We are very pleased about your interest in our company. Data protection is of great importance to hostettler ag. The use of the website of hostettler ag (hereinafter referred to as "hostettler") is generally possible without any indication of personal data. However, if you wish to use special services of our company via our website, it may be necessary to process personal data.
We are committed to handling your personal data responsibly. Consequently, we consider it a matter of course to comply with the Swiss Federal Data Protection Act, the associated Ordinance and other data protection regulations that may be applicable, in particular the EU General Data Protection Regulation (GDPR).
In this privacy statement, we inform you about the most important aspects of data processing at hostettler and about the data protection rights to which you are entitled. This privacy statement covers both online and offline collection of personal data, including data received from various sources, such as the various companies of the hostettler group, our partners in the YAMAHA Switzerland distribution network, YAMAHA Motor Europe N.V. customers, suppliers, business partners, websites, apps, third-party social networks and events.
By way of introduction, you will find our overview "Data Protection: Summary", which is intended to provide you with a brief overview of the most important key points of our data processing. Subsequently, we will provide you with even more detailed information.
The Controller in terms of data protection law is:
hostettler ag Sursee
Tel. +41 41 926 61 11
1.1 Data Protection Officer
The contact details of our data protection Officer are:
Data Protection Officer hostettler group
2 Data protection: summary
In the following, we inform you in a condensed form about the most important key points of our data processing. Naturally, we will provide you with even more detailed information. You will find this immediately below.
2.1 Processed personal data
We use personal data that you provide to us, that we collect about you or that we have received from third parties. The most important are:
- contact details and identification data
- personal details
- contract data, incl. data in connection with repair/warranty/service
- financial data
- interaction and usage data
- website information
2.2 Purposes of the processing
We process personal data primarily to fulfil our legal and contractual obligations.
2.3 Disclosure to third parties
In the course of our business activities, we are dependent on and sometimes obliged to transfer certain data to specific third parties. In no case, however, do we sell your data.
2.4 Place of processing
We generally process personal data in Switzerland or in an EU/EEA country or in another country that has adequate data protection.
3 Data protection: in detail
3.1 Personal data processed by us
Hostettler processes various personal data. These are in particular personal data that:
- we receive in the course of our business relationships from customers, future customers, interested parties, service providers, suppliers, business partners or other persons involved in the business relationships
- we receive from job applicants
- we are legally or contractually obliged to collect
- we collect when you use our website
- we receive from authorities and other third parties (address traders, credit reference agencies).
Depending on the nature of the relationship, we may process some of your personal data, such as:
- contact details and identification data such as surname, first name, address, e-mail address, telephone number
- personal details such as age, gender, nationality, language
- for business users: information about your position within the company
- user account information such as username, password, user account number
- contract data such as contract type, contract content, type of products and services, consumption groups, consumption types, forecast data, applicable terms and conditions, contract start date, contract term, invoice data; this also includes vehicle-related data such as ownership details, dealer, warranty/service
- financial data such as account information, payment information, payment history, average revenue, credit rating data, income, purchasing power
- marginal data from telecommunications traffic such as telephone number, value-added service numbers, date, time and duration of the connection, type of connection, location data, IP address, device identification numbers such as MAC address
- interaction and usage data: Correspondence, preferences and target group information, type of end device, device settings, operating system, software, information from the assertion of rights
- documents and special information for job applications: Letter of motivation, CV and photo, references, diplomas, certificates of education, references of third parties, Interview notes
- website information: IP address, cookie information, browser settings, frequency of visits to the website, duration of visits to the website, search terms, clicks on content, originating website.
3.2 Purposes for which we process personal data and legal basis of processing
We use the personal data we collect primarily to conclude and execute contracts with our customers and business partners.
We also rely on the processing of personal data for the purchase of products and services from our suppliers and subcontractors. If you work for a customer or business partner, your personal data may also be affected in this capacity.
In addition, we also process personal data about you and other individuals, where permitted and where we consider it appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest in accordance with the purpose:
- offering and further developing our products, services and website and other platforms on which we are present
- communication and processing of enquiries (e.g. via contact forms, e-mail, telephone, job applications, media enquiries)
- advertising and marketing (including the organisation of events and contests), insofar as you have consented/not objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time and we will then put you on a blocking list against further advertising mailings)
- market research, media monitoring
- assertion of legal claims and defence in connection with legal disputes and official proceedings
- prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud)
- guarantees of our operations, in particular IT, our website and other platforms.
Insofar as you have given us consent to process your personal data for certain purposes, we process your personal data within the scope of and based on this consent, as far as we have no other legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place. You can send us a revocation by e-mail or by post to the (e-mail) address given in section 1.1.
3.3 Third parties to whom we disclose personal data
We also disclose personal data to third parties within the scope of our business activities and for the above-mentioned purposes, insofar as this is permitted and appropriate, either because they process it for us (data processing by processors) or because they want to use it for their own purposes (data disclosure). This concerns in particular:
- service providers, including processors
- IT service providers (e.g. web hosting providers, email delivery service providers, online tools)
- companies of the hostettler group
- partners in the YAMAHA Switzerland distribution network
- YAMAHA Motor Europe N.V.
- banking institutions and payment service providers
- official bodies and courts.
The recipients are partly domestic, but also partly abroad. In particular, you should expect your data to be transferred to other countries in Europe and the USA, where some of the IT service providers we use are located. If we transfer data to a country that does not have an adequate level of data protection (such as the USA), we require that the recipient takes appropriate measures to protect personal data (e.g. by agreeing to so-called EU standard clauses, current version available here, other precautions or based on justifications).
3.4 Duration of data processing
We process personal data for as long as it is necessary for the fulfilment of our contractual obligations or otherwise for the purposes pursued with the processing, for example for the duration of the entire business relationship (from the initiation, execution to the termination of a contract) as well as beyond that in accordance with the statutory storage and documentation obligations. In this context, it is possible that personal data will be stored for the time during which claims can be asserted against us and insofar as we are otherwise legally obliged to do so or legitimate interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will generally be deleted or anonymised.
4 Visit our website
As a rule, you can use our website without providing any information about yourself. This does not apply to areas and services that naturally require your name, address or other personal data, e.g. orders via our web shop.
In addition, you can contact us on a voluntary basis via e-mail and/or online forms. In doing so, personal data is collected and transferred to us. The corresponding input mask reveals which data this is. The data you transmit will be stored by us for the purpose of processing or contacting you.
4.1 Server log files
When you visit our website, our servers temporarily store each access in a log file, the so-called server log files.
For example, your IP address, the date and time of your visit, the name of the file accessed, the access status (done, partially done, not done, etc.), the web browser and operating system used, as well as other similar information that serves to avert danger in the event of attacks on our information technology systems.
Before we store your IP address, it is anonymised and will not be merged with other data unless you have given us your consent to do so. No personal analysis is carried out and your personal data in the server log files is not linked with any other personal data of yours that may be available unless you have given us your consent to do so.
The purpose of processing this information is to display our website and its content and offers correctly and to ensure data traffic, to optimise our website, content and offers, to ensure the stability and security of our website and systems on a permanent basis and to enable the clarification, defence and prosecution of cyber-attacks, spam and other unlawful acts in relation to our website and systems and to enforce claims in this respect.
We delete your personal data as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of our website, the deletion takes place when the respective session has ended.
For the hosting of the website, we may use services of third parties in Switzerland and abroad who carry out the above processing on our behalf. Currently, our websites are hosted exclusively with European hosting providers and on servers in the EU.
On our website, you have the option of contacting us by e-mail, various online forms and by telephone. Which data is collected in the case of contact via e-mail/online form can be found in the respective grid. Your data will be stored by us for the purpose of processing your enquiry, handling it and in the event of follow-up questions and will not be passed on to unauthorised third parties without your consent. Of course, this also applies to requests that you send to us by post.
The mandatory information is required in order to process your request. The voluntary provision of further data facilitates the processing of your enquiry and enables us to provide you with the requested information.
You can object to this data processing at any time. Please send your objection to the e-mail address mentioned in section 1.1 and we will check your request. In such a case, your contact details will not be processed further.
Your personal data will be deleted as soon as your request has been dealt with. This is the case if the circumstances indicate that the matter in question has been conclusively clarified and the deletion does not conflict with any legal obligations to store data. Please note that deletion may take up to seven days after your request has been dealt with.
At various points on our website, we offer you the opportunity to subscribe to our free newsletter. In order for you to subscribe to our newsletter, you must provide a valid e-mail address, your preferred language and your first and last name. We need this information to send you our newsletter in your preferred language and to address you personally.
If you register for the newsletter but do not yet have an account with us, the newsletter registration takes place in a so-called double opt-in process. This means that you will receive an e-mail after registration in which you must click on a link to confirm your registration.
We may also send you our newsletter if you have purchased one of our products unless you have objected to this and to the extent permitted by law.
Our newsletters may contain, in part and to the extent permitted, graphics and/or web links that record on a personal basis whether, when and how often an individual newsletter was opened in an email application and which web links were clicked on. Such graphics and/or web links record the use of newsletters in order to ensure the quality and enable improvements to the newsletter. You can block the setting of such graphics and/or web links in your e-mail application.
We use the services of the Salesforce Marketing Cloud for the dispatch and the above-mentioned evaluation of our newsletters.
You have the option to unsubscribe from the newsletter at any time and to revoke the consent you have given. To do so, click on the unsubscribe link at the end of each of our newsletters or send your revocation to the e-mail address mentioned in section 1.1.
4.3.2 Mail advertising
We would like to point out that we may use the data we receive from you, in particular your first and last name as well as your postal address, for our own advertising purposes, including sending you interesting offers and information about our products by mail. If you no longer wish to receive our mail advertising, please contact us at the e-mail address or telephone number given in section 1.1 We will then put you on our blocking list and will no longer send you any mail advertising.
4.4 Online applications
If you apply for a job with us, we process the personal data that we receive from you as part of the application process. In addition to your personal details, education, work experience and skills, this includes the usual correspondence data such as postal address, e-mail address and telephone number. In addition, all documents submitted by you in connection with the application, such as a letter of motivation, curriculum vitae and references, will be processed. Furthermore, applicants may voluntarily provide us with supplementary information. This data will only be stored, evaluated, processed or forwarded internally in connection with your application. Furthermore, they may be processed for statistical purposes (e.g. reporting). In this case, no conclusions can be drawn about individual persons.
Your application data is stored separately from other user data and is not merged with it.
Your application data is processed in order to fulfill our (pre-)contractual obligations within the scope of the application procedure.
You can object to this data processing at any time and withdraw your application. Please send your objection to the person named as contact person in the job advertisement or to the e-mail address mentioned in section 1.1.
If we conclude an employment contract with you, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the application procedure ends without employment, your candidate’s data will be stored for a further 6 months for documentation purposes and then deleted, unless you have given us permission to use your details for further application procedures with us. Of course, you have the option to revoke this consent at any time. You can send your revocation to the e-mail address stated in section 1.1 or to the e-mail address stated in the job advertisement.
4.5 Customer account / web shop
If you would like to order something in our web shop, registration of a customer account is required. To do this, enter the required data, such as e-mail address, first and last name, gender, date of birth, choice between private or business customer and a password chosen by you, in the corresponding form. If you are a business customer, we need further information about your company and your position. We need this information to provide you with a password-protected direct access to your data stored with us (for example, inventory and order data) and to process your request.
Registration takes place in the so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you must click on a link to confirm your registration.
If you wish to purchase one of our products, you will be required to provide additional information such as delivery and billing address and the choice of a YAMAHA partner as a service point. We need this information to process your order, deliver the ordered products and ensure correct payment. As part of the order processing, the service providers we use (such as shipping service providers) and the service point you have selected receive the necessary data for order processing.
If you have opted for the Saferpay payment method, the payment will be processed via the payment service provider Worldline Schweiz AG, based in Zurich, Switzerland ("Worldline"). Saferpay complies with the current security standards, in particular the Payment Card Industry Data Security Standard (PCI DSS). Your data will only be passed on for the purpose of payment processing.
You can cancel your customer account at any time by sending us an e-mail to the e-mail address mentioned in section 1.1. If you cancel your customer account, the associated data will be deleted, unless there are legal obligations to store data, or we have an overriding interest in storing it. It is your responsibility to safeguard your personal data upon termination. We are entitled to irretrievably delete all data stored during the term of the contract.
4.6 Address validation
We use "Loqate", an address validation service provided by GB Group Plc, based in the United Kingdom, on our website ("Loqate"). Loqate is used to ensure that no incorrect address data is stored in our systems when you place an order on our website, for example. The contact data you enter in the relevant form, in particular your address, is checked for validity by Loqate directly when you enter it and is not stored beyond that. Loqate compares the information you provide with a database operated by Loqate in the United Kingdom and suggests an alternative address or the correct spelling if an error has crept in during entry.
We use so-called cookies on our website. Cookies are small text files that are placed and stored on your device (laptop, tablet, smartphone or similar) with the help of the browser. They are used to make our website more user-friendly and effective overall and to make your visit to our website as pleasant as possible. Cookies do not cause any damage to your device. They cannot execute any programs and cannot contain any viruses.
Most of the cookies we use are so-called session cookies. These are automatically deleted when you log out or close the browser. Other cookies remain stored on your device beyond the respective usage process and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit. Insofar as other cookies (e.g. cookies to analyse your surfing activities) are stored, these are treated separately in this data protection statement.
You can set up your browser in such a way that it informs you about the setting of cookies so you can allow the acceptance of cookies for certain cases individually or generally exclude them. However, we would like to point out that you may then not be able to use all functions of our website.
4.8 Google Services
On our website, we use various services of Google LLC, based in the USA, or if you have your regular residence in the European Economic Area (EEA) or Switzerland, Google Ireland Ltd, based in Ireland ("Google"). Google LLC is always responsible for the processing of personal data when using "Google Maps" and "YouTube". We use the following Google services on our websites:
- Google Tag Manager
- Google Analytics
- Google Maps
More information on the individual services can be found below.
Google uses technologies such as cookies, web storage in the browser and tracking pixels that enable an analysis of your use of our website. The information generated by this about your use of our website may be transmitted to a Google server in the USA or other countries and stored there. Information about the locations of Google's data centres can be found here.
We use tools provided by Google that Google claims can process personal data in countries where Google or its subcontractors maintain facilities. Google promises in its "Data Processing Addendum for Products where Google is a Data Processor" to ensure an adequate level of data protection by relying on the EU standard contractual clauses.
4.8.1 Google Tag Manager
Our website uses Google Tag Manager. With Google Tag Manager, website tags can be managed efficiently. Website tags are placeholders that are stored in the source code of the respective website in order to record, for example, the integration of frequently used website elements, such as code for web analytics services. Google Tag Manager ensures that other tags are triggered, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
For more information, please see the Google Tag Manager Terms of Service.
4.8.2 Google Analytics
For the purpose of analysing our website and its visitors as well as for marketing and advertising purposes, we use the web analytics service Google Analytics 4.
With Google Analytics 4, the anonymisation of IP addresses is activated by default. This means that your IP address is shortened by Google within Switzerland or the EU/EEA before it is transmitted. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there.
Google uses this information to evaluate your pseudonymous use of our website, to compile reports on website activity and to provide us with other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data, according to Google. When you visit our website, your user activity is recorded in the form of events (such as page views, interaction with the website or your "click path") as well as other data such as your approximate location (country and city), technical information about your browser and the end devices you use or the referrer URL, i.e. via which website / advertising material you came to our website.
You can prevent the collection and transmission of the data generated by the cookie and related to your use of our website (incl. your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser add-on to deactivate Google Analytics. If you wish to object to interest-based advertising by Google, you can use the settings and opt-out options provided by Google.
An overview of the data use in Google Analytics and the measures taken by Google to protect your data can be found in the Google Analytics Help.
4.8.3 Google Maps
We use the online map service Google Maps to integrate interactive maps on our website.
When you call up a website on which Google Maps is embedded, Google Maps will set a cookie. As a rule, this cookie is not deleted by closing the browser, but expires after a certain time, unless you delete it manually beforehand.
By using Google Maps, information about your use of our website (including your IP address) may be transmitted to a Google server in the USA and stored there. Google may store this data as usage profiles for the purpose of tailoring its services, advertising and market research. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish this, you must log out beforehand.
If you do not agree to this processing of your information, you have the option of deactivating the Google Maps service. To do this, you must deactivate the Java Script function in your browser. However, this may also affect other functions of our website.
On our website, we use the services of the provider YouTube LLC, based in the USA ("YouTube"), a subsidiary of Google LLC. ("Google").
When you start a YouTube video on our website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. This information (including your IP address) may be transmitted to a Google server in the USA and stored there. If you are logged into your YouTube account at the same time, you enable YouTube to assign your surfing activities directly to your personal profile. You can prevent this by logging out of your YouTube account before visiting our website.
4.9 Social media presence
We maintain social media profiles on Facebook, Instagram and YouTube.
The data you enter on our social media profiles is published by the social media platform and is not used or processed by us for any other purpose at any time. However, we reserve the right to delete content if this should be necessary. We may communicate with you via the social media platform.
Be aware that the operator of the social media platform uses web tracking methods. The web tracking, over which we have no control, can also take place regardless of whether you are logged in or registered with the social media platform.
4.10 Links to third party websites
Some links on this website lead to third-party websites. These are no longer under the control of the hostettler. Hostettler therefore accepts no responsibility whatsoever for the accuracy, completeness and legality of the content contained therein and links to other websites, nor for any offers, products and services contained therein. The use of linked websites is at the user's own responsibility.
5 Data security
We take technical and organisational security measures to protect your personal data against manipulation, loss, destruction or against access by unauthorised persons.
Our security measures also include encryption of your personal data. All information that you enter online is transmitted via an encrypted transmission path. This means that this information cannot be viewed by unauthorised third parties at any time.
Our security measures are continuously improved in line with technological improvements.
Our employees and the service providers commissioned by us are obliged to maintain confidentiality and to comply with the provisions of data protection law. Furthermore, they are only granted access to your personal data to the extent necessary.
6 Your rights
In principle, you have the rights to information, correction, deletion, restriction, data portability, objection to processing and revocation of consent with regard to your personal data.
Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require it for the assertion of claims.
Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as the premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated.
If you believe that the processing of your personal data violates data protection law or that your data protection rights have been violated in any other way, you can also complain to the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC; https://www.edoeb.admin.ch/edoeb/en/home.html).
The exercise of your rights under data protection law generally requires that you clearly prove your identity (e.g. by means of a copy of your ID card where your identity is otherwise not clear or cannot be verified). To exercise your rights, please contact us using the contact details indicated in section 1.1.
05.05.2023, version 4.0