Privacy Policy

With this Privacy Policy, we provide information about the processing of personal data in connection with our activities and operations, including our website at the domain lemex.ch. In particular, we provide information about which personal data we process for what purpose, in what manner and where. We also provide information about the rights of persons whose data we process.

We have drafted this Privacy Policy in German. In case of publication in another language, the German version remains authoritative.

For individual or additional activities and operations, we may publish further privacy policies or other information on data protection.

We are subject to Swiss law and, where applicable, foreign law, in particular that of the European Union (EU) with the European General Data Protection Regulation (GDPR).

By decision of 26 July 2000, the European Commission recognised that Swiss data protection law ensures an adequate level of data protection. With its report of 15 January 2024, the European Commission confirmed this adequacy decision.

1. Contact Details

The controller within the meaning of data protection law is:

LEMEX International AG
Keltenweg 6
6312 Steinhausen
Switzerland

Contact

In individual cases, third parties may be responsible for the processing of personal data, or there may be joint responsibility with third parties. Upon request, we are happy to provide data subjects with information about the respective responsibility.

2. Terms and Legal Bases

2.1 Terms

Data subject: Natural person about whom we process personal data.

Personal data: Any information relating to an identified or identifiable natural person.

Personal data requiring special protection: Data on trade union, political, religious or ideological views and activities, data on health, the intimate sphere or affiliation with an ethnicity or race, genetic data, biometric data uniquely identifying a natural person, data on criminal and administrative sanctions or prosecutions, and data on social assistance measures.

Processing: Any handling of personal data, regardless of the means and procedures used, including querying, comparing, adapting, archiving, storing, reading, disclosing, procuring, recording, collecting, deleting, ordering, organising, altering, distributing, linking, destroying and using personal data.

European Economic Area (EEA): Member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.

2.2 Legal Bases

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (FADP) and the Data Protection Ordinance (DPO).

Where and to the extent that the European General Data Protection Regulation (GDPR) applies, we process personal data on the basis of at least one of the following legal bases:

  • Article 6(1)(b) GDPR for processing necessary for the performance of a contract with the data subject and to carry out pre-contractual measures.
  • Article 6(1)(f) GDPR for processing necessary to safeguard legitimate interests, including those of third parties, provided that the fundamental freedoms, fundamental rights and interests of the data subject do not override. Such interests include in particular the lasting, user-friendly, secure and reliable operation of our activities and tasks, the safeguarding of information security, protection against abuse, the enforcement of our own legal claims and compliance with Swiss law.
  • Article 6(1)(c) GDPR for processing necessary to comply with a legal obligation to which we are subject under any applicable law of member states of the European Economic Area (EEA).
  • Article 6(1)(e) GDPR for processing necessary for the performance of a task carried out in the public interest.
  • Article 6(1)(a) GDPR for processing based on the data subject’s consent.
  • Article 6(1)(d) GDPR for processing necessary to protect the vital interests of the data subject or another natural person.
  • Article 9(2) ff. GDPR for the processing of special categories of personal data, in particular based on the data subject’s consent.

The European General Data Protection Regulation (GDPR) refers to the processing of personal data and to the processing of special categories of personal data (Article 9 GDPR).

3. Type, Scope and Purpose of Processing

We process those personal data that are necessary to carry out our activities and operations in a lasting, user-friendly, secure and reliable manner. The personal data processed may fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including holding and contact data, location data, transaction data, contract data and payment data. The personal data may further constitute personal data requiring special protection.

We also process personal data we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities and operations, insofar as such processing is permitted.

Where required, we process personal data with the data subject’s consent. In many cases, we can process personal data without consent, for example to comply with legal obligations or to safeguard overriding interests. We may also ask data subjects for their consent even when consent is not required.

We process personal data for the duration necessary for the respective purpose. We anonymise or delete personal data in particular in accordance with statutory retention and limitation periods.

4. Automation and Artificial Intelligence (AI)

We may process personal data in an automated manner or use Artificial Intelligence to process personal data.

We may use profiling to automatically evaluate certain personal aspects relating to data subjects. Profiling serves, for example, to analyse or predict interests, behaviours or personal preferences.

We provide information in individual cases about decisions that are based exclusively on the automated processing of personal data and that have a legal effect on the data subjects or significantly affect them (automated individual decisions).

5. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may, for example, be specialised providers whose services we use. Such third parties may in turn disclose personal data to other third parties.

In the context of our activities and operations, we may in particular disclose personal data to banks and other financial service providers, authorities, educational and research institutions, advisors and lawyers, accounting and fiduciary service providers, debt collection agencies, interest groups, IT service providers, cooperation partners, credit reference and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister and subsidiary companies, organisations and associations, social institutions, telecommunications companies, insurance companies and payment service providers.

6. Communication

We process personal data in order to communicate with individuals as well as with authorities, organisations and companies. In particular, we process data that a data subject provides to us when making contact, for example by postal mail or email. We may store such data in an address book or with comparable tools.

Third parties who provide us with data about other persons are legally required to ensure data protection for those data subjects independently. They must in particular ensure that they are permitted to transmit such data, and also ensure the accuracy of the data transmitted.

7. Data Security

We take appropriate technical and organisational measures to ensure data security appropriate to the respective risk. Through our measures, we ensure in particular the confidentiality, availability, traceability and integrity of the personal data processed, without being able to guarantee absolute data security.

Access to our website and our other digital presence is encrypted in transit (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn before visiting a website without transport encryption.

Our digital communications are subject – like essentially all digital communication – to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police authorities and other security authorities. We also cannot rule out that a data subject is specifically subject to surveillance.

8. Personal Data Abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transmit personal data to other states, in particular to have it processed there.

We may export personal data to all states on Earth and elsewhere in the universe, provided that the law there ensures adequate data protection according to a decision of the Swiss Federal Council and – where and to the extent that the General Data Protection Regulation (GDPR) applies – also according to a decision of the European Commission.

We may transmit personal data to states whose law does not ensure adequate data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or other appropriate safeguards. Exceptionally, we may export personal data to states without adequate or appropriate data protection if the specific data protection requirements are met, for example the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, we are happy to provide data subjects with information about any safeguards or to provide a copy of any safeguards.

9. Rights of Data Subjects

9.1 Data Protection Rights

We grant data subjects all rights under applicable law. In particular, data subjects have the following rights:

  • Right to information: Data subjects may request information as to whether we process personal data about them and, if so, what personal data this concerns. Data subjects also receive the information necessary to assert their data protection rights and to ensure transparency. This includes the personal data processed as such, as well as, among other things, information about the purpose of processing, the duration of storage, any disclosure or export of data to other states and the origin of the personal data.
  • Rectification and restriction: Data subjects may have inaccurate personal data corrected, incomplete data completed and the processing of their data restricted.
  • Possibility to express their own point of view and human review: In decisions based exclusively on automated processing of personal data and that have a legal effect on them or significantly affect them (automated individual decisions), data subjects may express their own point of view and request a review by a human.
  • Erasure and objection: Data subjects may have personal data erased (“right to be forgotten”) and object to the processing of their data with effect for the future.
  • Data release and data portability: Data subjects may request the release of personal data or the transfer of their data to another controller.

We may, within the legally permissible scope, postpone, restrict or refuse the exercise of data subjects’ rights. We may inform data subjects of any conditions to be met for the exercise of their data protection rights. We may, for example, refuse to provide information in whole or in part with reference to confidentiality obligations, overriding interests or the protection of other persons. We may, for example, also refuse the erasure of personal data, in particular with reference to statutory retention obligations, in whole or in part.

We may exceptionally charge costs for the exercise of rights. We inform data subjects in advance of any costs.

We are obliged to identify data subjects who request information or assert other rights with appropriate measures. Data subjects are required to cooperate.

9.2 Legal Protection

Data subjects have the right to enforce their data protection claims by legal means or to lodge a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organised as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities are organised in a federal structure, in particular in Germany.

10. Use of the Website

10.1 Cookies

We may use cookies. Cookies – both our own (first-party cookies) and those of third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data is not necessarily limited to traditional cookies in text form.

Cookies may be stored in the browser temporarily as “session cookies” or for a certain period as so-called permanent cookies. Session cookies are automatically deleted when the browser is closed. Permanent cookies have a defined storage period. Cookies allow, in particular, a browser to be recognised on a subsequent visit to our website, enabling, for example, the measurement of the reach of our website. Permanent cookies may, however, also be used, for example, for online marketing.

Cookies can be deactivated, restricted or deleted in whole or in part in the browser settings at any time. Browser settings often also enable automated deletion and other management of cookies. Without cookies, our website may no longer be fully available. We actively request – at least where and to the extent required by applicable law – express consent for the use of cookies.

For cookies used for success and reach measurement or for advertising, a general objection (“opt-out”) is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging

For each access to our website and our other digital presence, we may log at least the following information, provided it is standardly determined or transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual subpage of our website including transmitted data volume, last website previously accessed in the same browser window (referrer).

We log such information, which may also constitute personal data, in log files. The information is necessary to provide our digital presence in a lasting, user-friendly and reliable manner. The information is further necessary to ensure data security – also by third parties or with the help of third parties.

10.3 Tracking Pixels

We may embed tracking pixels in our digital presence. Tracking pixels are also referred to as web beacons. Tracking pixels – including those of third parties whose services we use – are usually small, invisible images or scripts formulated in JavaScript that are automatically retrieved when our digital presence is accessed. Tracking pixels can record at least the same information as logging in log files.

11. Third-Party Services

We use services from specialised third parties to be able to carry out our activities and operations in a lasting, user-friendly, secure and reliable manner. With such services, we can, among other things, embed functions and content in our website. With such embedding, the services used capture – for technically compelling reasons – at least temporarily the IP addresses of users.

For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymised or pseudonymised form. This concerns, for example, performance or usage data, in order to be able to offer the respective service.

Digital Infrastructure

We use services from specialised third parties to be able to use required digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

12. Success and Reach Measurement

We try to measure the success and reach of our activities and operations. In this context, we may also measure the effect of third-party references or test how different parts or versions of our digital presence are used (“A/B testing” method). Based on the results of success and reach measurement, we may in particular fix errors, strengthen popular content or make improvements.

For success and reach measurement, the IP addresses of individual users are recorded in most cases. IP addresses are in such cases generally shortened (“IP masking”) in order to follow the principle of data minimisation through corresponding pseudonymisation.

In success and reach measurement, cookies may be used and user profiles may be created. Any user profiles created include, for example, the individual pages visited or content viewed on our digital presence, information on the size of the screen or browser window and the – at least approximate – location. Generally, any user profiles are created exclusively in pseudonymised form and are not used for the identification of individual users. Individual third-party services in which users are logged in may possibly assign the use of our online offering to the user’s account or profile with the respective service.

We use in particular:

  • Matomo: Success and reach measurement; provider: InnoCraft Ltd. (New Zealand, free open source software); data protection information: use on own digital infrastructure and with anonymised IP addresses, “List of all Matomo Features”.

13. Concluding Notes on this Privacy Policy

We may update this Privacy Policy at any time. We will inform about updates by publishing the current version of the Privacy Policy on our website.