Privacy policy

General information

Welcome to our website. We appreciate your interest in our company. Protecting your personal data is one of our main concerns. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (GDPR) and the country-specific implementation laws applicable to us. This privacy policy provides detailed information on the processing of your personal data by REFCO Manufacturing Ltd. and the rights to which you are entitled.

Personal data is information that can be used to identify a natural person. In particular, this includes your name, date of birth, address, telephone number and email address, but also your IP address.

Data is considered anonymous if no personal reference to the user can be established.

Your rights as a data subject

Firstly, we would like to inform you about your rights as a data subject. These rights are standardised in Art. 15-22 GDPR. They include:  

• The right of access (Art. 15 EU-DS-GVO),
• The right to erasure (Art. 17 EU-DS-GVO),
• The right to rectification (Art. 16 EU-DS-GVO),
• The right to data portability (Art. 20 EU-DSGVO),
• The right to restriction of processing (Art. 18 EU-DS-GVO),
• The right to object to the processing of personal data (Art. 21 EU-DS-GVO).

Please contact us at datenschutz@refco.ch to exercise these rights, if you have any questions about data processing in our company or if you wish to revoke your consent. You also have the right to appeal to a data protection authority.

Responsible body and data protection officer

Responsible body
Manfred Ulrich
REFCO Manufacturing Ltd.
Industriestrasse, 11
6285 Hitzkirch – Switzerland

Contact
Phone: +41 41 919 72 82
Telefax: +41 41 919 72 83
E-Mail: info@refco.ch

Data protection officer
We are not obliged to appoint a data protection officer. If you have any concerns regarding data protection, you can contact us at the following email address: datenschutz@refco.ch.

Rights of objection
Please note the following with regard to rights of objection:

Aims and legal bases of data processing

The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise from Art. 6 GDPR in particular.

We use your data to make initial business contact, to fulfil contractual and legal obligations, to implement the contractual relationship (Art. 6 para. 1 lit. b) GDPR), to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.

Your consent to your data being processed may also constitute a “permission requirement” in terms of data protection law (Art. 6 para. 1 lit. a) GDPR). Before you consent, we will inform you about the purpose of the data processing and your right of revocation.

Should your consent also apply to the processing of special categories of personal data, we will explicitly notify you of this during the consent process. Special categories of personal data pursuant to Art. 9 GDPR are only processed if this is made necessary by legal regulations and if there is no reason to assume that your legitimate interest in exemption from processing prevails.

We also collect your data to ensure the website is provided without any errors and to analyse your user behaviour. We collect this data on the basis of our legitimate interest (Art. 6 para. 1 lit. f) GDPR) of making the content visually available to every visitor. We also have a legitimate interest in the website’s security (hacker attacks).

A detailed description of the analysis of user behaviour can be found below.

Disclosure to third parties
We will only disclose your data to third parties in line with statutory provisions or with your appropriate consent. Otherwise, the data will not be disclosed to third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or criminal prosecution authorities).
 

Data recipients / recipient categories
Within our company, we ensure that your data is only received by those individuals who need it to fulfil their contractual and legal obligations. In many cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection contracts have been concluded with all service providers. In particular, we engage service providers for web and mobile applications, as web providers and hosting service providers. The right to access work materials containing customer data is conferred only after the order has been placed, and is granted, wherever possible, exclusively for anonymised data.

Third-country transfer / intention to transfer to a third country
Data will only be transferred to third countries (countries outside the European Union or the European Economic Area) to the extent that this is necessary for the performance of the contractual obligation, is required by law or if you have given us your consent to do so. We transmit your personal data using global server infrastructure from Microsoft. We transmit your personal data to a server in the USA as part of our use of Google Analytics. Here, compliance with the level of data protection is guaranteed by the data protection contracts with the provider.

Data retention periods
We store your data as long as it is required for the respective processing purpose. Please note that numerous retention periods require that data (must) continue to be stored. This applies in particular to retention obligations under commercial or tax law (e.g. Commercial Code, Tax Code, etc.). If there are no further retention obligations, the data will be routinely deleted once the purpose has been achieved.
In addition, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence within statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.

Secure transmission of your data
In order to provide the best protection for the data retained by us against accidental or intentional manipulation, loss, destruction or access by unauthorised individuals, we use appropriate technical and organisational security measures. With the help of security experts, we regularly review the security levels and adapt them to new security standards. The transfer of data between app and server is also encrypted to the latest encryption standards. Only we can decrypt this data. There is also the option of using alternative means of communication (e.g. post). The data transmitted to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols. In addition, we offer our users content encryption in our contact forms and when submitting applications. Only we can decrypt this data. We also offer the option of using alternative means of communication (e.g. post).

Obligation to provide data
Various types of personal data are necessary for the establishment, performance and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it offers.

We have summarised the details of this for you in the above-mentioned point. In certain cases, data must also be collected or made available on the basis of statutory provisions. Please note that it is not possible to process your enquiry or to perform the underlying contractual obligation without providing this data.

Categories, sources and origin of data

The data we process depends on the respective context, for example, whether you place an order online or submit an enquiry via our contact form, whether you send us an application or submit a complaint.

Please note that for special processing scenarios we may also make information available separately in a particular place, e.g. on the pages for uploading application documents or sending an enquiry.

We collect and process the following data when you visit our website:
Web browser, browser version and operating system of user

• Referrer URL
• Hostname of the accessing computer
• Time of te server request
• IP-address

This data will not be merged with other data sources.

For technical security reasons (in particular to prevent attempts to hack our web server), this data is stored in accordance with Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation, as well as the security of its website – for which the server log files must be recorded. After 7 days at the latest, the data is anonymised by shortening the IP address so that no reference to the user is established.

For an enquiry, we collect and process the following data:

Voluntary information:
Surname, first name

• Company name, if applicable
• Contact details (street, postal code, town/city, country, telephone, fax)
• Salutation
• Message

Mandatory information:
E-Mail-address

• Data collection by the reCAPTCHA system (see below) to protect against span enquiries

Cookies, Google Analytics

Cookies (Art. 6 para. 1 lit. f) GDPR / Art. 6 para. 1 lit. a) GDPR when consent has been given)

Our website uses “cookies” in several places. They serve to make our web presence more user-friendly, more effective and safer. Cookies are small text files that are placed and stored on your terminal device.

These cookies enable us to analyse how users use our websites. This helps us to design the website content according to visitors’ needs. In addition, cookies enable us to measure the effectiveness of a particular advertisement and to place it depending on topics in which users are interested, for example. The legal basis for this is Art. 6 para. 1 lit. f) or, if consent has been given, Art. 6 para. 1 lit. a) GDPR.

We use the following cookies:
Our own cookies:
This type of cookie is controlled directly by REFCO Manufacturing Ltd. Depending on the purpose, these are permanently stored – even after the end of the session – (“persistent” cookies, e.g.: opt-out cookies) or are deleted when the browser is closed (“session” cookies, which are only valid for one browser session).

Third-party cookies:
This type of cookie is controlled by third parties. Third-party providers are providers who display advertising banners on other websites especially for REFCO Manufacturing Ltd. These use cookies to transmit, for example, the information that an advertising banner displayed in your browser has led to a purchase (conversion tracking).

So-called temporary/permanent cookies, which are automatically deleted after the specified time (usually 6 months), are used here. These temporary or permanent cookies are stored on your terminal device and are deleted automatically after the specified time. Our partner companies’ cookies also contain only pseudonymous, and mostly anonymous data. This data enables our partners to track which products you have viewed, whether something has been purchased, which products have been searched for, etc. Some of our advertising partners also collect information about other websites you previously visited or products you were interested in, for example. This helps to display customised advertisements. Pseudonymous data will never be merged with your personal data.Most web browsers automatically accept cookies. Of course, you can also manually deactivate, restrict or even delete cookies on your terminal device by changing your browser or software settings. Please note that disabling cookies may prevent some of the functions of our website from working correctly.

Google Analytics (Art. 6 para. 1 lit. f) GDPR)
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files that are stored on your computer and help to analyse how you use a website. The information generated by the cookie about your use of this website will generally be transmitted to a Google server in the United States and stored there. Storing Google Analytics cookies and the use of this analysis tool are based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its web and advertising presence.

We have activated the IP anonymisation function on this website. This means that your IP address will be shortened by Google within member states of the European Union or other signatory states of the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases, the full IP address is transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website and internet usage to the website operator. Google does not combine the IP address transmitted by your browser for Google Analytics with any other data. You may disable the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, it may prevent some of the functions of this website from working correctly. You can also prevent Google from collecting and processing the data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser add-on from the following link: https://tools.google.com/dlpage/gaoptout?hl=en. For more information on how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Google reCAPTCHA (Art. 6 para. 1 lit. f) GDPR)
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is carried out by a person or by an automated program. To do this, reCAPTCHA analyses the behaviour of the website visitor against various characteristics. This analysis starts automatically as soon as the website visitor accesses the website. reCAPTCHA analyses various types of information (e.g. IP address, how long the visitor spends on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. Data is processed on the basis of Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in protecting its web services from abusive automated spying and from spam. For more information about Google reCAPTCHA and Google’s privacy policy, please see the links below: https://policies.google.com/privacy?hl=en and https://www.google.com/recaptcha/intro/android.html.