Privacy Policy

The protection of your privacy and the confidentiality of your data are very important to us. If you are in business contact with us, IMS Integrated Management Systems AG (hereinafter abbreviated to «IMS AG»), or visit our website www.ims-ag.com, we process your data. Our data processing takes place following the Swiss Data Protection Act and - where applicable - the European General Data Protection Regulation (hereinafter abbreviated to "GDPR"). The version published on our website applies.

1. Who processes personal data)

The responsible in terms of data protection law is

IMS Integrated Management Systems AG
Suurstoffi 2
6343 Rotkreuz Switzerland

If you have any questions or suggestions regarding data protection at IMS AG, you can contact our company data protection officer at any time:

Fabian Steffen
Suurstoffi 2
6343 Rotkreuz
Phone: +41 41 798 04 91
Email: fabian.steffen@ims-ag.com

We have the following data protection representation according to Art. 27 GDPR in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as an additional point of contact for supervisory authorities and data subjects for inquiries related to the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner UG
Am Kaiserkai 69
20457 Hamburg
Germany
info@datenschutzpartner.eu

2. What measures have we taken to ensure the security of your data?

We have implemented appropriate and suitable technical and organizational measures to ensure data protection and, in particular, data security. The measures are regularly checked and adapted to current requirements.

We store our data on the servers of Swisscom AG, CH-3050 Bern in Switzerland, and also create backups on the servers of Netcloud AG, Schlachthofstrasse 19, 8406 Winterthur in Switzerland.

Access to our website and web-based services takes place using transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS).

3. Which personal data do we process for which purpose and on which legal basis?

A. If you are a business customer of ours

If you contact us for a business relationship, in particular, to obtain one of our services, we collect the following information from you: Salutation, title if applicable, first name, surname, e-mail address, telephone number (landline and/or mobile), contact data (including postal address), contract data for processing, billing data and data on past payment behavior and bank data (bank, bank details, credit information, etc.). We process this data to fulfill our services in accordance with the contract concluded with you or to carry out contract negotiations or the submission of offers.

The processing is necessary to fulfill the purpose of the contractor to carry out pre-contractual measures and is therefore based on the legal basis in accordance with Article 6 Paragraph 1 lit. b GDPR.

As part of our contractual services, we use the software TeamViewer ("TeamViewer Software") for remote maintenance and support services and thus have access to the user interface of the end device of the respective employee. In this context, personal data may be processed. The use of TeamViewer takes place with your consent and is therefore based on the legal basis in accordance with Article 6 (1) (a) GDPR. The software is provided by TeamViewer Germany GmbH (“TeamViewer”), ​​Bahnhofsplatz 2, 73033 Göppingen, Germany and we have concluded a corresponding order processing contract with TeamViewer.

We use the Microsoft Teams software from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft") in business contact with our customers for audio and video conferences. In this context, personal data may be processed. Microsoft Teams is used with your consent and is therefore based on the legal basis following Article 6 (1) (a) GDPR. We have concluded a corresponding contract for order processing with Microsoft.

B. Newsletter

If you have agreed, you will regularly receive our newsletter with information about our offers, further developments of our services, etc. Our newsletter may contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked on. Such weblinks and tracking pixels can also record the use of the newsletter on a personal basis. We need this statistical recording of usage for success and range measurement to be able to offer our newsletter effectively and user-friendly as well as permanently, securely, and reliably based on the needs and reading habits of the recipients.

You have consented to the use of your e-mail address and your other contact details for the newsletter unless the use of the data is permitted for other legal reasons (in particular for the processing of our services). If possible, we use the "double opt-in" procedure to consent to receiving the newsletter, i.e. you will receive an e-mail with a web link that you must click to confirm so that no misuse by unauthorized third parties can take place. We may log such consents, including Internet Protocol (IP) address and date and time, for evidentiary and security reasons. You can always unsubscribe from the newsletter at any time.

The newsletter is sent based on your consent and therefore on a legal basis per Article 6 Paragraph 1 lit. a GDPR or as part of the fulfillment of the contract following Article 6 Paragraph 1 lit. b GDPR.

We send our newsletter via the service of Umbraco A/S, Haubergsvej 1, 5000 Odense C, Denmark ("Umbraco") and we have entered into a corresponding data processing agreement with Umbraco.

C. Webinars and online events

We offer webinars for customers and interested third parties. To conduct the webinar, we process the personal data of the participants (in particular first name, surname, and e-mail address).

The processing of your personal data, which you provide to us when registering, takes place as part of our service to offer the webinar and is therefore based on Article 6 (1) (b) GDPR.

We use the Veertly software from Veertly GmbH, c/o João Elói Trindade de Aguiam, Avenue Général-Guisan 22, 1180 Rolle, Switzerland ("Veertly") to conduct the webinars.< /p>

D. Website

1. General Information

We operate our website via the hosting provider Swisscom AG and via the content management system from Umbraco (see Chapter III.B).

2. Contact Form

If you contact us via our contact form on our website, give us your contact details, which we will use for the information you have requested (e.g. case studies). The processing of your personal data takes place based on your consent and thus per Article 6 (1) (a) GDPR. Your contact details are provided to us via the service provided by Umbraco A/S, Haubergsvej 1, 5000 Odense C, Denmark ("Umbraco"). We have concluded a corresponding order processing contract with Umbraco.

3. Link to social media platforms

We are present on various social media platforms and our website contains links to our respective profiles and pages on the platforms.

These are the following platforms: the XING platform, which is offered by the provider New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany ("XING"); the LinkedIn platform of the provider LinkedIn Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"); the Twitter platform of Twitter International Company, 1 Cumberland Place, Fenian Street, Dublin 2, Dublin, Ireland ("Twitter"); the YouTube video platform from Youtube LLC, 901 Cherry Avenue, San Bruno, California, USA (“Youtube”) (Xing, LinkedIn, Twitter, and Youtube together “Social Media Providers » called).

Concerning our profiles and pages on the social media platforms, the general terms and conditions and terms of use, as well as data protection declarations and other provisions of the social media providers, apply.

So-called plugins for the platforms mentioned above are also installed on our website. Each time a page of our website that contains functions of one of the platforms is called up, a connection to the servers of the respective social media provider is established. The social media provider is informed that you have visited our website with your IP address. If you click a "button" on a platform and are logged into your account on the platform, the respective social media provider can assign your visit to this website to you and your user account. We would like to point out that as the provider of our website, we do not know the content of the data transmitted or how it is used by the respective social media provider. The plugins are used based on Article 6 (1) (f) GDPR. We have a legitimate interest in improving our services by increasing our visibility on social media. If a corresponding consent was requested, the processing takes place based on Art. 6 Para. 1 lit. a DSGVO. Since the parent companies of LinkedIn, Twitter, Facebook, and YouTube are based in the USA, data transmission to the USA cannot be ruled out. Data transfer to the USA is based on the standard contractual clauses approved by the EU Commission.

4. Third-Party Services

The Google Maps map service operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") is integrated on our website. We do not process any data in connection with Google Maps.

We use the reCAPTCHA function on our website, which is offered and operated by Google. The purpose of reCAPTCHA is to check whether the data entered on this website (e.g. in a contact form) is done by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the website visitor spends on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place. The storage and analysis of the data take place based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in protecting our services from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing takes place exclusively based on Article 6 (1) (a) GDPR. Since the parent company Google is based in the USA, data transfer to the USA cannot be ruled out. Data transfer to the USA is based on the standard contractual clauses approved by the EU Commission.

We also use the Google Ads service from Google. Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data (e.g. location data and interests) available from Google (target group targeting). As the website operator, we can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks. Google Ads is used based on Article 6 (1) (f) GDPR. We have a legitimate interest in improving the marketing of our services. Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

We also use the functions of the web analysis service Google Analytics from Google. Google Analytics enables us to analyze the behavior of our website visitors. We receive various usage data, such as B. Page views, length of stay, operating systems used, and origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their device. Furthermore, we can use Google Analytics u. Record your mouse and scroll movements and clicks. Furthermore, Google Analytics uses various modeling approaches to supplement the recorded data sets and uses machine learning technologies for data analysis. Google Analytics uses technologies that enable the user to be recognized to analyze user behavior (e.g. cookies or device fingerprinting). We only use Google Analytics with the setting with anonymized IP addresses. The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there. This analysis tool is used based on Article 6 (1) (f) GDPR. We have a legitimate interest in analyzing user behavior to improve our services. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing takes place exclusively based on Article 6 (1) (a) GDPR. Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

We use Friendly Automate to send emails and evaluate the behavior of our contacts in emails and on our website. Friendly Automate is a service provided by the Swiss company Friendly GmbH, which stores all personal data exclusively on dedicated servers in the EU or Switzerland. Friendly Automate sends emails via Amazon AWS with locations in the EU. Information on the type, scope, and purpose of data processing can be found in the Privacy Policy by Friendly Automate.

5. Server log files

We can record the following information for each access to our website, provided that this is transmitted from your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), an operating system including user interface and version, browser including language and version, individual subpages of our website called up including amount of data transferred, last website called up in the same browser window (referrer).

We store such information, which may also represent personal data, in server log files. The processing is based on Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is to provide our website in a permanent, user-friendly, and reliable manner and to be able to ensure data security and thus, in particular, the protection of personal data.

6. Cookies

Cookies are small text files that we use on our website to make the user experience more efficient. We process the following data from you: navigation path that a visitor follows on the website, length of stay on the website or subpage, subpage on which the website is left, country, region or city from which access is made, end device (type, version, color depth, resolution, width, and height of the browser window), returning or new visitor.

We may store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your consent. If you have given your consent, we use cookies on our website for marketing, statistical and preference purposes. Some cookies are placed by third parties that appear on our website.

We use Cookiebot as a consent management system.

IV. Are you obliged to provide us with personal data?

A. Business customers

In the context of business contact, you are obliged to provide us with at least the first name, surname, and e-mail address of a contact person so that we can provide our services. In addition, you are not obliged to provide us with personal data. We may limit our services if you choose not to provide us with certain additional information.

B. newsletters

Regarding the newsletter, you only have to provide us with personal data if you wish to subscribe to the newsletter.

C. Webinars

To visit our webinars, you must give us your first name, surname, and e-mail address, as well as other information depending on the webinar.

D. Website

You are not obliged to provide us with personal data when you visit our website. Certain functions of the website may not be used at all or not fully or may not be displayed optimally (e.g. if you have not given your consent to cookies).

v. Will your personal data be passed on to third parties?

Your personal data will only be transmitted to third parties for the above-mentioned purposes and your data will only be passed on to third parties on the basis of the above-mentioned legal bases.

In particular, your data will be transmitted to the following locations for the following purposes:

• Swisscom for storage using a cloud solution with Swisscom servers in Switzerland;
• Netcloud for storing our backups using a cloud solution with servers from Netcloud in Switzerland;
• To TeamViewer in connection with the use of the TeamViewer software in accordance with Chapter III.A;
• To Microsoft in connection with the use of Microsoft Teams in accordance with Chapter III.A;
• To Umbraco in connection with sending out the newsletter in accordance with Chapter III.B;
• To Umbraco in connection with the contact form in accordance with Chapter III.D.2;
• To Veertly in connection with attending our webinars in accordance with Chapter III.C;
• To Google in connection with reCAPTCHA, GoogleAds and Google Analytics according to Chapter III.D.4;

The data passed on may only be processed by the third party for the above-mentioned purposes.

VI. Will your data be passed on to countries outside of Switzerland and the European Union?

If we pass on data to third parties, these are generally located in Switzerland or the European Union. If the third parties are located in another country, according to the assessment of the Federal Data Protection and Information Commissioner resp. the European Commission adequate data protection or there is a corresponding contractual agreement, in particular, based on standard contractual clauses, or a corresponding certification that guarantees data protection.

We transfer your data to a country outside of Switzerland and the European Union in the following constellations:

• To Microsoft in connection with the use of Microsoft Teams per Chapter III.A.;
• To Google in connection with reCAPTCHA, GoogleAds, and Google Analytics according to Chapter III.D.4.

VII. How long will your data be kept?

Your personal data will be deleted as soon as they are no longer required for the purpose for which they were collected. Exceptions are cases in which the law provides for longer storage. In this case, the data will be stored until the statutory retention periods have expired (usually 10 years) and then deleted. If you have agreed to longer storage, we will store your data by your consent following Article 6 Paragraph 1 lit. a GDPR.

VIII. What rights do you have concerning your data?

As a data subject according to the GDPR, you have the following rights towards us, IMS AG, as the person responsible:

• Information about personal data concerning you (Article 15 GDPR);
• Correction of incorrect personal data concerning you (Article 16 GDPR);
• Deletion of personal data (Article 17 GDPR);
• Restriction of the processing of personal data (Article 18 GDPR);
• Objection to the processing of personal data (Art. 21 GDPR).
• Withdraw your consent to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future (Art. 7 Para. 3 DSGVO)
• Right to data portability (Art. 20 GDPR)
• Right to complain to a supervisory authority You have the right to contact the competent supervisory authority for data protection if you believe that the processing of your data is not lawful. (Art. 77 GDPR)
• To exercise your rights, you can contact us at any time without hesitation by e-mail or post using the contact details given under Section I. of this data protection declaration.

Insofar as your data was collected based on the legitimate interests of the person responsible (Art. 6 Para. 1 lit. f GDPR), you have the right to object to the processing. To exercise your right, just send an email to solutions@ims-ag.com.

IX. Do you have any questions for us?

If you have any questions about the processing of your data, our data protection officer (contact details above in section I. of this data protection declaration) will be happy to help you at any time.

Copyright

The contents of this website are protected by copyright. The content of this site may not be reproduced in any form (photocopy, microfilm, or any other method) or processed, duplicated, or distributed using electronic systems without the written consent of IMS Integrated Management Systems AG unless the contrary is expressly stated.</p >