top of page

Privacy Policy

With this privacy policy, we inform you about the processing of personal data in connection with our activities and operations, including our reor20.com website. We specifically inform you about why, how, and where we process personal data. We also provide information about the rights of individuals whose data we process.

For specific or additional activities and operations, further privacy policies or other data protection information may apply.

We are subject to Swiss data protection law and, where applicable, to foreign data protection law, such as that of the European Union (EU) under the European General Data Protection Regulation (GDPR).

On July 26, 2000, the European Commission recognized that Swiss data protection law ensures an adequate level of data protection. This adequacy decision was confirmed by the European Commission on January 15, 2024.

1. Contact Details

Responsible for the processing of personal data:

ReoR20 AG
Sihlquai 125
8005 Zurich
Switzerland

info@reor20.com

In individual cases, third parties may be responsible for processing personal data, or there may be joint responsibility with third parties.

2. Terms & Legal Bases

2.1 Terms 

Data Subject: A natural person whose personal data we process.

Personal Data: All information relating to an identified or identifiable natural person.

Particularly Sensitive Personal Data: Data related to trade union, political, religious, or philosophical views and activities, health, intimate life, ethnic or racial origin, genetic data, biometric data uniquely identifying a natural person, data related to criminal and administrative sanctions or prosecutions, and data on social assistance measures.

Processing: Any handling of personal data, regardless of the methods and procedures used, such as querying, comparing, adjusting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, disclosing, organizing, storing, modifying, disseminating, linking, destroying, and using personal data.

European Economic Area (EEA): Member States of the European Union (EU) as well as Liechtenstein, Iceland, and Norway.

2.2 Legal Bases

We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (Data Protection Act, FADP) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

We process personal data, or personal data, in accordance with at least one of the following legal bases, provided that the European General Data Protection Regulation (GDPR) is applicable:

  • Art. 6(1)(b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.

  • Art. 6(1)(f) GDPR for the necessary processing of personal data to safeguard legitimate interests – including the legitimate interests of third parties – provided that the fundamental rights and freedoms of the data subject do not override them. Such interests include the sustainable, humane, secure, and reliable execution of our activities and operations, ensuring information security, protection against misuse, enforcement of our legal claims, and compliance with Swiss law.

  • Art. 6(1)(c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under applicable law in the Member States of the European Economic Area (EEA).

  • Art. 6(1)(e) GDPR for the necessary processing of personal data to perform a task carried out in the public interest.

  • Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.

  • Art. 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.

  • Art. 9(2) GDPR for the processing of special categories of personal data, particularly with the consent of the data subjects.

The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of particularly sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR).

3. Type, Scope, and Purpose of the Processing of Personal Data

We process the personal data necessary to carry out our activities and operations sustainably, humanely, securely, and reliably. The processed personal data may fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, provided such processing is legally permissible.

We process personal data as necessary with the consent of the data subjects. In many cases, we can process personal data without consent, for example, to fulfill legal obligations or to protect overriding interests. We may also seek consent from data subjects when their consent is not required.

We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data, particularly in accordance with statutory retention and limitation periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties include specialized service providers whose services we use.

We may disclose personal data, for example, to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations, and associations, social institutions, telecommunications companies, and insurers.

5. Communication

We process personal data to communicate with third parties. In this context, we particularly process data provided by a data subject when contacting us, for example, by letter or email. We may store such data in an address book or similar tools.

Third parties who transmit data about other persons are obliged to ensure data protection concerning such data subjects. This includes ensuring the accuracy of the transmitted personal data.

We use selected services from appropriate providers to communicate better with third parties.

We specifically use:

  • Wix CRM: Customer Relationship Management (CRM); Provider: Wix; Wix CRM-specific information: "Wix CRM".

6. Applications

We process personal data of applicants as necessary to assess suitability for employment or to carry out an employment contract. The necessary personal data is derived particularly from the requested information, for example, in the context of a job advertisement. We may publish job advertisements with the help of suitable third parties, for example, in electronic and print media or on job portals and job platforms.

We also process personal data that applicants voluntarily provide or publish, particularly as part of cover letters, resumes, and other application documents, as well as online profiles.

If the GDPR is applicable, we process personal data of applicants in accordance with Art. 9(2)(b) GDPR.

We may allow applicants to store their information in our talent pool so that we can consider them for future job openings. We may also use such information to maintain contact and provide updates. If we believe that an applicant is suitable for an open position based on the information provided, we may inform the applicant accordingly.

7. Data Security

We take appropriate technical and organizational measures to ensure data security that is commensurate with the risk. With our measures, we particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data, although we cannot guarantee absolute data security.

Access to our website and other online presence is via transport encryption (SSL/TLS, particularly with the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers warn against visiting websites without transport encryption.

Our digital communication is subject – like all digital communication – to mass surveillance without cause and suspicion by security authorities in Switzerland, elsewhere in Europe, in the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police, and other security authorities. We also cannot rule out that a data subject may be specifically monitored.

8. Personal Data

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly to process it there or have it processed.

We may export personal data to any country or territory on Earth, provided the local law ensures adequate data protection according to the Swiss Federal Council's decision and – if and to the extent the GDPR is applicable – also according to the European Commission's decision.

We may transfer personal data to countries whose laws do not ensure adequate data protection, provided data protection is ensured for other reasons, particularly based on standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, such as the explicit consent of the data subjects or a direct connection with the conclusion or execution of a contract. We are happy to provide information about any safeguards or provide a copy of any guarantees upon request.

9. Rights of Data Subjects

9.1 Data Protection Claims

We grant data subjects all claims under applicable data protection law. Data subjects have the following rights:

  • Information: Data subjects may request information on whether we process personal data about them, and if so, which personal data. Data subjects also receive the information necessary to assert their data protection claims and ensure transparency. This includes the personal data processed as such, but also information on the processing purpose, retention period, any disclosure or export of data to other countries, and the origin of the personal data.

  • Correction and Restriction: Data subjects may have inaccurate personal data corrected, incomplete data completed, and the processing of their data restricted.

  • Deletion and Objection: Data subjects may have personal data deleted ("Right to be Forgotten") and object to the processing of their data with future effect.

  • Data Delivery and Transfer: Data subjects may request the delivery of personal data or the transfer of their data to another controller.

We may delay, restrict, or deny the exercise of data subject rights within the legally permissible framework. We may inform data subjects about any requirements to exercise their data protection rights.

We are required to ensure the identity of data subjects who request information or assert other rights using appropriate measures. Data subjects are required to cooperate.

Data subjects may assert their data protection claims through our contact details. Data subjects may contact us free of charge. However, we may charge a fee for processing excessive or repeated requests within the legally permissible framework.

Data subjects have the right to appeal to a competent data protection supervisory authority.

In Switzerland, the Federal Data Protection and Information Commissioner (FDPIC) is the data protection supervisory authority.

9.2 Legal Protection

Affected individuals have the right to enforce their data protection claims through legal channels or to file a complaint with a data protection supervisory authority.

The data protection supervisory authority for private data controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), the data protection supervisory authorities are federally structured, particularly in Germany.

10. Use of the Website

10.1 Cookies

We may use cookies. Cookies, whether our own (first-party cookies) or those from third parties whose services we use (third-party cookies), are data stored in the browser. Such stored data does not necessarily have to be limited to traditional text-based cookies.

Cookies can be stored in the browser temporarily as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies, in particular, allow a browser to be recognized on a subsequent visit to our website and thereby enable, for example, the measurement of the reach of our website. Permanent cookies can also be used for online marketing purposes.

Cookies can be fully or partially disabled and deleted at any time in the browser settings. Without cookies, our website may no longer be available in its full scope. We request express consent for the use of cookies at least when and to the extent necessary.

For cookies used for performance and reach measurement or advertising, a general opt-out is possible for many services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging

We may log at least the following details for each access to our website and other online presence, provided these details are transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including data volume transferred, and the last webpage accessed in the same browser window (referrer).

We log such details, which may also constitute personal data, in log files. This information is necessary to be able to provide our online presence on a permanent, user-friendly, and reliable basis. The information is also necessary to ensure data security, including through third parties or with the help of third parties.

10.3 Tracking Pixels

We may incorporate tracking pixels into our online presence. Tracking pixels, also known as web beacons, are typically small, invisible images or scripts written in JavaScript that are automatically retrieved when accessing our online presence. Tracking pixels, including those from third parties whose services we use, can capture at least the same details as log files.

11. Notifications and Communications

11.1 Performance and Reach Management

Notifications and communications may contain weblinks or tracking pixels that record whether a particular communication was opened and which weblinks were clicked. Such weblinks and tracking pixels may also record the usage of notifications and communications on a personal level. We require this statistical tracking of usage for performance and reach measurement to be able to send notifications and communications effectively and user-friendly, as well as on a permanent, secure, and reliable basis, according to the needs and reading habits of the recipients.

11.2 Consent and Objection

You generally need to consent to the use of your email address and other contact addresses unless their use is permitted for other legal reasons. For the purpose of obtaining double-confirmed consent, we may use the "double opt-in" procedure. In this case, you will receive a message with instructions for double confirmation. We may log the consents obtained, including IP address and timestamp, for evidentiary and security reasons.

You can generally object to receiving notifications and communications, such as newsletters, at any time. By objecting, you can also object to the statistical tracking of usage for performance and reach measurement. Necessary notifications and communications related to our activities and operations are reserved.

12. Social Media

We are present on social media platforms and other online platforms to communicate with interested parties and inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The general terms and conditions (GTC) and terms of use, as well as privacy policies and other provisions of the respective platform operators, also apply. These provisions particularly inform about the rights of affected individuals directly vis-à-vis the respective platform, which may include the right to access information.

13. Services of Third Parties

We use services from specialized third parties to be able to conduct our activities and operations on a permanent, user-friendly, secure, and reliable basis. With such services, we can embed functions and content into our website, among other things. When such content is embedded, the services used, for technical reasons, must at least temporarily capture the IP addresses of users.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes performance or usage data, for example, to provide the respective service.

We use, in particular:

  • Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) partially for users in the European Economic Area (EEA) and Switzerland; General information on data protection: "Privacy & Terms," "How Google uses personal data," Privacy Policy, "Google is committed to complying with applicable data protection laws," "Data Privacy in Google Products," "How we use data from sites or apps that use our services," "Types of cookies and similar technologies used by Google," "Ads you can control" ("Personalized Advertising").

  • Microsoft Services: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General information on data protection: "Privacy at Microsoft," "Privacy & Data Security," Privacy Policy, "Data and privacy settings."

13.1 Digital Infrastructure

We use services from specialized third parties to obtain the necessary digital infrastructure related to our activities and operations. This includes, for example, hosting and storage services from selected providers.

We use, in particular:

  • Wix: Website builder and other infrastructure; Providers: Wix.com Ltd. (Israel) together with Wix.com Ltd. (USA) / Wix.com Inc. (USA) / Wix.com Luxembourg S.à r.l. (Luxembourg); Information on data protection: Privacy Policy, "Data Protection & Security," "Wix Help Center 'Privacy'" including Cookie Policy.

13.2 Social Media Functions and Social Media Content

  • We use services and plugins from third parties to embed functions and content from social media platforms and to enable sharing of content on social media platforms and other channels.

  • We use, in particular:

  • LinkedIn Consumer Solutions Platform: Embedding functions and content from LinkedIn, for example, with plugins like the "Share Plugin"; Provider: Microsoft; LinkedIn-specific information: "Privacy," Privacy Policy, Cookie Policy, Cookie Management / Objection to LinkedIn email and SMS communications, objection to interest-based advertising.

13.3 Maps

We use services from third parties to embed maps into our website.

We use, in particular:

  • Google Maps including Google Maps Platform: Mapping service; Provider: Google; Google Maps-specific information: "How Google uses location data."

14. Performance and Reach Management

We aim to measure the success and reach of our activities and operations. In this context, we may also measure the impact of third-party references or test how different parts or versions of our online offerings are used ("A/B testing"). Based on the results of performance and reach measurement, we can correct errors, reinforce popular content, or make improvements.

In most cases, the IP addresses of individual users are captured for performance and reach measurement. IP addresses are generally shortened ("IP masking") in this case to follow the principle of data minimization through corresponding pseudonymization.

Cookies may be used for performance and reach measurement, and user profiles may be created. Any created user profiles typically include the specific pages visited or content viewed on our website, information about the size of the screen or browser window, and the approximate location. Any created user profiles are generally only pseudonymized and not used to identify individual users. Certain services from third parties, where users are logged in, may link the use of our online offering to the user account or user profile on the respective service.

We use, in particular:

  • Google Marketing Platform: Performance and reach measurement, particularly with Google Analytics; Provider: Google; Google Marketing Platform-specific information: Measurement also across different browsers and devices (cross-device tracking) with pseudonymized IP addresses, which are only exceptionally transferred fully to Google in the USA, Privacy Policy for Google Analytics, "Browser Add-on to disable Google Analytics."

15. Final Provisions

We created this privacy policy using the Privacy Policy Generator from Datenschutzpartner.

We may adapt and supplement this privacy policy at any time. We will inform you about such adaptations and additions in an appropriate manner, particularly by publishing the current privacy policy on our website.

This privacy policy is a machine translation from our German Privacy Policy ("Datenschutzerklärung")

bottom of page