DE
EN
FR

Privacy policy

The following explanations are intended to clarify and inform how data is processed within Thur Metall AG (hereinafter Thur Metall AG, we or us) in the context of our business purpose:


Company: Thur Metall AG
Address: Fabrikstrasse 1CH-8586 Erlen
Phone number: +41 71 658 65 00
E-Mail: Turn on Javascript!

1. General information on data processing


1.1 Purpose of the privacy statement


When you contact us, we also process personal data that falls under the Data Protection Act (DPA) and the Data Protection Regulation (DPR). This data includes name, address, e-mail address, telephone number and personal information relating to the contractual relationship with us. Technical data that can be attributed to an individual (e.g. website cookies) is also considered personal data.

The purpose of this data protection declaration is to inform you about the nature, scope and purpose of the processing of personal data that we carry out and to inform you of your rights.

1.2 Scope of the privacy statement


This data protection declaration applies to all processing of personal data within the scope of the activities described below.

1.3 Legal basis


The legal bases for our data processing are the Data Protection Act (DPA; SR 235.1) as well as the European General Data Protection Regulation (GDPR).

1.4 Data protection-compliant organization


In order to protect data managed according to the current state of the art against manipulation, loss, destruction or access by unauthorized persons, we take appropriate technical and organizational measures and continuously improve them.

2. Data processing


2.1 Principles of our data processing


We process data exclusively in accordance with the legal requirements. In particular, we adhere to the principles of lawfulness, proportionality and transparency in data processing, and only process data for the intended purpose.

2.2 Processed data


The personal data we process includes all sensitive data relating to an identified or identifiable natural person. This primarily concerns data that we receive in the course of our business relations with customers, other business partners and other persons involved, or that we collect from users during the operation of our website(s), apps and other applications.

Sensitive personal data within the meaning of article 5, letter c of the DPA will only be processed on a case-by-case basis and after obtaining the relevant consent (e.g. extracts from the debt enforcement register, information on solvency, etc.).

Where permitted and necessary for our purposes, we also collect certain data from publicly available sources (e.g. land registers, commercial registers, press, Internet, etc.) or receive data from authorities and other third parties.

2.3 Data processing purposes


We use the personal data we collect primarily to conclude and execute our contracts and transactions with you (our customers and business partners), in particular in connection with our business purpose, and the purchase of products and services from our suppliers and related subcontractors, as well as to meet our legal obligations in Switzerland and abroad.

In addition, we process personal data about you and other persons, insofar as this is permitted and we consider it appropriate, also for the following purposes, for which we (and sometimes also third parties) have a legitimate interest corresponding to the purpose:

  • Offer and develop our offers, services and websites, applications and other platforms on which we are present;
  • communicate with third parties and process their requests (e.g. applications, media requests)
  • Review and optimization of needs analysis procedures for direct approach to customers, as well as collection of personal data from publicly available sources for customer acquisition;
  • advertising and marketing (including the organization of events), insofar as you have not objected to the use of your data (see right to object);
  • Market and opinion research, media monitoring;
  • Assert legal rights and defend yourself in legal disputes and administrative proceedings;
  • Preventing and solving crimes and other misconduct;
  • Guarantee our operations, in particular IT, our websites, applications and other platforms.

If you have given us permission to process your personal data for specific purposes, we process your personal data within the scope and on the basis of this permission, insofar as we have no other legal basis and we need such a basis. Authorization may be revoked at any time, but this has no effect on data processing already carried out (see right of revocation).

2.3.4. Mandate relationship


In the context of a contractual relationship with us, personal data is collected about you as a customer, insofar as this is necessary for the process. By providing your personal data as a data subject, you consent to the data being processed.

Personal data and documents relating to the contractual relationship are kept for ten years from the date of data collection, subject to a longer retention period in certain cases, particularly in the event of litigation.

2.3.5. Applications


Your application file and all personal data transmitted to us in this way are treated as strictly confidential, are not passed on to third parties and are processed solely for the purpose of processing your application for a job with us. Unless you agree otherwise, your application file will be returned to you or deleted/destroyed at the end of the application procedure, insofar as it is not subject to a legal retention obligation. The legal basis for processing your data is your consent, the performance of the contract with you and our legitimate interests.

In particular, we process the following information:

  • Contact information (e.g. surname, first name, address, telephone number, e-mail)
  • Personal information (e.g. profession, position, title, employing company)
  • Application documents (e.g. cover letter, certificates, diplomas, CV)
  • Assessment information (e.g. recruiter's assessment, reference information, assessments)


2.3.8. Collaboration with third parties / data transfer abroad


To provide our services, we collaborate with a wide range of partners. The condition for this collaboration is that the data processing of those responsible for processing orders (third parties) complies with the DPA or the RGPD. In some cases, the relevant data protection provisions may differ from our own.

The disclosure of personal data to cooperation partners takes place within the scope of and for the purpose of performing our services and to the extent necessary for this purpose. In particular, the following recipients are involved;

  • our service providers (internal and external to the company, e.g. banks, insurance companies), including subcontractors (e.g. IT service providers);
  • distributors, suppliers, subcontractors and other business partners;
  • customers;
  • national or foreign authorities, administrative departments or courts;
  • Competitors, industry organizations, associations, organizations;
  • acquirers or persons interested in acquiring businesses, companies or other parts of the company;
  • other parties in potential or actual legal proceedings.

These recipients may be located both in Switzerland and abroad. If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with the applicable data protection (we use the revised standard contractual clauses of the European Commission for this purpose), insofar as it is not already subject to a set of rules recognized by law to guarantee data protection and we cannot rely on an exception provision. Such an exception may, for example, be based on your consent, on communication for the purposes of legal proceedings abroad, or on the performance of a contract with you or a third party.

2.3.9. Customer Relationship Management (CRM)


Personal data in our CRM system only includes information required for contact or business relations (e.g. name, address, telephone number, e-mail address).

2.3.10. E-mail exchange


We keep our e-mail exchanges with you for the duration of our business relationship and ten years thereafter, unless a longer retention is necessary. In the case of inquiries only, with no ensuing commercial or contractual relationship, we retain e-mail exchanges with you for one year from the date of receipt of the last e-mail in the history.

2.3.11. Mailings and social media


For advertising mailings by post, we use the personal data (name, address) you have provided. The data may be passed on to a third party (advertising agency, printer, etc.) for this purpose. By providing your personal data, we assume that you have given your consent. However, you may revoke your consent at any time (see right of revocation).

For paid publications on social media (Facebook, Instagram, etc.), we use the contact details of the relevant providers.

2.3.12. Website


In addition to the "thurmetall.com" domain, our website also includes project-related web pages and services provided by service partners. Visitors to the site are not required to provide personal data, unless we indicate this on a case-by-case basis.

2.3.13. Server log files


Each time you access our website, we automatically collect a series of technical data which are personal data. This includes in particular

  • IP address;
  • Name of website or file consulted;
  • date and time of access ;
  • Message indicating that the call was successful;
  • browser type and version;
  • the user's operating system;
  • Reference URL (the previously visited page).

Server log files are not combined with other personal data. We collect server log files in order to administer the website, improve it and detect and repel unauthorized access. Server log files are collected and analyzed by our subcontractors (IT service providers).

Server log files containing the above data are deleted after six months at the latest, unless there is a legitimate interest or service-oriented request. We reserve the right to retain server log files for longer if there are facts to suggest unauthorized access.

2.3.14. Cookies


On our websites, we typically use cookies and comparable technologies that identify your browser or device. Cookies are data stored by our websites on the user's terminal via the browser. In addition to cookies that are only used during a session and are deleted after your visit to the website (so-called session cookies), we also use cookies to store user preferences and other information for a specific period of time, which in some cases does not exceed two years (so-called persistent cookies). In addition, where appropriate, we also use so-called third-party cookies, which are managed by third parties in order to offer certain services.

The cookies we use serve to increase and improve the user-friendliness of our web pages, and also help us to record statistical data on web page use and to use the data thus obtained for analysis and advertising purposes.

You can influence the use of cookies. Most browsers offer the option of limiting or completely preventing the storage of cookies. However, we would like to point out that the use of our website, and in particular the comfort of use, is limited without cookies. In addition, you can adjust the use of cookies during your visit to our website by clicking on the relevant link.

2.3.15. Data backup


To ensure data security, we regularly back up our business data, which is stored and maintained on data carriers and cloud services provided by our IT service providers. The frequency of backups is determined by the recommendations of these service providers.

2.4 Retention period for personal data


In principle, we process and store your personal data for as long as is necessary to fulfill our contractual and legal obligations or to achieve the purposes pursued by the processing (in particular for the entire duration of the business relationship and beyond, in accordance with legal retention and documentation obligations).

In this context, we may retain personal data for the period during which claims may be made against our company, there are other legal obligations in this respect or legitimate business interests require it.

As soon as your personal data is no longer required for the above-mentioned purposes, it will, as a matter of principle and as far as possible, be deleted or rendered anonymous (see data retention provisions for the individually mentioned processing purposes).

Shorter retention periods apply to corporate data.

3. Your rights and obligations


You have the following rights with regard to our processing of personal data:

  • Right of access to the personal data we have stored about you, to the purpose of the processing, to the origin and to the recipients or categories of recipients to whom the personal data is transmitted.
  • Right of rectification if your data is inaccurate or incomplete.
  • Right to limit the processing of your personal data
  • Right to request erasure of processed personal data
  • Right to data portability
  • The right to object to data processing or to revoke consent to the processing of personal data at any time, without giving reasons.
  • The right to lodge a complaint with a competent supervisory authority, if provided for by law.

To exercise these rights, please contact the above address.

Please note, however, that we reserve the right to assert legal restrictions, e.g. if we are obliged to store or process certain data, if we have an overriding interest in doing so (insofar as we are able to invoke it) or if we need to assert rights. We will inform you in advance if any costs are incurred.

4. Modifications


We may amend this data protection declaration at any time and without prior notice. The current version published on our website is authoritative.


August 31, 2023