Privacy policy

This privacy policy provides information about the processing of personal data in connection with our activities and operations, including our website under the domain name qumea.com. We provide information, in particular, on why, how and where we process personal data. We also provide information about the rights of people whose data we process.

For individual or additional activities and operations, we may publish additional privacy policies or other information on data protection.

We are subject to Swiss data protection law and, where applicable, foreign data protection law, in particular that of the European Union (EU) with the European General Data Protection Regulation (GDPR).

The European Commission, in its decision of 26 July 2000, recognised that Swiss data protection law guarantees an adequate level of data protection. In its report [dated 15 January 2024], the European Commission confirmed this adequacy decision.

1. Contact addresses

Personal data controller:
QUMEA AG
Westbahnhofstrasse 3
4500 Solothurn, Switzerland
moc.aemuq@ofni

In individual cases, third parties may be controllers for the processing of personal data or there may be joint responsibility with third parties.

1.1 Data protection officer/data protection adviser

The following data protection officer is a point of contact for data subjects and authorities for enquiries relating to data protection:

Tanja Rölli
Westbahnhofstrasse 3
4500 Solothurn, Switzerland
moc.aemuq@illeor.ajnat

1.2 Data protection representative in the European Economic Area (EEA)

The following data protection representative pursuant to Art. 27 GDPR is available to us:

QUMEA GmbH
Franz-Volhard-Strasse 5
68167 Mannheim, Germany
moc.aemuq@ofni

The data protection representative serves as an additional point of contact for data subjects and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) for queries relating to GDPR.

2. Terms and legal bases

2.1 Terms

  • Data subject: natural person whose personal data we process.
  • Personal data: all information relating to an identified or identifiable natural person.
  • Particularly sensitive personal data: data concerning trade union, political, religious or ideological views and activities, data concerning health, private life or the ethnic or racial origin of individuals, genetic data, biometric data that uniquely identify a natural person, data on criminal and administrative sanctions or proceedings, and data on social assistance measures.
  • Processing: any handling of personal data, regardless of the means and procedures used, for example, querying, comparing, adapting, archiving, storing, retrieving, disclosing, procuring, recording, collecting, deleting, publishing, organising, saving, modifying, distributing, linking, destroying and using personal data.

European Economic Area (EEA): Member States of the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway.

2.2 Legal bases

We process personal data in accordance with Swiss data protection law, in particular, the Federal Act on Data Protection (FADP) and the Data Protection Ordinance (DSV).

We process personal data or personal information in accordance with at least one of the following legal bases, provided that and to the extent that the European General Data Protection Regulation (GDPR) applies:

  • Art. 6(1)(b) GDPR for the necessary processing of personal data for the performance of a contract with the data subject and for the implementation of pre-contractual measures.
  • Art. 6(1)(f) GDPR for the necessary processing of personal data to safeguard legitimate interests — including the legitimate interests of third parties — unless the fundamental freedoms and rights and interests of the data subject prevail. Such interests include, in particular, the long-term, people-oriented, secure and reliable performance of our activities and operations, the safeguarding of information security, protection against misuse, the enforcement of our own legal claims and compliance with Swiss law.
  • Art. 6(1)(c) GDPR for the necessary processing of personal data to fulfil a legal obligation to which we are subject under the applicable law of Member States of the European Economic Area (EEA).
  • Art. 6(1)(e) GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
  • Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
  • Art. 9(2)(f) GDPR for the processing of special categories of personal data, in particular, with the consent of the data subjects.

The European General Data Protection Regulation (GDPR) defines the processing of personal data as the processing of personal data, and the processing of sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR).

3. Nature, scope and purpose of personal data processing

We process the personal data required for us to carry out our activities and operations in a sustainable, people-oriented, secure and reliable manner. The personal data can be categorised primarily into browser and device data, content data, communication data, meta data, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities and operations, provided that such processing is permitted for legal reasons.

We process personal data, where necessary, with the consent of the persons concerned. In many cases, we may process personal data without consent, for example, to fulfil legal obligations or to protect overriding interests. We may also ask data subjects for their consent if their consent is not required.

We process personal data for the period necessary for the respective purpose. In particular, we anonymise or delete personal data in accordance with statutory retention and limitation periods.

4. Disclosure of personal data

We may disclose personal data to third parties, have it processed by third parties or process it jointly with third parties. These third parties include, in particular, specialised providers whose services we use.

We may disclose personal data to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and economic information agencies, logistics and shipping companies, marketing and advertising agencies, media, organisations and associations, social institutions, telecommunications companies and insurance companies, for example.

5. Communication

We process personal data in order to communicate with third parties. Within this context, we process, in particular, data that a data subject provides when contacting us, for example, by post or email. We may store such data in an address book or using similar tools.

Third parties who transfer data about other persons are obliged to guarantee data protection to these persons. To this end, the accuracy of the personal data transferred must be ensured, among other things.

6. Applications

We process personal data relating to applicants to the extent that this is necessary for assessing their suitability for employment or for the subsequent execution of an employment contract. The personal data required is derived in particular from the information requested, for example, in the context of a job advertisement. We may publish job advertisements with the help of appropriate third parties, for example, in electronic and print media, or on job portals and job platforms.

We also process the personal data that applicants voluntarily provide or publish, in particular, as part of cover letters, CVs and other application documents, as well as online profiles. We process personal data relating to applicants in particular in accordance with Art. 9(2)(b) of the General Data Protection Regulation (GDPR), insofar as and to the extent that the GDPR applies.

7. Data security

We take appropriate technical and organisational measures to ensure data security adequate to the respective risk. With our measures, we ensure, in particular, the confidentiality, availability, traceability and integrity of the personal data processed, without however being able to guarantee absolute data security.

Access to our website and our other online presence is secured by transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, referred to as HTTPS). Most browsers warn against visiting websites without transport encryption.

Like all digital communication, our digital communication is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We have no direct influence on the processing of personal data by secret services, police agencies and other security authorities. We also cannot rule out the possibility of a data subject being deliberately monitored.

8. Personal data abroad

We process personal data exclusively in Switzerland and within the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular, for processing or to be processed there.

We may export personal data to any country around the world or elsewhere in the universe, provided that the local law guarantees adequate data protection in accordance with the provisions of the Swiss Federal Council and, if and to the extent that the General Data Protection Regulation (GDPR) applies, in accordance with adequacy decisions of the European Commission.

We may transfer personal data to countries whose laws do not guarantee adequate data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, for example, the express consent of the data subjects or a direct connection with the conclusion or fulfilment of a contract. Upon request, we will gladly provide data subjects with information about any guarantees or supply a copy of any guarantees.

9. Rights of data subjects

9.1 Data protection rights

We grant data subjects all rights in accordance with applicable data protection law. Data subjects have the following rights in particular:

  • Information: data subjects may request information about whether we process personal data about them and, if so, what personal data is involved. Data subjects shall also receive the information necessary to enable them to assert their data protection rights and to ensure transparency. This includes the personal data processed as such, but also information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
  • Correction and restriction: data subjects may correct inaccurate personal data, complete incomplete data and restrict the processing of their data.
  • Deletion and objection: data subjects may have personal data deleted (‘right to be forgotten’) and object to the processing of their data with future effect.
  • Data release and data transfer: data subjects may request the disclosure of personal data or the transfer of their data to another controller.

We may defer, restrict or deny the exercise of the rights of data subjects within the legally permissible scope. We can inform data subjects of any conditions that must be met in order to exercise their data protection rights. For example, we may refuse to provide information in whole or in part on the grounds of confidentiality obligations, overriding interests or the protection of other persons. We may also refuse to delete personal data in whole or in part, in particular with reference to statutory retention obligations.

We may charge a fee for exercising these rights in exceptional cases. We will inform the persons concerned in advance of any costs.

We are obliged to take appropriate measures to identify data subjects requesting information or asserting other rights. Data subjects are obliged to cooperate.

9.2 Legal protection

Data subjects have the right to enforce their data protection claims through legal channels or to lodge a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European Data Protection Supervisory Authorities are members of the European Data Protection Board (EDPB). In some Member States of the European Economic Area (EEA), data protection supervisory authorities are organised along federal lines, particularly in Germany.

10. Use of the website

10.1 Cookies

10.2 Logging

We can log at least the following information for whenever someone accesses our website and other online presence, provided that this information is transmitted to our digital infrastructure: Date and time including time zone, IP address, access status (HTTP status code), operating systems including user interface and version, browser including language and version, individual website sub-pages accessed including the amount of data transferred, the last website visited in the same browser window (referrer).

We record such information, which may also constitute personal data, in log files. The information is necessary to ensure that our online presence is permanent, people-oriented and reliable. The information is also necessary to ensure data security — also by third parties or with the help of third parties.

10.3 Tracking pixels

We may integrate tracking pixels into our online presence. Tracking pixels are also known as web beacons. Tracking pixels–including those of third parties whose services we use are usually small, invisible images or scripts formulated in JavaScript that are automatically retrieved when accessing our online presence. Tracking pixels may record at least the same information as log files.

11. Notifications and messages

11.1 Performance and reach measurement

Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked on. Such web links and tracking pixels may also collect information about the use of notifications and messages, including personal information. This statistical recording of usage is necessary for measuring performance and reach in order to be able to send notifications and messages effectively and in a people-oriented manner, as well as permanently, securely and reliably, based on the needs and reading habits of the recipients.

11.2 Consent and objection

You must consent to the use of your email address and other contact details, unless the use is permissible for other legal reasons. We may use the ‘double opt-in’ procedure to obtain double confirmation of consent. In this case, you will receive a message with instructions for double confirmation. We may log the consent obtained, including the IP address and time stamp, for evidence and security reasons.

You can object to receiving notifications and communications such as newsletters at any time. At the same time, you can also object to the statistical collection of usage data for the purpose of measuring performance and reach. We reserve the right to send you any notifications and communications required in connection with our activities and operations.

12. Social media

We are present on social media platforms and other online platforms, so that we can communicate with interested parties and provide information about our activities and work. For such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA). The general terms and conditions (GTC) and terms of use, as well as data protection declarations and other provisions of the individual operators of such platforms, also apply. These provisions provide information in particular about the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right to information.

13. Third-party services

We use the services of specialised third parties to ensure that our activities and operations are carried out in a sustainable, people-oriented, safe and reliable manner. These services enable us, among other things, to embed functions and content into our website. When embedded in this way, the services used collect the IP addresses of users at least temporarily for technical reasons.

For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymised or pseudonymised form. This includes, for example, performance or usage data required to provide the respective service.

13.1 Digital infrastructure

We use the services of specialised third parties so that we can use the digital infrastructure required in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.

In particular, we use:

13.2 Online collaboration

We use third-party services to enable online collaboration. In addition to this Privacy Policy, any terms and conditions of the services used, such as terms of use or privacy policies, which are directly visible, also apply.

In particular, we use:

13.3 Social media features and social media content

We use third-party services and plugins to embed functions and content from social media platforms and to enable content to be shared on social media platforms and by other means.

In particular, we use:

13.4 Maps

We use third-party services to embed maps in our website.

13.5 Digital content

We use specialised third-party services to integrate digital content into our website. Digital content includes, in particular, image and video material, music and podcasts.

13.6 Advertising

We take advantage of the opportunity to display targeted advertising for our activities and services on third-party websites, such as social media platforms and search engines.

With such advertising, we aim to reach people who are already interested in our activities and services or who may be interested in them (remarketing and targeting). For this purpose, we may transfer relevant information, including personal data, to third parties who enable such advertising. We can also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).

Third parties with whom we engage and with whom you are registered as a user may be able to associate the use of our website with your profile there.

14. Extensions for the website

We use extensions for our website to take advantage of additional features. We may use selected services from suitable providers or use such extensions on our own digital infrastructure.

  • Google reCAPTCHA spam protection (distinction between content that people want and unwanted content from bots and spam); provider: Google; Google’s CAPTCHA-specific information: What is reCAPTCHA?.

15. Performance and reach measurement

We try to measure the performance and reach of our activities and actions. In this context, we may also measure the impact of third-party information or check how different parts or versions of our online offering are used (A/B testing method). Based on the results of the success and reach measurement, we can correct errors, strengthen popular content or make improvements.

In most cases, the IP addresses of individual users are collected to measure performance and reach. In this case, IP addresses are always shortened (‘IP masking’) in order to comply with the principle of data minimisation through appropriate pseudonymisation.

Cookies may be used to measure performance and reach, and user profiles may be created. The user profiles created may include, for example, the individual pages visited or content viewed on our website, information about the size of the screen or browser window, and the location (at least approximately). As a matter of principle, any user profiles are created exclusively in pseudonymised form and are not used to identify individual users. Individual services provided by third parties to which users are registered may, in some cases, link the use of our online offering to the user account or user profile with the respective service.

16. Concluding information on the Privacy Policy

We have created this privacy policy using the privacy policy generator provided by Datenschutz-partner.

We may update this Privacy Policy at any time. We will inform you of any updates in an appropriate manner, in particular by publishing the current privacy policy on our website.