We process various categories of your personal data. The most important categories are as follows:

Master data: This includes basic details such as your name, contact details, personal details, customer history, declarations of consent, your relationship to us (e.g. customer, supplier, partner) as well as information about third parties (e.g. contact persons).

Contractual data: This is data which we collect in the course of providing our services (e.g. if you purchase our products in the online shop or if we develop a private label for you) as well as in general for the conclusion or the execution of contracts (both with customers, suppliers, service providers, partners, etc.), such as contractual services we owe you or you owe us, data concerning the provision of services, data from before concluding the contract (e.g. references), information about reactions (e.g. information about satisfaction) and financial data (e.g. payment information but also data about creditworthiness).

Communication data: This is data that we collect when we communicate with you or with third parties (e.g. by e-mail, telephone, mail or via other means of communication), such as content of e-mails or letters or your comments on our blog entries, your contact details as well as marginal data from communication. This also includes audio recordings from telephone calls.

Registration data: This is data that we collect in the context of a registration (e.g. online, newsletter), of competitions or when redeeming vouchers, or which you provide to us (e.g. user name, e-mail).

Technical data: This is data that we collect when you use our electronic resources (e.g. website and webshop), such as IP address, information about the operating system of your end device, the region and the time of use. In general, technical data does not allow any conclusions to be drawn about your identity.

Behavior and preference data: This is data about your behavior and your preferences, such as responses to electronic messages, navigation on the website, interactions with our social media profiles, participation in competitions or events, etc.), potentially supplemented by information from third parties (including from publicly accessible sources). See the section on “How we use cookies, other tracking technologies and social media plugins” with regard to tracking.

Other data: This includes data that we collect in connection with official or legal proceedings (e.g. files, evidence, etc.), data collected on the basis of health protection (e.g. as part of protection concepts), access details or rights (e.g. visitor lists), participation in events.

​

From you: You provide much of the above data yourself (e.g. in connection with our services for you or your employer or client or when communicating with us). You are not obligated to provide your data, except for in individual cases (e.g. because of legal requirements). However, if you conclude contracts with us or want to use our services, for example, you have to disclose certain data.

From third parties: We can also collect data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet incl. social media) or receive it from authorities and from other third parties (e.g. credit bureaus, address brokers, associations, contractual partners, Internet analytics services). In particular, this includes the following categories: master data, contractual data and other data, but also all other above-mentioned data categories as well as data from correspondence and meetings with third parties. If you work for an employer or client or someone else who has a business relationship with us or other dealings, they may also make data about you accessible to us.

In general, we collect and process your personal data for the following purposes in particular:

Operating our website: You can visit our website and obtain information about our services and products without telling us who you are. In order to be able to operate our website in a secure and stable manner, we collect technical data that at least enables us to recognize you. We also use cookies and similar technologies (see below).

Initiation, administration and execution of contracts: We process personal data in connection with providing our services (e.g. if you use registration, order or contact forms on our website, order something via our online shop, inquire by phone concerning our offerings and services). This applies not only in connection with the conclusion and execution of contracts with our customers, but also with our suppliers, service providers, project partners and others. Among other things, this also includes processing for the purpose of checking creditworthiness, for consulting, for customer support as well as for providing and demanding contractual services (which also includes the involvement of third parties). This also includes the enforcement of legal claims resulting from contracts (debt collection, legal proceedings, etc.), accounting, termination of contracts and public communication.

Communication: We process your data in order to be able to communicate with you (e.g. in order to respond to inquiries, in the context of consulting as well as the execution of contracts). We also collect additional data if we need to or want to determine your identity (e.g. a copy of an ID).

Marketing purposes and for relationship management: We process data for marketing purposes and in order to maintain relationships, for example to send our customers, other contractual partners and other interested parties personalized advertising (e.g. by e-mail or other electronic channels) concerning products, services and other news from us, in connection with free services (e.g. gift cards, vouchers, promotions, invitations) or as part of individual marketing campaigns. You can reject this type of contact at any time or refuse or withdraw consent to being contacted for advertising purposes by sending a message to the address shown at the end.

Market research, improvement of our services and operations, and product development: In order to continuously improve our products and services (incl. our website and webshop), we analyze how you navigate through our website or which products are used by which groups of people in which way, for example.

Registration: In order to be able to use certain offerings and services (e.g, login areas, newsletters), you need to register (directly with us or via our external login service providers). We process data for this purpose. Furthermore, we can also collect other personal data about you during use of the offering or the service.

Security purposes as well as technical access controls: We process your data in order to continuously improve the appropriate security of our IT. This is, for example, for monitoring, analyzing and testing IT infrastructure, for system and error checks, for documentation purposes and in the context of backup copies. Access controls include controls on access to electronic systems (e.g. logging into user accounts).

Compliance with laws, instructions and recommendations from authorities and internal regulations: We may process personal data in the context of complying with laws (e.g. anti-money laundering, tax law obligations and for implementing health and safety concepts). Data may also be processed during internal and external investigations (e.g. by law enforcement or supervisory authorities or a commissioned private body). Legal obligations may be Swiss law or also foreign regulations which we are subject to as well as self-regulation, industry standards, in-house “corporate governance” and official instructions and requests.

Risk and corporate management: We can process personal data as part of risk management (e.g. to protect against criminal activities) and corporate management, including our company organization (e.g resource planning) and company development (e.g. aquisition and sale of parts of the business or company).

Other purposes: These other purposes include, for example, training and educational purposes, administrative purposes (e.g. accounting), to safeguard our rights and to evaluate and improve internal processes. We may record telephone calls for training and quality assurance purposes. In such cases, we separately point this out (e.g. by means of a corresponding announcement before the telephone call) and you are free to end the communication. In general, these types of recordings may only be made and used according to our internal guidelines. Safeguarding of other legitimate interests is also one of the other purposes which cannot be listed exhaustively.

If the GDPR applies, we base the processing of your data on the following basis, depending on the situation and the purpose of processing:

Contract: Insofar as we process data for the conclusion and execution of contracts which we conclude or have concluded for you or with you or your employer, client or other people for whom you are working, this is also the legal basis on which we process your data.

Legal obligations: Furthermore, we can process your data based on the applicable legal, regulatory and professional provisions we have to adhere to.

Legitimate interest: We can process your data based on our legitimate interest or a legitimate interest of a third party. In particular, this applies in relation to achieving the purposes and objectives specified in the section “Which purposes we collect and process your personal data for” and for implementing associated measures. Among other things, we have a legitimate (and overriding) interest in marketing our products and services as well as in a better understanding of the markets relevant to us and our activities (in particular in the efficient and secure handling of our processes and in further development of our activities and products), in the efficient and effective management of our company and safeguarding of the security of our systems and our interests toward third parties.

Consent: If we ask you for your consent for the processing of your data, this is the legal basis on which we process your data. In this process, we inform you about the purpose of processing. You can withdraw your consent at any time by sending a written message (by mail or, if not stated or agreed otherwise, by e-mail) to us, with effect for the future. Once we have received and processed the message concerning withdrawal of your consent, we will no longer process your data for the purposes which you originally agreed to (unless further processing may be carried out on the basis of another legal basis).

Other legal basis: In specific cases, we can also perform data processing based on other legal basis. If this is the case, we will inform you on a case-by-case basis.

We automatically assess some of your personal characteristics for the purposes specified in the section “Which purposes we collect and process your personal data for” based on your data (“profiling”) if we want to determine your preference data and in order to perform statistical evaluations. We can also create profiles for the same purposes.

We collect and process your personal data in a trustworthy, responsible manner. For this purpose, we take appropriate security measures to ensure the confidentiality, integrity and availability of your personal data in order to protect against unauthorized or unlawful processing and to counteract the risk of loss, unintentional changes, unwanted disclosure or unauthorized access. However, the security risks cannot generally be completely excluded and a certain remaining level of risk is unavoidable.

We store personal data only for the duration required to fulfill the purposes for which the personal data was collected, if we have a legitimate interest in storing the data or are required to do so by law or storage is required for technical reasons (e.g. in the case of backups or document management systems). If no legal or contractual obligations run contrary, we erase or anonymize your data once the storage or processing period has elapsed as part of our usual processes.

We take appropriate technical and organizational measures in the interest of confidentiality, integrity and contractual availability of personal data. In accordance with our risk assessment, we implement admission controls in particular, but also access controls as well as procedures for regular checking, assessment and evaluation of the measures.

If there are no legal retention regulations in individual cases, we generally process personal data for the duration of the business relationship or contract period and then, depending on the applicable legal basis, for an additional five, ten or more years. This corresponds to the duration within which we can assert legal claims against third parties or third parties can do so against us. Ongoing or forthcoming legal proceedings may result in processing over and beyond this period.

To perform the contract, to pursue our legitimate interests or comply with statutory requirements, it might be necessary to forward your personal data to the following categories of recipients: Group companies, contractual partners, registries, registration partners, third-party service providers, credit inquiry agencies, address management companies or debt collection agencies, communication service providers or courts and authorities as well as other recipients insofar as this is necessary for fulfilling the purposes described above, such as third parties as part of agency relationships (e.g. your lawyer or your bank).

For the purpose of address verification, credit assessment or for debt collection purposes, we may pass on your personal data to credit inquiry agencies, address management companies or debt collection agencies, if necessary and as described above.

To the extent that courts or authorities request and we are legally required, we will pass on your personal data to them or other third parties.​

We mainly process and store personal data in Switzerland and the European Economic Area (EEA), but, in exceptional cases – for example via subcontractors of our service providers – potentially in every country around the world.

If a recipient is located in a country without appropriate data protection, we contractually oblige the recipient to comply with a sufficient level of data protection (for this purpose, we use the amended standard contractual clauses from the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?, including the amendments necessary for Switzerland), unless the recipient is subject to a legally accepted set of rules to ensure data protection and we cannot rely on a derogation clause. In particular, a derogation may apply in the event of legal proceedings abroad, but also in cases of overriding public interest if the performance of a contract which is in your interest requires this type of disclosure, if you have consented or obtaining your consent within an appropriate period is not possible and the disclosure is necessary in order to protect your life or your physical integrity or that of a third party, or if it concerns data made generally accessible by you whose processing you have not objected to.

You have certain rights in connection with our data processing. Depending on the applicable law, you can, in particular, request access to information about the processing of your personal data, have incorrect personal data rectified, request the erasure of personal data, object to data processing (whereby this right to objection, applies in particular but not exclusively, to data processing for the purpose of direct marketing), request the release of certain personal data in a common electronic format or its transmission to other controllers or withdraw consent, insofar as our processing is based on your consent.

Please note that exceptions or restrictions apply to these rights. In particular, we might have to process and forward your personal data in order to perform a contract with you, pursue our own legitimate interests such as the assertion, exercise or defense of legal claims or to comply with statutory requirements. To the extent legally permissible, in particular in order to safeguard the rights and freedoms of persons concerned and protect our legitimate interests (e.g. nondisclosure and security interest as well as consideration of our business resources and opportunities) we can therefore also reject your data protection-related requests, e.g. information or deletion requests, or only partially comply with your requests. However, you do have the right to lodge a complaint with a competent supervisory authority.

When using our website (incl. newsletter and additional digital offerings), data comes about which is stored in logs (in particular technical data). In addition, we can use cookies and similar technologies (e.g. pixel tags or fingerprints) in order to recognize website visitors, evaluate your behavior and identify preferences. A cookie is a small text file which is transmitted between the server and your system and enables a certain device or browser to be recognized.

You can set your browser such that it automatically rejects, accepts or deletes these cookies. You can also deactivate or delete cookies on a case-by-case basis. You can find out how you can manage cookies in your browser by looking at your browser’s help menu.

Neither the technical data we collect nor cookies generally contain any personal data. However, your personal data which we store or third-party providers commissioned by us store (e.g. if you have a user account with us or these providers) can be linked to the technical data or the information stored in the cookies and obtained from them and thus possibly to your person.

We also use social media plugins; these are small software modules that establish a link between your visit to our website and a third-party provider. The social media plugin informs the third-party provider that you visited our website and can transmit cookies which it previously placed on your web browser to the third-party provider. You can find further information about how these third-party providers use your personal data collected via your social media plugins in their respective privacy policies.

In addition, we use tools and services from third-party providers (which, on their part, can use cookies) on our website, in particular to improve the functionality or the content of our website (e.g. integration of videos or maps), to create statistics and to display advertising.

In particular, we can currently use services from the following service providers and advertising partners, whereby their contact details and additional information on the individual data processing measures can be accessed in the relevant privacy policy:​

Google Analytics

• Provider: Google Irland Ltd.
• Privacy policy: https://support.google.com/analytics/answer/6004245

Meta

• Provider: Meta Platforms Ireland Limited
• Privacy policy: https://www.facebook.com/privacy/policy/

Hotjar

• Provider: Hotjar Ltd
• Privacy policy: https://www.hotjar.com/legal/policies/privacy

Several of the third-party providers used by us may be located outside Switzerland. Information on data disclosure abroad can be found in the section “When we disclose your personal data abroad”. In respect of data protection law, they are, in some cases, “only” our processors and, in some cases, controllers. You can find further information on this in the privacy policies.

We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. In this process, we receive data from you (e.g. if you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms can analyze your usage and process this data together with other data they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and for managing their platforms) and act as their own controllers for this purpose. Please find additional information on processing by the platform operators in the privacy policies of the relevant platforms.

We currently use the following platforms, whereby the identity and contact details of the platform operator can be accessed in the respective privacy policies:

Facebook

• www.facebook.com
• Privacy policy: www.facebook.com/privacy/policy

Instagram

• www.instagram.com
• Privacy policy: https://privacycenter.instagram.com/policy

LinkedIn

• www.linkedin.com
• Privacy policy: https://www.linkedin.com/legal/privacy-policy

If you have any questions about the data processing described in this privacy policy, you can contact us via the contact form under the following link: https://www.pakka.ch/contactus

If you would like to exercise your data subject rights in accordance with the data protection law applicable to us or have general questions about data protection at Pakka, please contact welcome@pakka.ch.

We reserve the right to change this privacy policy at any time. The version published on our website at the respective time applies.

September 2023