Privacy policy of HOGALOG AG

Legally, the German version of this privacy policy applies.

A. Responsible

Responsible for the processing of personal data and therefore the responsible person according to this privacy policy is HOGALOG AG, Archstrasse 7, 8400 Winterthur, Switzerland. The person responsible for data protection at our company can be reached by e-mail at [email protected], by telephone at DE: 043 500 40 65 / FR: 021 968 10 30 / IT: 091 600 01 41 and by mail at HOGALOG AG, Data Protection Officer, Archstrasse 7, 8400 Winterthur.

B. Personal data and terminology

Personal data is information relating to a specific or identifiable (i.e. identified or identifiable) natural person such as name, address, telephone number, email address, date of birth, etc. (“Personal Data”).

Any handling of Personal Data, regardless of the means and procedures used, in particular the collection, acquisition, storage, use, processing, disclosure, archiving or deletion of data, is considered processing (“processing” or “processed”).

Data subject is any natural person about whom Personal Data is processed, e.g. employees of your company (“data subject”).

The person responsible is any private person or federal body that, alone or together with others, decides on the purpose and means of processing (“Person Responsible”).

Order processor is a natural or legal person, authority, institution or other body that processes Personal Data on behalf of the Person Responsible (“order processor”).

C. Obtaining personal data

You or the data subject provide us with some of the Personal Data yourself by making it available to us, using our services or contacting us by e-mail or telephone. We also process Personal Data that we receive from applicants for job postings. We may also collect Personal Data ourselves, for example if you or the company for which you work use our B2B platforms such as HOGASHOP or generally make use of our services. Likewise, we may obtain Personal Data from publicly accessible sources (e.g. commercial register, Internet, media, social media).

The Personal Data we collect includes, for example, surname, first name, contact details, date of birth or professional function and other information that you provide to us. When using our B2B platforms (e.g. HOGASHOP), we receive and collect in particular last name, first name, employer and e-mail address, as well as what is ordered. What other data we collect when you use our websites is described in section F.

If you have given us permission to process your Personal Data for specific purposes (for example, when you register to receive newsletters), we will process your Personal Data within the scope set and based on this permission. We may also base the processing of Personal Data on other legal grounds where necessary. These include the fulfillment of a contract, implementation of pre-contractual measures or the protection of other legitimate interests (cf. section D).

If you are acting on behalf of a third party or your employees, or otherwise providing us with information about a third party, you represent that you are an authorized representative or agent of that third party and/or that you have obtained all necessary consents from that third party to the collection, processing, use and disclosure of their Personal Data to us or by us in accordance with the terms of this Privacy Policy.

D. Purpose processing

We use Personal Data in particular to fulfill the purposes of our organization, to fulfill our services and to initiate and process agreements with our customers and business partners. This includes in particular our brokerage activities with our B2B platforms as well as our other services such as order processing and customer service.

In addition, we also process Personal Data about you and other individuals, to the extent permitted and as we deem appropriate, for the following purposes:

  • Provision, troubleshooting, quality assurance, and improvement of our offerings, services, B2B platforms, websites, and apps;
  • Personalization to recommend features, goods and services;
  • Advertising and marketing (including implementation of events);
  • Use of the order archive for statistical, accounting or technical purposes;
  • Communicating with third parties and handling their inquiries (e.g., job applications, media inquiries);
  • Customer acquisition;
  • Assertion of legal claims and defense in connection with legal disputes and official proceedings;
  • Prevention and investigation of crime and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);
  • Ensuring our operations, especially information technology, of our B2B platforms, websites and apps;
  • Purchase and sale of business units, companies or parts of companies and other transactions under company law and related transfer of Personal Data;
  • Fulfillment of legal obligations.

E. Data transmission

The data of persons of the ordering party (in particular first name, last name and e-mail address) who place orders on our B2B platforms as well as the details of the orders are recorded in our order archive and passed on to the corresponding suppliers. The suppliers may use the order data transmitted to them for the processing of the purchase contracts mediated via the B2B platforms and statistically evaluate them for an unlimited period of time. Further or supplementary agreements are to be made with the respective supplier.

In addition, within the scope of our business activities and the purposes mentioned, we also disclose Personal Data to third parties, insofar as this is permissible and appears to us to be appropriate, either because they process data for us or because they use the data for their own purposes. This concerns in particular the following entities:

  • Service providers of us, including contract processors (such as newsletter, cloud or information technology providers);
  • Suppliers and their service providers as well as recipients/senders of orders for order processing;
  • Website and social media visitors (e.g., testimonials or posts);
  • other parties in potential or actual legal proceedings;
  • Other companies of the HOGALOG Group.

In this context, your Personal Data may be stored in Switzerland as well as in other countries in Europe and the United States where the service providers we use are located (such as Microsoft). If Personal Data is processed outside of Switzerland or the European Economic Area, we will take the steps required by applicable data protection law to ensure that your Personal Data is treated as securely and safely as it would be in Switzerland or within the European Economic Area.

F. Data processing through use of the website and B2B platforms

  1. Information collected in general

During your visit to our websites and B2B platforms, general information is automatically collected (e.g. date of your visit, time zone, type of web browser and its settings, version and language, your IP address, MAC address of the end device (e.g. computer or cell phone), the operating system used, content retrieved and the domain name of your internet service provider). We use this data for marketing and administrative purposes, to ensure the functionality of the websites and B2B platforms and other legitimate interests already mentioned. This data is then required to correctly provide and optimize the content of the websites and B2B platforms, to ensure the long-term functionality of our information technology systems and the websites and B2B platforms, and to provide law enforcement authorities with the information they need to prosecute in the event of a cyber attack.

  1. SSL encryption

On our websites and B2B platforms we use SSL encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http:// to “https://.

  1. Server-Log-Files

The providers of our websites and B2B platforms automatically collect and store information in so-called “server log files”, which your browser automatically transmits to us. In particular, the information listed at the beginning of section F is transmitted in particular the generally recorded information.

  1. Additional data processing on our B2B platforms

On our B2B platforms, you or your employer or representative can create a personal user account. Changes to the personal user account – for example, the creation of order lists, the addition of products to the shopping cart, the editing of your own master data – are stored in a log in a personalized manner. Orders are stored in an order archive. The order data can be retrieved and evaluated by the selected supplier. The Personal Data of the users as well as the data of the user log are used for customer support.

Barcodes can be captured with the camera in the mobile applications of the B2B platforms. This requires access to the camera of the devices. The camera data is used exclusively for capturing the barcodes. Optionally, our applications can also be used for inventory recording by the user. In this case, the user actively records their own product inventory. The data is stored in the HOGALOG AG database. Inventory data stored by the user will not be evaluated by us. A transfer to partners of HOGALOG AG takes place at the request of the user.

  1. Use of cookies

5.1 Definition

Cookies are small files that are stored on your terminal device when you use our websites and B2B platforms.

5.2 Essential and non-essential cookies

Essential cookies are files that are sent to the browser on your computer’s hard drive to ensure the functionality of our websites and B2B Platforms and to provide you with certain features. They do not require the consent of the users of the websites and B2B platforms.

We use non-essential cookies to collect information about visits to the Websites and B2B Platforms. In addition, we use non-essential cookies to improve the user-friendliness of the websites and B2B platforms, for example, to ensure shopping cart functionality, to adapt our offer to customer preferences and to make your browsing on the websites and B2B platforms as comfortable as possible. We also use cookies to optimize our advertising. Non-essential cookies require the consent of the users of the websites and B2B platforms.

5.3 Session cookies and permanent cookies

So-called “session cookies” are automatically deleted after the end of your visit. For example, we may use session cookies to store your shopping cart, online forms you have already filled out, or language settings across different pages of an Internet session. In addition, we also use permanent cookies. These remain stored on your terminal device after the end of the browser session until you delete them. During a further visit to our websites and B2B platforms, it is then automatically recognized which inputs and settings you prefer. Depending on the type of cookie, these cookies remain stored on your end device for between one month and ten years and are automatically deactivated after the programmed time has expired. They are used to make our websites and B2B platforms more user-friendly, effective and secure. Thanks to these cookies, you will, for example, receive information on a  page that is specifically tailored to your interests.

5.4 Activation, deactivation and deletion of cookies

With all web browsers, it is possible to activate, deactivate or delete the use of cookies by configuring the settings or options of the browser accordingly. If cookies are completely or partially disabled or deleted, not all functions of the websites and our B2B platforms may be available.

5.5 Cookies and personal data

As a rule, the cookies we use do not store any Personal Data. However, Personal Data that we or third-party providers commissioned by us store from you (e.g. if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.

  1. Web-Analytics services and integration of Google services

We use analytics services from Posthog on our websites and B2B platforms. The data collected in the process remains on our systems.

On our websites and B2B platforms, we also use the following Google services: Google Fonts, Google Maps and Google Analytics. The Google company in question is based in Ireland. Google Ireland relies on Google LLC (based in the USA) as an order processor (both “Google”). Although we can assume that the data Google retrieves and stores when you use our websites or B2B platforms is not Personal Data, it is possible that Google can draw conclusions about the identity of visitors from this data in conjunction with data collected by Google itself for its own purposes and link this data to the Google accounts of these individuals. Insofar as you have registered with Google yourself, Google may also be able to recognize you. The processing of your Personal Data by Google then takes place under its responsibility in accordance with its data protection provisions.

When using Google Analytics, we can measure and evaluate the use of the websites and B2B platforms (non-personal). For this purpose, permanent cookies are used, which Google itself sets. For Google Analytics, we have configured the service so that the IP addresses of visitors are shortened by Google in Europe before any forwarding to the USA and thus cannot be traced. We have turned off the “Data Forwarding” and “Signals” settings. Google only tells us how our respective website is used (no information about you personally).

For further information on data protection (in particular on the scope, nature and purpose of data processing), please refer to the relevant privacy policy of the providers.

  1. Links to other websites

Our websites and B2B platforms contain links to other websites. We have no influence on whether their operators comply with the applicable data protection provisions. We exclude any responsibility or liability for the third-party websites accessible via these links.

  1. Social media plugins and presence

8.1 Plugins

Our websites and B2B platforms contain numerous social media plugins from social networks such as LinkedIn, Facebook or YouTube. These are usually embedded as graphic files in the websites and B2B platforms. We have configured these elements so that they are disabled by default. If you activate them (by clicking on them), the operators of the respective social networks can register that you are on our websites or B2B platforms and where and can use this information for their purposes. The processing of your Personal Data is then the responsibility of this operator in accordance with its data protection provisions. We do not receive any information about you from them.

For further information on data protection (in particular on the scope, type and purpose of data processing), please refer to the data protection statements of the individual social media providers. There you will also find further information on your rights and settings options for protecting your privacy.

By logging out of the pages of your social networks beforehand and deleting cookies that have been set (see section 5.4 above), you can avoid that the third-party providers collect information about you during your visit.

8.2 Präsenz

We may operate an online presence on social networks and other platforms operated by third parties. In doing so, we receive data from you and the platforms when you come into contact with us via our online presence (e.g., when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms (e.g., about your behavior and preferences). They also process this data for their own purposes under their own responsibility, in particular for marketing purposes and to control their platforms (e.g. which content they show you).

Content published by you (e.g. comments) may be redistributed by us (e.g. in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or to you in accordance with the usage guidelines (e.g. inappropriate comments).

For further information on the processing of the platform operators, please refer to the data protection notices of the platforms. There you can also find out in which countries they process your data, which rights of access, deletion and other data subjects you have and how you can exercise these or obtain further information. We currently use the following platforms: LinkedIn, Facebook, YouTube.

G. Duration of storage

Unless an explicit retention period is specified at the time of collection or in this privacy policy, we process and store Personal Data until it is no longer required to fulfill the purpose, unless legal retention obligations (e.g. commercial and tax retention obligations) prevent deletion. In this context, it is possible that Personal Data may also be retained for the time during which claims can be asserted and insofar as we are otherwise legally obligated to do so or legitimate business interests require this (e.g. for evidence and documentation purposes).

H. Rights of the data subject

Consent given can be revoked at any time, but this has no effect on data processing that has already taken place. In addition, you have – depending on the circumstances and the applicable data protection law – in particular the right to information, correction, deletion or restriction of the processing of Personal Data, the right to object to the processing and to portability (data portability). Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as the premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated. We are also entitled to assert the restrictions on your data subject rights provided for by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so or require it for the assertion of claims.

In addition, every data subject has the right to enforce his or her claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Regarding your rights as well as further questions, suggestions and comments on the subject of data protection, please contact the Person Responsible for data protection at the contact details given at the beginning (see section A).

I. Security

We protect Personal Data by appropriate measures against loss, misuse, unauthorized access, disclosure, alteration or destruction. For this purpose, we use appropriate technical and organizational measures. However, we cannot guarantee the absolute security of the data.

Unless otherwise agreed, we accept no liability for breaches of these safety regulations unless they are intentional or due to gross negligence.

J. Final provisions

No consent to the privacy policy is required. The data protection declaration is merely information about the type, scope and purpose of the use of Personal Data. If we have entered into agreements with the company for which you work, which concern the processing of personal data, the regulations there apply in the first instance. Otherwise, we process Personal Data in accordance with this privacy policy.

We reserve the right to change the content of this privacy policy at any time and without notice. The current version published on our websites and B2B platforms shall apply. It is therefore recommended to consult this privacy policy regularly. In addition to this privacy policy, we may also inform you separately about the processing of your data.