Data Protection

In the following data protection notice, we inform you in accordance with the data protection provisions of the Federal Act on Data Protection (Swiss Data Protection Act, FADP Art. 19) and the European General Data Protection Regulation (GDPR Art. 13 and 14) about how we handle personal data as necessary and for the purpose of providing a functional and user-friendly website, including its content and services.

Under the General Data Protection Regulation (GDPR), “processing” is defined as any operation or set of operations performed on personal data, such as collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, linking, restriction, deletion, or destruction.

This data protection notice explains the type, scope, purpose, duration, and legal basis of the processing of personal data carried out by us, as well as the use of external components, insofar as third parties may process data on our behalf or under their own responsibility.

We have implemented technical and organizational security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access. Our security measures are continuously reviewed and improved in line with technological developments.

Do you have any questions after reading the following information?

Your trust is important to us. Therefore, we are happy to assist you regarding the processing of your personal data. If you have any questions that are not answered by this privacy policy, please contact us by e-mail a: mailbox@derungs.swiss

Our privacy policy is structured as follows:

1. Information about us as the data controller
2. Rights of users and data subjects
3. Information on data processing

I. Information about us as the data controller

The responsible provider of this website in terms of data protection law is:

Head Office – Switzerland
Derungs Licht AG
Hofmattstrasse 12
CH-9200 Gossau
Phone: +41 71 388 11 66
E-mail: mailbox@derungs.swiss

Subsidiary – Germany
Derungs Medical GmbH
Rudolf-Diesel-Strasse 2
D-78239 Rielasingen-Worblingen
Phone: +49 7731 90 97 19-0
E-mail: info@derungsmedical.com

Derungs Licht AG, Gossau (Switzerland), is primarily responsible for operating this website and for processing data related to online inquiries, CRM activities, and marketing.
Derungs Medical GmbH, Rielasingen-Worblingen (Germany), is responsible for sales and customer support in Germany. Both companies operate under a joint controllership arrangement in accordance with Article 26 GDPR. The key provisions of this agreement can be provided upon request.

II. Rights of users and data subjects

Users and data subjects have the following rights with regard to the processing of their personal data by the controller named in Section I:

• The right to confirmation as to whether their personal data is being processed, as well as the right to access this data and to obtain further information about the nature of the processing and copies of the data.
• The right to rectification or completion of inaccurate or incomplete data.
• The right to erasure (“right to be forgotten”) of their personal data without undue delay, or, where further processing is required, the right to restriction of processing.
• The right to receive their personal data that they have provided to the controller free of charge and to have that data transmitted to another controller.
• The right to lodge a complaint with a supervisory authority if they believe that their personal data has been processed in violation of applicable data protection regulations.

The controller is obligated to inform all recipients to whom personal data has been disclosed of any rectification, erasure, or restriction of processing carried out pursuant to Articles 16, 17(1), and 18 GDPR. This obligation does not apply if such notification is impossible or would involve a disproportionate effort. However, the user has the right to be informed about these recipients.

Users and data subjects also have the right to object to the future processing of their personal data if such processing is based on Article 6(1)(f) GDPR (legitimate interest). In particular, they may object to the processing of their data for direct marketing purposes.

Right to Lodge a Complaint with the Competent Supervisory Authority

Data subjects within the meaning of the GDPR have the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data violates the GDPR. The complaint may be lodged in particular with the supervisory authority of the Member State of their habitual residence, place of work, or the place of the alleged infringement. This right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

Competent Data Protection Authority in Switzerland:
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern
https://www.edoeb.admin.ch

III. Information on data processing

The data processed when you use our website will be deleted or blocked as soon as the purpose of storage ceases to apply, there are no statutory retention obligations, and no deviating details are provided for individual processing activities.

For security reasons and to protect the transmission of confidential content—such as inquiries you send to us as the website operator—we use SSL encryption throughout. You can recognize an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and by the lock symbol in your browser bar.

SSL provides triple protection:

• The entries you submit are transmitted in encrypted form.
• It is ensured that the form is returned only to the server from which it was opened.
• It is checked whether the data reaches its respective recipient completely and unchanged.

When SSL encryption is activated, data that you transmit to us is encrypted during transport and cannot be read by third parties.

Consent Management Tool

We use the consent management tool CCM19 provided by Papoo Software & Media, Auguststr. 4, 53229 Bonn.
The tool allows you to give consent to data processing activities on the website, particularly the setting of cookies, as well as to exercise your right to withdraw any consent already given. Cookies may be used for this purpose. Among other things, the following information is collected and transmitted to CCM19: date and time of the page view, a random ID, and consent status. The service provider Papoo Software & Media does not process the data for its own purposes; the data is stored as a log file. Access to the log files only takes place after prior consultation and with the consent of the controller of this site. The data is not passed on to any other third parties. The data processing is carried out to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR. You can find the provider’s privacy notice at: https://www.ccm19.de/datenschutzerklaerung.html

Cookies

a) Cookies

We use so-called cookies on our website. Cookies are small data records or other storage technologies that are placed and stored on your device by your internet browser. Through these cookies, certain information about you—such as your browser or location data or your IP address—is processed. This processing makes our website more user-friendly, effective, and secure, as it enables, for example, the display of our website in different languages or stores the privacy settings you have selected in the consent management tool.
The legal basis for this processing is Art. 6(1)(b) GDPR if these cookies process data for the initiation or performance of a contract. If the processing is not for contract initiation or performance, our legitimate interest lies in improving the functionality of our website; the legal basis in this case is Art. 6(1)(f) GDPR.
In all other cases, cookies will only be set in your browser after you have given your consent. The legal basis in that case is Art. 6(1)(a) GDPR.
You can edit the cookie settings you have made at any time using the “Open configuration box” link at the bottom. Session cookies are deleted when you close your internet browser.

b) Third-party cookies:

Our website may also use cookies from partner companies with whom we cooperate for the purposes of advertising, analytics, or website functionality. For details—particularly regarding the purposes and legal bases of processing such third-party cookies—please refer to the information provided below..

c) Options for removal:

It is possible to prevent or restrict the installation of cookies by changing the settings of your internet browser. Cookies that have already been stored can also be deleted at any time. The exact steps depend on the browser used. For further information and assistance, please consult your browser’s help function or documentation, or contact the browser manufacturer.

Inquiries by e-mail, telephone, or contact form:

If you contact us by e-mail, telephone, or fax, your inquiry—including all personal data resulting from it (name, inquiry)—will be stored and processed by us for the purpose of handling your request. We will not pass on this data without your consent.
We also provide various contact forms on our website (e.g., newsletter registration, warranty claims, general contact inquiries) through which personal data is processed. If you contact us via these forms, the data you provide will be used to process your request. Without the information requested in the forms, we may not be able to respond to your request, or only to a limited extent. The legal basis for processing your data is Art. 6(1)(b) GDPR. Once your inquiry has been answered and there are no statutory retention obligations—such as in the event of subsequent contract processing—your data will be deleted.

Customer Account / Registration Function

If you are a dealer or distribution partner, you can request a user-specific account to gain access to product-related documents and data. When you create a customer account on our website, we use the data you provide (e.g., your name, company, address, or e-mail address) exclusively for pre-contractual services, contract processing, or customer support. We also store the IP address, date, and time of your registration. This data is not disclosed to third parties.
The data collected is used solely to provide the customer account. The legal basis for processing is Art. 6(1)(b) GDPR. The data collected will be deleted as soon as it is no longer required. However, we must observe tax and commercial retention periods.

CRM / Sales & Customer Communication

We process contact and communication data (e.g., name, company, role, e-mail address, telephone number, interaction history) in our CRM system for the purpose of handling inquiries, initiating offers and contracts, customer care, scheduling, event and webinar management, and documenting our business relationship.

a) Legal bases:

• Swiss Federal Act on Data Protection (revFADP, Art. 6 et seq.)—processing in accordance with the principles of proportionality and purpose limitation.
• Art. 6(1)(b) GDPR (contract / pre-contractual measures)
• Art. 6(1)(f) GDPR (legitimate interest in efficient customer communication and traceability of business processes)
• For direct marketing by e-mail, we use personal data only on the basis of explicit consent (Art. 6(1)(a) GDPR).

b) Recipients / categories:

Internal staff in sales, marketing, and customer service; where applicable, external processors (hosting or CRM providers) with whom we have concluded a data processing agreement pursuant to Art. 28 GDPR.

c) Storage period:

We store personal data in the CRM system for as long as necessary for the customer relationship or as required by statutory retention periods.

d) Right to object:

You may object at any time to the processing of your data for direct marketing purposes, or withdraw any consent given. A corresponding notice is included in every marketing e-mail.

Newsletter

If you subscribe to our free newsletter, you provide us with your e-mail address and, optionally, your name and address. We also store the IP address of the internet connection from which you visit our website, as well as the date and time of your registration. As part of the registration process, we obtain your consent to receive the newsletter, describe the content precisely, and refer to this privacy policy. The data collected is used exclusively for sending the newsletter and is not passed on to third parties.
The legal basis for this is Art. 6(1)(a) GDPR. You can withdraw your consent to receive the newsletter at any time pursuant to Art. 7(3) GDPR by notifying us or by using the unsubscribe link in every newsletter.
We use the software Mailjet GmbH and PortNeo to handle newsletter delivery. For more information on how these providers process data, please refer to their privacy policies: Mailjet Privacy Policy and PortNeo Privacy Policy.

We log your registration in order to demonstrate compliance with legal requirements (timestamp, IP address, form version). You may withdraw your consent at any time with effect for the future, e.g., via the unsubscribe link in the newsletter.

Online Job Applications / Publication of Job Postings

You have the option to apply via our website. If you apply in this way, your applicant and application data will be collected and processed electronically by us to conduct the application process. The legal basis for this processing is Section 26(1) sentence 1 BDSG in conjunction with Art. 88(1) GDPR.
If an employment contract is concluded after the application process, the data you transmitted during the application will be stored in your personnel file for the usual organizational and administrative processes, in compliance with legal obligations. The legal basis for this processing is also Section 26(1) sentence 1 BDSG in conjunction with Art. 88(1) GDPR.
If an application is rejected, the transmitted data will be automatically deleted two months after notification of the rejection, unless the data must be retained for a longer period due to statutory requirements—e.g., evidentiary obligations under the AGG—for up to four months or until the conclusion of legal proceedings. The legal basis in this case is Art. 6(1)(f) GDPR and Section 24(1) no. 2 BDSG; our legitimate interest lies in legal defense and enforcement.
If you expressly permit longer storage of your data—for example, for inclusion in an applicant or talent pool—the data will continue to be processed on the basis of your consent. The legal basis is then Art. 6(1)(a) GDPR. You may withdraw your consent at any time pursuant to Art. 7(3) GDPR by informing us that you wish to withdraw it.

Server Data

For technical reasons—particularly to ensure a stable and secure website—data is transmitted by your internet browser to us or to our web space provider. These so-called server log files contain, among other things, the type and version of your internet browser, the operating system, the website from which you switch to our website (referrer URL), the pages you visit on our website, the date and time of access, and the IP address of the internet connection from which access to our website occurs.
The data collected is stored temporarily, but not together with other data about you. This storage is based on Art. 6(1)(f) GDPR, as our legitimate interest lies in improving the functionality, security, and performance of our website. The provider also reserves the right to review the log data retroactively if there are specific indications of unlawful use.
The data is deleted at the latest after seven days, unless further storage is required for evidentiary purposes. Otherwise, the data may be partially or entirely excluded from deletion until the incident has been fully clarified.

Social Networks and External Links

We use various social media platforms for the presentation and optimization of our services, for contact purposes, and for marketing measures, to which we link from our website.
This is done on the legal basis of Art. 6(1)(f) GDPR, as our legitimate interest lies in improving the user experience of our website and increasing our reach. The integration of plugins is carried out via a linked graphic. Users are only forwarded to the service of the respective social network by clicking on the corresponding graphic.
By linking to social networks offered on our website, user data is collected and stored by the respective providers as soon as users click on the graphic and are forwarded to the respective network’s page. Where providers are based outside the EU, personal data is also transferred to third countries for which there is no adequacy decision by the EU Commission; in such countries (e.g., the USA), you may not be able to exercise the rights described under Section II (under the FADP/GDPR) or only to a limited extent. We have no influence on the further processing of your data by these providers.
According to a decision of the Court of Justice of the European Union, there is generally joint controllership within the meaning of Art. 26 GDPR with the platforms regarding the personal data processed as a result. This data may include IP address, date, time, and pages visited. If the user is logged into their user account of the network at the time, the network operator may associate this information with the user’s personal account. To prevent this, we recommend logging out before clicking on the graphic or adjusting the user account settings.
We refer to the respective provider’s privacy notices regarding the data processing triggered by visiting the platforms. Where personal data is transferred to countries outside Switzerland or the EU/EEA (e.g., the USA), we ensure that appropriate safeguards are in place in accordance with Art. 16 revFADP and Art. 46 GDPR (e.g., Standard Contractual Clauses, SCCs). Nevertheless, for US-based services there may remain a residual risk of access by public authorities.

LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.
Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Xing
New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung

YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy Policy: https://policies.google.com/privacy

Google Maps
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy Policy: https://policies.google.com/privacy

Vimeo
We use the Vimeo service on our website to display videos. The service is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. Some user data may be processed on servers in the USA. Processing is based on your consent pursuant to Art. 6(1)(a) GDPR.
If you visit our website pages on which Vimeo videos are embedded and you have given your consent to playback, a connection to Vimeo’s servers will be established. Your IP address will be processed by Vimeo in order to display the video. In addition, the date and time of the visit are recorded. If you are logged in to Vimeo while visiting our pages, this information may be linked to your personal user account. To prevent this, you can log out before visiting our pages or configure your Vimeo user account accordingly. Vimeo also uses the web analytics service Google Analytics to analyze usage of our pages and improve functionality. Cookies are stored on your device for this purpose and information is transmitted to Google, which may be processed in the USA.
You can prevent the processing of your data by cookies by making the appropriate settings in your internet browser or by not giving consent to play the content. You can access these settings at any time by clicking the small cookie icon at the bottom of each page of our website.
Further information on how Vimeo processes data and on your rights and options to protect your privacy can be found at: https://vimeo.com/privacy.

Analytics Tools

Google Analytics

If you give us your consent via the prompt in the consent management tool, we use Google Analytics to analyze usage of our website. This is a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Usage and user-related information—such as IP address, location, time, and frequency of visits to our website—is generally transmitted to a Google server in the USA and stored there. By means of Google Analytics’ anonymization function, IP addresses are shortened within the EU or EEA before being sent to Google.
Google uses this data to provide us with an evaluation of visits to our website and the usage activities there.
The legal basis for the use of Google Analytics is Art. 6(1)(a) GDPR.
Google states that it does not merge your IP address with other data. In addition, Google provides further data protection information and options to prevent data use at: https://www.google.com/intl/de/policies/privacy/partners .
You can also prevent the collection by Google of the cookies set for transferring data relating to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=de. This can be installed with common internet browsers and gives you the option to prevent the transmission of information to Google Analytics. The add-on informs Google Analytics’ JavaScript (ga.js) that no information about the visit to our website should be transmitted to Google Analytics. This does not restrict the transmission of information to us or to other web analytics services.