Privacy Policy

The protection of your personal data is very important to us, the SpiraTec Group. We process your personal data only in accordance with the applicable legal regulations.

This privacy policy informs you about the processing of your personal data and your rights as a data subject by the respective company of the SpiraTec Group acting as Controller (see under 1.)

• when you visit a website of a SpiraTec Group company;
• when you visit our social media pages;
• when you contact a SpiraTec Group company for business purposes by other means;
• when you enter into a contract with a SpiraTec Group company;
• when we process your data to ensure the IT security of our systems and networks;
• when sending newsletters, and
• when you apply for a job at a SpiraTec Group company.

Insofar as this privacy policy refers to Regulation (EU) 2016/679 (General Data Protection Regulation (GDPR)), the German Federal Data Protection Act (BDSG), the German Telecommunications Digital Services Data Protection Act (TDDDG), the Swiss New Federal Act on Data Protection Act (nFADP), or the Swiss Data Protection Ordinance (DPO), these references apply to the respective company of the SpiraTec Group only if the respective law applies to it.

1. Controller and contact details of the Data Protection Officer

The controller of data processing is always the SpiraTec Group company named in the legal notice of the website or social media presence visited, or the SpiraTec Group company that determines the purposes and means of the processing of personal data described in this privacy policy (e.g. application to a company of the SpiraTec Group or execution of a contract concluded with the respective company of the SpiraTec Group). The following companies belong to the SpiraTec Group:

• SpiraTec AG, An der Hofweide 7, 67346 Speyer, Germany, telephone: +496232919060, E-Mail: info@spiratec.com;
• onoff automation services gmbh, Niels-Bohr-Str. 6, D-31515 Wunstorf, Germany, Phone: +49 5031 9686-446, E-Mail: info@onoff-gmbh.com;
• SpiraTec France S.A.S., 17-21 Rue-Saint-Fiacre, 75002 Paris, France, E-Mail: info@spiratec-france.com;
• SpiraTec Italia S.r.L., Registered office: Via Francesco Giordani 56, I-80122 Naples, Italy, E-Mail: info@spiratec.com;
• SpiraTec Solutions Inc., 190 S. Orchard Ave, #B220, Vacaville, CA 95688, USA, Phone: +17074745034, E-Mail: info.sfo@spiratec.com;
• edeco ag, Langenhagstrasse 1, 4147 Aesch, Switzerland, Phone: +41 61 402 02 22.

You can contact our Group Data Protection Officer at datenschutz@spiratec.com.

The following explanations in this privacy policy are described from the perspective of the respective responsible company of the SpiraTec Group (Section 1):

2. Purposes and legal basis of our data processing

2.1 Data processing when using our website

When you use our website, we may process the following categories of data. This data may be personal data.

2.1.1 Internet connection data

When you visit our website, we collect and process your so-called Internet connection data (e.g., date, time, type and location of the visit, name of the page visited, amount of data transferred and the requesting provider, information about the browser type and version used, and your IP address), which your browser automatically transmits to our servers when you visit our website. We need this information to enable you to use our website, for example by adapting the website to the technical requirements of your device. To identify and rectify any malfunctions on our website, we store this data for a period of up to sixty (60) days. The legal basis for this data processing is our legitimate interest in ensuring the security and usability of our website, Art. 6 (1) (f) GDPR.

2.1.2 Access and storage on your device (“cookies”)

We use tracking technologies on our website that enable us or our service providers to collect data relating to the use of our website. These tracking technologies are commonly referred to as cookies, which is why we also use this term below. However, the following explanations also apply accordingly to other tracking technologies or file formats, such as local storage, pixels, beacons, or tags. What these technologies have in common is that when they are used, information can be stored or read on your device (e.g., in the browser you use on your computer).

We use cookies to store session-relevant information within the website. These cookies expire at the end of the browser session (so-called transient cookies) and are not stored permanently. Other cookies remain on your computer beyond the respective browser session and enable us to recognize your computer on your next visit (so-called persistent/permanent cookies). Persistent cookies are automatically deleted after a specified period, which may vary depending on the type of cookie.

Cookies can be divided into the following types:

2.1.2.1 Technically necessary cookies

In certain cases, the storage of information on your device or access to information already stored on your device is necessary for us to make our website available for your use (“technically necessary cookies” and/or “essential cookies”). The legal basis for the use of such cookies is Section 25(2) No. 2 TDDDG.

Insofar as this information is personal data and is further processed by us in our IT systems, the legal basis for this data processing is our legitimate interest in providing our website and fulfilling our data protection accountability obligations, Art. 6(1)(f) GDPR in conjunction with Art. 5 (2) GDPR.

2.1.2.2 Optional cookies

We only use cookies that are not technically necessary (“optional cookies”) with your consent. When you visit our website for the first time, we display a cookie banner to inform you about the tracking technologies we use and give you the choice of which optional cookies you would like to consent to (the categories “statistics,” “marketing,” and “external media”). We use optional cookies, some of which are from third-party providers, to analyze the use of our website and measure its performance, to enable requested services and functionalities (e.g., playing videos) on the website, and/or to increase or improve usability and enable you to share content with friends and networks.

Within the scope of our website, we use both first-party cookies (only visible from the domain you are currently visiting) and third-party cookies (visible across domains and regularly set by third parties) that are based in third countries outside the European Union (EU) and the European Economic Area (EEA) (or, from the perspective of edeco ag (Switzerland): outside Switzerland) or use servers in such third countries. In this case, we additionally secure the transmission of your personal data (for example, through your consent, the conclusion of standard contractual clauses, or an effective adequacy decision). Further details on the respective cookie providers can be found in the cookie banner or in the Privacy Settings in the footer of our website under the respective cookie categories.

2.1.2.2.1 Google Analytics (via Google Tag Manager)

If you give your consent, we use the advertising analysis service Google Analytics (integrated via Google Tag Manager) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Tag Manager itself does not collect personal data. It is used to trigger Google Analytics and tracking codes (so-called “tags”) on our website. As part of the provision of Google Analytics, Google collects data relating to your use of our website. This is done by storing cookies with a pseudonymous user ID assigned by Google in your browser. This enables Google to assign data relating to usage behavior on our website to this respective pseudonymous user, create a corresponding user profile, and enrich it with further data. Google provides us with this information to evaluate the usage behavior of our website, to compile reports on website activity, and to provide us with other services related to website and internet usage. You can access Google’s privacy policy here.

The data collected by Google Analytics is also stored on Google servers in the USA. We have activated the IP anonymization function on our websites. This means that your IP address will be truncated by Google within member states of the EU or the EEA before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Google LLC is certified under the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework (see https://www.dataprivacyframework.gov/list).

2.1.2.2.2 Adobe Fonts – TypeKit

If you give your consent, we use the TypeKit web service from Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (“Adobe”). This web service offers a collection of fonts for web and desktop applications. Our website uses TypeKit to load fonts to ensure optimal typography and a better visual experience for you.

When you visit our website, your browser loads the required fonts from an Adobe server to display them correctly. This provides Adobe with information, including that your IP address has visited our website. In addition, further data may be transferred to Adobe through the use of Adobe Typekit. Further information on data protection at Adobe Typekit can be found here.

It is possible that your data may also be processed on servers belonging to Adobe Systems Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA. Adobe Inc. is certified under the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework.

2.1.2.2.3 OpenStreetMap

On our website, we use map material from OpenStreetMap, an open source project operated by the OpenStreetMap Foundation (“OSMF”), 132 Carter Lane, London, EC4V 5AJ, United Kingdom. By integrating OpenStreetMap, your IP address and location data may be transmitted to the OSMF, provided you have agreed to this in your browser or device settings. This is done to display the map view and enable you to use the map functions. Further information on data protection at OSMF can be found here.

Please note that following the United Kingdom’s withdrawal from the EU, the GDPR no longer applies directly in the United Kingdom. To ensure an adequate level of data protection for the transfer of personal data to the United Kingdom, data transfers are based on the adequacy decision issued by the European Commission in accordance with Art. 45 GDPR. The EU Commission and the Swiss Federal Council (see Annex 1 of the Swiss Data Protection Ordinance (DPO)) have determined that the level of data protection in the United Kingdom is essentially equivalent to that in the European Union and that the United Kingdom is recognized as a safe third country.

By clicking on the corresponding button (“I accept all”) in the cookie banner, you consent to the storage and reading of all non-essential cookies on your device (Section 25(1) TDDDG) and to the processing of your personal data stored in the cookie (Art. 6(1)(a) GDPR). Your consent is voluntary. You can also reject all optional cookies by clicking on “Only accept essential cookies.” Finally, you can also select or deselect individual categories of cookies or services by using the tick boxes and clicking “Save consent”.

You can revoke your consent at any time with future effect without affecting the lawfulness of the processing carried out based on your consent until revocation. To do this, please click on “Privacy settings” at the bottom of our website to open the Privacy Settings in the Footer of our website. There you have the option to revoke your previously given consent (“Only accept essential cookies”) or to give new consent (“Accept all”). You can also select or deselect individual cookies or services using tick boxes.

2.1.3 Contact form

You have the option of sending us inquiries via the contact form on our website. In this case, we collect your first and last name, your email address, your request under “Message” and, if you wish, your telephone number. We process your data in order to respond to your inquiry.

If your inquiry is related to the performance of a contract concluded with you or to the initiation of such a contract, the legal basis for our data processing is Art. 6(1)(b) GDPR.

Otherwise, the legal basis is our legitimate interest in the efficient processing of your request to us (Art. 6(1)(f) GDPR). You may object to this data processing under the conditions of Art. 21(1) GDPR.

2.1.4 Social networks

Our website contains so-called social plugins to social networks to give you the opportunity to easily share our content on your social networks or interact with other users. These services are operated exclusively by third-party providers. If you follow the social plugins, information may be transmitted to these providers. For the purpose and scope of data collection and the further processing and use of the data by the provider, as well as your rights in this regard and setting options for the protection of your privacy, please refer to the privacy policy of the respective provider. These can be found here:

• LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, D02 AD98, Ireland; Parent company: LinkedIn Corporation, 1000 West Maude Avenue Sunnyvale, California 94085 USA
  https://de.linkedin.com/legal/privacy-policy
• XING: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
  https://privacy.xing.com/en/privacy-policy
• Instagram: Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Ballsbridge, Dublin 4, Ireland; parent company: Meta Platforms, Inc., 1 Willow Road, Menlo Park, CA 94025, USA
  https://instagram.com/about/legal/privacy
• Facebook: Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Ballsbridge, Dublin 4, Ireland; Parent company: Meta Platforms, Inc., 1 Willow Road, Menlo Park, CA 94025, USA
  https://de-de.facebook.com/about/privacy/update
• YouTube: Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland; parent company: Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, California, USA
  https://policies.google.com/privacy?hl=de
• Vimeo: Vimeo, LLC 555 West 18th Street New York, New York 10011 USA
  https://vimeo.com/privacy

The processing of this data is based in part on your consent in accordance with Art. 6(1)(a) GDPR. We obtain this consent via our cookie banner on the website. Your consent is voluntary. You have the right to revoke your consent at any time with future effect in the Privacy Settings.

In addition, data is processed by the social plugins on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. This consists of improving the user experience, increasing reach and marketing purposes, as well as analyzing and optimizing our website. You can object to this data processing under the conditions of Art. 21(1) GDPR.

2.2 Data processing for other business contacts

2.2.1 Data processing when establishing contact

If you contact us by means other than our website, for example by email, telephone, post, or at trade fairs and other events, we will collect your contact details, including your position in your company if applicable. We store this data in our CRM system and process your data in order to contact you.

If your request is related to the performance of a contract concluded with you or to the initiation of such a contract, the legal basis for our data processing is Art. 6(1)(b) GDPR.

Otherwise, the legal basis is our legitimate interest in the efficient processing of your inquiry addressed to us (Art. 6(1)(f) GDPR). You may object to this data processing under the conditions of Art. 21(1) GDPR.

2.2.2 Data processing upon conclusion of a contract

To conclude or execute contracts with you (e.g., contracts for our services), we process personal data relating to you (e.g., contact details such as your name, address, email address, or telephone number, order and contract data). The legal basis for the processing of your personal data is Art. 6 (1) lit. b GDPR. The purpose of the processing is to establish and execute the contractual relationship with you. This requires the provision of your personal data. You are not obliged to provide your personal data. However, if you do not provide it, it will not be possible to establish and execute the contractual relationship. There will be no other consequences for you.

In addition, we also process data from persons with whom we have no (direct) contractual relationship, insofar as this is necessary for the initiation or execution of contracts. For example, we may process your data if you are a representative, contact person, or employee of a company that is our customer or other business partner. In this case, the legal basis is our legitimate interest in initiating or executing the respective contractual relationship (Art. 6(1)(f) GDPR). You may object to this data processing under the conditions of Art. 21(1) GDPR.

2.2.3 Data processing of applicants

You have the option of applying for a position at one of our companies using the online form provided by our data processor softgarden e-recruiting GmbH (Germany) on our website. The details of processing of personal data in the context of the application process is not covered by this privacy policy. Data processing in the context of the application process is governed in addition by the separate privacy policy for applicants, which you can view here.

2.2.4 Newsletter

We process your email address and, if applicable, your first and last name for the purpose of sending our newsletter if either the requirements for advertising to existing customers are met (Art. 6(1)(f) GDPR in conjunction with Section 7(3) German Act Against Unfair Competition (“UWG”) or if you have consented to receiving our newsletter (Art. 6(1)(a), Art. 7 GDPR).

In our newsletters, we inform you about products and promotions from companies in the SpiraTec Group. Products and promotions include, in particular, information on offers, products or services (e.g. software products and (SaaS) platforms), promotions (e.g. trade fair participation) and the conduct of customer satisfaction surveys by companies in the SpiraTec Group.

If you have consented to receive the newsletter and register for it, we will first collect your email address and send you a confirmation email with a confirmation link that you must click on to subscribe to our newsletter.

You can revoke your consent at any time with future effect. If you receive the newsletter from us as an existing customer (Section 7(3) UWG), you can object to this advertising at any time without incurring any costs other than the transmission costs according to the basic tariffs. You are also free to object to our processing of your personal data for direct marketing purposes at any time and without giving reasons for the future (Art. 21(2) GDPR).

To submit your revocation or objection, you can contact us using the contact details above. For newsletters, you can alternatively use the unsubscribe link contained in each email.

2.3 Data processing for IT security purposes

Your personal data may be subject to rolling data backups. We create such backups in pursuit of our legitimate interest (Art. 6(1)(f) GDPR) in ensuring data security and the recoverability of data in the event of malfunctions or external attacks. You may object to this data processing under the conditions of Art. 21 (1) GDPR.

3. Recipients of your personal data and transfers to third countries

We only transfer personal data to recipients to the extent necessary. We forward personal data to service providers and companies of the SpiraTec Group (section 1) that work for us. In addition to their legal obligation to comply with all applicable data protection regulations, these service providers are bound by further contractual requirements regarding data protection. This includes, in particular, an obligation as a processor (Article 28 GDPR). We pass on personal data to the following categories of recipients:

• General (possibly centralised) administrative services within the SpiraTec Group
• Accounting, financial institutions, tax and legal advice;
• IT services and infrastructure;
• Cloud and SaaS services (e.g., application process, CRM system);
• IT support and maintenance;
• Data destruction and facility services;
• In addition to the categories already mentioned, other categories of service providers may exist or be added.

If necessary for our purposes, we may also transfer your data to recipients outside the EU or, from edeco ag’s perspective, to recipients outside Switzerland. We only transfer data to third countries if it is ensured that the recipient of the data has implemented an adequate level of data protection or appropriate safeguards and that no other interests worthy of protection speak against the data transfer (cf. Art. 45, Art. 46(2) and (3) GDPR, or, if applicable, Section 3 of the Swiss Federal Act on Data Protection).

Data transfers from the EU to the US are generally based on the EU-US Data Privacy Framework (Adequacy Decision of the EU Commission of July 10, 2023 (C(2023) 4745)) or the Swiss-US Data Privacy Framework. Our US service providers are generally certified under the EU-US Data Privacy Framework or the Swiss-US Data Privacy Framework.

For data transfers from the EU to Switzerland, there is an adequacy decision by the EU Commission (2000/518/EC: Commission Decision of July 26, 2000, pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection of personal data in Switzerland; see also the Commission report of January 15, 2024, confirming that Switzerland offers an adequate level of data protection).

For data transfers from Switzerland to other countries, the Federal Council has determined that the countries listed in Annex 1 of the Swiss Data Protection Ordinance (DSV) offer an adequate level of data protection. This list includes, in particular, Germany, France, Italy, and the USA (see https://www.fedlex.admin.ch/eli/cc/2022/568/de).

If no adequacy decision has been made, we use in particular the standard contractual clauses of the EU Commission for the transfer of personal data to third countries (see Art. 46 GDPR) or, if applicable, the Swiss standard data protection clauses of the FDPIC (see Art. 16 DSG). In individual cases, we make the transfer to third countries conditional upon your consent to this data transfer (see Art. 49(1)(a) GDPR).

4. Deletion of your personal data

We will delete your personal data as soon as it is no longer required for the purposes explained in this privacy policy. If and as long as legal retention obligations prevent deletion, we will restrict the processing of your data to this archiving purpose (so-called data blocking) and delete your data at the end of the retention period.

5. Your rights

As a data subject of our company’s data processing, you have the following rights under the respective legal requirements:

• the right to confirmation as to whether we process data relating to you (Art. 15 GDPR);
• the right to information about your personal data processed by us and to a copy of your data (Art. 15 GDPR);
• the right to rectification in the event that your personal data is inaccurate (Art. 16 GDPR);
• the right to erasure of your personal data (Art. 17 GDPR);
• the right to restrict (block) your personal data (Art. 18 GDPR);
• and the right to data portability (Art. 20 GDPR).

If your personal data is processed based on Art. 6(1)(e) or (f) GDPR, you may also object to the processing in question under the conditions set out in Art. 21 (1) GDPR.

You may object to the processing of your personal data for direct marketing purposes at any time and without giving reasons with effect for the future (Art. 21(2) GDPR).

If the processing is based on your consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, you may revoke your consent at any time with effect for the future (Art. 7(3) GDPR).

You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).

6. No automated individual decision-making

Your personal data will not be used for automated individual decision-making (see Art. 22(1) GDPR, Art. 21 DSG Switzerland).

7. Changes to the privacy policy

New legal requirements, business decisions, or technical developments may require changes to this privacy policy. The privacy policy will then be amended accordingly. The latest version is always available on our website.

November 2025