Privacy Policy

We are delighted to see you on our website. Data protection and data security for our users are a top priority for us. We adhere to the data protection provisions, especially those of the Swiss Data Protection Act (“DPA”) as well as of the EU General Data Protection Regulation (“GDPR”).

In this privacy policy, we explain which information and personal data we process during your visit and your use of our Internet offer mentioned above (“website”).

I. Who is responsible for the data processing?

The body responsible under the data protection law for the processing of personal data is Beisheim Holding GmbH, Neuhofstrasse 4, 6340 Baar, Switzerland, accessible at Insofar as this privacy policy states “we” or “us”, this refers, in each case, to the aforementioned company.

II. Which principles do we observe?

Based on article 4 DPA, personal data may be processed only for the purpose that was specified at the time of its acquisition, is evident from the circumstances or is provided for by law. The processing must be carried out in good faith and must be proportionate. We adhere to these provisions. 

The personal data processed by us is treated as strictly confidential and is neither sold nor passed on to third parties (refer below to VI). We obligate our service providers to adhere to data protection provisions and to ensure data security. In compliance with the data protection provisions, we process your personal data only when a legal provision allows this or when you have declared your consent. 

On this website, we can also collect information that does not, in itself, allow direct conclusions about you personally. In certain cases, especially in combination with other data, this information can nevertheless be considered as “personal data” in terms of the data protection law. In addition, we may also collect such information on this website, based on which we cannot identify you directly or indirectly; this is the case, for example, for summarised information about all users of this website.

III. Which data do we process?

You can access our website without directly providing personal data (such as your name, postal address or e-mail address). Even in this case, we must collect and store certain information in order to allow you the access to our website. In addition, we use an analysis procedure on our web pages and have integrated links to other websites, whose operators possibly process other (personal) data. For certain functionalities on our web pages, the indication of personal data is necessary.

1. Server log files: When you visit this website, our web server automatically collects and stores the information listed below in so-called server log files, which are transmitted to us by your web browser:

a) the domain name or IP address of the requesting computer (usually your Internet access provider); 

b) the applications and terminals used by you;

c) the date and time of the server query, as well as the duration of your visit; 

d) the website (referrer) last visited before your visit to our website as well as the sub-pages that you access on our website; and

The information in the server log files cannot be assigned to a particular person, and this data is not merged with other data sources. The log files are stored in order to guarantee the functionality of the website and to ensure the safety of our information technology systems. 

3. We use a geolocation application on our website based on the IP address of the requesting computer transmitted when the page is called up. For this purpose, we use an interface to the application, which is provided by apilayer Data Products GmbH, Elisabethstrasse 15/5, A-1090 Vienna/Austria. We use geolocation solely to show you, when you access a page, either the relevant version of our website based on the requesting IP address or a preview page that allows you to select the version of the website that is relevant to you. We do not combine this information with any other information about you that could identify you.

3. Website analysis via Matomo: On our website, we use the open-source software tool Matomo to analyse your usage behaviour. When you visit our website, the following data is stored on the servers of our website using Matomo:

a) the domain name or IP address of the requesting computer (usually your Internet access provider);

b) the website (referrer) last visited before your visit to our website as well as the sub-pages that you access on our website;

c) the dwell time on the website and the individual sub-pages; and

d) the frequency of calling up the website.

We have disabled the use of tracking cookies when using Matomo. Thus, personal data of the users is only stored on the servers of our website. The data is not forwarded to third parties. Matomo is also set in such a way that the IP address used by you is not stored fully, but the last two bytes of the IP address are masked. Thus, personal assignment of the IP address is no longer possible.

4. Cookies: Information on the cookies used by us can be found in our cookie declaration under here.

5. Contact: When you contact us using the ways specified on our website, we collect the personal data that you have provided in connection with your contact, e.g. your name, your e-mail address, your address, telephone and/or fax number.

IV. For which purposes and on which legal bases do we process your data?

1. The personal data possibly contained in the log files is processed in order to allow you the use of our website; this is done on the basis of article 6 para. 1 f) GDPR to protect our legitimate interest in the operation of our website.

2. The personal data transmitted within the scope of the request made to us via the contact ways provided on the website is processed for the processing of the respective request in order to protect our legitimate interest in carrying out our other business activity on the basis of article 6 para. 1 f) GDPR. 

3. We can also process the personal data collected in connection with your use of our website to fulfil legal obligations, which we are subject to; this is done on the basis of article 6 para. 1 c) GDPR.

4. If necessary, we also process your personal data beyond the aforementioned purposes to protect our legitimate interests or the interests of third parties; this is done on the basis of article 6 para. 1 f) GDPR. Our legitimate interests include

a) the assertion of legal claims and the defence during legal disputes;

b) the prevention and investigation of criminal offences;

c) the control and further development of our business activity including the risk control.

V. I am obliged to provide data?

The provision of personal data is mandatory in the following cases:

1.The storage of the server log files is absolutely necessary for the operation of the website. You therefore do not have the option of objecting to the storage of the said information in the server log files.

2.To respond to a request made to us via the contact ways provided on our website, we require your contact details (e.g. e-mail address, address, telephone and/or fax number); without the provision of at least one contact detail, we cannot respond to your request.

VI. Who receives my data?

Your personal data is basically processed within our company. Depending on the type of the personal data, only certain departments / organisational units have access to your personal data. By means of a role and authorisation concept, the access within our company is limited to the functions and to the extent necessary for the respective purpose of the processing.

We may also transmit your personal data to third parties outside of our company to the legally permissible extent. In particular, these external recipients can include

  • ­companies or authorities of the Beisheim Groups in Germany and Switzerland, to which we transmit personal data for internal administration purposes; 
  • ­the service providers engaged by us that provide services for us on a separate contractual basis, which can also include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
  • ­non-public and public bodies, as far as we are obliged for the transmission of your personal data due to legal obligations.

VII. Is automated decision-making used?

In principle, we do not use automated decision-making (including profiling) within the meaning of Art. 22 GDPR in connection with the operation of our website. If we use such procedures in individual cases, we will inform this to you separately to the extent stipulated in the law.

VIII. Is data transmitted to countries outside of the EU / the EEA?

The processing of your personal data is generally carried out within Switzerland and the EU or the European Economic Area.

Information may be transmitted to recipients in so-called "Third countries” only in connection with the collaboration between the companies of the Beisheim Groups in Germany and Switzerland and/or the provision of IT services associated with the operation of the website (e.g. the use of applications for website analysis). “Third countries” are countries outside of Switzerland and the European Union or the Agreement on the European Economic Area, where a level of data protection comparable with that in the European Union cannot be readily assumed.

If the transmitted information also includes personal data, we ensure before such a transmission that the required adequate level of data protection is guaranteed in the respective third country or with the recipient in the third country. Alternatively, we can also base the data transmission on the so-called “EU standard contractual clauses” agreed upon with a recipient (more information: We would be glad to provide you with additional information on the appropriate and adequate guarantees for the compliance with a reasonable level of data protection on request; the contact details can be found at the beginning of this privacy policy. 

IX. How long is my data stored for?

In principle, we store your personal data as long as we have a legitimate interest in this storage and your interests in the non-continuation of the storage do not outweigh.

Even without a legitimate interest, we can continue to store the data if we are legally obliged to do so (e.g. to fulfil retention obligations). We delete your personal data even without any action on your part, as soon as its knowledge is no longer necessary for the fulfilment of the purpose of the processing or if the storage is otherwise legally inadmissible.

As a rule, 

  • the server log files are deleted within seven days as long as further storage is not necessary for statutory purposes, such as the detection of abuse and the detection and elimination of technical faults;
  • the data collected in connection with a contact is deleted after its processing and expiry of any applicable legal retention periods;
  • the data collected in connection with a registration or with the creation of a user account is deleted after deletion of the user account by the registered user; in case of a long period of inactivity, we reserve the right to inform registered users about the existence of a user account and to delete inactive user accounts after a reasonable notice;
  • the data collected in connection with a funding request is deleted after a negative funding decision and the expiry of any applicable legal retention periods;

Personal data, which we need to store to fulfil retention obligations, is stored up to the end of the respective retention obligation. If we store personal data exclusively to fulfil retention obligations, it is usually blocked, so that it can be accessed only when this is necessary in view of the purpose of the retention obligation.

X. What rights do I have?

As an affected person, you have the rights in accordance with the Swiss Data Protection Act (DPA), especially the right to correction (art. 5 para. 2 DPA), the right to information (art. 8 DPA) and the legal rights pursuant to Art. 15 DPA.

If the GDPR is applicable, you have the following rights:

­Right of objection pursuant to art. 21 GDPR

An affected person has the right to object at any time to the processing of personal data concerning him/her under article 6 para. 1 e) or f) GDPR for reasons arising from his/her particular situation; this is also applicable for profiling based on these provisions. In the event of such an objection, we no longer process personal data concerning this person unless we can prove compelling reasons worthy of protection for the processing that outweigh the affected person’s interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

­Other rights

As an affected person, you have the right

  • ­to receive information about your stored personal data, art. 15 GDPR;
  • ­to correction of inaccurate or incomplete data, art. 16 GDPR;
  • ­to deletion of personal data, art. 17 GDPR;
  • ­to restriction of the processing, art. 18 GDPR,
  • ­to data transferability, art. 20 GDPR, and

To exercise these rights, you can contact us at any time – e.g. via one of the contact ways specified at the beginning of this privacy policy.

If you have questions about the processing of your data, you can also contact our Data Protection Officer. 

You are also entitled to file a complaint with a competent supervisory authority for data protection, art. 77 GDPR.

Baar, 24 June 2021