Data privacy

1. Name and Address of the Controller / Data Protection Officer

The responsible entity for Switzerland is: Alpinum Solutions AG
Sebastian Rümmelein
Othmarstrasse 8
8008 Zurich
Switzerland
Email: privacy@alpinumsolutions.com

The responsible entity for Liechtenstein is: Alpinum Solutions AG
Sebastian Rümmelein
Vaduz
Liechtenstein
Email: privacy@alpinumsolutions.com

(together: «Alpinum Solutions» / «Alpinum Solutions Group» / «Group» / «Controller»)

2. Data Transfer Within the Alpinum Solutions Group

Your personal data will only be shared within our company with relevant departments and employees to fulfill contractual obligations or safeguard our legitimate interests. Occasionally, external service providers may process your data on behalf of our company, with contracts for data processing in place to ensure compliance with data protection regulations. Recipients may include tax advisors, lawyers, IT service providers, social media platforms, external company doctors, auditors, banks, and others necessary for contract establishment or fulfillment.

To provide you with optimal service, we share your personal information within the Alpinum Solutions Group, provided it aligns with the purposes outlined in the privacy policies (following the need-to-know principle) and you have not objected to the sharing within the group.

3. Data Transfer Outside the Group

Your data will only be disclosed to third parties outside our company under specific conditions. This occurs either due to legal requirements, for contract fulfillment, upon your explicit request, with your consent, or when we are authorized to share the data. In these cases, your data may be transmitted to the following recipients:

  • Hoststar – Multimedia Networks AG, Kirchgasse 30, 3312 Fraubrunnen, Switzerland
  • Bexio AG, Alte Jonastrasse 24, 8640 Rapperswil, Switzerland
  • Clockodo GmbH, Viktoriastraße 25, 59425 Unna, Germany
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
  • Hubspot, 25 First Street, Cambridge, MA 02141 USA
  • Individuals interested in filling open positions
  • Government agencies, where there is a legal obligation

4. Website and Social Media

If Alpinum Solutions processes your applicant data through social media, there is a possibility that this data may be transferred to another country. Such transfers are based on your consent and occasionally on standard contractual clauses pursuant to Article 46(2)(c) of the GDPR / Article 6 of the GDPR. When data is transferred to another country without adequate protection and appropriate guarantees, we must inform you of the associated increased data protection risks in accordance with Article 49(1)(a) of the GDPR / Article 6 of the GDPR (see Section 2.4). However, we want to emphasize that through careful selection and continuous review of our contract partners, we ensure that potential risks are effectively minimized.

In such cases, recipients may include operators of social media platforms such as:

  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Meta Platform Inc., 1 Hacker Way, Menlo Park, CA 94025, USA
  • LinkedIn Inc, 1000 W Maude, Sunnyvale, CA 94085, USA

5. General Information on Data Processing

5.1. Scope of Personal Data Processing

The data controller generally collects and uses the personal data of its users, who are occasionally also referred to as «data subjects,» «individuals,» or «visitors,» only to the extent necessary for providing a functioning website and presenting content and services. The collection and processing of personal data for other purposes usually occurs only with the users› consent. However, there may be exceptions in cases where obtaining prior consent is not practical for practical reasons, processing is necessary for pre-contractual or contractual measures, data processing is legally permissible, and/or the data controller has a legitimate interest in the data processing.

5.2. Legal Basis for the Processing of Personal Data

Where the data controller obtains the consent of the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. For any transfer to a non-secure third country, the processing is based on Article 49(1)(a) of the GDPR. In the case of processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the execution of pre-contractual measures. Where the processing of personal data is necessary to fulfill a legal obligation to which the data controller is subject, Article 6(1)(c) of the GDPR serves as the legal basis. In the event that the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis. If the processing is necessary to safeguard the legitimate interests of the data controller or a third party, and the interests or fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Article 6(1)(f) of the GDPR serves as the legal basis for the processing.

5.3. Data Deletion and Duration of Storage

Personal data of the data subject is deleted or blocked as soon as the purpose of storage no longer applies, or if the data subject revokes their consent or objects to the processing.

In general, we retain employee data for the duration required for the proper handling of the employment relationship, which typically extends for the entire period of your employment with us.

To assert and settle mutual claims arising from the employment relationship, data may be retained either until the end of a contractually agreed retention period or until the statute of limitations period (usually five years after the end of the year in which the claim arose and the claim became known). The earlier date is always decisive.

If your application does not result in an employment relationship and you have not given your consent to be included in the applicant pool, we will delete your data no later than six months after we send you a rejection. If you have consented to be included in the applicant pool, we will retain your data for a maximum of 36 months after our last contact (phone, email, in-person meeting, etc.).

Storage may also occur if it is required by the European or national legislator in Union regulations, laws, or other provisions to which the data controller is subject. Data will be blocked or deleted when a storage period required by the aforementioned standards expires unless there is a need for further storage of the data for contract conclusion or fulfillment.

When we process your personal data, you, as the data subject, have the following rights concerning us as the data controller:

1. Right to Information, Art. 15 GDPR

You have the right, in accordance with applicable legal provisions, to request (free of charge) information about your collected and stored personal data at any time. This includes information about their processing purposes, origin, recipients, storage duration, and the existence of various rights.

2. Right to Rectification, Art. 16 GDPR

You have the right to request correction and/or completion of your data from the data controller if the processed personal data concerning you is inaccurate or incomplete. The data controller must make the correction and/or completion without delay.

3. Right to Erasure, Art. 17 GDPR

You can request the deletion of your personal data at any time under the conditions of Art. 17 GDPR unless there are exceptions or circumstances that authorize the data controller to continue processing your personal data (such as legal retention obligations).

4. Right to Restriction of Processing, Art. 18 GDPR

Within the requirements of Art. 18 GDPR, you have the right to request a restriction of the processing of your data. The prerequisite is that one of the facts mentioned in Art. 18(1) GDPR applies.

5. Right to Notification, Art. 19 GDPR

If you have exercised your right to correction, deletion, or restriction of processing to the data controller, the data controller is obliged to inform all recipients to whom your personal data has been disclosed about this correction, deletion of data, or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients from the data controller.

6. Right to Data Portability, Art. 20 GDPR

If the processing is based on your consent or a contract and is carried out by automated means, you have the right under Art. 20 GDPR to receive the data you have provided in a commonly used and machine-readable format, as long as this does not adversely affect the rights and freedoms of others. If you request direct transmission of the data to another data controller, this will only be done if it is technically feasible.

7. Right to Object, Art. 21 GDPR

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data, based on Article 6(1)(e) or (f) of the GDPR, including profiling based on these provisions. The data controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims (objection under Art. 21(1) GDPR). If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling to the extent it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes (objection under Art. 21(2) GDPR). You have the option to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, using automated procedures involving technical specifications.

8. Automated Individual Decision-Making, Art. 22 GDPR

According to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effects concerning you or similarly significantly affects you. This does not apply if the decision (1) is necessary for the conclusion or performance of a contract between you and the data controller, (2) is authorized by Union or Member State law to which the controller is subject and that law contains suitable measures to safeguard your rights, freedoms, and legitimate interests, or (3) is made with your explicit consent. However, these decisions may not be based on special categories of personal data under Art. 9(1) GDPR unless Art. 9(2)(a) or (g) applies and suitable measures are in place to safeguard your rights, freedoms, and legitimate interests. In cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

9. Right to Withdraw Consent, Art. 7(3) GDPR

You have the right to withdraw your data protection consent declaration at any time. The legality of the data processing carried out before the withdrawal will not be affected by the withdrawal. You can communicate your withdrawal of consent to the data controller via email or postal mail.

10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as data subjects, this website uses SSL/TLS encryption. An encrypted connection can be recognized by the fact that the browser’s address line changes from «http://» to «https://» and by the lock symbol in your browser’s address bar. When SSL/TLS encryption is active, the data you transmit to us cannot be read by third parties.

1. Description and Scope of Data Processing

This website is hosted by an external service provider (referred to as a hoster). The personal data collected on this website is stored on the hoster’s servers. This may include, in particular, IP addresses, contact inquiries, meta and communication data, contract data, contact information, names, page views, and other data generated through a website.

2. Legal Basis for Data Processing

The legal basis for data processing is Article 6(1)(f) of the GDPR for the provision of the website.

3. Purpose of Data Processing

The use of the hoster is for the purpose of secure, fast, and efficient provision of our online offering as well as the reliable display and provision of our website by a professional provider. Our legitimate interest lies in these purposes.

4. Duration of Storage, Objection, and Removal Options

The data is deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collected for the provision of the website, this is the case when the respective session is ended. The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Therefore, there is no possibility of objection on the part of the user.

1. Description and Scope of Data Processing

With each visit to our website, our system automatically collects data and information from the system of the accessing end device.

The following data is collected in this process:

The data is also stored in the log files of our system. Storage of this data together with other personal data of the user does not occur.

2. Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the GDPR.

3. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. The data also helps us optimize the website and ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context. These purposes constitute our legitimate interest in data processing pursuant to Article 6(1)(f) of the GDPR.

4. Duration of Storage, Objection, and Removal Options

The data is deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collected for the provision of the website, this is the case when the respective session is ended. In the case of storing data in log files, this occurs after a maximum of eight weeks. Extended storage is possible. In this case, the users› IP addresses are deleted or anonymized so that an assignment of the requesting device is no longer possible. The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Therefore, there is no option for users to object.

1. Description and Scope of Data Processing

On our website and in our email signatures, email addresses and phone numbers are provided, allowing for electronic and/or telephone contact. In this case, the personal data of the data subject transmitted via email will be stored. In the case of telephone contact, personal data may also be stored for the purpose of processing your request. In this context, there is no disclosure of data to third parties. The data is used solely for the purpose of contact and conducting the conversation.

2. Legal Basis for Data Processing

The legal basis for processing data transmitted in the course of sending an email or during a phone call is Article 6(1)(f) of the GDPR. If the contact is aimed at concluding a contract, an additional legal basis for processing is Article 6(1)(b) of the GDPR.

3. Purpose of Data Processing

The processing of personal data serves solely for the purpose of handling the contact. This constitutes the necessary legitimate interest in processing the data.

4. Duration of Storage, Objection, and Removal Options

The data is deleted as soon as it is no longer necessary for the purpose of its collection. For personal data sent via email or transmitted by phone, this is the case when the respective conversation with the data subject has ended. A conversation is considered ended when it can be inferred from the circumstances that the matter at hand has been conclusively resolved. If contact leads to the conclusion of a contract, the corresponding (legal) retention obligations and regulations apply. If a data subject contacts us via email or telephone, they have the right to object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data that was stored in the course of the contact will be deleted.

1. Description and Scope of Data Processing

On our website, contact addresses for contacting us through the messenger service WhatsApp and the messenger service Telegram are provided, allowing you to get in touch with us directly. The use of a messenger service to contact us is voluntary for the user. Please be aware that each user uses the aforementioned messenger services and their functions at their own responsibility. The processing of personal data that takes place in the course of contact through the messenger service is generally subject to the data protection regulations of the respective service. In this case, the personal data of the data subject transmitted with the message will be stored. As users of the messenger services, we have no interest in the collection and further processing of your personal data for analysis or marketing purposes. There is no disclosure of data to third parties in this context. The data is used exclusively for contact purposes and conducting the conversation. WhatsApp is a service provided by WhatsApp Inc. / Meta Platforms Inc., headquartered in the United States. When you use WhatsApp, the transmission of your personal data to the non-secure third country of the USA is not excluded. The transmission and further processing of user personal data in third countries, such as the USA, and the associated potential risks for users cannot be ruled out by us. In the USA, there is no level of data protection comparable to the requirements of the GDPR. Effective enforcement of your rights is likely not possible. Furthermore, it is possible that government authorities may access the provided personal data without our or your knowledge. For more information, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/privacy-policy-eeaTelegram is a service of Telegram UK Holdings Ltd., headquartered in London, UK, and was developed in Russia. For more information, please refer to Telegram’s privacy policy: https://telegram.org/privacy

2. Legal Basis for Data Processing

The registration with the messenger services is based on our legitimate interests in providing up-to-date and supportive information and interaction for and with our users and visitors under Article 6(1)(f) of the GDPR. The legal basis for processing data to address a user’s request is Article 6(1)(f) of the GDPR. If the contact aims at the conclusion of a contract, the legal basis for processing is Article 6(1)(b) of the GDPR.

3. Purpose of Data Processing

The internal processing of personal data received from the contact options of the social media platforms is solely intended for addressing the contact.

4. Duration of Storage

The data is deleted as soon as it is no longer required for the purpose of its collection. For personal data from the input mask of the contact form, this is the case when the respective conversation with the user is terminated. A conversation is considered ended when it can be inferred from the circumstances that the matter at hand has been conclusively resolved.

5. Objection and Removal Options

If a user’s personal data is processed internally to address the request, they can object to the storage of their personal data with manus Zeitarbeit Frankfurt GmbH at any time. In such a case, the conversation cannot be continued. All personal data that has been internally stored in the course of contact will be deleted.

1. Description and Scope of Data Processing

On our website, we provide you with a contact form that you can use to get in touch with us or to apply for a job. The following data is mandatory within the form: name and your message (as well as any other personal data you transmit to us through the message field). Additionally, you may voluntarily provide your phone number and email address. You also have the option to upload various files via a document upload. This allows you to send us your resume, certificates, or other documents. We collect the data from the documents you transmit through the document upload.

If you use the contact form for a job application: The data controller collects and processes the personal data of job applicants for the purpose of processing the job application process. Processing may also take place electronically. This is particularly the case when an applicant sends the respective application documents electronically, for example, via email or through the contact form. If you use the document upload for a job application, the following personal application data may be collected and processed in the context of your application: Your personal data is generally collected directly from you as part of the hiring process, particularly from your application documents, the job interview, and the personnel questionnaire.

If you have consented to being included in our job applicant pool, we will store your data for a maximum of 36 months after our last contact (telephone, email, personal meeting, etc.).

2. Legal Basis for Data Processing

The legal basis for processing data transmitted through the contact form is Article 6(1)(f) of the GDPR. If the contact aims to conclude a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. The legal basis for processing data of job applicants is Article 6(1)(b) of the GDPR in conjunction with Section 26(1) of the German Federal Data Protection Act (BDSG) to establish an employment relationship. Storage in our job applicant pool is based on Article 6(1)(a) of the GDPR (your consent).

If you use the contact form for a job application: The legal basis for processing all other personal data processed during the submission process is Article 6(1)(f) of the GDPR.

3. Purpose of Data Processing

The processing of personal data from the input form is solely for the purpose of handling the contact. The other personal data processed during the submission process is used to prevent misuse of the contact form and ensure the security of our information technology systems. These purposes also constitute our legitimate interests. If you use the contact form for a job application: The collection and processing of your personal application data is exclusively purpose-bound for filling positions within our company. Primarily, the data processing serves the establishment of an employment relationship with the data controller. Your data is generally forwarded to the responsible positions and departments within our company for the specific application process. Furthermore, data may be transmitted to potential client companies. Your personal application data will not be disclosed to third parties without your prior, explicit consent.

4. Duration of Storage, Objection, and Removal Options

The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. For personal data from the input form of the contact form, this is the case when the respective conversation with the user has ended. A conversation is considered to have ended when it can be inferred from the circumstances that the matter has been conclusively clarified. The additional personal data collected during the submission process will be deleted no later than six months. If a user contacts us via the form, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contact will be deleted in this case.

If you use the contact form for a job application: In the event of hiring, we transfer your application documents to your personnel file. After the termination of the employment relationship, personal data is further stored for the duration required by law. This is regularly determined by legal obligations to provide evidence and retention, which are regulated, among other things, in the Commercial Code and the Tax Code. The storage periods are therefore up to ten years. It is also possible that personal data may be stored for the period during which claims may be asserted against us (statutory limitation period of three or up to thirty years).

In case of rejection, your application documents will be deleted no later than six months after the conclusion of the application process unless you have given us your consent for extended retention (job applicant pool). You have the right to revoke your data protection consent to be included in our job applicant pool at any time. Revoking your consent will not affect the legality of the processing carried out based on the consent given before the revocation. You can revoke the consents given by you at any time via the contact details provided in the legal notice.