Privacy Policy

This Privacy Policy provides information about how we process personal data in connection with our activities and operations, including our website at www.tibram-gruppe.ch. In particular, we explain which personal data we process, for what purpose, how, and where. We also provide information about the rights of individuals whose data we process.

We have written this privacy policy in German. If it is published in another language, the German version of the privacy policy shall prevail.

We may publish additional privacy policies or other information regarding data protection for specific or additional activities and operations.

We are subject to Swiss law and, where applicable, foreign law, in particular the law of the European Union (EU), including the General Data Protection Regulation (GDPR).

In its decision of July 26, 2000, the European Commission recognized that Swiss data protection law ensures an adequate level of data protection. In its report of January 15, 2024, the European Commission confirmed this adequacy decision.

The responsible party for data protection purposes is:

Tibram Gruppe
Tibram Gruppe
c/o Tibram AG
Industriestrasse 2
3661 Uetendorf

info@tibram.ch

In some cases, third parties may be responsible for processing personal data, or there may be joint responsibility with third parties. We provide data subjects with information regarding the relevant responsibility upon request.

Affected person: A natural person whose personal data we process.

Personal data: Any information relating to an identified or identifiable natural person.

Sensitive personal data: data relating to trade union, political, religious or philosophical views and activities; data relating to health, private life or membership of an ethnic or racial group; genetic data; biometric data that uniquely identifies a natural person; data relating to criminal or administrative sanctions or proceedings, and data relating to social welfare measures.

Processing: Any handling of personal data, regardless of the means and methods used, such as retrieving, comparing, adapting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, revealing, classifying, organising, saving, modifying, disseminating, linking, destroying and using personal data..

European Economic Area (EEA): Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

Where the General Data Protection Regulation (GDPR) applies, we process personal data in accordance with at least one of the following legal bases:

The European General Data Protection Regulation (GDPR) refers to the handling of personal data as the processing of personal data and the handling of sensitive personal data as the processing of special categories of personal data (Art. 9  GDPR).

We process the personal data necessary to enable us to carry out our activities and operations in a sustainable, people-friendly, secure and reliable manner. The personal data processed may include, in particular, browser and device data, content data, communication data, metadata, usage data, master data (including inventory and contact details), location data, transaction data, contract data and payment data. The personal data may also constitute special categories of personal data

We also process personal data that we receive from third parties, obtain from publicly available sources, or collect in the course of our activities and operations, provided that such processing is permitted.

We process personal data, where necessary, with the consent of the data subjects. In many cases, we may process personal data without consent, for example to comply with legal obligations or to safeguard legitimate interests. We may also ask data subjects for their consent even where it is not required.

We process personal data for as long as is necessary for the relevant purpose. We anonymise or delete personal data, in particular in accordance with statutory retention and limitation periods.

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may include, for example, specialist service providers whose services we use. These third parties may in turn disclose personal data to other third parties.

We may disclose personal data in the course of our activities and operations, in particular to banks and other financial service providers, public authorities, educational and research institutions, consultants and solicitors, accounting and fiduciary service providers, debt collection agencies, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and delivery companies, marketing and advertising agencies, media, parent, sister and subsidiary companies, organisations and associations, social institutions, telecommunications companies, insurance companies and payment service providers.

We process personal data in order to communicate with individuals, as well as with public authorities, organisations and companies. In particular, we process data that a data subject provides to us when contacting us, for example by post or email. We may store such data in an address book or using similar tools.

Third parties who provide us with data relating to other individuals are legally obliged to ensure the data protection of those individuals themselves. In particular, they must ensure that they are authorised to transfer such data and must also guarantee the accuracy of the data provided.

We process personal data relating to job applicants to the extent that it is necessary for assessing their suitability for employment or for the subsequent performance of an employment contract. The personal data required is derived in particular from the information requested, for example in the context of a job advertisement. We may publish job advertisements with the assistance of suitable third parties, for example in electronic and print media or on job portals and recruitment platforms.

We also process personal data that applicants provide or publish willingly, in particular as part of cover letters, CVs and other application documents, as well as in online profiles.

Where the General Data Protection Regulation (GDPR) applies, we process personal data relating to applicants, in particular in accordance with Art. Art. 9 (2) (b); GDPR.

We implement appropriate technical and organisational measures to ensure data security commensurate with the respective risk. In particular, our measures ensure the confidentiality, availability, traceability and integrity of the personal data we process; however, we cannot guarantee absolute data security.

Access to our website and our other digital platforms is secured using transport encryption(SSL / TLS, specifically the Hypertext Transfer Protocol Secure, abbreviated to HTTPS). Most browsers will warn you before you visit a website that does not use transport encryption.

Our digital communications – like all digital communications, in principle – are subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We have no direct influence over the processing of personal data by intelligence services, police forces and other security authorities. Nor can we rule out the possibility that a data subject may be specifically monitored.

We generally process personal data in Switzerland and within the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular for the purpose of processing it there or having it processed there.

We may transfer personal data to a or elsewhere in the universe, provided that the law in that jurisdiction ensures an adequate level of data protection in accordance with a decision by the Swiss Federal Counci and – where and to the extent that the General Data Protection Regulation (GDPR) applies – also in accordance witdecision by the European Commission.

We may transfer personal data to countries whose laws do not guarantee an adequate level of data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, for example the explicit consent of the data subjects or a direct connection to the conclusion or performance of a contract. We are happy to provide data subjects with information about any safeguards upon request or to supply a copy of any such safeguards.

We grant affected persons all rights under applicable law. In particular, affected persons have the following rights:

We may defer, restrict or refuse to grant affected persons’ rights within the limits permitted by law. We may inform affected persons of any conditions that must be met in order for them to exercise their data protection rights. For example, we may refuse to provide information in whole or in part, citing confidentiality obligations, overriding interests or the protection of other individuals. We may also, for example, refuse to erase personal data in whole or in part, in particular citing statutory retention obligations.

In exceptional cases, we may charge a fee for the exercise of these rights. We will inform the affected persons in advance of any such costs.

We are required to take appropriate measures to identify affected persons who request information or wish to exercise other rights. Affected persons are required to cooperate.

Affected persons have the right to enforce their data protection rights through the courts or to lodge a complaint with a data protection supervisory authority.

The supervisory authority for data protection for private data controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organised as members of the European Data Protection Board  (EDPB). In some Member States of the European Economic Area (EEA), the data protection supervisory authorities have a federal structure, particularly in Germany.

We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data need not be limited to traditional text-based cookies.

Cookies can be stored temporarily in the browser as ‘session cookies’ or for a specific period as so-called permanent cookies. ‘Session cookies’ are automatically deleted when the browser is closed. Permanent cookies have a specific storage period. In particular, cookies enable a browser to be recognised the next time you visit our website, thereby allowing us, for example, to measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.

Cookies can be disabled, restricted or deleted in full or in part at any time via your browser settings. Browser settings often also allow for the automatic deletion and other management of cookies. Without cookies, our website may no longer be available in its entirety. We actively seek your express consent to the use of cookies – at least to the extent required by applicable law.

For cookies used to measure performance and reach, or for advertising purposes, many services offer a general opt-out option via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance)or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

We may log at least the following information for every visit to our website and other digital platforms, provided that this information is automatically collected or transmitted to our digital infrastructure during such visits: Date and time, including time zone, IP address, , access status (HTTP status code), operating system, including user interface and version, browser, including language and version, individual subpages of our website accessed, including the amount of data transferred,, and the last webpage accessed in the same browser window (referrer).

We record such information, which may also constitute personal data, in log files. This information is necessary to ensure that our digital presence remains available on a permanent, user-friendly and reliable basis. It is also necessary to ensure data security – including through third parties or with the assistance of third parties.

We may incorporate tracking pixels into our digital presence. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are usually small, invisible images or scripts written in JavaScript that are automatically retrieved when our digital presence is accessed. Tracking pixels can be used to collect at least the same information as is recorded in log files.

We maintain a presence on social media and other online platforms in order to communicate with interested parties and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The General Terms and Conditions (GTC), Terms of Use, privacy policies and other provisions of the individual operators of such platforms also apply in each case. These provisions provide information, in particular, on the rights of data subjects vis-à-vis the respective platform, including, for example, the right of access.

We use services provided by specialist third parties to ensure that we can carry out our activities and operations in a sustainable, user-friendly, secure and reliable manner. These services enable us, amongst other things, to embed functions and content into our website. When such embedding takes place, the services used collect users’ IP addresses, at least temporarily, for technical reasons.

For necessary security, statistical and technical purposes, third parties whose services we use may process data relating to our activities and operations in an aggregated, anonymised or pseudonymised form. This includes, for example, performance or usage data, which is required to provide the relevant service.

In particular, we use:

We use services provided by specialist third parties to access the digital infrastructure required for our activities and operations. These include, for example, hosting and storage services from selected providers.

In particular, we use:

We use dedicated services for audio and video conferencing to enable us to communicate online. These allow us, for example, to hold virtual meetings or conduct online lessons and webinars. Participation in audio and video conferences is also subject to the legal terms and conditions of the individual services, such as privacy policies and terms of use.

Depending on your circumstances, we recommend that you mute your microphone by default when taking part in audio or video conferences, and either blur the background or display a virtual background.

We use third-party services to facilitate online collaboration. In addition to this privacy policy, any terms and conditions directly applicable to the services used – such as terms of use or privacy policies – shall also apply.

In particular, we use:

We use third-party services to embed maps on our website.

In particular, we use:

We use services provided by specialist third parties to embed digital content on our website. Digital content includes, in particular, images, videos, music and podcasts.

In particular, we use:

We use third-party services to embed selected fonts, icons, logos and symbols on our website.

In particular, we use:

We use extensions on our website to provide additional functionality. We may use selected services from suitable providers or implement such extensions on our own digital infrastructure.

In particular, we use:

We seek to measure the success and reach of our activities and operations. As part of this, we may also measure the impact of third-party content or assess how different parts or versions of our digital presence are used (using the ‘A/B testing’ method). Based on the results of our performance and reach measurements, we can, in particular, rectify errors, enhance popular content or make improvements.

In most cases, the IP address, of individual users are collected for the purpose of measuring success and reach. In such cases, IP addresses are always truncated (‘IP masking’) in order to comply with the principle of data minimisation through the use of pseudonymisation.

Cookies may be used to measure performance and reach, and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our digital platform, details of the screen size or browser window, and the user’s location (at least approximately). In principle, any user profiles created are exclusively pseudonymised and are not used to identify individual users. Individual third-party services with which users are registered may, where applicable, link the use of our online offering to the user’s account or profile with the respective service.

In particular, we use:

We use video surveillance to prevent criminal offences, to secure evidence in the event of criminal offences, to exercise and assert our own legal claims, to defend against third-party legal claims, and to enforce our right to manage our premises. In this context – insofar as the General Data Protection Regulation (GDPR) applies – these constitute overriding legitimate interests pursuant to Article Art. 6 Abs. 1 lit. f DSGVO, in the case of special categories of personal data, reference is made to Art. 9 Abs. 2 lit. f DSGVO.

We retain recordings from our CCTV system for as long as is necessary for the preservation of evidence or for any other specified purpose.

We may back up footage from our CCTV system and pass it on to the relevant authorities, in particular the courts or law enforcement agencies, provided that such disclosure is necessary for a specified purpose, in our other legitimate and overriding interests, or in order to comply with legal obligations.

We may update this privacy policy at any time. We will notify you of any updates by publishing the latest version of the privacy policy on our website.