Privacy Policy

1. What is this Privacy Notice about?

1st Log AG (hereinafter also referred to as “we”, “us”) collects and processes personal data regarding you or other persons (so-called "third parties"). We use the term “data” here synonymously with “personal data” or “personal information”.

In this Privacy Notice we describe what we do with your data when you
use https://www.1st-log.com/, https://jobs.1st-log.com/ and our apps (hereinafter collectively referred to as the “website”), purchase our services or products, are otherwise in contact with us under a contract, communicate with us, or otherwise deal with us. If necessary, we will inform you in writing in good time of any additional processing activities not mentioned in this Privacy Notice. In addition, we may inform you separately about the processing of your data, e.g. in declarations of consent, contractual terms, additional privacy notices, forms, and references.

If you send us or disclose data about other persons, such as family members, work colleagues, etc., we assume that you are authorised to do so and that these data are correct. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed of this privacy notice.

This privacy notice is designed to meet the requirements of the EU General Data Protection Regulation (“GDPR”) and the Swiss Data Protection Act (“DSG”). Whether and to what extent these laws are applicable, however, depends on the individual case.

2. Who is responsible for processing your data?

For the data processing of 1st-log described in this Privacy Notice, 1st Log AG, In der Euelwies 22 CH-8408 Winterthur (“1st-log”), is responsible under data protection law, unless otherwise communicated in individual cases, e.g. in further privacy notices, on forms, or in contracts.

You can contact us as follows regarding your concerns about data protection and to exercise your rights in accordance with section 11:

1st Log AG
In der Euelwies 22
CH-8408 Winterthur

info@1st-log.com

We have created the following additional positions:

Data protection representative in the EU pursuant to Art. 27 GDPR:

SIDD Datenschutz Deutschland UG (limited liability)
Schellingstr. 109a
80798 München

You can also contact these offices about data protection matters.

3. What data do we process?

We process different categories of data about you. The most important categories are as follows:

  • Technical data: When you use our website or other electronic offerings, we collect the IP address of your terminal device and other technical data to ensure the functionality and security of these offerings. These data also includes logs in which the use of our systems is recorded. We generally retain technical data for 12 months. To ensure the functionality of these offerings, we can also assign an individual code to you or to your terminal device (e.g. in the form of a cookie, see section 12). The technical data by themselves do not enable any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls, or the execution of contracts, they may be linked to other categories of data (and thus possibly to your person).
  • Registration data: Certain offerings and services (e.g. login areas of our website, newsletter dispatch, etc.) can only be used with a user account or registration, which requires you to log in directly with us or via our external login service providers. To do this, you must provide us with certain data and we collect data on the use of the offering or the service. Registration data may be collected during access controls to certain facilities. Depending on the control system, biometric data may also be collected. As a rule, we retain registration data for 12 months after the end of use of the service or the termination of the user account.
  • Communication data: If you contact us via the contact form, by e-mail, telephone or chat, by letter or by other means of communication, we collect the data exchanged between you and us, including your contact details and the marginal data of the communication. If we record or listen in on telephone conversations or video conferences, e.g. for training and quality assurance purposes, we will draw your attention to this fact. Such recordings may only be made and used in accordance with our internal guidelines. You will be informed if and when such recordings take place, e.g. by a display during the relevant video conference. If you do not wish to be recorded, please let us know or end your participation. If we want or need to establish your identity, e.g. if you request information, apply for media access, etc., we collect data to identify you (e.g. a copy of an identity document). As a rule, we store these data for 12 months from the last exchange with you. This period may be longer if this is necessary for reasons of proof, to comply with legal or contractual requirements, or for technical reasons. E-mails in personal mailboxes and written correspondence are generally stored for at least 10 years. Recordings of (video) conferences are generally kept for 24 months. As a rule, chats are stored for 2 years.
  • Master data: Master data refers to the basic data that we require in addition to the contract data (see below) for the execution of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information, e.g. about your role and function, your bank account details, your date of birth, client history, powers of attorney, signature authorisations, and declarations of consent. We process your master data if you are a client or other business contact or are working for such a person (e.g. as a contact person of the business partner), or because we wish to contact you for our own purposes or the purposes of a contractual partner (e.g. as part of marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.). We receive master data from you (e.g. when you make a purchase or if you register), from bodies for which you work or from third parties such as our contractual partners, associations and address brokers, and from publicly accessible sources such as public registers or the Internet (websites, social media, etc.). As a rule, we store these data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof, or to comply with legal or contractual requirements, or for technical reasons. For pure marketing and advertising contacts, the period is generally much shorter, usually no more than 2 years since the last contact.
  • Contract data: These are data that are generated in connection with the conclusion or execution of a contract, e.g. information on contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, the information required or used for execution, and information on reactions (e.g. complaints or information on satisfaction, etc.). We generally collect these data from you, from contractual partners, and from third parties involved in the execution of the contract, but also from third-party sources (e.g. providers of credit rating information) and publicly accessible sources. As a rule, we store these data for 10 years from the last contract activity, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof, or to comply with legal or contractual requirements, or for technical reasons.
  • Behavioural and preference data: Depending on our relationship with you, we endeavour to get to know you and improve the way we tailor our products, services and offers to you. For this purpose, we collect and use data about your behaviour (website) and your preferences (e.g. if you tell us that you are interested in a service). We anonymise or delete these data after 24 months if they are no longer meaningful for the purposes pursued. This period may be longer if this is necessary for reasons of proof, or to comply with legal or contractual requirements, or for technical reasons. We describe how tracking works on our website in clause 12.
  • Other data: We also collect data from you in other situations. Data (such as files, evidence, etc.) that may also relate to you are collected in connection with official or court proceedings. We may also collect data for health protection reasons (e.g. as part of protection concepts). We may receive or produce photos, videos, and sound recordings in which you may be recognisable (e.g. at events, through security cameras, etc.). We may also collect data about who enters certain buildings and when, or has corresponding access rights (including at access controls, based on registration data or visitor lists, etc.), who participates in events or campaigns (e.g. competitions) and when, or who uses our infrastructure and systems and when. The retention period of these data depends on the purpose and is limited to what is necessary. This ranges from a few days for many security cameras and usually a few weeks for contact tracing data, to visitor data that is generally stored for three months, to reports on events with images that can be stored for several years or longer.

Many of the data mentioned in this clause 3you provide to us yourself (e.g. via forms, in the context of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, except individual cases, such as within the scope of compulsory protection concepts (legal obligations). If you wish to conclude contracts with us or use our services, you must also provide us with data as part of your contractual obligation under the relevant contract, in particular, master data, contract data, and registration data. The processing of technical data is unavoidable when using our website. If you wish to gain access to certain systems or buildings, you must provide us with registration data. With regard to behaviour and preference data, however, you always have the option of objecting or not giving your consent.

Insofar as this is not unlawful, we also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet, including social media) or receive data from authorities and other third parties (such as credit agencies, address brokers, associations, contractual partners, internet analysis services, etc.).

4. For what purposes do we process your data?

We process your data for the purposes explained below. Further information about the online segment can be found in clause 12 and 13. These purposes and the underlying objectives represent legitimate interests of us and, where applicable, of third parties. You will find further information on the legal basis of our processing in clause 5.

We process your data for purposes in connection with communication with you, in particular for responding to enquiries and the assertion of your rights (clause 11) and to contact you in the event of queries. For this purpose, we use, in particular, communication data and master data and in connection with offerings and services used by you, also registration data. We store such data in order to document our communication with you for training purposes, for quality assurance, and for enquiries.

We process data for the establishment, administration, and handling of contractual relationships.

We process data for marketing purposes and for maintaining relations, e.g. sending our clients and other contractual partners personalised advertising about our products and services and those of third parties (e.g. advertising contract partners). This may take the form of newsletters and other regular contacts (electronically, by post, by telephone), via other channels for which we have contact information from you, but also as part of individual marketing campaigns (e.g. events, competitions, etc.) and may also include free services (e.g. invitations, vouchers, etc.). You can reject such contacts at any time (see at the end of this clause 4) or refuse or revoke your consent to be contacted for advertising purposes. With your consent, we can tailor our online advertising on the Internet more specifically to you (see section 12 ).

We also process your data for market research, to improve our services and operations and for product development.

We may also process your data for security purposes and for access control.

We process personal data to comply with laws, instructions, and recommendations from authorities and internal regulations ("compliance").

We also process data for the purposes of our risk management and as part of prudent corporate governance, including business organisation and corporate development.

We may process your data for other purposes, e.g. as part of our internal processes and administration or for training and quality assurance purposes.

5. On what basis do we process your data?

If we ask you for your consent for specific processing (e.g. for the processing of particularly sensitive personal data, for marketing mailings, for the creation of personalised movement profiles and for advertising control and behaviour analysis on the website), we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time with effect for the future by sending us a written notification (by post) or, unless otherwise stated or agreed, by e-mail; our contact details can be found in clause . 2. To withdraw your consent to online tracking, see clause 12. Where you have a user account, you may also be able to withdraw your consent or contact us via the relevant website or other service. Once we have received notification of your withdrawal of consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before it was withdrawn.

Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in it, in particular to pursue the purposes and associated objectives described above under clause 4 and to be able to carry out corresponding measures. Our legitimate interests also include compliance with statutory provisions, unless this is already recognised as a legal basis by the applicable data protection law (e.g. in the case of the GDPR, the law in the EEA and Switzerland). However, this also includes the marketing of our products and services, an interest in better understanding our markets, and the safe and efficient management and further development of our company, including its operations.

If we receive sensitive data (e.g. health data, information on political, religious, or ideological views or biometric data for identification purposes), we may also process your data based on other legal bases, e.g. in the event of disputes due to the necessity of processing for any legal proceedings or the enforcement of or defence against legal claims. In individual cases, other legal grounds may apply. If necessary, we will communicate this to you separately.

6. What applies to profiling and automated individual decisions-making?

We may automatically evaluate specific personal characteristics of yours (“profiling”) for the purposes mentioned in clause 4 using your data (clause 3) if we want to determine preference data, but also to determine risks of misuse and security risks, to carry out statistical analyses, or for operational planning purposes. For the same purposes, we can also create profiles, i.e. we can combine behavioural and preference data, but also master and contract data and technical data assigned to you in order to better understand you as a person with your various interests and other characteristics.

In both cases, we pay attention to the proportionality and reliability of the results and take measures to prevent misuse of these profiles or profiling. If these can have legal consequences for you or significantly disadvantage you, we conduct a manual review as a matter of principle.

7. To whom do we disclose your data?

In connection with our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes listed in clause 4, we also transfer your personal data to third parties, in particular to the following categories of recipients:

  • Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or under joint responsibility with us or who receive data about you from us on their own responsibility (e.g. IT providers, mail order companies, advertising service providers, login service providers, cleaning companies, security companies, banks, insurance companies, debt collection companies, credit agencies or address verifiers). This may also include health data. For information on the service providers used for the website, see clause. 12. Our central IT service providers are Microsoft, OVH, and Hetzner.
  • Contractual partners including clients: This initially refers to clients (e.g. service recipients) and other contractual partners of ours, because this data transfer arises from these contracts. If you work for such a contractual partner yourself, we may also transmit data about you to them in this context. The recipients also include contractual partners with whom we cooperate or who advertise for us and to whom we therefore transmit data about you for analysis and marketing purposes (these may in turn be service recipients, but also, for example, sponsors and providers of online advertising). We require these partners to only send you advertising or display it based on your data if you have consented to this (for the online segment, see clause 12).
  • Authorities: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. This may also include health data. The authorities process data about you that they receive from us on their own responsibility.
  • Other persons: This refers to other cases where the inclusion of third parties arises from the purposes in accordance with clause4, e.g. service recipients, media and associations in which we participate, or if you are part of one of our publications.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

We also allow certain third parties to collect personal data from you on our website and at our events (e.g. media photographers, providers of tools that we have integrated on our website, etc.). Insofar as we are not crucially involved in this data collection, these third parties are solely responsible for it. If you have any concerns and wish to assert your data protection rights, please contact these third parties directly. Cf. clause 12 for the website.

8. Is your personal data also sent abroad?

As explained in clause 7, we also disclose data to other bodies. These are not only located in Switzerland. Your data can therefore be processed both in Europe and in the USA; in exceptional cases, however, in any country in the world.

If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose we use the revised standard contractual clauses of the European Commission, which can be retrieved here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? ), unless the recipient is already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption clause. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.

Please also note that data exchanged via the Internet is often routed via third countries. Your data can therefore be sent abroad even if the sender and recipient are in the same country.

9. How long do we process your data?

We process your data for as long as required by our processing purposes, the statutory retention periods, and our legitimate interests in processing for documentation and evidence purposes, or for as long as storage is required for technical reasons. Further information on the respective storage and processing period can be found in the individual data categories in clause 3 or in the cookie categories in clause 12. If there are no legal or contractual obligations to the contrary, we will delete or anonymise your data after the storage or processing period has expired as part of our usual processes.

10. How do we protect your data?

We take appropriate security measures to protect the confidentiality, integrity, and availability of your personal data, to protect it against unauthorised or unlawful processing and to counteract the risks of loss, unintentional modification, unintended disclosure, or unauthorised access.

11. What rights do you have?

Under certain circumstances, the applicable data protection law grants you the right to object to the processing of your data, in particular for the purposes of direct marketing, profiling for direct advertising, and other legitimate interests in processing.

To make it easier for you to control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

  • The right to request information from us as to whether and which of your data we process;
  • the right to have us correct data if it is incorrect;
  • the right to request the deletion of data;
  • the right to obtain from us the personal data concerning you in a commonly used electronic format or to transmit those data to another controller;
  • the right to withdraw consent where our processing is based on your consent;
  • the right to receive, on request, further information necessary for the exercise of these rights;
  • the right to express your point of view in the case of automated individual decision-making (clause 6) and to request that the decision be reviewed by a natural person.

If you wish to exercise the above rights against us, please contact us in writing, at our premises or, unless otherwise stated or agreed, by e-mail; our contact details can be found in clause 2. So that we can rule out misuse, we must identify you (e.g. with a copy of your identification document, if this is not otherwise possible).

Please note that these rights are subject to conditions, exceptions, or restrictions under the applicable data protection law (e.g. to protect third parties or business secrets). We will inform you accordingly if necessary.

If you do not agree with our handling of your rights or data protection, please let us know (clause2). In particular, if you are located in the EEA, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with the data protection supervisory authority in your country. A list of the authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de. You can contact the supervisory authority of the United Kingdom here: https://ico.org.uk/global/contact-us/. You can contact the Swiss supervisory authority here: https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/adresse.html.

12. Do we use online tracking and online advertising techniques?

We use various technologies on our website with which we and third parties engaged by us can recognise you when you use our website and, under certain circumstances, track you over several visits. We will inform you about this in this section.

In essence, this is so that we can distinguish access by you (via your system) from access by other users, so that we can ensure the functionality of the website and carry out evaluations and personalisation. We do not want to draw any conclusions about your identity, even if we can, insofar as we or third parties engaged by us can identify you through a combination with registration data. Even without registration data, however, the technologies used are designed in such a way that you are recognised as an individual visitor each time you access a page, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (so-called “Cookie”).

We use such technologies on our website and allow certain third parties to do the same. You can program your browser to block or deceive certain cookies or alternative technologies or to delete existing cookies. You can also add software to your browser that blocks tracking by certain third parties. You can find more information about this on the help pages of your browser (usually under the heading “Data protection”) or on the websites of the third parties listed below.

A distinction is made between the following cookies (technologies with comparable functions such as fingerprinting are also included here):

  • Necessary cookies: Some cookies are necessary for the functioning of the website as such or for certain functions. They ensure, for example, that you can switch between pages without losing information entered in a form. They also ensure that you remain logged in. These cookies are only temporary ("session cookies"). If you block them, the website may not work. Other cookies are necessary so that the server can store decisions or entries made by you beyond one session (i.e. one visit to the website) if you use this function (e.g. selected language, consent given, the function for automatic log-in, etc.). These cookies have an expiry date of up to 24 months.
  • Performance cookies: We use cookies to record and analyse the use of our website, possibly even beyond the session, in order to optimise our website and corresponding offerings and to better tailor them to the needs of users. We do this through the use of third-party analysis services. We have listed these below. Performance cookies also have an expiry date of up to 24 months. Details can be found on the websites of the third-party providers.
  • Marketing cookies: We and our advertising contract partners have an interest in directing advertising specific to target groups, i.e. only displaying it to those we want to address. We have listed our advertising contract partners below. For this purpose, if you consent, we and our advertising contract partners also use cookies with which the content accessed or contracts concluded can be recorded. This enables us and our advertising contract partners to display advertising that we believe will be of interest to you on our website, but also on other websites that display advertising from us or our advertising contract partners. Depending on the situation, these cookies have an expiry date of between a few days and up to 12 months. If you consent to the use of these cookies, you will be shown appropriate advertising. If you do not consent to these cookies, you will not see less advertising, but simply any other advertising.

We may also integrate other third-party offerings on our website, in particular from social media providers. These offerings are deactivated by default. As soon as you activate them (e.g. by clicking on a button), the relevant providers can determine that you are on our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of online services. These social media providers process this data on their own responsibility.

We currently use offerings from the following service providers and advertising contract partners (insofar as they use data from you or cookies set by you for advertising purposes):

  • Google Analytics: Google Ireland (based in Ireland) is the provider of the "Google Analytics" service and acts as our processor. Google Ireland relies on Google LLC (based in the USA) as its processor (both "Google"). Google uses performance cookies (see above) to track the behaviour of visitors to our website (duration, frequency of pages accessed, geographical origin of access, etc.) and compiles reports for us on the use of our website on this basis. We have configured the service so that the IP addresses of visitors are shortened by Google in Europe before being forwarded to the USA and therefore cannot be traced back. We have switched off the “Data transfer” and “Signals” settings. Although we can assume that the details we share with Google are not personal data for Google, it is possible that Google can use these data for its own purposes to draw conclusions about the identity of visitors, create personal profiles, and link these data to the Google accounts of these persons. If you agree to the use of Google Analytics, you explicitly consent to such processing, which also includes the transfer of personal data (in particular usage data for the website and app, device information, and individual IDs) to the USA and other countries. You can find information on Google Analytics data protection here https://support.google.com/analytics/answer/6004245and if you have a Google account, you can find further information on processing by Google here https://policies.google.com/technologies/partner-sites?hl=de.

13. What data do we process on our pages in social networks?

We may operate pages and other online presences (“fan pages”, “channels”, “profiles”, etc.) on social networks and other platforms operated by third parties and collect the data about you described in clause. 3 and the data about you described below from there. We receive these data from you and the platforms when you come into contact with us via our online presence (e.g. when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presences and link these data with other data about you known to the platforms (e.g. about your behaviour and preferences). They also process these data for their own purposes on their own responsibility, in particular for marketing and market research purposes (e.g. to personalise advertising) and to control their platforms (e.g. what content they show you).

We process these data for the purposes described in clause 4, in particular for communication, marketing purposes (including advertising on these platforms, see clause 12) and for market research. Information on the relevant legal bases can be found in clause 5. We may redistribute content published by you (e.g. comments on an announcement) ourselves (e.g. in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or about you in accordance with the usage guidelines (e.g. inappropriate comments).

Further information on the processing of the platform operators can be found in the privacy notices of the platforms. There you can also find out in which countries they process your data, what rights of access, erasure and other data subject rights you have and how you can exercise these or obtain further information. We currently use the following platforms:

  • Instagram: Here we operate the site: https://www.instagram.com/1stlog_ag/.The entity responsible for operating the platform for users from Europe is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Their privacy notice is available at https://privacycenter.instagram.com/policy/. Some of your data will be transferred to the USA. We are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, for the data collected and processed when you visit our site for the creation of “Instagram Insights”. Page Insights compiles statistics on what visitors do on our site (comment on posts, forward content, etc.). We have regulated our responsibilities regarding data protection in accordance with the information at www.facebook.com/legal/terms/page_controller_addendum.

14. Can this privacy notice be changed?

This privacy notice is not part of a contract with you. We can adapt this privacy notice at any time. The version published on this website is the respective current version.

Last updated: 15.01.2024