What happens to your data?
1. name and contact details of the person responsible
If you have any questions about data processing or if you believe that the processing of your personal data violates your rights, please contact us at the address in the legal notice.
2. storage when filling out a form or for newsletter dispatch
If you enter your e-mail address or fill out a form on our website (e.g. a contact form), we will process the data you provide to the extent necessary to fulfil the purpose of processing or dealing with the enquiry. As a rule, all information is voluntary. Mandatory fields are only marked as such if this information is required to fulfil your request. This data will be deleted at the latest when the purpose has been achieved or the statutory retention period has expired. The following data is collected: E-mail address (mandatory); if applicable, title, first name, surname, company, possibly your request. Your personal data in connection with the sending of subscribed newsletters will be deleted as soon as you are no longer registered for these and have not ordered any other services from us.
3. operation
The web servers for the operation of the Internet pages are managed by Swiss hosting partners. Individual services can also be operated by external partners. The same data protection regulations apply.
4. storage and deletion
The processing of personal data on this website is limited to the data required to provide a functional website and user-friendly content and services or to the data that you have actively provided to us. The personal data we collect will only be stored for as long as is necessary to fulfil the respective purpose. Legal requirements or other obligations may lead to longer storage.
5. storage for the purpose of web analysis
The following data is stored in log files when websites and web services are accessed: IP address, date, time, browser request and transmitted information on the device used, including operating system and browser. This data may be analysed using web analysis tools (see below). The purpose of this is to continuously improve website communication.
Web analysis tool: For web analysis, we use Matomo (formerly Piwik), an open source web analysis tool (https://matomo.org). Web tracking is carried out without any personal reference. The tool is operated in Switzerland. The data obtained is used exclusively for web analysis and is not shared or merged with other data sets.
We collect, process and store usage data about the use of our site, such as referrer links, the time spent on certain URLs, the clickstream and also data about your browser settings, such as the manufacturer of the browser and also its version, the screen resolution and the operating system used.
We may also collect and store parts of your IP address and information about the loading speed of our website. We can only create anonymous user profiles and extract statistical information from this data.
Purpose of data processing
The purpose of web tracking is to analyse user flows in order to enable us to anonymously monitor the functionality and user-friendliness of our website and to constantly improve our Internet offering. It is used solely to collect statistical, non-personal data.
Duration of storage
We store all web tracking data collected using Matomo for an indefinite period of time, provided that it is only available to us in anonymised form. If the data is not anonymised, we will delete it after 12 months at the latest.
Right of objection and cancellation
You can prevent the collection of the aforementioned data and its processing by installing a Java Script blocker to prevent the collection of other app analysis data. If a personal reference should arise, you can revoke your consent at any time.
6. integration of external web services and transfer of data
We use active content from external providers, so-called web services, on our website. By accessing our website, these external providers may receive personal information about your visit to our website. Data may be processed outside of Switzerland. You can prevent this by installing an appropriate browser plugin or deactivating the execution of scripts in your browser. This may result in functional restrictions on websites that you visit.
We use the following external web services:
Microsoft
On our website we use the Microsoft service provided by Microsoft Corporation, One Microsoft Way, 98052 Redmond, United States, e-mail: brendon.lynch@microsoft.com, website: https://www.microsoft.com/. Your personal data is transferred to so-called insecure third countries. We have obligated the partners involved to comply with the data protection laws applicable in Switzerland on an appropriate basis (generally EU standard contractual clauses).
The legal basis for the transfer of personal data is our legitimate interest in processing.
Further information on the handling of the transferred data can be found in the provider's privacy policy at https://privacy.microsoft.com/de-de/privacystatement.
Pipedrive
We use the Pipedrive service of Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia, e-mail: support@pipedrive.com, website: https://www.pipedrive.com/. According to the Swiss authorities, processing takes place in safe third countries.
The legal basis for the transfer of personal data is our legitimate interest in processing.
Pipedrive's CRM allows us to offer services and manage leads on our website. In addition, it is possible to track your interactions with the emails sent and with the newsletter.
Further information on the handling of the transferred data can be found in the provider's privacy policy at https://www.pipedrive.com/de/privacy.
CloudFlare
We use the CloudFlare service from Cloudflare, Inc, 101 Townsend St, 94107 San Francisco, United States, email: support@cloudflare.com, website: https://www.cloudflare.com/de-de/. Your personal data is transmitted to so-called insecure third countries. Cloudflare is a so-called content delivery network that provides security functions in addition to distributing the website across several servers. Cloudflare also acts as a reverse proxy for our website.
The legal basis for the transfer of personal data is our legitimate interest in processing.
Further information on the handling of the transferred data can be found in the provider's privacy policy at https://www.cloudflare.com/privacypolicy/.
You can revoke the processing of your data at any time.
7. phishing simulation
To sensitise employees to cyber security, we offer a controlled phishing simulation. If you receive a phishing email as part of this phishing simulation, your organisation has provided us with your business contact details such as your surname, first name and email address. We use this information to send phishing emails to the email address provided.
We then analyse the percentage of recipients who open the email, click on the link it contains and whether data is entered in the form fields on the landing pages. At no time, however, are access data transmitted to us in plain text. The results of the phishing campaign are anonymised and presented to the client, but can also be linked to individuals.
8. e-learning
We offer e-learning courses to raise employee awareness of data protection and cyber security. If you participate in one of these e-learning courses, your organisation has provided us with your business contact details such as your surname, first name and email address. We will use this information to invite you to the relevant courses by e-mail.
We then statistically analyse how many participants start and complete the course and pass the corresponding tests. The results of the e-learning courses are anonymised and presented to the client, but can also be linked to individuals.
9th meeting, training and webinar
For participation in online meetings, training courses and webinars, we use Microsoft services such as MS Teams and Stream for audio and video conferencing to communicate with you online. Please refer to Microsoft's privacy policy, which is listed below.
You will be informed of this before a recording starts. It is recommended that you set your video conferencing tool settings to "inactive" for the camera and microphone by default. Also remember to activate a virtual background to avoid recording uninvolved persons or information.
We process your personal data, including contact details (salutation, title, first and last name, address, e-mail address, telephone number) and professional data (company, position/function), for the purpose of invitations, answering questions before and after the event and for advertising purposes. In addition, we process your contact data in order to enquire about your satisfaction after participation or to send you certificates of participation.
Microsoft processes the following data, among others: User data (display name, account if applicable, profile picture if applicable, e-mail address, preferred language), Internet protocol data (date, time, meeting ID, telephone numbers, location) and content data (text, audio and video data and other interaction data), if you provide such data (e.g. via the chat function) or if it is generated through the use of the microphone and video camera.
The scope of the content data that is processed when using Microsoft Teams depends on the information provided by the participant during the session. The participant is advised that text entries and chat content are logged when using Microsoft Teams and can be viewed by both the organiser and other participants during the use of the chat function in a webinar, or may also be accessible to third parties in the case of a recording.
10. cookies
Cookies may be used on the pages to make visiting the website safer and easier and to enable the use of certain functions. These are small text files that are stored on your computer. Most of the cookies used are deleted from your hard drive at the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable us to recognise you on your next visit (persistent cookies).
You can prevent the storage of cookies in your browser by restricting or switching off the storage and reading of cookies. Under these circumstances, our web forms or other integrated services may not be able to be loaded.
You can find more information on the use of cookies in our Cookie Policy take.
11. social media including plugins and pixels
We operate presences on social networks such as LinkedIn and other platforms operated by third parties and process data about you in this context. You can contact us via these platforms and we receive data such as statistics from these platforms. The providers of the platforms can analyse your use and use the data about you for their own purposes such as marketing and market research. The platform providers act as independent controllers in this regard. The processing of your personal data is the responsibility of the respective operator in accordance with its data protection provisions. Most of these providers are located outside Switzerland. Further information on data transfer abroad can be found in the relevant section.
12. data security
We take suitable technical and organisational measures to ensure data security appropriate to the respective risk. Unfortunately, however, we cannot guarantee absolute data security.
Our website is accessed using transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated to HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.
Our digital communication - like all digital communication in general - is subject to mass surveillance without cause and without suspicion as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We cannot directly influence the corresponding processing of personal data by secret services, police forces and other security authorities. The security measures correspond to the risk and the current state of the art.
In the case of unencrypted communication by e-mail, we cannot guarantee complete data security on the transmission path to our IT systems, so we recommend encrypted communication via S/MIME or by post for information requiring a high level of confidentiality.
13. job applications
Please apply via our Microsoft Forms web form at https://www.impunix.ch/bewerbung. If you send us an application by e-mail, we would like to point out that it will be stored for the long term due to backups. If you apply to us, we will process the personal data we receive from you as part of and for the purpose of the application process. The data will only be passed on within the company and to those responsible for the application process.
In order to determine your suitability for an employment relationship, we process the personal data that we have received from you as part of the application process. This may also include criminal records and debt enforcement extracts or similar documents.
If you have provided references, we can obtain information about you from these references. You have the right to know what we have been told. Tests to objectively determine your suitability for the position in question may form part of the application process. Insofar as it is a question of determining suitability as a manager, the test may also relate to your personality.
If there are objective reasons in your person that restrict or disqualify you for the relevant employment relationship, you are obliged to disclose these to us. This may also include an examination of your state of health. The information is provided to us within the legal framework.
14 Your rights
As a data subject, you have the rights provided for by law in connection with data processing. In particular, you have the right to request information about our data processing, to have incorrect data corrected or to object to data processing, in particular for direct marketing purposes. You may also request the erasure of data and the disclosure of certain personal data or its transfer to other controllers.
However, we would like to point out that we reserve the right to assert legal restrictions, for example if we are obliged to store or process certain data, have a legitimate interest in doing so or require the data to assert legal claims. Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as premature cancellation of the contract or cost consequences. We will inform you in advance in such a case, unless this is already contractually regulated.
The exercise of these rights generally requires that you clearly prove your identity (e.g. by providing a copy of your identity document if your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact the data protection advisor named in section 1.
Every data subject also has the right to assert their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch).
Furthermore, you have the right to lodge a complaint with a data protection authority at any time.
15 Notifications to the FDPIC and complaints
Data subjects have the right to lodge a complaint with a competent supervisory authority for data protection. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Further information can be found in the FDPIC's contact form: https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/kontaktformular.html
If you suspect that your data is being processed unlawfully on our website, you can bring about a judicial clarification of the problem.