Privacy Policy (Datenschutz)

GENERAL

TH Kazakatom AG (hereinafter referred to as “TH Kazakatom AG/we/us”) attaches great importance to compliance with the relevant data protection regulations.

When you use our website https://www.thk-ag.ch/, your personal data (referred to in this privacy policy as «personal data») will be processed by us as the data controller and stored for the period required to fulfill the specified purposes and legal obligations.

We process your personal data in accordance with the processing principles set out in Articles 6 to 8 of the Federal Act on Data Protection (FADP). The protection of your privacy is important to us, and we attach great importance to compliance with the relevant data protection regulations. In this privacy policy, we provide you with comprehensive information about how we handle your personal data and explain your rights in connection with the processing of personal data in our company. We regulate the processing of personal data of our employees, and suppliers outside of our online offering exclusively within the framework of the specific contracts.

This Privacy Policy is subject to change without notice. We therefore invite you to read this Privacy Policy from time to time so that you can familiarize yourself with any changes.

SCOPE OF APPLICATION

This privacy policy applies to all processing activities related to personal data via our website:

  • Visiting our website
  • Contacting us and various contact forms
  • Cookies
  • other purposes mentioned in this privacy policy

Depending on the data processing, in addition to the applicable Swiss law, namely the Federal Act on Data Protection (FADP) of 25 September 2020, SR 235.1, including the associated Ordinance on Data Protection (Data Protection Ordinance, DPO), European data protection law , namely the Regulation (EU) 2016/679 (General Data Protection Regulation) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR), OJ L 119 of 4.5.2016, p. 1) may also or exclusively apply. This applies in particular to the processing of personal data and the use of our website and the observation of the behavior of data subjects residing in the EU/EEA (Art. 3 para. 2 lit. b GDPR).

  1. In terms of language, this privacy policy is primarily based on the terminology of the FADP. 

This privacy policy does not apply to linked websites of other providers or websites that link to our website.

Controller

TH Kazakatom AG
Gartenstrasse 6, 6300 Zug, Switzerland
info@thk-ag.ch

CONTACT DETAILS OF THE SWISS SUPERVISORY AUTHORITY

Federal Data Protection and Information Commissioner
Feldeggweg 1
3003 Bern
Switzerland
Phone: +41 58 462 43 95
Website: https://www.edoeb.admin.ch/

Contact Form: https://www.edoeb.admin.ch/edoeb/de/home/deredoeb/kontakt/anzeigeformular_betroffene.html

DATA COLLECTION WHEN VISITING THIS WEBSITE

When using the website for informational purposes only, i.e. if you do not provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we only collect the data that is technically necessary for us to display our website to you and to ensure stability and security. The data is deleted at the end of your session, but we retain the log in accordance with legal requirements. When you visit our website, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a log file.

The following data is collected without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer
  • Owner of the IP address range (usually your Internet access provider)Date and time of access
  • Name and URL of the retrieved file,
  • Website from which the access is made (referrer URL), if applicable with the search term used
  • Status code (e.g. error message)
  • Amount of data transferred in bytes
  • If applicable, your user name from a registration/authentication 
  • Browser type and version as well as other information transmitted by the browser (such as the operating system of your computer, the name of your access provider, geographical origin, location, language setting, etc.).
  • the subpages that are accessed via an accessing system on our website, and
  • other similar data and information used for security purposes in the event of attacks on our IT systems.

This data is collected for the following purposes:

  • Ensuring smooth connection to the website
  • Ensuring comfortable use of our website
  • Evaluating system security and stability, as well as for other administrative purposes
  • Improvement and further development of our business and our services

The data will be deleted at the end of your session, but we will retain the log file in accordance with legal requirements. Our website is hosted in data centres located in Switzerland by Infomaniak Group SA, Rue Eugène-Marziano 25, 1227 Genève, Switzerland, engaged via our IT service provider Bespoke ICT GmbH, 6300 Zug, Switzerland. Processing by Infomaniak takes place in Switzerland. We have concluded a data processing agreement with Bespoke ICT GmbH as our data processor, and Bespoke ICT GmbH engages Infomaniak Group SA as a sub-processor for hosting services. Your personal data may also be processed by further service providers as described in this privacy policy and in the privacy settings of the cookie banner. We have agreed with such providers that any transfer to the United States will be based on the EU-US or Swiss-US Data Privacy Framework (hereinafter referred to as the Data Privacy Framework) or, if the Data Privacy Framework is declared invalid or does not apply, on so-called standard contractual clauses and appropriate and proportionate technical and organisational measures. By submitting your request, you also consent to your personal data being transferred to unsafe third countries in accordance with Art. 17 FADP and Art. 49 para. 1 lit. a GDPR.

Privacy policy of the data sub-processor (hosting): Infomaniak — “Data confidentiality policy”.

There is an overriding private interest in the processing of your personal data in accordance with Art. 31 para. 1 FADP or Art. 6 para. 1 sentence 1 lit. f GDPR. This information is necessary for the website to function.

CONTACT

Our website offers you the opportunity to contact us directly by phone or E-Mail. Reasons for contacting us may include, for example, questions about products, questions about other topics, or feedback. We do not record any conversations.

The following information may be provided:

  • First and surname
  • E-Mail address
  • Address
  • Phone number
  • Possibly your customer number
  • Information that you provide in writing or verbally

The data in question is processed for the following purposes:

  • Contacting us
  • Responding to your enquiry

Telephone services are provided by Swisscom (Switzerland) Ltd, Alte Tiefenaustrasse 6, 3050 Bern, Switzerland (“Swisscom”), and E-Mail services (Microsoft Outlook) are provided by Microsoft Ireland Operations Ltd (“Microsoft”), South County Business Park, One Microsoft Place, D18P521, Leopardstown, Ireland.

Processing takes place in Switzerland and the EU. We have concluded a data processing agreement with our data processors. The transfer of European or Swiss personal data to Microsoft may result in Microsoft transferring data to its parent company in the USA or to third parties in a country that does not have an equivalent level of data protection. Microsoft Corporation (USA) is a participant in the Swiss-U.S. Data Privacy Framework. In relation to the Swiss-U.S. Data Privacy Framework Agreement, Microsoft Corporation is HR and non-HR data certified. This means that your personal data can be transferred to Microsoft (USA) in the USA without the need for additional guarantees. We have agreed with Microsoft that a transfer to the USA will be based on the Swiss – U.S. Data Privacy Framework or, should it be declared invalid or inapplicable, on so-called standard contractual clauses and appropriate and proportionate technical and organisational measures. By giving your consent to this privacy policy, you also consent to your personal data being transferred to insecure third countries in accordance with Art. 17 para. 1 lit. a FADP or Art. 49 para. 1 lit. a GDPR.  

Privacy policy of the data processors:

Swisscom: https://www.swisscom.ch/de/privatkunden/rechtliches/datenschutz.html

Microsoft : https://www.microsoft.com/de-de/privacy/privacystatement

This data processing is carried out on the basis of contractual or pre-contractual measures in accordance with Art. 31 para. 2 lit. a FADP or Art. 6 para. 1 sentence 1 lit. b GDPR. Once you have consented to this privacy policy, we will also process your personal data with your express consent in accordance with Art. 31 para. 1 FADP and Art. 6 para. 1 lit. a GDPR. Insofar as this involves information on communication channels (e.g. E-Mail address, telephone number), you also consent to us contacting you via this communication channel in order to respond to your request. You can, of course, revoke this consent at any time for the future.

This processing activity is not necessary for the functionality of the website.

The data stored for the purpose of establishing contact will be deleted after final processing, provided that we are not subject to a statutory retention obligation (usually  5 or 10 years).

CONTACT FORM

Under our “Contact us” section, we provide a form that you can use to get in touch with us.

The following information must be provided:

  • Full Name
  • E-Mail Address
  • Phone Number
  • Your message/feedback

The data in question is processed for the following purposes:

  • Contacting us
  • Responding to your enquiry

To process your enquiry via the contact form we use the Content Management System (CMS) WordPress. WordPress is a service provided by Aut O’Mattic A8C Ireland Ltd., Business Centre, No. 1 Lower Mayor Street, International Financial Services Centre Dublin 1, Ireland (“Aut O’Mattic”). When using WordPress functions such as comment forms or contact forms, personal data provided by you (e.g., name, E-Mail address, message content) is processed. The processing is carried out for the purpose of operating our website and ensuring its functionality.

Processing takes place in Switzerland and the EU. We have concluded a data processing agreement with our processor. The transfer of European or Swiss personal data to Aut O’Mattic may result in Aut O’Mattic transferring data to its parent company in the USA or to third parties in a country that does not have an equivalent level of data protection. We have agreed with Aut O’Mattic that any transfer to the United States will be based on the EU-US or Swiss-US Data Privacy Framework (hereinafter referred to as the Data Privacy Framework) or, if the Data Privacy Framework is declared invalid or does not apply, on so-called standard contractual clauses and appropriate and proportionate technical and organisational measures. By giving your consent to this privacy policy, you also consent to your personal data being transferred to insecure third countries in accordance with Art. 17 para. 1 lit. a FADP or Art. 49 para. 1 lit. a GDPR.

Privacy policy of the data processor: https://automattic.com/privacy/.

We process the data on the basis of your consent in accordance with Art. 31 para. 1 FADP or Art. 6 para. 1 lit. a GDPR. Furthermore, it is carried out on the basis of contractual or pre-contractual measures in accordance with Art. 31 para. 2 lit. a FADP or Art. 6 para. 1 sentence 1 lit. b GDPR.

This processing activity is not necessary for the functionality of the website.

The data stored for the purpose of establishing contact will be deleted after final processing, provided that we are not subject to a statutory retention obligation of 5 or 10 years for the data. We reserve the right to retain them for longer in order to assert our rights.

COOKIES

Our website may use cookies (small text files stored on your device) to enhance usability and security. You can configure your browser to block cookies. A cookie does not always mean that we can identify you. You can configure your browser settings that no cookies are stored on your computer or mobile device. Completely deactivating cookies may mean that you cannot use all the functions of our website. We use cookies to create anonymised aggregate statistics that show us how our website is used and help us to improve the content and function of our website. We process this data in the interests of our web-based market presence.

Types of cookies

Our website uses session cookies and persistent cookies.

Session cookies are used to increase the security of the use of our website, to make our information user-friendly and to analyse the use of our websites. A session cookie is automatically deleted when you close your browser or after a short time.

Persistent cookies are used to optimise user-friendliness and speed up the use of our website. When you visit our website again, it automatically recognises that you have already visited us and which entries and settings you have made so that you do not have to enter them again. Persistent cookies expire after a certain period of time.

Managing, deletion or deactivation of cookies

By default, most internet browsers automatically accept cookies. If you do not wish to store cookies from our website on your device, you can configure your browser settings so that you receive a warning before certain cookies are stored. You can configure your browser settings so that your browser blocks most of our cookies and only allows certain cookies or blocks all cookies. You can also withdraw your consent to certain cookies by deleting the cookies that have already been saved. Please note that disabling cookies may limit certain website functions.

Further information on cookies can be found on the websites of the relevant browser platforms.

Categories of recipients of personal data

As part of the operation of our website, our services, to provide and optimise our services and offers and for analysis and retargeting purposes, we use technologies from third-party providers (in particular software and other IT service providers, analysis services and marketing agencies) who gain access to your personal data in the course of their activities and may therefore be recipients of personal data. These third-party providers may be processors of ours or themselves data controllers under data protection law. Some of the third-party providers are based in Switzerland, but they may be located anywhere in the world (including the USA). The third-party providers have undertaken to comply with the applicable data protection regulations vis-à-vis us.

If these recipients of personal data are not explicitly named in this privacy policy, you will find detailed information on the data processing, the personal data processed, the purpose of the processing, the service providers (recipients) and their contact details, the processing principles and the description of the service/technology used, the necessity, the storage period, the place of processing, including information on whether onward transfer to third countries takes place, in the privacy settings of the cookie banner on our website.

You can manage your consent to the collection and processing of personal data by these third-party providers in the privacy settings. If you accept the cookies, plugins and analysis and retargeting tools, the data collected will be processed by the third-party providers. You also agree that your data may be transferred to these third countries, including the USA (Art. 17 para. 1 lit. a FADP and Art. 49 para. 1 lit. a GDPR).

Google reCAPTCHA

We use the reCAPTCHA service from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, on our website. reCAPTCHA calculates the probability that the respective user is a human being. To do this, it analyzes the behavior of users and adds it to a captcha score. Your behavior is tracked by Google cookies already installed on your device based on your previous browser interactions, the number of mouse movements and keystrokes, and the length of time you spend on the website.

In order to evaluate a user’s behavior, the following data is collected and transmitted to Google’s servers:

  • User’s IP address
  • Date and length of stay
  • Time zone
  • Complete screenshot of the browser window
  • Referrer URL
  • Browser plug-ins
  • Mouse movements and keystrokes
  • Information about the operating system (Windows, Linux, iOS, etc.)
  • Cookies from the last 6 months, as well as NID cookies, which are suitable for
  • User device settings (e.g., language settings, location, browser, etc.)

The purpose of processing this data is to ensure that the user of the website is a human being and to protect against spam bots.

Your personal data is generally processed by Google in Ireland. We have concluded a data processing agreement with our processor. The transfer of European or Swiss personal data to Google may result in Google transferring data to its parent company in the USA or to third parties in a country that does not have an equivalent level of data protection. Google LLC (USA) is a participant in the Swiss-U.S. Data Privacy Framework. In relation to the Swiss-U.S. Data Privacy Framework Agreement, Google LLC is HR and non-HR data certified. This means that your personal data can be transferred to Google LLC (USA) in the USA without the need for additional guarantees. We have agreed with Google that any transfer to the United States will be based on the EU-US or Swiss-US Data Privacy Framework (hereinafter referred to as the Data Privacy Framework) or, if the Data Privacy Framework is declared invalid or does not apply, on so-called standard contractual clauses and appropriate and proportionate technical and organizational measures. By giving your consent via the cookie banner, you also consent to your personal data being transferred to insecure third countries in accordance with Art. 17 para. 1 lit. a FADP or Art. 49 para. 1 lit. a GDPR.

Privacy policy of the data processor: https://policies.google.com/privacy

We process the data on the basis of your consent in accordance with Art. 31 para. 1 FADP or Art. 6 para. 1 lit. a GDPR.

reCAPTCHA is necessary to protect our website from overload by spam bots. There is no immediate necessity for the functionality of the website.

Your data will be stored by reCAPTCHA for 6 months.

TRANSFER OF DATA TO THIRD PARTIES

Your personal data will not be transferred to third parties for purposes other than those listed, nor to contractors other than those listed and their subcontractors.

Cross-border disclosure to third countries without an adequate level of protection

No disclosure will be made to third countries without an adequate level of data protection or only subject to appropriate safeguards, e.g., under a contractual obligation to maintain a sufficient level of data protection (so-called standard contractual clauses). Personal data will only be transferred to third countries if the data protection requirements of Art. 9 and 16 FADP and Art. 44 ff. GDPR et seq. are met.

A country is classified as a third country if it does not have a level of data protection equivalent to that provided by Swiss or EU law. The Federal Council (Ordinance on Data Protection (ODP), SR 235.11, Annex 1) and the EU Commission (in the respective adequacy decision pursuant to Art. 45 GDPR) designate countries with an adequate level of data protection.

There is a Data Privacy Framework between the EU and the US. This framework ensures GDPR-compliant transfer to the US and correspondingly compliant data processing, in which all rights of the data subject under EU law can be upheld. Whether the specific data processor in the US participates in this framework can be clarified on the website: www.dataprivacyframework.gov/s/. In addition, you will find further information on the processing of user data in the specific privacy policies of the data processor.

There is also a Data Privacy Framework between Switzerland and the USA. The transfer of your data to the USA is based on the EU-US or Swiss-US Data Privacy Framework or, if this is declared invalid or inapplicable, on so-called standard contractual clauses and appropriate and proportionate technical and organizational measures.

In this privacy policy, we inform you when and how we transfer personal data to the USA or other unsafe third countries.

Data security

We take appropriate technical and organizational measures to ensure that your personal data cannot be viewed or stolen by third parties without authorization. In particular, we use appropriate technical (e.g., firewall, password protection, SSL encryption, etc.) and organizational (e.g., restriction of authorized persons, training of authorized persons, etc.) measures to ensure that only authorized persons have access to this data. Our data processing and security measures are continuously improved in line with technological developments.

We use SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

YOUR RIGHTS

As a data subject, you can assert various claims against us in accordance with the applicable national and international law. In order to fulfill these claims, we may process your personal data again. Depending on the applicable law, data subjects may assert the following rights:

Right to informationTo request information about your personal data processed by us. In particular, information pursuant to Art. 25 ff. FADP or Art. 15 GDPR may contain: about the processing purposesthe category of personal datathe categories of recipients to whom your data has been or will be disclosedthe planned storage periodthe existence of a right to rectification, erasure, restriction of processing, or objectionthe existence of a right to lodge a complaint
The origin of your data, if it was not collected by us
the existence of automated decision-making, including profiling, and, where applicable, meaningful information about its details
Right to rectificationTo request the immediate rectification of inaccurate or incomplete personal data stored by us (Art. 32 para. 1 FADP or Art. 16 GDPR).
Right to restriction of processingTo request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have lodged an objection to the processing in accordance with Art. 21 GDPR (Art. 32 FADP or Art. 18 GDPR);
Right to data disclosure and transferTo receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller (Art. 28 FADP or Art. 20 GDPR);
Right to  deletionTo request the deletion of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims (Art. 32 FADP in conjunction with Art. 28 Civil Code or Art. 17 GDPR);
Revocation of consentTo revoke your consent at any time. As a result, we will no longer be allowed to continue processing data based on this consent in the future (Art. 30 para. 2 lit. b FADP or Art. 7 para. 3 GDPR);
Right to objectObject to processing if your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR (Art. 21 GDPR) and if there are reasons for this arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without you having to specify a particular situation;
Complaint to the supervisory authorityTo lodge a complaint with a supervisory authority (see above) (Art. 49 FADP or 77 GDPR).

Up-to-dateness and changes to this privacy policy

We reserve the right to amend this privacy policy at any time or to adapt it to new processing methods. The current privacy policy can be accessed here at any time. Older versions of the privacy policy are available here.

Status, 1st October 2025

Scroll to Top