Privacy Policy
With this Privacy Policy, we inform you about the processing of personal data in connection with our activities and operations, including our website under the domain name www.headsforexcellence.com. In particular, we explain for what purposes, how, and where we process which personal data. We also inform you about the rights of individuals whose data we process.
For individual or additional activities and operations, we may publish further privacy statements or other information on data protection.
We are subject to Swiss law as well as, where applicable, foreign law, in particular the law of the European Union (EU) with the General Data Protection Regulation (GDPR).
By decision of 26 July 2000, the European Commission recognized that Swiss data protection law ensures an adequate level of data protection. In its report of 15 January 2024, the European Commission confirmed this adequacy decision.
1. Contact Addresses
The party responsible within the meaning of data protection law is:
Svenja Reinhard-Schlauderaff
Heads for Excellence GmbH
Via Cornonscello 1
6944 Cureglia
Switzerland
📧 info@headsforexcellence.com
In individual cases, third parties may be responsible for the processing of personal data, or joint responsibility may exist with third parties. Upon request, we will gladly provide data subjects with information about the respective responsibility.
Data Protection Representative in the European Economic Area (EEA)
We have appointed the following data protection representative pursuant to Art. 27 GDPR:
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
📧 info@datenschutzpartner.eu
The data protection representative serves as an additional contact point for data subjects and authorities in the European Union (EU) and the European Economic Area (EEA) regarding inquiries related to the GDPR.
2. Terms and Legal Bases
2.1 Terms
Data subject: A natural person about whom we process personal data.
Personal data: All information that relates to an identified or identifiable natural person.
Special categories of personal data: Data concerning trade-union, political, religious, or philosophical views and activities; data relating to health, privacy, or ethnic or racial origin; genetic data; biometric data uniquely identifying a natural person; data concerning criminal or administrative sanctions or prosecutions; and data relating to measures of social assistance.
Processing: Any handling of personal data, regardless of the means and procedures used, for example querying, comparing, adapting, archiving, storing, reading, disclosing, collecting, recording, obtaining, deleting, revealing, arranging, organizing, saving, altering, distributing, linking, destroying, or using personal data.
European Economic Area (EEA): The member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.
2.2 Legal Bases
We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).
Where and insofar as the EU General Data Protection Regulation (GDPR) applies, we process personal data on the basis of at least one of the following legal grounds:
- Art. 6 para. 1 lit. b GDPR — for the processing of personal data necessary for the performance of a contract with the data subject and for carrying out pre-contractual measures.
- Art. 6 para. 1 lit. f GDPR — for the processing of personal data necessary to safeguard legitimate interests — including the legitimate interests of third parties — provided that the fundamental freedoms, rights, and interests of the data subject do not prevail. Such interests include, in particular, the sustainable, user-friendly, secure, and reliable performance of our activities and operations; ensuring information security; protection against misuse; enforcement of our own legal claims; and compliance with Swiss law.
- Art. 6 para. 1 lit. c GDPR — for the processing of personal data necessary to comply with a legal obligation to which we are subject under applicable law of the member states of the European Economic Area (EEA).
- Art. 6 para. 1 lit. e GDPR — for the processing of personal data necessary for the performance of a task carried out in the public interest.
- Art. 6 para. 1 lit. a GDPR — for the processing of personal data based on the consent of the data subject.
- Art. 6 para. 1 lit. d GDPR — for the processing of personal data necessary to protect the vital interests of the data subject or another natural person.
- Art. 9 para. 2 et seq. GDPR — for the processing of special categories of personal data, in particular based on the consent of the data subject.
The GDPR refers to the processing of personal data as “processing of personal data” and to the processing of special categories of personal data as “processing of special categories of personal data” (Art. 9 GDPR).
3. Type, Scope, and Purpose of Processing Personal Data
We process the personal data required to perform our activities and operations in a sustainable, user-friendly, secure, and reliable manner. The processed personal data may fall particularly into the following categories: browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data. Personal data may also include special categories of personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, provided such processing is permissible.
We process personal data, where required, with the consent of the data subjects. However, we may process personal data in many cases without consent — for example, to fulfil legal obligations or to protect overriding interests. We may also request the consent of data subjects even when such consent is not strictly necessary.
We process personal data for as long as necessary for the respective purpose. We anonymize or delete personal data, in particular depending on statutory retention and limitation periods.
4. Disclosure of Personal Data
We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may include specialized service providers whose services we use.
In particular, within the scope of our activities and operations, we may disclose personal data to banks and other financial institutions, public authorities, educational and research institutions, consultants and attorneys, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media companies, parent, sister, and subsidiary companies, organizations and associations, social institutions, telecommunications companies, insurance companies, and payment service providers.
5. Communication
We process personal data in order to communicate with individuals as well as with authorities, organizations, and companies. In doing so, we particularly process data that a data subject transmits to us when contacting us, for example by postal mail or e-mail. We may store such data in an address book or by means of comparable tools.
Third parties who transmit data about other persons to us are obliged to ensure data protection for such data subjects on their own responsibility. In particular, they must ensure that such data are correct and that transmission is permitted.
6. Applications
We process personal data about applicants insofar as this is necessary to assess their suitability for an employment relationship or for the subsequent performance of an employment contract. The necessary personal data result in particular from the information requested, for example within the context of a job posting. We may publish job postings with the assistance of suitable third parties, for example in electronic and printed media or on job portals and employment platforms.
We also process any personal data that applicants voluntarily provide or publish, particularly as part of cover letters, résumés, and other application documents, as well as from online profiles.
Where and insofar as the General Data Protection Regulation (GDPR) applies, we process personal data about applicants in particular in accordance with Art. 9 para. 2 lit. b GDPR.
7. Data Security
We implement appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. Through these measures, we ensure in particular the confidentiality, availability, traceability, and integrity of the processed personal data – though we cannot guarantee absolute data security.
Access to our website and other digital presence takes place via transport encryption (SSL / TLS, particularly using Hypertext Transfer Protocol Secure – HTTPS). Most browsers warn users before visiting a website that lacks transport encryption.
Our digital communication – like essentially all digital communication – is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, elsewhere in Europe, the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police departments, or other security authorities, nor can we exclude the possibility that an individual data subject may be specifically monitored.
8. Personal Data Abroad
We generally process personal data in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly to process them there or have them processed.
We may export personal data to any country on Earth and elsewhere in the universe, provided that the law of that country – pursuant to a decision of the Swiss Federal Council and, where and insofar as the General Data Protection Regulation (GDPR) applies, also pursuant to a decision of the European Commission – ensures an adequate level of data protection.
We may transfer personal data to countries whose laws do not ensure an adequate level of data protection if protection of data is ensured on other grounds, in particular on the basis of standard data-protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the specific data-protection requirements are fulfilled, for example the explicit consent of the data subject or a direct connection with the conclusion or performance of a contract.
Upon request, we will gladly inform data subjects about any guarantees in place or provide a copy of such guarantees.
9. Rights of Data Subjects
9.1 Data Protection Rights
We grant data subjects all rights to which they are entitled under applicable data protection legislation. In particular, data subjects have the following rights:
Right of Access:
Data subjects have the right to obtain confirmation as to whether personal data concerning them are being processed, and, where that is the case, access to such personal data. Furthermore, they are entitled to receive all information necessary to enable them to assert their data protection rights and to ensure transparency. Such information includes, inter alia, the personal data processed, the purposes of the processing, the retention period, any disclosure or transfer of data to other countries, and the source of the personal data.
Right to Rectification and Restriction of Processing:
Data subjects have the right to request the rectification of inaccurate personal data, the completion of incomplete personal data, and the restriction of the processing of their personal data.
Right to Express a View and to Obtain Human Intervention:
In the event of decisions based solely on automated processing of personal data which produce legal effects concerning the data subject or similarly significantly affect them (automated individual decisions), data subjects have the right to express their point of view and to obtain a review of the decision by a natural person.
Right to Erasure and Right to Object:
Data subjects have the right to request the erasure of personal data concerning them (the “right to be forgotten”) and to object, with effect for the future, to the processing of their personal data.
Right to Data Portability:
Data subjects have the right to receive the personal data concerning them in a structured, commonly used and machine-readable format, and to request the transmission of such data to another controller.
We may defer, limit, or deny the exercise of the rights of data subjects within the limits of applicable law. We may inform data subjects of any preconditions that must be met in order to exercise their data protection rights. For example, we may refuse to provide access, in whole or in part, by reference to confidentiality obligations, overriding interests, or the protection of third parties. Similarly, we may refuse the erasure of personal data, particularly where statutory retention obligations apply.
In exceptional cases, we may impose reasonable fees for the exercise of rights and will inform data subjects in advance of any such costs.
We are obliged to identify data subjects requesting information or asserting other rights by taking appropriate measures, and data subjects are required to cooperate in this process.
9.2 Remedies
Data subjects have the right to enforce their data protection claims through legal proceedings or to lodge a report or complaint with a data protection supervisory authority.
The competent data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Within the European Economic Area (EEA), data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In certain EEA member states, particularly in Germany, data protection supervisory authorities operate under a federal structure.
10. Use of the Website
10.1 Cookies
We may use cookies. Cookies—whether first-party cookies set by us or third-party cookies set by external service providers—are data stored in the browser. Such stored data need not be limited to traditional text-based cookies.
Cookies may be stored temporarily as “session cookies” or for a defined period as “persistent cookies.” Session cookies are automatically deleted when the browser is closed, whereas persistent cookies remain stored for a specified duration.
Cookies enable, in particular, the recognition of a browser upon subsequent visits to our website and, for example, the measurement of website reach. Persistent cookies may also be used for purposes of online marketing.
Cookies may be deactivated, restricted, or deleted in full or in part at any time through browser settings. Browser settings often also provide options for automatic deletion or general management of cookies. Without cookies, the full functionality of our website may not be available.
Where required by applicable law, we will actively seek the explicit consent of users prior to the use of cookies.
10.2 Logging
For each access to our website or other digital presence, we may record at least the following data—provided such data are transmitted to our digital infrastructure:
Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage accessed including data volume transmitted, and the last web page accessed within the same browser window (referrer URL).
We record such data, which may constitute personal data, in log files. The recording of such information is necessary to ensure the continuous, user-friendly, and reliable operation of our digital presence, as well as to maintain data security—either by ourselves or with the assistance of third parties.
10.3 Tracking Pixels
We may incorporate tracking pixels (also known as web beacons) into our digital presence. Tracking pixels—also those of third parties whose services we use—are typically small, invisible images or JavaScript code that are automatically loaded when our digital presence is accessed.
Tracking pixels may capture at least the same categories of data as those recorded in log files.
11. Social Media
We maintain a presence on social media and other online platforms to communicate with interested parties and to provide information about our activities. In connection with such platforms, personal data may be processed outside Switzerland and the European Economic Area (EEA).
The respective terms of service, usage conditions, privacy policies, and other provisions of the operators of such platforms apply. These documents, in particular, inform data subjects of their rights vis-Ă -vis the respective platform operator, such as the right of access.
12. Third-Party Services
We utilize services provided by specialized third parties in order to conduct our activities and operations in a sustainable, user-friendly, secure, and reliable manner. Such services may, inter alia, enable us to embed functions and content within our website.
When such services are embedded, the providers concerned necessarily collect, at least temporarily, the IP addresses of users for technical reasons. For security, statistical, and technical purposes, third parties whose services we employ may process data relating to our activities and operations in aggregated, anonymized, or pseudonymized form—such as performance or usage data required to provide their services.
In particular, we use services provided by Google:
Providers: Google LLC (United States) and Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland.
General information on data protection: “Privacy and Security Principles,” “More information on how Google uses personal data,” Privacy Policy, “Google’s commitment to compliance with applicable data protection laws,” “Privacy Guide for Google Products,” “How we use data from sites or apps that use our services,” and “Advertising settings you control” (personalized advertising settings).
12.1 Digital Infrastructure
We use the services of specialized third parties to obtain the digital infrastructure necessary for our activities and operations. This includes, in particular, hosting and storage services provided by selected providers.
12.2 Fonts
We use third-party services to embed selected fonts, icons, logos, and symbols within our website.
In particular, we use:
Google Fonts – Fonts;
Provider: Google;
Google Fonts–specific information: “Your Privacy and Google Fonts” and “Privacy and Data Collection” (Google Fonts).
13. Website Extensions
We use extensions on our website to enable additional functionalities. We may use selected services provided by suitable third-party providers or operate such extensions on our own digital infrastructure.
In particular, we use:
Akismet – Spam protection (distinguishing between legitimate human content and automated or spam content);
Providers: Automattic Inc. (United States) and Aut O’Mattic A8C Ireland Ltd. (Ireland) for users within Europe;
Data protection information: “Privacy Notice for Visitors to Our Users’ Sites,” Privacy Policy (Automattic), and Cookie Policy.
14. Final Provisions Regarding this Privacy Policy
This Privacy Policy has been prepared using the privacy policy generator provided by Datenschutzpartner.
We reserve the right to amend this Privacy Policy at any time. Updates will be communicated in an appropriate manner, in particular by publishing the current version of the Privacy Policy on our website.