1 General information on privacy and data usage

MSS Holding AG attaches great importance to protection of your privacy and your personal information. All personal data obtained from you shall be processed in accordance with applicable provisions on data protection of the Swiss Law on data protection (DSG).

This explanation on data protection intends to provide to you as a buyer or an interested party, a complete review of how and to what extent your information is being collected, stored, processed, shared and transferred once you visit our website or use our services. Other than that, you should be offered a review on what privacy measures we have and what options are available to you when visiting our website.

2 What data is being processed?

We process personal data only in accordance with legal provisions. That means that data will be processed only if there exists legal permission to do so. Especially if data processing is necessary for provision of our contracted services, online services or if such an action is prescribed by law. Other than that, we process data if we have a consent to do so, or if there exists a legitimate interest for processing (i.e. interest for analysis, optimization, economic business, safety of our online offer, creation of a profile for commercial and marketing purposes and collection of access data and use of third person services).

3 Why do we process personal data?

The content which responsible persons have created for the webpage is subject to copyright. Any kind of copying, processing, distribution or any kind of exploitation beyond the boundaries of copyright require a written consent of the certain author or creator of the webpage. Downloads and copies of this webpage serve for private, non-commercial use only. If the content of a webpage is not created by a provider or a responsible person, copyrights of third persons will not be taken into account. Specifically, such content shall be treated as the content of a third person. If you notice any violation of copyrights, please inform us of such action. Once we receive the notification on violation of copyrights, we will immediately remove such content.

4 When and to what extent we process personal data

The use of our webpage is usually possible without having to provide personal information. If our webpages include providing personal information (such as name, address or email), it is done exclusively on a voluntary basis. These data will not be forwarded to third persons without your previous consent.

4.1 Contacting

If contacting is done via email, data will be processed to the extent necessary in order to reply to your questions. Additional information can be found under the section titled “For additional information: Cookies and other technologies”.

4.2 Visiting our website

If you use our webpages, services or Messaging functions, either we or our authorized service providers may use cookies or similar technologies. Data we collect help us adapt our services to the needs of our clients, making them better and faster, and most of all more secure. They also serve for marketing purposes.

5 Deletion and duration of data storage

Data kept with us are deleted as soon as they are no longer necessary for their purpose and once deletion is no longer prevented by any of the legal requirements for their storage. In case user data are not deleted because they are needed for other legally permitted purposes, their processing shall be limited. That means data shall be blocked and not processed for other purposes.

6 How do we keep (protect) personal data?

We undertake physical, technical and administrative protection measures in order to protect personal information in appropriate way against losses, abuse, unauthorized access, disclosure and correction. These safety measures include Firewalls, data encryption, control of data access permissions and conscientious choice of our server’s locations. We engage in securing our systems and services.

7 Where do we save data?

7.1 Falkenstein and Nürnberg (DE)

Hosting-services provided through our server as well as the server for our own infrastructure / data processing (Dashboard, Monitoring, Configuration Management etc.) are located in data centres Hetzner, Hetzner Online GmbH, Falkenstein and Nürnberg. Hetzner offers dedicated servers for rental in these locations, which we use as the hosting platform. We also use them for our own infrastructure. The data processing contract with Hetzner has been already concluded. Besides, Hetzner is subject to provisions of the General Data Protection Regulation (EU). Hetzner Online GmbH has received the Certification to ISO 27001.


We perform our Backups in the following data centres: Hetzner, Hetzner Online GmbH, Falkenstein and Nürnberg.

When do we forward data?

First of all, we ensure that your personal data will not be sold neither rent. Data shall be transferred only if there exists a legitimate interest or if we have your consent to do so. Each party to our agreement shall be conscientiously and carefully chosen and obliged to protect your data in accordance with prescribed legislation.

10 Rights

From the moment your personal data start being used, you are affected in terms of the General Data Protection Regulation and we, as responsible persons, grant you the following rights:

  • Right to information,
  • Right to correction or removal,
  • Right to limitation of processing,
  • Right to disagreement with contracted facts,
  • Right to data transfer.
  • You also have the right to file a complaint against us to the Personal Data Monitoring Committee, Schweiz: Federal Data Protection and Information Commissioner (FDPIC) www.edoeb.admin.ch

11 Cookies and other technologies

In the following part we try to provide a better understanding of various technologies we use. When using our webpage, we or our authorized providers may use Cookies or similar technologies. Information collected in this way help us adapt our services to the needs of our clients, and make them faster, better and safer. They also serve for marketing purposes.

11.1 Preparing webpages and creating files for login

11.1.1 Description and scope of data processing

From the moment you open our webpage, our system automatically downloads data and information from a system of the computer from which the page was opened. We collect the following data:

  • Information on the type of Browser and used version,
  • User’s Operating system,
  • User’s IP-address,
  • Date and time of access,
  • Webpages from which the user system reaches our site,
  • These data also stay stored in Log files of our system. These data will not be stored together with other personal data of a user.

11.1.2 Purpose of data processing

Temporary storage of IP-address through the system is necessary for enabling transfer of our page to a user’s computer. Thus, your IP-address has to be saved during the time of your visit to our webpage. Storage in Log files is necessary for safe protection of the webpage functionality. Besides, data serve to help optimize our webpage and ensure safety in our IT systems. Usage of data for marketing purposes is not the case here.

11.1.4 Renunciation and possibility of removal

Entering data for preparation of the Webpage and storing data in Log files is necessary for this company. There is no possibility of waiver on the side of a user.

11.2 Cookies

11.2.1 Description and scope of data processing

Our webpage uses Cookies. Cookies are textual files saved to a user’s computer from the Internet Browser. If, as a user, you open a certain page, a Cookie may be saved on your Operating System. Cookie contains characteristic symbols which enable identification of the Browser when reopening the page. Cookies cannot run any programs and cannot transfer viruses to your computer. Their purpose is to make the Internet offer more enjoyable and efficient for users.

When opening our page, a user is informed of application of Cookies for the purpose of analysis and then they give their consent for the use of personal data. Alongside comes a warning for data protection. Further information on Cookies can be found in the following paragraphs.

11.2.2 Purpose of data processing

Purpose of the use of technically necessary Cookies is to facilitate use of Webpage for a user. Some of the functions from our webpage cannot be offered without the presence of Cookies. For them, it is necessary that the Browser is recognizable even after the change of a page.

11.2.3 Duration of data storage, renunciation and possibility of removal

Cookies will be saved on your computer and from there they will be forwarded to our page. Therefore, you, as a user, have a complete control of the use of Cookies. By changing settings on your Internet Browser, you can deactivate or limit transfer of Cookies. Previously saved Cookies can be deleted at any time. This can also happen automatically. If you disable Cookies for our page, you might not be able to use all functions of our page.

11.3 Contact form, Contact email

11.3.1 Description and scope of data processing

On our webpage you can find forms that can serve for the purpose of electronic contacting. If a user takes this option into account, data from the data entry box will be forwarded to us and saved. When sending a message, we save the following data:

11.3.2 Date and time of registration

Data processing during the process of sending a message shall include your consent concerning this statement on data protection. Alternative way of contacting us is via our prepared email address. In that case we save personal data of a user forwarded via email.

  • Email address of the user
  • IP-address of the user

11.3.3 Purpose of data processing

Your consent to data processing is obtained during the transfer process and it is referred to in this explanation on data protection. Alternatively, you can contact us via our email address. In that case we save personal data of a user transferred via email.

11.3.4 Duration of data storage

Data will be deleted once they are no longer needed for their purpose. When it comes to personal data from the data entry box and data forwarded through email, they will be deleted once the correspondence with the user id finished. Correspondence shall be considered finished once it is safe to conclude that all facts and cooperation have been completed and clarified.

11.3.5 Renunciation and possibility of removal

User has a possibility to withdraw his/her authorization for processing of personal data at any moment. In cases where user contacts us via email, he/she can disagree with saving of personal data at any time.

11.4 Google Analytics

11.4.1 Scope of data processing

Our page uses Google Analytics to analyse users’ behaviour. The software puts a Cookie on the user’s computer (Read more on the Cookies in the above text). In case where users open individual pages of our website, we save the following data:

  • 2 Bytes of user’s system IP-address,
  • Opened webpage,
  • Page from which the user is reaching the opened page (Referrer),
  • Subpages the user is opening from the opened Webpage,
  • Time spent on the webpage,
  • How often the user opens the page.

Google uses Cookies. Information generated through Cookies when using our online offer is forwarded and stored to Google’s server in the USA. Google is Privacy Shield certified, offering guarantee on privacy based on the EU General Data Protection Regulation. We only use Google Analytics with activated IP anonymization. Only In specific cases the complete IP address is forwarded to the USA server where it is then shortened. IP address forwarded from the user’s Browser shall not be combined with other data obtained from Google. Users can prevent saving Cookies with appropriate settings on the Browser software; users can also prevent collection of data via Cookies if they download and install available Browser-Plugin under the following Link. Further information on the usage of data through Google, as well as possibility of settings and revocation can be found on the Google’s webpages “Usage of data by Google during the use of a webpage or our applications by our partner”, “Using data for marketing purposes”, “Management of information used by Google to show your ad. Google shall use all this information for our purposes, to evaluate through the users our online offer. All for the purpose of making a report of activities on our webpage offer. In addition, processed data can be used for creation of pseudonymous user accounts.

11.4.2 Purpose of data processing

We use Google Analytics to be able to show our marketing services via Google to our partners, who have also shown interest in our online offer. You can follow specific products and topics (Remarketing or Google-Analytics Audiences). With the help of Remarketing Audiences we want to make sure our ads have been in accordance with potential interests of users, and that they are not boring.

11.4.3 Duration of data storage

Sessions and campaigns are finished after a certain period of time. By default, sessions are finished after 30 days of inactivity and campaigns after 6 months of inactivity. Time limit for campaigns can be 2 years maximum. Further information on the rules of data usage and safety can be found on the following link https://www.google.com/analytics/terms/de.html. or https://policies.google.com/.

11.4.4 Renunciation and possibility of removal

Storage of Cookies can be prevented in settings of your Browser-Software; in that case, we are obliged to inform you that you may not be able to use some of the functions of our web-page. Besides, you can prevent Google from collecting data generated by cookies which are related to your use of the webpage (including your IP-address) and processing of that data by Google, by downloading and installing this Browser addition.

Opt-Out-Cookies prevent future collection of your data when you visit this web location. To prevent following of the Universal Analytics program on all your devices, you have to turn off all the systems you are using.

11.5 Google Marketing and Remarketing services

11.5.1 Scope of data processing

We use Marketing and Remarketing services (briefly “Google-Marketing-Services”) by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, („Google“). Google is Privacy-Shield certified thus offering the EU General Data Protection Regulation warranty and that is something that needs to be complied with. Google-Marketing-Services allow a more precise display of advertisements for and on our webpage. For example, if a user is shown a certain remarketing, something that he has seen in other pages before, we can call it a remarketing. To open our and other pages that use Google-Marketing-Services, they shall do it directly through Google or with the help of the Google code. Cookies can be set up by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. The file shall contain information on what pages users have visited, what contents they have found interesting and what offers they opened. Besides, it shall be visible what browser and operating system they have used as well as times of visits and information on the online offers. User’s IP address is also recorded, however in the context of Google Analytics we inform you that the IP address is shortened in the member countries of the European Union or the other parties in the European Economic Area (EEA) Agreement. In specific cases only, IP address is sent to a Google server in the USA to be shortened there.  IP address shall not be connected with user data within other Google offers. All of the above listed information may not be connected directly to Google, they can originate from other sources, too. When a user visits another page, he may be shown some ads that fall under his scope of interest. User data is pseudonymously processed by Google-Marketing-Services. That means that Google shall not process or store a name or email address of a user, but rather relevant data related to the Cookie within pseudonymous user profiles. From the point of view of Google, displays cannot identify the owner, they are rather directed to the owner of the Cookie. This is not the case if a user has given consent to Google to process data without a pseudonym. User information collected by Google-Marketing-Service are forwarded to Google and stored on a server in the USA.  Apart from Google-Marketing-Services, we also have an online program “Google AdWords”. In the case of Google AdWords, each client gets a different conversion cookie. Cookies cannot be traced through AdWords client pages.  Information collected with the help of cookies serve for AdWords clients’ conversion statistics for the sake of Conversion-Tracking. AdWords clients get to know about the total number of users who have clicked on their display. No information is revealed that could identify a user. Based on Google-Marketing-Service we can relate “DoubleClick” ad displays of a third person. DoubleClick uses Cookies, thanks to which Google with its partner pages enables transfer of display based on the number of users visiting that page, and through other pages as well. We also use “Google-Optimizer” services. Google Optimizer shows through the so called A/B Testings, what effect have certain changes on the page had (for example, change of entry field, design, etc.). Cookies are saved on user devices for the listed purposes. Only pseudonymous user data is processed. In addition, we can use Google Tag Manager to integrate and manage services of Google analytics and marketing on our page. For more information on the use of Google data for marketing, please refer to the review page. Google privacy policy is available here.

11.5.2 Purpose of processing

Google-Marketing-Services enable more precise ad displays for our page and on our page, in order to present displays that potentially correspond to the user interests.

11.5.3 Duration of storage

According to our own data, protocol information collected through Google are anonymized, where a part of IP addresses and Cookies are erased after 9 or 18 months.

11.5.4 Widerruf- und Beseitigungsmöglichkeit

According to our own data, protocol information collected through Google are anonymized, where a part of IP addresses and Cookies are erased after 9 or 18 months.

11.6 Facebook Social Plugins

11.6.1 Umfang der Scope of data processing

We use Social Plugins (“Plugins“)  from the facebook.com social network managed in Ireland by  Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, (“Facebook“). Plugins can show interactive elements or contents (such as videos, graphics or text) and they are known for one of the Facebook logos (a white “f” on a blue background, terms such as “Like”, “Gefällt mir“ or a thumbs-up sign) or they are marked with the “Facebook Social Plugin“ addition. Facebook Social Plugins list and appearance can be seen here. Plugins will activate once you click on the certain field. If shown in the grey colour, that means that the Plugins are inactive. Plugins have a possibility of a unique and permanent activation. Facebook is Privacy-Shield certified, thus offering a guarantee to respect each clause of the EU General Data Protection Regulation. When a user is using a function from an online offer containing such Plugin, his device shall make a direct connection to the Facebook server. Plugins content shall be directly forwarded from Facebook to a user’s device and that way connect it with the online offer. Thereby, user profile can be created from the processed data. We have no influence on the scope of data Facebook is downloading using Plugins. Through its connection with a Plugin, Facebook receives information that a user has visited a page from the online offer. If users have contact with Plugins, for example if they press the Like button or share a comment, that information will be directly forwarded to Facebook from the user’s computer and there it will be saved. In case the user is not a Facebook member, there is still a possibility that Facebook will save their IP address. Facebook saves only anonymized IP addresses. The purpose and scope of data connection and their further use and processing via Facebook, as well as the rights and settings related to user privacy protection on this matter can be downloaded from Facebook.

11.6.2 Purpose of data processing

Facebook Social Plugins show us the visitors‘ interests so we can present the contents that users are interested in in a more detailed way.

11.6.3 Duration of storage

According to our own data, storage of data on Facebook lasts for 90 days. During that time period, Facebook records the following data: date and time of visit, concrete internet address of the plugin and other technical data such as IP address, type of Browser, operating system, in order to have Facebook services further optimized. After the 90 days period is over, the data shall be anonymized, so they cannot be further associated with us.

11.6.4 Renunciation and possibility of removal

If the user is a Facebook member and does not want Facebook to collect his data through this offer and connect them with his saved data on Facebook, he must log out of Facebook prior to using our online offer, and also delete Cookies. Further settings as well as disputes and renunciations regarding data usage for the purpose of advertising, are possible under the following link: Facebook Profile Settings or US page or EU page. Settings follow independently of the platform used. That means they will be downloaded for all devices, for Desktop computers as well as for mobile devices.

11.7 Connecting services and contents of third persons

As the base for our legitimate interest, we post information on the content and services of third persons within our online offer, so that their contents and services such as videos and fonts could be connected, too (hereinafter referred to as “content” only).That means that the third person offering the contents can see the user’s IP address, because without IP address it would not be possible to send the content to the user’s Browser. Therefore, IP address is necessary for display of the contents. We try to use only contents from other providers who will use the IP address solely for the purpose of delivering the contents. Third persons can use the so called Pixel-Tags (invisible graphics also known as “Web Beacons“) for statistics and marketing purposes. Through Pixel-Tags one can obtain information and the number of visitors of this Web-page. Pseudonymous information can be recorded in Cookies on a user’s device and, among other things, technical data on the browser. Information on opened pages, time of visit and information on the use of our offer shall be recorded, as well. The following display offers a review of third persons and their contents, with a link to data protection statement whose further contents indicate data processing and the above mentioned renunciations and disputes.

  • External fonts by Google, Inc., https://www.google.com/fonts („Google Fonts“). Connecting Google Fonts follows the start-up of a server at Google (by default in the USA). Data protection, Opt-Out,
  • Maps of services „Google Maps“ of a third person Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Data protection, Opt-Out,
  • Videos from “YouTube” platform of a third person   Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection, Opt-Out.

There are connected Google+ functions within our online offer. These functions are offered through third person Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Once you are logged in to your Google+ account, just click on the Google+ button to connect the contents of our pages with your Google+ profile.  That way Google can assign visits paid to our pages to your user profile. We would like to point out that we as providers of those pages are not familiar with the content nor with the usage of data forwarded through Google+. Data protection, Opt-Out.

There are Instagram service functions available within our online offer. These functions are offered through Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, integrated. Once you are logged in to your Instagram account, click on the Instagram button to connect the content of our pages to your Instagram profile. That way, Instagram can assign visits paid to our pages to your user profile. We would like to point out that we as providers of pages are not familiar with the content of the forwarded data. Data protection.

There are Twitter service functions within our online offer. These functions are offered through Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and its Retweet function, the pages you visit are connected to Twitter account and shown to other users. In that case data are transferred to Twitter, too. We would like to point out that we as providers of the pages are not familiar with the content nor with their use on Twitter. Your Twitter data privacy can be changed on the following link Account Settings.

12 Your rights

12.1 Right to information

You are entitled to request at any time a certificate on whether your personal data have been processed by us. Naturally, that information is free of charge, unless there is an above average number of enquiries about the certificate. To be able to provide that information, we need to do a further verification. Therefore, once you post the enquiry, we will forward a verification code to your email address, which you need to confirm.

12.2 Right to correction

In case your personal data that we have are not correct or if they are incomplete, you may at any time issue a request for correction of the data. Our obligation is to correct the data immediately.

12.3 Right to limitation of personal data processing

You may request limitation of your personal data under the following conditions:

(1) If you deny correctness of your personal data for a certain period of time, which enables us to verify the data correctness;

(2) If the processing is illegal and you disagree with deletion of personal data, but instead you request that the data usage be limited;

(3) If personal data for the purpose of processing are no longer necessary, but you need these data for legal requests.

(4) If you have filed a complaint against data processing but it still hasn’t been established whether our justified reasons have outweighed your reasons.

If personal data processing concerning you is limited, that data can be used only with your consent or for the purpose of determining, executing or defending legal claims or for the purpose of protection of rights of other physical persons or legal entities or due to reasons of great public interest. If the limitation of processing is still limited despite the above listed reasons, we shall inform you before the limitation is cancelled.

12.4 Right to erasure

Unless there is a justified interest, you may at any time request your right to data erasure.

12.5 Revocation of approval

Any data processing following your approval can be dismissed if you have revoked your approval. Revocation of approval for any future data processing can occur at any time. Since we are legally obliged to record approvals, revocation needs to be provided in writing. In this case it is enough to send an email.

13 Modifications to personal data protection

Modifications to personal data protection may occur at any time. Please refer to these rights occasionally.

14 Legal basis

Swiss Law on Data Protection (DSG) shall be the basis for personal data protection.

Diese Website verwendet Cookies, um die Nutzerfreundlichkeit zu verbessern. Durch die weitere Nutzung der Website stimmen Sie dem zu. Um mehr über die von uns verwendeten Cookies zu erfahren, können Sie unsere RICHTLINIEN FÜR DATENSCHUTZ UND VERWENDUNG VON COOKIES aufrufen.