プライバシーポリシー
Privacy Policy
Below you will find the data protection provisions relating to the AlAy website and the associated services.
Below you will find the data protection provisions relating to the AlAy website and the associated services.
This privacy policy provides information about the processing of personal data in connection with our activities and operations , including our website under the domain name alay.ch. In particular, we provide information about what, how, and where we process which personal data. We also provide information about the rights of individuals whose data we process.
We may publish additional privacy statements or other data protection information for individual or additional activities and operations.
We are subject to Swiss law and, where applicable, to applicable foreign law, in particular that of the European Union (EU) with the European General Data Protection Regulation (GDPR).
In its decision of July 26, 2000 , the European Commission recognized that Swiss data protection law ensures adequate data protection. In a report dated January 15, 2024, the European Commission confirmed this adequacy decision.
Responsible in terms of data protection law is:
AlAy AG
Werner X. Uehlinger
Lindenweg 5
4052 Basel
In individual cases, third parties may be responsible for processing personal data, or there may be joint responsibility with third parties. We will be happy to provide data subjects with information about their respective responsibilities upon request.
Data subject: Natural person about whom we process personal data.
Personal data: All information relating to an identified or identifiable natural person.
Personal data requiring particular protection: data concerning trade union, political, religious or ideological views and activities, data concerning health, privacy or ethnic or racial affiliation, genetic data, biometric data that uniquely identify a natural person, data on criminal and administrative sanctions or prosecutions, and data on social assistance measures.
Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, comparing, adapting, archiving, storing, retrieving, disclosing, obtaining, recording, collecting, deleting, disclosing, arranging, organizing, storing, altering, disseminating, linking, destroying and using personal data.
European Economic Area (EEA): Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.
We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, DSG) and the Ordinance on Data Protection ( Data Protection Ordinance, DSV).
We process – if and to the extent that the European General Data Protection Regulation (GDPR) is applicable – personal data or personal data in accordance with at least one of the following legal bases:
The European General Data Protection Regulation (GDPR) defines the processing of personal data as processing of personal data and the processing of particularly sensitive personal data as processing of special categories of personal data (Art. 9 GDPR) .
We process the personal data necessary to carry out our activities in a sustainable, humane, secure, and reliable manner. The personal data processed may, in particular, fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data. Furthermore, the personal data may constitute particularly sensitive personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities, to the extent that such processing is permissible.
We process personal data, where necessary, with the consent of the data subjects. In many cases, we may process personal data without consent, for example, to comply with legal obligations or to protect overriding interests. We may also request the consent of data subjects when their consent is not required.
We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data, particularly depending on statutory retention and limitation periods.
We may disclose personal data to third parties , have it processed by third parties, or process it jointly with third parties. Such third parties may, for example, be specialized providers whose services we utilize.
As part of our activities, we may disclose personal data, in particular, to banks and other financial service providers, public authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and credit agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister and subsidiary companies, organizations and associations, social institutions, telecommunications companies, insurance companies and payment service providers.
We process personal data to communicate with individuals, as well as with authorities, organizations, and companies. In particular, we process data that a data subject sends to us when contacting us, for example, by post or email. We may store such data in an address book or using similar tools.
Third parties who transmit data about other individuals to us are obligated to independently ensure the data protection of these data subjects. In particular, they must ensure that such data is correct and permitted to be transmitted.
We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. These measures specifically ensure the confidentiality, availability, traceability, and integrity of the personal data processed, but cannot guarantee absolute data security.
Access to our website and our other digital presence is via transport encryption ( SSL/TLS , in particular with the Hypertext Transfer Protocol Secure, abbreviated to HTTPS ). Most browsers warn against visiting a website without transport encryption.
Our digital communications – like all digital communications – are subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence agencies, police departments, and other security authorities. Nor can we rule out the possibility that a data subject is being specifically monitored.
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular to process it or have it processed there.
We may export personal data to any country on Earth and elsewhere in the universe , provided that the laws of that country ensure adequate data protection as determined by the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – also as determined by the European Commission .
We may transfer personal data to countries whose laws do not guarantee adequate data protection, provided that data protection is guaranteed for other reasons, in particular on the basis of standard data protection clauses or other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, for example, the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. We will be happy to provide data subjects with information about any safeguards or a copy of any safeguards upon request.
We grant data subjects all rights under applicable law. Data subjects have, in particular, the following rights:
We may postpone, restrict, or refuse the exercise of data subjects' rights within the legally permissible framework. We may inform data subjects of any prerequisites that may need to be met to exercise their data protection rights. For example, we may refuse to provide information in whole or in part, citing confidentiality obligations, overriding interests, or the protection of other persons. We may also refuse to delete personal data in whole or in part, particularly by citing statutory retention periods.
In exceptional cases, we may charge fees for exercising these rights . We will inform data subjects in advance of any costs involved.
We are obligated to take appropriate measures to identify data subjects who request information or assert other rights. Data subjects are obligated to cooperate.
Data subjects have the right to enforce their data protection claims through legal action or to file a complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC) .
European data protection supervisory authorities are organized as members of the European Data Protection Board ( EDPB ). In some member states of the European Economic Area (EEA), data protection supervisory authorities are structured on a federal basis, particularly in Germany .
We may use cookies. Cookies—both our own cookies (first-party cookies) and cookies from third-party services we use (third-party cookies)—are data stored in your browser. Such stored data need not be limited to traditional text cookies.
Cookies can be stored temporarily in the browser as "session cookies" or for a specific period of time as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage period. In particular, cookies make it possible to recognize a browser the next time you visit our website and thus, for example, to measure the reach of our website. Permanent cookies can also be used for online marketing, for example.
Cookies can be fully or partially deactivated, restricted, or deleted at any time using your browser settings. Browser settings often also allow for automated deletion and other cookie management. Without cookies, our website may no longer be fully available. We actively request your explicit consent to the use of cookies – at least where and to the extent required by applicable law.
For cookies used for performance and reach measurement or for advertising, a general objection ("opt-out") is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
For each access to our website and our other digital presence, we can log at least the following information, provided that this is transmitted to our digital infrastructure during such access: Date and time including time zone, IP address , access status (HTTP status code) , operating system including user interface and version, browser including language and version, individual subpage of our website accessed including the amount of data transferred, last website accessed in the same browser window (referrer) .
We log such information, which may also constitute personal data, in log files. This information is necessary to provide our digital presence in a permanent, user-friendly, and reliable manner. Furthermore, this information is required to ensure data security – including through or with the assistance of third parties.
We may integrate tracking pixels into our digital presence. Tracking pixels are also known as web beacons. Tracking pixels – including those of third parties whose services we use – are typically small, invisible images or JavaScript scripts that are automatically retrieved when you access our digital presence. Tracking pixels can collect at least the same amount of information as log files.
We use services from specialized third parties to enable us to conduct our activities in a sustainable, human-friendly, secure, and reliable manner. Such services allow us, among other things, to embed functions and content into our website. When embedding, the services used collect the users' IP addresses, at least temporarily, for technically necessary reasons.
«Privacy and security principles»
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data in order to be able to provide the respective service.
In particular, we use:
We use services from specialized third parties to access the digital infrastructure required for our activities. This includes, for example, hosting and storage services from selected providers.
In particular, we use:
We use third-party services to embed selected fonts as well as icons, logos and symbols into our website.
In particular, we use:
We attempt to measure the success and reach of our activities and operations. In this context, we may also measure the impact of third-party feedback or examine how different parts or versions of our digital presence are used ("A/B testing" method). Based on the results of the success and reach measurements, we may, in particular, correct errors, strengthen popular content, or make improvements.
In most cases, the IP addresses of individual users are recorded for success and reach measurement purposes. In this case, IP addresses are generally shortened ("IP masking") to comply with the principle of data economy through appropriate pseudonymization.
Cookies may be used to measure success and reach, and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our digital presence, information about the size of the screen or browser window, and the location—at least approximately. As a general rule, any user profiles created are created exclusively in pseudonyms and are not used to identify individual users. Individual third-party services with which users are logged in may at most associate the use of our online offering with the user account or user profile on the respective service.
In particular, we use: