Website Terms of Use and Privacy Notice of Arcplace AG

Arcplace is committed to protecting your Personal Data, taking its commitment in this regard very seriously. For this reason, we would like to take this opportunity to inform you about the processing of your data, specifically the type, scope and purpose of its collection and use.

Our company always strives to ensure the comprehensive protection of your data, while fully complying with applicable legal regulations, in particular the European General Data Protection Regulation (GDPR) and the Swiss Data Protection Law (DSG) as well as any other country-specific data protection regulations applicable to us.

As the Controller, the company has implemented numerous technical and organizational measures to ensure the most complete protection of Personal Data processed on its website.

This Privacy Policy is intended to inform Data Subjects about the nature, scope and purpose of the Personal Data that we collect, use and process, especially in connection with our website. It will, in addition, inform you, the Data Subject, of your rights.

The information will always be kept available on our website.

1. Definitions

Our Privacy Policy is based on the terms used by European lawmakers in the GDPR. The aim is to ensure that the general public can easily read and understand the Policy’s provisions, including our customers and business partners. For this purpose, we would like to explain some of the terms used in advance.

  1. Processor: a Processor is a natural or legal person, public authority, agency or other body that processes Personal Data for the Controller.
  2. Data Subject: Data Subject refers to any identified or identifiable natural person whose Personal Data is processed by the Controller.
  3. Cookies: Cookies are text files that are placed and stored on a computer system by means of an internet browser.
  4. Third Party: a Third Party is a natural or legal person, public authority, agency or other body other than the Data Subject, the Controller, the Processor and the persons authorized to process the Personal Data under the direct responsibility of the Controller or the Processor.
  5. Recipient: a Recipient is a natural or legal person, public authority, agency or other body to which Personal Data is disclosed, whether or not it is a Third Party.
  6. Consent: Consent means any freely given specific and informed indication of the Data Subject's wishes, in the form of a statement or other unambiguous affirmative act by which the Data Subject signifies his or her agreement to the Processing of his or her Personal Data.
  7. Personal Data: Personal Data means any information relating to an identified or identifiable natural person (Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  8. Pseudonymization: Pseudonymization is the Processing of Personal Data in such a way that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, providing such additional information is kept separate and is subject to technical and organizational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.
  9. Profiling: Profiling is any type of automated Processing of Personal Data that consists of using such Personal Data to evaluate certain personal factors relating to a natural person, in particular to analyse or predict factors relating to the natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
  10. Processing: Processing means any operation or set of operations which is performed on Personal Data, whether or not by automatic means, such as collection, logging, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  11. Controller: the Controller is the natural or legal person, public authority, agency or other body that, solely or jointly with others, determines the purposes and means of the Processing of Personal Data.

2. Name and address of Controller

This Privacy Policy applies to all data that we process in our capacity as Controller within the meaning of the GDPR and DSG.

See Impressum 

You can reach our Data Protection Officer at the address of Arcplace (see Impressum), or by sending an email to dataprivacy@arcplace.ch.

Data Subjects may always address any questions or suggestions regarding data protection directly to our Data Protection Officer.

3. Cookies

Our webpages make use of cookies. These small text files are automatically created by an internet browser and stored on a computer system or end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, nor do they contain any viruses, Trojans or other malware. The information stored in the cookie (i.e. the cookie ID) is related to the specific end device used. A cookie ID is a unique identifier of the cookie, consisting of a string of characters by which webpages and servers can be assigned to the specific internet browser by means of which the cookie was saved. It enables the visited webpages and servers to distinguish the Data Subject’s browser from other internet browsers that contain other cookies. Although a specific internet browser can be recognized and identified by the unique cookie ID, it is not the case that we thereby gain immediate knowledge of your identity.

Cookies allow us to provide you, the user, with more user-friendly services that would not be possible without the cookie setting. Using a cookie makes it possible to personalize the information and offers on our website in order to meet user interests. As previously mentioned, cookies enable us to recognize the users of our website and, thereby, make it easier for them to use the site.

For example, "session cookies" may be used to identify your previous visits to individual pages of our website. These cookies are automatically deleted after you leave our site.

The data processed by technically necessary cookies is required for the above-mentioned purposes of protecting our legitimate interests pursuant to Art. 6(1)(1)(f) GDPR resp. Art. 31 DSG.

Other temporary cookies used to enhance user-friendliness may also be stored on your terminal device for a defined period of time. Should you return to our site in order to make use of our services, they allow us to automatically recognize you as a repeat visitor and identify the entries and settings that you previously used, so that you do not have to enter them again. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the site, as this procedure is handled by the website after being triggered by the cookie stored on the user's computer system.

Still other types of cookies are used to statistically record use of our website and to evaluate it in order to improve our services for you. These cookies enable us to automatically recognize that you have previously visited our site, should you happen to return. They are automatically deleted after a defined period of time.

The legal basis for setting these cookies, which are not technically necessary for the operation of the homepage, is your consent pursuant to Art. 6(1)(a) GDPR resp. Art. 31 DSG. You can withdraw your consent at any time by deleting the cookies in your browser. Please note that the withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to withdrawal.

Please provide your Consent ID and date when contacting us regarding your Consent.

The Data Subject (i.e. you) can prevent our website from setting cookies at any time by means of an appropriate internet browser setting, thereby permanently blocking cookies from being used. Furthermore, all common internet browsers allow users to delete existing cookies at any time. Disabling the cookie function in the utilized internet browser will however prevent some of the functions on our website from being fully usable.

4. Scope, legal basis and purpose of the collection of general data and information and their processing

Our website collects a variety of general data and information each time a Data Subject accesses the site, storing it in log files on the server. The following general data and information may be logged

  1. browser types and versions used,
  2. operating system used by the accessing system,
  3. website from which an accessing system arrives at our website ("http referer"),
  4. sub-websites that are accessed via an accessing system on our website,
  5. date and time of an access to the internet site,
  6. internet protocol address (IP address),
  7. internet service provider of the accessing system,
  8. other similar data and information that serve to avert danger in the event of attacks on our information technology systems, and
  9. user name and password in the customer login area.

No conclusions are drawn about the Data Subject when using this general data and information. It is rather required in order to  

  1. deliver the contents of our website correctly,
  2. optimize the content of our website and the advertising for it,
  3. ensure the long-term functionality of our information technology systems and the technology of our website, and 
  4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack. Therefore, the data and information collected is statistically analysed by us and/or evaluated with the aim of increasing the data protection and data security of our enterprise in order to ultimately ensure the best possible level of protection for the Personal Data we process. The data in the server log files is stored separately from any Personal Data provided by a Data Subject.

The legal basis for the collection and storage of the above-mentioned data is our legitimate interests pursuant to Art. 6(1)(f) GDPR resp. Art. 31 DSG involving the maintenance and operation of a homepage.

5. Sharing data; Recipients

To provide you with the best possible service and to promote our business, we may transfer certain data internally or to selected Third Parties. There may also be a specific legal or statutory obligation that requires us to disclose your Personal Data to Third parties.

The parties to which we may disclose your information include:

  • other affiliates or subsidiaries of companies of Arcplace, e.g., to provide basic technology to support the services we provide;
  • our service providers, e.g., for managing or hosting services and/or enabling technology for the services we provide;
  • our business partners, to the extent you have purchased or expressed interest in a product or service from such business partner, interacted with such business partner, or otherwise consented to the disclosure of your personal information to such business partner;
  • cooperating partners or organizations, for example, to provide usage information to companies that provide you access to our services, if you access our products through such companies;
  • a buyer or successor in interest in a sale or other corporate transaction involving part or all of our business;
  • other parties, e.g., as needed for external audits, compliance, risk management, corporate development and/or corporate governance matters; or government entities and government agencies, as required by applicable law.
  • Google (see Section 15b, below)

Whenever we share Personal Data internally or with Third Parties in other countries, we will implement appropriate safeguards in accordance with applicable data protection laws, including, where applicable, the EU Standard Contractual Clauses when transferring data to countries outside the European Union or the European Economic Area. As required by applicable law, Third Parties must use appropriate safeguards to protect Personal Data and may only access Personal Data as needed to perform their respective tasks.

Your Personal Data will not, however, be transferred to Third Parties for any purposes other than those set out in this Privacy Policy. In this respect we only share your Personal Data with Third Parties if:

  1. you have given your express consent to this;
  2. the disclosure is necessary to safeguard our legitimate interests (e.g. data transfer within the   of companies) or to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data;
  3. in the event that there is a legal obligation to pass it on, and
  4. this is legally permissible and necessary for the processing of contractual relationships with you.

6. Registration and contacting on our website or via Google Ads

As a Data Subject, you may choose to provide Personal Data in order to register on our website or via Goole Ads forms. This data will be transmitted to us in our capacity as Controller on the basis of the input screen used for the registration process. 

The personal data you enter will be collected, processed and stored exclusively for the stated or identifiable purposes (e.g. the provision of certain content on the website, the provision of certain services, the performance of a contract or the implementation of pre-contractual measures). Within the scope of these purposes, we or the data controller may arrange for the data to be passed on to processors, such as a payment service or logistics company, who also use the personal data exclusively for the purpose specified in the GDPR resp. DSG and for which we are responsible. 

Our website contains, among other things, due to legal regulations, details that enable a quick electronic contact to our company as well as an immediate communication with us. If you contact us by email, via our contact form or chat, the personal data you provide will be automatically stored. Such personal data transmitted to us by you on a voluntary basis will be processed for the purpose of handling or contacting you.

The legal basis for the processing is usually our legitimate interest according to Art. 6(1)(f) DSGVO or Art. 6(1)(b) DSGVO resp. Art. 31 DSG, if it is about the fulfilment of a contract with you or it is about initiating a contract.

By registering or contacting us on our website, the IP address assigned by the Internet service provider (ISP) of the person concerned, the date and the time of registration are also stored. This data is stored in order to prevent misuse of our services. 
 
By entering data on the website, you give your consent to their use in the above sense. The legal basis can be found in Art. 6 DSGVO resp. Art. 31 DSG.

Our website uses HubSpot, a software of HubSpot Inc, USA. This software is used in the so-called area of inbound marketing and helps us to better coordinate and optimize our marketing strategy by means of statistical analyses and evaluation of logged user behaviour, among other things. Cookies are used. You can prevent the storage of cookies at any time by setting your browser software accordingly resp. delete the cookies already stored. Please note that if cookies are blocked, you may not be able to make full use of the services provided on our website. The customer data collected via HubSpot cookie (e.g. surname, first name, company, telephone, email, etc.) is stored in the USA. HubSpot is committed to protecting EU data transfers in accordance with Standard Contractual Clauses (SCC). You can find more information about this at https://www.hubspot.com/data-privacy/privacy-shield. In the event of deletion, the data will remain in HubSpot for 30 days after Arcplace has deleted it from the tool.

For more information, please see the Terms of Use and Privacy Policy of HubSpot Inc. at https://legal.hubspot.com/dpa, https://legal.hubspot.com/terms-of-service and https://legal.hubspot.com/privacy-policy.

You may request information about the Personal Data retained about you, the Data Subject, at any time. Furthermore, we will correct or delete Personal Data at your explicit request or notice, providing this action does not conflict with any statutory retention obligations. Our aforementioned Data Protection Officer (see Section 2) is available to you as contact persons in this connection.

7. Subscription to our Blog

On our website, users are offered the opportunity of subscribing to our company's blog update. The Personal Data transmitted to us in our capacity as Controller when subscribing to the blog update is specified in the corresponding input screen. 

The blog updates can generally only be received by you, the Data Subject, if 

  1. you have a valid email address and 
  2. you subscribe to the blog update. 

We also store the IP address that the internet service provider (ISP) assigns to the computer system used by the Data Subject when subscribing to the blog update, as well as the date and time of the subscription. The collection of this data is necessary in order to track the (possible) misuse of a Data Subject's email address at a later date and therefore provides us with legal protection. 

Personal Data collected in connection with blog update subscription will be used exclusively for the purpose of distributing our blog updates. Furthermore, blog update subscribers may be informed by email of any changes to the blog update offer or technical circumstances, should it be necessary for either the subscription to or provision of the blog service. 

Your Consent in accordance with Art. 6(1)(a) GDPR resp. Art. 31 DSG provides the legal basis for the collection and Processing of your data in connection with blog update subscription. 

The subscription to our blog update can be cancelled by you at any time. Your consent to the retention of Personal Data, which you have provided so we can send you the blog update, can be withdrawn at any time with future effect. The lawfulness of the data processing up to the time of withdrawal remains unaffected. A corresponding link can be found in each blog update for the purpose of withdrawing Consent.

8. Blog update tracking

Our blog update contains tracking pixels, which are miniature graphics embedded in emails sent in HTML format to enable log file tracking and log file analysis. This process allows us to statistically evaluate the success or failure of online marketing campaigns. Based on the embedded tracking pixels, we can determine if and when an email was opened by a Data Subject, and the links contained in the email that the Data Subject clicked. 

Personal Data collected by the tracking pixels contained in the blog update is retained and evaluated in order to improve distribution and to better adapt the content of future blog updates to the interests of the Data Subject. The separate declaration of Consent made in this regard may be withdrawn at any time with future effect. After withdrawal, we or the Controller will delete your Personal Data. Cancellation of a blog update subscription will be automatically interpreted as a withdrawal of Consent. 

The legal basis for the collection and processing of your data in the context of newsletter tracking is your consent pursuant to Art. 6(1)(a) GDPR resp. Art. 31 DSG, which can be withdrawn at any time with future effect but without affecting the lawfulness of the Processing up to the time of the withdrawal.

9. Routine deletion and blocking of Personal Data

We process and retain your Personal Data only for the period of time necessary to achieve the purpose for which it is collected or insofar as this retention is required EU or relevant national lawmakers, whose laws or regulations apply to us, e.g. due to retention periods.

If the reason for retention no longer applies or if a retention period prescribed by the EU or national lawmakers applicable to us expires, the Personal Data will be routinely deleted, blocked or restricted for Processing in accordance with the statutory provisions.

10. Rights of the Data Subject

As a Data Subject, you are afforded the rights listed below, which you may assert against us at any time:

a. Right of appeal
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the supervisory authority of your usual place of residence or place of work or our registered office in accordance with Art. 77 GDPR resp. Art. 49 ff. DSG, should you be of the opinion that the Processing of Personal Data concerning you violates the GDPR or DSG.

The supervisory authority to which the complaint is lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR. For Switzerland, the provisions pursuant to Art. 49 ff. DSG apply.

b. Right to confirmation
Under Art. 15 GDPR resp. Art. 25 DSG, you have the right to request confirmation from us at any time concerning our Processing of your Personal Data. 

c. Right to information
Pursuant to Art. 15 GDPR resp. Art. 25 DSG, you also have the right to obtain information from us at any time and free of charge about the Personal Data that we retain about you. Furthermore, you are also entitled to request other information, including the following:

  • Processing purposes; 
  • categories of Personal Data that are being processed;
  • Recipients or categories of Recipients to which the Personal Data had been or will be disclosed, in particular in the case of Recipients in third countries or international organizations; 
  • if possible, planned duration for which the Personal Data will be retained or, if this is not possible, the criteria for determining this duration; 
  • existence of a right to obtain the rectification or erasure of your Personal Data or to restrict Processing by the Controller, or a right to object to such Processing; 
  • existence of a right of appeal to a supervisory authority; 
  • any available information on the origin of the data, if the Personal Data has not been collected from and by the Data Subject himself/herself;
  • existence of automated decision-making, including Profiling, pursuant to Art. 22(1) and (4) GDPR resp. Art. 21 and 5 DSG and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such Processing for you, the Data Subject.

Furthermore, you have the right to be informed whether Personal Data has been transferred to a third country or to an international organization. If so, you also have the right to obtain information about the appropriate safeguards in connection with the transfer.

d. Right to rectification
In addition, Art. 16 GDPR resp. Art. 32 DSG entitles you to demand the immediate correction of any inaccuracies in your Personal Data. Furthermore, you have the right to request the completion of incomplete Personal Data - including by means of a supplementary declaration – taking the purposes of the Processing into account.

e. Right to erasure (right to be forgotten)
Under Art. 17 GDPR resp. Art. 32 DSG, you may also request that your Personal Data be erased without undue delay, providing one of the following reasons specifically applies and providing the Processing is not necessary:

  • Personal Data was collected or otherwise processed for such purposes for which it is no longer necessary; 
  • Data Subject withdraws the Consent on which the Processing was based pursuant to Art. 6(1)(a) GDPR resp. Art. 31 DSG and there is no other legal basis for the Processing; 
  • Data Subject objects to the Processing pursuant to Art. 21(1) GDPR resp. Art. 32 DSG and there are no overriding legitimate grounds for the Processing, or the Data Subject objects to the Processing pursuant to Art. 21(2) GDPR resp. Art. 32 DSG; 
  • Personal Data has been processed unlawfully; 
  • erasure of Personal Data is necessary for compliance with a legal obligation. 

If the Personal Data has been made public by us, and our company, as the Controller, is required to erase the Personal Data pursuant to Art. 17(1) GDPR resp. Art. 32 DSG, we shall implement reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, in order to inform other data controllers processing the published Personal Data that you, as the Data Subject, have requested these other data controllers to erase all links to such Personal Data or copies or replications of such Personal Data. 

f. Right to restrict Processing
Art. 18 GDPR resp. Art. 32 DSG entitles you to request restriction of Processing if one of the following conditions is met:

  • accuracy of the Personal Data is contested by the Data Subject for a period enabling the Controller to verify the accuracy of the Personal Data; 
  • Processing is unlawful, the Data Subject objects to the erasure of the Personal Data and requests instead restriction of the use of the Personal Data; 
  • Controller no longer needs the Personal Data for the purposes of the Processing, but the Data Subject needs it for the establishment, exercise or defence of legal claims;
  • Data Subject has objected to the Processing pursuant to Art. 21(1) GDPR resp. Art. 32 DSG, and it is not yet clear whether the legitimate grounds of the Controller override those of the Data Subject.

g. Right to data portability
Pursuant to Art. 20 GDPR resp. Art. 32 DSG, you have the right to receive any Personal Data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, providing the Processing is based on Consent pursuant to Art. 6(1)(a) GDPR resp. Art. 31 DSG or Art. 9(2)(a) GDPR resp. Art. 31 DSG or on a contract pursuant to Art. 6(1)(b) GDPR resp. Art. 31 DSG, providing the Processing has been carried out with the aid of automated procedures and providing the Processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

When, furthermore, exercising your right to data portability pursuant to Art. 20(1) GDPR resp. Art. 32 DSG, you have the further right to have the Personal Data transferred directly from us to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons.

h. Right of objection
Furthermore, Art. 21 GDPR resp. Art. 32 DSG grants you the right, at any time and for reasons arising from your particular situation, to object to the Processing of Personal Data relating to you that is being carried out on the basis of Art. 6(1)(f) GDPR resp. Art. 31 DSG. This also applies to Profiling based on these provisions.

In the event of such objection, we shall no longer process the Personal Data unless we can demonstrate compelling legitimate grounds for the Processing which override your interests, rights and freedoms as a Data Subject or unless the Processing serves the purpose of asserting, exercising or defending legal claims.

If we process Personal Data for the purpose of direct marketing, you have the right to object at any time to the processing of Personal Data for such purpose. This also applies to Profiling, insofar as it is associated with such direct marketing. If you object to our Processing for direct marketing purposes, we will, of course, no longer process this Personal Data for such purposes.

i. Automated decisions in individual cases including Profiling
Under Art. 22 GDPR resp. Art. 21 DSG you also have the right not to be subject to a decision based solely on automated processing - including Profiling - that produces legal effects concerning you or significantly impacts you in a similar manner, providing the decision is 

  1. not necessary for the conclusion or performance of a contract between you and us; or 
  2. permitted by legislation and that legislation contains appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the Data Subject; or 
  3. made with your explicit Consent.

If the decision is necessary for the conclusion or performance of a contract between you and us or if it is made with your explicit consent, we will take reasonable steps to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a responsible person, to express your point of view and to contest the decision.

j. Right to withdraw Consent under data protection law and data subject rights
To clarify, we explicitly reiterate that you have the right to withdraw your Consent to the Processing of Personal Data at any time.

If you would like to exercise one of the rights to which you are entitled in accordance with subsections b) to j) of this section and make use of your rights, please contact our Data Protection Officer referred to in Section 2 above.

In the event that the right to erasure (subsection e) and restriction of processing (subsection f) is asserted, we will comply with the respective request without undue delay and, in individual cases, take the necessary steps.

11. Data protection during applications and the application process

Our company collects and processes your Personal Data as a job applicant for the purpose of completing the application process. The processing may also take place electronically, as is particularly the case if you send us corresponding application documents electronically, for example by email or via a web form located on the website. We have set up our own homepage for our job advertisements at https://arcplace.softgarden.io/en/vacancies.

If the application process is successful and we conclude an employment contract with you, the transmitted data will be stored for the purpose of Processing the employment relationship in compliance with the statutory provisions pursuant. 

Your data will be stored for the duration of the application process and in accordance with legitimate retention periods after completion of the application process. In case of a cancellation, the data will be kept for 6 months. After the retention period has expired, the data is completely anonymized. The processing of anonymized data records is not subject to the material scope of data protection regulations, so that anonymized data may be processed for statistical and analytical purposes, for the preparation of market studies or for product development. You can find more information in the data protection declaration of the Arcplace career portal and applicant management system at https://arcplace.softgarden.io/en/data-security?2.

12. General information on the legal basis for Processing

DSG and GDPR serve as the legal basis for our company with regard to processing operations in which we obtain Consent for a specific processing purpose. 

Important legal bases of the GDPR are: For processing operations where we obtain consent for a specific processing purpose Art. 6(1)(a) GDPR. If the Processing of Personal Data is necessary for the performance of a contract concluded between you and us, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the Processing is based on Art. 6(1)(b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which the processing of Personal Data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the Processing of Personal Data might become necessary to protect vital interests of you or another natural person. Such would be the case, for example, if a visitor were to be injured on our premises and, as a result, his or her name, age, health insurance data or other vital information had to be transferred to a doctor, hospital or other Third Party. The Processing would then be based on Art. 6(1)(d) GDPR. Finally, processing operations could be based on Art. 6(1)(f) GDPR if the Processing is necessary to protect a legitimate interest of our company or a Third Party, providing the interests, fundamental rights and freedoms of the Data Subject are not overridden. In the Swiss DSG, similar reasons for justification for data processing are regulated in Art. 31 DSG. 

13. Legitimate interests in the Processing pursued by the Controller or a Third Party

If the Processing of Personal Data is based on Art. 6(1)(f) GDPR resp. Art. 31 DSG, our legitimate interest may, in addition to the cases already mentioned in this policy statement, include the conduct of our business to benefit the well-being of all our employees and shareholders.

14. Period for which Personal Data is retained

The criterion determining the period for the retention of Personal Data is the respective statutory retention period. The relevant data is routinely deleted on expiry of this period. Finally, the retention period is also based on statutory limitation periods.

15. Legal or contractual requirements to provide Personal Data; necessity for the conclusion of a contract; obligation of the Data Subject to provide Personal Data; possible consequences of not providing the data

We would also like to inform you that the provision of Personal Data may be necessary for the conclusion of a contract if, for example, you contact us via our homepage in the course of initiating a contract. Failure to provide Personal Data would mean that the contract with you cannot be concluded. 

Otherwise, you are not required to provide your data when visiting our website. However, if you do not do this, it can lead to a limited user experience.

A Data Subject may contact our Data Protection Officer prior to providing personal data. Our Data Protection Officer will inform the Data Subject on a case-by-case basis whether the provision of the Personal Data is required by law or by contract, whether it is necessary for the conclusion of a contract, whether there is an obligation to provide the Personal Data and what the consequences of not providing the Personal Data would be. 

16. Data security

When you visit our website, we use the widespread SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. You can tell whether an individual sub-page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by Third Parties. Our security measures are continuously improving to keep pace with technological developments.

17. Data protection information on direct marketing and Google Analytics

The following special topics relevant to data protection are important in the context of our internet presence:

a. Privacy policy on the use and application of direct marketing
We are entitled to use the email address that you provided when registering for services requiring registration for purposes of direct marketing of our own or similar services, as well as for general information about our services. The legal basis for this usage is our legitimate interest in direct marketing pursuant to Art. 6(1)(f) GDPR resp. Art. 31 DSG. If, however, you do not wish to receive direct marketing messages (any longer), you may refuse this use of your email address at any time. To do so, simply write to us at dataprivacy@arcplace.ch or contact us by using our general contact form at https://www.arcplace.ch/en/contact/.

b. Google Analytics
Google Analytics cookies are used for the statistical purposes of Google Analytics. Google Analytics is a web analysis service of Google Inc. based in the USA ("Google"). Cookies are used in order to analyse how visitors use the website, which pages they visit, how long they remain on the pages etc. The information generated by Google Analytics regarding your use of the website (including your IP address) will be transferred to one of Google's servers in the USA and stored there. Google will use this information in order to analyse your use of the website, to compile reports on website activity for website operators and to provide additional services related to the use of the website and of the Internet. Google will also transfer this information where necessary to third parties insofar as required by law or where third parties process such data on behalf of Google. In this regard, we explicitly draw your attention to the fact that the statutory protection provided for personal data in the USA is not equivalent to that available in Europe.

We use the reports generated by Google in order to continuously improve our pages and to satisfy customer requirements. Please consult the Terms of Service of Google Analytics: https://marketingplatform.google.com/about/analytics/terms/gb/
Further information concerning Google Analytics: https://support.google.com/analytics/answer/6004245?hl=en
Duration of storage: from "until the end of the browser session" until "up to 14 months".

You can block the installation of cookies at any time by adjusting the appropriate settings in your browser or set your browser to warn you before accepting cookies and thus decide yourself whether or not you would like to accept cookies. This website may in principle be used without accepting cookies, although individual functions may thereby be limited.

Unless you have already expressly consented to the usage of cookies, in using the website without turning off cookies you consent to the processing of the data concerning you that is obtained using cookies in the manner described in this Privacy Policy and for the purposes specified.

Further information and the applicable Privacy Policy of the Third-Party provider Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Tel.: +353 1 543 1000, Fax: +353 1 686 5660, Email: support-ch@google.com can be found at:
User Terms: https://marketingplatform.google.com/about/analytics/terms/gb/
Privacy Policy: https://policies.google.com/privacy?hl=en&gl=en
Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout?hl=en

18. Links to our social media pages on the networks of Facebook and Instagram

We do not use plug-ins from social networks on our websites. The visible icons are merely links to our social media profiles on the networks of Facebook and Instagram.

When you click these links, the respective site operator processes your Personal Data. If you maintain a profile there and are logged in, the visit to our pages may be linked to your profile.

19. Updating and amending this Privacy Policy

This Privacy Policy is currently valid and was last updated September 2023.

Further development of our internet and service offerings or changes in legal or regulatory requirements may make it necessary to amend this Policy. 

You can access and print out the current Privacy Policy at any time on the website at https://www.arcplace.ch/en/extras/terms-and-conditions-privacy-statement/.