Privacy Policies

Imprint

H2 Energy Holding AG
Hagenholzstrasse 60
8050 Zurich
Switzerland

Represented by:
Rolf Huber

Contact Information:
Email:
Phone: +41 43 343 90 00

Commercial Register:
Registered in the Commercial Register Zurich
Registration Number: CHE-256.783.473

Responsible for content:
Rolf Huber
H2 Energy Holding AG
Hagenholzstrasse 60
8050 Zurich

Data Privacy Statement

1. Controller of Data Processing

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

H2 Energy Holding AG
Hagenholzstrasse 60
8050 Zurich
Switzerland

Represented by:
Rolf Huber

Contact Information:

Commercial Register Number: CHE-256.783.473

2. Hosting of the Website

Our website is hosted by the following service provider:

Metanet AG
Location: Zurich, Switzerland

The hosting provider processes personal data collected during the use of our website (e.g., access data such as IP addresses) exclusively on our behalf and based on a data processing agreement.

3. Collection and Processing of Personal Data

We primarily process personal data that we collect as part of our business relationships with customers, business partners, or during the operation of our website.

Where permissible, we also obtain data from publicly accessible sources (e.g., commercial registers, press, the Internet) or receive such data from other companies within the H2 Energy Group, as well as from authorities or third parties.

Categories of Data:

  • Information on professional functions and activities, e.g., in correspondence or meetings, to conclude or process contracts.
  • Information from public registers.
  • Data on the use of our website, such as:
    • IP address,
    • MAC address of smartphones or computers,
    • Device and configuration details,
    • Cookies,
    • Date and time of visit,
    • Pages and content viewed,
    • Features used,
    • Referring website,
    • Location data.
  • Information from job applicants, e.g., through social networks or references (with consent).

4. Purposes and Legal Bases of Data Processing

We process your personal data for the following purposes based on the respective legal grounds:

  • Contract conclusion and fulfillment (Art. 6(1)(b) GDPR): To initiate, execute, and process contracts with you, e.g., for deliveries and services.
  • Compliance with legal obligations (Art. 6(1)(c) GDPR): To fulfill legal requirements, such as retention obligations under commercial and tax law.
  • Offering and developing our services and websites (Art. 6(1)(f) GDPR): To safeguard our legitimate interests, such as improving our services and optimizing user experience.
  • Communication with third parties (Art. 6(1)(f) GDPR): To process inquiries and maintain business contacts.
  • Advertising and marketing (Art. 6(1)(a) GDPR): Based on your voluntarily provided consent, e.g., for sending newsletters. Consent can be withdrawn at any time.
  • IT and data security (Art. 6(1)(f) GDPR): To ensure the security and stability of our IT systems.
  • Market and opinion research (Art. 6(1)(f) GDPR): To conduct surveys and analyses to improve our offerings.

5. Data Processing for the Newsletter

If you subscribe to our newsletter, we use your personal data to regularly inform you about our offers, news, and relevant information. The newsletter is only sent with your explicit consent in accordance with Art. 6(1)(a) GDPR.

Processed Data:

  • Email address (mandatory)
  • Optional: First and last name (for personalization purposes)

Purposes of Processing:

  • Sending information about our products and services.
  • Optimizing our offerings based on user behavior analysis (e.g., open and click rates).

Newsletter Service Provider:
We use the external service provider Pipedrive to send our newsletter:

  • Provider: Pipedrive OÜ, Paldiski mnt 80, Tallinn, 10617, Estonia
  • Data Processed: Email address, optionally first and last name
  • Legal Basis: Your consent (Art. 6(1)(a) GDPR)
  • Data Transfers: No data transfers to third countries.

Unsubscribing from the Newsletter:
You can unsubscribe from the newsletter at any time:

After unsubscribing, we retain your data for up to 6 months to ensure the proper processing of the unsubscription. Further storage only occurs if required by law.

Analytics and Tracking:
Our newsletter contains tracking pixels that allow us to collect usage statistics (e.g., open rates). These analyses are conducted solely based on your consent and can be stopped by unsubscribing from the newsletter.

6. Cookies and Tracking Tools

Our website uses cookies and similar technologies to enhance the user experience, analyze website usage, and provide personalized content.

Types of Cookies:

  1. Technically Necessary Cookies:
    Required for the proper functioning of our website (e.g., saving logins or shopping carts).
    • Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR).
  2. Functional Cookies:
    Allow us to provide additional features, such as saving your preferences.
    • Legal Basis: Your consent (Art. 6(1)(a) GDPR).
  3. Analytics and Statistics Cookies:
    Help us understand how visitors use our website and improve the user experience.
    • Legal Basis: Your consent (Art. 6(1)(a) GDPR).
  4. Marketing and Tracking Cookies:
    Used to display personalized advertising and measure the effectiveness of marketing campaigns.
    • Legal Basis: Your consent (Art. 6(1)(a) GDPR).

Tools and Providers Used:

  1. Google Analytics:
    • Purpose: Analyzing user behavior to optimize our website.
    • Data Processed: IP address, location, device information, user behavior.
    • Legal Basis: Your consent (Art. 6(1)(a) GDPR).
    • Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
    • Data Transfers to Third Countries: Transfers to the USA based on EU Standard Contractual Clauses.
    • Opt-out: You can disable tracking by Google Analytics here: Google Analytics Opt-out.
  2. Google Search Console:
    • Purpose: Optimizing the visibility of our website in search engines.
    • Data Processed: Anonymized usage data.
    • Legal Basis: Your consent (Art. 6(1)(a) GDPR).
  3. LinkedIn Plugins:
    • Purpose: Linking to our LinkedIn profile and analyzing user behavior.
    • Data Processed: IP address, usage data.
    • Legal Basis: Your consent (Art. 6(1)(a) GDPR).
    • Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Consent Management:
Before setting non-essential cookies, we obtain your explicit consent via a cookie banner. This tool allows you to:

  • Decide which categories of cookies you wish to enable.
  • Change or withdraw your consent at any time through the settings.

Disabling Cookies:
You can disable or delete cookies at any time through your browser settings. Please note that this may limit the functionality of our website.

7. Data Sharing with Third Parties

We only share personal data with third parties if:

  • it is necessary to fulfill contractual obligations (Art. 6(1)(b) GDPR),
  • we are legally obligated to do so (Art. 6(1)(c) GDPR),
  • you have given your explicit consent (Art. 6(1)(a) GDPR), or
  • the sharing is necessary to safeguard legitimate interests (Art. 6(1)(f) GDPR), provided your interests do not outweigh ours.

Categories of Recipients:

  1. Service Providers (Processors):
    We employ external service providers to assist in fulfilling our tasks, such as:
    • Hosting Providers (e.g., Metanet AG): For storing and managing our website data.
    • Newsletter Providers (e.g., Pipedrive): For sending newsletters.
    • Analytics and Tracking Providers (e.g., Google Analytics): For evaluating user behavior on our website.

All service providers are carefully selected, contractually bound, and process data exclusively on our behalf.

  1. Group Companies:
    Data may be shared within the H2 Energy Group for internal administrative purposes, where necessary.
  2. Authorities and Public Bodies:
    Data is only disclosed if we are legally required to do so (e.g., to tax authorities).
  3. Other Third Parties:
    If personal data is shared with other third parties (e.g., partner companies or external consultants), we will inform you separately and obtain your consent if necessary.

8. Data Transfers to Third Countries

Data transfers to countries outside the European Union (EU) or the European Economic Area (EEA), such as the USA, only occur if appropriate safeguards are in place in accordance with Art. 44 et seq. GDPR.

Services with Data Transfers:

  1. Google Analytics:
    • Recipient: Google LLC, USA.
    • Safeguards: EU Standard Contractual Clauses. Learn more at: Google Data Transfers.
  2. LinkedIn:
    • Recipient: LinkedIn Corporation, USA.
    • Safeguards: EU Standard Contractual Clauses. More details at: LinkedIn Privacy Policy.

General Measures:

  • We regularly review compliance with data protection standards by service providers.
  • Where data transfers to third countries are necessary, we implement additional safeguards such as encryption or anonymization wherever possible.

Note: Due to local laws (e.g., the CLOUD Act) in some third countries, the level of data protection may not be comparable to that within the EU. In such cases, we will obtain your explicit consent (Art. 49(1)(a) GDPR).

9. Rights of Data Subjects

Under the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

  1. Right of Access (Art. 15 GDPR):
    You have the right to request information about the personal data we process, the purposes for which it is processed, and how long it is stored.
  2. Right to Rectification (Art. 16 GDPR):
    You can request the correction of inaccurate data or the completion of incomplete data.
  3. Right to Erasure (Art. 17 GDPR):
    You have the right to request the deletion of your personal data, provided there are no legal retention obligations or other legal grounds preventing this.
  4. Right to Restriction of Processing (Art. 18 GDPR):
    You can request that the processing of your data be restricted, e.g., if the accuracy of the data is disputed.
  5. Right to Data Portability (Art. 20 GDPR):
    You have the right to receive the data you provided in a structured, commonly used, and machine-readable format or to request its transfer to another controller.
  6. Right to Object (Art. 21 GDPR):
    You can object to the processing of your personal data at any time, particularly if the processing is based on legitimate interests.
  7. Right to Withdraw Consent (Art. 7(3) GDPR):
    If you have given your consent to process your personal data (e.g., for newsletters or tracking cookies), you can withdraw this consent at any time with future effect:

Note: Withdrawing your consent does not affect the lawfulness of data processing based on your consent before its withdrawal.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, or destruction. These measures are regularly reviewed and updated to comply with the latest technological standards.

Security measures include, but are not limited to:

  1. Encryption of Data Transmission:
    • All data transmitted via our website is protected by SSL/TLS encryption to prevent third parties from accessing or manipulating it during transmission.
  2. Access Restrictions:
    • Access to personal data is restricted to authorized employees and service providers who require it to fulfill their responsibilities.
  3. Employee Security Policies:
    • Our employees are obligated to maintain confidentiality and are regularly trained in handling personal data securely.
  4. Regular System Audits:
    • Our IT systems are regularly checked for security vulnerabilities, and any weaknesses are addressed promptly.
  5. Data Backups:
    • We perform regular backups to ensure data can be restored in the event of an incident.
  6. Anonymization and Pseudonymization:
    • Where possible, personal data is anonymized or pseudonymized to minimize risk in case of a data breach.

Please note: No method of transmission or storage is 100% secure. Should we become aware of a security breach involving your personal data, we will notify you promptly in accordance with legal requirements.

11. Retention and Deletion of Data

We retain personal data only as long as necessary to fulfill the respective purposes or as required by law. Specifically:

  1. Contract and Business Data:
    • Data required for fulfilling contractual obligations is stored for the duration of the contractual relationship. After the contract ends, the data is retained in compliance with statutory retention periods (e.g., commercial and tax laws) for up to 10 years.
  2. Marketing Data:
    • Data used for marketing purposes (e.g., newsletters) is stored until you withdraw your consent or for a maximum of 2 years following your last interaction with us.
  3. Technical Data and Logs:
    • Technical data (e.g., IP addresses) collected during website visits is typically stored for up to 6 months unless longer retention is required for security or error analysis purposes.
  4. Job Applicant Data:
    • Application documents are retained for a maximum of 6 months after the application process is completed. With your consent, we may store your data longer to consider you for future job openings.
  5. Other Data:
    • For all other data, retention follows statutory periods or deletion occurs as soon as the purpose for processing is fulfilled.

Deletion Procedures:
Once the retention period has expired, data is deleted or anonymized unless other legal grounds justify further processing.

12. Consent Management and Adjustments

You can manage your consents via our website’s consent management tool, which allows you to:

  • View the consents you have provided.
  • Adjust your consents, for example, by enabling or disabling specific cookies or tools.
  • Withdraw your consents entirely at any time.