hearts and brains GmbH (“hearts and brains” or “we”) places great importance on the protection of your data and the preservation of your privacy. In this privacy policy, we explain how we handle your personal data when we support you in the context of a collaboration, maintain our relationship with you after finding a position for you, provide a service to you, or use your personal data to request support related to one of our candidates, or when you visit our website.
This privacy policy applies to the personal data of visitors to our website (www.heartsandbrains.ch) and subdomains in the format subdomain.heartsandbrains.ch, our mandate agreement, our general terms and conditions, and therefore also to candidates, customers, and other individuals with whom we may come into contact to learn more about our candidates.
If you have any questions or concerns regarding your personal data, we are here to assist you. You can reach us as follows:
hearts and brains GmbH
Oberallmendstrasse 18
6300 Zug
datenschutz@heartsandbrains.ch
2.1 Consent for Processing Sensitive Personal Data
Sensitive personal data is subject to stricter data protection regulations. Therefore, we require your explicit consent to use it. We kindly ask for your consent in advance. This means that you must explicitly and unequivocally inform us that you agree to us processing this personal data. This is done through a consent declaration, which candidates receive electronically after submitting their dossiers. The processing of sensitive personal data only takes place after receiving the consent declaration.
Sensitive personal data includes, for example, your complete candidate profile, as well as individual information that must be treated more sensitively due to its privacy nature, such as CVs, education, certificates and diplomas, work experience, references, skills, hobbies, emergency contacts, residence status, or financial and credit data.
Furthermore, the legally defined categories of sensitive data are also applicable if we collect or receive them from you, such as data revealing racial and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health data, data related to sexual life or orientation, as well as data about criminal convictions and offenses. Sensitive personal data is only collected by hearts and brains with your explicit consent and always directly from you.
2.2 Personal Data from the Website
During your visit to our website and any inquiries you may make, we only collect the following data:
a) All information you explicitly provide in the context of an inquiry (name, address, age, gender, contact information, etc.).
b) IP address and referrer URL (the previously visited page).
c) Browser version and type.
d) Date and time of the visit or inquiry.
e) Operating system and provider.
The cookies we use on our website can be found at the end of this privacy policy under the title “Cookies.” We do not conduct profiling on our website in the sense of automated processing of personal data that involves using such data to evaluate specific personal aspects (e.g., for analyses or predictions regarding work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements), and we only process sensitive personal data (e.g., concerning religious, political, or philosophical views, health status, etc.) exceptionally and limited to contractual or legal obligations.
2.3 Personal Data of Candidates
We only ask for information that helps us better and more efficiently represent you, or that arises in the context of a customer order. This includes general personal data as well as personal data that should be considered sensitive.
2.4 Personal Data of Customers
If you are a customer of hearts and brains, we need to collect and process personal data about you or individuals within your organization in order to provide services to you. Typically, we only need your contact information or the contact information of specific points of contact within your organization (such as their names, phone numbers, and email addresses) to ensure a smooth business relationship.
2.5 Personal Data of Individuals Provided by Candidates, Customers, or Employees for Further Information
We only ask for very basic personal data so that we can contact you for a reference or get in touch with you because you have been designated as a contact for one of our candidates or employees.
To request a reference, we need the personal data of the contact person for references (such as name, email address, and phone number). We also need these details if our candidate or one of our employees has designated you as an emergency contact so that we can notify you in case of an accident or emergency.
The processing of your personal data is carried out solely in connection with:
a) An inquiry submitted by you;
b) A customer mandate;
c) Job placement; or
d) Internal statistical purposes
The processing of your personal data on the website is exclusively related to a request submitted by you, for error correction or improvement of our website or internal data processing tools, and possibly for internal statistical purposes.
Your data will not be disclosed to third parties without your explicit consent. Exceptions include our service partners, whom we need to fulfill the contractual relationship (e.g., financial institutions for payment processing, postal services, courier services, or logistics companies for material shipping, cloud services for providing and ensuring digital infrastructure, etc.). In these cases, we strictly adhere to the requirements of applicable data protection laws. The extent of data transmission is limited to the minimum necessary.
The use of service partners in countries other than Switzerland or the member states of the European Economic Area is only considered if the respective country either has an equivalent level of data protection according to the Federal Council’s country list or if we can ensure the equivalence of the protection level contractually (e.g., through contracts or the conclusion of so-called standard contractual clauses).
Communication for advertising purposes: We may send you marketing content related to our website, services, and products, as well as products offered in collaboration with our partners and third-party products and services through various communication channels such as email, SMS, pop-ups, push notifications, and messaging applications. You can unsubscribe from this advertising by following the instructions provided in the messages you receive from us. You can also opt out of receiving future advertising by sending a notice to datenschutz@heartsandbrains.ch.
Communication for informational and other purposes: We will send you necessary or essential communications for all customers, notifications containing important information, and other communications you request. You cannot unsubscribe from these communications, but you may be able to customize the media and format through which you receive the notifications.
6.1 General Information about Cookies
Cookies are small text files or pieces of information stored on your computer or mobile device (such as a smartphone or tablet) when you use our services. A cookie usually contains the name of the website/application it comes from, the duration of the cookie (i.e., how long the cookie will stay on your device), and a value, usually a randomly generated, unique number.
We use cookies to make our services more user-friendly and tailor our services and products to your interests and needs. Cookies are able to do this because our services can read these files. This enables our services to recognize you and remember important information that makes your use of our services more user-friendly (e.g., by remembering preference settings).
Cookies can also be used to help speed up your future activities and your future user experience with our services. We also use cookies to compile anonymous, aggregated statistics that allow us to understand how users use our services and help us improve the structure and content of our digital media.
The maximum storage time of cookies after their initial placement on the user’s terminal is determined by applicable law.
6.2 Types of Cookies
The types of cookies we use include session cookies, persistent cookies, first-party cookies, and third-party cookies.
Persistent cookies are used to save your login information and your settings for future logins to our services. A persistent cookie is a cookie that is stored as a file on your computer and remains there when you close your web browser. The cookie can be read by the services that created it when you visit these services again.
Session ID cookies are used to enable specific functions on our services, better understand how you interact with our services, and monitor aggregated user data and web traffic routing. Unlike persistent cookies, session cookies are removed from your computer when you close your browser. Session ID cookies typically store an anonymous session identifier on your computer, allowing you to use a service without having to log in again with every click.
First-party cookies are our own cookies that we use to enhance your user experience. They are associated with personal information about a user. Third-party cookies are cookies placed in our services by third-party companies to provide services, including advertising cookies. Third-party companies place third-party cookies on your device when you visit our services to enable these third-party companies to perform the services they provide. In addition to the explanations in this privacy policy, you can find more information about these third-party cookies in the privacy policies of these third-party companies.
Below is a list of the different types of cookies we use in our services.
6.3 Essential Cookies
Essential Cookies are cookies that are absolutely necessary for our services to function and to utilize their features. Without such absolutely necessary cookies, our services would not operate as smoothly as desired, and it might be that we would not be able to offer the website or certain services or features that you request.
We also use technical cookies that allow our services, for customization and personalization purposes, to remember choices you have made (such as your username, language, or region). These cookies do not collect information about you for advertising purposes, and they also do not remember which websites you have visited.
The following first-party cookies are set by us (all persistent cookies):
Device Identifier Cookie: We install cookies on your computer that recognize you and inform the website or service that you are logged in.
User Local Cookie: We install cookies used to remember specific local choices you have made, such as language selection.
Privacy Visibility Cookies: We install cookies on your computer that indicate whether you have been informed about the use of cookies, the handling of cookies, and your rights related to your data through a displayed banner message, and whether you have given your consent to the use of cookies, so that the banner does not appear again each time you visit a page. These cookies are necessary for the operation of our services, and therefore, you cannot object to the use of these cookies.
6.4 Analytical Cookies and Cookies for Marketing, Profiling, and Retargeting
Google Analytics (resident Third-Party Cookies)
The Google Analytics service is used to analyze the usage behavior of our website. Our legitimate interest lies in the analysis, optimization, and economic operation of our website.
Usage and user-related information collected include, for example, IP address, location, time, or frequency of visits to our website. For the use of Google tools, we have implemented IP anonymization. This addition shortens the last digits of your IP address before definitive storage on Google servers. As a result, technical and analytical Google services remain usable, but you are no longer fully traceable, providing a higher level of anonymity regarding your browsing behavior compared to non-anonymized IP.
We also use the Remarketing function as part of Google Analytics usage. This allows us to display personalized ads on suitable advertising spaces on other websites, based on the interests you have shown on our website. This feature is limited to a maximum of 18 months. Retargeting enables us to deliver advertising that is as relevant as possible to you and measure the efficiency and reach of advertising materials, as well as verify the billing of our advertising partners for placed campaigns.
The data collected by Google is used to provide us with an evaluation of visits to our website and user activities on the site. This data can also be used to provide additional services related to the use of our website and internet usage.
Google states that it does not associate your IP address with other data. Google also provides additional privacy information, including options to prevent data usage.
Additionally, Google offers a deactivation add-on along with further information. This add-on can be installed with common internet browsers and provides you with more control over the data Google collects when you visit our website. The add-on informs Google Analytics’ JavaScript (ga.js) not to transmit information about your visit to Google Analytics. However, this does not prevent information from being transmitted to us or other web analytics services. Information about other web analytics services we may use is also available in this privacy policy.
Alternatively, the future analysis of your website visits by Google Analytics can be deactivated. To do this, as a webmaster, you must refer to the privacy page regarding the cookie and additionally integrate the script mentioned above in the source code. Only if the code precedes the actual Google Analytics script will the following link work.
By clicking on the link, an “Opt-Out Cookie” is set, preventing the analysis of your website visits on our site in the future.
<a onclick=”alert(‘Google Analytics has been deactivated’);” href=”javascript:gaOptout()”>Deactivate Google Analytics</a>
Please note that deleting cookies in your browser settings may also delete the Opt-Out Cookie, which may need to be reactivated by you. Further information is available in Google’s developer documentation.
Google will never associate your IP address with other data stored by Google. You can prevent the installation of cookies by selecting “do not accept cookies” in your browser settings. It is noted that, in this case, you may not be able to fully utilize all the functions of these websites. By using these websites, you consent to Google processing the data about you in the manner and for the purpose described above.
Google AdWords with Conversion Tracking (resident Third-Party Cookies)
We use conversion tracking for targeted promotion of our offer. Our legitimate interest lies in the analysis, optimization, and economic operation of our website.
If you click on an advertisement placed by Google, the conversion tracking we use stores a cookie on your device. These conversion cookies expire after 30 days and are not used for your personal identification. If the cookie is still valid and you visit a specific page on our website, both we and Google can evaluate that you clicked on one of our ads placed on Google and that you were subsequently redirected to our website.
Google creates a statistic about visits to our website based on the information obtained. We also receive information about the number of users who clicked on our ad(s) and the pages of our website subsequently visited. Neither we nor third parties using Google AdWords are, however, able to identify you through this process.
Further information and Google’s privacy policy can be found at this link.
7.1 General Information
We are present on social media platforms and other online platforms to communicate with interested individuals and to inform about our activities and initiatives. The basis for this is your and our legitimate interest in exchanging information in this way.
We have limited influence on the data processing by the platform operators (e.g., member management and shared information). We reserve the right to delete content if necessary. Where we can exert influence, we work within the scope of our available means to ensure data protection-compliant handling by the platform operator. However, in many instances, we cannot influence data processing by the platform operator and are not fully aware of the data they process.
The platform operator manages the entire IT infrastructure of the service, maintains its own privacy policies, and has its own user relationship with you (if you are a registered user of the social network). Additionally, the operator is solely responsible for all matters related to the data of your user profile, to which we as a company have no access.
Be aware that the operator of the social media platform uses web tracking methods. This web tracking, over which we have no control, can occur regardless of whether you are logged in or registered with the social media platform. For more detailed information on data processing by the provider of the social media platform, please refer to the privacy policy of the respective provider:
Instagram: https://help.instagram.com/519522125107875
LinkedIn: https://de.linkedin.com/legal/privacy-policy?
YouTube: https://policies.google.com/privacy?gl=CH&hl=de
Xing: https://privacy.xing.com/de/datenschutzerklaerung
Vimeo: https://vimeo.com/privacy
As part of platform use, your personal data is usually processed by the respective platform operator on servers in third countries, particularly in the United States and the United Kingdom.
7.2 Privacy Policy for Instagram
On our website, features of the Instagram service are integrated. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. As a result, Instagram can associate your visit to our pages with your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
For more information, please refer to Instagram’s Privacy Policy.
7.3 Privacy Policy for LinkedIn
Within our online offering, we use the marketing services of the social network LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”).
These services use cookies, which are text files stored on your computer. This allows us to analyze your use of the website. For example, we can measure the success of our ads and show users products they have previously shown interest in.
Information collected includes, for example, details about the operating system, browser, the website visited previously (referrer URL), which pages the user visited, which offers the user clicked on, and the date and time of the visit to our website.
The information generated by the cookie about your use of this website is pseudonymized and transmitted to a server of LinkedIn in the USA, where it is stored. LinkedIn does not store the name or email address of the respective user. Instead, the above-mentioned data is only assigned to the person who generated the cookie, unless the user has allowed LinkedIn to process the data without pseudonymization or has a LinkedIn account.
You can prevent the storage of cookies by adjusting your browser software accordingly; however, please note that in this case, you may not be able to use all the functions of this website to their full extent. You can also object to the use of your data directly at LinkedIn using the following Opt-Out Link.
Third-party information: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2 Ireland; User Agreement and Privacy Policy.
The transmission of the entered data via the contact form from your computer to the server is encrypted. The data entered in the contact form is not stored on your computer (no cookies or similar). Despite encryption, absolute security is not possible. The server forwards your data entered in the contact form via email for processing. These emails are not encrypted. The use of emails is not technically secure; it is possible that emails may not be delivered. When transmitting emails, they may cross national borders, even if the sender and recipient are in the same country. The confidentiality of emails cannot be guaranteed in the absence or inadequacy of encryption. Unencrypted emails are therefore not suitable for sending confidential information.
By using the contact form or sending an email, you agree to communication via email with knowledge of the described risks. The use of encrypted or otherwise secured communication methods must be agreed upon with us in advance.
9.1 Server Locations
Our database is stored on servers provided by Amazon RDS with EC2 systems, encrypted, and mirrored. They are shielded as much as possible against unauthorized virtual and physical external access. Backups are regularly created and stored by Amazon Web Services (AWS).
9.2 Retention Period
We retain your data only as long as necessary under the law or for the purpose of processing. For analyses, we store your data until the analysis is completed. If we store data due to a contractual relationship with you, this data will be stored at least as long as the contractual relationship exists and, at most, as long as statutory or contractual retention periods apply.
The usual retention period is generally no more than 10 years (counted from the end of the contractual or factual relationship with you).
You have the right to free information about your stored data and the right to correction at any time. Please contact us for this purpose. Our contact details can be found under section 1 of this privacy policy.
You also have the right to request the free transfer of your electronically available personal data to another data controller. Please note, however, that we cannot adapt your data to any special format requirements of another data controller and, under no circumstances, transfer your business history or passwords.
You can revoke your consent to this privacy policy at any time, in whole or in part, or for certain purposes or to specific parties, and request the deletion of your personal data. Please contact us for this purpose. Our contact details can be found under section 1 of this privacy policy.
Your personal data will be automatically deleted after 5 years, generally, if there is no contractual relationship or legal obligation justifying or requiring the storage or processing of personal data. To keep your personal data up-to-date and correct, we update your personal data every 2 years by requesting confirmation from you.
If, at the time of receiving your revocation and deletion request, a contractual relationship is still pending, your personal data will be processed until the complete completion of the contract. Your revocation under data protection law explicitly has no effect on the execution of existing contractual relationships and is not considered a cause for extraordinary termination.
In the case of a deletion request, we will delete your personal data. Please note, however, that we are obliged to keep booking documents for at least 10 business years due to trade and tax regulations. We cannot delete or process the personal data contained in these documents. Therefore, your deletion request applies only to future processing and only to personal data that we do not process based on a legal justification but exclusively based on your consent. Any applicable legal retention requirements also remain reserved.
With the entry into force of the revised Data Protection Act (expected on September 1, 2023), you have the right to lodge a complaint with the competent supervisory authority at the seat of the data controller if you believe that we have violated a provision of the Data Protection Act.
For complaints from data subjects, the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch) is responsible.
Changes to this privacy policy become effective from the time of their publication on our website. The processing of personal data collected under an older privacy policy will be carried out in accordance with this privacy policy.
We reserve the right to change this privacy policy at any time and to inform customers of the changes in an appropriate manner.
Stand: January 2024
On our website we have consciously decided against gendering. We see no reason whatsoever to emphasise differences when it is actually about recognising everyone as equal. We see and value everyone as an individual, regardless of gender and for us everyone is equal and equally welcome.