks we use, such as Google.

The data can then be evaluated for the purpose of billing the service provider and to assess the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve future campaigns. This may also include information that the performance of an action (e.g. visiting certain sections of our websites or sending information) is attributable to a specific advertisement. We also receive aggregated reports from the service providers on advertising activities and information on how users interact with our websites and our advertisements.

The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR, insofar as the EU-GDPR is applicable. Some of the data processing may also be assessed as profiling (with or without high risk), to which your consent also extends. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in the cookie banner or in the settings of your web browser (see section 15.b). Further options for blocking advertising can also be found in the information provided by the respective service provider, e.g. Google.

It may be that the service providers wish to use some of the data for their own purposes (e.g. for statistical analyses for product optimization). The service providers are responsible for this data processing and must ensure compliance with the data protection regulations in connection with this data processing. Information on this can be found in the respective data protection declarations. For data processing as a logged-in user, please also note the information in section 22.

b. Microsoft Ads

Some of our websites use for online advertising, as in paragraph 17.a described, the services of Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland), in particular Microsoft Advertising (formerly Bing Ads). In doing so, Microsoft uses cookies (cf. the list here) and unique identifiers (e.g. Advertising-ID or the UET-Tag), which allow your browser to be recognized when you visit other websites. The information thus generated about your visit to these websites (including your IP address) is transmitted to Microsoft's servers in the USA, among others, and stored there (see, in particular, the lack of an adequate level of data protection and the guarantees provided, section 14). Microsoft will process the data by name in order to display personalized advertising on Microsoft services (e.g. the Microsoft Bing search engine).

The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in the cookie banner or in the settings of your web browser (see section 15.b). Further options for blocking advertising can be found here. Further information on data protection at Microsoft can be found in Microsoft's data protection information at https://privacy.microsoft.com/de-de/privacystatement.

c. Google Marketing Platform / Google Ads

Some of our websites use for online advertising, as in paragraph 17.a services provided by Google Ireland Limited (Google Building Gordon House, Barrow St, Dublin 4, Ireland), in particular Google Ads, DoubleClick and Dynamic Remarketing.

Google uses cookies for this purpose (cf. see the list here) as well as similar technologies and unique identifiers (in particular advertising ID) that allow your browser to be recognized when you visit other websites. The information generated in this way about your visit to these websites (including your IP address) is transmitted to Google's servers in the USA and stored there (see, in particular, the lack of an adequate level of data protection and the guarantees provided, section 14). Google will process the data by name in order to present personalized advertising to users on Google services (e.g. the search engine).

The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. Users can revoke their consent at any time by rejecting or deactivating the relevant cookies in the cookie banner or in the settings of their web browser (see section 15.b). Further options for blocking advertising can be found here.

You can find details on data processing by Google at: https://policies.google.com/privacy.

In connection with the use of Google services, we are supported by Smarketer GmbH (Alte Jakobstraße 83/84, 10179 Berlin). This company may therefore have access to the aforementioned data and create evaluations for us so that we can use Google services in a more targeted manner.

d. Meta Pixel and Custom Audience

Some of our websites use for online marketing, as in paragraph 17.a services provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). Meta uses technologies such as Cookies and the so-called Meta-Pixel, which allow your browser to be recognized when you visit other websites. The information generated in this way about your visit to these websites (including your IP address) is transmitted to Meta's servers in the USA, among others, and stored there (see, in particular, the lack of an adequate level of data protection and the guarantees provided, section 14). Meta will process the data by name in order to show you personalized advertising on Meta services (e.g. Facebook or Instagram).

With the help of meta pixels, it is possible for Meta to determine the users of a website as a target group for the display of ads for this website on meta services (custom audience).

Custom Audience aims to ensure that only those customers who have visited our websites or are interested in our products are shown our advertisements on meta services. We have collected some of the data used for Custom Audience directly from you and provided it to Meta for your advertising purposes. Even if you are not registered with a meta service or have not logged in, it is possible for the provider to find out and store your IP address and other identifying features

The deactivation of the function „Facebook Custom Audience“ is available for logged-in users under https://www.facebook.com/settings/?tab=ads# possible. Further options for blocking advertising can be found here.

18. Google Tag Manager

We also use Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to manage the functions of our websites. Google Tag Manager can be used to manage tracking codes and associated code fragments (so-called tags) without having to change the code manually. After implementation, the Google Tag Manager can be used to manage, trigger and control the tracking tools we use. In this respect, the Google Tag Manager is closely related to the tracking data processing listed and is used indirectly for the purposes described there, which is why the legal basis for the processing can also be found in the sections on the individual tools. If it is assumed that Google Tag Manager processes data independently, the legal basis is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in the use of third-party services for the efficient administration of our websites and for the implementation of our marketing activities, insofar as the EU GDPR is applicable.

It may be that Google wants to use some of the data for its own purposes (e.g. for statistical analyses for product optimization). Google is responsible for this data processing and must ensure compliance with data protection regulations in connection with this data processing. Information about data processing by Google can be found here.

19. Google Maps

Our websites can use Google Maps API, a map service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to display an interactive map and to create directions.

When you access those subpages in which Google Maps is integrated, your log file data, such as your IP address (see section 15.a) to a Google server. This may also result in data being transferred to servers abroad, e.g. in the USA (see, in particular, the lack of an adequate level of data protection and the guarantees provided, section 14). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the provision of a contemporary and user-friendly website.

In addition, when the pages are called up and Google Maps is used, cookies (see generally section 15.b) and read out. In this way, Google collects data about the surfing behavior of users and, in particular, derives information about their presumed interests in order to place advertisements on Google services and services of partners that are tailored to the personal interests of the users. For data processing as a logged-in user, please also note the information in section 22.

The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 lit. a GDPR, insofar as the GDPR is applicable. Consent can be revoked at any time with effect for the future by rejecting or deactivating the relevant cookies in the cookie banner or in the settings of your web browser (see section 15.b). You have the option of deactivating the Google Maps service and thus preventing the transfer of data to Google by deactivating JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display on our websites.

Also read the Google Privacy Policy (https://policies.google.com/privacy) and the additional terms of use for Google Maps at https://www.google.com/intl/de_de/help/terms_maps.html.

20. Google ReCaptcha

We use Google reCAPTCHA on some of our websites. The provider is Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).

The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. In this context, pseudonymized user profiles are created and cookies are used (please also refer to section 15.b). The information generated by the cookie about your use of our websites is usually stored together with the data specified in section 15.a collected log file data to a server of the service provider, where it is stored and processed. This may also result in a transfer to servers abroad, e.g. the USA (see, in particular, the lack of an adequate level of data protection and the guarantees provided, section 14). In addition to the aforementioned data, the following data in particular is processed:

Surfing, mouse and keyboard behavior;
Language settings;
Screen resolution.

On our behalf, the provider will use this information to evaluate the use of the websites, in particular to determine whether the actions on the websites are carried out by humans and not by bots. This automated evaluation of personal aspects may also result in profiling (with or without high risk). The legal basis for the processing of data for the above-mentioned purposes lies in our legitimate interest in preventing misuse of our websites (Art. 6 para. 1 lit. f EU GDPR), insofar as the EU GDPR is applicable.

It may be that Google wants to use some of the data for its own purposes (e.g. for statistical analyses for product optimization). Google is responsible for this data processing and must ensure compliance with data protection regulations in connection with this data processing. Further information about Google reCAPTCHA and Google's privacy policy can be found at the following links: https://policies.google.com/privacy?hl=de and https://www.google.com/recaptcha/about/.

21. Social Media

Our websites may contain links to our social media pages. The links may lead to the following networks:

Facebook and Instagram, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Privacy Notice
X, Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland, Privacy Policy
Youtube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Privacy Policy

When you click on the relevant social network icons, you will be automatically redirected to our profiles on the relevant networks. This establishes a direct connection between your browser and the server of the relevant social network. As a result, the network receives, in particular, the data described in the section on log files (paragraph 15.a), i.e. the information that you visit our websites with your IP address and have accessed the link. This may also result in data being transferred to servers abroad, e.g. in the USA (see, in particular, the lack of an adequate level of data protection and the guarantees provided, section 14).

Für the data processing as a logged-in user of the social networks, please also note the information in section 22 and the providers' privacy policies. The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in the use and advertising of our social media profiles.

22. Data transfers for logged-in users of a third-party online service

When you visit our websites, it is possible that the providers of third-party services mentioned in this privacy policy (e.g. Google) may use the data collected.Google) may be able to link the data collected to your user account with these services, provided you are logged in to this account. If you do not want such linking to take place and further data to be transmitted to providers of third-party services, you must log out completely from the respective services before visiting our websites and delete all cookies from the providers. A link between your access to our websites and your user account may also be established if you log in to the third-party service immediately after clicking on a link on our websites. For more information on how you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie, please refer to section 15.b.

23. Storage of data

Unless expressly stated otherwise, we only store personal data for as long as is necessary to carry out the processing described in this privacy policy within the scope of our legitimate interest or, if the legal basis is your consent, until it is withdrawn. In the case of contract data, storage is prescribed by statutory retention obligations. Requirements that oblige us to store data result from accounting regulations and tax law. According to these regulations, business communications, concluded contracts and accounting documents must be stored for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes or if this is necessary for the defense and enforcement of our legal interests. The data will be deleted as soon as there is no longer an obligation to retain it and no longer a legitimate interest in retaining it.

24. Data security

We use appropriate technical and organizational security measures to protect your data stored by us from manipulation, partial or complete loss and unauthorized access by third parties. Our security measures are continuously adapted in line with technological developments.

When you register with us as a customer, access to your customer account is only possible after entering your personal password. You should always treat your payment information confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with others.

We also take our own internal data protection very seriously. Our employees and the service companies commissioned by us are obliged to maintain confidentiality and to comply with data protection regulations. furthermore, they are only granted access to personal data to the extent necessary.

25. Your rights

If the legal requirements are met, you have the following rights as a data subject:

Right to information: You have the right to request access to your personal data stored by us at any time free of charge if we process it. This gives you the opportunity to check what personal data we process about you and whether we process it in accordance with the applicable data protection regulations

Right to rectification: You have the right to have incorrect or incomplete personal data corrected and to be informed about the correction. In this case, we will also inform the recipients of the data concerned about the adjustments we have made, unless this is impossible or involves disproportionate effort.

Right to be forgotten: You have the right to have your personal data deleted under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the data may be blocked instead of deleted if the conditions are met.

Right to restriction of processing: If the EU GDPR is applicable, you have the right to request that the processing of your personal data be restricted.

Right to data portability: You have the right to receive from us, free of charge, the personal data that you have provided to us in a readable format.

Right to object: You can object to data processing at any time, especially in the case of data processing in connection with direct marketing (e.g. marketing e-mails).

Right of withdrawal: In principle, you have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful as a result of your withdrawal.

To exercise these rights, please contact us via the contact details provided in section 25 specified address(es).

Right to complain: You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way in which your personal data is processed.

26. Contact us

If you have any questions about data protection on our websites, would like information or would like to have your data deleted, please contact us by writing to sending an email to datenschutz@constri.ch.

Send your request by letter to the following address:

Constri AG
Data Privacy
Feldstrasse 20
CH-5107 Schinznach-Dorf