Data Protection Declaration
Below you will find information about the nature and extent of the collection and use of personal data and the reasons why such data is collected. You may consult our data protection policy on our website at any time.
- General points
- Processing manager
- Collection and processing of personal data
- Purposes for processing data and legal standing
- Cookies/Tracking and other technology related to the use of our website
- Transmission and transfer of data abroad
- Length of conservation of personal data
- Data security
- Rights of the person concerned
- Changes
General points
The company HUG AG (hereafter referred to also as HUG-Family and “us”) makes products for the brands HUG, HUG Food Service, Wernli and DAR-VIDA at its sites in Malters and Willisau. As part of this activity, it may collect and process personal data about you directly or about other persons (called “third parties”). In this document, we use the term “personal data” to refer to “data of a personal nature”.
In this data protection declaration, we describe what we do with your data when you visit our websites, purchase our services or products, interact with us in the context of a contract, communicate with us or have any other relationship with us.
This data protection declaration has been drafted to meet the requirements of the Swiss data protection law (FADP) and the European Union’s General Data Protection Regulation (GDPR). Whether and to what extent these laws apply, however, depends on each case.
Processing manager
The processing manager and the contact person for data protection are as follows:
HUG AG
Neumühlestrasse 4
6102 Malters
Switzerland
Collection and processing of personal data
We initially collect your personal data when you come to our shops, when you order products online, when you sign up for events or when you create a customer account. In addition, we collect and process personal data that we receive from our customers and other commercial partners as part of our business relations with them, as well as from other people involved in these relations, or from users of our websites and other apps as part or their operation.
Parallel to data about you that you provide us with directly, the main categories of personal data that we receive about you from third parties are the following: information coming from public records, information brought to our attention through official contacts, information relating to your professional activities and roles (in order, for example, that, with your help, we may agree and execute transactions with your employer), information about you provided as part of correspondence and meetings with third parties, solvency information, information about you provided by persons from your entourage (family, advisers, legal representatives, customers, etc.) so that we can enter into and execute contracts directly with you or in association with you (for example, references, delivery addresses, mandates), from our commercial partners and other contractual partners in our network for the use and provision of services by you (payments and purchases made), data about you coming from media and the Internet (in so far as this is clearly indicated, for example, during a job application, a press review, a sales/marketing campaign, etc.), addresses and, where relevant, areas of interest and other sociodemographic data (for marketing purposes), as well as data relating to the use of our website (for example, IP address, smartphone or computer MAC address, information about your device, settings, cookies, date and time of visit, pages and contents viewed, features used, referring website, location details).
In the event of services provided in advance, for example, purchasing on account, we will receive a solvency report based on a mathematical-statistical process, with a view to safeguarding our legitimate interests. To do this, we will submit all necessary personal data to a credit check at the help centre and use the information received to make an informed decision on the establishment, execution or termination of the contractual relationship.
Furthermore, we collect data about you when you view our brands via social media platforms (such as Facebook, Twitter, Instagram, YouTube and LinkedIn, etc.) and/or when you interact with these pages, for example, when you send us messages, when you send us posts, requests or comments or when you write them on our social media pages or when you like or share our posts. The data categories of personal data that we collect about you through the intermediary of our social media sites include, notably, the content of your posts, comments, requests and messages, etc., as well as your publicly-accessible profile data (your name and profile photo for instance). Data that is publicly accessible via your profile depends on your profile settings. You can personalise these yourself in your settings on your social media platform. The social media platform concerned is solely responsible for processing your personal data on said platform. You will find information on how the social media platform operator processes your personal data as well as the settings possibilities for your profile and your advertising preferences on that social media platform.
Purposes for processing data and legal standing
We use the personal data we collect (via our online shop among others), firstly for entering into and executing contracts with our customers and sales partners, particularly in the context of the sale of our products and services from our suppliers and sub-contractors, as well as to fulfil our legal obligations in Switzerland and abroad. If you work for such a customer or sales partner, you may be affected as such from the personal data point of view.
Furthermore, we also process personal data about you and about others, insofar as this is authorised and that we deem it appropriate, for the following purposes, in which we (and sometimes third parties) have a legitimate interest:
- Proposing and developing our offers, services and websites, apps and other platforms on which we are present
- Communicating with customers and third parties and processing their requests
- Reviewing and optimising needs analysis procedures with a view to adopting a direct customer approach, as well as collecting personal data from publicly available sources with a view to acquiring new customers
- Carrying out advertising and marketing activities (including organising events, writing newsletters and sending product recommendations or additional information on purchased and recommended products based on order history and purchases), insofar as you have not objected to the use of your data. If, as an existing customer, you receive adverts from us, you may cancel them at any time. To cancel your subscription to the newsletter, you simply need to click on the unsubscribe link on the newsletter.
- Communicating with our subscribers and leads, as well as carrying out advertising and marketing activities on social media platforms
- Conducting market surveys and opinion polls, and media monitoring
- Enforcing legal rights and defending ourselves in legal disputes and administrative proceedings
- Guaranteeing our activity, particularly our IT systems, our websites, our apps and other platforms
- Providing video surveillance to protect domiciliary rights and other measures for IT, building and plant security and the protection of our employees and other persons, as well as assets belonging or entrusted to us (such as access controls, visitor lists, network and mail scanners and recording telephone conversations)
If you have given us permission to process your personal data for specific purposes (for example, when you sign up to receive newsletters or to open a customer account), we will process your data for these purposes and based on this consent, unless we have and need another legal basis. You may, at any time, revoke consent you have already given, although this will not have a retroactive effect on data processing already carried out. The processing will then enable us to perform our services, to implement contractual measures, and to respond to requests. Furthermore, the processing may be based on our legitimate interests or on legal obligations.
Cookies/Tracking and other technology related to the use of our website
We use “cookies” and similar techniques on our websites, enabling us to identify your browser and device. A cookie is a small file sent to your computer or automatically saved on your computer or mobile device by the web browser you use when you visit our websites. This enables us to recognise you when you next visit these websites, even if we don’t know who you are. As well as the cookies which are only used during a session and which are then deleted as soon as you leave the website (“session cookies”), other cookies may also be used to save user preferences and other information for a certain period of time (“permanent cookies”). However, you may configure your browser so that it refuses cookies, only saves them for the duration or a session or deletes them prematurely. Most browsers’ default settings accept cookies. We use permanent cookies that save your user settings (for example, language, automatic login) to enable us to better understand the way in which you use our offers and content, so as to suggest personalised offers and adverts to you. This may also be the case on websites of other companies, but these companies will not find out who you are from us, even if we know ourselves, because they will only see that the user currently on their website is the same user who consulted a specific page on one of our websites. Some cookies are placed by us, others by our contractual partners with whom we work. If you block cookies, some features (such as language choice, purchase cart or ordering process) may no longer be active.
In our newsletters and other marketing emails, we include in part and insofar as it is permitted, visible and invisible visual elements, which, when retrieved by our servers, enable us to find out whether and when you opened an email. Once again, this is so we can assess and better understand how you use our offers and how we can tailor them to suit you. You can block these elements in your email programme; most of them are pre-programmed in such a way that you can do this.
We sometimes use the following services on our websites: Google Tag Manager, Google Analytics and Google Ads, LinkedIn Analytics and LinkedIn Ads, Hotjar, Facebook pixel or other, similar services.
Below you will find a list of the geographic areas in which the service providers currently used are located. These services enable us to measure and assess the usage of our websites, and the efficacy of online adverts. Such measures and assessments are not of a personal kind. To do this, the service provider also uses permanent cookies. The service provider does not receive personal data from us (and does not save IP addresses either), but they may follow your use of the website, combine this information with data coming from other websites that you have visited and that are also tracked by the service provider, and use this information for their own ends (such as publicity management). Insofar as you are registered with the service provider, you are also known to the service provider. The service provider is thus responsible for their processing of your personal data, in accordance with their own data protection measures. The service provider only informs us of the way in which our website in question is used (no information concerning you personally).
Google Analytics
Google LLC (head offices: the United States)
Aim: the statistical analysis of user behaviour, user-oriented content design and web offer presentation.
For more information: https://policies.google.com/privacy
You can switch off Google Analytics by downloading and installing a browser plug-in via the following link: https://tools.google.com/dlpage/gaoptout.
Google Ads
Google LLC (head offices: the United States)
Aim: to measure the efficacy of online publicity (Google Ads) / to protect against bots and spam (Google reCAPTCHA)
For more information: https://policies.google.com/privacy
You can object to interest-based advertising from Google Ads by going to the appropriate settings: https://adssettings.google.de/anonymous?hl=en
LinkedIn Analytics and LinkedIn Ads
LinkedIn Corporation (head offices: the United States)
Aim: online marketing processes to place personalised ads on LinkedIn.
For more information: https://www.linkedin.com/legal/privacy-policy
When you are connected to LinkedIn, you can switch off data collection at any time by clicking on the following link: https://www.linkedin.com/psettings/enhanced-advertising.
Hotjar
Hotjar Ltd. (head offices: Europe)
Aim: to improve the simplicity of use of websites.
For more information: https://www.hotjar.com/privacy
If you click on the following link, a cookie will be installed on your browser preventing Hotjar from tracking you: https://www.hotjar.com/opt-out.
Facebook Pixel
Facebook / Meta. (head offices: the United States)
Aim: to measure advertising efficacy.
For more information: https://de-de.facebook.com/business/help/742478679120153?id=1205376682832142
LinkedIn Corporation
(head offices: the United States)
Aim: to gather information on website users.
For more information: https://www.linkedin.com/help/lms/answer/a427661/linkedin-insight-tag-haufig-gestellte-fragen?lang=en
On our websites, we also use plug-ins from social media such as Facebook, YouTube, LinkedIn and Instagram. In this case, you can see them (usually via their icons). We have configured these elements in such a way that they are deactivated by default. If you activate them (by clicking on them), the operators of the respective social media networks can record that you are visiting our websites, and where, and use this information for their own purposes. The operator is thus responsible for their processing of your personal data, in accordance with their own data protection measures. We will receive no information about you from them.
Transmission and transfer of data abroad
As part of our commercial activities and our goals (see the “Purposes for processing data and legal standing” clause), we will also communicate your personal data to third parties, insofar as this is authorised and seems appropriate to us, either because they are working on our behalf, or because they want to use the data for their own purposes. This mainly concerns the following entities:
- Service providers and their sub-contractors (within HUG AG and externally, such as transport companies, banks and other payment service providers, as well as suppliers of IT services)
- Distributors, suppliers, sub-contractors and other commercial partners
- Customers
- The authorities, administrative services or national or foreign courts of law
- The media
- The public, including visitors to websites and social media
- Other parties involved in potential or actual legal proceedings
- Other HUG Family companies (abiding by this data protection declaration, these companies may use the data for the same purposes as us)
All these categories of recipients may, in turn, call on the services of third parties, meaning that these third parties may also be given access to your data.
These recipients may be in Switzerland or abroad. You should really assume that your data will be transferred to all countries in which HUG AG service providers (Microsoft, Google, SAP and Meta, for example) are located. If we transfer data to a country without adequate legal data protection, we make sure there is adequate protection, as required by law, through carefully drawn-up contracts (specifically based on the standard contractual clauses of the European Commission) or binding corporate rules or we rely on statutory exceptions (such as consent).
Many countries outside of Switzerland or the European Union (EU)/European Economic Area (EEA) do not currently have laws ensuring an adequate level of data protection from a privacy perspective. The aforementioned contractual provisions go some way to compensating for this weakness or lack of legal protection. That said, the contractual provisions do not remove all risks (particularly in terms of access to data by foreign States). You should be aware of these residual risks. Although low from an individual point of view, we take other measures, such as anonymisation and pseudonymisation, to limit them as far as possible.
Please note too that data exchanged over the Internet is often transferred by third parties. Your data may also be transferred abroad, even if the sender and the receiver are in the same country.
Length of conservation of personal data
We process and store your personal data for as long as it is necessary for us to carry out our contractual and legal obligations or for other processing purposes, for example, for the duration of the business relationship (from the beginning to the end of a contract through the period covered by its execution), as well as after that, in accordance with statuary conservation and documentation obligations. As soon as your personal data is no longer necessary for this, it will usually be deleted or anonymised as far as possible.
Data security
We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse. These security measures include, for example, IT security and network protection solutions, data carrier and transfer encryption, access controls and restrictions, as well as rolling out guidelines. We check our security measures regularly and update them when new techniques become available. We also require our sub-contractors to take adequate security measures. However, in general, it is impossible to completely eradicate security risks and residual risks are inevitable.
Rights of the person concerned
Under data protection legislation that applies to you, and insofar as such legislation provides for this, you have the right to obtain information about how data is processed and to correct, delete, limit the processing of, object to the processing of, and request the return of certain personal data for transfer to another entity (a process referred to as data portability). Please note, however, that we reserve the right to claim legal restrictions on our side, for example if we are obliged to store or process certain data, if we have an overriding interest in doing so (insofar as we can invoke it) or if we need to exercise any legal rights. If you are liable for any costs, we will notify you beforehand. We have already informed you of the possibility of revoking your consent in the clause “Purposes for processing data and legal standing”. Exercising such rights supposes in a general manner that you can prove your identity clearly (via a photocopy of your I. D. should your identity be unclear or cannot be checked for example). To exercise your rights, you can contact us at the address provided under “Responsibility and contact”.
Furthermore, all persons concerned have the right to exercise their legal rights or file a complaint with the competent data protection authority.
Changes
We may need to amend this data protection declaration at any time and without warning. The applicable version is the one currently published on our website.