Privacy policy

This privacy policy covers all data processing by all Rey companies.

For the data processing described in this privacy policy of the companies Rey 360 Holding AG [UID: CHE-398.217.352], Rey Technology Holding AG [CHE-275.651.197], Rey Automation AG [UID: CHE-108.042.994], Rey Informatik AG [UID: CHE-115.251.959], Rey Immobilien AG [UID: CHE-398.018.189] and Rey Digital AG [UID: CHE-284.008.847] is responsible under data protection law, unless otherwise communicated:

Rey Technology Holding AG
Rütihofstrasse 6
CH-8370 Sirnach
Switzerland

Person responsible for data protection:
Rey Technology Holding AG
Michael Engler
Rütihofstrasse 6
CH-8370 Sirnach
Phone: +41 58 810 04 00
Email: datenschutz@rey-technology.com
Website: https://www.rey-technology.com

Rey GmbH in 79111 Freiburg im Breisgau [HRB 703684] is responsible under data protection law for the data processing described in this privacy policy:

Rey GmbH
Burkheimer Strasse 3
DE-79111 Freiburg im Breisgau
Germany

Data protection officer according to Art. 37 ff. GDPR:
Rey GmbH
Karl Georg Manuel Hirsch
Burkheimer Strasse 3
DE-79111 Freiburg im Breisgau
Phone: +49 761 3896 40 00
Email: datenschutz@rey-technology.com
Website: https://www.rey-technology.com

Federal Data Protection and Information Commissioner (Switzerland):
FDPIC
Feldeggweg 1
CH - 3003 Bern
https://www.edoeb.admin.ch/edoeb/de/home.html

EEA and UK:
A list of authorities in the EEA can be found here:
https://edpb.europa.eu/about-edpb/about-edpb/members_de
The supervisory authority of the United Kingdom can be reached here https://ico.org.uk/global/contact-us/.

General

Every person is entitled to protection of their privacy and protection against misuse of their personal data. We comply with these provisions. Your personal data is treated as strictly confidential. In close cooperation with our hosting providers, we endeavor to protect the data as well as possible against unauthorized access, loss, misuse or falsification. Your security is important to us. That is why the protection of your privacy and your data is of particular concern to us.

In the following you will find all the information about what data we collect in the Rey companies when you use our websites, purchase our services or products, are otherwise in contact with us as part of a contract, communicate with us or otherwise deal with us and how or for what we use this data. Where appropriate, we will provide you with timely written notice of any additional processing activities not mentioned in this Privacy Policy. In addition, we may inform you separately about the processing of your data, e.g. in declarations of consent, contractual terms, additional data protection declarations, forms and notices

If you transmit or disclose data about other persons, such as family members, work colleagues, etc., we assume that you are authorized to do so and that this data is correct. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this privacy policy

Basis for processing

The basis for data processing is derived from the Swiss Data Protection Act or, in individual cases, the EU General Data Protection Regulation ("GDPR"). The focus is on processing in direct connection with the conclusion or execution of a contract (Art. 31 para. 2 lit. a FADP) as well as creditworthiness and debt collection efforts (Art. 31 para. 2 lit. c FADP). The various retention periods are based on our legitimate interests, in particular for evidence purposes (Art. 31 para. 1 FADP). The duration depends on the applicable statutory provisions.

Categories of personal data

We process the following categories of personal data in particular, depending on the purpose for which we process them:

  • Contact data (e.g. name, address, telephone number, email address)

  • Customer detail information (e.g. projects, contracts, data of project participants)

  • Information on marketing services (e.g. newsletter management)

  • Employee data (e.g. salary, social security details, accounting data)

  • Application management (e.g. CV, diplomas, certificates, reference information)

  • Information on financial connections (e.g. data on bank details, accounting data)

  • Website data (e.g. IP address, date and time of use, browser type, browser information, website use including transmitted information (analysis of usage behavior)

  • Data from public sources (e.g. debt collection registers, credit rating directories, commercial registers)

Purpose of the data processing

In the course of our activities, various categories of personal data are processed for various purposes. Your personal data is processed for the following non-exhaustive purposes:

Maintenance of master data

Master data refers to the basic data that we require in addition to contract data for the processing of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information, e.g. about your role and function, your bank details, date(s) of birth, customer history, powers of attorney, signature authorizations and declarations of consent. We process your master data if you are a customer or other business contact or work for one (e.g. as a contact person of the business partner) or because we want to contact you for our own purposes or the purposes of a contractual partner (e.g. as part of marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.). We receive master data from you (e.g. when you make a purchase or register), from bodies for which you work or from third parties such as our contractual partners, associations and address dealers and from publicly accessible sources such as public registers or the internet (websites, social media, etc.). We may also process health data and information about third parties as part of master data. We may also collect master data from our shareholders and investors. We generally store this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons. In the case of pure marketing and advertising contacts, the period is usually much shorter.

Contract data

This is data that arises in connection with the conclusion or execution of a contract, e.g. information about contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, the information required or used for processing and information about reactions (e.g. complaints or information on satisfaction, etc.). This also includes health data and information about third parties. We generally collect this data from you, from contractual partners and from third parties involved in the execution of the contract, but also from third-party sources (e.g. providers of creditworthiness data) and from publicly accessible sources. As a rule, we store this data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons.

Communication

We process your personal data in order to be able to contact you and third parties by means of communication (email, telephone, letter).

Marketing and advertising services

We process your personal data for marketing and advertising purposes and for relationship management, e.g. to send our customers and other contractual partners personalized advertising about our products and services and those of third parties (e.g. advertising contractual partners). This may, for example, take the form of newsletters and other regular contacts (electronically, by post, by telephone), via other channels for which we have contact information from you, but also as part of individual marketing campaigns (e.g. events, competitions, etc.) and may also include free services (e.g. invitations, vouchers, etc.). If you would like to receive the newsletter offered on this website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected. The newsletter is sent by the mailing service provider Brevo, a newsletter mailing platform of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. You can view the data protection provisions of the mailing service provider here: https://www.brevo.com/de/legal/privacypolicy/. You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe link" in the newsletter

Administrative information

We process your personal data for administrative purposes. This primarily includes processing for invoicing and accounting or other associated administrative services. We also process data for the purposes of our risk management and as part of prudent corporate governance. We also reserve the right to obtain additional data from third parties if this appears appropriate to us. This mainly concerns credit checks and fraud prevention.

Application management

We process your personal data if you apply for a position with us or if your application has been included in our pool of interested parties, e.g. as part of a recruitment event. The data is processed to carry out the application process and with regard to filling and taking up a new position and may be exchanged within the Group companies.

Operation and analysis of the website

When our websites are accessed, data is stored in log files. This usage data forms the basis for statistical, anonymous evaluations so that trends can be identified, which we can use to improve our offers accordingly. We then process your data to the extent technically necessary to establish the connection you have requested and to deliver the requested content. This data also includes logs in which the use of our systems is recorded. We generally store technical data for 6 months. To ensure the functionality of these offers, we can also assign an individual code to you or your end device. The technical data itself does not allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls or the processing of contracts, it may be linked to other categories of data (and thus possibly to your person).

Other data

We also collect data from you in other situations. In connection with official or legal proceedings, for example, data is collected (such as files, evidence, etc.) that may also relate to you. We may also collect data for health protection reasons (e.g. as part of protection concepts). We may receive or produce photos, videos and audio recordings in which you may be recognizable (e.g. at events, through security cameras, etc.). We may also collect data about who enters certain buildings or has access rights to them and when (including during access controls, based on registration data or visitor lists, etc.), who takes part in events or campaigns (e.g. competitions) and when, or who uses our infrastructure and systems and when. Finally, we collect and process data about our shareholders and other investors; in addition to master data, this includes information for the relevant registers, regarding the exercise of their rights and the holding of events (e.g. general meetings). The retention period for this data depends on the purpose and is limited to what is necessary. This ranges from a few days for many of the security cameras and usually a few weeks for contact tracing data to visitor data, which is usually stored for 3 months, to reports on events with images, which may be stored for several years or longer. Data about you as a shareholder or other investor will be retained in accordance with company law requirements, but in any case for as long as you are invested.

You provide us with much of the aforementioned data yourself (e.g. via forms, as part of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g. as part of binding protection concepts (legal obligations). If you wish to conclude contracts with us or make use of services, you must also provide us with data as part of your contractual obligation in accordance with the relevant contract, in particular master data, contract data and registration data. When using our website, the processing of technical data is unavoidable. If you wish to gain access to certain systems or buildings, you must provide us with registration data. For behavioral and preference data, however, you always have the option of objecting or not giving your consent.

 

In so far as this is not inadmissible, we also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet including social media) or receive data from other companies within our group, from authorities and from other third parties (such as credit agencies, address dealers, associations, contractual partners, internet analysis services, etc.)

 

Disclosure of personal data

We treat your personal data as strictly confidential. Your personal data may be disclosed to third parties in connection with our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes mentioned, provided that:

  • you have given your consent to this,

  • the processing is necessary for the performance of a contract with you,

  • the processing is necessary for compliance with a legal obligation, or

  • processing is necessary for the purposes of our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data. Our legitimate interests also include compliance with statutory provisions, insofar as this is not already recognized as a legal basis by the applicable data protection law. However, this also includes the marketing of our products and services, the interest in better understanding our markets and the safe and efficient management and further development of our company, including its operations.

The transfer of your personal data takes place in particular to the following categories of recipients:

  • Rey companies: You can find a list of our group companies on our homepage. The Rey companies may use and share the data for the same purposes in accordance with this privacy policy. We may also disclose health data to our group companies

  • Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or under joint responsibility with us or who receive data about you from us under their own responsibility (e.g. IT providers, cloud services, system monitoring, remote maintenance, communication service providers, shipping companies, advertising service providers, login service providers, cleaning companies, auditors, trustees, lawyers, security companies, banks, insurance companies, debt collection companies, credit agencies or address verifiers). This may also include health data.

  • Contractual partners including customers: This initially refers to customers (e.g. service recipients) and other contractual partners of ours, as this data transfer arises from these contracts. For example, you receive registration data for vouchers issued and redeemed, invitations, etc. If you work for such a contractual partner yourself, we may also transmit data about you to them in this context. This may also include health data. The recipients also include contractual partners with whom we cooperate or who advertise for us and to whom we therefore transmit data about you for analysis and marketing purposes (these may in turn be service recipients, but also sponsors and providers of online advertising, for example). We require these partners to only send you advertising or display it based on your data if you have consented to this.

  • Authorities: We may disclose personal data to public authorities, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. This may also include health data. The authorities process data about you that they receive from us under their own responsibility.

  • Other persons: This refers to other cases where the involvement of third parties arises from the stated purposes, e.g. service recipients, media and associations in which we are involved.

All these categories of recipients may in turn involve third parties, meaning that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g. auditors, trustees), but not by other third parties (e.g. authorities, banks, etc.).

In addition, we reserve the right to disclose this data even if it concerns confidential data (unless we have expressly agreed with you that we will not disclose this data to certain third parties, unless we are legally obliged to do so). Irrespective of this, your data will continue to be subject to appropriate data protection even after disclosure in Switzerland and the rest of Europe. If you do not want certain data to be passed on, please let us know so that we can check whether and to what extent we can accommodate you

Locations of data processing

As explained above, we also disclose data to other bodies. These are not only located in Switzerland. Your data may therefore be processed both in Europe and abroad. If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection law (we use the revised standard contractual clauses of the European Commission, which can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), unless it is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.
Please also note that data exchanged via the internet is often routed via third countries. Your data may therefore be sent abroad even if the sender and recipient are located in the same country.

Duration of processing

We process your data for as long as this is necessary to achieve the purposes stated here and for as long as the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes require or storage is technically necessary. After the respective purpose has ceased to apply or this period has expired, we will delete or anonymize your data after the storage or processing period has expired as part of our usual processes if you have not consented to further processing and use.

Application documents from job applicants are stored in our systems with restricted access. The remaining application documents are disposed of at the latest after the decision to fill a position has been made. Data processing in the employment relationship is subject to the contractual provisions and the privacy policy for employees.

 

Protection of your data

We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, unintentional alteration, unwanted disclosure or unauthorized access.

Your rights as a data subject

As a data subject, you have various rights in connection with our data processing. You can request information about your stored data and its processing, have incorrect personal data corrected, request the deletion of your personal data, restrict the processing of your personal data - insofar as we are not yet permitted to delete your data due to legal obligations - object to data processing or request the transferability of your personal data to other data controllers at any time.

When you contact us, we reserve the right to identify you (e.g. with a copy of your ID). We may also charge you a fee of up to CHF 300.00 if the effort involved in processing your request is disproportionate. You would be informed of this in advance.

 

We will reply electronically and in PDF format if the information is available. Otherwise, you will be informed that we do not process any data about you. Your request and our response will be stored by us for two years and then deleted. For evidence purposes, your request will remain in the log for the general statutory limitation period (only with name, date and type of processing).

Please note that these rights are subject to conditions, exceptions or restrictions under the applicable data protection law (e.g. to protect third parties or business secrets). We will inform you accordingly if necessary.

If you have given us your consent, you can revoke it at any time with effect for the future. You can also contact the supervisory authority responsible for you at any time with a complaint. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

Cookies and technologies from third-party providers

In order to make our website more user-friendly and to provide our services in a technically error-free, needs-based and secure manner, we use cookies as well as various offers and technologies from third-party providers.

Cookies

Our website uses so-called cookies in several places. Cookies are small text files that are stored on your computer and saved by your browser. Cookies also enable our systems to recognize your browser and offer you services. Cookies do not contain any personal data.

Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. You can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your Internet browser to find out how to change these settings. There is no guarantee that you will be able to access all functions of this website without restrictions if your browser does not allow cookies.

In accordance with the best efforts of those responsible, IP anonymization is used. The IP address of users is shortened, which means that your IP address is no longer personally identifiable.

 

Plugins and technologies from third-party providers

Our website currently uses the following services:

Social networks

We may operate pages and other online presences ("fan pages", "channels", "profiles", etc.) on social networks and other platforms operated by third parties and collect the data about you described in this statement. We receive this data from you and the platforms when you come into contact with us via our online presence (e.g. when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presence and link this data with other data about you known to the platforms (e.g. about your behavior and preferences). They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalize advertising) and to control their platforms (e.g. what content they show you).

We process this data for the purposes described, in particular for communication, marketing purposes (including advertising on these platforms) and market research. We may redistribute content published by you (e.g. comments on an announcement) ourselves (e.g. in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or about you in accordance with the usage guidelines (e.g. inappropriate comments).

 

For more information on the processing carried out by the platform operators, please refer to the platforms' privacy policies. There you can also find out in which countries they process your data, what rights of access, erasure and other rights of data subjects you have and how you can exercise these or obtain further information. Please note that we have no influence on data processing by the operators of the platforms.

We currently use the following platforms: 

 

Change to the privacy policy

This privacy policy is not part of a contract with you. The privacy policy is regularly adapted to changes in factual or legal circumstances. The currently published version at is binding: https://www.rey-technology.com/de/datenschutz

Last update: 27.09.2023

Diese Cookie-Richtlinie wurde erstellt und aktualisiert von der Firma CookieFirst.com.