Privacy policy
Welcome to our website and thank you for your interest in our company. To put you at ease about the handling of your personal data, we aim to be transparent about the processing of collected information and the security measures we implement. The purpose of this document is also to inform you about your legal rights in connection with the processing of this data.
We are committed to handling your personal data responsibly. Consequently, we consider it essential to comply with the legal requirements of the Swiss Federal Act on Data Protection (FADP), the related ordinance and other applicable data protection laws and regulations, especially the provisions of the EU General Data Protection Regulation (GDPR) and the Personal Information Protection Law of the People’s Republic of China (PIPL).
The purpose of this privacy policy is to inform you about the most important aspects of data processing in our company. This privacy policy applies to the processing of your personal data (hereinafter also referred to as "your data"), both online and offline, including data we have obtained from individuals through various sources (websites, mobile apps, social media, customers, suppliers, and business partners).
At the beginning, you will find our overview "Data protection: executive summary", which is intended to give you a brief overview of the key points of our data processing. This is then followed by more detailed information.
We would like to point out that this privacy policy does not provide a comprehensive description of our data processing and that specific privacy policies or general terms and conditions may regulate individual matters in whole or in part (with or without reference in this privacy policy).
1 Contacts
1.1 Name and address of the controller
JURA Elektroapparate AG
Kaffeeweltstrasse 10
4626 Niederbuchsiten
Switzerland
Email: dataprivacy@jura.com
1.2 Name and address of the representative
Swiss Infosec (Germany) GmbH
Unter den Linden 24
10117 Berlin
Germany
jura.dataprivacy@swissinfosec.de
1.3 Name and address of the representative within the territory of the People’s Republic of China
JURA China Co., Ltd.
Unit 03A, Floor 21A,
333 Tianyaoqiao Road,
Xuhui
201100 Shanghai
China
Phone: +86 21 54667328
Email: service-cn@jura.com
2 Data protection: executive summary
Below we will inform you in a condensed form about the key points of our data processing. This is then followed by more detailed information.
2.1 Processed personal data
We use personal data you provide to us, we collect about you or that we receive from third parties. The most important categories include:
- Contact and identification data
- Personal Information
- Contract data
- Financial data
- Interaction and usage data
- Website information
2.2 Purposes of processing
We primarily process personal data to fulfil our legal and contractual obligations.
2.3 Disclosure to third parties
While we are required and sometimes obliged to transmit certain data to specific third parties as part of our business activities, we will never sell your data.
2.4 Place of processing
We generally process personal data in Switzerland or in an EU/EEA country or in another country that has adequate data protection.
3 Data protection in detail
3.1 Personal data we process
JURA processes various types of personal data, including but not limited to data:
- we receive as part of our business relationships from customers, future customers, prospective customers, service providers, suppliers, business partners or other persons involved in the business relationship;
- we receive from job applicants;
- we are legally or contractually obliged to collect;
- we collect when you use our website;
- we receive from authorities and other third parties (list brokers, credit reporting agencies).
Depending on the nature of the relationship, we process personal data from you such as:
- Contact and identification data such as last name, first name, address, email address, telephone number;
- Personal information such as gender, nationality, language;
- Customer account information such as username, password, account number;
- Contract data such as contract type, contract content, type of products and services, order data;
- Financial data such as account information, payment information, payment history, average revenue, credit scoring data;
- Telecommunications metadata such as telephone number, date, time and duration of the connection, connection type, location data, IP address, device identification numbers such as a MAC address;
- Interaction and usage data: correspondence, preferences and target group information, device type, device settings, operating system, software, information related to the exercise of rights;
- Documents and special information for job applications: cover letters, CV and photos, job references, diplomas, proof of training, references from third parties, meeting notes;
Website information: IP address, cookie information, browser settings, frequency of visits to the website, duration of visits to the website, search terms, clicks on content, originating website.
For data subject within the territory of the People’s Republic of China, prior to the handling of sensitive personal information of an individual (including such information as biometric identification, religious belief, specific identity, medical health, financial account and whereabouts and tracks, as well as the personal information of minors under the age of 14), we will obtain your separate consent, and inform you of the necessity of handling your sensitive personal information and the impact on your personal rights and interests, except for the circumstances that may be exempted from informing you of such information in accordance with applicable laws.
3.2 Purposes for which we process personal data and legal basis for the processing
We use the personal data we collect primarily to conclude and process contracts with our customers and business partners.
We also rely on the processing of personal data to purchase products and services from our suppliers and subcontractors. If you work for a customer or business partner, this may involve the processing of your personal data.
In addition, we process personal data from you and other persons, to the extent permitted and deemed appropriate, for the following purposes, where we (and sometimes third parties) have a legitimate interest aligned with the respective purpose:
- Offering and enhancing our products, services, and online platforms where we are present (such as the online shop, customer accounts, seminars, and the online academy);
- Communication and processing of inquiries (e.g. using contact forms, JURA Live, email, telephone, job applications, media inquiries);
- Advertising and marketing (including the organisation of events and competitions), provided you have given consent or not objected to the use of your data (you can always opt-out from receiving advertising if you are an existing customer).
- Market research, media monitoring;
- Exercise of legal claims and defence in connection with legal disputes and official proceedings;
- Prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analyses to combat fraud);
- Guarantees of our operations, in particular, IT, our website and other platforms.
3.3 Third parties to whom we disclose personal data
We regularly use the following as the legal basis for processing your personal data:
- your consent or the consent of an authorised person, which you can withdraw at any time by email or by post to the (email) address specified in Section 1.1 (e.g. to subscribe to our newsletter); this will not affect the lawfulness of processing based on consent before its withdrawal;
- the conclusion or performance of a contract with you or your request to do so in advance (for example, by purchasing products from us);
- overriding legitimate interests (for example, to ensure information security or in marketing), which you can object to under certain circumstances;
- a legal obligation (e.g. our retention of accounting-relevant documents), which can also be based on an overriding legitimate interest.
We also disclose personal data to third parties as part of our business activities and for the purposes mentioned above, to the extent permitted and appropriate, either because they process the data on our behalf (data processing arrangement) or because they wish to use the data for their own purposes (data disclosure) or if you have given us your consent to do so. These third parties include:
- Service providers, including processors;
- IT service providers (e.g. web hosting providers, email delivery service providers, online tools);
- Suppliers;
- JURA group companies (see company and legal information);
- Commercial partners, such as distributors;
- Marketing service providers;
- Authorities;
- Banks and payment service providers;
- Public authorities and courts.
Where we use processors to provide our services, we will take appropriate legal, technical and organisational measures to protect personal data in accordance with applicable laws and regulations.
Some of the recipients are based in Germany, but some are also located abroad. In particular, you must expect your data to be transferred to other countries in Europe and the USA, where some of the IT service providers we use are located. If we transfer data to a country that does not have an adequate legal level of data protection (such as the USA), we require that the recipient takes appropriate measures to protect personal data (e.g. by agreeing to EU standard clauses, current version available here, other arrangements or based on legitimate grounds).
3.4 Duration of data processing
We process personal data as long as it is necessary to fulfil our contractual obligations or otherwise for the purposes pursued by the processing, for example for the duration of the entire business relationship (from the initiation, processing to termination of a contract) and beyond in accordance with legal retention and documentation obligations. It is possible for personal data to be retained for the period in which claims can be asserted against us and to the extent that we are otherwise legally obliged to do so or legitimate interests require this (e.g. for evidentiary and documentation purposes). As soon as your personal data are no longer required for the purposes mentioned above, the data will erased or anonymised.
In addition, we will erase your data if you request us to do so using the email address listed in Section 1.1, provided that we do not have a legal or other obligation to retain or secure this data.
4 Visits to our website
As a rule, you can use our website without having to provide specific information about yourself. This excludes areas and services that naturally require your name, address or other personal data.
You can also contact us on a voluntary basis using email or online forms. In the process, personal data is collected and transmitted to us. You can find out which data this is from the relevant entry form. The data you provide will be stored by us for the purpose of processing or contacting you.
4.1 Server log files
When you visit our website, our servers temporarily save every access in log files, known as server log files.
For example, what is recorded is your IP address, the date and time of your visit, the name and URL of the data accessed, the operating system of your computer and the browser you use, as well as other similar information that serves to avert danger in the event of attacks on our information technology systems.
The processing of this information is in our legitimate interest and has the purpose of correctly displaying our website and its content and offers to you and ensuring data traffic, optimizing our website, content and offers, ensuring the long-term stability and security of our website and systems and to enable the investigation, defense and prosecution of cyber attacks, spam and other illegal activities in relation to our website and systems and to enforce claims in this regard.
To host the website, we may use the services of third parties at home and abroad who carry out the above-mentioned processing on our behalf. Our websites are currently hosted by Swiss or European hosting providers and on servers in Switzerland or the EEA.
4.2 Inquiries and contact form
You can contact us on our website using online forms. You can find out which of your personal data we collect from the online form you can use to contact us. As a rule, this involves contact details such as last name, email address and query-related information such as the topic and description of your request.
The notification of fields marked as mandatory serves to process your concerns and, if necessary, forward them to another market. We process the information you provide voluntarily in order to provide you with targeted information.
The legal basis for processing your personal data is our legitimate interest in processing your request. If the purpose of making contact is the performance of a contract to which you are a party or to implement pre-contractual measures, this represents an additional legal basis for processing your data.
Until the matter has been finally clarified, you have the opportunity to object to this data processing at any time. Please send your objection to the email address listed in Section 1.1.
4.3 Online Academy
On our website you have the option of accessing the Online Academy after registering in advance and receiving a confirmation email with your access data. On the portal you will find training videos and multiple choice tests on topics relevant to JURA such as products, coffee, compliance, to name just a few.
When using the portal, we process the following categories of personal data, such as last login, last view, solved tests in % of total possible tests or the number of video views and/or how long you played a video in total.
We collect and use your personal data only to the extent necessary to enable the use of our learning portal and for the analysis, optimization and economic operation of our learning portal.
The legal basis for processing your personal data is our legitimate interest in this service. If the use of the portal serves to fulfil a contract to which you are a party or to carry out pre-contractual measures, this is an additional legal basis for the processing of the data.
The sole purpose of processing your data is to provide the learning portal. There is no merging with other data.
4.4 Cookies
Our website uses cookies. Cookies are small text files that are stored and stored on your device (laptop, tablet, smartphone, etc.) using the browser. They serve to make our website more user-friendly and effective overall and to make your visit to our website as pleasant as possible. Cookies do not cause any damage to your device. They cannot run programs and do not contain viruses.
Most cookies we use are session cookies. These are automatically deleted when you log out or close the browser. Other cookies remain stored on your computer beyond the respective usage process and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit. Where we store other types of cookies (such as those used to analyse your browsing patterns) we will discuss this separately in this privacy policy.
The basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you agree to the use of cookies, the basis for processing your data is your consent. Otherwise, the personal data processed using cookies will be processed based on our legitimate interests (e.g. in optimizing our services and offers or protecting against spam and cyber attacks) or if the use of cookies is necessary to fulfil our contractual obligations.
You can set up your browser so that it informs you about the setting of cookies and you only allow the acceptance of cookies for certain cases in individual cases or generally exclude them. However, we would like to draw your attention to the fact that a general exclusion of cookies can lead to functional restrictions on our online offering. You can also delete cookies that have already been set at any time in the browser you are using or set it so that cookies are automatically deleted when it is closed.
4.5 Google services
On our website we use various services from Google LLC, based in the USA, or if you have your habitual residence in the European Economic Area (EEA) or Switzerland, Google Ireland Ltd., based in Ireland ("Google"). Google LLC is always responsible for the processing of personal data when using "YouTube" and "Google Maps/Google Earth". We use the following Google services on our websites:
- Google Tag Manager
- Google Analytics
Further information about the individual services can be found below.
Google uses technologies such as cookies, web storage in the browser and web beacons that enable analysis of your use of our website. The information generated in this way about your use of our website can be transmitted to a Google server in the USA or other countries and stored there. Information about Google Data Center locations can be found here.
We use tools provided by Google, which Google says may process personal data in countries where Google or its subcontractors maintain facilities. In its "Data Processing Addendum for Products where Google is a Data Processor," Google promises to ensure an adequate level of data protection by relying on the EU standard contractual clauses.
In addition, Google remains certified under the EU-US and Swiss-US Privacy Shield agreements.
For more information on processing by Google and privacy settings, please refer to Google's privacy policy or privacy settings.
4.5.1 Google Tag Manager
Our website uses Google Tag Manager. With Google Tag Manager, website tags can be managed efficiently. Website tags are placeholders that are stored in the source code of the respective website, for example to record the integration of frequently used website elements, such as code for web analysis services. The Google Tag Manager is an auxiliary service and only processes personal data for technical purposes and ensures that other tags are triggered, which in turn may collect data. This data is not accessed by Google Tag Manager. If users have opted-out at the domain or cookie levels, they will stay opted-out for all of the tracking tags deployed using Google Tag Manager.
Further information about the Google Tag Manager can be found in the Google help section, the Google Tag Manager terms of use and Google's privacy policy.
4.5.2 Google Analytics
Based on your consent, which you can withdraw at any time in the cookie settings, we use the website analysis service Google Analytics 4 for the purpose of analysing our website and its visitors as well as for marketing and advertising purposes.
Google Analytics uses cookies that are stored on your device (laptop, tablet, smartphone, etc.) and enable your use of our website to be analysed. This allows us to evaluate usage behaviour on our website and use the statistics/reports obtained to make our offering more interesting.
In Google Analytics 4, the anonymization of IP addresses is activated by default. This means that your IP address will be shortened by Google within Switzerland or the EU/EEA before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server and truncated there.
Google uses this information to analyse your usage of our website, generate reports about activities on this website for the website operators and to provide additional services related to the use of this website and the internet. According to Google, Google will not associate your IP address transmitted by your browser with any other data held by Google. When you visit our website, your user behaviour is recorded in the form of events (such as page views, interaction with the website or your "click path") as well as other data such as your approximate location (country and city), technical information about your browser and the devices you use or the referrer URL, i.e. through which website/advertising material you came you came to our website).
The data collected using Google Analytics is automatically deleted after 14 months.
You can prevent the collection and transmission of the data generated by the cookie and related to your use of our website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on to opt out from Google Analytics or by not giving your consent in the cookie settings. If you wish to object to interest-based advertising by Google, you can use the settings and opt-out options provided by Google.
You can find an overview of data usage in Google Analytics and the measures taken by Google to protect your data at Google Analytics Help.
Further information on the terms of use of Google Analytics and on data protection at Google can be found in the relevant documents.
5 Social media presence
We maintain social media profiles on Facebook, Instagram, YouTube and LinkedIn.
The data you enter on our social media profiles will be published by the social media platform and will not be used or processed by us for any other purposes at any time. However, we reserve the right to delete content if this is necessary. If necessary, we will communicate with you through the social media platform.
Be aware that the operator of the social media platform uses web tracking methods. Web tracking, over which we have no influence, can also occur regardless of whether you are logged in or registered with the social media platform.
More detailed information on data processing by the provider of the social media platform can be found in the privacy policy of the respective provider:
6. Your rights
You have the right, under applicable data protection laws and to the extent provided therein (such as in the case of the GDPR, the PIPL), to information, rectification, erasure, restriction of data processing, and to object to our data processing, especially for purposes of direct marketing, profiling carried out for direct advertising purposes, and other legitimate interests in processing, as well as the right to receive certain personal data for transfer to another controller (known as data portability).
Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (to the extent that we are entitled to rely on this) or use them for the assertion of requirements. If you incur any costs, we will inform you in advance. We have already provided information about the possibility of revoking your consent in Sections 3 and 4.3. Please note that exercising these rights may conflict with contractual agreements and this may have consequences such as early termination of the contract or cost implications. We will inform you in advance if this is not already contractually stipulated.
The exercise of such rights generally requires that you provide clear proof of your identity (e.g. by providing a copy of your ID, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in Section 1.1.
Every data subject also has the right to enforce their claims in court or to lodge a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
For data subject within the territory of the People’s Republic of China, the responsible data protection authority also includes Cyberspace Administration of China and relevant departments of local people’s governments at or above the county level.
7 Data security
We take technical and organizational measures to protect your personal data against manipulation, loss, destruction or access by unauthorised persons and to ensure the protection of your rights and compliance with the applicable data protection regulations.
The measures taken are intended to ensure the confidentiality and integrity of your data and to ensure the long-term availability and resilience of our systems and services when processing your data. They are also intended to ensure the rapid restoration of the availability of personal data and access to them in the event of a physical or technical incident.
Our security measures also include encryption of your data. Data traffic through this JURA website is encrypted using HTTPS. This means that all information that you enter online is transmitted through an encrypted transmission path. This means that this information cannot be viewed by unauthorised third parties at any time.
Our data processing and security measures are continually improved in line with technological developments.
We also take our own internal company data protection very seriously. Our employees and any service providers we engage are subject to a duty of professional secrecy and are obliged to comply with data protection laws and regulations. Furthermore, access to personal data is only granted to the extent they need it to fulfil their duties.
8 Use of the website by minors
The website is aimed at an adult audience. Minors, especially children under the age of 16, are prohibited from transmitting personal data to us or registering for a service without the consent of their parents or legal guardians. If we discover that such data has been transmitted to us, it will be deleted from our database. The child's parents (or legal representatives) can contact us and request deletion or deregistration. To do this, we need a copy of an official document that identifies you as a parent or legal guardian.
9 Links to websites of other providers
Our website also contains links to the websites of partners and authorised JURA specialist dealers. If there are links to websites of other providers, we have no influence on their content. Therefore, we cannot accept any responsibility or liability for this content. The respective provider or operator of these sites is always responsible for their content. The linked pages were checked for potential legal violations and identifiable infringements at the time the links to these websites were created. At that time, we were not aware of any illegal content on these external websites. At the same time, it is not reasonable to expect us to monitor the content of linked pages on a continuous basis without concrete evidence of a violation of the law. As soon as we become aware of any infringements of the law, we will remove such links immediately.