Unternehmensberatung & Consulting International
Unternehmensberatung & Consulting International

Privacy.

  • HOME
  • Privacy Policy

Privacy Policy

Privacy Policy

Privacy Notice of the REFA: Suisse Group – as of 30 April 2025

At REFA: Suisse Group, we take the protection of your personal data very seriously and process it in accordance with the applicable legal data protection requirements.
Personal data, as referred to in this notice, includes all information that may be linked to you as an individual.

With the following information, we would like to inform you about how we process your personal data. Furthermore, we aim to give you an overview of your rights under data protection law. The specific data processed and the manner in which it is used depend primarily on the services requested or contractually agreed upon.

1. Data Controller and Data Protection Officer

The data controller is:

REFA: Suisse Group
International Process & Industrie Consult SA
Elsenheimerstraße 61
D - 80687 Munich

How to contact our Data Protection Officer:

REFA: Suisse Group
International Process & Industrie Consult SA
Tanja Weiss
Data Protection Officer
Elsenheimerstraße 61
D - 80687 Munich
This email address is being protected from spambots. You need JavaScript enabled to view it.

2. Source of Personal Data

We process personal data that we receive from our customers and prospective clients as part of our business relationship. In addition, if required for the provision of our services, we also process personal data that we obtain lawfully from publicly accessible sources or that is lawfully transmitted to us by other companies within the REFA: Suisse Group or by third parties (e.g., credit agencies).

3. Categories of Personal Data Processed

We process the following categories of personal data:

  • Basic data (name, address, date of birth, and contact details)
  • Contract data (address and contact details)
  • Data required to fulfil our contractual obligations (sales data and structural/quantitative data)
  • Information about your correspondence (written communications with you), marketing and sales data (products potentially of interest to you), as well as other data comparable to the categories mentioned above

4. Purposes of Processing Personal Data and Legal Bases for Processing

We process your personal data in compliance with the applicable legal data protection requirements. Processing is considered lawful if at least one of the following conditions is met:

  • Consent (Art. 6(1)(a) GDPR): Processing is lawful when you have given your consent for specific purposes (e.g., transfer of data within the group, use of data for marketing purposes). You may revoke your consent at any time with future effect. This also applies to any consent granted before the GDPR became applicable, i.e., before 25 May 2018.
  • For the performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR): We process data to fulfil our contractual obligations to our customers or to carry out pre-contractual measures requested by you. The specific purposes of the data processing are primarily derived from the relevant product or service and may include needs assessments and consulting. Further details can be found in the contract documents and general terms and conditions.
  • Due to legal obligations (Art. 6(1)(c) GDPR) or in the public interest (Art. 6(1)(e) GDPR): REFA: Suisse Group is subject to various legal obligations (e.g., commercial and tax-related retention requirements under the German Commercial Code and Fiscal Code). The purposes of processing also include compliance with tax monitoring and reporting obligations, as well as risk assessment and management within the company and the REFA: Suisse Group.
  • Based on legitimate interests (Art. 6(1)(f) GDPR): Where necessary, we also process your data beyond the fulfilment of the contract in order to safeguard our legitimate interests or those of third parties. Examples include:
  • Reviewing and improving business management processes and the development of products and services
  • Advertising, market and opinion research, provided you have not objected to the use of your data
  • Assertion of legal claims and defense in legal disputes
  • Prevention, detection, or investigation of criminal acts
  • Ensuring IT security and IT operations

        5. Categories of recipients of the personal data

        Within the company, only those departments that require access to personal data in order to fulfil our contractual and legal obligations are granted such access. Additionally, REFA: Suisse Group assigns certain of the aforementioned processes and services to carefully selected and GDPR-compliant service providers based within the EU. These include companies in the following sectors: IT services, payment processing, printing services, invoicing, debt collection, consulting, sales and marketing, as well as other service providers we engage under data processing agreements.

        With respect to data transfers to other recipients, we may only disclose information about you if required by law, if you have given your consent, or if we are otherwise authorized to do so. Provided these conditions are met, recipients of personal data may include, among others:

        • Public authorities and institutions (e.g., tax authorities, Federal Network Agency) in the case of a legal or regulatory obligation
        • Companies or similar entities to whom we transmit personal data for the purpose of managing the business relationship (e.g., credit agencies), and other entities within the REFA: Suisse Group

        Other entities may also receive data, provided you have given us your consent for the transfer.

        6. Intention to Transfer Personal Data to a Third Country or an International Organization

        There is no active transfer of personal data to a third country or to an international organization.

        7. Criteria for Determining the Duration for Which Personal Data Is Stored

        The criteria for determining the storage period depend on the end of the processing purpose and the subsequent statutory retention periods. If the data is no longer required to fulfil contractual or legal obligations, it is regularly deleted—unless limited and possibly restricted further processing is necessary for the following purposes:

        • Fulfilment of commercial and tax-related retention obligations: including those under the German Commercial Code (HGB), the Fiscal Code (AO), and the principles for proper keeping and storage of books, records, and documents in electronic form (GoBD). These regulations stipulate retention and documentation periods of up to 10 years.
        • Preservation of evidence within the scope of statutory limitation periods: according to §§ 195 ff. of the German Civil Code (BGB), the standard limitation period is 3 years, but may extend to up to 30 years in certain circumstances.
        • Compliance with telecommunications-related retention obligations under the current Telecommunications Act (TKG) and other applicable laws.

        8. Your Data Protection Rights

        Every data subject has the right to access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR, and the right to data portability under Article 20 GDPR. The right of access and the right to erasure are subject to the limitations set out in Sections 34 and 35 of the German Federal Data Protection Act (BDSG). You also have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).

        You may withdraw any consent given for the processing of personal data at any time with effect for the future. This also applies to any consents granted prior to the applicability of the General Data Protection Regulation, i.e., before 25 May 2018. Further information is available in the section on the right of withdrawal in this policy.

        9. Obligation to Provide Data and Possible Consequences of Not Providing It

        As part of our business relationship, you are required to provide the personal data that is necessary to establish and conduct the contractual relationship and to comply with legal obligations. Without this data, we will generally not be able to enter into or fulfil the contract with you.

        10. Existence of Automated Decision-Making, Including Profiling

        As a rule, we do not use automated decision-making processes in accordance with Article 22 GDPR to establish and conduct the business relationship. If we use such procedures in individual cases, you will be informed separately if required by law. In some cases, we process your data automatically in order to evaluate certain personal aspects (profiling). We use profiling, for example, to assess your creditworthiness and to improve our sales measures so we can provide you with more targeted and relevant offers.

        11. Tracking data

        Tracking data collected through the use of our services (IP address [temporary], date and time of website access, visited URL, browser type, etc.) is stored in order to detect and correct technical issues or misuse of the website and our services. These data are not evaluated to create personal usage profiles. Log data is automatically deleted after 180 days.

        12. Cookies and Third-Party Services

        12.1 Cookies

        Description and Scope of Data Processing
        We use so-called cookies on our website. They help make our services more user-friendly, effective, and secure. Cookies are small text files stored on your device and saved by your browser. Most of the cookies we use are “session cookies” that are deleted automatically after your visit ends. Cookies do not harm your device and do not contain viruses.

        1. Necessary cookies:

        • Cookies to store the cookie manager selection
        • Session cookies

        2. Analytical or tracking cookies:

        • Google Site Tag

        Legal Basis for Data Processing
        The legal basis for processing personal data via cookies is Article 6(1)(f) GDPR.

        Purpose of Data Processing
        The use of technically necessary cookies is intended to simplify the use of our website. Some features cannot be provided without cookies, as they are needed to recognize the browser after a page change. Data collected through such cookies is not used to create user profiles. This constitutes our legitimate interest under Article 6(1)(f) GDPR.

        Storage Duration, Right to Object, and Deletion Options
        Cookies are stored on your device and transmitted to our site. Their duration is as follows:

        1. Necessary cookies:

        • Cookie manager selection: until the end of the browser session
        • Session cookies: 1 year

        2. Analytical / tracking cookies:

        • Google Site Tag: 2 years

        You can disable or restrict the use of cookies by adjusting your browser settings. Cookies already stored can be deleted at any time. If cookies are deactivated for our website, some functions may no longer be fully available.

        Click here to edit your cookie settings.

        Additionally, you can prevent Google from collecting data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by installing a browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. To disable Universal Analytics tracking across multiple devices, the opt-out must be performed on all systems used. Clicking here sets the opt-out cookie: Deactivate Google Analytics

        12.2 Third-party services

        12.2.1 Google Analytics
        This website uses Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses cookies. The information generated by these cookies about your use of the website (including your IP address) is transmitted to and stored by Google on servers in the USA. Google uses this data to evaluate website usage, compile reports for us, and provide other services related to website activity. If required by law or if third parties process the data on behalf of Google, the data may be passed on to them. Google will never link your IP address with other data held by Google.

        You can prevent the installation of cookies by adjusting your browser settings; however, some features may become unavailable. By using this website, you consent to the processing of your data by Google in the manner and for the purposes described above.

        You can also prevent tracking by installing the browser add-on available at:
        https://tools.google.com/dlpage/gaoptout

        Further information about Google’s data protection policies:
        https://www.google.de/intl/en/policies/privacy/
        https://www.google.com/analytics/terms/en.html

        12.2.2 Social Media Links
        REFA: Suisse Group operates its own social media pages via third-party providers (Facebook, Google+, Twitter, XING, Instagram, YouTube). By clicking on these links, you will be redirected to the respective platforms. Once you access them, the privacy policies of those providers apply. We recommend logging out of your social media accounts beforehand to avoid automatic profiling.

        12.2.3 Links to Other Websites
        Our website contains links to external websites not operated by us. Please check the respective privacy policies of those websites. We assume no responsibility for the data protection standards or data handling practices of other companies.

        13. Newsletter Subscription

        If you wish to receive the newsletter offered on our website, we require your email address as well as information allowing us to verify that you are the owner of the provided address and agree to receive the newsletter.

        To ensure valid consent, we use the so-called double opt-in procedure. The potential subscriber is initially added to a mailing list and then receives a confirmation email to complete the subscription. Only after this confirmation is the address actively added to the list.

        These data are used solely for sending the requested information and offers.

        We use the newsletter software rapidmail. Your data will be transferred to rapidmail GmbH. rapidmail GmbH is prohibited from selling your data or using them for purposes other than sending newsletters. It is a certified German provider selected in accordance with GDPR and the German Federal Data Protection Act (BDSG).

        You can withdraw your consent to the storage and use of your data and email address at any time, for example via the “Unsubscribe” link in the newsletter.

        Data protection measures are subject to continuous technical updates. For this reason, we recommend checking our privacy policy regularly.

        Your Right to Object

        Below we provide you with the necessary information about your right to object under Article 21 of the General Data Protection Regulation (GDPR). You may submit your objection informally and preferably direct it to:

        International Process & Industrie Consult SA
        A company of the REFA: Suisse Group
        Elsenheimerstraße 61
        D - 80687 Munich

        1. Right to object on a case-by-case basis
          You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) GDPR (public interest) or Article 6(1)(f) GDPR (legitimate interests). This also applies to profiling based on these provisions under Article 4(4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.
        2. Right to object to data processing for direct marketing purposes
          In some cases, we process your personal data for direct marketing purposes. You have the right to object at any time to such processing, including profiling related to direct marketing. If you object, your data will no longer be used for these purposes.
        3. Right of access
          You have the right to request confirmation as to whether personal data concerning you is being processed. If so, you may request the following information:
        • The purposes of processing
        • The categories of personal data concerned
        • The recipients or categories of recipients to whom the data have been or will be disclosed
        • The planned duration of storage or the criteria used to determine it
        • The existence of rights to rectification, erasure, restriction or objection
        • The right to lodge a complaint with a supervisory authority
        • The source of the data, if not collected directly from you
        • The existence of automated decision-making, including profiling, with meaningful information about the logic involved and the expected impact on you

        You also have the right to be informed whether your personal data has been transferred to a third country or international organization, and to be informed of the appropriate safeguards pursuant to Article 46 GDPR related to the transfer.

        International Process & Industrie Consult SA

        (formerly REFA International AG)
        Vic. Ponte Vecchio 3-5
        CH - 6600 Locarno
        Phone.: +41(0)44 500 2328
        Mail: office@ipic-ag.com

        Copyright © 2025