ICS Automation AG (referred as ICS) and its subsidiary Automation + Controlsystem ACS AG (referred as acs) are committed to protecting the privacy of individuals who interact with ICS or acs and their personal data. This privacy statement applies to ICS and acs and describes how ICS or acs processes and protects personal data.
Data Protection Officer
Responsible for compliance with the applicable data protection provisions within the meaning of the CH-DSG or responsible person within the meaning of the EU-DSGVO is:
ICS Automation AG bzw. Automation + Controlsystem ACS AG
+41 71 955 04 50
Collection and processing of personal data
ICS or acs process in particular
- Contract data
- Payment data
- Contact data (name, address, tel, e-mail, title, place of work, etc.)
Purposes of data processing and legal bases
We only process personal data in which we have a legitimate interest corresponding to the purpose or in the case of a legal obligation, namely for the following purposes
- Contract processing
- Information on offers, services, websites and other platforms on which we are present;
- Communication with third parties and processing of their requests (e.g. applications, inquiries);
- Collection of personal data from publicly available sources for the purpose of customer acquisition, insofar as our legitimate interests require it and it is permitted by law;
- Advertising and information about our services and offers to existing customers, unless you have objected to the use of your data for this purpose (if we send you advertising from us as an existing customer, you can object to this at any time, we will then put you on a block list against further advertising mailings);
- Assertion of legal claims and defense in connection with legal disputes and official proceedings;
- Prevention and investigation of criminal offenses and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);
- Guarantees of our operations, in particular IT, our websites and other platforms;
- Taking measures to ensure IT, building and facility security and to protect our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone records);
- Conducting "online meetings."
If you have given us consent to process your personal data for specific purposes, we process your personal data within the scope of and based on this consent, unless we have another legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place. Insofar as the processing of your personal data is within the scope of the administration of industrial property rights, the law and ordinance specify which data we process and in what form. For example, we are required by law to inform the public about the intellectual property rights valid in Switzerland and the personal data associated with them.
Cookies and image elements
Our websites may use "cookies" and similar technologies to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. This allows us to recognize you when you return to this website, even if we do not know who you are. In addition to cookies that are only used during a session and deleted after your website visit ("session cookies"), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) ("permanent cookies"). However, you can set your browser to reject cookies, store them for one session only, or otherwise delete them early. Most browsers are preset to accept cookies.
Newsletters and marketing emails
The receipt of newsletters and other marketing emails requires your consent. You can revoke this at any time by unsubscribing from the newsletter.
Our websites may use so-called plug-ins from social networks such as Facebook, Twitter, Xing, LinkedIn. This is apparent to you in each case (typically via corresponding icons). We have configured these elements so that they are deactivated by default. If you activate them (by clicking on them), the operators of the respective social networks can register that you are on our website and where and can use this information for their purposes. The processing of your personal data is then the responsibility of this operator according to its data protection regulations. We do not receive any information about you from him.
Links to other websites
Our websites may contain links to other websites (including LinkedIn, Facebook, Instagram and YouTube) or to integrated websites. ICS or acs are not responsible for the content of the websites of other companies (third-party websites) or for the practices of these companies in collecting personal data. When visiting third party websites, the website operators' personal data protection policies and other relevant policies should be read.
We host our website at Virtualtec AG in Zurich, Switzerland. At Virtualtec, standard web server log files containing the following information are created for each access to this website: IP address, date and time including time zone, browser request including origin of the request (referer respectively), operating system used including user interface and version, browser used including language and version, amount of data transferred.
We have only limited influence on the data processing by the operators of the social media platform (e.g. management of members and the information shared). At the points where we can exert influence, we work towards data protection-compliant handling by the platform operator within the scope of the options available to us. At many points, however, we cannot influence the data processing by the platform operator and also do not know exactly what data the operator processes.
- Facebook: https://www.facebook.com/help/568137493302217
- Instagram: https://help.instagram.com/519522125107875
- YouTube: https://policies.google.com/privacy?gl=CH&hl=de
- LinkedIn: https://de.linkedin.com/legal/privacy-policy?
In the context of platform use, personal data is generally also processed by the respective platform operator on servers in third countries, in particular in the USA and the United Kingdom.
Transmission of data to third parties
Personal data will only be passed on or disclosed to the extent permitted by law:
- When the recipient provides services on behalf of ICS or acs such as visa procurement, banking, insurance, etc.
- For the establishment, exercise or defense of our legal rights.
- When the data subject has given prior consent for personal data to be disclosed
- In the event of mergers, sales, joint ventures, succession planning, etc.
In general, your personal data will not be disclosed, sold or otherwise transferred to third parties, unless this is necessary for the purpose of contract execution or to fulfill our legal duties, or unless you have expressly consented. In addition, data may be transferred to third parties if we are required to do so by law or by enforceable governmental or court order.
The recipients of such data are sometimes domestic, but may be anywhere in the world. If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection by using appropriate contracts or rely on the legal exceptions of consent, contract performance, establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects.
The "Microsoft Teams" service used for "Online Meetings" is provided by a provider from the USA; processing of personal data therefore also takes place in a third country. An appropriate level of data protection is contractually guaranteed.
You can request information about the contractual guarantees mentioned at any time from our data protection officer. However, we reserve the right to black out copies for data protection or confidentiality reasons or to provide only excerpts.
Duration of the retention of personal data
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the establishment of contact, processing to the termination of a contract or project) as well as beyond that in accordance with the statutory retention and documentation obligations. After expiry of the purpose, the personal data will be irrevocably deleted, unless the data is subject to a legal obligation to retain data or the data is used for the exercise or defense of legal claims.
- Customer data
ICS or acs will retain personal data for marketing purposes after termination of the contract for as long as the legitimate interests of ICS or acs so require and as permitted by law.
- Application dossiers
Application files are deleted no later than 12 months after the application process has been completed. Exceptions:
- The dossier of a successful applicant is transferred to the employee file.
- The applicant agrees to store the application dossier for a longer period of time.
We use appropriate technical and organizational security measures to protect the managed data against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons, taking into account the state of the art, the cost of implementation, the likelihood of occurrence and the severity of the risk to the rights and freedoms of natural persons. The security measures are continuously improved in line with technological developments.
In particular, the measures include safeguarding the confidentiality, integrity and availability of data by limiting physical access to the data.
Obligation to provide personal data
In the context of our business relationship, you must provide those personal data that are necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations (you usually do not have a legal obligation to provide us with data). Without this data, we will generally not be able to conclude a contract with you (or the entity or person you represent), to process it or to fulfill our legal duties.
Profiling and automated decision making
The personal data is not used as the basis for automated decision-making. We do not carry out any profiling with the personal data.
Rights of the data subject
Within the scope of the data protection law applicable to you and insofar as provided therein (such as in the case of the GDPR), you have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing as well as to the surrender of certain personal data for the purpose of transfer to another entity (so-called data portability). Please note, however, that we reserve the right to enforce the restrictions provided for by law. For example, if we are obliged to store or process certain data, if we have an overriding interest in doing so (insofar as we are entitled to rely on this) or if we need the data to assert claims. If you incur costs, we will inform you in advance. We have already informed you about the possibility of revoking your consent in the chapter "Purposes of data processing and legal basis". Please note that exercising these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually or legally regulated.
The exercise of such rights usually requires that you clearly prove your identity (e.g. by means of a copy of your identity card, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in chapter "Data protection officer". Every data subject also has the right to enforce his or her claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).