RUAG Privacy Notice
Data protection is a matter of trust and your trust is a core value of the RUAG group and of all his legal entities it is composed of (“RUAG” and/or “we” and/or “us”).
1. Who we are
This Privacy Notice applies to all legal entities of the RUAG group. Each RUAG company that processes personal data for its own business purposes acts as a data controller. For example, if you interact with a company about a matter concerning that company, it will be the controller for the personal data processed in relation with your request; or the company that invites you to participate in a customer event will be the controller of the data processed for the event. A list of the RUAG companies and their contact details is available at www.ruag.com.
If you have any questions or requests in relation to the processing of your personal data, you can contact the RUAG Data Protection Team at data.protection(at)ruag.com.
This Privacy Notice applies to any processing of personal data in connection with all our business activities in all our business areas. It is applicable to the processing of both historical and future personal data.
Please note that separate privacy notices may apply, for example for applicants, and participants at trade fairs, job fairs and similar events. These policies are available at www.ruag.com/privacy. The privacy notice for employees for RUAG employees was published separately in the RUAG Intranet.
3. Which personal data do we process and for what purposes?
We may process personal data in the following situations and for the following purposes:
- Communication: We may process personal data when you are contacting RUAG or when RUAG is contacting you, for example when you are contacting our customer service or when you write to RUAG or call us. In this case, we may typically process name(s) and contact data and the content and time of the relevant messages. We may use this data in order to provide you with information, process your request and communicate with you. We can also forward messages within Ruag, for example if your request concerns another RUAG entity.
- Visiting websites; using apps: When you visit our websites or install and use an app from RUAG, we may automatically collect information such as your browser, the IP address of your computer, your internet service provider, the site from which you navigated to our website, the duration of your visit to our website and what type of device you are using (for example a computer, a smart phone or a tablet and the respective operating system). We may also keep a record of the pages that you view during your visit. This information may be used to improve the way in which our website operates, for statistical and systems administration purposes. We may also use “cookies“, which are small text files that are temporarily or permanently stored on your device when you visit our website. Cookies collect information about the number of visitors to the websites, the pages visited and the time spent on the websites.
- We may also use analytics services provided by third party service providers, for example Google Analytics, which is provided by Google LLC, US. As part of such services, the service provider collects information about the use of the relevant website, but often in a non-personally identifiable form.
- We may use functionalities from providers such as Facebook, Instagram, LinkedIn, Xing, etc., which may result in the provider concerned processing data about you. We advise that you read the privacy policies of these third party providers.
Our webpages contain or may contain links or plug-ins that redirect visitors to the websites of the following social networks.
- “Facebook” is operated by Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, in the USA. The link to Facebook is marked by a blue logo with the white letters “f”.
- “Instagram” is operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
- “LinkedIn” is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
- “XING” is operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
If you click on one of the above links or buttons, you will be redirected to the websites of the aforementioned social networks.
The content of the transmitted data is beyond our sphere of control.
If you click on the relevant link or button, information that you have viewed on certain pages of our website may be forwarded to the servers of the above social networks.
For users, who are logged into the aforementioned social networks at the same time, this means that the usage data may be assigned to your personal account or profile. If you use the links or buttons, it cannot be excluded that this information will be transmitted directly from your browser to the aforementioned social networks and stored there. Even if you are not a member of the aforementioned social networks, these social networks may nevertheless still identify and store your IP, which is also beyond our sphere of control.
To learn about the purpose and scope of the processing of your data, and about your rights and ways to protect your privacy, please visit the following websites with the privacy policies of the aforementioned providers at:
- Facebook: https://www.facebook.com/policy.php
- Instagram: https://help.instagram.com/519522125107875
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- XING: https://privacy.xing.com/de/datenschutzerklaerung
If you do not consent to the aforementioned social networks collecting data about you when operating the links or buttons, please log off from the respective account before visiting our website. You can object to the collection of your data at the website addresses listed below:
- Facebook: https://www.facebook.com/policies
- Instagram: https://help.instagram.com/519522125107875
- XING: https://privacy.xing.com/en/privacy-policy
Where a short messaging service is made available on our websites, we make use of the technical platform and the services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA. Responsible for the processing of data of persons living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. We would therefore like to point out that you use the Twitter short messaging service offered here and its functions at your own responsibility. Details on the data processed by Twitter and the purposes they are used for are provided in the privacy statement of Twitter: https://twitter.com/privacy.
Our webpages may have integrated videos that are linked to YouTube. If you click on the YouTube button in this case, you will be redirected to our videos on the website of YouTube. We then only enable the connection to the YouTube service. YouTube is a service offered by Google Inc. (“Google”), operated by YouTube, LLC, Cherry Ave., USA.
Some of our websites may contain so-called embeddings of videos on YouTube or videos from the YouTube channels operated by us. These only permit the creation of a connection to YouTube.
For more information on the purpose and scope of data collection and use by Google, as well as on your rights and setting options for protection for you as a YouTube customer, please see the privacy policies of YouTube (https://www.google.de/intl/en/policies/privacy/)
- Use of e-mail: We may use your name and e-mail address to send you alerts, updates, event invitations and other information by e-mail, but will ask for consent first unless we have obtained your contact details from you in the context of our services. If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by following the link included in these e-mails. We may use a third party provider to understand if you open our e-mails or if you click on links included in them. You may prevent this by using the appropriate settings in your e-mail client.
- Visiting our premises: When you enter our premises, we may make video recordings in appropriately marked areas for security and evidence purposes. You may also be able to use a Wi-Fi service. In this case, we collect device-specific data in the course of your registration, and we may ask you to enter your name, title, ID information, document copies, identifiers issued by the government, mobile and telephone numbers, your citizenship/nationality/residential status, and your e-mail address when registering.
- Customer events: When we hold customer events (such as advertising events, sponsoring events, cultural and sporting events), we may also process personal data. Such data may include the name and address of the participants or interested parties and, other data depending on the event, for example your date of birth. We may process this information for the purpose of carrying out customer events but also to get in direct contact with yourself and get to know you better. Further details can be found in the respective conditions of participation. Please read our Privacy Notice for Trade Fairs, Job Fairs and Similar Events (whose link has been referred to here above), Should you need further information about how we may process your personal data.
- Business partners: RUAG is working together with various companies and business partners, for example with suppliers, commercial customers of goods and services and with service providers (for example IT service providers). We may process personal data about the contact persons in these companies, for example their name, function, citizenship/nationality/residential status, and title. Depending on the field of activity, we are also required to scrutinize the relevant company and/or its employees. We will notify you separately if this applies. We may also process personal data about yourself to improve our customer orientation, customer satisfaction and customer loyalty (Customer Relationship Management).
- Administration: We may process personal data for our internal and group-internal administration. For example, we may process personal data in the context of IT or real estate management. We may also process personal data for accounting and archiving purposes and generally for checking and improving internal processes.
- Corporate transactions: We may also process personal data in order to prepare and process company and other transactions.
- Job applications: We may also process personal data when you apply to us. As a general rule, we require the usual information and documents as well as the ones mentioned in a job advertisement. Please read our Applicant Privacy Notice (whose link has been referred to here above) for information about how we process your personal data collected in the course of a job application.
- Employment: We process personal data of our employees in the course of their employment. A dedicated RUAG Employee Privacy Notice is applicable in this regard.
- Compliance with legal requirements: We may process personal data to comply with legal requirements. These include, for example, the operation of a whistleblowing scheme for reporting about suspected wrongdoings, internal investigations or the disclosure of documents to an authority if we have good reason to do so or are even legally obliged to do so. In this context we may process names and documentation or narratives referring to yourself or to a third party.
- Protection of rights: We may process personal data in various constellations in order to protect our rights, for example to assert claims in and out of court and before local and foreign authorities or to defend ourselves against claims. For example, we may have process prospects clarified or submit documents to an authority. Authorities may also require us to disclose documents containing personal data.
We process personal data on the following grounds:
- for the performance of a contract;
- for legitimate interests. This includes, for example, the interest in customer care and communication with customers outside of a contract; in marketing activities; in getting to know our customers and other people better; in improving products and services and developing new ones; in combating fraud, and the prevention and investigation of offences; in the protection of customers, employees and other persons and data, secrets and assets of the RUAG group; in the guarantee of IT security, especially in connection with the use of websites, apps and other IT infrastructure; in the guarantee and organisation of business operations, including the operation and further development of websites and other systems; in company management and development; in the sale or purchase of companies, parts of companies and other assets; and in the enforcement or defence of legal claims;
- based on a consent, where such consent was obtained separately; and
- for compliance with legal and regulatory obligations.
You are generally under no obligation to disclose personal data to us. However, we must collect and process certain data in order to be able to conclude and perform a contract and for other purposes.
4. Who do we share your personal information with?
Our employees have access to your personal data as far as it is necessary for the described purposes and the work of the employees concerned. They act in accordance with our instructions and are bound to confidentiality and secrecy when handling your personal data.
We may also transfer your personal data to other legal entities within RUAG for the purpose of internal group administration and for the various processing purposes described in this Privacy Notice. This means that your personal data can also be processed and combined with personal data originating from another RUAG legal entity for the respective purposes.
We may also disclose your personal data to third party service providers who perform certain business operations on our behalf (“processors“), in particular:
- IT services, for example data storage, cloud services, data analytics etc.;
- consulting services, for example tax consultants, lawyers, management consultants, recruitment etc.;
- logistics to deliver goods;
- administrative services, for example real estate management;
- business information and debt collection.
There are other cases where we may disclose your personal data, for instance:
- We may disclose your personal data to third parties (for example authorities) if this is required by law. We also reserve the right to process your personal data in order to comply with a court order or to assert or defend legal claims or if we consider it necessary for other legal reasons.
- We may disclose your personal data to third parties (for example acquirer) if this is necessary for a corporate transaction.
5. When do we disclose your personal data to third countries?
The recipients of your personal data (section 4) may be located abroad, including in countries even outside of Switzerland, the EU or the EEA which may not have laws that protect your personal data to the same extent as the laws in Switzerland, the EU or the EEA. If we disclose your personal data to a recipient in such a country, typically enter into a data transfer agreement to ensure adequate protection of your personal data, including contracts. Please contact the RUAG Data Protection Team (data.protection(at)ruag.com) should you need more information in this regard.
6. How do we protect your personal data?
We apply appropriate technical and organisational security processes to safeguard the security of your personal data and to protect it against unauthorised or unlawful processing and to prevent the risk of loss, unintentional alteration, unintentional disclosure or unauthorised access.
7. How long do we retain your personal data?
We retain your personal data for no longer than this is necessary for the purposes for which the information is collected or to comply with legal retention obligations.
8. What are your rights with respect to your personal data?
You have the following rights within the limits set forth in applicable law: You may inter alia request to access your personal data as processed by us, to ask us for correction or erasure, to request that the personal data you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format. You may also withdraw consent, if you have provided consent for RUAG to process your personal data. You also have the right to complain to a data protection authority about how we have used your personal data.
9. Contact details
If you have any questions or would like to exercise your rights in relation to the processing of your personal data, please contact the RUAG Data Protection Team (data.protection(at)ruag.com).