Privacy Policy

General

With this privacy policy, we want to explain to you how we collect and process personal data.

In the course of our business activities, we are subject to Swiss data protection law, in particular the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (FADP), and, where applicable, foreign data protection law, in particular the General Data Protection Regulation (GDPR) of the European Union (EU). The latter is only applicable to natural persons residing in an EU/EEA state. The EU recognizes that Swiss data protection law ensures an adequate level of data protection.

By using our services and our website, you agree to the processing of the data collected about you in the manner described below and for the stated purpose. You may only provide us with the personal data of third parties if you are authorized to do so and the personal data is correct.

We may amend this privacy policy at any time and without prior notice. The current version published on our website applies.

Data Protection Controller

Responsibility for the privacy policy and the described data processing lies with:

Roventa-Henex SA
Rue H.-F. Sandoz 62
CH-2710 Tavannes

info@roventa-henex.com
‍Phone: +41 32 482 71 00

Authorized representatives:
Jérôme Biard, CEO
Simon Flückiger, CFO

Definitions

To begin, for better understanding, we will clarify the most important terms used below. In this regard, we adhere to the definitions from the Swiss Data Protection Act (Art. 3 FADP).

• Personal data: All information relating to an identified or identifiable person.
• Data subjects: Natural or legal persons about whom data is processed.
• Controller: A private person or a federal body who alone or jointly with others determines the purposes and means of the processing.
• Processing: Any handling of personal data, irrespective of the means and procedures applied, in particular the collection, storage, use, alteration, disclosure, archiving, or destruction of data.
• Processor: A private person or a federal body who processes personal data on behalf of the controller.

Collection and Processing of Personal Data

We process personal data that we receive from our customers, business partners, employees, authorities, and other involved persons and third parties in the course of our business activities, or that we collect from users when operating our website and other applications. In addition, we also collect publicly accessible data if necessary (e.g., from public registers, the internet, press, social media, etc.), insofar as this is necessary and permissible for the fulfillment of our business activities.

Purpose of Data Processing

We process personal data for the following purposes:

• Operating, maintaining, and improving our website.
• Responding to inquiries and requests submitted through our contact forms or directly by email (including communications sent to info@roventa-henex.com).
• Providing information about our collections, events, and other business activities.
• Sending newsletters and marketing communications where permitted by law or based on your consent.
• Analyzing website usage to improve our services and user experience.
• Ensuring the security of our website and IT systems.
• Complying with legal, regulatory, accounting, and tax obligations.
• Establishing, exercising, or defending legal claims.

We process personal data only where there is a valid legal basis, including the performance of a contract, compliance with legal obligations, our legitimate business interests, or your consent where required by applicable law.

If you contact us by email or through our website, we will process the information you provide in order to respond to your request, communicate with you, provide the requested services, and comply with any applicable legal obligations.

Legal Basis for Data Processing

We process personal data in accordance with Swiss data protection law pursuant to Art. 4 ff. FADP. Where a justification is required for the processing of your personal data, this is based either on your consent pursuant to Art. 13 para. 1 FADP or on a legal basis or on our overriding private interest in the data processing pursuant to Article 13 paragraph 2 letter a FADP.

Furthermore, we process personal data - insofar as the GDPR is applicable - in accordance with the following legal bases in connection with Art. 6 para. 1 GDPR:

• The data subject has given their consent to the processing of their personal data for one or more specific purposes (Art. 6 para. 1 lit. a GDPR) or
• processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 para. 1 lit. b GDPR) or
• processing is necessary for compliance with a legal obligation to which we as controllers are subject (Art. 6 para. 1 lit. c GDPR) or
• processing is necessary to protect the vital interests of the data subject or of another natural person (Art. 6 para. 1 lit. d GDPR) or
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as controllers (Art. 6 para. 1 lit. e GDPR) or
• processing is necessary for the purposes of the legitimate interests pursued by us as controllers or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Art. 6 para. 1 lit. f GDPR).

Duration of Processing of Personal Data

We process your personal data as long as we are legally obliged to do so or as long as our legitimate business interests require it or the purpose of collecting your data makes it necessary. The associated retention periods may mean that your personal data or extracts thereof must be kept for several years after the end of the contractual relationship between you and us. If your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as a matter of principle and as far as possible.

Data Processing in Connection with the Use of Our Website

Cookies

‍When you access our website, we collect certain information with the help of cookies. Cookies are text files that are stored on your computer. This allows us to improve the user-friendliness and performance of our website. You can configure your browser so that no cookies are stored on your computer or a notice always appears before a cookie is installed. Below you will find explanations on the cookie configuration options for the most common browsers:

• Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
• Microsoft Windows Internet Explorer and Microsoft Edge: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
• Mozilla Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop?redirectslug=enable-and-disable-cookies-website-preferences&redirectlocale=en-US
• Apple Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Please note that completely deactivating cookies may result in our website not functioning or not functioning completely.

Within the scope of the GDPR, this data is processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing a modern website and ensuring its convenient use.

Website Hosting Provider

‍We host our website with Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter: Webflow). With each visit to our website, Webflow automatically collects and stores information (server log files) that your browser transmits. This includes the name and URL of the retrieved file, date and time of access, data volume, web browser and web browser version, operating system, the domain name of your internet provider, the so-called referrer URL (the page from which you accessed our offer), and the IP address.

Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are necessary for the display of the page, for the provision of certain website functions, and for ensuring security (necessary cookies).

You can find more information in Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://webflow.com/legal/eu-privacy-policy

We have also concluded a data processing agreement with Webflow. In it, Webflow undertakes to process the personal data of website visitors only in accordance with our instructions and in compliance with the GDPR. Details can be found here: https://webflow.com/legal/dpa

The aforementioned data is processed by us for the following purposes:

• Ensuring a smooth connection setup of the website,
• Ensuring a comfortable use and reliable display of our website,
• Evaluation of system security and stability as well as
• for other administrative purposes and in the event of unlawful use of our website or our services.
• Within the scope of the GDPR, this data is processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in accordance with the purposes listed above.

Links to other websites

‍Our website contains hyperlinks to third-party websites that are not operated or controlled by us. We are not responsible for their content or data protection practices.

Google Inc.

‍Our website uses functions and services from Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

In addition to the following explanations, you will find further information on data protection at Google in the Google privacy policy: https://policies.google.com/privacy

Within the scope of the GDPR, the processing of any personal data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in an appealing internet presence and in increasing our reach or based on your consent (Art. 6 para. 1 lit. a GDPR).

We integrate Google Fonts for the use of fonts. The Google Fonts are installed locally. A connection to Google's servers does not take place. Further information on Google Web Fonts can be found at: https://developers.google.com/fonts/faq

We use Google Analytics to obtain web statistics. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage in the settings there under "My data", "personal data".

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. We would like to point out that on this website Google Analytics has been extended by the code "anonymizeIP" in order to ensure anonymous collection of IP addresses. As a result, IP addresses are processed in a shortened form, which means that they cannot be directly linked to a person. If the data collected about you has a personal reference, this is immediately excluded and the personal data is deleted immediately.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and internet use to the website operator.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link:

Disable Google Analyticshttps://tools.google.com/dlpage/gaoptout?hl=en

Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus, for example, integrate Google Analytics and other Google marketing services into our online offering. The Tag Manager itself, which implements the tags, does not process any personal data of the users. With regard to the processing of users' personal data, reference is made to the following information on Google services. Terms of use: https://www.google.com/intl/en/tagmanager/use-policy.html

Further Data Processing

General

‍When you use our services or contact us, we collect and process - depending on the business case - the following general personal data about you:

• Personal details (first name, last name, position, function, title, etc.)
• Contact details (addresses, telephone numbers, email addresses, etc.)
• Order data (communication with customers, business partners, etc. as well as information that is provided to us by you or third parties in connection with the underlying order between you and us in oral, written and/or electronic form, as well as work results created by us from this information)
• Performance and billing data (information about services rendered, billing data, proof of performance, invoices, payments, bank details, etc.)
• Within the scope of the GDPR, this data is processed either for the purpose of initiating and fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in processing the inquiries addressed to us.

Forms of Contact

‍If you contact us outside of our website (e.g., by e-mail, telephone, post), your inquiry, including all personal data transmitted by you, will be stored and processed by us for the purpose of processing your request. You are responsible for the content you transmit. We recommend that you only transmit confidential data in encrypted form.

Within the scope of the GDPR, this data is processed either for the purpose of initiating and fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in processing the inquiries addressed to us.

Order Data

‍We receive data in connection with an order by post, email, or in person. We treat your data confidentially.

We process the personal data provided to us as part of your order and collected during the processing of the order to the extent and for as long as this is necessary to fulfill our order.

Within the scope of the GDPR, this data is processed either for the purpose of initiating and fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in processing the order transferred to us.

Data Transfer to Third Parties

General

‍We treat your personal data confidentially. To the extent legally permissible and necessary, we may nevertheless also pass on certain personal data to third parties in the course of our business activities. These include, among others:

• Our service providers (including processors), such as banks, IT providers, industry software, etc.
• Business partners, affiliated organizations and their employees, external consultants, experts.

These third parties are generally located in Switzerland, but under certain circumstances a transfer abroad (EU/EEA) or to third countries (outside Switzerland and the EU/EEA and thus worldwide) may also take place. By taking appropriate measures, we ensure that the legal requirements are met. Specifically, an adequacy decision by the competent authority is in place. If there is no such decision, the transfer of personal data is based on appropriate safeguards (in particular Binding Corporate Rules or standard contractual clauses of the EU Commission) or there are exceptions for certain situations (contract processing, legal enforcement abroad, etc.) or we obtain your express consent.

Within the scope of the GDPR, such a transfer of personal data to third parties takes place either for the purpose of initiating and fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or based on our legitimate interest (Art. 6 para. 1 lit. f GDPR).

Note on data transfer to the USA

‍We also use tools and services from companies based in the USA. This may result in your personal data being transferred to the US servers of the respective companies. We would like to point out that the USA is currently not considered a safe third country within the meaning of EU and also Swiss data protection law. In this respect, there is a risk that US authorities may access this personal data without you, as the data subject, being able to defend yourself against it. We have no influence on these processing activities. We ensure that your personal data is adequately protected through contractual agreements with these companies and, if necessary, through additional appropriate guarantees.

Within the scope of the GDPR, this data transfer is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) or based on your consent (Art. 6 para. 1 lit. a GDPR).

Data Processing Agreements

‍Where necessary, we have concluded corresponding data processing agreements with our data processors. In these agreements, the data processors undertake to comply with the data protection and data security regulations. In addition, they grant us comprehensive auditing and control rights as well as rights of access, rectification, and deletion.

Social Networks (Social Media)

General

‍We maintain publicly accessible profiles on social networks. When you visit these profiles, the network collects and processes your information within the following framework.

By visiting our profiles on social networks, personal data about you may be collected. For example, if you are logged into your accounts on the social networks and visit our profile at the same time, the portal operator may be able to assign this visit to your user account. But even if you have logged out of your account or if you do not have an account with the respective portal, your personal data may still be collected. Such data collection can, for example, be done by setting cookies. Based on the data collected in this way, the portal operators can create user profiles and show you interest-based advertising. You can find more information on this in the respective privacy policies of the portal operators.

Within the scope of the GDPR, the use of social networks and the associated data processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). In particular, we want to present ourselves on the internet and increase our reach.

Google My Business

‍We use Google My Business from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). When you visit and interact with our Google My Business listing, Google also collects your IP address and other information that is collected in the form of cookies on your end device. This information is collected for statistical purposes. The data collected about you in this context is processed by Google and may also be transferred to the USA. The use of Google My Business is at your own risk.

Further details can be found in the Google privacy policy: https://policies.google.com/privacy

Your Rights as a Data Subject

Provided the legal requirements are met, you as a data subject have the right,

• upon request, to receive free information about whether and, if so, which personal data we process about you
• to have incorrect personal data rectified
• to restrict the processing of your personal data
• to block your personal data
• to have your personal data deleted, unless this conflicts with a legal obligation to retain data
• to data portability
• to revoke consent given for the processing of your personal data with effect for the future
• to object to the processing of your personal data

If you believe that your data has been processed unlawfully, you can file a complaint with the competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

If you wish to have your personal data corrected, blocked, deleted, or wish to receive information about the personal data stored about you, or if you have questions regarding the collection, processing, or use of your personal data, or if you wish to revoke your consent, you can contact the data protection controller named above at any time.

Data Security

To secure your data, we maintain technical and organizational security measures in accordance with the current state of the art.

Communication via our website is encrypted using the SSL/TLS encryption protocol. However, we would like to point out that even encrypted data transmission on the internet always involves security risks. Complete protection of data from access by third parties cannot be guaranteed.