We get your products intact around the world: perfectly protected and safely packaged. ABENA AG - your partner for foam packaging solutions.

Privacy Policy of DT & RT Holding AG

Version from 01.11.2024

In this Privacy Policy, we, DT & RT Holding AG and its subsidiaries elsa Schweiz AG, Abena Schaumstoff AG, and DT & RT Immobilien AG (hereinafter collectively referred to as DT & RT, shareholder group, we, or us), explain how we collect and otherwise process personal data. This is not an exhaustive description; other data protection declarations or general terms and conditions, conditions of participation, and similar documents may govern specific matters. Personal data refers to all information relating to an identified or identifiable person.

If you provide us with the personal data of other persons (e.g., family members, data of work colleagues), please ensure that these persons are aware of this privacy policy and only provide us with their personal data if you are authorized to do so and if this personal data is correct.

This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation (‘GDPR’), the Swiss Data Protection Act (‘DPA’), and the revised Swiss Data Protection Act (‘revDSG’). However, whether and to what extent these laws are applicable depends on the individual case.

1. Controller / Data Protection Officer / Representative

DT & RT Holding AG (Meierhofweg 5, 6032 Emmen) is responsible for the data processing described here, unless otherwise stated in individual cases. If you have any data protection concerns, you can send them to us at the following contact address, for all Group companies (if possible, please specify which company you are referring to):
Daniele Thöny, daniele.thoeny@elsaschweiz.ch

2. Collection and Processing of Personal Data

We primarily process the personal data that we receive from our customers and other business partners as part of our business relationship with them and other persons involved or that we collect from their users when operating our website.

Where permitted, we also obtain certain data from publicly accessible sources (e.g., debt collection registers, land registers, commercial registers, press, Internet) or receive such data from other companies within the shareholder group, from authorities, and other third parties (e.g., credit agencies, address dealers). In addition to the data that you provide to us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and legal proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, creditworthiness information (insofar as we process transactions with you personally), information about you that people from your environment (family, advisors, legal representatives, etc.) provide to us so that we can conclude or process contracts with you or with your involvement (e.g., references, your address for deliveries, full names and addresses). References, your address for deliveries, powers of attorney, information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales, and other contractual partners of ours on the utilization or provision of services by you (e.g., payments made, purchases made), information from the media and the Internet about your person (insofar as this is appropriate in the specific case, e.g., in the context of a job application, press releases, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g., IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location data).

3. Purposes of Data Processing and Legal Bases

We primarily use the personal data we collect to conclude and execute our contracts with our customers and business partners, particularly in the context of selling mattresses, pillows, etc., selling specially manufactured foam products, as well as in the context of selling, purchasing, renting, or leasing real estate and all related transactions with our customers. At the same time, we use the personal data we collect when purchasing products and services from our suppliers and subcontractors, as well as to comply with our legal obligations domestically and abroad. If you work for such a customer or business partner, your personal data may also be affected in this capacity.

In addition, we process personal data about you and other persons, where permitted and as deemed appropriate, for the following purposes, in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

If you have given us consent to process your personal data for specific purposes (e.g., when registering to receive newsletters or conducting a background check), we process your personal data within the scope of and based on this consent, provided we have no other legal basis and require one. Consent can be withdrawn at any time, but this does not affect data processing already carried out.

4. Cookies / Tracking and Other Technologies Related to Website Use

We typically use "cookies" and similar technologies on our website (www.abena.ch) to identify your browser or device. A cookie is a small file sent to your computer or automatically stored by your web browser on your computer or mobile device when you visit our website. When you revisit this website, we can recognize you, even if we do not know who you are. In addition to session cookies, which are deleted after your visit, we may use permanent cookies to save user settings and other information for a certain period (e.g., two years). You can configure your browser to reject cookies, save them only for a session, or delete them prematurely. Most browsers are preset to accept cookies. We use permanent cookies to save user settings (e.g., cookie banners), better understand how you use our offers and content, and display tailored offers and advertising to you (which may also occur on other companies' websites). Some cookies are set by us, and some by our partners. Blocking cookies may result in certain functionalities (e.g., language selection, shopping cart, order processes) no longer working.

We also include visible and invisible image elements in our newsletters and other marketing emails, where permitted, to determine whether and when you opened the email. This helps us measure and better understand how you use our offers and tailor them to you. You can block this in your email program; most are preset to do so.

By using our website and consenting to receive newsletters and other marketing emails, you agree to the use of these technologies. If you do not want this, you must configure your browser or email program accordingly.

If Google Analytics or other statistical services are used, and no personal data (e.g., email addresses) is transmitted:

We sometimes use Google Analytics or similar services on our websites. This is a service provided by third parties located anywhere in the world (in the case of Google Analytics, it is Google Ireland, based in Ireland, which relies on Google LLC, based in the USA, as a processor). These services allow us to measure and evaluate website usage (non-personally identifiable). Permanent cookies set by the service provider are also used for this purpose. We have configured the service so that visitors' IP addresses are truncated by Google in Europe before being forwarded to the USA, making them untraceable. We have disabled the "data sharing" and "signals" settings. Although we assume that the information we share with Google does not constitute personal data for Google, it is possible that Google may draw conclusions about the identity of visitors, create personal profiles, and link this data to Google accounts. If you are registered with the service provider, the service provider knows you. The processing of your personal data by the service provider is then the responsibility of the service provider under its privacy policy. The service provider only informs us about how our website is used (no personal information about you).

5. Data Disclosure and Data Transfer Abroad

We disclose personal data to third parties as part of our business activities and for the purposes outlined in Section 3, where permitted and deemed appropriate. This includes:

These recipients are generally located domestically but may, in rare cases, be located anywhere in the world. Primarily, these are countries in Europe and the USA, where our service providers (e.g., Microsoft) are located.

If a recipient is located in a country without adequate legal data protection, we contractually obligate the recipient to comply with applicable data protection (using the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), unless the recipient is already subject to a legally recognized framework to ensure data protection, or we can rely on an exception. Exceptions may apply, particularly in the case of legal proceedings abroad, overriding public interests, or if contract execution requires such disclosure, if you have consented, or if it concerns data you have made generally accessible and not objected to processing.

6. Duration of Personal Data Retention

We process and store your personal data as long as necessary to fulfill our contractual and legal obligations or for the purposes pursued with the processing, i.e., for the duration of the entire business relationship (from initiation and execution to termination of a contract) and beyond in accordance with legal retention and documentation obligations. Personal data may also be retained for the period during which claims can be made against our company and as long as we are otherwise legally obligated or have legitimate business interests (e.g., for evidence and documentation purposes). Once your personal data is no longer required for the above purposes, it is generally deleted or anonymized. Operational data (e.g., system logs) is subject to shorter retention periods, typically twelve months or less.

7. Data Security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, and monitoring.

8. Obligation to Provide Personal Data

As part of our business relationship, you must provide the personal data necessary to establish and conduct a business relationship and fulfill the associated contractual obligations (you are generally not legally obligated to provide us with data). Without this data, we will usually not be able to conclude or execute a contract with you (or the entity or person you represent). The website also cannot be used if certain information required to ensure data traffic (e.g., IP address) is not disclosed.

9. Rights of the Data Subject

Under applicable data protection law and to the extent provided therein (e.g., in the case of the GDPR), you have the right to access, rectify, delete, restrict data processing, object to our data processing, and request the transfer of certain personal data to another entity (data portability). Please note that we reserve the right to enforce the legally provided restrictions, such as when we are obligated to retain or process certain data, have an overriding interest (to the extent we may rely on it), or need the data to assert claims. If costs arise for you, we will inform you in advance. We have already informed you about the possibility of withdrawing your consent in Section 3. Please note that exercising these rights may conflict with contractual agreements and result in consequences such as early termination of the contract or costs. We will inform you in advance if this is not already contractually regulated.

Exercising such rights generally requires you to clearly prove your identity (e.g., by providing a copy of your ID if your identity is not otherwise clear or verifiable). To assert your rights, you can contact us at the address provided in Section 1.

Every data subject also has the right to enforce their claims in court or file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch).

10. Changes

We may amend this Privacy Policy at any time without prior notice. The current version published on our website applies. If the Privacy Policy is part of an agreement with you, we will inform you of any updates by email or other appropriate means.