Imprint and Privacy Policy

With this Privacy Policy, we inform you about the processing of personal data in connection with our activities and operations, including our www.liom.com website. In particular, we inform you about the purposes, methods, and locations where we process personal data. We also provide information about the rights of individuals whose data we process.

For specific or additional activities and operations, other privacy policies or information on data protection may apply.

We are subject to Swiss data protection law and, if applicable, foreign data protection laws, particularly those of the European Union (EU) with the European General Data Protection Regulation (GDPR).

The European Commission recognized on July 26, 2000 that Swiss data protection law ensures adequate data protection. On January 15, 2024, the European Commission confirmed this adequacy decision.

1. Contact Addresses

Responsible for the processing of personal data:

Daniel Perotti
Talstrasse 35
8808 Pfäffikon

info@liom.com

In certain cases, third parties may be responsible for processing personal data, or there may be joint responsibility with third parties.

Data Protection Representation in the European Economic Area (EEA)

We have the following data protection representation according to Art. 27 GDPR:

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany

info@datenschutzpartner.eu

The data protection representation serves as an additional point of contact for affected individuals and authorities in the European Union (EU) and the European Economic Area (EEA) regarding GDPR-related inquiries.

2.1 Terms

Affected Person: A natural person whose personal data we process.

Personal Data: All information relating to an identified or identifiable natural person.

Special Categories of Personal Data: Data about union, political, religious, or philosophical views and activities, data about health, privacy, or membership of an ethnic group or race, genetic data, biometric data that uniquely identify a natural person, data about criminal and administrative sanctions or prosecutions, and data about social assistance measures.

Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, matching, adjusting, archiving, storing, reading, disclosing, acquiring, recording, collecting, deleting, disclosing, organizing, storing, altering, distributing, linking, destroying, and using personal data.

European Economic Area (EEA): Member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.

We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

We process – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data in accordance with at least one of the following legal bases:

  • Art. 6(1)(b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject or to carry out pre-contractual measures.
  • Art. 6(1)(f) GDPR for the necessary processing of personal data to protect legitimate interests – including the legitimate interests of third parties – unless the fundamental rights and freedoms of the data subject override these interests. Such interests include, in particular, the permanent, humane, safe, and reliable conduct of our activities and operations, ensuring information security, protection against abuse, enforcement of legal claims, and compliance with Swiss law.
  • Art. 6(1)(c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under the applicable law of member states in the European Economic Area (EEA).
  • Art. 6(1)(e) GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
  • Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
  • Art. 9(2) ff. GDPR for the processing of special categories of personal data, particularly with the consent of the data subjects.

The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of special categories of personal data as the processing of special categories of personal data (Art. 9 GDPR).

3. Nature, Scope, and Purpose of Processing Personal Data

We process the personal data that is necessary to conduct our activities and operations permanently, humanely, safely, and reliably. The processed personal data may fall into categories such as browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect during the course of our activities and operations, provided such processing is legally permissible.

We process personal data where necessary, with the consent of the data subjects. In many cases, we can process personal data without consent, for example, to fulfill legal obligations or to protect overriding interests. We may also request consent from data subjects if their consent is not required.

We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data, particularly depending on legal retention and limitation periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. These third parties are typically specialized service providers whose services we use.

We may disclose personal data to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and financial information agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, and insurance companies.

5. Communication

We process personal data to communicate with third parties. In this context, we particularly process data that a data subject provides when contacting us, for example, by postal mail or email. We may store such data in an address book or similar tools.

Third parties who transmit data about other individuals are obligated to ensure data protection for those affected individuals. This includes ensuring the accuracy of the transmitted personal data.

6. Applications

We process personal data about applicants to the extent necessary for assessing their suitability for an employment relationship or for the subsequent execution of an employment contract. The required personal data is derived in particular from the requested information, such as that provided in a job posting. We may publish job postings with the help of appropriate third parties, such as in electronic and print media or on job portals and recruitment platforms.

We also process personal data that applicants voluntarily provide or make public, particularly as part of cover letters, resumes, and other application documents, as well as from online profiles.

We process – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data about applicants in particular in accordance with Art. 9(2)(b) GDPR.

7. Data Security

We take appropriate technical and organizational measures to ensure data security that is proportionate to the respective risk. Our measures particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data, although absolute data security cannot be guaranteed.

Access to our website and other online presences is provided via transport encryption (SSL / TLS, particularly using Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn against visiting websites without transport encryption.

Our digital communication is subject – as in principle all digital communication – to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police forces, and other security authorities. We also cannot rule out that an affected person may be specifically monitored.

8. Personal Data Abroad

We primarily process personal data in Switzerland and within the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly for processing or to have it processed there.

We may export personal data to any country or territory on Earth, provided that the local law ensures adequate data protection according to a decision of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – also in accordance with a decision of the European Commission.

We may transfer personal data to countries whose laws do not ensure adequate data protection if the protection is guaranteed for other reasons, particularly based on standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, such as the explicit consent of the data subjects or a direct connection with the conclusion or execution of a contract. Upon request, we are happy to provide affected persons with information about any guarantees or provide a copy of any guarantees.

9. Rights of Data Subjects

9.1 Data Protection Claims

We grant data subjects all claims in accordance with the applicable data protection law. In particular, data subjects have the following rights:

  • Access: Data subjects may request information on whether we process personal data about them and, if so, what personal data it is. Data subjects also receive the information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data itself, but also information on the purpose of processing, the retention period, any disclosure or export of data to other countries, and the origin of the personal data.
  • Correction and Restriction: Data subjects may correct inaccurate personal data, complete incomplete data, and restrict the processing of their data.
  • Deletion and Objection: Data subjects may request the deletion of personal data (“right to be forgotten”) and object to the processing of their data with future effect.
  • Data Release and Transfer: Data subjects may request the release of personal data or the transfer of their data to another controller.

We may defer, restrict, or deny the exercise of data subjects’ rights within the legally permissible framework. We may inform data subjects of any requirements that need to be met to exercise their data protection claims. For example, we may refuse access entirely or partially by referencing trade secrets or the protection of other persons. We may also refuse the deletion of personal data by referencing legal retention obligations.

We may exceptionally charge fees for the exercise of rights. We will inform data subjects in advance about any costs.

We are required to take appropriate measures to identify data subjects who request access or assert other rights. Data subjects are obliged to cooperate in this process.

Data subjects have the right to enforce their data protection claims through legal action or to file a report or complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states within the European Economic Area (EEA), data protection supervisory authorities are structured federally, particularly in Germany.

10. Use of the Website

10.1 Cookies

We may use cookies. Cookies – both first-party cookies and third-party cookies, whose services we use – are data stored in the browser. Such stored data does not have to be limited to traditional cookies in text form.

Cookies may be stored in the browser temporarily as “session cookies” or for a specific period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies enable, in particular, the recognition of a browser upon a return visit to our website, allowing, for example, the measurement of our website’s reach. However, permanent cookies may also be used for online marketing purposes.

Cookies can be deactivated or deleted at any time in the browser settings, either partially or completely. Without cookies, our website may no longer be fully available. We request – at least when necessary and appropriate – explicit consent for the use of cookies.

For cookies used for success and reach measurement or advertising, a general opt-out for numerous services is possible through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging

We may log at least the following information for each access to our website and other online presences, provided this information is transmitted to our digital infrastructure during such access: date and time, including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, specific sub-page of our website accessed, including the amount of data transmitted, and the last website accessed in the same browser window (referrer).

We log such information, which may also constitute personal data, in log files. This information is necessary to ensure that our online presence can be provided permanently, user-friendly, and reliably. This information is also required to ensure data security – including by third parties or with the help of third parties.

10.3 Tracking Pixels

We may embed tracking pixels in our online presence. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are usually small, invisible images or JavaScript scripts that are automatically retrieved when accessing our online presence. Tracking pixels can capture at least the same information as log files.

11. Notifications and Communications

11.1 Success and Reach Measurement

Notifications and communications may contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked. Such web links and tracking pixels can also capture the usage of notifications and communications on a personal basis. We require this statistical usage data for success and reach measurement, enabling us to send notifications and communications effectively, user-friendly, and reliably, based on the needs and reading habits of the recipients.

You generally need to consent to the use of your email address and other contact information unless its use is permissible for other legal reasons. For obtaining consent, we may use the “Double Opt-in” procedure, where you will receive a message with instructions for double confirmation. We may log the obtained consent, including the IP address and timestamp for proof and security purposes.

You can generally object to receiving notifications and communications, such as newsletters, at any time. By doing so, you can simultaneously object to the statistical tracking of usage for success and reach measurement. Necessary notifications and communications related to our activities and operations are excluded from this objection.

12. Social Media

We are present on social media platforms and other online platforms to communicate with interested individuals and to inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The general terms and conditions (GTC) and usage conditions, as well as privacy policies and other provisions of the respective operators of such platforms, also apply. These provisions specifically inform data subjects about their rights directly with the respective platform, including the right to access.

13. Third-Party Services

We use services from specialized third parties to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. These services allow us to embed functions and content into our website. When such embedding occurs, the services used will, for technical reasons, at least temporarily capture the IP addresses of users.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in aggregated, anonymized, or pseudonymized forms. This includes performance or usage data necessary to provide the respective service.

We particularly use:

13.1 Digital Infrastructure

We use services from specialized third parties to access the digital infrastructure necessary for our activities and operations. These include, for example, hosting and storage services from selected providers.

We particularly use:

13.2 Map Services

We use third-party services to embed maps into our website.

We particularly use:

14. Website Extensions

We use extensions for our website to enable additional features. We may use selected services from appropriate providers or implement such extensions on our own digital infrastructure.

We particularly use:

15. Success and Reach Measurement

We strive to measure the success and reach of our activities and operations. In this context, we may also measure the effectiveness of third-party notices or test how different parts or versions of our online offerings are used (“A/B testing” method). Based on the results of the success and reach measurement, we can correct errors, strengthen popular content, or make improvements.

For success and reach measurement, the IP addresses of individual users are generally recorded. IP addresses are generally shortened (“IP masking”) in this case to follow the principle of data minimization through appropriate pseudonymization.

Cookies may be used for success and reach measurement, and user profiles may be created. Any created user profiles may include, for example, the individual pages visited or content viewed on our website, information about the size of the screen or browser window, and the – at least approximate – location. Generally, any user profiles created are pseudonymized and not used to identify individual users. Certain third-party services, where users are registered, may associate the use of our online offerings with the user’s account or profile with the respective service.

We particularly use:

16. Final Provisions

We may adjust and supplement this privacy policy at any time. We will inform you of such adjustments and supplements in an appropriate manner, particularly by publishing the latest version of the privacy policy on our website.