Privacy Policy
Version dated 1 September 2023
​
​
In this Privacy Policy, we, Wickelfisch AG (hereinafter "Wickelfisch AG", "we", "us" or "our"), explain how we collect and otherwise process personal data. This is not an exhaustive description; other privacy policies, general terms and conditions, or similar documents may govern specific matters. Personal data means any information relating to an identified or identifiable natural person. If you provide us with personal data relating to other persons (e.g. family members or work colleagues), please ensure that these persons are aware of this Privacy Policy and only provide us with their personal data if you are authorized to do so and if such personal data is accurate. This Privacy Policy is designed to comply with the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Federal Act on Data Protection ("FADP"), and the revised Swiss Data Protection Act ("revFADP"). However, whether and to what extent these laws apply depends on the individual case.
​
​
Data Controller / Data Protection Officer / Representative
The management of Wickelfisch AG is responsible for the data processing activities described herein. If you have any data protection concerns, you may contact us at the following address: Wickelfisch AG, Brühlmattweg 1, 4107 Ettingen, Switzerland.
Email: info@wickelfisch.ch​​
​
Collection and Processing of Personal Data
-
We primarily process the personal data that we receive from our customers and other business partners, as well as from other persons involved in these business relationships, or that we collect from users when operating our websites, apps, and other applications.
​​
-
Where permitted, we also obtain certain data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, the press, and the Internet) or receive such information from public authorities and other third parties.
​​
-
In addition to the data you provide directly to us, the categories of personal data we receive from third parties about you include, in particular, information from public registers; information obtained in connection with official and legal proceedings; information related to your professional functions and activities (for example, to conclude and perform business transactions with your employer with your assistance); information about you contained in correspondence and meetings with third parties; credit information (where we conduct business with you personally); information provided by persons close to you (family members, advisors, legal representatives, etc.) to enable us to conclude or perform contracts with or involving you (such as references, delivery addresses, powers of attorney, information required to comply with legal requirements such as anti-money laundering regulations and export restrictions); information from banks, insurance companies, distributors, and other contractual partners concerning your use or provision of services (e.g. payments made or purchases completed); information from the media and the Internet about you (where appropriate in specific cases, for example in connection with applications, media reviews, marketing, or sales activities); your addresses and, where applicable, interests and other socio-demographic data for marketing purposes; and data relating to your use of the website (such as IP address, MAC address of your smartphone or computer, device information and settings, cookies, date and time of visits, pages and content accessed, functions used, referring websites, and location data).
​​
​
Purposes of Data Processing and Legal Bases
We primarily use the personal data we collect in order to conclude and perform our contracts with our customers and business partners, particularly in connection with the manufacture of packaging for our customers and the purchase of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations in Switzerland and abroad.
If you work for one of our customers or business partners, your personal data may also be affected in this context.
​
Furthermore, where permitted and where we consider it appropriate, we process personal data about you and other individuals for the following purposes, in which we (and sometimes third parties) have a legitimate interest:
​
-
Providing and further developing our products, services, websites, apps, and other platforms on which we are present;
-
Communicating with third parties and processing their inquiries (e.g. job applications or media inquiries);
​
-
Reviewing and optimizing procedures for needs analysis for the purpose of direct customer contact and collecting personal data from publicly accessible sources for customer acquisition purposes;
​
-
Advertising and marketing activities (including events), provided that you have not objected to the use of your data. If we send advertising to you as an existing customer, you may object at any time, and we will place you on a suppression list for future marketing communications;
​
-
Market research, opinion research, and media monitoring;
​
-
The assertion of legal claims and defense in legal disputes and administrative proceedings;
​
-
The prevention and investigation of criminal offenses and other misconduct (e.g. internal investigations and fraud analysis);
​
-
Ensuring the operation of our business, particularly our IT systems, websites, apps, and other platforms;
​
-
Video surveillance to safeguard property rights and other measures to ensure IT, building, and facility security, and to protect our employees, other persons, and assets entrusted to us (e.g. access controls, visitor logs, network and email scanners, and telephone recordings);
​
-
The purchase and sale of business units, companies, or parts of companies and other corporate transactions, including the associated transfer of personal data, business management measures, and compliance with legal, regulatory, and internal requirements of Wickelfisch AG.
​
Where you have given us your consent to process your personal data for specific purposes (for example, when subscribing to newsletters or undergoing a background check), we process your personal data within the scope of and based on that consent, unless another legal basis applies or is required. You may withdraw your consent at any time, although this does not affect any processing already carried out.
​
Cookies, Tracking, and Other Technologies Related to the Use of Our Website
Our websites typically use cookies and similar technologies that allow your browser or device to be identified. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by your web browser when you visit our website.
​
When you revisit our website, we may recognize you even if we do not know your identity. In addition to cookies that are used only during a session and deleted after your visit ("session cookies"), cookies may also be used to store user settings and other information for a certain period of time (for example, two years) ("persistent cookies").
​
You can configure your browser to reject cookies, accept them only for a specific session, or delete them automatically. Most browsers are preset to accept cookies. We use persistent cookies to better understand how you use our services and content and to provide you with customized offers and advertising, including on third-party websites.
​
Some cookies are set by us and others by contractual partners with whom we cooperate. If you block cookies, certain functionalities (such as language settings, shopping carts, or ordering processes) may no longer function properly.
Our newsletters and other marketing emails may also contain visible and invisible image elements that, when retrieved from our servers, allow us to determine whether and when you opened the email. This enables us to measure and better understand how our offers are used and to tailor them accordingly. You can prevent this through your email program; most email applications are configured to do so automatically.
​
By using our websites and consenting to receive newsletters and other marketing emails, you agree to the use of these technologies. If you do not wish to do so, you must configure your browser or email application accordingly or uninstall the relevant app where this cannot be adjusted through settings.
​
We may also use Google Analytics or comparable services on our websites. These are services provided by third parties that may be located anywhere in the world. In the case of Google Analytics, the service is provided by Google Ireland (based in Ireland), which uses Google LLC (based in the United States) as a processor.
​
These services allow us to measure and evaluate the use of our website on a non-personal basis. Persistent cookies are also used for this purpose. We have configured the service so that IP addresses of visitors from Europe are shortened before being transferred to the United States and therefore cannot be traced back. We have disabled the "Data Sharing" and "Signals" settings.
​
Although we assume that the information we share with Google does not constitute personal data for Google, it is possible that Google may use this information for its own purposes, draw conclusions about the identity of visitors, create personal profiles, and link this information with users' Google accounts. If you are registered with the service provider, the provider will also know your identity. The processing of your personal data by the service provider is carried out under its own responsibility and according to its own privacy policies. The service provider only informs us about how our website is used and does not provide us with any personal information about you.
​
We also use social media plug-ins from networks such as Facebook, Twitter, YouTube, Pinterest, and Instagram. These are generally recognizable by the corresponding symbols. These elements are configured to be disabled by default. If you activate them by clicking on them, the operators of the respective social networks may record that you are visiting our website and where you are located and may use this information for their own purposes. The processing of your personal data then takes place under the responsibility of the respective operator in accordance with its own privacy policy. We do not receive any personal information about you from these operators.
​
Disclosure of Data and International Data Transfers
As part of our business activities and for the purposes described in Section 3, we may disclose personal data to third parties where permitted and where we consider it appropriate, either because they process the data on our behalf or because they use it for their own purposes.
​
​This particularly includes: Our service providers (external parties such as banks and insurance companies), including data processors (such as IT providers); Dealers, suppliers, subcontractors, and other business partners; Domestic and foreign authorities, government agencies, and courts.
​
​
Retention Period for Personal Data
We process and store your personal data for as long as necessary to fulfill our contractual and legal obligations or for the purposes pursued by the processing. This includes, for example, the entire duration of the business relationship, from initiation and performance to termination of a contract, as well as the retention periods required by law.
Personal data may also be retained for the period during which claims can be asserted against our company or where we are otherwise legally obliged to retain it or where legitimate business interests require it (for example, for evidentiary or documentation purposes).
As soon as your personal data is no longer required for the above purposes, it will generally be deleted or anonymized wherever possible. For operational data (e.g. system logs), shorter retention periods of twelve months or less generally apply.
​
​
Data Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access and misuse. These measures include internal directives, employee training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, and monitoring procedures.
​
Obligation to Provide Personal Data
Within the scope of our business relationship, you must provide the personal data required for establishing and carrying out the business relationship and for fulfilling the associated contractual obligations. You are generally under no legal obligation to provide us with such data.
Without this data, we will generally not be able to conclude or perform a contract with you (or with the entity or person you represent). The website may also not function properly if certain information necessary to ensure data transmission (such as the IP address) is not disclosed.
​
Profiling
We process your personal data partly by automated means in order to evaluate certain personal aspects (profiling). In particular, we use profiling to provide you with targeted information and advice about products. We use evaluation tools that enable us to provide needs-based communication and advertising, including market and opinion research.
​
-
For the establishment and execution of the business relationship, and otherwise, we generally do not use fully automated decision-making as defined, for example, in Article 22 GDPR. Should we use such procedures in individual cases, we will inform you separately where required by law and explain your related rights.
Rights of the Data Subject
Within the framework of the applicable data protection legislation and to the extent provided therein (such as under the GDPR), you have the right to access, rectification, deletion, restriction of processing, and objection to our data processing activities, particularly those relating to direct marketing, profiling for direct advertising, and other legitimate interests.
You also have the right to receive certain personal data for transfer to another controller (data portability).
However, we reserve the right to invoke the restrictions provided by law, for example where we are obliged to retain or process certain data, where we have an overriding interest in doing so, or where the data is required for the assertion of legal claims.
If any costs arise, we will inform you in advance. We have already informed you of your right to withdraw consent in Section 3. Please note that exercising these rights may conflict with contractual agreements and may result in consequences such as early termination of the contract or costs. In such cases, we will inform you in advance unless this is already contractually regulated.
​
The exercise of these rights generally requires that you provide proof of your identity (for example, by providing a copy of an identity document where your identity cannot otherwise be clearly established or verified). To exercise your rights, you may contact us at the address specified above.
Every data subject also has the right to enforce their claims through the courts or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Amendments
We may amend this Privacy Policy at any time without prior notice. The current version published on our website shall apply. If the Privacy Policy forms part of an agreement with you, we will inform you of any changes by email or by other appropriate means.