Privacy Policy
Legal information and privacy policy
1 Introduction
1.1 Legal information
1.2 Data protection regulations
2 Origin and categories of personal data
2.1 What data do we collect?
4 Legal basis and purpose of processing
5 Cookies and similar technologies
6 Use of third-party tools
6.1 Which tracking tools do we use?
6.2 Which customer relationship management tools (CRM) and content management systems (CMS) do we use?
6.3 Which hosting provider do we use?
7 Data security
7.1 Personalization and automated decision-making
7.2 When and how is your data forwarded to third parties?
7.3 When and how is your data disclosed abroad?
7.4 How long your data is stored
8 Rights
8.1 What rights you have as a data subject
9 Contact us
9.1 How you can get in touch with us
1 Introduction
We appreciate your visit to a Timber Finance website (hereinafter ‘Timber Finance’, ‘we’, ‘us’), or your registration or receipt of a newsletter or other periodic online and offline offers or participation in a webinar or personal meeting at an event.
We believe that you should always know what information we collect from you and how we use it, and that you should have control over both. We want to empower you to make the best possible decisions about the information you share with us: That is the purpose of this Privacy Policy.
This Privacy Policy applies to our processing in connection with our online and offline activities and campaigns.
We recommend that you consult the legal information and our privacy policy regularly, as we always endeavor to keep these provisions up to date. We reserve the right to make changes. At the bottom of this document, you will find details of the most recent update.
1.1 Legal information
The rights, titles and claims (including copyrights, trademarks, patents and other intellectual property rights as well as other rights) for and from all information and content (including all texts, data, graphics and logos) of our offers remain with us or the respective rights holder.
Please note that the Internet is a publicly accessible system. Data that you enter into the system may be lost, sent to the wrong addressee or fall into the hands of unauthorized persons.
1.2 Data protection provisions
We attach great importance to your privacy and the protection of your personal data. Accordingly, we are responsible for the legally compliant collection, processing and use of your personal data. We are committed to responsible handling. Consequently, we consider it a matter of course to comply with the legal requirements of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA) and, where applicable, the provisions of the EU General Data Protection Regulation (GDPR) and other provisions of Swiss and European data protection law. We would therefore like to inform you here about how we process and protect the data we collect about you.
2 Origin and categories of personal data
2.1 What data do we collect?
We process your personal data. Personal data is any information relating to an identified or identifiable natural or legal person (“data”). You are identifiable if you can be identified, directly or indirectly, for example by your name, an identification number, location data or an online identifier.
We process the data that arises in the context of the use or publication of our offer or the data that you provide (e.g. in the context of a newsletter) or that is otherwise publicly accessible.
Specifically, we process the following data from you, whereby we always inform you which data is mandatory for the specific case and which data you can transmit to us on a voluntary basis.
Data that you provide to us directly:
- Contact data, such as title, first name, surname, sector, company, address, zip code, city, e-mail and telephone numbers. We generally process this data when you provide it to us via a form on our online offer or via a business card or participation in a webinar, for example when using the contact form, our research service, the appointment calendar or a telephone number/e-mail address.
- Content data, such as your text entries, photographs, videos or other content that you share with us. We generally process this data when you use a comment function, one of our online forms or contact us by email or telephone.
- Login data, such as your user name or password.
Data that is automatically processed without your intervention when you use our off-line offers :
- Log file data when accessing our website. When our website is accessed, a log file is generated which contains the IP address of the requesting computer, the date and time of access, the name and URL of the data accessed, the website from which our domain was accessed, the operating system of your computer and the browser you are using, the country from which our website was accessed and the name of your internet access provider.
- Usage data, such as websites visited, interest in content, file names of files accessed, access times, functions used, location data. We generally process this data using tracking technology or cookies (cf. section 5 and
Item no. ). - Meta/communication data, such as your IP address, the MAC addresses of the devices used, such as smartphones or computers, and other device and settings information. We generally process this data using tracking technology or cookies (cf. on this point 5 and
Item no. ). - Social media data, such as IP address, names, profile pictures, etc. We process this data when you use one of the implemented social media functions (e.g. the “Like” button of Linkedin or the “Follow” functionality of Twitter [so-called “social plugins”). Social plugins cf.
Item no. or when you log in to us via your social media login).
In order to increase the protection of your data, the social plugins are integrated into the website in such a way that they generally only process your personal data when you click on them.
Survey from other sources:
- Data that is publicly available on our subject area (e.g. from address books, commercial registers, lists of speakers and participants, social media, Google, third-party websites, etc.).
- Data from third parties (e.g. address traders) or from cooperation and business partners or industry associations and companies
These personal data are primarily communication data (e.g. data in written, telephone or electronic communication), documentation data, registration data (e.g. user name, e-mail), master data (e.g. personal details, authorized representatives), contract data (e.g. information on services used), behavioral and preference data (e.g. visits to websites, interest in services) or technical data (e.g. IP addresses and protocols/logs in which the use of our systems is recorded).
3 Data security
Timberfinance processes as little personal data as necessary and protects it from loss and misuse (e.g. from access, modification or disclosure by unauthorized persons).
The technical and organizational measures for data security are appropriate and meet high requirements (e.g. use of up-to-date firewall and antivirus products, personal passwords with multi-factor authentication technologies as well as encryption and access restrictions).
They are continuously adapted to the threat situation.
The protection corresponds to the current state of the art and the type and scope of processing.
4 Legal basis and purpose of processing
We process collected data for various purposes.
Please note that you can object to any of these processing operations at any time.
We use the data we collect for the following purposes:
- To provide you with our offline and online offers, their functions and content, to further develop or optimize them.
For this purpose, we process your data based on our legitimate interest in the analysis, optimization and economic operation of our websites (Art. 6 para. 1 lit. f GDPR). - To answer your contact requests via the various channels of our offline and online offers, such as the contact forms on our websites, telephone or e-mail, and to communicate with you.
For this purpose, we process your data based on our legitimate interest in responding to your contact request (Art. 6 para. 1 lit. f GDPR). - To check your online application for an open position with us.
For this purpose, we process your data as part of pre-contractual measures or the performance of a contract (Art. 6 para. 1 lit. b GDPR). - To send you our mailings (e.g. newsletters, info mails, campaign mails).
For this purpose, we process your data based on your consent (Art. 6 para. 1 lit. a GDPR).
You can withdraw your consent at any time with effect for the future (e.g. by using the unsubscribe button at the end of each mailing). - To analyze your use of our offer, understand your needs, evaluate them and, if necessary, combine them with other data so that we can provide you with an offer that is more relevant to you.
For this purpose, we process your data based on our legitimate interest in the analysis, optimization and economic operation of our offline and online offers (Art. 6 para. 1 lit. f GDPR). - To make our marketing activities, in particular online advertising or when organizing events, relevant and personal.
For this purpose, we process your data based on our legitimate interest in efficient and needs-based marketing (Art. 6 para. 1 lit. f GDPR). - To optimize our campaigns and provide you with more relevant information in this regard.
For this purpose, we process your data based on your express consent (Art. 6 para. 1 lit. a GDPR).
You can withdraw your consent at any time with effect for the future. - To ensure the security of your data and our websites.
For this purpose, we process your data based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). - To assert legal claims and ensure defense in connection with legal disputes and official proceedings.
For this purpose, we process your data based on our legitimate interest (Art. 6 para. 1 lit. f GDPR).
5 Cookies and similar technologies
Cookies help in many ways to make your visit to our website easier, more pleasant and more meaningful.
Cookies are information files that your web browser automatically saves on the hard disk of your end device when you visit our website.
Most of the cookies we use are “session cookies”.
These are automatically deleted at the end of your visit.
Other cookies remain stored on your end device until they are actively deleted.
The latter are used to recognize you the next time you visit our website.
We use cookies, for example, to temporarily store your entries when you fill out a form on the website so that you do not have to repeat the entry when you call up another subpage or to show you a personal website view, for example.
Most Internet browsers accept cookies automatically.
However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie.
On the following pages you will find explanations of how you can configure the processing of cookies in the most common browsers:
- Microsoft Edge
- Mozilla Firefox
- Google Chrome for desktop
- Google Chrome for Mobile
- Apple Safari for Desktop
- Apple Safari for Mobile
If you deactivate cookies, you may not be able to use all the functions of our website.
How and when do we use similar technologies with cookies?
We also use technologies similar to cookies, such as pixel tags, fingerprints and other technologies to store data in the browser.
Pixel tags are small, usually invisible images or program code that are loaded by a server and thereby transmit certain information to the server operator, e.g. whether and when a website was visited.
Fingerprints are information that is collected when you visit a website via the configuration of your end device or your browser and that make your end device distinguishable from other devices.
Most browsers also support other technologies for storing data in the browser, similar to cookies, which we may also use (e.g. “web storage”).
You can configure your browser in the settings so that it blocks certain similar technologies or deletes other data stored in the browser.
You can also add software (so-called “plug-ins”) to your browser that blocks tracking by certain third parties.
You can find out more about this in the help pages of your browser (usually under the heading “Data protection”).
Please note that our websites may no longer function to their full extent if you block similar technologies.
6 Use of third-party tools
6.1 Which tracking tools do we use?
Google Analytics
We use the web analysis service of Google Analytics for the purpose of designing and continuously optimizing our websites in line with requirements.
In this context, pseudonymized user profiles are created and cookies are used (cf.
section 5).
The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us.
We may process the following information as a result:
- Navigation path that a visitor takes on the website
- Dwell time on the website or subpage
- the subpage on which the website is left
- the country, region or city from which access is made
- End device (type, version, color depth, resolution, width and height of the browser window)
- Returning or new visitor
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website.
The provider of Google Analytics is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymization (“anonymizeIP”) on this website within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we use contractual guarantees to ensure that Google maintains an adequate level of data protection.
According to Google, under no circumstances will the IP address be associated with other data relating to the user.
The legal basis for processing the data for this purpose is our legitimate interest pursuant to Art. 6 para.
1 lit.
f GDPR.
Further information about the web analysis service used can be found on the Google website: https://policies.google.com/privacy
You can find instructions on how to prevent your data from being processed by the web analysis service here: https://tools.google.com/dlpage/gaoptout
YouTube
We use plugins from the video portal YouTube (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA) on our websites.
YouTube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We use this plugin to improve the user experience by means of videos.
Each time you access a page that offers one or more YouTube video clips, a direct connection is established between your browser and a YouTube server in the USA.
This stores information about your visit and your IP address.
By interacting with the YouTube plugins (e.g. clicking the start button), this information is also transmitted to YouTube and stored by YouTube.
If you have a YouTube user account and do not want YouTube to collect data about you via this website and link it to your membership data stored on YouTube, you must log out of YouTube before visiting this website.
In addition, YouTube calls up the Google Analytics analysis tool via an iFrame in which the video is called up.
This is YouTube’s own tracking tool, which we do not have access to.
You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers.
The legal basis for the aforementioned data processing lies in our legitimate interest in the economic operation of our online offer (Art. 6 para. 1 lit. f GDPR).
For more information on the collection and use of your data by YouTube, please refer to the privacy policy of YouTube or Google: https://policies.google.com/privacy
Vimeo
We use the plugin of the video portal Vimeo (Vimeo LLC, 555 West 18th Street, New York, NY 10011, USA) on our websites to improve the user experience by means of videos.
Each time you access a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA.
This stores information about your visit and your IP address.
By interacting with the Vimeo plugins (e.g. clicking the start button), this information is also transmitted to Vimeo and stored by Vimeo.
If you have a Vimeo user account and do not want Vimeo to collect data about you via this website and link it to your membership data stored with Vimeo, you must log out of Vimeo before visiting this website.
In addition, Vimeo calls up the Google Analytics analysis tool via an iFrame in which the video is called up.
This is Vimeo’s own tracking, to which we have no access.
You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers.
The legal basis for the aforementioned data processing lies in our legitimate interest in the economic operation of our online offer (Art. 6 para. 1 lit. f GDPR).
You can find more information on the collection and use of your data by Vimeo in their privacy policy: https://vimeo.com/privacy
Google Ads and Google Conversion Tracking
The legal basis for the aforementioned data processing lies in our legitimate interest in the analysis, optimization and economic operation of our online offer (Art. 6 para. 1 lit. f GDPR).
You can prevent the storage of cookies by selecting the appropriate browser settings.
You can find further information at: https://policies.google.com/privacy
You can find more information on the collection and use of your data by Google in their privacy policy: https://policies.google.com/privacy
LinkedIn pixel
We use the LinkedIn pixel for conversion tracking on our websites (LinkedIn Ireland Unlimited Company, Attn: Legal Dept., Privacy Policy and User Agreement, Wilton Plaza, Wilton Place, Dublin 2, Ireland).
The pixel enables us to statistically record the use of our websites in order to optimize them.
With conversion tracking, a cookie is set on your device by LinkedIn when you visit our website by clicking on a LinkedIn ad.
Conversion tracking is used to compile statistics and not to identify you personally.
We only want to know which LinkedIn ads or interactions bring users to our website.
This information enables us to better control the placement of banner ads, for example, and to place them on specific websites on the Internet.
The legal basis for the aforementioned data processing is your consent (Art. 6 para. 1 lit. a GDPR).
You can prevent the storage of cookies by selecting the appropriate browser settings.
You can find further information at:www.linkedin.com/help/linkedin
You can find more information on the collection and use of your data by LinkedIn in their privacy policy: https://www.linkedin.com/help/linkedin
Social media presence
You will find links to social media networks within our online offering.
These are not plugins provided by the social media network, which already transmit data to the provider when the page is loaded without the user having any influence.
The buttons for the social media networks merely contain a link to our presence on the social media network.
No user data is transmitted from the website to the social media network.
The links lead to our presence on the following networks:
- Facebook (Facebook of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) ?
- X (X Corp., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA) ?
- LinkedIn (LinkedIn Ireland Unlimited Company Attn: Legal Dept.
(Privacy Policy and User Agreement)
Wilton Plaza Wilton Place, Dublin 2 Ireland) - Instagram (Facebook by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- YouTube (YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA)
When you access a link to one of our social media profiles, a direct connection is established between your browser and the server of the relevant social network.
This provides the network with the information that you have visited our website with your IP address and accessed the link.
If you access a link to a network while you are logged into your account with the relevant network, the content of our site may be linked to your profile on the network, which means that the network can directly associate your visit to our website with your user account.
If you wish to prevent this, you should log out before clicking on the relevant links.
An assignment will take place in any case if you log in to the relevant network after clicking on the link.
6.2 Which customer relationship management tools (CRM) and content management systems (CMS) do we use?
WordPress
We use the open source CMS solution from WordPress (WordPress Foundation, 660 4th Street, Box 119, San Francisco, CA 94107, United States, Employer Identification Number (EIN): 20-5498932) to manage the content of our online offering.
WordPress allows us to create user profiles for personalization by first using the email address, name or other information you have submitted to our website.
The tool can also track your user activity using the analysis function.
This data can also be matched with your publicly available information (such as social media profiles) and used to build a personal profile, which we can display and use to improve our website or provide you with more relevant information.
We do not use the automated social matching function as standard.
The tool may also provide for the sending of timed messages to you, such as e-mails, which we link to actions relevant to you.
The legal basis for the aforementioned data processing is your express consent (Art. 6 para. 1 lit. a GDPR).
You can withdraw your consent at any time with effect for the future.
You can find more information on the collection and use of your data by WordPress in their privacy policy:https://wordpress.org/about/privacy/
Hubspot
Within our online offering, we use the CRM tool Hubspot-Hubspot, Inc, Two Canal Park, Cambridge MA 02141 USA.
Hubspot allows us to create user profiles for personalization by first using the email address, name or other information that you have transmitted to us.
The tool can also track your user activity using the analysis function.
This data can also be matched with your publicly available information (such as social media profiles) or purchased data sets and used to build a personal profile that we can display and use to improve our website or provide you with more relevant information.
The tool may also provide for the sending of timed messages to you, such as emails, which we link to actions relevant to you.
The legal basis for the aforementioned data processing is your express consent (Art. 6 para. 1 lit. a GDPR).
You can withdraw your consent at any time with effect for the future.
You can find more information on the collection and use of your data by Hubspot in their privacy policy: https://legal.hubspot.com/de/privacy-policy
6.3 Which hosting provider do we use?
Hostpoint
We use hosting services from third parties.
The website is hosted on a dedicated server of the company [Hostpoint, Oberstrasse 222, 9014 St. Gallen, Switzerland].
Our hosting provider provides the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating our online services.
We base this processing on our legitimate interest in ensuring the operation of our websites in accordance with Art. 6 para.
1 lit.
f GDPR.
7 Data security
7.1 Personalization and automated decision-making
Some of your personal data may be processed automatically with the aim of evaluating certain personal aspects (so-called personalization).
Personalization can be used in particular to provide you with targeted information and advice about products.
This may involve the use of evaluation tools that enable needs-based communication and advertising, including market and opinion research.
However, you have the right not to be subject to a decision based solely on automated processing – including personalization – which produces legal effects concerning you or similarly significantly affects you, unless you give us your express consent.
You can revoke your express consent at any time with effect for the future.
7.2 When and how is your data forwarded to third parties?
We also disclose your data to third parties within the scope of our business activities and the purposes set out in section 4, insofar as we deem it necessary.
This applies in particular to the following bodies:
- Service providers of ours, including processors (e.g. hosting services);
- Advertising service providers, some of whom act as our processors, others as independent or joint controllers;
- domestic and foreign authorities, official bodies or courts;
- other parties in potential or actual legal proceedings;
(hereinafter: recipient)
7.3 When and how will your data be disclosed abroad?
Some of these recipients are located in Switzerland, but some may also be located abroad.
We only transfer your data to recipients in Switzerland and abroad if this is necessary in connection with the processing of your inquiries, the provision of services and marketing campaigns.
In particular, you must expect your data to be transferred to all countries where the third parties commissioned by us are located (primarily the EU and the USA).
The recipients of your data are explicitly named in this privacy policy.
These recipients are obliged to maintain your privacy to the same extent as we do ourselves.
If the level of data protection in a country is deemed inappropriate for Swiss conditions or within the meaning of the EU General Data Protection Regulation, we will ensure the protection of your personal data in an appropriate manner.
For users residing in Switzerland or a member state of the EU, we would like to point out in particular that the USA does not have an adequate level of data protection from the perspective of Switzerland and the European Union.
If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection law (we use the revised standard contractual clauses of the European Commission, which can be accessed here ), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption clause.
Please note that such contractual precautions can partially compensate for weaker or missing legal protection, but cannot completely exclude all risks (e.g. of state access abroad).
In exceptional cases, the transfer to countries without adequate protection may also be permitted in other cases, e.g. based on consent, in connection with legal proceedings abroad or if the transfer is necessary for the performance of a contract.
7.4 How long your data is stored
We process and store personal data only for the period required to achieve the purpose.
In addition, data is processed or stored in accordance with the statutory retention or documentation obligations.
It is possible that data will be stored for the period during which claims can be asserted against us or our legitimate interests make this necessary (e.g. for evidence and documentation purposes).
We only store data for as long as is necessary,
- to use the aforementioned tracking services within the scope of our legitimate interest;
- to perform services that you have requested or for which you have given your consent, to the extent specified above.
Data that is subject to a longer statutory retention period will be retained by us for longer.
Retention obligations that oblige us to retain data arise from accounting and tax regulations.
According to these regulations, business communications, concluded contracts and accounting documents must be stored for up to 10 years.
As soon as the data is no longer required for the above-mentioned purposes, it is deleted, blocked or anonymized as far as possible.
8 Rights
8.1 What rights you have as a data subject
You can object to data processing at any time, especially data processing in connection with direct advertising (e.g. against political mailings).
You also have the following rights:
Right to information:
You have the right to request access to your personal data stored by us at any time free of charge if we are processing it.
This gives you the opportunity to check what personal data we process about you and that we use it in accordance with the applicable data protection regulations.
Right to rectification:
You have the right to have incorrect or incomplete personal data corrected and to be informed of the correction.
In this case, we will inform the recipients of the data concerned about the adjustments made, unless this is impossible or involves disproportionate effort.
Right to erasure:
You have the right to have your personal data deleted under certain circumstances.
In individual cases, the right to erasure may be excluded.
Right to restriction of processing:
Under certain circumstances, you have the right to request that the processing of your personal data be restricted.
Right to data portability:
Under certain circumstances, you have the right to receive from us, free of charge, the personal data that you have provided to us in a readable format.
Right of appeal:
You have the right to lodge a complaint with a competent supervisory authority about the way in which your personal data is processed.
The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner(http://edoeb.admin.ch).
A list of the authorities in the EEA can be found here.
Right of withdrawal:
In principle, you have the right to withdraw your consent at any time.
However, processing activities based on your consent in the past will not become unlawful as a result of your withdrawal.
The exercise of the aforementioned rights generally requires that you clearly prove your identity (for example, in cases where your identity is not otherwise clear or cannot be verified, by means of a copy of your ID).
To assert your rights, you can contact us at the address given in section 9.
9 Contact
9.1 How you can get in touch with us
Timber Finance is responsible for data processing.
If you have any data protection concerns, you can send them by post to the following contact address: Timber Finance, Ausstellungsstrasse 36, 8005 Zurich, or by e-mail to info@timberfinance.ch.
Status: April 2024