We appreciate your visit to our website and thank you for your interest in our company, our products and our web pages. Protecting your privacy when using our website and our services is very important to us. Therefore, we process your data only on basis of legal regulations relevant to us. These are, above all, the Swiss Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR). Due to the currently higher data protection requirements and the wider field of application, we refer to the GDPR as relevant legislation.
Please take note of the following information:
The subject matter of data protection is personal data. These data are individual details about the personal or factual circumstances of a specific or identifiable natural person (Data subject as affected natural person or user as visitor of our website or user of provided software or tools). Controller for the processing of personal data in accordance with the applicable laws is Sommer & Partner Consulting GmbH, Rathausstrasse 14, CH-6340 Baar (according to Art. 4 No. 7 GDPR). The processor is a legal person who processes personal data on behalf of the controller (in accordance with Article 4 No. 8 GDPR, see below, if applicable). The terminology used, such as 'user' should be understood gender-neutral.
The contact details of person responsible for data protection and data security at the controller are: Mr. Rainer Meyer-Winzenburg, Rathausstrasse 14, CH-6341 Baar, Email: firstname.lastname@example.org.
Hosting of our website with corresponding data holdings is operated in Switzerland. Our learning app with data storage is operated on a server in Germany and our CRM system with data storage is operated on a server in Norway.
Internet connections we use or offer are secure. For the connection to our website (https://en.sommer-consulting.ch) we use a valid, trusted server certificate for encryption at all times. This is also true for the data exchange via the payment interface with our payment service provider (https://www.datatrans.ch), the learning app (https://www.blink.it), our CRM system (https://www.superoffice.ch) as well as for the video conferencing software we use for online video mediation, online video training and online video coaching (https://www.zoom.us).
In principle, we process personal data only to the extent needed to supply a functioning website, to provide our services and to operate in an economic and efficient manner. Processing of personal data takes constantly place only after the person concerned gave his consent. Exceptions apply in cases where the processing of the personal data is permitted by law.
Provided that we obtain the consent for processing of personal data of the data subject, Art. 6 para. 1 lit. a GDPR is the legal basis.
If processing is necessary for the performance of a contract in which the data subject presents the contracting party or is recipient of our service, Art. 6 para. 1 lit. b GDPR is legal basis. This legal basis also applies to processing required to carry out pre-contractual measures.
If the processing of personal data is necessary for compliance with a legal obligation of our company, Art. 6 para. 1 lit. c GDPR is legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not prevail over the first mentioned interest, Art. 6 para. 1 lit. f GDPR is legal basis.
Personal data of the data subject will be deleted or blocked as soon as the reason for the storage no longer exists. In addition, the storage may continue if the legislator demands the storage through legislation, law or other regulations which apply to the responsible legal entity.
Blocking or deletion of the data also takes place when the storage period expires as described in the guidelines, unless there is a need for further storage of the data for conclusion or fulfillment of a contract.
Each time our website is accessed, our system automatically collects data and information from the user’s computer system. The following data is then collected:
(1) Information about the browser type and version used
(2) Operating system of user's computer system
(3) Internet service provider of the user
(4) IP address of the user
(5) Date and time of access
(6) Pages or URLs that are accessed on our website by the user's system
The data is stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.
Legal basis for the temporary storage of data is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
The temporary storage of IP addresses by the system is necessary to allow the delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest in the processing of data is according to Art. 6 para. 1 lit. f GDPR.
The data will be deleted as soon as the reason for collection no longer exists. Regarding the data collection for providing the website, this is the case when the respective session has ended.
Are the data stored in log files, they will be deleted regularly after seven days. However, we reserve the right to store data for a longer period. In this case, IP addresses of the users are deleted or alienated, so that a mapping to the calling client is no longer possible.
The collection of data for providing the website and the storage of data in log files is essential for the functioning of the website. Consequently, users do not have any opposition or removal options.
(1) Language setting
(2) Where applicable, product number during an active booking process
(3) Where applicable, log-in information when accessing the protected employee area
(4) Frequency of page views
(5) Use of website features
When accessing our website, the user is informed that cookies are used. In addition, there is also a reference to this privacy statement.
The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR.
(1) Adoption of language settings
(2) Booking process
(3) Booking date administration in the protected employee area
Analysis cookies are used to improve quality and content of the website. Through the analysis cookies, we find out how the website is used which helps us to constantly optimize our offer. These purposes justify our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR.
Our website has product specific contact forms and a general contact form, which you can use to contact us electronically. If a user chooses this option, the data entered in the form as well as date and time of the submission will be transmitted to us and stored. The data collected in the forms are:
(1) First and last name (mandatory)
(2) Telephone number (optional)
(3) Email address (mandatory)
(4) Description of your inquiry (mandatory)
(5) Captcha (mandatory)
For the processing of the form data, your approval to the storage is obtained when you push the send bottom.
You can also contact us via the email addresses we provide on our website. The personal data of the data subject or sender sent to these email addresses are stored within the scope of the first 4 information listed above.
In the context of what is described here, no data will be passed on to third parties.
Legal basis for the processing of the data submitted via a form (user approval always exists) is Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of the data transmitted by sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact has the aim to negotiate a new contract or is related to an existing contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The processing of the personal data from the input fields will be used to work on the request submitted via the contact form. In case of a contact via email, the legitimate interest in the processing of the data is given by working on the request.
All other data processed during submission (such as Captcha) prevent the misuse of the contact form and ensure the security of our information is also given technology systems.
The data will be deleted as soon as they are not needed any more regarding the initial purpose of the collection. For the personal data collected through the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be assumed that the respective topic has been finally clarified.
When submitting a contact form, the user has at any time the opportunity to revoke his approval to the processing of personal data without giving any reason. If the user contacts us by email, he may object to the storage of his personal data at any time, stating the reasons. In such a case, the conversation cannot continue.
You can send your appeal to the person responsible for data protection and privacy. The contact data you will find at the end of this privacy statement. All personal data stored during the time the contact exists will be deleted.
In our CRM system we store only personal data of existing contacts (personal type, from contractual relationships or from social networks), if we want to establish an active customer relationship or if a person is or was already engaged in pre-contractual negotiation and/or if contractual relationships as a client or representative already exist. If available, the following contact details will be processed:
(1) Company name
(2) Form of address
(4) First and last name
(6) Phone number
(7) Email address
(8) Conducted and planned activities (e.g., emails, visits, phone calls, events)
After collecting and storing your contact information in our CRM system you will immediately receive an email regarding the data storage and with information about your rights (pursuant to article 13 GDPR). In this email, you also have the opportunity to subscribe our newsletter and chose the content you would like to receive through the opt-in procedure. After ordering the newsletter, respective information is also stored in the CRM system:
(9) Newsletter subscription with chosen content
Legal basis for processing your personal data to establish a new or maintain an existing customer relationship is our legitimate interest in accordance with article 6 para. 1 lit. f GDPR. If the processing of your data is in the context of a specific pre-contractual negotiation or an existing contract, article 6 para. 1 lit. b GDPR is the legal basis. Legal basis for the submission of our newsletter is your explicit subscription or your permission in accordance with article 6 para. 1 lit. a GDPR.
We store your personal information to enable our sales & service can to perform its tasks effectively. It is of crucial importance for us that we can keep track of your contact with us in a timely and complete manner. This justifies our legitimate interest in storing your contact information electronically.
Furthermore, as part of our e-marketing activities, we would like to send you information about our company and our product offer through our newsletter.
If, within a period of 12 months after the initial storage of your data, no contact activities have been initiated or carried out by you (see above in 7.1 (8)), no newsletter has been subscribed until the end of this period and your data is solely based on our legitimate interest (pursuant to article 6 para. 1 lit. f GDPR), your data will be deleted. Otherwise, the storage period will be extended by another 12 months.
If your data is saved solely on basis of our legitimate interest (in accordance with article 6 para.1 lit. f GDPR), you can withdraw the data processing of your personal data at any time, stating the reasons. You can send your appeal to the person responsible for data protection and data security mentioned at the end of this privacy statement. All personal data stored in our CRM system for the purpose to maintain the contact to you, will be deleted if your interests, fundamental rights and fundamental freedoms go beyond our legitimate interest.
You may cancel the subscription of our newsletter at any time without giving any reasons, for example via the 'unsubscribe' link in the newsletter or by sending a message to the person responsible for data protection and privacy mentioned at the end of this privacy statement.
At each contract conclusion for the use of one of our services, we collect personal data of the client (in companies the data of the contact person) and, if required, in addition for each participant of a mediation, training or coaching. The nature and extent of a client's or participant's personal information is the same for standard services (contracts concluded through booking on our website) and individual services (contracts prepared and concluded by our back office). If a data subject has the role of a client and a participant, the data for both roles is stored on our server.
The personal data of the client are:
(1) Form of address
(2) Title (if provided)
(3) First and last name
(4) Email address
(5) Telephone number
(6) Fax number (if provided)
Per participant, the following personal data will also be collected:
(1) First and last name
(2) Age in a 10-year period (if provided)
(3) Gender (if provided)
(4) Email address
We use video conferencing software to conduct online video training, online coaching and online mediation. To register for participation, we will send each participant a unique meeting ID. By accessing an online video session, the participant agrees that for this meeting ID his
is stored at the supplier of the video conferencing software. This is necessary to establish the internet connection to the participant’s computer and to maintain it for the duration of the online video session. The software is operated by our processor Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113. Zoom is certified under the terms of the EU-US. Privacy Shield Framework and Swiss-U.S. Privacy Framework (https://www.privacyshield.gov/participant?id=a2zt0000000TNkCAAW&status=Active). Find more information here: https://support.zoom.us/hc/en-us/articles/360000126326.
Our services also enable participants to use our learning app related to a specific online video training or online coaching before, during and for at least 12 months after the training or coaching. To use the app, the participant must register once with his email address stored in our server. With the registration, the participant agrees to open a user account for him and to store the required data in the learning app. To ensure the learning app functionality, the following participant data is processed in his user account:
(1) Form of address
(2) First and last name
(3) Email address
(4) Timestamp of first login in app
(5) Timestamp for a first course visit
(6) Timestamp for first viewing of specific contents
(7) Answers to quizzes
Legal basis for the processing of your personal data as contract data on our server is the performance of the contract in accordance with Art. 6 para. 1 lit. b GDPR.
After the contract has been completely fulfilled, the legal basis for the contract data to be stored for commercial and tax reasons is Art. 6 para. 1 lit. c GDPR.
The legal basis for the storage of your data by our processors Zoom and blink.it (see section 8.1) is your explicit approval in accordance with Art. 6 para. 1 lit. a GDPR.
The purpose of the data processing is the performance of our contractual obligations for each of the data processing activities mentioned in section 8.1.
Your contract data will be blocked on our server for further processing after a contract has been completely performed, however, remain from this date for 10 years stored in accordance with the applicable commercial and tax law storage requirements and will be deleted afterwards.
The personal data stored in your blink.it user account will be kept until all stored course data has been deleted. Course data stored in your account will be available to you for 12 months after the completion of the respective online video training or coaching for sustainability exercises and communication with other participants or the trainer. The data of a course will be deleted after 12 months, unless you have requested a free extension for another 12 months.
During and after our contract performance you have no right of contradiction and no removal options regarding to the storage of your personal data (see also paragraph 8.2 and 8.4 above).
When placing orders for standard services via our website, you can for payments to us use the electronic payment methods VISA, MasterCard, PayPal and PostFinance E-Finance listed in the order confirmation. When used we will always forward you to the payment page of our central payment service provider (PSP) Datatrans AG, Kreuzbühlstrasse 26, CH-8008 Zurich, whereby we only submit our order number and invoice amount. The selection of your payment method, respective entry of your payment or account data, the processing of your payment with the relevant payment provider (acquirer, see below), the transmission of the payment status and possibly transaction codes to us is exclusively done through our PSP. The payment status and, if necessary, the transaction code is stored via the order number in the contract data (see chapter above). The payment process is completed when you return to the payment page of our website where you see the status of the payment. We use the so-called redirect mode of the PSP payment page. For details see https://www.datatrans.ch/en/technics/payment-apis/payment-pages.
Legal basis for the processing of your data is your consent to the use of our electronic payment methods according to Art. 6 para. 1 lit. a GDPR. The purpose of the data processing is providing our services. For respective storage period and your objection or revocation options, see under the above listed links of the PSP and the acquirer.
With exception of our processors mentioned above, we do not disclose personal data to third parties. Nevertheless, we might be legally obliged to provide your personal data to specific public authorities without having your consent.
IWe have incorporated so-called plugins ('plugins') of the Facebook social network into our website which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). A list and the appearance of these Facebook plugins may be viewed at:
The plugins are embedded into the web page by means of ‘Shariff’ solution in order to increase the protection of your data when visiting our website. This embedding ensures that no connection with Facebook servers will be established when calling up a page of our web presence containing those plugins. Only once you activate the plugins and thereby give your consent to the data transmission (pursuant to article 6 para. 1 lit. a GDPR), your browser will establish a direction connection with the Facebook servers. The content of the respective plugins will be directly transmitted to your browser and will be embedded into the web page. The plugin then transmits data (including your IP-address) to Facebook. We have no influence on the amount of data Facebook collects by means of plugins. To our knowledge, Facebook in any case is informed about which of our pages you have called up or you are calling up currently. By embedding plugins Facebook receives information on your browser having called up the respective web page of our web presence, even if you do not have a Facebook profile or if you are not logged into Facebook currently. This information (including your IP address) will be directly transmitted by your browser to a Facebook server in the USA and stored there. If you interact with the plugins, for example, if you activate the ‘Share’ button, the respective information will be directly transmitted to a Facebook server and stored there, as well. Furthermore, this information will be published on Facebook and signaled to your contacts.
If you are a member of the Facebook social network and if you want to limit the collection of data via our web pages and the integration of your user data with your data stored by the Facebook social network, you should log out from Facebook prior to visiting our website. You can completely prevent the downloading of Facebook plugins by using add-ons for your browser in the future, for example by using the script blocker 'NoScript': (http://noscript.net/).
We have incorporated so-called plugins ('plugins’) of the microblogging service Twitter which is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (‘Twitter’). A list and the appearance of these Twitter plugins may be viewed at:
The plugins are embedded into the web page by means of 'Shariff' solution in order to increase the protection of your data when visiting our website. This embedding ensures that no connection with Twitter servers will be established when calling up a page of our web presence containing those plugins. Only once you activate the plugins and thereby give your consent to the data transfer (pursuant to article 6 para. 1 lit. a GDPR), your browser will establish a direction connection with the Twitter servers. The content of the respective plugins will be directly transmitted to your browser and will be embedded into the web page. The plugin then transmits data (including your IP-address) to Twitter. We have no influence on the amount of data Twitter collects by means of plugins. To our knowledge, Twitter in any case is informed about which of our pages you have called up or you are calling up currently. By embedding plugins Twitter receives information on your browser having called up the respective web page of our web presence, even if you do not have a Twitter account or if you are not logged into Twitter currently. This information (including your IP address) will be directly transmitted by your browser to a Twitter server in the USA and stored there. If you interact with the plugins, for example, if you activate the ‘tweet’ button, the respective information will be directly transmitted to a Twitter server and stored there, as well. Furthermore, this information will be published on Twitter and signaled to your contacts.
If you are a member of the Twitter social network and if you want to limit the collection of data via our web pages and the integration of your user data with your data stored by the Twitter social network, you should log out from Twitter prior to visiting our website. You can completely prevent the downloading of Twitter plugins by using add-ons for your browser in the future, for example by using the script blocker 'NoScript': http://noscript.net/).
On our blog we use a 'XING share button' for sharing an article link. The social network XING ('XING') is operated by XING AG, Dammtorstrasse 30, 20354 Hamburg, Germany.
The used share button is part of the 'Shariff' solution. When you interact with the XING share button - and herewith give your consent for data processing pursuant to article 6 para. 1 lit. a GDPR - a short-term connection with a server of XING will be established in order to execute the functions of the button (especially the calculation/display of the counter). XING does not save any of your personal data relating to the visit of the respective page. Also, XING does not save IP addresses and no assessment of user behavior regarding the use of the XING share button takes place. Relevant data protection information about the XING share button and further information you will find here:
Furthermore, we have incorporated so-called plugins of the social network LinkedIn (hereinafter 'LinkedIn') into our website blog. LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. A list and the appearance of the LinkedIn plugins may be viewed at the following Internet address:
To increase the protection of your data when you visit our website, we integrated the so called 'Shariff' solution. This solution prevents the automatic connection to a LinkedIn server when you access one of our pages with LinkedIn share plugins. Only when you activate the share button and herewith accept the transmission of your data (pursuant to article 6 para. 1 lit. a GDPR), the direct connection to LinkedIn servers will be established. The content of the plugin will be directly submitted to your browser and integrated on the site. The plugin then transmits data (including your IP address) to LinkedIn. We do not have any influence on the data scope retained by Linked. As far as we know, LinkedIn collects the information which pages of our website you currently access and which one you have accessed before. When you interact with the LinkedIn share button, the information will be transferred and stored at LinkedIn in USA. If you are logged into LinkedIn, LinkedIn may directly assign the visit of our website to your LinkedIn account. Furthermore, the information will be published at LinkedIn and is visible for your contacts. When you activate the plugin, LinkedIn receives the information that your browser has accessed the respective page from our website even though you do not have a LinkedIn account or are not logged in on LinkedIn.
To prevent LinkedIn from assigning collected data to your user account on LinkedIn, you have to log out from LinkedIn before visiting our website. To block LinkedIn plugins from collecting and transferring your visitor data, you may obtain a Browser Add On for your browser for example at the following link:
We use the open source software tool Matomo on our website to analyze the online behavior of our users (https://matomo.org). The software sets a cookie on the computer of the user (for cookies see above). If specific pages of our website are accessed, the following data is stored:
(1) Two bytes of the IP address of the retrieving system of the user
(2) Website accessed
(3) Website from which the user came to the accessed website (referrer)
(4) Subpages, which are accessed from the initially retrieved website
(5) Length of stay on the website
(6) Frequency of the website access
The software is designed in a way that IP addresses are not stored in full, but only 2 bytes of the IP address are marked (for example: 192.168.xxx.xxx). Therefore, it is not possible to assign the shortened IP address to the retrieving computer.
Legal basis is our legitimate interest according to Art. 6 para. 1 lit. f GDPR.
By processing the user’s personal data we are able to analyze the online behavior of our users. By analyzing the data obtained, we are able to compile information about the use of the specific components of our website. This helps us to constantly improve our website and its user-friendliness. For this purpose, our legitimate interest lies in the processing of the data according to Art. 6 para. 1 lit. f GDPR. By making the IP address anonymous the interest of the users to protect his personal data are sufficiently considered.
The data will be deleted after 90 days, as they will then no longer be needed for recording purposes.
With the frame hereafter, we offer our users the possibility of opting out from the web analysis. To do this, you must activate the relevant checkbox with a mouse click. Then another cookie is set on your system that alerts our system not to store the user's data. If the user deletes the respective cookie from his own system in the meantime, he must set the opt-out cookie again.
You have the right
If you have any further questions regarding the collection, processing or use of your personal data, please contact us by using the contact details of the person responsible for data protection and data security which you will find at the end of this privacy statement.
The contact details of the person responsible for data protection and data security at Sommer & Partner Consulting GmbH are:
Mr. Rainer Meyer-Winzenburg, Rathausstrasse 14, CH-6341 Baar, E-Mail: email@example.com.