Privacy Policy


Where possible, we have used gender-neutral language in the English version of this text. Any remaining gender-specific references are intended to apply to everyone, regardless of their gender. 

1.  Contact details and controller

This Privacy Policy applies for data processing by: 

Kehrer Stebler AG 
Südringstrasse 6, 4702 Oensingen, Switzerland 
Phone +41 62 388 42 42 | Email: info@stebler.ch

This Privacy Policy also applies for the following affiliated companies and subsidiaries: 

– Stebler Glashaus AG 
– Kehrer Stebler Germany GmbH 
– Kehrer Stebler Portugal Unipessoal Lda 

The controller within the meaning of European data protection law is Kehrer Stebler AG, hereinafter referred to as “s: stebler”. 

Data protection officer: 
Markus Portner 
Phone: +41 62 388 42 13 | Email: markus.portner@stebler.ch 

Competent supervisory authority: 
Federal Data Protection and Information Commissioner (FDPIC) 
Feldeggweg 1, 3003 Bern, Switzerland 
Website (in German only): https://www.edoeb.admin.ch



2.  Scope of the Privacy Policy

This Privacy Policy sets out the steps we have taken to comply with data protection requirements under Swiss and EU law and other applicable laws governing the collection, storage, use, and transfer (“processing”) of personal data. 

It applies to all companies referred to in Section 1 (“s: stebler”) and describes how we process personal information that we receive from you through our website or other applications. 

The Swiss Federal Act on Data Protection (FADP) applies, along with any further applicable law under the European General Data Protection Regulation (GDPR). 


3.  Purposes and legal bases of the data processing 

When you visit our website www.stebler.ch, certain information is automatically stored in log files on our server. These include, in particular: 

  • The IP address of the requesting device 
  • The date and time of access 
  • The time zone difference compared to Greenwich Mean Time (GMT) 
  • The content of the request (specific page) 
  • The access status/HTTP status code 
  • The volume of data transferred 
  • The website from which the request originates 
  • The browser type, version, and language 
  • The operating system and its interface 

Purposes of processing
These data are processed: 

  • To enable you to establish a connection and use our website 
  • To ensure the security and stability of the system 
  • To optimize the website 
  • For statistical purposes and internal analysis 


In addition, we process personal data when you contact us (e.g. by email, telephone, contact form or social media). We use the information collected in this way to process your inquiry and ensure that we can communicate with you. 


Legal bases for processing 
We only process personal data if one of the following conditions is met: 

  • Your consent has been obtained. 
  • Processing is necessary for the performance of a contract or to take steps prior to entering into a contract. 
  • Processing is necessary to safeguard legitimate interests (e.g. operation of the website, IT security). 
  • Processing is necessary due to a legal obligation


Storage period: 
Personal data are only stored for as long as is necessary to fulfill the aforementioned purposes or for as long as there is a statutory obligation to retain them. Once the intended purpose ceases to apply, the data will be erased or anonymized. 


4.  Categories and origin of personal data

We process the following categories of personal data in particular: 

a) Master data and contact information 
(e.g. name, address, telephone number, email address, date of birth, company position, employer, language, preferences) 

b) Contract and transaction data 
(e.g. orders, deliveries, invoices, payments, contracts, complaints) 

c) Communication data 
(e.g. correspondence, preferred communication channels, communication history) 

d) Usage data 
(e.g. IP addresses, device identifiers, log files, cookies, pages visited, access times, referrer URLs, interactions on the website) 

e) Marketing and event data 
(e.g. newsletter subscriptions, participation in events or surveys, marketing interests) 

f) Sensitive data 
Only in exceptional cases (e.g. application process, security requirements), and only with express consent 

Origin of the data: 
The personal data are generally collected directly from data subjects in the course of using the website, utilizing our services, or communicating with us. 
In individual cases, we may also obtain data indirectly from permitted sources, e.g.: 

  • From business partners in the context of joint projects 
  • From public registers 
  • From third parties who have recommended you 
  • From publicly available sources (e.g. commercial registers, social networks) 


5.  Recipients and processors

a) Processors (service providers) 
In order to fulfill our contractual and statutory obligations and to safeguard legitimate interests, we may commission external service providers to process personal data on our behalf (“processors’). 
These service providers are contractually obligated to process the data exclusively in accordance with our instructions and to take appropriate technical and organizational measures to protect the data. 

Typical categories of such service providers are: 

  • IT and cloud service providers (e.g. Microsoft Azure, hosting providers) 
  • Payment services providers and banks 
  • Shipping and logistics partners 
  • Marketing and communication services providers (e.g. newsletter systems) 
  • Consultancy or legal services providers 

b) Third parties acting under their own responsibility 
In certain cases, data may be disclosed to third parties who process them under their own responsibility, e.g.: 

  • Public authorities, courts or supervisory bodies, provided that a legal obligation exists 
  • Insurance companies or debt collection agencies in the context of contract processing 
  • Business partners with whom we collaborate in order to provide joint services 

c) Transfer of data abroad
Personal data will only be transferred abroad if 

  • the country concerned has an adequate level of data protection, or 
  • appropriate data protection guarantees (e.g. standard contractual clauses of the EU Commission) are in place, or 
  • you have expressly consented to this. 


When using cloud services (e.g. Microsoft Azure), we ensure that data are either processed in data centers within the EEA or Switzerland or that contractual guarantees ensure an equivalent level of protection. 

d) No disclosure for marketing purposes
Personal data will not be disclosed to third parties for marketing, advertising or sales purposes without your express consent. 


6.  Cookies 

We use cookies (session cookies, temporary and permanent cookies) on our website. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. A cookie does not always mean that we can identify you.  

Firstly, cookies are used to log frequency of use, the number of users and user behavior on our website, to enhance security, and to improve the user experience in relation to the information we provide. As soon as you leave the website, these cookies are automatically deleted.  

In addition, we also use temporary cookies to optimize user-friendliness. These are stored on your device for a specific period of time. If you return to our site to utilize our services, it will automatically recognize that you had visited us previously and remember which entries and settings you made so that you do not have to enter them again. 

You can configure your browser settings to prevent any cookies from being stored on your computer. However, deactivating cookies completely may result in your not being able to use all the features of our website. 

By continuing to use our website and/or agreeing to this Privacy Policy, you consent to cookies being set by us and therefore to personal usage data being collected, stored, and used, where applicable even after the end of the browser session. You can revoke this consent at any time by activating the setting to refuse cookies (particularly from third-party providers) in your browser. 


7.  Analysis tools
 

Google Analytics 
Our website uses the Google Analytics web analysis service provided by Google Inc., USA. Google Analytics uses cookies (see the section Cookies) to enable Google in the United States to analyze the use of our website, including your IP address. 

Please note that the code “gat._anonymizeIp();” has been added to Google Analytics on this website to ensure the anonymized collection of IP addresses (known as IP masking). When anonymization is active, Google truncates IP addresses within member states of the European Union or in other states party to the Agreement on the European Economic Area so that no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.  

Google complies with the data protection provisions of the EU-U.S. Data Privacy Framework, which is recognized as adequate by the Swiss Federal Data Protection and Information Commissioner (FDPIC). Google uses the collected information to analyze the use of our websites for us, to compile reports on website activity for us, and to provide us with other related services. 

You can find further information about this at http://www.google.com/intl/de/analytics/privacyoverview.html and – in particular – about the option to deactivate Google Analytics at https://tools.google.com/dlpage/gaoptout?hl=en.


8.  Social media plug-ins

On our website, we use the social media plug-ins listed below in order to raise the profile of our company. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of point (f) of Art. 6(1) GDPR. Responsibility for data protection-compliant operation lies with the respective providers. Data will only be processed in connection with these plug-ins if you actually use them and have consented to such processing. 

If you utilize the services of these social networks independently or in connection with our website, the social networks can analyze your use of the plug-in. In this case, information about the use of the plug-ins will be forwarded to the respective social networks.  

a) Facebook and Instagram  
On our website, you will find links to the social networks Facebook and Instagram, services provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Meta Platforms Ireland Ltd. is a company of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. 

Currently, Facebook and Instagram content can only be accessed by means of an external link. No connection will be established to Meta’s servers until you actively click on such a link using the corresponding icon. Depending on your browser and account settings, this may result in data (e.g. your IP address) being transmitted to Meta. 

If Facebook and Instagram plug-ins (e.g. “Like” or “Share” buttons, embedded feeds, or similar) are embedded directly in our website in the future, Meta will be able to collect information about your visit to our pages and associate this with your personal profile if you are logged into your Facebook or Instagram account at the time. In this case, we recommend that you log out of your account before visiting our website if you want to prevent this from happening. 

Please note that, as the provider of this website, we have no control over the data collected by Meta, nor do we have any knowledge of the extent of these data or how Meta uses them. 

Further information on the processing of personal data by Facebook and Instagram can be found in their respective privacy policies:  
https://www.facebook.com/policy.php 
https://privacycenter.instagram.com/policy 


b) LinkedIn 
Our website contains links to the social network LinkedIn, a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn Ireland Unlimited Company is a company of LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA. 

Currently, LinkedIn content can only be accessed by means of an external link. No connection will be established to LinkedIn’s servers until you actively click on such a link using the corresponding icon. Depending on your browser and account settings, this may result in data (e.g. your IP address) being transmitted to LinkedIn. 

If LinkedIn plug-ins (e.g. “Share” or “Follow” buttons) are embedded directly in our website in the future, LinkedIn will be able to collect information about your visit to our pages and associate this with your personal profile if you are logged into your LinkedIn account at the time. In this case, we recommend that you log out of your account before visiting our website if you want to prevent this from happening. 

Please note that, as the provider of this website, we have no control over the data collected by LinkedIn, nor do we have any knowledge of the extent of these data or how LinkedIn uses them. 

Further information on how LinkedIn processes personal data can be found in its Privacy Policy at: https://www.linkedin.com/legal/privacy-policy 


c) YouTube 
On our website, you will find links to the YouTube video platform, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is a company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. 

Currently, YouTube content can only be accessed by means of an external link. No connection will be established to YouTube’s servers until you actively click on such a link using the corresponding icon. Depending on your browser and account settings, this may result in data (e.g. your IP address) being transmitted to YouTube. 

Should YouTube content be embedded directly in our website in the future (e.g. by means of a plug-in or an iFrame), YouTube will be able to collect information about your visit to our pages and associate this with your personal profile if you are logged into your YouTube or Google account at the time. In this case, we recommend that you log out of your account before visiting our website if you want to prevent this from happening. 

Please note that, as the provider of this website, we have no control over the data collected by YouTube or Google, nor do we have any knowledge of the extent of these data or how YouTube or Google uses them. 

Further information on how YouTube processes personal data can be found in Google’s Privacy Policy: https://www.youtube.com/t/privacy


d) Google Maps 
Google Maps Services are used on our website (e.g. in the form of embedded map views or by means of an interface/API). The provider of these services is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. 

The use of Google Maps enables Google to process information about your actual location. Google uses a variety of technologies to determine the location, including IP addresses, GPS, and other sensors that provide information about nearby devices, Wi-Fi access points or cell towers, for example. 

For details of the purpose and extent of data collection, how Google further processes and uses the data, your associated rights, and what settings options are available to protect your privacy, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=en&gl=en 



9.  Information, erasure and rectification 

You have the right to request information about the personal data being processed by us at any time. This includes information about the purposes of processing, the categories of data concerned, any recipients or categories of recipients, the intended storage period, and your other rights under applicable data protection law (in particular Art. 25 et seq. FADP and Art. 15–22 GDPR). 

You also have the right to request the rectification of incorrect or incomplete data, the erasure of your personal data (“right to be forgotten”), and the restriction of processing, provided that this does not conflict with statutory retention obligations or overriding interests. 

Furthermore, you can withdraw your consent to data processing at any time with effect for the future or object to the processing of your personal data on grounds relating to your particular situation. 

To exercise these rights, please contact us by email at info@stebler.ch. Please attach suitable proof of identity (e.g. copy of an official form of ID). 

We will delete or anonymize your personal data as soon as it they cease to be required for the above-mentioned purposes and if this does not conflict with statutory retention periods (e.g. under commercial or tax law). In cases where statutory retention obligations apply, the relevant data will be blocked and processed exclusively for the purpose of fulfilling these obligations. 

In addition, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC). 


10.  Right to object 

If your personal data are processed on the basis of legitimate interests, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation or if you are objecting to direct marketing. In the latter case, you have a general right to object, which we will  respect without your having to specify a particular situation. 


11.  Data security 

We take appropriate technical and organizational measures (TOMs) to ensure the security of your personal data and, in particular, to protect them against loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures are regularly reviewed and aligned with the current state of the art. 

These security measures include, but are not limited to: 

  • Restricted access to personal data on a need-to-know basis 
  • Use of firewalls, antivirus and encryption technologies 
  • Security backups and regular training for our employees 
  • Secure transmission methods (e.g. TLS/SSL encryption) for data communication 


All employees and external service providers who process personal data on behalf of s: stebler are contractually obligated to maintain confidentiality and comply with the applicable data protection regulations. 

If, despite all security measures, a data breach occurs that poses a high risk to the personal rights of the data subject, we will immediately inform youand – where required by law – the competent data protection authority as well. 


12.  Changes to this Privacy Policy 

We reserve the right to amend this Privacy Policy at any time to ensure that it always complies with current legal requirements or takes account of changes to our services – for example, when new services, tools, or features are introduced. 

The current version of the Privacy Policy published on our website always applies. We therefore recommend checking it on a regular basis. 




2026-01-19 | s: stebler, Oensingen