MenuMenu

Data Protection Declaration

We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you visit this website, various personal data of yours are processed. Personal data is data with which you can be personally identified. This data protection declaration explains which data we collect. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

1. Data controller

The entity responsible for the data processing is: 
Manres AG
Kantstrasse 14
8044 Zürich
Schweiz

Phone: +41 44 396 22 44
E-Mail: mail[at]manres.com

The EU representative of Manres AG within the meaning of Article 27 GDPR is:

Manres GmbH
Uhlandstrasse 175
10719 Berlin
Germany

Phone: +41 44 396 22 44
E-Mail: mail[at]manres.com

2. Data Protection Officer

You can reach our data protection officer at: datenschutz[at]manres.com

3. Sources and Types of Personal Data

In making our website available, we process only personal data that we need in order to present the offered content, in order to be able to contact you or remain in contact with you in a value-adding manner and to be able to provide you with the requested information or services. In addition, we process the personal data that you voluntarily provide to us, such as when you contact us via our contact form.

The data we process are:

Logfiles

When you access our website, certain personal data is processed automatically in order to enable us to present the content of our website. Your browser automatically transmits "server log files" to us, which contain the following data:

  • IP address (stored anonymously);
  • directory protection users;
  • the date and time of the server request;
  • pages requested;
  • HTTP status code;
  • amount of data;
  • referrer URL;
  • user agent (browser type and browser version);
  • host name requested.

This data is not combined with data from other sources.

Personal master data, e.g.

  • Title
  • Last name, first name
  • Address
  • E-mail
  • Phone number/mobile number
  • Fax number

Further information about you as a person, e.g.

  • Industry
  • Job title
  • Preferred language of communication
  • Social media links, such as your LinkedIn bio or Twitter username

Information about the company where you work, e.g.

  • Company name
  • Company website
  • Number of employees

Data related to the sales process, e.g.

  • Assessment of your role in the customer relationship, e.g. "lead", "opportunity", "subscriber: in"
  • Most recent contact
  • Most recent form submitted by you

Various statistical or analytical data, for example,

  • Number of contacts
  • Data on links in our emails that you click on
  • Data on marketing emails that you open.
  • Date of most recent response to a marketing email
  • Number of marketing emails sent since last interaction
  • Last website from which you were referred to our website
  • Usage data (e.g. web pages visited, interest in content, access times)
  • Meta/communication data (e.g. device information, IP addresses).

Data for managing your record in the system, e.g.

  • Creation date of the record or registration date in our system
  • Confirmation status of your e-mail address
  • Automatically generated contact ID
  • Information on opting out of certain email types
  • Relevant legal basis for data processing

Data from email contact

  • additional contact information not previously mentioned, which you may disclose, for example, in an email signature
  • additional personal data that you transmit during email contact, such as in the text of your message(s)
  • metadata of the email contact (for example, sender, date, recipient, subject)

Depending on the specific case, not all of these personal data or data categories may be processed (e.g. if you are a private individual and no information is available about the company for which you work). If required, we will gladly inform you about which of your personal data we specifically process (see 11. Rights of data subject).

4. Purposes and Legal Basis for Data Processing

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act and/or the Swiss Federal Data Protection Act (abbreviated as "Swiss DPA", effective from 01 September 2023.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations apply to data protection in Germany. This includes in particular the Law on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special provisions on the right to access, the right to erase, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated individual decision-making, including profiling. Furthermore, data protection laws of the individual federal states may apply.

Relevant legal basis according to the Swiss Data Protection Act: If you are located in Switzerland, we process your data based on the Federal Data Protection Act (abbreviated as "Swiss DPA", effective from 01 September 2023). This also applies if our processing of your data otherwise affects you in Switzerland and you are affected by the processing. The Swiss DPA does not generally provide that a legal basis for the processing of personal data must be stated (unlike, for example, the GDPR). We process personal data only when the processing is lawful, is conducted in good faith, and is proportionate (Article 6 (1) and (2) of the Swiss DPA). Furthermore, we only collect personal data for a specific purpose that is recognisable to the person concerned and process it only in a manner that is compatible with these purposes (Article 6 (3) of the Swiss DPA).

Reference to the applicability of the GDPR and the Swiss DPA: These privacy notices serve both to provide information in accordance with the Swiss Federal Act on Data Protection (Swiss DPA) and the General Data Protection Regulation (GDPR).

We process personal data in order to ensure that our website is made available without errors. Other data may be processed for statistical analysis of your user behavior. The legal basis for this processing is our legitimate interest (Article 6(1)f of the GDPR) in being able to offer you a flawlessly functioning website and to optimize our website technically taking into account user behavior.  

Additional processing activities based on our legitimate interest may include:

  • advertising or market and opinion research, unless you object to the use of your data;
  • assertion of legal claims and defense in legal disputes; 
  • ensuring IT security;
  • preventing and investigating criminal acts; 
  • management actions and measures to optimize products and services.

In cases where the processing of your data is required by law, processing takes place based on Article 6(1)c of the GDPR. This may be done e.g. in order to satisfy documentation requirements vis-à-vis tax or other authorities.

We also process your personal data in cases where you consent to such processing (Article 6(1)a of the GDPR). You may revoke such consent at any time; to do so, you need only send us an informal e-mail message. However, the lawfulness of the data processing which takes place prior to the revocation of consent will remain unaffected by such revocation.

Furthermore, we process your personal data for the following purposes:

4.1 Processing and responding to requests (contact form)

The processing of the data entered in the general contact form (at minimum e-mail address, title, first and last name, company name; optionally: phone number, interests) is undertaken based on a weighing of interests in accordance with Article 6(1)f GDPR. Our legitimate interests consist in communicating with you and responding to your enquiry.

The data entered by you in the contact form will remain with us until you request us to delete them or declare your objection or if the purpose for data storage no longer applies after your request has been processed. The latter is not automatically the case after we have responded to your request, as we would also like to provide you with optimal support across several potential requests (see also 4.6 Other purposes in connection with the aforementioned purposes). Mandatory provisions of law - e.g. retention periods - are not prejudiced hereby.

4.2 Processing of publication orders (form: Publication order)

The processing of your personal data that you enter in the order form (at minimum first and last name, e-mail, phone number, desired publication and number of copies; optionally: private or business address) takes place on the basis of Article 6(1)b GDPR in order to be able to process your enquiry in the course of initiating and performing the contract.

The data entered by you in the order form will remain with us until you request us to delete them or declare your objection or if the purpose for data storage no longer applies after your request has been processed. The latter is not automatically the case after your publication order has been processed, as we would like to provide you with optimal support even across several potential requests (see also 4.6 Other purposes in connection with the purposes mentioned above). Mandatory provisions of law - e.g. retention periods - are not prejudiced hereby.

4.3 Processing your event registration (form: Event registration)

The processing of the data entered in the event registration form (at minimum title, first and last name, e-mail address, company name) is based on a weighing of interests in accordance with Article 6(1)f GDPR. Our legitimate interests consist in the processing of your registration and in communicating with you concerning the respective event.

In the case of a paid event, Article 6(1)b GDPR (contract initiation or performance) may also be the legal basis for processing your personal data.

The data entered by you in the event registration form will remain with us until you request us to delete them or declare your objection or if the purpose for data storage no longer applies after your request has been processed. The latter is not automatically the case after your registration has been processed, as we would like to provide you with optimal support even across several potential inquiries (see also 4.6 Other purposes in connection with the aforementioned purposes).  Mandatory provisions of law - e.g. retention periods - are not prejudiced hereby.

4.4 Sending newsletters, information about products and offers as well as event information and invitations

If you have consented to receive newsletters from us, we will process your personal data (e.g. your title, first and last name, and e-mail address, and in the case of event invitations, possibly also your postal address) in order to send them and, if necessary, to address you personally in them. Our newsletters contain, for example, information on Manres products and news and on topics in which we specialise and which may be of interest to you, such as leadership and transformation. Likewise, our newsletters contain notices or invitations to upcoming Manres events, such as our annual "From CEO to CEO" event.

Unless you are a customer of Manres and/or have shown a clear interest in our services (e.g. by requesting an offer), we will only process your personal data for this purpose if you have given us your consent to do so. In this case, the legal basis for the data processing is Article 6(1)a GDPR. You may revoke your consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. However, the legality of the data processing carried out until the revocation shall remain unaffected by the revocation. Our email communications (e.g., newsletters) usually contain one or more links that allow you to unsubscribe from the particular newsletter category you are receiving or from some or all newsletter categories. For example, these links have titles such as "Unsubscribe" and "Manage settings". Please note: As long as we generally process your personal data (i.e. as long as your data are stored in our system, regardless of whether you are registered for one or more newsletter categories), you will always receive legal and data protection information from us. The reason for this is that we are legally obliged (e.g. by the EU GDPR) to provide you this information. This communication is therefore not based on your consent. Instead, the legal basis is the fulfillment of legal obligations (Article 6(1)c GDPR). Furthermore, your data will remain stored in our system even if you unsubscribe from all newsletter categories; your data record will not be automatically deleted by unsubscribing from all types. This serves the purpose of being able to resume communication with you seamlessly and to process your requests as well as possible, for example, taking into account your preferences from the past. Should you wish us to remove your data completely from our system, please write us an informal e-mail to datenschutz@manres.com. We will of course be pleased to comply with your request, although we would regret losing contact with you.

If you are an existing customer of Manres or have shown a clear interest in our services (e.g. by requesting a quote or by attending one or more of our events), we may process the aforementioned personal data to inform you about existing or new products and to notify you about certain (e.g. limited-time) offers from Manres. In this case, the legal basis for the data processing is Article 6(1)f GDPR, whereby our legitimate interest is to recommend to you as an interested party or customer products or offers of ours that could be of interest and benefit to you. If you have also given us your consent, the legal basis for data processing is Article 6(1)a GDPR.

4.5 Ensuring seamless contact with you

If you send emails to employees of Manres AG and/or Manres GmbH, we may process your personal data (such as your salutation, first and last name, email address, email metadata, as well as the content of the email text, also known as 'body') to ensure seamless and satisfactory contact with you, which, among other things, avoids redundancies. By storing the data of the email conversation in our Customer Relationship Management system, multiple employees of Manres AG and/or Manres GmbH can seamlessly handle your request, even in the case of illness or vacation-related absences. If we have a contract with you or are in the process of negotiating a contract, the legal basis for data processing is Article 6(1)b GDPR. Otherwise, Article 6(1)f is the legal basis, with our legitimate interest being to process your request as effectively as possible.

4.6 Other purposes in connection with the aforementioned purposes (4.1 - 4.5)

If we process your personal data for any of the aforementioned purposes, we will also process these personal data and, if applicable, other personal data for the following purposes:

4.6.1 Maintaining the relationship with you

We process your personal data (e.g. your first and last name, address, email address, preferred language of communication, date of most recent email communication; employee responsible for you, LinkedIn bio, Twitter username if it can be found via your email address, number of times you have contacted us, access to the most recent email sent via Outlook integration) to maintain our relationship with you as a valued or prospective customer. Examples include sending physical or digital Christmas cards or facilitating communication by providing easily accessible information such as the date of our most recent communication.

If you have given us your consent to this type of data processing, the legal basis for the data processing is Article 6(1)a GDPR. You may revoke your consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. However, the legality of the data processing carried out until the revocation shall remain unaffected by the revocation.

If we have an existing customer relationship or you have a clear interest in us and our services (e.g. because we are in the process of preparing an offer, you have ordered a publication from us or you have expressed such an interest by sending us a message via the contact form), we process your data on the basis of Article 6(1)f GDPR. Our legitimate interest is to maintain the relationship with you as a customer or prospective customer.

4.6.2 Development of a potential customer or customer relationship

We process your personal data (e.g. personal master data; name of the company you work for; assessment of your role in the customer relationship, e.g. "lead", "opportunity", "subscriber: in"; most recent contact; more recent form submitted by you) in order to make the development of prospects through the initiation of a customer relationship up to the actual customer relationship effective, efficient and convenient for you. For example, we might record when we communicated about a particular request, by what date you expected an offer, when we sent you a quote, and when you responded. 

If you have given us your consent to this type of data processing (e.g. if you only subscribe to our newsletter), the legal basis for the data processing is Article 6(1)a GDPR. You may revoke your consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. However, the legality of the data processing carried out until the revocation shall remain unaffected by the revocation.

If we have an existing customer relationship or you have a clear interest in us and our services (e.g. because we are in the process of preparing an offer, you have ordered a publication from us or you have expressed such an interest by sending us a message via the contact form), we process your data on the basis of Article 6(1)f GDPR. Our legitimate interest is to meet your needs in a timely, efficient and overall professional manner and to provide you with a smooth experience, for example, even when multiple consultants are involved.

4.6.3 Understanding your interests and needs

We process your personal data (e.g. the links in our emails that you click on, date of the most recent response to a marketing email, number of marketing emails sent since last interaction, last website from which you were referred to our website) to understand which topics and content are of particular interest to you and other customers or potential customers.

The legal basis for this data processing is Article 6(1)a GDPR. Our legitimate interest is to understand your interests and needs and to provide you with even more interesting content tailored to your needs and to further develop our services and products.

4.6.4 Managing your record in our system

We process your personal data (e.g. registration date in our system, confirmation status of your e-mail address, automatically generated contact ID, opt-out information regarding certain e-mail types, applicable legal basis of data processing) to manage your data record in our system. 

The legal basis for this data processing is Article 6(1)a GDPR. Our legitimate interest is to process your data accurately and reliably and to respect your wishes regarding marketing communications (e.g. opt-out).

4.7 Email Contact

We process your personal data (such as your first and last name, email address, additional contact information, and any personal data you provide in your messages during contact) to respond to your email messages and address any concerns you may have.

The legal basis for this data processing depends on the nature of your message or request:

  • If you have given us your consent for the processing of the data, Art. 6(1)a GDPR serves as the legal basis.
  • If the processing is necessary to fulfill a contract we have with you or to prepare a contract with you, Art. 6(1)b GDPR serves as the legal basis.
  • If we are subject to a legal obligation to process the data (e.g., within the scope of statutory retention periods), Art. 6(1)c GDPR serves as the legal basis.
  • If the processing is necessary to protect vital interests of you or another natural person, Art. 6(1)d GDPR serves as the legal basis.
  • If the processing is necessary for the performance of a task carried out in the public interest, Art. 6(1)e GDPR serves as the legal basis.
  • If the processing is necessary to safeguard our or your legitimate interests or those of a third party, Art. 6(1)f GDPR serves as the legal basis.

4.8 Online marketing

We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "Content") based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedure in which the relevant user information for the display of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, communication partners and technical information such as the browser used, computer system used and information on usage times and used functions. If users have consented to the collection of their sideline data, these can also be processed.

The IP addresses of the users are also stored. However, we use provided IP masking procedures (i.e. pseudonymisation by shortening the IP address) to ensure the protection of the user's by using a pseudonym. In general, within the framework of the online marketing process, no clear user data (such as e-mail addresses or names) is secured, but pseudonyms. This means that we, as well as the providers of online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or similar memorizing procedures. These cookies can later, generally also on other websites that use the same online marketing technology, be read and analyzed for purposes of content display, as well as supplemented with other data and stored on the server of the online marketing technology provider.

Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing technology we use and the network links the profiles of the users in the aforementioned data. Please note that users may enter into additional agreements with the social network providers or other service providers, e.g. by consenting as part of a registration process.

As a matter of principle, we only gain access to summarised information about the performance of our advertisements. However, within the framework of so-called conversion measurement, we can check which of our online marketing processes have led to a so-called conversion, i.e. to the conclusion of a contract with us. The conversion measurement is used alone for the performance analysis of our marketing activities.

Unless otherwise stated, we kindly ask you to consider that cookies used will be stored for a period of two years.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status); Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Marketing; Profiles with user-related information (Creating user profiles); Conversion tracking (Measurement of the effectiveness of marketing activities); Provision of our online services and usability; Remarketing.
  • Security measures: IP Masking (Pseudonymization of the IP address).
  • Legal Basis: Consent (Article 6 (1) (a) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR); Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
  • Opt-Out: We refer to the privacy policies of the respective service providers and the possibilities for objection (so-called "opt-out"). If no explicit opt-out option has been specified, it is possible to deactivate cookies in the settings of your browser. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered collectively for each area: a) Europe: www.youronlinechoices.eu. b) Canada: www.youradchoices.ca/choices. c) USA: www.aboutads.info/choices. d) Cross-regional: https://optout.aboutads.info.

Further information on processing methods, procedures and services used:

4.8.1 Dealfront

We use Leadfeeder as a tool to generate commercial leads, i.e. recognition of company visits to our website, as potential interested parties of our services or information. Only IP addresses of companies or business persons are processed for these purposes; the IP addresses are also processed pseudonymously, shortened by the last two digits; Legal Basis: Consent (Article 6 (1) (a) GDPR); Service provider: Dealfront Group GmbH, Durlacher Allee 73, D-76131 Karlsruhe, Deutschland; Website: www.dealfront.com; Privacy Policy: www.dealfront.com/de/privacy-notice/; further information on Dealfront and compatibility with the General Data Protection Regulation: www.dealfront.com/de/gdpr/; Data Protection Center, including data protection information for data subjects: www.dealfront.com/de/privacy-center/.

4.8.2 Google Ads and Conversion Tracking

Online marketing process for purposes of placing content and advertisements within the provider's advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads. Furthermore, we measure the conversion of the ads, i.e. whether the users took them as a reason to interact with the ads and make use of the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for third country transfer: EU-US Data Privacy Framework (DPF); Further Information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices. Google Ads Controller-Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: https://business.safety.google/adscontrollerterms.

4.8.3 LinkedIn

Insights Tag / Conversion tracking; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy, cookie policy: https://www.linkedin.com/legal/cookie_policy; Basis for third country transfer: Standard Contractual Clauses (https://legal.linkedin.com/dpa). Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

4.8.4 Google Tag Manager

Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online services (please refer to further details in this privacy policy). With the Tag Manager itself (which implements the tags), for example, no user profiles are created or cookies are stored. Google only receives the IP address of the user, which is necessary to run the Google Tag Manager; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website:https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms. Basis for third country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms).

4.8.5 Google Analytics 4

We use Google Analytics to perform measurement and analysis of the use of our online services by users based on a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to an end device in order to recognize which content users have accessed within one or various usage processes, which search terms they have used, have accessed again or have interacted with our online services. Likewise, the time of use and its duration are stored, as well as the sources of users referring to our online services and technical aspects of their end devices and browsers. In the process, pseudonymous profiles of users are created with information from the use of various devices, and cookies may be used. Google Analytics does not log or store individual IP addresses. Analytics does provide coarse geo-location data by deriving the following metadata from IP addresses: City (and the derived latitude, and longitude of the city), Continent, Country, Region, Subcontinent (and ID-based counterparts). For EU-based traffic, IP-address data is used solely for geo-location data derivation before being immediately discarded. It is not logged, accessible, or used for any additional use cases. When Analytics collects measurement data, all IP lookups are performed on EU-based servers before forwarding traffic to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://marketingplatform.google.com/intl/en/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis for third country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://adssettings.google.com/authenticated. Further Information: https://privacy.google.com/businesses/adsservices (Types of processing and data processed).

4.8.6 Google Ads Remarketing

Google Ads Remarketing: Google Remarketing, also known as retargeting, is a technology that adds users who use an online service to a pseudonymous remarketing list so that users can be shown ads on other online services based on their visit to the online service ; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for third country transfer: EU-US Data Privacy Framework (DPF); Further Information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices. Google Ads Controller-Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: https://business.safety.google/adscontrollerterms.

4.8.7 HubSpot

Marketing software for lead generation, marketing automation and analysis of marketing activities, customer management and process and sales support with personalized customer care with multi-channel communication, i.e. management of customer inquiries from different channels, and analysis and feedback functions, email marketing platform; Service provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.hubspot.de; Privacy Policy: https://legal.hubspot.com/de/privacy-policy; Data Processing Agreement: https://legal.hubspot.com/dpa; Basis for third country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.hubspot.com/dpa).

5. Cookies

Cookies are small text files or other data records that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the contents accessed or the functions used. Cookies can also be used for various purposes, e.g. for purposes of functionality, security and convenience of online offers as well as the creation of analyses of visitor flows.

Information on consent: We use cookies in accordance with the statutory provisions. Therefore, we obtain prior consent from users, except when it is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is strictly necessary in order to provide an information society service explicitly requested by the subscriber or user. Essential cookies usually include cookies with functions related to the display and operability of the onlineservice, load balancing, security, storage of users' preferences and choices or similar purposes related to the provision of the main and secondary functions of the onlineservice requested by users. The revocable consent will be clearly communicated to the user and will contain the information on the respective cookie use.

Information on legal bases under data protection law: The legal basis under data protection law on which we process users' personal data with the use of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in a business operation of our online services and improvement of its usability) or, if this is done in the context of the fulfillment of our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. For which purposes the cookies are processed by us, we do clarify in the course of this privacy policy or in the context of our consent and processing procedures.

Retention period: With regard to the retention period, a distinction is drawn between the following types of cookies:

  • Temporary cookies (also known as "session cookies"): Temporary cookies are deleted at the latest after a user has left an online service and closed his or her end device (i.e. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the terminal device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also file an objection to processing in accordance with the legal requirements in Article 21 GDPR. Users can also declare their objection by means of the settings of their browser, e.g. by deactivating the use of cookies (whereby this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes, can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of Processing: Provision of our online services and usability.
  • Legal basis: Legitimate Interests (Article 6(1)f GDPR); Consent (Article 6(1)a GDPR).

Further information on processing methods, procedures and services used:

Processing Cookie Data on the Basis of Consent: We use a cookie management solution in which users' consent to the use of cookies, or the procedures and providers mentioned in the cookie management solution, can be obtained, managed and revoked by the users. The declaration of consent is stored so that it does not have to be retrieved again and the consent can be proven in accordance with the legal obligation. Storage can take place server-sided and/or in a cookie (so-called opt-out cookie or with the aid of comparable technologies) in order to be able to assign the consent to a user or and/or his/her device. Subject to individual details of the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. In this case, a pseudonymous user identifier is formed and stored with the date/time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and used end device; Legal Basis: Consent (Article 6 (1) (a) GDPR).

6. Plugins and embedded functions and content

Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may, for example, be graphics, videos or city maps (hereinafter uniformly referred to as "Content").

The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status); Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of Processing: Provision of our online services and usability; Provision of contractual services and customer support.
  • Legal basis: Legitimate Interests (Article 6(1)f GDPR); Consent (Article 6(1)a GDPR).

Further information on processing methods, procedures and services used:

  • YouTube videos: Video contents; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, , parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for third country transfer: EU-US Data Privacy Framework (DPF). Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://adssettings.google.com/authenticated.

7. Recipients of Personal Data

Within our enterprise, those offices that need your data in order to fulfil our contractual and legal obligations will receive them. Job processors used by us (Article 28 GDPR) may receive data for these purposes. These are in the present case companies in the categories: IT services, telecommunications as well as sales and marketing, in particular the processor that provides us with the customer relationship management tool. If your enquiry is addressed to our affiliated company Manres GmbH, we may transfer the data for further processing of the request. In addition, data will only be passed on to recipients outside our enterprise if this is prescribed by law, if you have given your consent or if we are authorised to provide the information. Under these conditions, the recipients of the personal data can be, for example:  public bodies and institutions (e.g. supervisory authorities) where there is a legal or official obligation. 
Other data recipients may be those for whom you have given us your consent to data transmission.

8. Data transfers to third countries

In the context of the joint administration of our database of prospective customers and customers, it is foreseeable that employees of Manres GmbH in Germany will enter your personal data into the corresponding system of Manres AG. This is necessary because Manres GmbH, as a subsidiary, shares the IT and service provider infrastructure of Manres AG. As part of the joint cultivation of relationships with our prospective customers and customers, it is highly likely that employees of Manres AG will also access the data entered by employees of Manres GmbH. This refers to Purposes 4.1 up to and including 4.6 and, under certain circumstances, purpose 4.7 (provided that the data from email contact has been stored in our customer relationship management system), as well as possibly purpose 4.8. The legal basis for this third country transmission is an adequacy decision of the EU Commission for Switzerland.

EU-US Trans-Atlantic Data Privacy Framework: Within the context of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA as secure within the adequacy decision of 10th July 2023. The list of certified companies as well as additional information about the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you which of our service providers are certified under the Data Privacy Framework as part of our data protection notices.

In certain cases, the processing of your personal data for the purpose of online marketing (4.8) may result in your data being transferred to the United States of America. The legal basis for this third country transfer is then the Standard Data Protection Clauses that are applied in the order processing contract with the respective data processor, or the DPF.

No further data is transferred to third countries (countries outside the European Economic Area (EEA)).

In accordance with the Swiss Data Protection Act (DSG), we only disclose personal data abroad when an appropriate level of protection for the affected persons is ensured (Art. 16 Swiss DSG). If the Federal Council does not determine that there is an adequate level of protection, we implement alternative security measures. These measures may include international agreements, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC), or internal company data protection regulations previously recognised by the FDPIC or a competent data protection authority of another country.

Under Art. 16 of the Swiss DSG, exceptions can be made for the disclosure of data abroad if certain conditions are met, including the consent of the affected person, contract execution, public interest, protection of life or physical integrity, publicly made data or data from a legally provided register. Such disclosures always comply with the legal requirements.

9. Security

This site uses SSL and TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

10. Automated decision making

The customer relationship management system we use makes some automated assessments based on the available (mainly statistical and analytical) data. For example, it determines an automatic "lead score", i.e. a value for the probability that a contact will become a customer. However, such values are for our information only.

No automated decision making takes place based on personal data.

11. Right of data subject

If the provisions of the GDPR are applicable, every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR and the right to data portability under Article 20 GDPR. The restrictions in accordance with §§ 34 and 35 FDPA (if applicable) shall apply to the right to information and the right to erasure. In addition, there is a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR as related to § 19 FDPA).

Information on your right to object pursuant to Article 21 GDPR and your right of withdrawal pursuant to Article 7(3) GDPR

1. Right to object in specific cases

If the provisions of the GDPR are applicable, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Article 6(1)f of the GDPR (data processing on the basis of a weighing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR, which we use for credit assessment and for advertising purposes. If you lodge an objection, we will no longer process your personal data, unless we can demonstrate compulsory grounds worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend against legal claims.

2. Possibility to withdraw consent

You may withdraw previously granted consent to the processing of your personal data at any time informally without any special reason. A notification by e-mail to us is sufficient for this purpose. However, the legality of the data processing carried out until the withdrawal shall remain unaffected by the withdrawal.

The objection or withdrawal may be made informally and should be addressed if possible to: datenschutz[at]manres.com

If the provisions of the Swiss DPA are applicable, every data subject has the following rights:

  • Right to information: You have the right to request confirmation as to whether personal data concerning you are being processed, and to receive the information necessary for you to assert your rights under the Swiss DPA and to ensure transparent data processing.
  • Right to data release or transfer: You have the right to request the release of your personal data, which you have provided to us, in a common electronic format, as well as its transfer to another data controller, provided this does not require disproportionate effort.
  • Right to rectification: You have the right to request the rectification of inaccurate personal data concerning you.
  • Right to object, deletion, and destruction: You have the right to object to the processing of your data, as well as to request that personal data concerning you be deleted or destroyed.