Data Protection Info Sheet

Information Security Policy

Definitions

Privacy Statement

Privacy Statement

Diction Ltd, Bahnhofstrasse 32, 9471 Buchs (SG), Switzerland (Diction)                                                       May 2018

Preliminary remarks

We are delighted about your interest in our company and the services we offer. Diction Ltd (hereinafter referred to as “Diction”) takes the protection of your personal data very seriously. Data protection is of considerable importance for the Diction management team. Our employees and the persons mandated and carefully selected by us are familiar with the data protection requirements. They implement them with due care and in line with our high quality standards.

  1. Name and address of the controller and the Data Protection Officer

Within the meaning of the Swiss Data Protection Act (DPA; Datenschutzgesetz – DSG); Article 4(i) draft DPA; entry into force on 1 January 2019), which is undergoing a total revision, and the General Data Protection Regulation (GDPR; Article 4(7) GDPR), other data protection laws applicable in the Member States of the European Union and other data protection provisions, the controller is:

  • Diction Ltd with its registered office at Bahnhofstrasse 32, PO Box 249, 9471 Buchs (SG), Switzerland

Managing Director: Patrick Fassbender

Telephone: +41 81 750 53 33

Fax: +41 81 750 53 32

E-mail: info@diction.ch

Website: www.diction.ch

Company identification: CHE-114.124.005 (entered in the commercial register; please refer to www.zefix.ch)

  • Data Protection Officer (DPO)

Diction Ltd, Bahnhofstrasse 32, 9471 Buchs (SG), Switzerland

Data Protection Officer (hereinafter referred to as the “DPO”)
Patrick Fassbender

Telephone: +41 81 750 53 33

E-mail: datenschutz@diction.ch
Position of the DPO

With the additional function of DPO, Diction ensures that the DPO is involved in a proper and timely manner in all questions relating to the protection of personal data and is supported by the controller in the performance of his tasks.

The independence of the DPO, his professional qualifications and his expertise in the field of data protection law and data protection practice for the performance of his tasks are guaranteed.

 

  1. Data protection – general information

We treat your personal data as confidential and in line with statutory data protection provisions and this Privacy Statement, in particular in accordance with the Swiss Data Protection Act (DPA; Bundesgesetz über den Datenschutz – DSG) and the EU General Data Protection Regulation (2016/679) of 27 April 2016 (GDPR).

As a rule, the use of our website is possible without providing any personal data. If a data subject would like to use special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and if there is no statutory basis for such processing, we generally seek the consent of the data subject.

We would like to point out that there may be security gaps when transferring data on the Internet (e.g. in e-mail communications) despite the high security requirements put in place by us (for more details please refer to the extract from the Information Security Policy under Diction).

It is not possible to completely protect your data from access by third parties.

As a data subject (natural person) it is in your personal interest to protect the system(s) (PC, laptop, etc.) you use from unauthorised access by third parties, to set up sufficient password protection, to refrain from passing on your password to third parties, and to install and update virus protection that is deemed to be proven on the market (Internet security).

 

  1. Diction data protection information in accordance with the GDPR (INFO SHEET)

Diction makes available to clients, interested parties, job applicants and other third parties (stakeholders) separate data protection information in accordance with the GDPR in electronic form on the link below (also on the website www.diction.ch) or in physical form (Articles 13, 14 and 21 GDPR: information to be provided and right to object).

Link data protection information GDPR: Data-Protection Info Sheet

 

  1. Collection of general data and information

Each time a data subject or an automated system visits the Diction website, the website records a series of general data and information. These general data and information are stored in the server log files.

The following can be recorded: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the web subpages which are visited via an accessing system on our website, (5) the date and the time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information which serve to avert dangers in the event of attacks on our information technology systems.

When using these general data and this information, Diction does not draw any conclusions about the data subject. Instead, this information is needed (1) to correctly deliver the contents of our website, (2) to optimise the contents of our website and advertising for it, (3) to ensure the permanent functionality of our information technology systems and the technology of our website, and (4) to make available to the law enforcement authorities the information needed for prosecution in the event of a cyberattack. The anonymously recorded data and information are therefore analysed by Diction statistically and, furthermore, with a view to increasing data protection and data security in our company in order to ensure an optimum level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.

 

  1. Definitions

The Privacy Statement of Diction is based on the definitions which are used by the European legislative and regulatory authority when enacting the General Data Protection Regulation (GDPR).

Our Privacy Statement aims to be easily legible and comprehensible for the public at large, our clients and business partners. In order to ensure this, we explain the terms used. You can access these terms on the following link: Definitions.

 

  1. Cookies

Websites, also those of Diction, sometimes use so-called cookies. Cookies do not harm your computer and do not contain any viruses. Cookies make our services more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored by your browser.

Most of the cookies used by us are so-called session cookies. At the end of your visit, they are automatically deleted. Other cookies are stored on your device until you delete them. These cookies enable us to recognise your browser the next time you visit us.

You can configure your browser to inform you about the placement of cookies and to only accept cookies in individual cases, to refuse cookies in specific cases or in general, and to activate the automatic deletion of cookies when the browser is closed. The deactivation of cookies can restrict the functionality of this website.

 

  1. Server log files

The website provider automatically records and stores information in so-called server log files which your browser automatically transfers to us. This information consists of:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of server request

These data cannot be traced back to specific individuals and are not combined with other data sources. We reserve the right to subsequently verify these data if we find clear indications of illegal use.

 

  1. Ways to contact us via the website

If you send us requests via the contact form or by e-mail, your data from the request form, including the contact data provided by you, are stored with us for the purpose of processing the request and deal with any follow-up questions. We do not pass on these data without your consent.

 

  1. Order newsletter, data and withdraw consent

If you would like to receive the newsletter available on our website, we need you to give us a valid e-mail address for your direct access, and information, which allows us to verify that you are the owner of the e-mail address given and that you agree to receive the newsletter (so-called confirmation e-mail in the double-opt-in procedure). No other data are collected. We use these data solely for the mailing of the requested information and do not pass them on to third parties.

You may withdraw your consent for the storage of data, the e-mail address and the use of these data for the mailing of the newsletter at any time, for example using the unsubscribe link in the newsletter.

 

  1. Newsletter tracking (tracking pixels)

The Diction newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in e-mails which are sent in HTML format in order to facilitate log file recording and log file analysis. This makes it possible to undertake a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, Diction can recognise whether and when an e-mail was opened by a data subject and which links in the e-mail were visited by the data subject.

Those personal data recorded by the tracking pixels contained in the newsletters are stored and assessed by the controller in order to optimise the newsletter mailing and to adapt the content of future newsletters even more to the interests of the data subject. These personal data are not passed on to third parties; nor are they used for purposes other than for the purposes mentioned above.

If the data subject withdraws his or her consent, these personal data are erased by the controller. Unsubscribing from the newsletter is automatically considered by Diction as withdrawal of consent. It then unilaterally initiates the aforementioned steps.

 

  1. Data protection in applications and application procedures

The controller collects and processes the personal data of applicants for the purpose of managing the application procedure. Processing can also be done electronically. This is particularly the case if an applicant transfers the corresponding application documents electronically to the controller, for example by an e-mail with PDF files or other data types as an attachment via a web form on the website.

If the controller concludes an employment contract with an applicant, the data provided for the purpose of managing the employment relationship are stored with Diction with due consideration of the statutory provisions and the securing of access for non-authorised employees and third parties.

If the controller does not conclude an employment contract with the applicant as the data subject, the application documents are automatically erased two months after the announcement of the rejection without any further notification of the applicant unless the controller has other legitimate interests that override the erasure. Other legitimate interests in this context are, for example, burdens of proof in a procedure in line with the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG) or the Swiss Gender Equality Act (Gleichstellungsgesetz GIG).

 

  1. Web analysis

Diction analyses website use by applying analytical tools of third parties such as Google Analytics (hereinafter generally referred to as the “analysis service provider”). Diction does not assume any responsibility or liability for any data processing by the providers of the tools.

 

  1. Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses cookies. These are text files that are stored on your computer and that allow analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored according to Article 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour to optimise both its website and its advertising.

IP anonymisation

We have activated the IP anonymisation feature on this website. Your IP address will be truncated by Google within the European Union or other states that are contracting parties to the Agreement on the European Economic Area prior to transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser plug-in

You can prevent these cookies from being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (including your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout?hl=en.

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the link below. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.

For more information about how Google Analytics handles user data, see Google’s privacy policy: www.support.google.com/analytics/answer/6004245?hl=en.

Outsourced data processing

We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics. Diction has a retention period of 26 months on Google Analytics for data associated with cookies, user IDs and advertising identifiers.

 Demographic data collection by Google Analytics

This website uses Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. The data collected cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account, or you can refuse permission for the collection of your data by Google Analytics as described in the section “Refusal of data collection”.

 

  1. Social media buttons

Functions (plug-ins) of third-party providers or social media platforms (Facebook Twitter, Google+, etc.) are embedded in Diction websites. These plug-ins enable the user to share contents in the aforementioned social networks. When the website is visited, the buttons are deactivated by default. This means that without any action by the user, no personal data can be transferred to the respective third-party providers. Once the user has activated the buttons, data, including personal data, are automatically transferred by the plug-ins to the corresponding third-party provider. If, when visiting the website, the user is registered at the same time in the network of the respective third-party provider, the third-party provider can assign the visit to the user’s network account. Diction has no influence on this. The data protection information of the respective social networks sets out the purpose and scope of this data collection and the further processing and use of the personal data. The users also obtain information there on the rights and configuration options in terms of protection of privacy.

 

  1. Facebook

Plug-ins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated into our website. You can identify the Facebook plug-ins from the Facebook logo or the Like button on our website. An overview of the Facebook plug-ins is available here: developers.facebook.com/docs/plugins/?locale=en_US [hier Link herstellen]. As the controller we would like to point out that Facebook functions like Follow or Like buttons are integrated into the website and data are transferred here (Facebook plug-in).

When you visit our websites, the plug-in establishes a direct connection between your browser and the Facebook server. This notifies Facebook that you, with your IP address, have visited our website. If you click on the Facebook Like button while you are logged into your Facebook account, you can link the contents of our website to your Facebook profile. This allows Facebook to attribute the visit to our website to your user account. We would like to point out that we, as the provider of the websites, do not obtain any information about the content of the data transferred or their use by Facebook. You can access further information on this in Facebook’s Data Policy at https://en-gb.facebook.com/policy.php.

 

  1. Twitter

Our website contains functions of Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA. If you use Twitter and in particular the Re-tweet function, Twitter links your Twitter account with the websites visited by you. This is disclosed to other users of Twitter, in particular your followers. This means that data are also transferred to Twitter.

We, as the controller of our website, are not informed by Twitter about the content of the data transferred or the data use. You can access further information on the following link: www.twitter.com/en/privacy.

Please note, however, that you have the option of changing your data protection settings on Twitter in your account settings at www.twitter.com/account/settings.

 

  1. LinkedIn

Our website uses functions of the LinkedIn network. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When you visit one of our web pages, that contains LinkedIn functions, a connection is established to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. When you click on the Recommend button of LinkedIn and you are logged into your account with LinkedIn, it is possible for LinkedIn to attribute your visit to our website to you and your user account. We would like to point out that we, as the provider of the websites, do not obtain any information about the content of the data transferred or their use by LinkedIn.

You can access further information on this in LinkedIn’s Privacy Policy at www.linkedin.com/legal/privacy-policy

 

  1. Xing

Our website uses the Share button of Xing. Hence, when this website is visited via your browser, a connection is established to the servers of Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany. This means that the share functions (e.g. the display of the counter value) are performed. Your personal data is not stored when you visit this website. More particularly Xing does not store any IP addresses, nor is your usage behaviour analysed. You can access the latest information on data protection with regard to the Share button and other relevant information at www.xing.com/app/share?op=data_protection.

 

  1. SSL encryption

For reasons of security and to protect the transfer of confidential contents, such as requests which you send to us as the website provider, this website uses SSL encryption. You can recognise an encrypted connection because the browser address line switches from “http://” to “https://” and a padlock icon is displayed in your browser line.

If SSL encryption is activated, the data which you transfer to us cannot be read by third parties.

 

  1. Right of access, erasure, blocking

You are entitled at any time to obtain, free of charge, access to your stored personal data, their source and recipients and the purpose of the data processing, and to rectify, block or erase these data. On this subject and on further questions relating to personal data, you can contact us at any time at the address of the DPO given in the legal information, and adequately inform yourself about your individual rights in our Data Protection Info Sheet.

 

  1. Right to object to e-mails sent for marketing purposes

An objection is hereby lodged to the use of contact data published in conjunction with the legal information obligation for the transmission of not explicitly requested marketing and information material. The providers of the website expressly reserve the right to take legal action in the event of the unsolicited mailing of marketing information such as spam e-mails.