Lokal verwurzelt, international tätig

Privacy Statement

  1. Preamble

    The following provisions serve to inform about the processing of personal data as per the requirements of the General Data Protection Regulation (GDPR), particularly in light of the informational duties according to Art. 12 to 14 of the GDPR and to educate about the rights of data subjects according to Art. 15 to 22 and Art. 34 of the GDPR.

  1. Definitions

    In the following, frequently used terms in this privacy statement are defined and explained:

      1. “Personal data”: any information relating to an identified or identifiable natural or legal person ('data subject'); an identifiable natural or legal person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural or legal person.
      2. “Controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
      3. “Data Processor” a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
      4. “Recipient” is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
      5. “Third party” is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
      6. “Processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
      7. “Profiling” is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural or legal person, in particular to analyse or predict aspects concerning that natural or legal person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
      8. “Restricted processing” is defined as the marking of stored personal data with the aim of limiting their processing in the future.

  1. General Data Protection Regulation

    The full text of the General Data Protection Regulation can be found on the Internet at https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&from=DE If you have any further questions concerning the General Data Protection Regulation, please contact our Data Protection Officer.

  1. Information concerning the Controller

    Controller of data processing in all contractual relationships with Double S Solutions AG is:

    Double S Solutions AG - Täfernstrasse 1 – 5405 Dättwil, Switzerland
    Phone: + 41 (0) 56 501 00 07
    Email address:
    Website: https://www.2s-ag.ch
    District Court: Baden
    Executive Director: Sven Steenbock

  1. Responsible regulatory authority

    The responsible regulatory authority is:

    Federal Commissioner for Data Protection and Freedom of Information

    Husarentstrasse 30
    53117 Bonn, Germany
    Phone: +49 228 997 799-0

    Fax: +49 228 997 799-550
    Email address:

  1. Data Protection Officer

    The Data Protection Officer of the Controller is Mr Sven Steenbock. The contact details of the Data Protection Officer are as follows:
    Phone: + 41 (0) 56 501 00 06
    Email address:

  1. Information about the collection, processing and usage of data

    We process your personal data only for the purpose of providing and improving the services we offer. This purpose includes:

    1. Provision of requested products and services: We use the data provided to us by you in order to render the services you request upon appointing us.
    2. Notification in case of an update on or cancellation of a contractual relationship: We will send information regarding services requested and updates concerning any changes in these services. Such notifications are not sent for marketing purposes and cannot be opted-out of.
    3. Administrative or legal purposes: your data are used for statistical purposes, marketing analyses, system tests, customer enquiries, maintenance and development, or in the handling of legal disputes or claims. Please note that we may create a data profile based on the data collected from you for statistical purposes or marketing analyses. Such profiles are created only with your prior consent, and we take utmost care to ensure that the data such profiles are based upon are correct. By providing us with personal data, you expressly authorise us to use same to create data profiles in accordance with this Privacy Statement.
    4. Safety, health, administration, crime prevention and detection: There is a possibility that your data will have to be forwarded to government authorities or law enforcement agencies in order to fulfil legal requirements.
    5. Communication with customer service: Your data are used to organise our communication with you as our client and in order to improve on our services as well as on your experience with us.
    6. Marketing: From time to time, you will receive informational emails. In every such email, it is possible to opt out of future direct mailings of this kind.

      7. WWe will process your personal data only if there is a legal basis for doing so. The legal basis is defined by the purposes for which your personal data were collected and for which they are to be used.

      We will store your data no longer than is required for the purpose for which they are processed. In order to determine the appropriate storage period, we take into account the volume of the personal data, the kind and sensitivity as well as the purpose for which your personal data are being processed. Consideration is also taken as to whether this purpose can be fulfilled by other means.

      Similarly, specific periods during which we might be obligated to retain your personal data will have to be taken into consideration. This may be necessary in order to fulfil legal requirements, to enable handling of complaints and enquiries or to protect our legal interests should a claim be raised against us.

      If your personal data are no longer required, it will be irretrievably deleted order destroyed. We will moreover consider whether and how we may reduce the use of personal data to a minimum as well as whether it is possible to anonymise your personal data, thus disassociating it from you and preventing identification. In this case, we may use this data without your prior notice.

  1. Rights of Data Subject

    As the subject of data processing operation, you have the following rights according to the General Data Protection Regulation (hereafter “rights of data subject”):

  1. You have the right to request information about whether we have processed your personal data or not. If we have processed your personal data, you are entitled to request information concerning:
    1. the purposes of processing;
    2. the category/type of personal data processed;
    3. the recipients or categories of recipients to whom your data has been disclosed or will be disclosed. This applies in particular if data were/are to be disclosed to recipients in countries outside of the jurisdiction of the GDPR.
    4. the planned period of storage, if possible is to be advised; if this cannot be specified, in any case the criteria to determine the storage period (e.g. legal storage periods and similar) are to be advised.
    5. your right to have your personal data corrected or deleted, to restrict their processing and/or the possibility of voicing objections (see also the following clauses in this regard);
    6. your right to lodge a complaint with a regulatory authority;
    7. the origin of the data, should the personal data not have been directly collected from you. Furthermore, you may request information as to whether your personal data are used in automated decision-making as defined by Art. 22 GDPR. If this is the case, you may request information about the criteria on which such automated decisions are based (logic) and the effects and the significance of such an automated decision for you.

      8. If personal data are transferred to a third country outside of the jurisdiction of the General Data Protection Regulation, you may request information about whether there are any guarantees in place at the recipient’s for an ample level of data protection as defined by Art. 45 and 46 GDPR.

      You have the right to request a copy of your personal data. Such copies will be provided in electronic form unless you request otherwise. The first copy will be free of charge, any further copies may be subject to a reasonable fee. Copies will be provided without prejudice for the rights and liberties of other persons who might be affected by the provision of a copy of your personal data.

  2. You have the right to request correction of your data if same is incorrect, inaccurate and/or incomplete; the right to correction includes the right of completion by means of additional statements or messages. Any correction and/or amendment is to be made immediately, that is without undue delay.
  3. You have the right to ask us to delete your personal data if
    1. the personal data are no longer required for the purpose(s) for which they were originally collected and processed;
    2. the personal data are processed based upon your consent and you have withdrawn said consent, unless there is another legal basis for continued processing of the data;
    3. you objected to the processing of your data according to Art. 21 GDPR and no overriding, justified reasons for continued processing are at hand;
    4. you object to the processing of your data for the purpose of direct marketing in accordance with Art. 21 Para 2 GDPR;
    5. your personal data were processed illegally;
    6. the data concern a child and were collected with reference to information society services in accordance with Art. 8 Para 1 GDPR.
  4. You do not have the right to have personal data deleted if
    1. your request is in conflict with the right to free speech and the right to freedom of information;
    2. your data are processed in order to (i) fulfil legal requirements (e.g. legal storage periods), (ii) carry out public duties and interests in accordance with EU law and/or member state laws or Swiss law (this includes public health interests), or (iii) if your data are required for archival storage and/or research purposes;
    3. your personal data are required to assert, exercise or defend legal claims.

    The data are to be deleted immediately, i.e. without undue delay. If your personal data has been published by us (e.g. on the Internet), we must ensure, insofar as technically possible and reasonable, that third-party Data Processors are also informed about the request to delete the data, including the deletion of links, copies and/or replications.

  5. You have the right to have the processing of your personal data restricted if the following applies:
    1. If you contested the correctness of your personal data, you may demand from us that your data shall not be processed for other purposes while the data are verified, thus restricting its processing.
    2. If your data are processed illegally, you can, instead of requesting deletion of the data in accordance with Art. 17 Para 1 lit. d GDPR, request that its usage be restricted in accordance with Art. 18 GDPR.
    3. If you require your personal data to assert, exercise, or defend legal claims and they are otherwise no longer required, you can request from us that their processing/usage be restricted to the aforementioned legal purposes.
    4. If you objected to the processing of your data in accordance with Art. 21 Para 1 GDPR and it has not yet been determined whether our interest in processing outweigh your own interests, you may request that your personal data not be processed for other purposes until such a determination has been made, thus restricting usage.

    Personal data, the processing of which was restricted as per your request - its storage notwithstanding - must only be processed (i) with your consent, (ii) to assert, exercise or defend legal claims, (iii) to protect the rights of other natural or legal entities, or (iv) for reasons of overriding public interest. Once processing restrictions are lifted, you will be notified accordingly in advance.

  6. You have the right - subject to the following provisions - to request that your personal data be surrendered in an established, electronic and machine-readable format. The right to data transfer includes the right to transfer it to another controller; upon request, we will, insofar as technically possible, transfer your data directly to a controller of your choosing. The right to data transfer only applies to the data provided by you. The right to data transfer further requires that processing is carried out on the basis of consent or in order to carry out a contract and is executed using automated processes. The right to data deletion in accordance with Art. 17 GDPR remains unaffected by the right to data transfer in accordance with Art. 20 GDPR. Any data transfer is performed without prejudice for the rights and liberties of other persons whose rights might be affected by the data transfer.
  7. If personal data are processed in conjunction with fulfilling responsibilities in the public interest (Art. 6 Para 1 lit. e GDPR) or to observe legitimate interests (Art. 6 Para 1 lit. f GDPR), you are entitled to object to the processing of the respective data at any time with effect to the future. If you object to the processing of your data, we have to cease any further processing for the aforementioned purposes, unless
    1. there are compelling grounds for processing worth protecting which outweigh your own rights and liberties, or
    2. the processing is necessary to assert, exercise or defend legal claims.

    Usage of your personal data for the purpose of direct marketing can be objected to at any time with effect to the future; this also includes profiling as long as it is related to direct marketing. If you object, we are then required to cease processing of any of your personal data for the purpose of direct marketing.

  8. Decisions of legal or other significant consequence for you are not to be based solely on automated processing of personal data, including profiling. This does not apply if the automated decision
    1. is necessary in order to enter into or fulfil a contractual agreement with you,
    2. is permissible by the laws of Switzerland, the EU or its member states, provided these laws include appropriate measures to safeguard your rights and liberties and the legitimate interest of your natural person, or
    3. is made with your express consent.

    Decisions based solely on the automated processing of special categories of personal data are generally prohibited, unless the provisions of Art. 22 Para 4 in connection with Art. 9 Para 2 lit. a or g GDPR apply and appropriate measures were taken to safeguard your rights, liberties and your legitimate interests.

  9. In case of data protection breaches which carry a high risk for your personal rights and liberties, you will be notified immediately. If cases in accordance with Art. 34 Para 3 GDPR are concerned, such a notification may not happen. The notification will contain the following information in particular:
    1. Description of the breach,
    2. Name and contact details of the Data Protection Officer or another body for further information,
    3. Description of the likely consequences of the data breach,
    4. Description of the measures implemented or suggested by us in order to rectify the data breach and to alleviate negative consequences.
  10. In order to exercise the rights of the data subject, please contact the bodies mentioned in sections 5 and 6. Enquiries received in electronic form will normally be answered in electronic form unless you have requested otherwise in your enquiry.

    Information, messages and measures in accordance with the GDPR including exercising the rights of the data subject are generally provided free of charge. Only when applications/enquiries are obviously unfounded or excessive are we entitled to demand a reasonable fee or to not act on the request (Art. 12 Para 5 GDPR).

    Should there be reasonable doubt as to your identity, we are entitled to request additional information from you in order to positively verify your identity. If we are not able to positively verify your identity, we are entitled to deny your request. Should identification not be possible, you will be notified separately, insofar as possible (Art. 12 Para 6, Art. 11 GDPR).

    Any enquiries and requests for information are generally processed within one month from the date of receipt. This period can be extended by another two months if the complexity and/or the volume of individual enquiries requires additional processing time; should further extension of time be required, you will be informed accordingly of the reasons for the delay within one month from the date of receipt of your enquiry. If your enquiry is not processed, you will be notified within one month of receipt of your enquiry and reasons why your enquiry was not processed will be stated. You will furthermore be informed about your option to lodge a complaint with a regulatory authority or to take legal action. (Art. 12 Para 3 and 4 GDPR)

    Please note that you may exercise your rights as data subject only within limitations imposed by the EU or its member states. (Art. 23 GDPR)

  11. If we disclosed personal data to third parties or Recipients, it is our duty to notify them of any correction, deletion and/or restriction of processing, insofar as technically possible and feasible. Upon request, you will be informed of the identities of the respective recipients of your data.

  1. Using the website

    1. Upon accessing our website, general information will automatically be collected. This information (server logfiles) includes, for instance, your type of browser, your type of operating system, the domain name of your internet service provider and similar data. Your identity cannot be ascertained using any of this information. Collecting this information is technically necessary in order to display the content of the website correctly and is collected obligatorily when using the Internet. We use such anonymous information for statistical purposes to improve our online presence and the underlying technology.
    2. When you contact us by email or via the contact form on the website, the information provided will be stored for the purpose of processing your enquiry and for the purpose of potential follow-up questions. When contacting us in the above manner, the only personal data we collect is the data you voluntarily provide to us by email or via the contact form. Your data will be used for the sole purpose of processing your enquiry, for potential follow-up questions, and, if applicable, to fulfil and handle any contractual relationship entered with you.

      Subsequent to contract fulfilment, all data will of course be blocked from further processing.

      After expiry of the legal fiscal and commercial storage periods, your data will be deleted unless express consent to further use of your data is received or if we reserve the legal right to further use your data. In the latter case, you will be notified accordingly.

    3. This website uses Piwik, an open-source software for the statistical analysis of visitors. Piwik deploys so-called “cookies”, i.e. small text files which will be stored on your computer and which allow us to analyse your visit to our website. The cookies generate information about your usage of our website and will be stored on a server located in Germany.

      4. Immediately after processing and prior to storing the information, you IP address is anonymised. You can prevent the installation of cookies on your computer by changing the respective settings of your browser software. Please note that it is possible that you will no longer be able to use all the features of our website if you activate the aforementioned settings.

    4. It is your decision as to whether you would like a unique web analytics cookie installed in your browser in order to allow the host of the website to collect and analyse various statistical data.

      Cookies cannot be used to launch any programs or infest a computer with a virus. Based on the information collected by cookies, we are able to ease your navigation on our website and ensure that it is displayed correctly.

      We will under no circumstances disclose the data collected by cookies to any third party or associate it with any personal data without your consent.

    5. Naturally, you can view our website without the use of cookies. Internet browsers are set up to accept cookies by default. The use of cookies can be deactivated via the browser settings at any time. Please use the help function of your Internet browser to learn more about how to change these setting. Please also note that some functions on our website may not work properly when you deactivate the use of cookies.

      In order to protect your data during transfer, we implemented state-of-the-art encryption methods such as SSL via HTTPS.

    6. Our website uses Google (Universal) Analytics, a web analysis service of Google, Inc. (www.google.de). Google (Universal) Analytics employs various methods of analysing how you use this website, among them the installation of the aforementioned cookies.

      The information collected by the Google (Universal) Analytics cookie is normally transferred to and stored on a Google server located in the USA. By activating the IP-anonymising on this website, your IP address is truncated prior to the transfer and still on EU territory, or the territories within the European Economic Area respectively. Only in exceptional cases will your full IP address be transferred to the Google server in the USA before it is truncated there. The anonymised IP address transmitted from your browser via Google Analytics will not be associated or merged with any other data aggregated by Google.

      What can you do if you do not wish for your data to be transmitted by the Google cookie?

      1. You can prevent the Google cookie from collecting and transmitting data regarding your usage of our website (including your IP address) to Google by installing the respective browser plug-in available here: http://tools.google.com/dlpage/gaoptout?hl=de.
      2. As an alternative to downloading the browser plug-in, you may click on this link in order to prevent the gathering of your data by Google Analytics collected on your visit to this website. By doing so, a so-called opt-out or exclusion cookie will be stored on your device. Please note that if you delete your cookies, you will have to click on the link once again to re-establish the exclusion.

  1. Data transfer

    1. The transfer of personal data to third parties is permitted only based on legal authorisation or the data subject’s consent.
    2. If required to deliver ordered goods, we will transfer your data to the contracted logistics company so the contract can be fulfilled.
    3. Should the recipient of personal data be located outside of the European Union or the European Economic Area, special measures are to be taken in order to safeguard the rights and interests of the data subjects. Data must not be transferred if the recipient cannot provide an adequate level of data protection, or such level is not possible to attain even by means of contractual clauses.

  2. Job applications

    1. If you apply for a job with us, your personal data will be processed for the purpose of employment as far as is necessary in determining whether to hire you. The legal basis for data processing is laid down in Art. 6 Para 1 GDPR.
    2. If your application contains specific categories of personal data (such as information regarding your marital status, your sex life, your sexual orientation, your health, a photo which may intimate your ethnic background, your visual abilities and/or your religion, or similarly sensitive data as defined by Art. 9 GDPR), we are permitted to process your data only upon receipt of your express written consent. For this purpose, please fill in, sign, and submit the form “Supplementary Statement Regarding Special Categories of Data”.
    3. We will not disclose your personal data to third parties.
    4. Any data submitted by you will be stored for up to six months after rejection of your application. Only upon your express written consent will we store your data for a longer period of time after rejection of your application.
    5. You are entitled to request information on whether we have processed or will process your personal data or not. If our company processes your personal data, you have the right to be informed accordingly (Art. 15 GDPR).
    6. You have the right to request a copy of your personal data. In general, copies of personal data will be made available in electronic form unless it is requested otherwise. The first copy will be free of charge, any further copies can be provided against a reasonable fee. Copies will be provided subject to observance of the rights and liberties of other persons who might be affected by the provision of a copy of your personal data.
    7. You are entitled to have your personal data corrected should it prove incorrect, inaccurate and/or incomplete. This right to correction entails the right of completion by supplementary statements or messages. Any correction and/or amendment must be made immediately, i.e. without delay (Art. 16 GDPR).
    8. In accordance with the circumstances listed in Art. 17 GDPR, you are entitled to request your personal data be deleted.
    9. Personal data has to be deleted immediately, i.e. without any undue delay.
    10. In accordance with Art. 20 GDPR - limited by the exceptions laid down in the following regulations - you are entitled to request issuance of your personal data in an established electronic and machine-readable format. The right to data transfer includes the right to transfer it to another controller; upon request, we will, insofar as technically possible, transfer your data directly to a controller of your choosing. The right of data transfer only concerns the data provided by you and requires your consent or must be performed within the scope of a contractual agreement and is to be executed using automated processes. The right to data transfer in accordance with Art. 20 GDPR does not affect your right to have your data deleted in accordance with Art. 17 GDPR. All data transfers are performed without prejudice for the rights and liberties of other persons who might be affected by the data transfer.
    11. Should you have any complaints, you may contact the responsible supervisory authority of the European Union or its member states at any time. For our company, the German Federal Commissioner for Data Protection and Freedom of Information is the responsible supervisory authority.

  1. Modification of the Privacy Statement

We reserve the right to amend this Privacy Statement from time to time in order to adapt it to the current legal requirements or to add updates concerning any changes of our services, e.g. the introduction of new services. When you visit our website after such amendments have been made, the new Privacy Statement shall apply.

  1. Legal remedies

Should you have any complaints, you may contact the responsible supervisory authority of the European Union or its member states at any time. Our company is within the area of responsibility of the supervisory authority stated in section 5.