Thank you for visiting our website www.hpa.ag.ch and your interest in our company. The protection of your personal data is important to us. Personal data is information about the personal or factual circumstances of an identified or identifiable natural person. This includes, for example, name, address, telephone number and date of birth, as well as any other data that could be traced to an identifiable person.
As personal data is protected by specific laws, it will only be collected by us to the extent necessary for the provision of our website and our services. Below, we would like to outline which personal data we will collect during your visit to our website and how we use it.
Our data privacy procedures are compliant with the statutory regulations, in particular those of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), the Telemedia Act (Telemediengesetz – TMG) and the EU General Data Protection Regulation (GDPR). We will only collect, process and store your personal data to the extent necessary for the functional provision of this website, and our content and services, as well as for the processing of queries and, if applicable, for the processing of orders/contracts, but in any case only if we have a legitimate interest within the meaning of Art. 6(1)(1)(f) GDPR or another basis permitting us to do so. Only when you have separately granted your consent beforehand will your data also be used for other purposes specified precisely in the agreement, e.g. for the sending of marketing information via newsletter.

1. Controller within the meaning of Art. 4(7) GDPR

The controller within the meaning of the GDPR and other national data protection laws of the Member States, and other legal data protection regulations is the following:

hpa AG

Schäflistrasse 1

CH-9430 St. Margrethen
Email: info@hpa-ag.ch
Tel.: +41 (0) 71 747 40 30

2. Provision of the website and creation of log files

Whenever you access our website, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

a) Extent of the processing of the data

(1) Information about the browser type and the version used


(2) The operating system of the accessing device

(3) The IP address of the accessing device


(4) Date and time of access


(5) Websites and resources (images, files, other page content) that have been accessed on our website

(6) Websites from which the user’s system reached our website (referrer tracking)
This data will be stored in the log files of our system. This data will not be stored together with personal data of a specific user, meaning that individual visitors to the site cannot be identified.

a. Legal basis for the processing of personal data

Art. 6(1)(f) GDPR (legitimate interest) Our legitimate interest is in guaranteeing the achievement of the purposes stated below.

b. Purpose of data processing

Logging takes place to maintain the compatibility of our website for as many visitors as possible, and to prevent misuse and disruptions. For this purpose, it is necessary to log the technical details of the accessing computer, to be able to react as quickly as possible to display errors, attacks on our IT systems and/or functionality errors on our website. The data also helps us to optimise our website and generally ensure the security of our information technology systems.

c. Duration of storage

Erasure of the above-mentioned technical data takes place once it is no longer required, in order to guarantee the compatibility of the website for all visitors, and 3 months after accessing our website at the latest.

d. Objection and rectification option

The objection and rectification options are based on the general regulations on the right to object and right to erasure set out by data protection law, highlighted below in this Privacy Policy.

3. Special features of the website

Our website offers you various features, during the use of which we collect, process and store personal data. Below we explain what happens with this data:

a) Form for newsletter registration:

a) Extent of the processing of personal data

The data entered by you when registering for the newsletter

b. Legal basis for the processing of personal data

Art. 6(1)(a) GDPR (consent by clear confirmatory action or behaviour)

(1). Purpose of data processing

The data collected in the registration form for our newsletter will be used by us exclusively to send our newsletter, in which we will inform you about all our services and our new products. After registration, we will send you a confirmation email containing a link which you must click on, in order to complete the registration for our newsletter (double opt-in).

(2). Duration of storage

Our newsletter can be cancelled at any time by clicking on the unsubscribe link, which is also contained in every newsletter. Your data will be immediately erased by us after you unsubscribe. Your data will also be erased by us immediately in the event of an incomplete registration. We reserve the right to erase data without stating reasons and without informing you beforehand or afterwards.

(3). Objection and rectification option

The objection and rectification options are based on the general regulations on the right to object and right to erasure set out by data protection law, highlighted below in this Privacy Policy.

c. Callback-Service:

(1). Extent of the processing of personal data

The data entered by you in our callback form

(2). Legal basis for the processing of personal data

Art. 6(1)(a) GDPR (consent by clear confirmatory action or behaviour)

(3). Purpose of data processing

Provision and execution of the callback service, fulfilment of callback requests

(4). Duration of storage

Erasure of the data takes place once it is no longer required for the processing of your callback request.

(5). Objection and rectification option

The objection and rectification options are based on the general regulations on the right to object and right to erasure set out by data protection law, highlighted below in this Privacy Policy.

d. Contact form(s):

(1). Extent of the processing of personal data

The data entered by you in our contact forms

(2). Legal basis for the processing of personal data

Art. 6(1)(a) GDPR (consent by clear confirmatory action or behaviour)

(3). Purpose of data processing

The data collected via our contact form(s) will only be used for the processing of the specific contact request that is received via the contact form.

(4). Duration of storage

After the processing of your request, the data collected will be immediately erased, unless there are any statutory retention periods.

(5). Objection and rectification option

The objection and rectification options are based on the general regulations on the right to object and right to erasure set out by data protection law, highlighted below in this Privacy Policy.

4. Statistical analysis of the visits to our website – web trackers

We collect, process and store the following data when you access this website or individual files on the website: IP address, website from which the file was accessed, name of the file, date and time of access, transferred data volume and notification of successful access (web log) We will only use this access data in a non-personalised form for the continuous improvement of our website and for statistical purposes.
We also use the following web trackers to analyse visits to this website:

a) Google Googleadservices / Google AdWords Conversion / Google Dynamic Remarketing

On our website, we use a web tracking service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter referred to as Google Googleadservices / Google AdWords Conversion / Google Dynamic Remarketing). During web tracking, Google Googleadservices / Google AdWords Conversion / Google Dynamic Remarketing uses cookies, which are stored on your computer and enable an analysis of the use of our website and your surfing behaviour (tracking). We carry out this analysis on the basis of the tracking service provided by Google Googleadservices / Google AdWords Conversion / Google Dynamic Remarketing, in order to continuously optimise our website and increase its availability. During the use of our website, data, in particular your IP address and your user activities, will be transferred to a server of Google Googleadservices / Google AdWords Conversion / Google Dynamic Remarketing, and processed and stored outside the European Union, for example in the USA. The legal basis for the data processing is Art. 6(1)(a) GDPR. Google Googleadservices / Google AdWords Conversion / Google Dynamic Remarketing has certified itself as part of the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). Erasure of data takes place once the purpose of its collection has been fulfilled. You will find further information about the handling of the transferred data in the Privacy Policy of Google Googleadservices / Google AdWords Conversion / Google Dynamic Remarketing: https://policies.google.com/privacy. You can prevent the collection and forwarding of personal data (in particular your IP address) and the processing of this data by disabling the execution of script code in your browser, installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example), or enabling the “do not track” setting in your browser.

b) Google Syndication

On our website, we use a web tracking service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter referred to as Google Syndication). As part of its web tracking, Google Syndication uses cookies which are stored on your computer and enable an analysis of the use of our website and your surfing behaviour (tracking). We carry out this analysis on the basis of the tracking service of Google Syndication in order to constantly optimise our website and improve its availability. During the use of our website, data, in particular your IP address and your user activities, will be transferred to a server of Google Syndication, and processed and stored outside the European Union, for example in the USA. The legal basis for the data processing is Art. 6(1)(a) GDPR. Google Syndication has certified itself as part of the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). Erasure of data takes place once the purpose of its collection has been fulfilled. You will find further information about the handling of the transferred data in the Privacy Policy of Google Syndication: https://policies.google.com/privacy. You can prevent the collection and forwarding of personal data (in particular your IP address) and the processing of this data by disabling the execution of script code in your browser, installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example), or enabling the “do not track” setting in your browser.

c) Google-Analytics

a) Extent of the processing of personal data

On our website, we use a web tracking service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter referred to as Google Analytics). As part of its web tracking, Google Analytics uses cookies which are stored on your computer and enable an analysis of the use of our website and your surfing behaviour (tracking). We carry out this analysis on the basis of the tracking service of Google Analytics in order to constantly optimise our website and improve its availability. During the use of our website, data, in particular your IP address and your user activities, will be transferred to a server of Google Ireland Limited, and processed and stored outside the European Union, for example in the USA.
The EU Commission has determined that an appropriate data protection level can exist in the USA, if the company processing the data has signed up to the US-EU Privacy Shield agreement and the data export in the USA was in this way permitted. By enabling IP anonymisation within the Google Analytics tracking code of this website, your IP address will be anonymised by Google Analytics before transmission. This website uses a Google Analytics tracking code that has been extended by the operator gat.anonymizeIp(); in order to enable only the anonymised logging of IP addresses (IP masking).

b. Legal basis for the processing of personal data

Art. 6(1)(a) GDPR (consent), either during registration with Google (opening a Google account and accepting the data privacy notice implemented there) or, if you have not registered with Google, by explicit consent when opening our site.

c. Purpose of data processing

On our behalf, Google will use this information to analyse your visit to this website, compile reports about website activities, and provide us with further services connected to website use and the use of the internet. The IP address transferred by Google Analytics from your browser will not be merged with other data of Google Ireland Limited.

d. Duration of storage

Google will store the data relevant to the provision of the web tracking service for as long as it is necessary to provide the booked web service. Data collection and storage is anonymised. Should data be personalised, however, it will be immediately erased provided that it is not subject to any statutory retention periods. In any case, erasure will take place after the expiry of the retention period.

e. Objection and rectification option

You can prevent the collection and forwarding of personal data (in particular your IP address) to Google and the processing of this data by Google by disabling the execution of script code in your browser, installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example), or enabling the “do not track” setting in your browser. You can also prevent the logging of the data generated by the Google cookie and related to your use of the website (incl. your IP address) from being sent to Google and processed by Google by downloading and installing the available browser plugin at the following link: https://tools.google.com/dlpage/gaoptout?hl=en). The security and data protection policies of Google can be found at https://policies.google.com/privacy.

d) Shareaholic

Our website contains a web tracker provided by Shareaholic Inc., 2 Center Plaza, 02108 Boston, USA (hereinafter referred to as Shareaholic). If you have enabled JavaScript in your browser and not installed a JavaScript blocker, your browser may send personal data to Shareaholic. The legal basis for the data processing is Art. 6(1)(a) GDPR, namely by explicit consent when opening our site. You will find further information about the handling of the transferred data in the Privacy Policy of Shareaholic: https://shareaholic.com/privacy/. You can prevent the processing of this data by Shareaholic by disabling the execution of script code in your browser or installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example).

e) Facebook Social Graph

On our website, we use a web tracking service provided by Facebook Ireland Limited, 4 Grand Canal Square, 2 Dublin, Ireland (hereinafter referred to as Facebook Social Graph). As part of its web tracking, Facebook Social Graph uses cookies which are stored on your computer and enable an analysis of the use of our website and your surfing behaviour (tracking). We carry out this analysis on the basis of the tracking service of Facebook Social Graph in order to constantly optimise our website and make it better available. During the use of our website, data, in particular your IP address and your user activities, will be transferred to a server of Facebook Social Graph, and processed and stored outside the European Union, for example in the USA. The legal basis for the data processing is Art. 6(1)(a) GDPR. Facebook Social Graph has certified itself as part of the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). Erasure of data takes place once the purpose of its collection has been fulfilled. You will find further information about the handling of the transferred data in the Privacy Policy of Facebook Social Graph: https://www.facebook.com/about/privacy/. You can prevent the collection and forwarding of personal data (in particular your IP address) and the processing of this data by disabling the execution of script code in your browser, installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example), or enabling the “do not track” setting in your browser.

5. Inclusion of external web services and processing of data outside the EU

On our website, we use active JavaScript content from external providers, called web services. When you access our website, these external providers may receive personalised information about your visit to our website. The processing of data outside the EU is hereby possible. You can prevent this by installing a JavaScript blocker such as the 'NoScript' browser plugin (www.noscript.net) or disabling JavaScript in your browser. This may lead to functional restrictions on websites you visit.
We use the following external web services:

a) CloudFlare

Our website includes a web service provided by CloudFlare Inc., 101 Townsend St, 94107 San Francisco, USA (hereinafter referred to as CloudFlare). We use this data to guarantee the full functionality of our website. In this regard, your browser and, if applicable, personal data will be transmitted to CloudFlare. The legal basis for the data processing is Art. 6(1)(f) GDPR. The legitimate interest is in the error-free functioning of the website. CloudFlare has certified itself as part of the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). Erasure of data takes place once the purpose of its collection has been fulfilled. You will find further information about the handling of the transferred data in the Privacy Policy of CloudFlare: https://www.cloudflare.com/security-policy/?utm_referrer=https://www.google.com/. You can prevent the processing of this data by CloudFlare by disabling the execution of script code in your browser or installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example).

b) Doubleclick

Our website includes a web service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter referred to as DoubleClick). We use this data to guarantee the full functionality of our website. In this regard, your browser and, if applicable, personal data will be transmitted to DoubleClick. The legal basis for the data processing is Art. 6(1)(f) GDPR. The legitimate interest is in the error-free functioning of the website. DoubleClick has certified itself as part of the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). Erasure of data takes place once the purpose of its collection has been fulfilled. You will find further information about the handling of the transferred data in the Privacy Policy of Doubleclick: https://policies.google.com/privacy. You can prevent the processing of this data by Doubleclick by disabling the execution of script code in your browser or installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example).

c) Google

Our website includes a web service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter referred to as Google). We use this data to guarantee the full functionality of our website. In this regard, your browser and, if applicable, personal data will be transmitted to Google. The legal basis for the data processing is Art. 6(1)(f) GDPR. The legitimate interest is in the error-free functioning of the website. Google has certified itself as part of the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). Erasure of data takes place once the purpose of its collection has been fulfilled. You will find further information about the handling of the transferred data in the Privacy Policy of Google: https://policies.google.com/privacy. You can prevent the processing of this data by Google by disabling the execution of script code in your browser or installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example).

d) Google Video

Our website includes a web service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter referred to as Google Video). We use this data to guarantee the full functionality of our website. In this regard, your browser and, if applicable, personal data will be transmitted to Google Video. The legal basis for the data processing is Art. 6(1)(f) GDPR. The legitimate interest is in the error-free functioning of the website. Google Video has certified itself as part of the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). Erasure of data takes place once the purpose of its collection has been fulfilled. You will find further information about the handling of the transferred data in the Privacy Policy of Google Video: https://policies.google.com/privacy. You can prevent the processing of this data by Google Video by disabling the execution of script code in your browser or installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example).

e) Google-Apis

Our website includes a web service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter referred to as Google APIs). We use this data to guarantee the full functionality of our website. In this regard, your browser and, if applicable, personal data will be transmitted to Google APIs. The legal basis for the data processing is Art. 6(1)(f) GDPR. The legitimate interest is in the error-free functioning of the website. Google APIs has certified itself as part of the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). Erasure of data takes place once the purpose of its collection has been fulfilled. You will find further information about the handling of the transferred data in the Privacy Policy of Google APIs: https://policies.google.com/privacy. You can prevent the processing of this data by Google APIs by disabling the execution of script code in your browser or installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example).

f) gstatic

Our website includes a web service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter referred to as gstatic). We use this data to guarantee the full functionality of our website. In this regard, your browser and, if applicable, personal data will be transmitted to gstatic. The legal basis for the data processing is Art. 6(1)(f) GDPR. The legitimate interest is in the error-free functioning of the website. gstatic has certified itself as part of the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). Erasure of data takes place once the purpose of its collection has been fulfilled. You will find further information about the handling of the transferred data in the Privacy Policy of gstatic: https://policies.google.com/privacy. You can prevent the processing of this data by gstatic by disabling the execution of script code in your browser or installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example).

g) MyFonts Counter

Our website includes a web service provided by Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, 01801 Woburn, USA (hereinafter referred to as MyFonts Counter). If you have enabled JavaScript in your browser and not installed a JavaScript blocker, your browser may send personal data to MyFonts Counter. You will find further information about the handling of the transferred data in the Privacy Policy of MyFonts Counter: http://www.myfonts.com/info/legal/#Privacy. You can prevent the processing of this data by MyFonts Counter by disabling the execution of script code in your browser or installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example).

h) ravenjs.com

Our website includes a web service provided by Functional Software, Inc., 132 Hawthorne Street, 94107 San Francisco, USA (hereinafter referred to as ravenjs.com). We use this data to guarantee the full functionality of our website. In this regard, your browser and, if applicable, personal data will be transmitted to ravenjs.com. The legal basis for the data processing is Art. 6(1)(f) GDPR. The legitimate interest is in the error-free functioning of the website. ravenjs.com has certified itself as part of the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). Erasure of data takes place once the purpose of its collection has been fulfilled. You will find further information about the handling of the transferred data in the Privacy Policy of ravenjs.com: https://sentry.io/privacy/. You can prevent the processing of this data by ravenjs.com by disabling the execution of script code in your browser or installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example).

i) Youtube

Our website includes a web service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter referred to as YouTube). We use this data to guarantee the full functionality of our website. In this regard, your browser and, if applicable, personal data will be transmitted to YouTube. The legal basis for the data processing is Art. 6(1)(f) GDPR. The legitimate interest is in the error-free functioning of the website. YouTube has certified itself as part of the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). Erasure of data takes place once the purpose of its collection has been fulfilled. You will find further information about the handling of the transferred data in the Privacy Policy of YouTube: https://policies.google.com/privacy. You can prevent the processing of this data by YouTube by disabling the execution of script code in your browser or installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example).

j) ytimg

Our website includes a web service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter referred to as ytimg). We use this data to guarantee the full functionality of our website. In this regard, your browser and, if applicable, personal data will be transmitted to ytimg. The legal basis for the data processing is Art. 6(1)(f) GDPR. The legitimate interest is in the error-free functioning of the website. ytimg has certified itself as part of the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). Erasure of data takes place once the purpose of its collection has been fulfilled. You will find further information about the handling of the transferred data in the Privacy Policy of ytimg: https://policies.google.com/privacy. You can prevent the processing of this data by ytimg by disabling the execution of script code in your browser or installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example).

k) ggpht.com

Our website includes a web service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter referred to as ggpht.com). We use this data to guarantee the full functionality of our website. In this regard, your browser and, if applicable, personal data will be transmitted to ggpht.com. The legal basis for the data processing is Art. 6(1)(f) GDPR. The legitimate interest is in the error-free functioning of the website. ggpht.com has certified itself as part of the EU-US Privacy Shield agreement (see https://www.privacyshield.gov/list). Erasure of data takes place once the purpose of its collection has been fulfilled. You will find further information about the handling of the transferred data in the Privacy Policy of ggpht.com: https://policies.google.com/privacy. You can prevent the processing of this data by ggpht.com by disabling the execution of script code in your browser or installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example).

l) website-check.de

Our website includes a test mark of Website-Check GmbH, Beethovenstraße 24 in 66111 Saarbrücken, Germany (hereinafter referred to as website-check.de). We include this test mark in our website to show that we take the topic of data privacy seriously. Due to the inclusion of the Website-Check test mark, non-personal data is transmitted to Website-Check GmbH, as the issuer of the test mark. In this respect, the company will only receive your IP address in order to provide the image file of the test mark. Your IP address has no personal reference that can be seen by Website-Check GmbH. The legal basis for the data processing is Art. 6(1)(f) GDPR (legitimate interest). The legitimate interest is in the error-free display of the Website-Check test mark on the website. You will find further information about the handling of the transferred data in the Privacy Policy of website-check.de: https://www.website-check.de/datenschutzerklaerung/. You can prevent the loading of the Website-Check test mark and therefore the transmission of your IP address (anonymous to Website-Check GmbH) to Website-Check GmbH by disabling the execution of script code in your browser or installing a script blocker in your browser (you will find this at www.noscript.net and www.ghostery.com, for example).

m) Social Plug-In – „Google +“

a) Extent of the processing of personal data

On our website, we have included a social plugin by social network “Google +”, which is operated by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (“Google +”). When you access a site that contains such a plugin, your browser automatically establishes a background connection to the servers of Google +. The content of the plugin is transmitted by Google + directly to your browser, and only included in our site. With this inclusion, Google + receives information that your browser has loaded a specific page of our website. This also applies if you do not have a Google + profile or if you are not logged into Google + at that moment. This information (including your IP address) will be sent from your browser directly to a Google + server in Ireland, where it will be stored. If you are logged into Google +, Google + can associate the visit to our website directly to your Google + profile. If you interact with the plugins, for example by clicking on the “Like” button or leaving a comment, this information will also be sent to a Google + server, where it will be stored. The information will also be published on your Google + profile and shown to your Google + contacts, who you have allowed to see it.

b. Legal basis for the processing of personal data

Art. 6(1)(a) GDPR (if you have registered with “Google +”) and Art. 6(1)(f) GDPR (if you have not registered with Google +). If the processing takes place on the basis of Art. 6(1)(1)(f) GDPR, the legitimate interest of the site operator is in an interaction of the user with the content of the site operator via Google +.

c. Purpose of data processing

The primary purpose of the data collection is to offer you the opportunity for social interaction connected to Google + and therefore make our website interactive. The scope of the data collection and the further processing and use of the data shared by you, by Google +, and your rights and choices of settings in this regard to protect your privacy can be obtained from the Privacy Policy of Google +: (https://policies.google.com/privacy).

c. Duration of storage

Google + will store the data relevant to the provision of the web tracking service for as long as it is necessary. Provided that the data is not subject to statutory retention periods, erasure will take place after the expiry of the retention obligation.

e. Objection and rectification option

If you do not want the social plugin of Google + to be executed, you can block the execution by installing a script blocker, such as "NoScript". If you do not want Google + to associate the data collected via our website to your Google + profile, you must log out of Google before visiting our website. You can also specifically prevent the loading of Google + plugins by using add-ons for your browser. For Mozilla Firefox, you will find the right plugins at the following link:
https://addons.mozilla.org/en-GB/firefox/
For Opera, you will find the right plugins in the following link:
https://addons.opera.com/
For Chrome, you will find the right plugins in the following link:
https://chrome.google.com/webstore/category/extensions?hl=en
The objection and rectification options are based on the general regulations on the right to object and right to erasure set out by data protection law, highlighted below in this Privacy Policy.

n) Social Plug-In – „Facebook“

a) Extent of the processing of personal data

On our website, we have included a social plugin by social network “Facebook”, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, 2 Dublin, Ireland ("Facebook"). When you access a site that contains such a plugin, your browser automatically establishes a background connection to the servers of Facebook. The content of the plugin is transmitted by Facebook directly to your browser, and only included in our site. With this inclusion, Facebook receives information that your browser has loaded a specific page of our website. This also applies if you do not have a Facebook profile or if you are not logged into Google + at that moment. This information (including your IP address) will be sent from your browser directly to a Facebook server in Ireland, where it will be stored. If you are logged into Facebook, Facebook can associate the visit to our website directly to your Facebook profile. If you interact with the plugins, for example by clicking on the “Like” button or leaving a comment, this information will also be sent to a Facebook server, where it will be stored. The information will also be published on your Facebook profile and shown to your Facebook contacts, who you have allowed to see this information.

b. Legal basis for the processing of personal data

Art. 6(1)(a) GDPR (if you have registered with “Facebook”) and Art. 6(1)(f) GDPR (if you have not registered with Facebook). If the processing takes place on the basis of Art. 6(1)(1)(f) GDPR, the legitimate interest of the site operator is in enabling an interaction of the user with the content of the site operator on Facebook.

c. Purpose of data processing

The primary purpose of the data collection is to offer you the opportunity for social interaction connected to Facebook and therefore make our website interactive. The scope of the data collection and the further processing and use of the data you share by Facebook, and your rights and choices of settings in this regard to protect your privacy can be obtained from the Privacy Policy of Facebook: (https://www.facebook.com/about/privacy).

d. Duration of storage

Facebook will store the data relevant to the provision of the web tracking service for as long as it is necessary. Provided that the data is not subject to statutory retention periods, erasure will take place after the expiry of the retention obligation.

e. Objection and rectification option

If you do not want the social plugin of Facebook to be executed, you can block the execution by installing a script blocker, such as "NoScript". If you do not want Facebook to associate the data collected via our website to your Facebook profile, you must log out of Facebook Social Graph before visiting our website. You can also specifically prevent the loading of Facebook plugins by using add-ons for your browser. For Mozilla Firefox, you will find the right plugins in the following link:
https://addons.mozilla.org/en-GB/firefox/
For Opera, you will find the right plugins in the following link:
https://addons.opera.com/
For Chrome, you will find the right plugins in the following link:
https://chrome.google.com/webstore/category/extensions?hl=en
The objection and rectification options are based on the general regulations on the right to object and right to erasure set out by data protection law, highlighted below in this Privacy Policy.

o) Social Plug-In – „Facebook Social Graph“

a) Extent of the processing of personal data

On our website, we have included a social plugin by social network “Facebook Social Graph”, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, 2 Dublin, Ireland ("Facebook Social Graph"). When you access a site that contains such a plugin, your browser automatically establishes a background connection to the servers of Facebook Social Graph. The content of the plugin is transmitted by Facebook Social Graph directly to your browser, and only included in our site. With this inclusion, Facebook Social Graph receives information that your browser has loaded a specific page of our website. This also applies if you do not have a Facebook Social Graph profile or if you are not logged into Facebook Social Graph at that moment. This information (including your IP address) will be sent from your browser directly to a Facebook Social Graph server in Ireland, where it will be stored. If you are logged into Facebook Social Graph, Facebook Social Graph can associate the visit to our website directly to your Facebook profile. If you interact with the plugins, for example by clicking on the “Like” button or leaving a comment, this information will also be sent to a Facebook Social Graph server, where it will be stored. The information will also be published on your Facebook Social Graph profile and shown to your Facebook Social Graph contacts, who you have allowed to see this information.

b. Legal basis for the processing of personal data

Art. 6(1)(a) GDPR (if you have registered with “Facebook Social Graph”) and Art. 6(1)(f) GDPR (if you have not registered with Facebook Social Graph). If the processing takes place on the basis of Art. 6(1)(1)(f) GDPR, the legitimate interest of the site operator is in enabling an interaction of the user with the content of the site operator on Facebook Social Graph.

(1). Purpose of data processing

The primary purpose of data collection is to offer you the opportunity for connected social interaction with Facebook Social Graph and therefore make our website interactive. The scope of the data collection and the further processing and use of the data left by you, by Facebook Social Graph, and your rights and choices of settings in this regard to protect your privacy can be obtained from the Privacy Policy of Facebook Social Graph: (https://www.facebook.com/about/privacy).

c. Duration of storage

Facebook Social Graph will store the data relevant to the provision of the web service for as long as it is necessary. Provided that the data is not subject to statutory retention periods, erasure will take place after the expiry of the retention obligation.

d. Objection and rectification option

If you do not want the social plugin of Facebook Social Graph to be executed, you can block the execution by installing a script blocker, such as "NoScript". If you do not want Facebook Social Graph to associate the data collected via our website to your Facebook Social Graph profile, you must log out of Facebook Social Graph before visiting our website. You can also specifically prevent the loading of Facebook Social Graph plugins by using add-ons for your browser. For Mozilla Firefox, you will find the right plugins in the following link:
https://addons.mozilla.org/en-GB/firefox/
For Opera, you will find the right plugins in the following link:
https://addons.opera.com/
For Chrome, you will find the right plugins in the following link:
https://chrome.google.com/webstore/category/extensions?hl=en
The objection and rectification options are based on the general regulations on the right to object and right to erasure set out by data protection law, highlighted below in this Privacy Policy.

6. Information about the use of cookies

a) Extent of the processing of personal data

We use cookies on various pages, to enable the use of certain functions of our websites. These “cookies” are small text files that your browser can save on your computer. These text files contain a character string that enables a clear identification of the browser the next time you access our website. The process of saving a cookie is also called “placing a cookie”.

b. Legal basis for the processing of personal data

Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest is in the maintenance of the full functionality of our website, an increase in usability, and enabling more individual customer contact. An identification of individual site visitors is only possible for us with the use of cookie technology if the site visitors have provided us with according personal data beforehand, on the basis of separate consent.

c. Purpose of data processing

The cookies are used by our website to maintain the full functionality of our website and improve usability. In addition, the cookie technology enables us to recognise individual users via pseudonyms, such as an individual random ID, so that it is possible for us to offer more individual services.

d) Duration of storage

The storage of our cookies takes place until erasure in your browser or, if it is a session cookie, until the session is over.

e. Objection and rectification option

You can set your browser as you wish, to generally prevent the placing of cookies. You can then decide to accept cookies on a case-by-case basis, or generally accept cookies. Cookies can be used for different purposes, for example to recognise that your PC has already been connected to our website (persistent cookies) or to store recently viewed sites (session cookies). We use cookies to offer you increased user comfort. In order to use our comfort functions, we recommend that you allow the acceptance of cookies for our website. The objection and rectification options are based on the general regulations on the right to object and right to erasure set out by data protection law, highlighted below in this Privacy Policy.

7. Data security and data protection, communication via email

Your personal data is protected during collection, storage and processing, by technical and organisational measures so that it is not accessible to third parties. In the case of unencrypted communication via email, complete data security along the transmission route to our IT systems cannot be guaranteed by us, so we recommend sending information with a high requirement for confidentiality via encrypted communication or by post.

8. Withdrawal of consent – data information and rectification requests – erasure and blockage of data

At appropriate intervals, you have the right to receive information free of charge about your stored data, and the right at any time to the rectification, blockage or erasure of your data. Your data will be erased by us upon first request, unless statutory provisions prevent this from taking place. At any time, you can withdraw consent granted to us to use your personal data. Please feel free to send requests for information, erasure or rectification about/of your data, or any suggestions, to the following address, at any time:
hpa AG
Schäflistrasse 1
CH-9430 St. Margrethen
Email: info@hpa-ag.ch
Tel.: +41 (0) 71 747 40 30

9. Right to data portability

You have the right to access your personal data that you have sent us, to be provided in a structured, commonly-used and machine-readable format. You can also request that we transfer this data to a third party immediately upon your first instruction, provided that the processing is based on consent in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract in accordance with Art. 6(1)(b) GDPR, and the processing is carried out by us as part of an automated data processing system.
When exercising this right to data portability, you also have the right to have your personal data sent directly to another controller, provided that this is technically feasible. Freedoms and rights of other persons may hereby not be impaired.
The right todata portability does not apply to the processing of personal data which is necessary for the completion of a task that is in the public interest or takes place in the exercise of public authority that has been transferred to the controller.

10. Right to lodge a complaint with a supervisory authority in accordance with Art. 77(1) GDPR

If you suspect that your data is being unlawfully processed on our website, you can of course effect a judicial resolution of the matter. You have the opportunity to contact a supervisory authority regardless. You have the right to lodge a complaint in the EU Member State where you reside or work, or where the alleged violation took place; in other words, you can select a supervisory authority at the above-mentioned locations. The supervisory authority to which the complaint has been submitted will then inform you about the status and outcome of your submission, including the opportunity for legal remedy in accordance with Art. 78 GDPR.