LEGAL

Information on data protection

We, OYM AG, Lorzenparkstrasse 22, CH-6330 Cham, Switzerland and all its subsidiaries worldwide, take data protection seriously and hereby inform you in the following statement on the collection, storage and possible use of personal data.
The use of the website and the use of OYM services may be connected with the processing of personal data. The handling of this data is regulated by law, in particular in the EU Data Protection Regulation (GDPR). We would like to inform you about the details of the processing of your personal data.

OYM AG, Lorzenparkstrasse 22, CH-6330 Cham, Switzerland (hereinafter referred to as "we" or "us") are responsible for data processing.

1.    General Information

a.    Contact
If you have any questions about this privacy statement or wish to contact us to exercise your rights, please send your request to
OYM AG, Lorzenparkstrasse 22, CH-6330 Cham, Switzerland

E-Mail: info@oym.ch
For Switzerland, the EU Commission has issued an adequacy resolution (2002/518/EC), so that the appropriate level of data protection pursuant to Art. 45 GDPR is ensured.

b.    Scope of this data privacy statement
This statement applies to all services offered and operated by us, in particular to our website www.oym.ch. It also applies accordingly to mobile devices or offers and presences adapted to other platforms.

c.    General information on data processing
When using this website and our services, personal data may be processed. The term "personal data" under data protection law refers to all information relating to a specific or identifiable person. The IP address can also be a personal datum. An IP address is assigned to each device connected to the Internet by the Internet provider so that it can send and receive data. When you use the Site, we collect information that you provide yourself. In addition, certain information about your use of the website is automatically collected during your visit to the website. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR. Data will only be processed by us on the basis of legal permission. When using this website, we only process personal data with your consent (Art. 6 para. 1, lit. a) GDPR), for the performance of a contract to which you are a party, or at your request for the implementation of pre-contractual measures (Art. 6 para. 1, lit b) GDPR), for the fulfilment of a legal obligation (Art. 6 para.1 lit. c) GDPR) or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms which require the protection of personal data, prevail (Art. 6 para. 1 s, lit. f) GDPR.


d.    Duration of storage
Unless otherwise stated in the following information, we store the data only as long as necessary to achieve the purpose of processing or to fulfil our contractual or statutory obligations. Such statutory retention obligations may arise in particular from commercial or tax regulations.

e.     Technical Service Providers
Unless otherwise stated in the following information, the data will be processed on the servers of technical service providers commissioned by us for this purpose. These service providers process the data only according to express instructions and are contractually obliged to guarantee adequate technical and organizational measures for data protection.
Specifically, we use the services of Amazon S3 which is AWS certified. The certificate demonstrates adequate security management, data security, confidentiality of information and availability of IT systems. It also confirms that safety standards are continuously improved and sustainably controlled.

f.    SSL encryption
This site uses SSL encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and by the lock icon in your browser line. If SSL encryption is activated, the data which you transfer to us cannot be read by third parties.

1.    Processing of server log files
When using our website for information purposes only, general information is initially stored automatically (i.e. not via registration), which your browser transmits to our server. These include as standard: Browser type/ version, operating system used, page accessed, previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 lit. f) GDPR. This processing serves the technical administration and security of the website. The stored data will be deleted unless there is a justified suspicion of illegal use based on concrete evidence and further examination and processing of the information is necessary for this reason.

2.    Contact form
Our website contains a contact form where you can send us messages. The transfer of your data is encrypted. All data fields marked as mandatory fields are required to process your request. If you do not provide us with your data, we will be unable to process your request. The provision of further data is voluntary. Alternatively, you can contact us by e-mail. The legal basis for data processing in connection with a contact enquiry is Art. 6 para. 1 lit. b GDPR).

3.    Cookies
We use cookies on our website to make our website more user-friendly, effective and secure. Cookies are small text files that are stored by your browser when you visit a website. This leads to identification of the browser used and means it can be recognized by our web server.  The cookies we use are usually so-called "session cookies". They are automatically deleted after closing your browser. Other cookies ("persistent cookies") are automatically deleted after a specified period, which may vary depending on the cookie. These cookies make it possible to recognize your browser when you next visit the site. If this use of cookies results in the processing of personal data, this is on the legal basis of Art. 6 para.1 lit. f) GDPR. You can delete the cookies in the security settings of your browser at any time and you can fundamentally object to the use of cookies through your browser settings. Disabling cookies may limit the functionality of this website. For further information, visit https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html.

4.    Analysis of our website with Google Analytics
We use the Google Analytics service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") to evaluate our website visitors. Google uses cookies for this purpose. As a rule, the cookie-generated information regarding your use of this website will be forwarded to a Google server in the USA and stored there. On our behalf, Google will use this information to evaluate the use of our online offering by the user, to compile reports on the activities within this online offering and to provide us with other services related to the use of this online offering and the Internet. Pseudonymous usage profiles of users may be created from the processed data in this respect. We use Google Analytics only with activated IP anonymization. This means that the IP address of the user is shortened by Google within the member states of the European Union or in other countries that are party to the Agreement on the European Economic Area. The IP address sent by your browser will not be connected with other data from Google. The legal basis for the use of this service is Art. 6 para. 1, lit. f) GDPR and serves the legitimate interest of analyzing user behavior on our website and the design that is thus possible in line with requirements. You may refuse the saving of cookies by selecting the appropriate settings in your browser. You can also prevent the information generated by the cookie from being collected by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. If you visit our website via a mobile device, you can disable Google Analytics by clicking this link. Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European and Swiss data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

5.    Retargeting

a.    Facebook (visitor action pixel)
We use the "visitor action pixel" of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are an EU resident, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The visitor action pixel allows us to track the behavior of users after they have been redirected to our website by clicking on a Facebook ad (so-called “conversion”). We can also use it to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous for us, that is, we do not see the personal data of individual users. However, this data is stored and processed by Facebook, and we are hereby informing you about this according to our knowledge. Facebook may link this information to your Facebook account and use it for its own promotional purposes, as outlined in Facebook's Data Usage Policy, see https://www.facebook.com/about/privacy/. The visitor action pixel is triggered by Facebook when you visit our website and can store a cookie on your device. If you then log on to Facebook or visit Facebook in a registered state, your visiting our offer will be noted in your profile. The data collected on you remains anonymous to us, so it does not provide us with any information about the identity of the user. However, Facebook stores and processes the data so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. This service is used on the legal basis of Art. 6 para. 1, lit. f) GDPR and serves our legitimate economic interests. You can object to the collection by the Facebook pixel and use of your data to display Facebook ads at the following address: https://www.facebook.com/settings?tab=ads. Facebook is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European and Swiss data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).


b.    Google re-/marketing services

On our website we use marketing and remarketing services of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). These services allow us to target advertisements more accurately to present ads of interest to users.
Remarketing shows users ads and products that have been found to be of interest on other sites on the Google Network. For these purposes, when our website is accessed by Google, a code is executed and so-called (re)marketing tags are integrated into the website. These store a unique cookie or comparable technology on the user's device. Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites users have visited, what content they are interested in and what offers have been made. In addition, technical information about the browser and operating system, referring websites, visit time and further information about the use of the online offer are stored. The IP address of the users is also recorded, whereby we hereby inform within the framework of Google Analytics that the IP address within member states of the European Union or in other contracting states of the agreement on the European Economic Area is reduced. Any user data will only be processed as pseudonymous data. Google does not store any names or e-mail addresses. All displayed ads are therefore not displayed specifically for one person, but for the owner of the cookie. This information is collected by Google and transmitted to and stored by servers in the USA. One of the Google marketing services we use is Google AdWords, an online advertising platform. In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Thus, cookies cannot be tracked using the website of Adwords customers. The information obtained using the conversion cookie is used to create conversion statistics for the Adwords advertisers who have opted for conversion tracking. Adwords customers can find out the total number of users who have clicked on their ad and been redirected to the page with a conversion tracking tag. However, advertisers do not obtain any information that can be used to identify users personally.

On the basis of the Google DoubleClick Marketing Services, we can integrate third party ads. DoubleClick uses cookies to enable Google and its partner sites to serve ads based on users' visits to this site or other sites on the Internet. Further information on Google's use of data for marketing purposes can be found at: https://www.google.com/policies/technologies/ads, while Google's privacy policy is available at https://www.google.com/policies/privacy. The legal basis for the use of this service is Art. 6 para. lit. f) GDPR. If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: https://adssettings.google.com/. Google is certified under the EU-US Privacy Shield Agreement and thus provides an appropriate guarantee to comply with European and Swiss data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

8.    Integrated services and contents of third parties
We collect on the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f GDPR, we use the plug-ins listed below to analyze and optimize our offers. 
Our website uses so-called social plugins ("plugins") from the social networks Facebook, Instagram and the services YouTube and Linkedin. These services are provided by Facebook Inc, Instagram LLC, YouTube and Linkedin ("Providers"). Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). An overview of Facebook plugins and their design can be found here: https://developers.facebook.com/docs/plugins
Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). An overview of the Instagram buttons and their appearance can be found here: https://www.instagram.com/developer/embedding/ 
YouTube is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). More information about YouTube can be found here: https://developers.google.com/youtube/
Linkedin is operated by Linkedin Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA ("Linkedin"). An overview of the Linkedin plugins and their appearance can be found here: https://developer.linkedin.com/plugins
When you visit a page of our website containing a social plugin, your browser establishes a direct connection to Instagram's servers. The content of the plugin is transmitted by the provider directly to your browser and integrated into the webpage. By integrating the plugin, the provider receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the relevant supplier or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider in the USA (or Germany) and stored there.
If you are logged in to one of the services, the providers can directly associate the visit to our site with your profile on Facebook, Google+, Twitter or Instagram. When you interact with the plugins, for example by pressing the "Like" or the "Instagram" button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information is also published on Facebook, Instagram, YouTube or Linkedin social networks and displayed to your contacts. For the purpose and scope of data collection and further processing and use of data by the providers as well as your rights and settings options for protecting your privacy, please see the privacy policies of the providers.

Privacy policy of Facebook: http://www.facebook.com/policy.php 
Instagram Privacy Notice: https://help.instagram.com/155833707900388/ 
Privacy policy of YouTube: https://www.google.de/intl/de/policies/privacy 
Privacy Policy of Linkedin: https://www.linkedin.com/legal/privacy-policy 
If you do not want Google, Facebook, Twitter, or Instagram to associate the data collected from our website directly with your profile in the respective social network, you must log out of the respective network before visiting our website. You can also completely prevent the loading of plugins with add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/).

9.    Your Rights
As the person concerned, you have the right to assert your rights against us. In particular, you have the following rights:
•    In accordance with Art.15 GDPR, you have the right to request information as to whether and to what extent we process personal data about you or not.
•    You have the right, in accordance with Art. 16 GDPR to request us to correct your data.
•    You have the right, in accordance with Art. 17 GDPR from us to delete your personal data.
•    You have the right, in accordance with Art. 18 GDPR to restrict the processing of your personal data.
•    You have the right, in accordance with Art. 20 GDPR to receive the personal data concerning you that you have provided to us, in a structured, common and machine-readable format and to transfer this data to another data controller.

In accordance with Art. 21 para 1 GDPR you have the right to object to any processing carried out on the legal basis of Art. 6 para. 1, lit. e) or f) of the GDPR. If we process personal data about you for the purpose of direct marketing, you may object to such processing in accordance with Art. 21 para 2 and 3 GDPR.
You may revoke your consent in accordance with Art. 7 Para. 3 GDPR at any time. Such revocation does not affect the legality of the processing which has taken place until the revocation based on the consent.

10.    Complaint to a supervisory authority
If you believe that the processing of personal data concerning you violates the provisions of the GDPR, in accordance with Art. 77 GDPR you have the right of appeal to a supervisory authority.

Status: November 2019