Thank you for your interest in EPC AG (hereinafter "EPC") and the products and services (hereinafter "services") from EPC. Protecting your privacy when using our services and this website is important to us.
Data Protection declaration (GDPR) of EPC AG | Schanzweg 8 | CH-9533 Kirchberg (St. Gallen)
1. Name and contact details of the data protection officer
This data protection declaration applies to data processing by EPC. The EPC data protection officer can be reached at and at the address above.
2. Legal basis / personal data
EPC processes your data in accordance with the applicable legal provisions for the protection of personal data, in particular the Swiss Data Protection Act (DSG) and the EU General Data Protection Regulation (EU GDPR).
Personal data is the information that makes it possible to identify a natural person. This includes in particular your name, date of birth, address, telephone number, email address but also your IP address. Anonymous data is available if no personal reference to the user can be established.
Without your express consent, EPC's personal data will only be used to fulfill contractual or legal obligations and to the extent necessary for your request (usually last name, first name, address and email address, as well as payment details). Address and order data are also collected and processed for our own marketing purposes. For third-party marketing purposes, only data that is permitted by law is passed on.
3. Collection of general data and information
The EPC website collects a series of general data and information each time it is called up by a data subject or an automated system. This general data and information is stored in the server's log files. In particular, the
• browser types and versions used;
• the operating system used by the accessing system;
• the website from which an accessing system reaches our website;
• the sub-websites that are accessed via an accessing system on our website;
• the date and time of access to the website;
• an internet protocol address (IP address);
• The internet service provider of the accessing system and other similar data and information that serve to avert risks in the event of attacks on our systems.
When using this general data and information, EPC does not draw any conclusions about the person concerned. Rather, this information is needed to
• deliver the content of our website correctly;
• optimize the content of our website;
• to ensure the permanent functionality of our systems and the technology of our website; such as
• To provide law enforcement agencies with the information necessary for law enforcement in the event of a cyber attack.
This anonymously collected data and information is therefore evaluated by EPC with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject. In principle, this data will not be passed on to third parties unless there is a legal obligation to pass it on or the passing on is used for prosecution.
4. Disclosure of data / data transmission to third parties
EPC will only pass on your data to third parties within the framework of the statutory provisions or with the appropriate consent. Otherwise, it will not be passed on to third parties, unless we are obliged to do so due to mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement authorities).
Data is only transferred to third countries (countries outside of Switzerland, the European Union or the European Economic Area) if this is required by law, you have given your consent to EPC, or if this is necessary to fulfill the contractual relationship. The transmitted data are limited to the minimum required.
5. Storage period of the data
EPC stores your data as long as it is required for the respective processing purpose. Please note that numerous retention periods mean that data must continue to be stored. This applies in particular to obligations under retention law in terms of obligations or tax law. Unless there are any further storage requirements, the data will be routinely deleted by EPC after it has been used. In addition, EPC can retain data if you have given EPC your permission to do so, or if there are legal disputes.
6. Secure data transfer
In order to best protect the data stored at EPC against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, EPC uses appropriate technical and organizational security measures. Security levels are continuously checked and adapted to new security standards. Since complete data security cannot be guaranteed when communicating by email, instant messaging and similar means of communication, EPC recommends that particularly confidential information be transmitted in a different, secure way.
The data exchange from and to the EPC website is encrypted. We offer HTTPS as a transmission protocol for our website, each using the current encryption protocols. If security-relevant personal information such as credit card numbers are transmitted, they are protected by the 128-bit encryption "Secure Socket Layer (SSL)".
We also offer our users content encryption as part of the contact forms. This data can only be decrypted by EPC. There is also the option of using alternative communication channels (e.g. by post).
8. Links to other providers
The EPC website may also contain links to other companies' websites. As far as links to websites of other providers are available, EPC has no influence on their content. Therefore, no guarantee and liability can be assumed for this content. The respective provider or operator of the website is always responsible for the content of this website.
The linked pages were checked for possible legal violations and recognizable legal violations at the time the link was created. No illegal content was discernible at the time the link was created. A permanent control of the content of the linked pages is not reasonable without concrete evidence of an infringement. Upon notification of rights violations, such links will be removed promptly.
9. Google Analytics
EPC can use Google Analytics, a web analytics service provided by Google Inc. ("Google"), for the purpose of designing and continuously optimizing our website. In this context, pseudonymised usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as
• browser type / version;
• Operating system used;
• referrer URL (the page previously visited);
• host name of the accessing computer (IP address);
• Time of the server request.
are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website and Internet use for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You can prevent the installation of cookies by setting your browser software accordingly. However, we would like to point out that in this case not all functions of this website can be used to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.
10. Google AdWords / Conversion Tracking
EPC uses the online advertising program "Google AdWords", as well as so-called conversion tracking as part of Google AdWords. As soon as a user clicks on an ad placed by Google, a corresponding cookie for conversion tracking is set. After 30 days, the cookies set in this way lose their validity and personal identification can no longer take place. On repeated visits to the website, Google and EPC can recognize that the user clicked on the ad and was forwarded at that time as long as the cookie has not lost its validity. Every Google AdWords customer receives a different cookie. The cookies cannot therefore be tracked via the website of AdWords customers. The information collected in this regard is used exclusively to create conversion statistics. In this respect, EPC finds out the total number of users who have clicked on an advertisement and have been redirected to a corresponding page. However, EPC cannot personally identify the user.
If you do not want to participate in such tracking, you can easily deactivate it via your internet browser under user settings.
Further information from Google about their data protection regulations can be found at https://policies.google.com/privacy?gl=ch
11. Right to information and right of withdrawal
You have the right to information about the data you have saved and, if necessary, the right to have it corrected. You can also block or delete the data. In particular, you have the right:
• Request information about your personal data processed by EPC. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or opposition, and the existence of one Demand right of appeal;
• Immediately request the correction of incorrect or incomplete personal data stored by EPC;
• request the deletion of your personal data stored at EPC, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
• to request the restriction of the processing of your personal data insofar as you contest the accuracy of the data, the processing is unlawful, but you refuse to delete it and EPC no longer needs the data, but you need it to assert, exercise or defend legal claims need or you have objected to the processing;
• to receive your personal data, which you have provided to EPC, in a structured, common and machine-readable format or to request the transfer to another person responsible;
Already granted consent to the processing of personal data can be withdrawn at any time by data subjects. A revocation will only take effect in the future. Processing that was done before the written revocation is not affected.
To exercise these rights, please contact the EPC data protection officer. The same applies if you have any questions about EPC data processing. You also have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (EDÖB).
12. Online offers for children
Persons under the age of 16 may not transmit personal data to EPC or make a declaration of consent without the consent of their legal guardians. We encourage parents and guardians to actively participate in their children's online activities and interests.
13. Up-to-dateness and change of this data protection declaration
This EPC data protection declaration is dated 1. June 2020 and can be updated by EPC at any time.