Privacy Policy

This Privacy Policy provides information about the processing of personal data in connection with our activities and operations, including our website at the domain name www.tibram.ch. In particular, we explain what personal data we process, for what purpose, in what manner, and where. We also provide information about the rights of individuals whose data we process.

We have drafted this privacy policy in German. In the event that it is published in another language, the German version of the privacy policy shall prevail.

We may publish additional privacy policies or other information regarding data protection for specific or additional activities and operations.

We are subject to Swiss law and, where applicable, foreign law, in particular the law of the European Union (EU), including the General Data Protection Regulation (GDPR).

In its decision of July 26, 2000, the European Commission recognized that Swiss data protection law ensures an adequate level of data protection. In a report dated January 15, 2024, the European Commission confirmed this adequacy decision.

The data controller is:

Tibram Ltd.
Tibram Ltd.
Industriestrasse 2
3661 Uetendorf

info@tibram.ch

In certain cases, third parties may be responsible for processing personal data, or there may be joint responsibility with third parties. Upon request, we are happy to provide data subjects with information regarding the respective responsibility.

Data subject: A natural person whose personal data we process.

Personal data: Any information relating to an identified or identifiable natural person.

Sensitive personal data: Data regarding trade union, political, religious, or ideological views and activities; data regarding health, privacy, or membership in an ethnic or racial group; genetic data; biometric data that uniquely identifies a natural person; data regarding criminal or administrative sanctions or proceedings, and data regarding social assistance measures.

Processing: Any handling of personal data, regardless of the means and methods used, such as retrieving, comparing, modifying, archiving, storing, reading, disclosing, obtaining, collecting, collecting, deleting, disclosing, classifying, organizing, storing, modifying, disseminating, linking, destroying, and using personal data.

European Economic Area (EEA): Member states of the European Union (EU), as well as the Principality of Liechtenstein, Iceland, and Norway.

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

We process personal data—to the extent that the General Data Protection Regulation (GDPR) applies—in accordance with at least one of the following legal bases:

The European General Data Protection Regulation (GDPR) refers to the handling of personal data as the processing of personal data and the handling of sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR).

We process the personal data necessary to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. The personal data processed may include, in particular, browser and device data, content data, communication data, metadata, usage data, master data (including inventory and contact data), location data, transaction data, contract data, and payment data. The personal data may also constitute special-category personal data.

We also process personal data that we receive from third parties, obtain from publicly available sources, or collect in the course of our activities and operations, to the extent that such processing is permitted.

We process personal data, where necessary, with the consent of the individuals concerned. In many cases, we may process personal data without consent, for example to comply with legal obligations or to protect legitimate interests. We may also ask data subjects for their consent even when their consent is not required.

We process personal data for as long as is necessary for the respective purpose. We anonymize or delete personal data, in particular, in accordance with statutory retention and statute of limitations periods.

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may include, for example, specialized service providers whose services we use. These third parties may, in turn, disclose personal data to other third parties.

In the course of our activities, we may disclose personal data to banks and other financial service providers, government agencies, educational and research institutions, consultants and attorneys, accounting and escrow service providers, debt collection agencies, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister, and subsidiary companies, organizations and associations, social institutions, telecommunications companies, insurance companies, and payment service providers.

We process personal data in order to communicate with individuals, as well as with government agencies, organizations, and companies. In particular, we process data that a data subject provides to us when contacting us, for example by mail or email. We may store such data in an address book or using similar tools.

Third parties who provide us with data about other individuals are legally obligated to ensure the data protection of those individuals on their own. In particular, they must ensure that they are authorized to transmit such data and must also guarantee the accuracy of the transmitted data.

We process personal data about job applicants to the extent necessary to assess their suitability for employment or for the subsequent performance of an employment contract. The necessary personal data is derived in particular from the information requested, for example in the context of a job posting. We may publish job postings with the assistance of suitable third parties, for example in electronic and print media or on job portals and recruitment platforms.

We also process personal data that applicants voluntarily provide or make public, particularly as part of cover letters, resumes, and other application materials, as well as through online profiles.

We process personal data regarding applicants—to the extent that the General Data Protection Regulation (GDPR) applies—in particular in accordance with Article 9(2)(b) of the GDPR.

We implement appropriate technical and organizational measures to ensure data security commensurate with the respective risk. Through our measures, we ensure in particular the confidentiality, availability, traceability, and integrity of the personal data we process, without, however, being able to guarantee absolute data security.

Access to our website and other digital platforms is secured using transport encryption (SSL/TLS, specifically the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers issue a warning before visiting a website that does not use transport encryption.

Our digital communications—like all digital communications—are subject to mass surveillance without cause or suspicion by security agencies in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence over the processing of personal data by intelligence agencies, police departments, and other security authorities. Nor can we rule out the possibility that a data subject is being specifically monitored.

We generally process personal data in Switzerland and within the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular to process it there or have it processed there.

We may transfer personal data to any country on Earth or elsewhere in the universe, provided that the laws of that jurisdiction, in accordance with a decision by the Swiss Federal Council and—to the extent that the General Data Protection Regulation (GDPR) applies—also in accordance with a decision by the European Commission, ensures an adequate level of data protection.

We may transfer personal data to countries whose laws do not provide adequate data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the specific legal requirements under data protection law are met, such as the explicit consent of the data subjects or a direct connection to the conclusion or performance of a contract. Upon request, we are happy to provide data subjects with information regarding any such safeguards or to supply a copy of any such safeguards.

We grant data subjects all rights provided for under applicable law. In particular, data subjects have the following rights:

We may defer, restrict, or deny the exercise of data subjects’ rights to the extent permitted by law. We may inform data subjects of any prerequisites that must be met for the exercise of their data protection rights. For example, we may refuse to provide information in whole or in part, citing confidentiality obligations, overriding interests, or the protection of other individuals. We may also, for example, refuse to delete personal data in whole or in part, particularly by citing legal retention obligations.

In exceptional cases, we may charge a fee for the exercise of these rights. We will inform the individuals concerned in advance of any such fees.

We are required to take reasonable steps to identify data subjects who request information or exercise other rights. Data subjects are required to cooperate.

Data subjects have the right to enforce their data protection rights through legal action or to file a complaint with a data protection supervisory authority.

The supervisory authority for data protection for private data controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities have a federal structure, particularly in Germany.

We may use cookies. Cookies—including our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies)—are data stored in the browser. Such stored data is not necessarily limited to traditional text-based cookies.

Cookies can be stored temporarily in the browser as “session cookies” or for a specific period of time as so-called persistent cookies. “Session cookies” are automatically deleted when the browser is closed. Persistent cookies have a specific storage duration. Cookies enable us, in particular, to recognize a browser on the next visit to our website and thereby, for example, measure the reach of our website. However, persistent cookies can also be used for online marketing, for example.

Cookies can be disabled, restricted, or deleted at any time, either in full or in part, through your browser settings. Browser settings often also allow for the automatic deletion and other management of cookies. Without cookies, our website may no longer be fully available. We actively request—at least to the extent required by applicable law—your express consent to the use of cookies.

For cookies used to measure performance and reach or for advertising purposes, many services offer a general opt-out option through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

For every visit to our website and other digital platforms, we may log at least the following information, provided that this information is automatically collected or transmitted to our digital infrastructure during such visits: Date and time, including time zone, IP address, access status (HTTP status code), operating system, including user interface and version, browser, including language and version, individual subpages of our website accessed, including the amount of data transferred, and the last webpage accessed in the same browser window (referrer).

We record such information, which may also constitute personal data, in log files. This information is necessary to ensure that our digital presence is available on a permanent, user-friendly, and reliable basis. This information is also necessary to ensure data security—including through third parties or with the assistance of third parties.

We may incorporate web beacons into our digital presence. Tracking pixels are also known as web beacons. Tracking pixels—including those from third parties whose services we use—are typically small, invisible images or JavaScript scripts that are automatically loaded when you access our digital presence. Tracking pixels can capture at least the same information as is recorded in log files.

We maintain a presence on social media and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with these platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The General Terms and Conditions (GTC), Terms of Use, privacy policies, and other provisions of the individual operators of such platforms also apply in each case. These provisions provide information, in particular, regarding the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right of access.

We use services provided by specialized third parties to ensure that we can carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. These services allow us, among other things, to embed features and content into our website. When such embedding occurs, the services used collect users’ IP addresses, at least temporarily, for technical reasons.

For necessary security, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data, which is necessary to provide the respective service.

In particular, we use:

We use services provided by specialized third parties to access the digital infrastructure required for our activities and operations. These include, for example, hosting and storage services from selected providers.

In particular, we use:

We use specialized audio and video conferencing services to communicate online. For example, we can use them to hold virtual meetings or conduct online classes and webinars. Participation in audio and video conferences is also subject to the legal terms and conditions of the individual services, such as privacy policies and terms of use.

Depending on your situation, we recommend that you mute your microphone by default when participating in audio or video conferences, and either blur the background or use a virtual background.

We use third-party services to facilitate online collaboration. In addition to this Privacy Policy, any terms and conditions of the services used that are directly visible—such as terms of use or privacy policies—also apply.

In particular, we use:

We use third-party services to embed maps on our website.

In particular, we use:

We use services provided by specialized third parties to embed digital content on our website. Digital content includes, in particular, images, videos, music, and podcasts.

In particular, we use:

We use third-party services to embed selected fonts, icons, logos, and symbols on our website.

In particular, we use:

We use extensions on our website to provide additional functionality. We may use selected services from suitable providers or implement such extensions on our own digital infrastructure.

In particular, we use:

We strive to measure the success and reach of our activities and operations. In this context, we may also measure the impact of third-party content or test how different parts or versions of our digital presence are used (the “A/B testing” method). Based on the results of our success and reach measurements, we can, in particular, fix errors, enhance popular content, or make improvements.

In most cases, the IP addresses of individual users are collected for the purpose of measuring success and reach. In this case, IP addresses are always truncated (“IP masking”) to comply with the principle of data minimization through the corresponding pseudonymization.

Cookies may be used to measure success and reach, and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our digital presence, information about the size of the screen or browser window, and the user’s location (at least approximately). In principle, any user profiles created are exclusively pseudonymized and are not used to identify individual users. Individual third-party services with which users are registered may, in some cases, associate the use of our online offering with the user account or user profile for the respective service.

In particular, we use:

We use video surveillance to prevent crimes, to preserve evidence in the event of crimes, to exercise and assert our own legal claims, to defend against third-party legal claims, and to enforce our right to manage our premises. In doing so—to the extent that the General Data Protection Regulation (GDPR) applies—overriding legitimate interests pursuant to Art. 6(1)(f) GDPR; in the case of special categories of personal data, with reference to Art. 9(2)(f) GDPR.

We retain recordings from our video surveillance system for as long as they are necessary for the preservation of evidence or for any other specified purpose.

We may back up footage from our video surveillance system and transmit it to the appropriate authorities, such as courts or law enforcement agencies, provided that such transmission is necessary for a specified purpose, in our other legitimate and overriding interests, or to comply with legal obligations.

We may update this Privacy Policy at any time. We will notify you of any updates by posting the most current version of the Privacy Policy on our website.