Data protection

With this privacy policy, we inform you about the processing of personal data in connection with our activities and operations, including our website under the domain name explosionpower.ch. In particular, we inform you about the purposes, methods, and locations of our personal data processing. We also provide information about the rights of individuals whose data we process. Please note that this privacy policy has been translated from German to English using ChatGPT.

For specific or additional activities and operations, we may publish further privacy policies or other privacy-related information.

We are subject to Swiss data protection law as well as, where applicable, foreign data protection law, particularly that of the European Union (EU) under the European General Data Protection Regulation (GDPR).

The European Commission recognized in its decision of July 26, 2000 that Swiss data protection law ensures adequate data protection. In its report of January 15, 2024, the European Commission confirmed this adequacy decision.

1. Contact Details

Responsible for processing personal data:

Explosion Power GmbH
Hardstrasse 11
5702 Niederlenz
Switzerland

Email: datenschutz@explosionpower.ch

In specific cases, third parties may be responsible for processing personal data, or there may be joint responsibility with third parties.

2. Terms and Legal Bases

2.1 Terms

Data Subject: A natural person whose personal data we process.

Personal Data: All information relating to an identified or identifiable natural person.

Particularly Sensitive Personal Data: Data concerning trade union, political, religious, or ideological views and activities; data about health, intimate sphere, or ethnic or racial origin; genetic data; biometric data identifying a natural person; data on criminal and administrative sanctions or prosecutions; and data on social assistance measures.

Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, comparing, adapting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, publishing, organizing, linking, disseminating, modifying, destroying, and using personal data.

European Economic Area (EEA): Member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.

2.2 Legal Bases

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

We process – insofar as and to the extent that the European General Data Protection Regulation (GDPR) is applicable – personal data in accordance with at least one of the following legal bases:

• Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
• Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect legitimate interests – including the legitimate interests of third parties – provided that the fundamental rights and freedoms of the data subject do not outweigh them. Such interests particularly include the continuous, user-friendly, secure, and reliable execution of our activities, ensuring information security, protection against misuse, enforcement of our legal claims, and compliance with Swiss law.
• Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under applicable law of the member states within the European Economic Area (EEA).
• Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data in the public interest.
• Art. 6 para. 1 lit. a GDPR for the processing of personal data based on the consent of the data subject.
• Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
• Art. 9 para. 2 ff. GDPR for the processing of special categories of personal data, particularly with the consent of the data subject.

The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of particularly sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR).

3. Type, Scope, and Purpose of Processing Personal Data

We process the personal data that is necessary to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. The processed personal data may particularly fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, insofar as such processing is legally permitted.

We process personal data as necessary with the consent of the data subjects. In many cases, we may process personal data without consent, for example, to fulfill legal obligations or to protect overriding interests. We may also ask data subjects for their consent even when it is not legally required.

We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data particularly in accordance with statutory retention and limitation periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties primarily include specialized service providers whose services we utilize.

We may disclose personal data, for example, to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, and insurance providers.

5. Communication

We process personal data to communicate with individuals as well as with authorities, organizations, and companies. In doing so, we primarily process data provided to us by a data subject when making contact, such as via postal mail or email. We may store such data in an address book or similar tools.

Third parties who provide us with data about other persons are obligated to independently ensure the data protection of those affected. In particular, they must ensure that such data is accurate and may be transmitted.

6. Applications

We process personal data of applicants to the extent necessary to assess their suitability for employment or for the subsequent execution of an employment contract. The required personal data results particularly from the requested information, for example, within a job posting. We may publish job postings using suitable third parties, for instance, in electronic and printed media or on job portals and job platforms.

Furthermore, we process any personal data that applicants voluntarily provide or publish, particularly as part of cover letters, résumés, and other application documents as well as online profiles.

We process – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data of applicants particularly in accordance with Art. 9 para. 2 lit. b GDPR.

7. Data Security

We implement appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. Our measures particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data, although absolute data security cannot be guaranteed.

Access to our website and other online presence is carried out via transport encryption (SSL / TLS, particularly with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn against visiting websites without transport encryption.

Our digital communication is subject – like essentially all digital communication – to mass surveillance without cause and suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, law enforcement agencies, and other security authorities. We also cannot rule out that a data subject may be specifically monitored.

8. Personal Data Abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, particularly to process or have it processed there.

We may export personal data to all countries on Earth and elsewhere in the universe, provided that the local law ensures adequate data protection according to the decision of the Swiss Federal Council and – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – also according to the decision of the European Commission ensuring adequate data protection.

We may transfer personal data to countries whose laws do not provide adequate data protection, provided that data protection is ensured for other reasons, in particular based on standard contractual clauses or other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the specific data protection legal requirements are met, for example, the explicit consent of the data subjects or a direct link to the conclusion or execution of a contract. We will gladly provide data subjects with information about any safeguards or a copy of any safeguards upon request.

9. Rights of Data Subjects

9.1 Data Protection Claims

We grant data subjects all claims according to applicable data protection law. Data subjects have the following rights, in particular:

• Information: Data subjects may request information as to whether we process personal data about them, and if so, which personal data is being processed. Data subjects will also receive the information necessary to assert their data protection rights and to ensure transparency. This includes processed personal data as such, but also information about the purpose of processing, the retention period, any disclosure or export of data to other countries, and the source of the personal data.
• Correction and Restriction: Data subjects may correct inaccurate personal data, complete incomplete data, and restrict the processing of their data.
• Deletion and Objection: Data subjects may request the deletion of personal data (“right to be forgotten”) and object to the processing of their data with effect for the future.
• Data Portability and Transfer: Data subjects may request the release of personal data or the transfer of their data to another controller.

We may delay, restrict, or refuse the exercise of data subjects’ rights within the legally permissible framework. We may inform data subjects of any prerequisites that must be met for the exercise of their data protection rights. For example, we may refuse to provide information referring to confidentiality obligations, overriding interests, or the protection of other individuals, in whole or in part. We may also refuse to delete personal data, especially with reference to statutory retention obligations, in whole or in part.

We may charge a fee for the exercise of rights exceptionally. We will inform data subjects in advance about any fees.

We are required to identify data subjects requesting information or asserting other rights with reasonable measures. Data subjects are obligated to cooperate.

9.2 Legal Protection

Data subjects have the right to assert their data protection claims through legal action or to file a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states in the European Economic Area (EEA), data protection supervisory authorities are structured federally, particularly in Germany.

10. Use of the Website

10.1 Cookies

We may use cookies. Cookies – both first-party cookies and third-party cookies from services we use – are data stored in the browser. Such stored data does not necessarily have to be limited to traditional cookies in text form.

Cookies may be temporarily stored in the browser as “session cookies” or for a specific period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specified storage duration. Cookies allow, in particular, for recognizing a browser on the next visit to our website and thereby measuring, for example, the reach of our website. Permanent cookies may also be used for online marketing purposes.

Cookies can be deactivated or deleted in the browser settings at any time, either entirely or partially. Without cookies, our website may not be fully available. We request – at least when and where necessary – explicit consent for the use of cookies.

For cookies used for success and reach measurement or advertising, a general opt-out is available for numerous services via AdChoices (Digital Advertising Alliance of Canada), Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging

We may log at least the following information for every access to our website and other online presence, provided this information is transmitted to our digital infrastructure: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the specific subpage of our website visited including transmitted data volume, the last webpage visited in the same browser window (referer or referrer).

We log such information, which may also include personal data, in log files. The information is required to provide our online presence continuously, user-friendly, and reliably. The information is also necessary to ensure data security – also through third parties or with the help of third parties.

10.3 Tracking Pixels

We may embed tracking pixels in our online presence. Tracking pixels, also known as web beacons, are typically small, invisible images or scripts formulated in JavaScript that are automatically retrieved when accessing our online presence. Tracking pixels can collect at least the same information as log files.

11. Notifications and Communications

11.1 Success and Reach Measurement

Notifications and communications may contain web links or tracking pixels that record whether a notification has been opened and which web links have been clicked. These web links and tracking pixels may also collect usage data on notifications and communications on a personal basis. We require this statistical data collection for success and reach measurement in order to send notifications and communications effectively and in a user-friendly manner based on the needs and reading habits of the recipients, securely and reliably.

11.2 Consent and Objection

You must generally consent to the use of your email address and other contact addresses, unless the use is permitted for other legal reasons. For obtaining a double-confirmed consent, we may use the “double opt-in” procedure. In this case, you will receive a notification with instructions for double confirmation. We may log obtained consents, including IP addresses and timestamps, for proof and security reasons.

You may generally object to receiving notifications and communications, such as newsletters, at any time. With such an objection, you may also object to the statistical data collection for success and reach measurement. Necessary notifications and communications related to our activities and operations remain reserved.

11.3 Service Providers for Notifications and Communications

We send notifications and communications with the help of specialized service providers.

We use, in particular:

• Mailchimp: Communication platform; Provider: The Rocket Science Group LLC DBA Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); Data protection details: Privacy Policy (Intuit) including “Country and Region-Specific Terms”, “Mailchimp Privacy FAQs”, “Mailchimp and European Data Transfers”, “Security”, Cookie Policy, “Privacy Rights Requests”, “Legal Terms”.

12. Social Media

We are present on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The respective terms and conditions (T&Cs) and privacy policies of the individual platform operators also apply. These terms inform about the rights of data subjects directly with respect to the respective platform, such as the right to access.

13. Third-Party Services

We use services from specialized third parties to carry out our activities in a sustainable, user-friendly, secure, and reliable manner. These services enable us to integrate functionalities and content into our website. When embedding such services, the services used may, for technical reasons, temporarily collect the IP addresses of users.

For necessary security, statistical, and technical purposes, third parties whose services we use may process data related to our activities in an aggregated, anonymized, or pseudonymized form. This includes performance or usage data to provide the respective service.

We use, in particular:

• Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: “Privacy and Security Principles”, “More Information on How Google Uses Personal Data”, Privacy Policy, “Google is Committed to Complying with Applicable Data Protection Laws”, “Privacy Guide for Google Products”, “How We Use Data from Websites or Apps that Use Our Services”, “Types of Cookies and Similar Technologies Google Uses”, “Ads You Can Influence” (“Personalized Ads”).
• Microsoft Services: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / Microsoft Corporation (USA) for users elsewhere; General data protection information: “Microsoft Privacy”, “Privacy and Data Protection”, Privacy Statement, “Data and Privacy Settings”.

13.1 Digital Infrastructure

We use third-party services to access necessary digital infrastructure in connection with our activities. This includes, for example, hosting and storage services from selected providers.

We use, in particular:

• Hostpoint: Hosting; Provider: Hostpoint AG (Switzerland); Data protection details: Privacy Policy.
• Microsoft Azure: Storage and other infrastructure; Provider: Microsoft; Microsoft Azure-specific data protection details: “Privacy in Azure”.

13.2 Automation and Integration of Apps and Services

We use specialized platforms to integrate and connect existing apps and third-party services. With such “no-code” platforms, we can also automate processes and activities using third-party apps and services.

We use, in particular:

• Microsoft Power Automate including Microsoft Power Platform: Integrated Application Platform; Provider: Microsoft; Microsoft Power Platform-specific data protection details: “Compliance and Data Privacy”, “Data Storage and Governance”, “Security”.

13.3 Online Collaboration

We use third-party services to enable online collaboration. In addition to this privacy policy, the terms of the services used, such as terms of use or privacy policies, may also apply.

We use, in particular:

• Microsoft Teams: Platform for productive collaboration, particularly with audio and video conferences; Provider: Microsoft; Teams-specific details: “Security and Compliance in Microsoft Teams”, especially “Privacy”.

13.4 Maps

We use third-party services to embed maps into our website.

We use, in particular:

• Mapbox: Mapping service; Providers: Mapbox Inc. (USA) / Mapbox International Inc. (USA); Data protection details: Privacy Policy, Cookie Policy, “Security”.

13.5 Digital Content

We use third-party services to embed digital content into our website. Digital content includes, in particular, image and video material, music, and podcasts.

We use, in particular:

• YouTube: Video platform; Provider: Google; YouTube-specific details: “Privacy and Security Center”, “My Data on YouTube”.

13.6 Documents

We use third-party services to embed documents into our website. Such documents can include PDF files, presentations, spreadsheets, and text documents. With these, we can not only view but also edit or comment on such documents.

We primarily use:

• Microsoft 365: Text documents, presentations, and spreadsheets; Provider: Microsoft; Microsoft 365-specific information: “Privacy and Security with Microsoft 365”.

13.7 Advertising

We use the opportunity to display targeted advertisements by third parties such as social media platforms and search engines for our activities and operations.

We aim to reach individuals who are already interested in our activities and operations or may be interested in them (Remarketing and Targeting). For this purpose, we may share relevant – possibly personal – data with third parties who enable such advertising. We can also determine whether our ads are successful, meaning particularly whether they lead to visits to our website (Conversion Tracking).

Third parties, where we advertise and where you are registered as a user, may associate the use of our website with your profile on that platform.

We primarily use:

• Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: Advertising, among other things, based on search queries, using various domain names – particularly doubleclick.net, googleadservices.com, and googlesyndication.com – for Google Ads, Privacy Policy for Ads, “Manage displayed ads directly through ads”.
• LinkedIn Ads: Social media advertising; Providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); Privacy information: Remarketing and Targeting, especially with the LinkedIn Insight Tag, “Privacy”, Privacy Policy, Cookie Policy, Opt-out of personalized advertising.

14. Success and Reach Measurement

We attempt to measure the success and reach of our activities and operations. In this context, we may also measure the impact of third-party recommendations or examine how different parts or versions of our online offerings are used (“A/B testing” method). Based on the results of success and reach measurement, we can address errors, strengthen popular content, or make improvements.

For success and reach measurement, IP addresses of individual users are generally collected. In such cases, IP addresses are typically anonymized (“IP masking”) to follow the principle of data minimization.

During success and reach measurement, cookies may be used, and user profiles may be created. These profiles may include, for example, pages visited or content viewed on our website, screen or browser window size, and the approximate location. Generally, any created user profiles are only pseudonymized and are not used to identify individual users. Some third-party services, where users are registered, may associate the use of our online offerings with a user account or profile.

We primarily use:

• Google Marketing Platform: Success and reach measurement, especially with Google Analytics; Provider: Google; Google Marketing Platform-specific information: Measurement across different browsers and devices (Cross-Device Tracking) with pseudonymized IP addresses, which are only exceptionally fully transmitted to Google in the USA, Privacy Policy for Google Analytics, “Browser Add-on to Disable Google Analytics”.
• Google Tag Manager: Integration and management of services from Google and third parties, particularly for success and reach measurement; Provider: Google; Google Tag Manager-specific information: Privacy Policy for Google Tag Manager; Further privacy details are available in the individual services that are integrated and managed.

15. Video Surveillance

We use video surveillance for crime prevention, evidence preservation in case of criminal activities, asserting and enforcing our legal claims, defending against third-party legal claims, and exercising our house rights. This constitutes, if and to the extent the General Data Protection Regulation (GDPR) is applicable, a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, with reference to Art. 9 para. 2 lit. f GDPR for sensitive personal data.

We store recordings from our video surveillance as long as necessary for evidence preservation or any other stated purpose.

We may secure recordings from our video surveillance and transmit them to the relevant authorities, such as courts or law enforcement agencies, if the transmission is required for a stated purpose, in our other legitimate interest, or based on legal obligations.

16. Final Notes on the Privacy Policy

We have created this privacy policy using the Privacy Policy Generator from Datenschutzpartner.

We may update this privacy policy at any time. We will inform you of updates in an appropriate manner, particularly by publishing the current privacy policy on our website.