26th June 2019
Protecting personal data and handling the information that you entrust to us responsibly are important concerns for us.
The controller for the data processing that we describe herein is AMAG Import AG (Datenschutz – Alte Steinhauserstrasse 12, CH-6330 Cham), unless stated otherwise in individual cases. If you have any data protection concerns, you can let us know by contacting us at the above contact address. Where possible, please specify what data you are referring to and enclose a copy of your identity card/document in the case of concerns regarding information held or deletion. You can also raise any concerns by emailing them to us at: [email protected]
Our representative in the EEA in accordance with Art. 27 of the GDPR is: AMAG (Vaduz) AG, Austrasse 37, CH-9490 Vaduz.
We primarily process personal data that we receive from our customers as part of our business relationship with them, that we collect from users when operating our website, app and other applications, or that we collect through tracking in line with contractual use (see clause 10 below). Such data includes, in particular, personal information (such as first name and last name, gender, date of birth), addresses (such as postal address, email address, IP address, MAC address), additional contact details (such as phone number), identification document details and copies (in particular passport, ID card and driving licence details), image data, credit score data, location data and data on use and condition of the vehicle.
To the extent allowed, we also gather certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, the press, the internet) or receive such data from other companies within the AMAG Group, from public authorities and other third parties (such as credit bureaus, mailing list brokers). In addition to the data that you provide us directly, the categories of personal data that we receive about you from third parties include information from public registers, information that we learn about you in connection with official and court proceedings, information about you in correspondence and discussions with third parties, credit score information (insofar as we conduct business with you personally), information about you given to us by persons in your personal environment (family members, consultants, legal representatives, etc.) so that we may conclude or execute contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney), information regarding compliance with legal requirements such as those relating to the combat of money laundering and export restrictions, information from banks, insurance companies, our sales and other contracting partners so that you can claim or render services (e.g. payments and purchases made), information from the media and the internet relating to you (insofar as this is appropriate in the specific case, e.g. as part of a job application, press review, marketing/sales, etc.), your addresses and, if applicable, interests and other sociodemographic data (for marketing purposes), data in connection with the use of websites (e.g. IP address, MAC address of the smartphone or computer, details of your device and settings, cookies, date and time of the visit, pages accessed and their contents, functions used, referring website, location details).
If you work for a customer or business partner of ours, your data may also be affected in this capacity.
We use the personal data we collect primarily to conclude and execute our contracts with our customers and business partners, to provide, maintain, protect and improve our services, and to comply with our legal obligations in Switzerland and abroad.
In addition, we process personal data from you and other persons, to the extent that this is permitted and seems appropriate to us, for the following purposes in which we (and sometimes third parties) have a legitimate interest that corresponds to the purpose:
Offering and developing our products, services and websites, apps and additional platforms on which we are present
Checking the credit score and rating of potential and current customers
Communicating with third parties and processing their enquiries (e.g. via contact forms, media enquiries)
Reviewing and optimising procedures to conduct needs analyses for the purpose of approaching customers directly as well as collecting personal data from publicly accessible sources for the purpose of customer acquisition
Advertising and marketing (including holding events) provided that you have not objected to the use of your data (if we send advertising to you as an existing customer, you may object to receiving such advertising at any time, in which case, we would place you on the list of customers to whom advertising should not be sent)
Market and opinion research, media monitoring
Asserting legal claims and defences in connection with legal disputes and official proceedings
Preventing and clarifying criminal acts and other misconduct (e.g. conducting internal investigations, data analyses for the prevention of fraud, managing whitelists and blacklists for the purposes of risk optimisation and exchanging such lists with third parties)
Assuring our operations, in particular IT, our websites, apps and other platforms
Purchasing and selling business areas, companies or parts of companies and other corporate law transactions and the transfer of personal data related to this, business management measures and compliance with statutory and regulatory obligations as well as internal rules of AMAG.
If you have given us consent to process your personal data for specific purposes (e.g. when you signed up to receive newsletters or for conducting a background check), we process your personal data within the scope of, and based on, this consent if we do not have any other legal basis and/or we require such a basis. Any given consent may be withdrawn at any time, although this will not have any effect on data processing that has already been completed.
We also disclose personal data to third parties within the scope of our business activities where this is permitted for the purpose set out in section 4 and where it seems appropriate to us; either because they are processing the data on our behalf or because they wish to use the data for their own purposes. This involves, in particular, the following parties:
Our service providers (within the AMAG Group and externally, such as e.g. banks and insurance companies), including parties processing orders (such as e.g. IT providers and accounting service providers).
Dealers, service partners, suppliers, subcontractors and other business partners.
Authorities, official agencies or courts in Switzerland and abroad.
Purchasers of, or parties interested in, purchasing business areas, companies or other parts of the AMAG Group.
Other parties in potential or actual legal proceedings; all collectively referred to as recipients.
Where necessary for the provision of our services and taking into account the specific purpose, personal data is transmitted to the parties referred to above in Switzerland and the EU as well as to other countries. You must, in particular, expect that your data will be transferred to all countries in which the AMAG Group is represented by Group companies, branches or other offices (this is Switzerland and Liechtenstein), as well as to other European countries and the USA, where some service providers used by us are located. If we transfer data to a country that does not have adequate statutory data protection, we will provide an adequate level of protection, as prescribed by law, through use of the appropriate contracts/measures or the EU Binding Corporate Rules, or will base our actions on the statutory legal exceptions of consent, contract execution, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data, or because it is required to protect the integrity of the data subjects. However, we reserve the right to redact copies for data protection reasons or on grounds of confidentiality, or to provide extracts only.
We process and store your personal data for as long as it is required to meet our contractual and statutory obligations or as long as it is required for the purposes pursued by the processing, i.e. for the entire duration of the business relationship (from the initiation and processing of a contract to its termination as well as a subsequent service phase), and apart from that, in accordance with the statutory obligations regarding retention and documentation. It is possible that personal data will be retained for the period during which claims may be asserted against us, or if we are otherwise obliged by law to retain such personal data, or legitimate business interests require that the personal data be retained (e.g. for evidentiary and documentation purposes). In principle, as soon as your personal data is no longer required for the purposes indicated above, it will be deleted to the extent possible or rendered anonymous. Shorter retention periods of 12 months or less sometimes apply for operating data (e.g. system protocols, logs).
To protect your personal data against unauthorised access and misuse, we take appropriate technical and organisational safety precautions such as issuing directives, providing training, IT and network security solutions, access monitoring and restrictions, pseudonymisation and controls.
In the course of our business relationship, you must provide us with the personal data required to enter into and conduct a business relationship, and to perform the related contractual obligations (as a rule, you do not have a statutory obligation to provide us with data). Without this data, we will generally not be in a position to conclude a contract with you (or with the body or person you represent) or to execute it. In addition, our websites can only be used if certain information ensuring the free flow of data (e.g. IP address) is disclosed.
Our processing of your data is partially automated with the aim of assessing certain personal aspects and allowing us to track the use and condition of our vehicles (profiling). Each vehicle sends us data continuously, which can include personal data (in particular location/GPS data, data concerning the use of the vehicle and the operation of vehicle functions as well as telemetric data, to the extent that this data can be considered personal). This data is collected and used for administrative and contractual processing. In principle, it is not passed on to third parties unless there are applicable laws, official directives or other important reasons (e.g. investigation/clarification in cases of damage, investigation of possible violations of contractual conditions, safety defects, serious technical problems, breach of third-party rights or protection of our property) that require its disclosure. We also use profiling, however, to be able to inform and advise you about products in a targeted manner. For this, we use evaluation tools which facilitate needs-based communication and advertising, including market and opinion research. To establish and conduct the business relationship and also otherwise, we do not, as a rule, use any automated decision-making (such as is governed by Art. 22 of the GDPR). In the event that we use such procedures in individual cases, we will inform you about this separately if this is prescribed by law, and will inform you about the related rights.
Within the scope of the data protection law that applies to you, and insofar as the law provides for it (as in the case of the GDPR), you have the right of access as well as the right to rectification and erasure, the right to restrict data processing and otherwise, the right to object to our data processing, and the right to the provision of certain personal data for the purpose of transmission to another party (the right to data portability). Please note, however, that for our part, we reserve the right to enforce the restrictions prescribed by law, such as if we are obliged to retain or process certain data, if we have an overriding interest in such data (insofar as we may invoke this interest) or need the data to assert claims. A request for information is generally free of charge. A fee may be charged where the request entails a particularly extensive amount of work, the request for information is excessive or notorious, unless there is an interest worthy of protection. If you are likely to incur costs, we will notify you in advance. Regarding the option to withdraw your consent, we refer to section 4. Please note that the exercise of these rights may be in conflict with contractual agreements, and that this may have consequences such as early termination of the contract or costs. In this case, we will inform you in advance if this is not already governed by contract.
The exercise of these rights requires that you provide clear proof of your identity (e.g. by means of a copy of an identification card/document if your identity is otherwise unclear or cannot be verified). To assert your rights, you can contact us at the address indicated in section 2. Furthermore, every data subject has the right to assert their claims in a court of law or to file a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch/edoeb/en/home.html).