Privacy policy Ostendis AG
Version: 08.08.2023
1. introduction
We are very delighted that you have shown interest in our company, Ostendis AG (hereinafter also referred to as “we” or “us”).
Data protection is of a particularly high priority for Ostendis AG (Boniswil AG, Switzerland, CHE-102.097.264).
The use of the Internet pages (accessible under the domains: ostendis.com, ostendis.ch, ostendis.de, ostendis.at, ostendis.li, bewerbungsratgeber.ch) of the Ostendis AG is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary.
However, if a person concerned wishes to make use of special services of our company via our website, it may be necessary to process personal data.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Ostendis AG.
All formulations in this document refer to all genders or gender forms, even if these are not explicitly mentioned.
For the sake of readability, we have deliberately refrained from mentioning all possible grammatical gender forms.
With this declaration, however, we would like to expressly acknowledge the applicable equality laws.
2. which terms are central to the understanding of this privacy policy?
The data protection declaration of the Ostendis AG is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR).
Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners.
To ensure this, we would like to explain the terms used in advance.
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”).
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
c) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
d) Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
e) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
f) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
g) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
h) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
i) Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
j) Ostendis AG websites
Below you will find a list of the domains operated by Ostendis AG to which this privacy policy applies:
- ostendis.com
- ostendis.ch
- ostendis.de
- ostendis.at
- ostendis.li
- bewerbungsratgeber.ch
3. which laws this privacy policy is based on
This privacy policy is based on the European General Data Protection Regulation (EU GDPR) and the Swiss Data Protection Act (DSG).
4 What does “processing of personal data” mean?
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
5 What is “personal data”?
Personal data means any information relating to an identified or identifiable natural person (referred to in this Privacy Policy as the “data subject”).
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an e-mail address, an identification number, location data, an online identifier (e.g. IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
6 Which persons’ personal data are processed at Ostendis?
We process the following three categories of data:
a) Applicant data
Applicant data includes all applicant data processed by Ostendis AG.
We receive this data in various ways and it can be divided into the following categories:
- Data from direct applicants (application documents from Ostendis Application Manager users)
- Candidate data (applicant data from our customers that they have received by e-mail or other means and manage in the Ostendis e-recruiting system)
- Internal application data of Ostendis (applications addressed directly to Ostendis AG)
As the previous subdivision relates to personal applicant data (CVs, references, etc.), only the global term “applicant data” is used below.
b) Customer data
This category includes the personal data of our customers who use the Ostendis e-recruiting system to manage applicant data.
c) Website visitors
This category includes all visitors to an Ostendis AG website as listed in section 2j) “Ostendis AG websites”.
7 What data is processed at Ostendis?
This depends on the type of data.
The distinction is made according to the categorization in section 6 “Which persons process personal data at Ostendis?”
Data in category “6a Applicant data“
In principle, we process all data that you send us as an applicant and which is usually required as part of a recruitment process.
In particular, this is the following data:
- Personal details such as name, date of birth, origin, religion, marital status, etc.
- Contact details, such as addresses, telephone numbers, e-mail addresses, etc.
- Documents such as curriculum vitae, school reports, employment references, copies of identity documents, official confirmations, etc.
- In the case of electronic transmission, your IP address incl.
Date and time
Data in category “6b Customer data“
We only collect the relevant data about our customers to ensure a smooth business relationship.
We collect the data of our contact persons within the respective organization, such as names, telephone numbers and e-mail addresses.
In order to be able to offer our customers the best possible support, we also store customer inquiries, including the date, time and content of the enquiry.
Date, time and content of the request.
Data in the category “6c Website visitors“
We collect a limited amount of data from visitors to our website and use it to make it easier for you to use our website and to better manage the services we offer.
This includes information such as how you use our website, how often you access our website, your browser type, your IP address and the date and time of access.
8. how does Ostendis obtain the right to process personal data?
Applicants who create and send applications with the Ostendis Application Manager must explicitly give their consent to these data protection guidelines and thus to the processing of their data when registering in order to use the free Ostendis service.
The customer assumes responsibility for the duty to provide information for the applicant data that is sent to us by our customers for storage.
In this case, Ostendis AG acts as a contract data processor in compliance with the current laws in Switzerland and the EU.
Ostendis AG is obliged to strictly apply and comply with the data in accordance with the applicable laws that apply to the client.
Customers must explicitly give their consent to these data protection guidelines and thus to the processing of their data when registering.
Website visitors are informed via a clearly visible message about the storage of data in cookies and must consent to this.
Please also read section 14 “What are cookies?”
9. for what purpose is the data stored at Ostendis?
Ostendis generally uses the data to fulfill the purpose communicated in each case.
The purpose of use varies depending on the type of personal data in accordance with the categorization in section 6 “By which persons is personal data processed at Ostendis?”.
We store applicant data on behalf of applicants, our clients or our application candidates.
The data may be processed statistically in aggregated and anonymized form.
Personal applicant data is NOT used for marketing purposes.
Customer data and website visitor data may be used for marketing purposes, statistical analysis, customer support, fulfillment of agreements and contracts and product improvements.
Ostendis AG may also make statistical facts and figures available to the public or to third parties, whereby the data is aggregated and anonymized in each case.
10. where is the data stored?
All personal and particularly sensitive data is stored and managed on Ostendis AG’s own IT systems (server, storage, network and backup systems).
These systems are located in a security data center in Switzerland with the following hosting provider:
Datawire AG
Hinterbergstrasse 22
CH-6312 Steinhausen
Ostendis AG has its own secure, locked and monitored rack at the above-mentioned hosting provider, in which all IT systems are operated.
Ostendis AG has exclusive access to the systems and the data stored on them.
Datawire AG has no access to the data of Ostendis AG.
11 Who has access to the stored data?
In principle, only Ostendis AG employees have access to personal data stored on Ostendis AG’s IT systems.
Access rights are limited to the minimum necessary to fulfill the employee’s defined area of responsibility.
All employees are trained by the Ostendis AG data protection team(Section 27 “Who is the data protection officer at Ostendis?”) in the handling of personal data and instructed on the internal guidelines, in particular on confidentiality.
These guidelines are reviewed on an ongoing basis, adapted to new circumstances and communicated to employees on a regular basis.
When providing our services, sub-processors may support us as IT service providers and as part of hosting services.
These are based in Switzerland.
In the course of their work, such processors may gain access to the data stored by Ostendis AG if this is necessary to fulfill their mandate.
In such a case, Ostendis AG contractually obliges the processors to comply with the applicable data protection provisions and the provisions on data protection and confidentiality in accordance with these data protection guidelines.
12. is the data stored securely?
It is in the best interest of Ostendis AG to do everything in its power to ensure that personal data is not lost or made accessible to unauthorized persons under any circumstances.
Ostendis AG has implemented numerous technical and organizational security measures to protect the stored data against accidental or intentional manipulation, loss, destruction, theft and against access by unauthorized persons.
The security measures are continuously adapted, updated and improved in line with technological developments.
13. is the data transmitted over the Internet in encrypted form?
All interactions between our customers, applicants and website visitors are encrypted.
For the secure transmission of personal data via the Internet, Ostendis AG uses the SSL/TLS standard commonly used today (recognizable by https://), which is also used by banks, for example.
Please note that e-mail data traffic on the Internet, in particular from you to your e-mail provider, may be unencrypted.
Ostendis AG has no influence over this communication.
In addition, Internet-based data transmissions can generally have security gaps, so that Ostendis AG cannot guarantee absolute protection.
For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
14 What are cookies?
The Internet pages of the Ostendis AG use cookies.
Cookies are text files that are placed and stored on a computer system via an Internet browser.
Numerous websites and servers use cookies.
Many cookies contain a so-called cookie ID.
A cookie ID is a unique identifier for the cookie.
It consists of a string of characters through which websites and servers can be assigned to the specific internet browser in which the cookie was stored.
This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies.
A specific Internet browser can be recognized and identified via the unique cookie ID.
Through the use of cookies, the Ostendis AG can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.
By means of a cookie, the information and offers on our website can be optimized for the benefit of the user.
As already mentioned, cookies enable us to recognize the users of our website.
The purpose of this recognition is to make it easier for users to use our website.
For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website, as this is done by the website and the cookie stored on the user’s computer system.
The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies.
Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs.
This is possible in all common Internet browsers.
If the data subject deactivates the use of cookies in the Internet browser used, not all functions of our website may be fully usable.
15. online marketing
We process personal data for online marketing purposes, which may include in particular the marketing of advertising space or the presentation of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of its effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used, by means of which the information about the user relevant for the presentation of the aforementioned content is stored.
This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times.
If users have consented to the collection of their location data, this can also be processed.
The IP addresses of users are also stored.
In general, no clear user data (such as e-mail addresses or names) is stored as part of the online marketing process, but pseudonyms.
This means that neither we nor the providers of the online marketing processes know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is generally stored in cookies or by means of similar procedures.
These cookies can generally also be read later on other websites that use the same online marketing process and analyzed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing process provider.
In exceptional cases, clear data can be assigned to the profiles.
This is the case, for example, if the users are members of a social network whose online marketing processes we use and the network links the profiles of the users in the aforementioned data.
Please note that users can make additional agreements with the providers, e.g. by giving their consent during registration.
In principle, we only receive access to summarized information about the success of our advertisements.
However, as part of so-called conversion measurements, we can check which of our online marketing methods have led to a so-called conversion.
The conversion measurement is used solely to analyze the success of our marketing measures.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent.
Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services).
In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
Target group formation with Google Analytics: We use Google Analytics to display the ads placed by Google and its partners within advertising services only to those users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Google (so-called “remarketing” or “Google Analytics audiences”).
With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interest of users
Google Universal Analytics: We use Google Analytics in the form of Universal Analytics(https://support.google.com/analytics/answer/2790010?hl=de&ref_topic=6010376).
“Universal Analytics” refers to a Google Analytics process in which the user analysis is based on a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of different devices (so-called “cross-device tracking”).
Facebook pixel: With the help of the Facebook pixel, it is possible for Facebook to determine the visitors of our online offer as a target group for the display of ads (so-called “Facebook ads”).
Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of the partners cooperating with Facebook (so-called “Audience Network ” https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called “Custom Audiences”).
With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying.
With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called “conversion measurement”).
Extended matching for the Facebook pixel: When using the Facebook pixel, the additional function “extended matching” is used.
In this context, data such as e-mail addresses or Facebook IDs of users are transmitted (encrypted) to Facebook to form target groups.
Facebook – target group formation via data upload: Uploading data such as telephone numbers, email addresses or Facebook IDs to the Facebook platform.
The data is encrypted.
The upload process is only used to display advertisements to the owners of the data or persons whose user profiles correspond to any user profiles of the owners of the data on Facebook.
We want to ensure that the ads are only displayed to users who are interested in our information and services.
- Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end user’s end device), social data (data subject to social confidentiality (Section 35 SGB I) and processed, for example, by social insurance providers, social welfare providers or pension authorities).
- Data subjects: Users (e.g. website visitors, users of online services), interested parties, customers, employees (e.g. employees, applicants, former employees), communication partners.
- Purposes of Processing: Targeting (e.g. profiling based on interests and behavior, use of cookies), Remarketing, Conversion Tracking, Conversion Tracking, Interest-based and behavioral marketing, Profiling (Creating user profiles), Conversion tracking (Measurement of the effectiveness of marketing activities), Web Analytics (e.g. access statistics, recognition of returning visitors), Cross-Device Tracking (Device-independent processing of user data for marketing purposes), Audience Measurement (Selection of relevant target groups for marketing purposes or other purposes), Targeting (Measurement of the effectiveness of marketing activities).(e.g. access statistics, recognition of returning visitors), cross-device tracking (cross-device processing of user data for marketing purposes), target group formation (determination of target groups relevant for marketing purposes or other output of content), click tracking.
- Possibility of objection (opt-out): We refer to the data protection notices of the respective providers and the opt-out options specified for the providers.
If no explicit opt-out option has been specified, you have the option of deactivating cookies in your browser settings.
However, this may restrict the functions of our online offer.
We therefore recommend the following additional opt-out options, which are summarized for each area:- Europe: https://www.youronlinechoices.eu.
- Canada: https://www.youradchoices.ca/choices.
- USA: https://www.aboutads.info/choices.
- Cross-territory: https://optout.aboutads.info.
Services used and service providers:
- Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offering).
The Tag Manager itself (which implements the tags) does not process any personal user data.
With regard to the processing of users’ personal data, please refer to the following information on Google services.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. - Google Analytics: Online marketing and web analytics; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-Out: Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de; Settings for the display of advertisements: https://adssettings.google.com/authenticated.
- Google Ads and conversion measurement: We use the online marketing process “Google Ads” to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who are presumed to be interested in the ads.
We also measure the conversion of the ads.
However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page with a so-called “conversion tracking tag”.
However, we ourselves do not receive any information that can be used to identify users.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. - Google Ad Manager: We use the “Google Marketing Platform” (and services such as “Google Ad Manager”) to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.).
The Google Marketing Platform is characterized by the fact that ads are displayed in real time based on the presumed interests of users.
This allows us to display ads for and within our online offering in a more targeted manner in order to present users only with ads that potentially match their interests.
If, for example, a user is shown ads for products that they have shown an interest in on other online offers, this is referred to as “remarketing”.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. - Google Signals: Additional marketing options that only affect users who have activated personalized ads on Google(https://support.google.com/ads/answer/2662856) and include device-related and cross-device data processing; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://support.google.com/analytics/answer/7532985?hl=de; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-Out: Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de; Settings for the display of advertisements: https://adssettings.google.com/authenticated.
- Google Adsense with personalized ads: We use the Google Adsense service with personalized ads, with the help of which ads are displayed within our online offer and we receive remuneration for their display or other use.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. - Google Adsense with non-personalized ads: We use the Google Adsense service with non-personalized ads, with the help of which ads are displayed within our online offer and we receive remuneration for their display or other use.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. - Facebook pixel: Facebook pixel; Service provider: https://www.facebook.com, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-Out: https://www.facebook.com/settings?tab=ads.
- LinkedIn: Insights Tag / Conversion measurement; Service provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; Website : https://www.linkedin.com; Security measures: IP masking (pseudonymization of the IP address); Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Cookie Policy: https://www.linkedin.com/legal/cookie_policy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
16. is data passed on to third parties?
Data collected by Ostendis will neither be published by Ostendis nor passed on to third parties without authorization, in particular without your consent.
An exception to this is, of course, the exchange of data between applicants and the company for which the application is intended.
Ostendis AG may be legally obliged to disclose data if the disclosure of the data is necessary for the assertion, exercise or defense of legal claims of the client before an authority.
If we wish to use your data in a way that goes beyond what is described above, we will obtain your express consent in advance.
17. is data processed automatically or is a profile created?
Ostendis provides its customers and applicants with tools to increase efficiency.
These include elements for the automation of processes, e.g. the automatic generation of an e-mail text.
With regard to the topic of “automated data processing”, we would like to make it clear that Ostendis AG distances itself from mechanisms for automated, fully automated decision-making (e.g. automatic rejection of applications based on preset criteria) and neither uses such mechanisms itself nor makes them available to its customers.
In addition, no profiles are created from applicant data and no profiling of any kind is carried out for our own purposes or for third parties.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
18 How long will the data be stored?
The data is stored for as long as we need it for the contractual fulfillment of our services.
Applicants who store personal data at Ostendis can delete it themselves at any time.
Customers who store personal data with Ostendis can delete it themselves at any time.
The criterion for the duration of the storage of personal data is the respective statutory retention period.
After this period has expired, the corresponding data will be deleted.
Data subjects also have the right to have their data deleted, provided that this does not conflict with other legal obligations of Ostendis AG.
(See section 18 “What rights exist with regard to stored data?”)
Please note that, for data security reasons, we have to create backups of the data stored by us, which may still contain personal data that has been deleted in our productive system for a limited period of time.
This data is routinely overwritten periodically.
19 What rights exist with regard to stored data?
Right to information
We offer you access to the personal data we process.
This means that you can contact us and we will inform you about what personal data we have collected and processed about you and for what purposes this data is used.
Right to rectification
You have the right to have incorrect, incomplete, outdated or unnecessary personal data that we hold about you corrected or completed by contacting us.
In some cases where we use official data, we may ask you to contact the authorities directly with a correction request.
This is to ensure that the corrections required for such registers are made through official channels.
Right to erasure
Your data will be stored in the system in accordance with our retention policy.
How long we keep the data depends on the legal requirements and terms and conditions defined for each data set.
When the data is no longer required, it will be deleted from our systems.
You can also ask us to delete your personal data from our systems.
We will comply with this request unless there is a legitimate interest in retaining this data or we are required to retain the data for legal reasons.
Right to block
You can block any further processing of personal data with prior consent.
If you block the further processing of personal data, this may lead to restrictions in the use of our services.
However, if your data is required for purposes such as the fulfillment of an existing contract or a legal obligation, it will remain in our database and will be used for the fulfillment of these purposes.
Right to restriction of processing
You can ask us to restrict the processing of certain personal data, but this may result in restrictions on the use of our website and services.
Right to withdraw consent
In order for Ostendis AG to store and process data, the consent of the data subject is required in accordance with section 8 “How does Ostendis obtain the right to process personal data?”.
Of course, every data subject has the right to withdraw consent to this privacy policy at any time.
Applicants who have registered to use the free Ostendis Application Manager can change their data themselves at any time or irrevocably delete all or part of it.
Customers have the option of deleting the accounts created for the use of Ostendis at any time.
Website visitors can delete locally stored cookies, in which we have stored your consent to personal data processing, using the corresponding function of the browser.
If you are unable to delete your data yourself, e.g. for technical reasons, you have the option of contacting the Ostendis AG data protection team.
You can find the contact details in section 27 “Who is the data protection officer at Ostendis?”.
They can arrange for your data to be deleted after an identity check has been carried out.
If you object to this privacy policy or delete your account with Ostendis, we are obliged to immediately cease further processing of your data and delete your data, provided that we do not violate any other legal obligations (e.g. retention obligation).
20 How can I assert my rights against Ostendis AG?
You can exercise the rights listed in section 19 by sending a letter or email to our data protection team, including the following information: Name, address, telephone number and a copy of your valid ID.
We may request the provision of additional information necessary to confirm your identity.
We may refuse requests that are unreasonably repetitive, excessive or manifestly unfounded.
The contact details of the data protection team can be found in section 27 “Who is the data protection officer at Ostendis?”.
21 Where can I lodge a complaint about this privacy policy?
If you are of the opinion that we are processing your data contrary to the applicable legal provisions, you can lodge a complaint with the Swiss data protection authority or the competent supervisory authority.
Contact the local competent authority (Switzerland):
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH-3003 Bern
Phone: +41 58 462 43 95
Fax: +41 58 465 99 96
22 How secure is access to my Ostendis account?
Your personal access data to Ostendis consists of your e-mail address and your chosen password or your personal login link.
You also have the option of activating 2-factor authentication, which is built into the Ostendis e-recruiting solution.
We recommend that you always use this additional access protection measure.
Passwords are stored at Ostendis using a one-way hash function, which means that they cannot be recovered or disclosed by anyone, not even Ostendis – they can only be reset.
Never entrust your password to third parties.
We would like to expressly point out that we do not accept any liability for damage caused by the incorrect use of your personal password.
Choose a sufficiently complex password (at least 8 characters consisting of letters, numbers and special characters) and do not write it down anywhere.
We would also like to point out that it will NEVER happen that an employee, a supplier or a partner of Ostendis AG will ask you for your password in person, by telephone, in writing or by e-mail.
Should this situation nevertheless arise, please refuse to make any statements and report this to us immediately: privacy@ostendis.com or inform our data protection team (see section 27 “Who is the data protection officer at Ostendis?”)
If you suspect that your personal information has been misused, lost or accessed without authorization, please let us know as soon as possible.
23. can I use Ostendis on a public computer?
Using Ostendis on a public computer, e.g. in an Internet café, is generally possible without any problems, as all data is transmitted in encrypted form.
However, always log out correctly from your Ostendis account using the “Logout” function so that the next computer user does not gain access to your personal data.
We would like to point out that a public computer represents a risk in every respect, as you can never be absolutely sure whether data, namely keystrokes, passwords, pages visited, etc. are being logged without your knowledge.
We recommend that you always make sure that the provider of the public computer is trustworthy.
24. liability
As it is not possible for us to control how the personal Ostendis access data is managed and used, we decline liability for damages of a material or immaterial nature that can be attributed to incorrect or negligent handling of the personal access data.
In this respect, the realistic assumption that the password or the personal login link has been passed on to third parties either consciously or unconsciously is sufficient to exonerate Ostendis AG.
25. has the Ostendis AG database been registered in accordance with the DPA?
According to the law, companies and organizations in Switzerland that process personal and particularly sensitive data are obliged to register their data with the Federal Data Protection and Information Commissioner (FDPIC) and thus submit to the FDPIC’s monitoring guidelines.
We hereby expressly confirm that we fulfill this obligation.
The entry in the corresponding public register can be viewed online at the following link:
https://www.datareg.admin.ch/search/ResultDetail.aspx?RegNr=200900044
26. what about the validity of this privacy policy?
This privacy policy comes into force on 01.09.2023 in accordance with the new CH-DSG.
Ostendis AG reserves the right to amend this privacy policy at any time.
Changes will be published on the Ostendis AG website.
We will also inform affected persons of any changes by e-mail.
Should parts of this Privacy Policy be unlawful, ineffective, invalid or unenforceable, the effectiveness and validity of the remaining provisions shall remain unaffected.
27 Who is the data protection officer at Ostendis?
As we attach great importance to data protection in our company, we have set up an internal data protection team so that we can promptly comply with our duty to provide information for all inquiries.
For written inquiries, please use the following postal address:
Ostendis AG
Data protection team
Seetalstrasse 35
CH-5706 Boniswil AG
Contact by e-mail: privacy@ostendis.com
The Ostendis AG data protection team consists of the following persons, who are members of the management:
Mr. Philippe Moser
CEO & responsible data protection officer
Ms. Tanja Suter
Chief Sales Officer, Member of the Executive Board & Deputy Data Protection Officer
Ms. Livia Berger
Marketing Manager, Member of the Executive Board & Deputy Data Protection Officer
All members of the Ostendis AG data protection team have the right to provide binding information on the subject of data protection at Ostendis AG and to conclude written data protection agreements (e.g. contracts for commissioned data processing) with Ostendis AG customers and to sign these with individual signatures in a legally binding manner.
If you have any questions about data protection at Ostendis, you are welcome to contact our data protection team.