Privacy Policy

On this page you will find our privacy policy. If you have any further questions, please do not hesitate to contact us:

Privacy policy

In this privacy policy we inform you about the processing of personal data when you use our website www.zetcom.com. Our approach to data protection is primarily based on the legal requirements of Swiss data protection law, in particular the Federal Act on Data Protection (FADP), and the EU General Data Protection Regulation (GDPR), the provisions of which may apply in individual cases.

Contents of this privacy policy

1. Data controller and contact

2. Data processing on our website

2.1 Visiting our website; connection data

2.2 Contacting us

2.3 Newsletter

2.3.1 Subscribing to the newsletter

2.3.2 Newsletter tracking

2.4 Email advertising to existing customers

2.4.1 Applications

3. Use of tools on the website

3.1 Technologies used

3.2 Legal basis and withdrawal

3.3 Necessary tools

3.4 Functional tools

3.5 Analysis tools

3.6 Marketing tools

4. Profiles on social networks

5. Disclosure of data

6. Data transfers to third countries

7. Storage period

8. Your rights, in particular withdrawal and objection

9. Changes to this privacy policy

1. Data controller and contact

The contact point and so-called controller responsible for the data processing when you visit this website is

zetcom Informatikdienstleistungs AG

Sandrainstr. 3

3007 Bern

Switzerland

Phone: 0041 31 320 10 00

Email: info@zetcom.com

If you have any questions about data protection in connection with our products or using our website, you can also contact our data protection officer at any time by sending an email to privacy@zetcom.com. You can also write to the data protection officer at the above postal address (please mark all correspondence with: “F.A.O. data protection officer”). We expressly point out that if you use the email address, your email will not be viewed exclusively by our data protection officer. If you wish to share confidential information, we therefore ask that you first contact us directly via the postal address.

2.Data processing on our website

2.1 Visiting our website; connection data

Every time you use our website, we process connection data automatically transmitted by your browser in order to make visiting the website possible. This connection data comprises what is known as HTTP header information, including the user agent, and includes in particular:

IP address of the requesting device
Method (e.g. GET, POST), date and time of the request
Address of the requested website and path of the requested file
If applicable, the previously visited website/file (HTTP referer)
Information about the browser used and the operating system
Version of the HTTP protocol, HTTP status code, size of the file delivered
Request information such as language, type of content, coding of content, character sets
Cookies stored on the device of the domain accessed.

It is absolutely necessary to process this connection data to make it possible to visit the website, to guarantee the long-term functionality and security of our systems, and for the general administrative maintenance of our website. The connection data is also stored in internal log files for the purposes described above, temporarily and limited to the absolute minimum, in order for example to find the cause of and take action against repeated or criminal requests that endanger the stability and security of our website.

The legal basis for this processing is Art. 6(1) Sentence 1(b) GDPR, insofar as the page view takes place in the course of the initiation or performance of a contract, and otherwise Art. 6(1) Sentence 1(f) GDPR due to our legitimate interest in making it possible to view our website and in the long-term functionality and security of our systems.

2.2 Contacting us

There are several ways for you to contact us. This includes contact by email, contact form, post or telephone. In this context we process your data exclusively for the purpose of communicating with you.

The legal basis for this processing is Art. 6(1) Sentence 1(b) GDPR, insofar as we need your details in order to respond to your enquiry or to initiate or perform a contract, and otherwise Art. 6(1) Sentence 1(f) GDPR due to our legitimate interest in your contacting us and our ability to respond to your enquiry. We will only make promotional telephone calls if you have given your consent. If you are not an existing customer, we will only send you promotional emails on the basis of your consent. In these cases, the legal basis is Art. 6(1) Sentence 1(a) GDPR in conjunction with Sect. 7(2) No. 1 or 2 of the German Act against Unfair Competition (UWG).

2.3 Newsletter

You have the option of subscribing to our newsletter, in which we will regularly inform you about our product innovations and promotions.

2.3.1 Subscribing to the newsletter

For newsletter subscriptions we use what’s known as a double opt-in procedure, which means that we will only send you newsletters by email if you click on a link in our confirmation email to confirm that you are the owner of the email address provided. If you confirm your email address, we will store your email address, the time of registration and the IP address you used when registering until you unsubscribe from the newsletters. The sole purpose of storing this data is to be able to send you the newsletters and prove that you registered. In addition, we measure whether our newsletter can be delivered at all.

The legal basis for this processing is your consent pursuant to Art. 6(1) Sentence 1(a) GDPR. You can withdraw this at any time with effect for the future by unsubscribing from the newsletter. A corresponding unsubscribe link can be found in every newsletter. It is of course also sufficient if you notify us using the contact details provided above or in the newsletter (e.g. by email or letter).

2.3.2 Newsletter tracking

With our newsletter, our aim is to share content that is as relevant as possible for our customers and to better understand what they are actually interested in. We therefore use market-standard technologies in our newsletters to allow us to measure interactions with the newsletters (e.g. opening of the email, which links are clicked on). We use this data in pseudonymous form for general statistical evaluations as well as to optimise and further develop our content and customer communication. On the one hand, this is done with the help of small graphics (pixels) that are embedded in the newsletters and establish a connection to the server of the images when the email is opened. On the other hand, we use links where we first register that the link has been clicked on and only then redirect the user to the desired target page.

The legal basis for this is your consent pursuant to Art. 6(1) Sentence 1(a) GDPR. Information is accessed on your device on the basis of the EU Member States’ laws implementing the ePrivacy Directive, which in Germany means according to Sect. 25(1) of the Telecommunications and Telemedia Data Protection Act (TTDSG). You can withdraw your consent to the analysis of user behaviour at any time with effect for the future by unsubscribing from the newsletter. To prevent the measurement of whether an email has been opened, you can also change the default settings in your email client to disable graphics or HTML content.

2.4 Email advertising to existing customers

If you purchase a product from us, we will also use your contact information to send you emails containing further relevant information about our products and services (“advertising to existing customers”). Above all, this may include news, promotions, events and offers, as well as feedback and other surveys.

The legal basis for this data processing is Art. 6(1) Sentence 1(f) GDPR in conjunction with Sect. 7(3) UWG, which permits data processing to safeguard legitimate interests insofar as this concerns the storage and further use of the data for advertising purposes. You can object to the use of your data for advertising purposes at any time by clicking on the corresponding link in the emails or by notifying us (e.g. by email or letter), without incurring any costs other than the transmission costs according to the basic rates.

2.4.1 Applications

You can apply for open positions in the Jobs area (https://www.zetcom.com/en/jobs_en/). The purpose of data collection here is the selection of applicants for potential employment. In order to receive and process your application, we will process your personal data (hereinafter referred to as “application data”), including but not limited to:

First and last name
Email address
Other uploaded files (e.g. certificates, CV).

The legal basis for the processing of your application data is Art. 6(1) Sentence 1(b) and Art. 88(1) GDPR in conjunction with Sect. 26(1) Sentence 1 of the German Federal Data Protection Act (BDSG).

We store your personal data upon receipt of your application. If we accept your application and we subsequently employ you, we will store your application data for as long as the data is necessary for your employment and as far as we are legally required to retain it.

3. Use of tools on the website

3.1 Technologies used

This website uses various services and applications (collectively referred to as “tools”) provided either by us or by third parties. In particular, this includes tools that use technologies to store or access information on the device:

Cookies: Information stored on the device, consisting in particular of a name, a value, the storing domain and an expiry date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the specified expiry date. Cookies can also be removed manually.
Web storage (local/session storage): Information stored on the device, consisting of a name and a value. Information in session storage is deleted after the session, while information in local storage has no expiry date and basically remains stored unless a mechanism for erasure has been set up (e.g. storage of local storage with time entry). Information in the local and session storage can also be removed manually.
JavaScript: Programming codes (scripts) embedded or retrieved in the website, which can set cookies and web storage, for example, or actively collect information from the device or about user behaviour during the visit. JavaScript can be used for “active fingerprinting” and to create user profiles. JavaScript can be blocked by changing your browser settings, but this will prevent most services from working.
Pixel: Tiny graphic automatically loaded by a service that can make it possible to recognise visitors by automatically transmitting the usual connection data (in particular IP address, information about the browser, operating system, language, address retrieved and time of retrieval) and to determine, for example, whether an email has been opened or a website has been visited. Pixels can thus be used for “passive fingerprinting” and to create user profiles. The use of pixels can be prevented, for example, by blocking images in emails, although this severely limits what can be displayed.

These technologies, as well as the mere establishment of a connection on a page, can be used to create so-called fingerprints, i.e. user profiles that do not require the use of cookies or web storage and can still recognise visitors. Manually preventing fingerprints from being created when a connection is made is not fully possible.

Most browsers are set by default to accept cookies, run scripts and display graphics. However, you can usually adjust your browser settings in such a way that all or certain cookies are rejected or scripts and graphics are blocked. If you choose to completely disable cookies, graphics and scripts, our services may not function properly or at all.

In the following, we list the tools we use by category, informing you in particular about the providers of the tools, how long the cookies or information in local and session storage are stored, and data transfers to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can withdraw it.

If – even despite taking the greatest care – the information in the consent banner contradicts that in this privacy policy, the information in this privacy policy shall take precedence.

3.2 Legal basis and withdrawal

3.2.1 Legal basis

We use tools that are necessary to operate this website based on our legitimate interest under Art. 6(1) Sentence 1(f) GDPR, in order to provide the basic functionality of our website. In certain cases, these tools may also be necessary for the performance of a contract or to take steps prior to entering into a contract, in which case the processing is carried out in accordance with Art. 6(1) Sentence 1(b) GDPR. In these cases, information is accessed and stored on your device because this is absolutely necessary, and on the basis of the EU Member States’ laws implementing the ePrivacy Directive, which in Germany means according to Sect. 25(2) of the Telecommunications and Telemedia Data Protection Act (TTDSG).

Where we use other non-essential (optional) tools that provide additional functionality, we do so on the basis of your consent pursuant to Art. 6(1) Sentence 1(a) GDPR. Information is then accessed and stored on your device on the basis of the EU Member States’ laws implementing the ePrivacy Directive, which in Germany means according to Sect. 25(1) of the Telecommunications and Telemedia Data Protection Act (TTDSG). Data processing using these tools will only take place if we have received your prior consent.

For cases involving the transfer of personal data to third countries (such as the US), we refer you to Section 6 (“Data transfers to third countries”), which also explains the possible associated risks. We will inform you if an adequacy decision exists for the third country in question or if there are standard contractual clauses or other safeguards in place for the use of certain tools. If you have given your consent to the use of certain tools and to the associated transfer of your personal data to third countries, we (also) transfer the data processed when using the tools to third countries on the basis of this consent pursuant to Art. 49(1)(a) GDPR.

3.2.2.Obtaining your consent

In order to obtain and manage your consent, we use Cookiebot, a tool provided by Usercentrics A/S, Havnegade 39, 058 Copenhagen, Denmark (hereinafter referred to as “Cookiebot”). This generates a banner informing you about the data processing on our website and giving you the opportunity to consent to all, some or no data processing by optional tools. This banner appears when you first visit our website and when you revisit your preferences to change them or withdraw consent. If you have disabled cookies, or if Cookiebot’s cookies and information in local storage have been deleted or expired, the banner will also appear on subsequent visits to our website.

Your consents or withdrawals, your IP address, information about your browser, your device and the time of your visit are transmitted to Cookiebot as part of your website visit. Cookiebot also stores necessary information on your device in order to document the consents and withdrawals you have issued. A cookie is stored to record your decision to grant consent (“CookieConsent”, valid for 1 year).

This data processing by Cookiebot is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for the use of Cookiebot is Art. 6(1) Sentence 1(f) GDPR, which is justified by our interest in fulfilling the legal requirements for consent management. In these cases, information is accessed and stored on your device because this is absolutely necessary, and on the basis of the EU Member States’ laws implementing the ePrivacy Directive, which in Germany means according to Sect. 25(2) of the Telecommunications and Telemedia Data Protection Act (TTDSG).

3.2.3.Withdrawing your consent or changing your selection

You can withdraw your consent for certain tools, i.e. for the storage and access to information on your device, the processing of your personal data and the transfer of your data to third countries, at any time with effect for the future. To do this, click on the button at the bottom left. There you can also change the selection of the tools you wish to consent to using, and also obtain additional information about the tools used. Alternatively, certain tools allow you to exercise your withdrawal directly with the provider.

3.3 Necessary tools

We use certain tools to enable the basic functionality of our website (“necessary tools”). These include, for example, tools used to prepare and display website content, to manage and integrate tools, to provide payment processing services, to detect and prevent fraud, and to ensure the security of our website. We would not be able to provide our service without these tools. Therefore, necessary tools are used without consent.

The legal basis for such necessary tools is the need to protect our legitimate interests pursuant to Art. 6(1) Sentence 1(f) GDPR in providing the basic functionality and operating our website. In cases where the provision of the website functionality in question is necessary for the performance of a contract or for taking steps prior to entering into a contract, the legal basis for data processing is Art. 6(1) Sentence 1(b) GDPR. In these cases, information is accessed and stored on your device because this is absolutely necessary, and on the basis of the EU Member States’ laws implementing the ePrivacy Directive, which in Germany means according to Sect. 25(2) of the Telecommunications and Telemedia Data Protection Act (TTDSG).

For cases where data is transferred to third countries (such as the US), we refer you to Section 6 (“Data transfers to third countries”) for more information.

3.3.1.Our own tools

We use our own necessary tools that access or store information on the device, in particular

For login authentication
For load balancing
To store your language settings
To note that information placed on our website has been displayed to you – so that it will not be displayed again the next time you visit the website.

3.3.2.Google Tag Manager

Our website uses Google Tag Manager, which is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for people from the European Economic Area and Switzerland, and by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, US for all other users (collectively referred to as “Google”).

Google Tag Manager is used exclusively to manage website tools by integrating so-called website tags. A tag is an element that is stored in the source code of our website in order to execute a tool, such as scripts. If these are optional tools, Google Tag Manager will only integrate them with your consent. Google Tag Manager uses JavaScript and does not use cookies.

The legal basis is Art. 6(1) Sentence 1(f) GDPR, based on our legitimate interest in being able to integrate and manage multiple tags on our website in an uncomplicated manner.

Google collects information about which tags are integrated through our site to help ensure the stability and functionality of Google Tag Manager. However, Google Tag Manager does not store any personal data beyond the mere establishment of a connection, in particular no data about user behaviour or the pages visited.

We have concluded a data processing agreement with Google Ireland Limited. In the event that personal data is transferred by Google Ireland Limited to the US or other third countries, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Commission Implementing Decision (EU) 2021/914, Module Three) pursuant to Art. 46(2)(c) GDPR. For data transfers to the US, Google has signed up to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission, and relies on standard contractual clauses issued by the Swiss Federal Data Protection and Information Commissioner (FDPIC) to ensure compliance with Swiss data protection standards.

For more details, please refer to the information provided by Google about Google Tag Manager: https://support.google.com/tagmanager/answer/6102821

3.4 Functional tools

We also use optional tools to improve the user experience on our website and to provide you with more features (“functional tools”). These are not strictly necessary for the basic functionality of the website, but can provide significant benefits to visitors, particularly in terms of ease of use and the provision of additional communication, presentation or payment channels. This can include integrating external content such as maps and videos and also logging in using an existing social network account.

The legal basis for the functional tools is your consent pursuant to Art. 6(1) Sentence 1(a) GDPR, which you give via the consent banner or in the tool itself by individually allowing its use via a banner (overlay) placed above it. Information is then accessed and stored on your device on the basis of the EU Member States’ laws implementing the ePrivacy Directive, which in Germany means according to Sect. 25(1) of the Telecommunications and Telemedia Data Protection Act (TTDSG). For information about withdrawing your consent, please refer to Section 3..3: “Withdrawing your consent or changing your selection”.

In the event that personal data is transferred to other countries (such as the US), your consent expressly includes such data transfers (Art. 49(1)(a) GDPR). Please refer to Section 6 (“Data transfers to third countries”) for information about the risks this entails.

3.4.1 Google Fonts

Our website uses the service Google Fonts, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for people from the European Economic Area and Switzerland, and by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, US for all other people (collectively referred to as “Google”).

When you retrieve a page, your browser loads the required fonts in order to display texts correctly and in a visually appealing manner. For this purpose, your browser must connect to Google’s servers. By doing so, Google learns that our website has been accessed via your IP address. According to Google, such retrievals are separate from other Google services that require user authentication. This information is not merged with other data. No cookies are stored.

Google Fonts helps us keep our website consistent and visually appealing through the maintenance-free and efficient use of fonts. The server to which a connection is established may be located in the US.

The legal basis for this data processing is your consent pursuant to Art. 6(1) Sentence 1(a) GDPR. Information is then accessed and stored on your device on the basis of the EU Member States’ laws implementing the ePrivacy Directive, which in Germany means according to Sect. 25(1) of the Telecommunications and Telemedia Data Protection Act (TTDSG). The transfer of your data to the US and other third countries is based on your express consent in accordance with Art. 49(1)(a) GDPR.

For more information, please refer to:

The FAQ: https://developers.google.com/fonts/faq
Google’s privacy policy: https://policies.google.com/privacy

3.4.2 YouTube videos

We have embedded videos on our website that are stored on YouTube and can be played directly from our website. YouTube is a multimedia service provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, US (“YouTube”), which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for users from the European Economic Area and Switzerland, and by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, US for all other users (collectively referred to as “Google”). YouTube may store information on your device, such as cookies, local storage, and session storage, and may run JavaScript that accesses information on your device.

We have enabled YouTube’s “extended privacy mode”. According to the YouTube documentation, this means that Google receives less usage information and does not personalise video recommendations and ads. Cookies will no longer be stored. However, information is still stored in your device’s local and session storage, in particular your device ID and other information about the playback of the video, which can be retrieved by Google.

YouTube may set the following cookies:

“PREF” (8 months): Saves settings such as autoplay and video size
“YSC” (session): Prevents spam, fraud and abuse
“NID” (180 days): Records interactions with ads, personalisation of advertising, saves settings and preferences
“VISITOR_INFO1_LIVE” (180 days): Usage analytics, advertising, personalised recommendations based on videos watched and search queries, detection and prevention of video player problems.

The following information is stored in local storage:

“yt-remote-device-id”: Stores the device ID
“yt-player-headers-readable”: Stores the option of reading the player header information
“yt.innertube::requests”: Stores the user’s requests
“yt.innertube::nextId”: Stores the ID of the next video
“yt-remote-connected-devices”: Stores connected devices
“yt-player-bandwidth”: Stores the connection bandwidth
“yt-player-volume”: Stores the video volume
“yt-player-bandwidth”: Stores the video resolution/quality
“yt-player-performance-cap”: Stores a possible cap on the resolution due to the connection bandwidth
“yt-html5-player-modules::subtitlesModuleData::module-enabled”: Stores whether subtitles are activated.

The following information is stored in session storage:

“yt-remote-session-app”: Stores the device type
“yt-remote-cast-installed”: Stores whether YouTube remote cast is installed
“yt-remote-session-name”: Stores the device type
“yt-remote-cast-available”: Stores whether YouTube remote cast is available
“yt-remote-fast-check-period”: Stores the connection bandwidth check
“yt-player-volume”: Stores the video volume
“yt-player-caption-language-preferences”: Stores the subtitle language.

Your personal data may also be transferred by Google Ireland Limited to Google LLC in the US. Google LLC has joined the EU-US Data Privacy Framework, so the transfer in this case is based on the adequacy decision for the United States under Art. 45 GDPR.

When you visit our website, YouTube and Google receive the information that you have retrieved the corresponding page of our website. This happens regardless of whether you are logged in to YouTube or Google or not. YouTube and Google may also use this data for advertising, market research and to help them tailor their services to user needs. If you view YouTube on our website and are simultaneously logged in to your YouTube or Google profile, YouTube and Google can also link this event to the respective profiles. If you do not want this information to be associated with your profile, you must log out of Google before visiting our website.

In addition to withdrawing your consent, you also have the option of disabling personalised advertising in the Google Ads Settings. In this case, Google will only show non-personalised ads: https://adssettings.google.com/notarget

For more information, please refer to Google’s privacy policy, which also applies to YouTube: https://policies.google.com/privacy

3.4.3 Vimeo videos

We have embedded videos on our website that are stored on the Vimeo video platform and can be played on our website. Vimeo is a multimedia service provided by Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, New York 10001, US (“Vimeo”). Vimeo uses JavaScript for this purpose, which retrieves information from your device, and uses cookies that are stored on your device.

When you visit our website, Vimeo receives the information that you have retrieved the corresponding sub-page. This may happen regardless of whether you are logged in to Vimeo or not.

Vimeo uses the following cookies:

“__cf_bm” (30 minutes): Fraud prevention, bot detection
“vuid” (2 years): Stores the history of videos watched, usage analytics.

Vimeo may also transfer your personal data to the US for processing. The transfer of your data is then based on your express consent in accordance with Art. 49(1)(a) GDPR.

If you view videos on our website and are simultaneously logged in to your Vimeo profile, Vimeo can also link this event to your Vimeo profile. If you do not want this information to be associated with your Vimeo profile, you will need to log out of Vimeo before visiting our website. Vimeo may also use this data for advertising, market research and to help it tailor its services to user needs.

For further information, please refer to Vimeo’s privacy policy: https://vimeo.com/privacy

3.4.4 HubSpot

Our website uses the services of the provider HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland (“HubSpot”) to implement a live chat for communicating and organising meetings with our prospects and customers. Potential customers can use it to find out more about our portal and request information material.

HubSpot sets the following cookies to provide basic functionality:

“_hs_opt_out” (6 months): Implements cookie consent management
“_hs_initial_opt_in” (6 months): Implements cookie consent management
“_cfduid” (30 days): Security and performance cookie from CND provider Cloudflare to prevent misuse
“_cfruid” (sessions): Security and performance cookie from CND provider Cloudflare to measure and reduce traffic
“messagesUtk” (6 months): Recognises visitors in the context of the live chat
“hs_messages_is_open” (30 minutes): Stores whether the live chat widget is open
“hs-messages-hide-welcome-message” (1 day): Stores whether the welcome message has already been displayed.

HubSpot also sets the following cookies for usage analytics purposes:

“_hstc” (180 days): Tracking cookie with information about the user, timestamp of the first, last and current session and the number of sessions
“_hssc” (30 minutes): Tracking cookie for tracking sessions
“_hssrc” (session): Tracking cookie to detect a browser restart
“hubspotutk” (180 days): Recognition of visitors.

For further information about cookies, please refer to the HubSpot website: https://knowledge.hubspot.com/privacy-and-consent/what-cookies-does-hubspot-set-in-a-visitor-s-browser and the Cloudflare website: https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies

The following information is stored in local storage:

“__hmpl”: Visitor preferences and interactions with web campaigns
“HUBLYTICS_EVENTS_53”: Personalised counter for the display of ads.

We have concluded a data processing agreement with HubSpot. HubSpot Ireland Limited may also transfer your personal data to HubSpot, Inc., Two Canal Park, Cambridge, MA 02141 in the US. HubSpot, Inc. has joined the EU-US Data Privacy Framework, so the transfer in this case is based on the adequacy decision for the United States under Art. 45 GDPR. We have also concluded standard contractual clauses (Commission Implementing Decision (EU) 2021/914, Module Two) pursuant to Art. 46(2)(c) GDPR.

For more information, please refer to HubSpot’s privacy policy: https://legal.hubspot.com/privacy-policy

3.5 Analysis tools

In order to improve our website, we use optional tools to recognise visitors and to statistically record and analyse general user behaviour based on access data (“analysis tools”). We also use analysis services to evaluate how people use our various marketing channels. The usage information collected is processed in aggregate form and allows us to track the usage habits of our visitors. We use this information to help us customise and improve the design of our website and make it more enjoyable for you to use.

The legal basis for using these analysis tools is your consent under Art. 6(1) Sentence 1(a) GDPR. Information is then accessed and stored on your device on the basis of the EU Member States’ laws implementing the ePrivacy Directive, which in Germany means according to Sect. 25(1) of the Telecommunications and Telemedia Data Protection Act (TTDSG). For information about withdrawing your consent, please refer to Section 3..3: “Withdrawing your consent or changing your selection”.

3.5.1 Google Analytics 4

Our website uses the service Google Analytics 4 (“Google Analytics”), which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for people from Europe, the Middle East and Africa (EMEA), and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US for all other people (collectively referred to as “Google”).

Google Analytics uses JavaScript and pixels to read information from your device, and cookies to store information on your device. This is used to analyse your behaviour as a user and improve our website. We will process the information obtained to analyse your use of the website and to compile reports on website activity for the website operator. For evaluation purposes, Google may transfer the data generated in this context to a server in the US and store it there.

As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning to automatically analyse and enrich the data. Specifically, this is done for predictive metrics of future visitor behaviour based on structured event data, such as predicted sales, purchase probability and churn probability. The predictive metrics can also be used to predict target audiences. You can find out more at: https://support.google.com/analytics/answer/9846734. In order to optimise analysis and reporting, Google Analytics 4 also models conversions when there is not enough data. More information about this is available at: https://support.google.com/analytics/answer/10710245. Data is analysed automatically using artificial intelligence or on the basis of specific, individually defined criteria. More information about this is available at: https://support.google.com/analytics/answer/9443595

We have made the following data protection settings for Google Analytics:

IP anonymisation (truncation of the IP address before evaluation)
Automatic deletion of old visit logs by limiting the storage period to 2 months
No resetting of the retention period for new activity
Disabling of the recording of precise location and position data
Disabling of the recording of precise device data
Disabled advertising features (including audience remarketing through GA audience)
Disabled remarketing
Disabled cross-device and cross-page tracking (Google Signals)
Disabled data sharing with other Google products and services, benchmarking, technical support, account manager.

The following data is processed by Google Analytics:

IP address
User ID, Google ID (Google Signals) and/or device ID
Referrer URL (website visited before)
Pages viewed (date, time, URL, title, length of stay)
Downloaded files
Clicked links to other websites
If applicable, achievement of certain goals (conversions)
Technical information: operating system; browser type, version and language; device type, brand, model and resolution
Approximate location (country and possibly city, based on anonymised IP address).

Google Analytics places the following cookies for the specified purpose with the respective storage period:

“_ga” (2 years), “_gid” (24 hours): Recognises and differentiates visitors by user ID
“_ga_[GA-ID]” (2 years): Retention of information from the current session
“_gac_gb_[GA-ID]” (90 days): Storage of campaign-related information and, if applicable, linking with Google Ads Conversion Tracking
“IDE” (13 months), if applicable: Recognises and differentiates visitors by user ID, records interaction with advertising, displays personalised advertising.

For more information about the Google Analytics 4 cookies, please refer to: https://support.google.com/analytics/answer/11397207?hl=en

We have concluded a data processing agreement with Google Ireland Limited for the use of Google Analytics. In the event that personal data is transferred by Google Ireland Limited to the US, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Commission Implementing Decision (EU) 2021/914, Module Three) pursuant to Art. 46(2)(c) GDPR. In addition, we also obtain your express consent for the transfer of your data to third countries in accordance with Art. 49(1)(a) GDPR. For data transfers to the US, Google has signed up to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission, and relies on standard contractual clauses issued by the Swiss Federal Data Protection and Information Commissioner (FDPIC) to ensure compliance with Swiss data protection standards.

Please refer to Google’s privacy policy for more information: https://support.google.com/analytics/answer/6004245

3.6 Marketing tools

We also use optional tools for advertising purposes (“marketing tools”). Some of the access data collected when you use our website is used to create user profiles, which may include your behaviour as a user, the ads you have viewed or clicked on and, based on this, your classification into advertising categories, interests and preferences. Analysing and evaluating this access data allows us to show you personalised advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites and services of other providers. We also analyse your user behaviour in order to recognise you on other sites and to target you personally based on your use of our website (this is known as retargeting). We also analyse the effectiveness and success of our advertising campaigns (in particular conversions and leads).

Marketing tools also include optional social network tools used to share posts and content via these networks (social media plug-ins).

The legal basis for using the marketing tools is your consent pursuant to Art. 6(1) Sentence 1(a) GDPR, which you give via the consent banner or in the tool itself by individually allowing its use via a banner (overlay) placed above it. Information is then accessed and stored on your device on the basis of the EU Member States’ laws implementing the ePrivacy Directive, which in Germany means according to Sect. 25(1) of the Telecommunications and Telemedia Data Protection Act (TTDSG). For information about withdrawing your consent, please refer to Section 3..3: “Withdrawing your consent or changing your selection”.

In the following section, we explain the tools and the providers used for them in more detail. The data collected may include in particular:

The IP address of the device
The information of a cookie and in local or session storage
The device identifier of mobile devices (e.g. device ID, advertising ID)
Referrer URL (website visited before)
Pages viewed (date, time, URL, title, length of stay)
Downloaded files
Clicked links to other websites
If applicable, achievement of certain goals (conversions)
Technical information: operating system; browser type, version and language; device type, brand, model and resolution
Approximate location (country and possibly city).

However, the data collected is stored exclusively in pseudonymous form, meaning that no direct conclusions can be drawn about individual persons.

3.6.1 Google Ads Conversion Tracking and Ads Remarketing (formerly AdWords)

Our website uses the service Google Ads, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for people from the European Economic Area and Switzerland, and by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, US for all other people (collectively referred to as “Google”).

With Google Ads, Google Ads Conversion Tracking is used to record and analyse customer actions defined by us (such as clicking on an ad, page views, downloads). We use Google Ads Remarketing to display personalised advertising messages for our products on Google partner websites. Both services use cookies, JavaScript, pixels and other technologies for this purpose. Google may also process this information to improve and develop its own products and services, for aggregate statistical analysis of conversions and to improve the quality and accuracy of conversions. For evaluation purposes, Google may transfer the data generated in this context to a server in the US and store it there.

Google places and reads the following cookies:

“_gcl_au” (90 days): Conversion tracking, storage of ad clicks
“_gcl_aw” (90 days): Conversion tracking, storage of ad clicks
“_gac_UA-[Google-Analytics-ID]”: Adds the Google Click Identifier in the URL for conversion tracking (auto-tagging).

If you use a Google Account, depending on the settings in your Google Account, Google can link your web and app browsing history to your Google Account and use information from your Google Account to show you personalised ads. If you do not want this information to be associated with your Google Account, you must log out of Google before visiting our website.

If you have not consented to the use of Google Ads, Google will only show you general ads that have not been selected based on the information collected about you on this website. In addition to withdrawing your consent, you also have the option of disabling personalised advertising in the Google Ads Settings: https://adssettings.google.com/notarget

For more information, please refer to:

Google’s information on the use of data: https://policies.google.com/technologies/ads
Google’s privacy policy: https://policies.google.com/privacy

4. Profiles on social networks

We maintain online presences on social networks in order, among other things, to communicate with customers and potential customers and to inform them about our products and services. The respective social networks usually process user data for market research and advertising purposes. In this way, user profiles can be created based on user interests. For this purpose, cookies and other identifiers are stored on data subjects’ computers. Based on these user profiles, ads are then shown on the social networks, for example, but also on third-party websites.

In connection with operating our online presences, it is possible that we may access information provided by the social networks, such as statistics about how our online presences are used. These statistics are aggregated and may include, in particular, demographic information (e.g. age, gender, region, country) as well as data about how you interact with our online presences (e.g. likes, subscriptions, shares, viewing of images and videos) and the posts and content distributed via them. This can also provide us with information about users’ interests and which content and topics are particularly relevant to them. This information may also be used by us to adapt the design and our activities and content on the online presence, and to optimise them for our audience. Please refer to the list below for details and links to the social network data that we, as operators of the online presences, can access. The collection and use of these statistics is usually subject to what is known as joint controllership. Where this is the case, the corresponding agreement is listed below.

The legal basis for this data processing is Art. 6(1) Sentence 1(f) GDPR, based on our legitimate interest in effectively informing and communicating with users, or Art. 6(1) Sentence 1(b) GDPR, in order to stay in contact with and inform our customers and to take steps prior to entering into contracts with prospects.

If you have an account with the social network, it is possible that we may see your publicly available information and media when we retrieve your profile. In addition, the social network may allow us to contact you. This can be done through direct messages or posts, for example. In this respect, the contents of communication via the social network and the processing of content data are the responsibility of the social network as a messaging and platform service. As soon as we transfer your personal data to our own systems or process it further, we are independently responsible for this, and this is done in order to take steps prior to entering into a contract and for the performance of a contract in accordance with Art. 6(1) Sentence 1(b) GDPR.

The legal basis for the data processing carried out by the social networks, for which they are responsible, can be found in the privacy policy of the relevant social network. The following links also provide you with further information about the respective data processing operations and the possibilities for objecting.

We would like to point out that the most efficient way to assert data protection requests is with the relevant social network provider, as only these providers have access to the data and can take appropriate measures directly. You can of course also contact us with your request. In this case, we will process your request and forward it to the provider of the social network.

Below is a list of information about the social networks where we maintain online presences:

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
- Operation of the LinkedIn company page as joint controllers on the basis of a Page Insights Joint Controller Addendum: https://legal.linkedin.com/pages-joint-controller-addendum
- Information about the processed Page Insights data and how to contact LinkedIn in the event of data protection enquiries: https://legal.linkedin.com/pages-joint-controller-addendum
- Privacy policy: https://www.linkedin.com/legal/privacy-policy
- Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

5. Disclosure of data

In principle, we will only disclose the data we have collected if there is a legal basis for this under data protection law in the specific case, in particular if:

You have given explicit consent pursuant to Art. 6(1) Sentence 1(a) GDPR
Disclosure is necessary pursuant to Art. 6(1) Sentence 1(f) GDPR in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed
We are legally obliged to disclose data under Art. 6(1) Sentence 1(c) GDPR, in particular if this is necessary for legal prosecution or enforcement due to official requests, court decisions and legal proceedings; or
This is permitted by law and is required under Art. 6(1) Sentence 1(b) GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract.

The data processing may be carried out in part by our service providers. In addition to the service providers mentioned in this privacy policy, these providers may in particular include data centres that store our website and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group companies and consultancies. If we pass data on to our service providers, they may use the data exclusively for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects and are carefully monitored by us.

6. Data transfers to third countries

As explained in this privacy policy, we use services whose providers are partly located in what are known as third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries where the level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. These include but are not limited to the standard contractual clauses of the European Union or binding corporate rules.

Where this is not possible, we base the transfer of data on derogations under Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for taking steps prior to entering into a contract.

Where a data transfer to a third country is planned and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the third country in question (e.g. intelligence agencies) may gain access to the transferred data in order to record and analyse it, and that enforceability of your rights as a data subject cannot be guaranteed. You will also be informed of this when we obtain your consent via the consent banner. Switzerland is one of the countries that has been found by the EU Commission to have an adequate level of data protection (adequacy decision).

For Switzerland: Some of the recipients to whom we disclose personal data may be located abroad. Where this is the case and there is no exception, including in particular your consent or the necessity of the disclosure for the performance of the contract, and the Federal Council has not determined that an adequate level of protection is ensured for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers abroad. These include standard data protection clauses that have been approved, issued or recognised in advance by the Federal Data Protection and Information Commissioner or binding corporate rules that have been approved.

We will disclose your personal data to our company based in Germany as part of the above data processing. The Federal Council has determined that an adequate level of protection is guaranteed in Germany, which means that the disclosure of your personal data in Germany is lawful.

7. Storage period

In principle, we only store personal data for as long as necessary to fulfil the purposes for which we have collected the data. We then erase the data without undue delay, unless we still require the data until the end of the statutory limitation period for documentation purposes for claims under civil law, due to statutory retention obligations, or there is another legal basis under data protection law for the continued processing of your data in the specific individual case.

For documentation purposes, we are required to keep contract data in particular for another three years after the end of the year in which the business relationship with you ends. After the standard statutory period of limitation, any claims become statute-barred at this point in time at the earliest.

Even after that, we are still required to store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations, which may arise on the basis of the German Commercial Code, the Fiscal Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The periods specified therein for retaining documents range from two to ten years.

8. Your rights, in particular withdrawal and objection

As a data subject, you always have the following rights as set out in Art. 7(3), Art. 15–21, and Art. 77 GDPR, if the respective legal requirements are met:

Right to withdraw your consent (Art. 7(3) GDPR)
Right to object to the processing of your personal data (Art. 21 GDPR)
Right of access to personal data concerning you which we process (Art. 15 GDPR)
Right to rectification of inaccurate personal data concerning you which we have stored (Art. 16 GDPR)
Right to erasure of your personal data (Art. 17 GDPR)
Right to restriction of the processing of your personal data (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

In order to establish your rights described here, you can contact us at any time using the contact details provided. This also applies if you wish to receive copies of safeguards in order to prove an adequate level of data protection. Subject to the respective legal requirements, we will comply with your data protection request.

We will keep your enquiries regarding the establishment of rights under data protection law, and our responses to these, for a period of up to three years for documentation purposes and, where necessary in individual cases, beyond this period if we need to establish, exercise or defend legal claims. The legal basis is Art. 6(1) Sentence 1(f) GDPR, based on our interest in defending ourselves against any civil-law claims under Art. 82 GDPR, avoiding administrative fines under Art. 83 GDPR and fulfilling our accountability under Art. 5 Sentence 2 GDPR.

You have the right to withdraw the consent you gave us at any time. As a result of this, we will cease the data processing based on this consent with effect for the future. This withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time for reasons arising from your particular situation. If your objection is to data processing for direct marketing purposes, you have a general right of objection, which we will implement without requiring you to give reasons.

If you would like to make use of your right of withdrawal or objection, it is sufficient to simply notify us using the contact details provided above.

Finally, you have the right to lodge a complaint with a data protection supervisory authority. You can assert this right, for example, by contacting a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The competent supervisory authority in Bern, where zetcom AG is headquartered, is: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, CH – 3003 Bern, Switzerland.

9. Changes to this privacy policy

We will update this privacy policy from time to time, for example if we adapt our website or if there are changes to the legal or regulatory requirements.

Version: 2.0. Last amended: March 2024