Choose your country / language

Oerlikon Balzers Client Data Privacy Policy

Management of our business relationship with clients, external contacts (except suppliers).

This Privacy Policy is provided by Oerlikon Surface Solutions AG and its Oerlikon Balzers affiliates (hereafter collectively referred as “Oerlikon Balzers entities”).

1. Definitions

Personal Data: shall mean any information that may, directly or indirectly, identify an individual, as for example name, contact details, function, identification number, online identifier.

Data Controller: shall mean the legal entity which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Data Controller

The Data controller is the legal entity responsible for the collection and Processing of your Personal Data and in charge of ensuring compliance with applicable data protection law.

Oerlikon Surface Solutions AG and each of its Balzers affiliates act, individually, as a Data Controller in relation with the management of their own clients, prospective clients, external contacts. The Oerlikon entity which is legally responsible for the collection, Processing of your Personal Data is the Oerlikon Balzers entity with whom you are in contact with or have a contract with.

However, when different Oerlikon Balzers entities share clients’ data in order to propose or provide services collectively to the same client, the concerned Balzers entities do act as joint Data controllers in relation with the use of the same client’s personal data, it means that they are collectively responsible for the use of such data.

3. When do Oerlikon Balzers entities record Personal Data about You in their CRM?

Oerlikon Balzers entities will record your Personal Data in their CRM systems if You:

  • gave your professional contact details to them during a conference, or any other event or through our website contact forms AND;
  • let them know that you are interested in being one of their business contacts, get information or discuss how we could work together OR
  • are an existing client, partner.
4. What Personal Data do Oerlikon Balzers entities collect about You?

Given that Oerlikon Balzers entities sell their services to corporate clients only, they do collect limited Personal Data.

The Personal Data generally collected about You are:

  • Identification data (e. g. first name, surname, title);
  • Professional contact details (e. g. e-mail address, phone number, address, country);
  • Professional data (as your function, title, department, company for whom you work, projects discussed or contracts followed together and related communications (e.g. negotiation, service cases, request on services, products, follow up of contract execution, information on planned and/or past deadlines));
  • Information about any consent granted, in particular for direct marketing activities (e. g. date of submission, scope of consent).
5. Why do Oerlikon Balzers entities collect and use Personal Data about You?

Oerlikon Balzers entities will use your Personal Data to the extent necessary for the following purposes:

  • Centralizing contact details, documents and communications with each of their clients, prospective clients, external contacts including partners;
  • Managing their relationship with you in an efficient way;
  • Evaluating opportunities and whether they are interested in doing business with you;
  • Negotiating, concluding and executing and managing contracts with you (e. g. billings, delivery of services; guarantee, account administration, meetings);
  • Fulfilling legal obligations (e. g. fighting against bribery, conflicts of interest, disclosing required Personal Data to governmental institutions, competent authorities or courts upon request within the conditions permitted by applicable law),
  • Protecting their rights and interests in case of a litigation
  • Protecting the security of their systems and information;
  • Managing direct marketing activities (subject to prior consent) and organize events, trade shows and customer meetings.
6. Legal Bases for Data Processing

Oerlikon Balzers entities will Process your Personal Data based on applicable data protection law.

Outside of the EU/EEA, when the legal ground for processing personal data is only consent, they will collect your personal data based on consent. If consent is not the only possible legal ground for collecting, using your personal data, we will collect your personal data based on applicable legal ground.

Within the EU/EEA, the applicable data protection law is the EU General Data Protection Regulation 2016/679 (GDPR), and we process your personal data based on the following GDPR legal grounds:

  • Your consent (Art. 6 para. 1 S. 1 lit. a), Art. 7, Art. 9 para. 2 lit. a) GDPR).
    • This is the case for direct marketing activities. If your consent is the legal basis for processing your Personal Data, then you can revoke your consent anytime with the future;
  • The necessity to enter a contractual relationship with you and to fulfil their contractual obligations (Art. 6 para. 1 S. 1 lit. b) GDPR) as for example, when we follow any payment, read and record communications with you or your company in relation with the delivery of a service.
  • The necessity to pursue our legitimate interests, or the legitimate interests of third parties (Art. 6 Abs. 1 S. 1 lit. f) GDPR), especially:
    • recording Your Personal Data in the systems used for the management of their relationship with you and using such Personal Data in order to manage our relationship with you, communicate with You
    • when they engage suppliers to obtain support from an IT perspective;
    • when they organize business meetings or tradeshows, events, dinners and record your registration and dietary requirements for this purpose;
    • when they use Personal Data to improve the way they interact with You and their service and sales processes;
    • when their archive their communications with you in order to defend their rights and interest before a court or regulator in case of an audit or litigation;
  • A legal obligation (Art. 6 para. 1 c) GDPR) : this is the case when they archive information for tax reasons, keep evidence of a payment made by a client, indicate the final beneficiary of a contract, make any due diligence concerning clients in our systems.
7. Disclosure of Personal Data

Oerlikon Surface Solutions AG and its Balzers affiliates share, between their sales teams, clients and prospective clients’ personal data to be able to collaborate on a negotiation or provision of a service to a same client. Oerlikon Balzers entities (potentially from different countries and regions) generally need to collaborate to deliver services and manage negotiations and contracts due to the way the entire Balzers sales function is organized and the implied high level of interaction between the different Balzers sales teams.

The Balzers CRM Global Administrator works for Oerlikon Balzers Coating Gmbh in Germany and has access to all Personal Data stored in the CRM for administration, coordination, centralization and management purposes.

Your Personal Data will also be shared with the below entities, where and to the extent necessary, to obtain support for the purposes mentioned in Section 5:

  • External supplier IBS Technology for IT support purposes;
  • Professional consultants, banks, insurance companies, certified accountants, lawyers, tax consultants;
  • Co-organizers of events to which you want to participate, with your consent;
  • Competent governmental institutions, authorities or courts upon request, if legally required or if necessary, to defend our rights in a litigation. This type of disclosure will be performed in compliance with all applicable legal conditions.

External service providers only have access to Personal Data they need for the execution of their specific tasks, we sign a data processing agreement with them to ensure the protection of Personal Data in line with applicable data protection laws.

In case of a merger, fusion, restructuring, joint venture, similar procedure, your Personal Data may be shared with the acquiring or merged company, subject to the terms of our agreement with your company and any required consent.

8. Data Transfer to a Foreign Country

The systems used for customer relationship management purposes are stored and maintained in Liechtenstein (EEA), a country subject to the EU General Data Protection Regulation (GDPR).

However, due to our global footprint, our decentralized organization and human resources, and global IT infrastructure, the entities having access to Personal Data as listed in above Section 7 may be located overseas and in countries that may not provide the same level of data protection as in your country.

Oerlikon Balzers entities are established in Switzerland, EU, Liechtenstein (EEA), UK, Turkey, Asia (China, Taiwan, Korea, Indonesia, Philippines, Thailand, Vietnam, Malaysia, India), Latin America (Brazil, Mexico), Singapore, Japan, United States.

Please note that where your Personal Data must be transferred overseas (and in particular outside the EU/EEA/Switzerland, to “non adequate” countries according to the European Commission) your Personal Data will be protected either by:

  • Oerlikon Intra Group Data Transfer and Processing Agreement (IGDTPA) which has been signed by all Oerlikon entities of the group. This agreement is based on the standard contractual clauses of the European Commission from 2021 and protect your Personal Data when transferred overseas to Oerlikon entities (an addendum to this IGDTPA covers the outbound transfers of China Personal Data and is based on the China Standard Contract).
  • A data transfer agreement if the recipient of your Personal Data is not a member of the Oerlikon Group or any other appropriate agreement if a data transfer agreement is not required by applicable data protection law.
9. Data retention period

Oerlikon Balzers entities store your Personal Data only for the period of time necessary to fulfil the purposes listed in Section 5.

Generally, for prospective clients, Oerlikon Balzers entities keep their Personal Data as long as they are in contact with them, analyze their needs, and as long as prospective clients share their expectations with them. If after evaluation of the needs a prospective client, they consider than they are not able to answer positively to it, they may unilaterally delete their Personal Data from their systems. They will also delete their Personal Data if they ask them to do so (provided that they do not have to archive it for legal reasons).

For clients, they will generally keep their Personal Data for the duration of the contractual relationship and then archive it for the statute of limitation period ( if there is a legal obligation to keep it or if necessary to defend their rights before a court or regulator) and then delete it. If you are a regular client since many years and that you regularly sign new contracts with Oerlikon Balzers entities and order new services, they may keep your Personal Data active in the CRM for up to one year after the end of an agreement for the purpose of facilitating the management of your future orders.

The emails recorded in our customer relationship management systems are deleted 6 years after closure of the case (e.g. Case, Opportunity, Quote) . Information which may become relevant with respect to product liability are deleted 12 years after contract fulfilment. If your Personal Data is archived for the abovementioned purposes, it will be kept securely and accessed only for the above purposes. In addition, if Personal Data included in documents with relevance to accountancy and tax matters will be kept for legal retention periods of six or ten years with a safety period of 2 years.

Every year, at the end of the respective calendar year, Oerlikon Balzers entities analyze all their contacts and verify whether it is still relevant and necessary to keep them. If there is no business need, contractual or legal requirement for further storage of your Personal Data, then it will be deleted. For example, if they haven’t heard about a prospective client or external contact other than a client during one year, and she/he does respond anymore to our messages, his/her Personal Data will be deleted from their customer relations management systems.

10. How to manage your consent to direct marketing messages and unsubscribe?

If you want to receive invitations to Oerlikon Balzers entities’ events, greeting cards, services, you can click on the corresponding link, inserted in the automatic CRM message you receive as soon as you are recorded in the system, or send your request by email to the Sales person you are in contact with.

If you subscribed to receive marketing messages such as invitations to events, newsletters, greeting cards or marketing materials related to Balzers services you may revoke your consent at any moment by clicking on the “Unsubscribe” link included either in the confirmation email you have received after the subscription or in any commercial email sent to you by Oerlikon Balzers entities.

11. Your Rights on your Personal Data

Depending on the applicable data protection law, You may have the rights to1:

  • know whether Oerlikon Balzers entities collect Personal Data about you and for which purposes and obtain a copy of it;
  • request the correction or deletion of your Personal Data if they are incorrect, incomplete, outdated or if there is no legal ground anymore for Oerlikon to store them;
  • request the restriction of use of your Personal Data if you consider that your Personal Data have not been used lawfully and/or object to the use of your Personal Data.  In such case, Oerlikon Balzers entities will stop processing your Personal Data and delete it (if you object to it), unless they can provide mandatory reasons which override your interests, rights, or liberties, as for example if they need to keep it for legal reasons, defend their rights before a court, cover a guarantee obligation.
  • If you are located within the EU/EEA and if certain of your Personal Data, based on your consent, you have the right to data portability on this Personal Data. In this case you can demand to obtain from us the Personal Data provided to us in a structured, general and machine-readable form, or to have them transmitted to another entity of your choice
  • If we have collected Personal Data about you based on your consent, you can revoke your consent at any time, for example if you do not want to receive anymore commercial messages from us;
  • You may also challenge and ask for the verification of any decision that would be taken about you based on an automated process if it significantly affects your own rights;
  • You may file a claim with your supervisory authority if you consider that your Personal Data have been processed in violation of applicable data protection law or your rights have been violated.

To unsubscribe to our marketing emails, please follow the guidance in Section 10.

To obtain a simple confirmation that Oerlikon holds Personal Data about you or to obtain the correction of your professional contact details, please contact the Sales person you are in contact with by email.  You must provide relevant information to prove your identity, as a copy of an ID.

For any other request, and if you have any concern about our privacy policy or the way Oerlikon uses your Personal Data, contact directly our Global Data Protection Officer at privacy.corporate(at)oerlikon.com.

When you contact our Global Data Protection Officer for your request, please indicate: your name, surname, name of the company for whom you work, your professional contact details (the response will be sent at these contact details), the Oerlikon company and/or sales person you are in contact with, your concern or request, the Personal Data covered by your request. You will also need to provide an evidence of your identity as a copy of an ID (it will be used only the time necessary to verify your identity and then deleted) except if you solely request the deletion of your email address from our direct marketing lists.

Date of last update:  June 2023

1 These rights are based on GDPR but they do not necessary all apply in every country. Generally countries provide at least a right of access to Personal Data and a right to obtain correction of Personal Data that are incorrect or uncomplete.

keyboard_arrow_up