Privacy Policy

A) General Information

BAM AG (hereinafter also “we,” “us,” “Company”) collects and processes personal data concerning you or other persons (e.g., colleagues, family members; “third parties”). The term “data” is synonymous with “personal data” or “data relating to an identified or identifiable person.” The terms “processing” and “handling” are used interchangeably. In this Privacy Policy, we describe how we process your data when you use https://www.bamtec.com/de/ (hereinafter “Website”), obtain our services or products, are otherwise in a contractual relationship with us, visit our social media channels, communicate with us, or otherwise interact with us. This Privacy Policy may be supplemented by other documents such as contractual terms or additional specific privacy statements. If you provide us with data about third parties, we assume that you are authorized to do so and that this data is correct. By transmitting data about third parties, you confirm this and ensure that these third parties have been informed about this Privacy Policy. Our own information obligations under applicable data protection laws remain unaffected. The Swiss Federal Act on Data Protection (“FADP”) and the Data Protection Ordinance (“DPO”) generally apply to the processing of your personal data. Partially, for example, if you access our website from a member state of the European Union (“EU”) or the European Economic Area (“EEA”), the EU General Data Protection Regulation (“GDPR”) and possibly other national laws of your country also apply. If a specific article of the GDPR is referred to, it exclusively relates to the processing of data of persons located in the EU or the EEA.

B) Data Controller / Data Protection Officer / Data Protection Advisor

The entity responsible for the data processing described in this Privacy Policy is, unless otherwise communicated, data-protection-wise:

BAM AG (CHE-102.247.440.)
Franz Häussler
Neugasse 43
9000 St. Gallen SG
Switzerland
Tel.: +41 71 222 20 61
E-Mail: info@bamtec.com
Website: https://www.bamtec.com/

We have appointed the following additional entities:

– Data protection representative in the EU according to Art. 27 GDPR:

Häussler Innovation GmbH
Mozartstrasse 31
87435 Kempten
Germany
Tel. +49 831 521 73 11
Email: info@bamtec.com

C) Categories of Processed Data

We primarily process personal data you provide to us, that we collect when operating our Website, our social media channels, at trade fairs, or other events, as well as personal data from publicly accessible sources, in particular company websites. We may also receive personal data from third parties. The processed personal data may fall into the following categories:

1. Technical data (cookie ID, IP address, etc.);
2. Communication data (telephone number, email address, etc.);
3. Master data (name, address, date of birth, etc.);
4. Contract data (services to be provided, contract duration, etc.);
5. Behavioral and preference data (use of the website, selection of products and services, etc.);
6. Data related to projects and other assignments;
7. Special categories of personal data (biometric data, health information, etc.);
8. Other data (photos, videos, audio recordings, etc.).

D) Legal Basis for Data Processing

Where we request your consent for specific processing activities (e.g., for processing special categories of personal data), we will inform you separately about the relevant purposes of processing. You can revoke consent at any time by email to: info@bamtec.com with effect for the future. Where we do not request your consent, we base the processing of your personal data on the fact that processing is necessary for the initiation or performance of a contract with you (Art. 6(1)(b) GDPR) or processing is necessary for our or third parties’ legitimate interests and there is no reason to assume that you have an overriding interest in non-processing (Art. 6(1)(f) GDPR), in particular to pursue the purposes described below and to implement appropriate measures. If we receive special categories of personal data, we may also process your data based on other legal grounds, e.g., in case of disputes due to the necessity of processing for potential legal proceedings or the assertion or defense of legal claims.

E) Purposes of Data Processing

We process your data in connection with communication with you, as well as for the establishment, management, and fulfillment of contractual relationships. We may also process data for marketing purposes, for asserting legal claims, for defense in legal disputes, for relationship management, market research and product development, and to comply with laws, regulations, and internal policies. The legal basis for processing is Art. 6(1)(f) GDPR. Where required and legally permissible, we process your data beyond the contractual purposes to fulfill legal obligations.

a) Use of our Website

1. Logfiles

When visiting our Website, we automatically collect general technical visit information in so-called log files. Information collected may include the browser and version used, the operating system used by the accessing system, the website from which a system accesses our Website, the subpages accessed on our Website, the date and time of access, the IP address of the device used to visit the Website, the Internet service provider of the accessing system, and other similar information that can serve to protect against attacks on our systems.

The collection and processing of these log files is for the purpose of enabling use of our Website (connection establishment), ensuring and improving the security and stability of our systems, optimizing our Internet offerings, and for internal statistical purposes. The legal basis for data processing is Art. 6(1)(f) GDPR.

2. Newsletter

You can sign up for our newsletter on our Website. The data collected will be processed to inform you via newsletter about us, our offerings, general industry developments, and other news. You can unsubscribe at any time by email to info@bamtec.com or by clicking the “Unsubscribe” button in the newsletter.

3. Contact Form, Chat, and Email Contact

You can contact us via contact form, chat, or email. The data collected is processed to review your request, get in touch with you, and, for example, schedule an appointment or send offers regarding our products and services. Providing further information – especially the content of the request – is explicitly voluntary and with your consent, Art. 6(1)(a) GDPR, or for (pre-)contractual requests, based on Art. 6(1)(b) GDPR.

If this involves communication channels (e.g., email address, phone number), you also consent that we may contact you via this channel to respond to your request. Your data obtained will be deleted once it is no longer required for the purpose of collection, your request has been fully processed, and no further communication is needed or requested. Please note that statutory retention obligations may apply for (pre-)contractual requests, and your data may only be deleted after these periods expire.

4. Cookies

Cookies are small pieces of information that allow your browser to be uniquely identified and may contain other information such as user settings. The legal basis for processing is Art. 6(1)(f) GDPR. We use the following cookies:

5. Tracking and Analysis Tools

We use various technical systems, mainly from third parties such as Google Analytics, CleverReach, HubSpot, Surfe, or Mailchimp, to measure and evaluate the use of our Website and Newsletter. The data collected is processed to design and continuously optimize our Website and Newsletter. These tracking and analysis tools use cookies and similar technologies; please refer to the cookies section for more information.

It is possible that third parties may infer your identity, create personal profiles, and link the data to any of your accounts. By agreeing to the use of these services and their cookies, you explicitly consent to this processing, which may include the transfer of personal data (especially usage data, device information, and individual IDs) to the USA and other countries.

b) Social Media Pages

We use social networks and maintain our own pages on LinkedIn, XING, and YouTube. We use these social media pages to share information about us, our offerings, and other news. Additionally, we use these pages to communicate with you and third parties. We process personal data of followers on LinkedIn, such as profile information and interactions, for business and marketing purposes as described in this Privacy Policy. The data collected can be transferred to our Customer Relationship Management (CRM) system and further processed and maintained there for the aforementioned purposes.

When you visit our social media pages or interact with us, we receive data about you. We process this data for communication, marketing purposes, and market research. Content you publish yourself may also be further processed by us. The legal basis for processing is Art. 6(1)(f) GDPR. For more information on the processing carried out by the platform operators, please refer to the privacy policies of the respective platforms. There you will also find which countries process your data, your rights to information, deletion, and other data subject rights, and how to exercise them.

We use plugins. If you click a link to one of our social media pages, a direct connection between your browser and the server of the respective social network is established. This allows us to offer certain functions on the pages.

c) Contractual Relationships with Customers, Suppliers, and Other Business Partners

For the purpose of fulfilling our contractual obligations, we process master data (e.g., names and addresses as well as contact details) and contract data (e.g., services used, names of contact persons, payment information) of customers, suppliers, and other business partners to ensure the best possible fulfillment of our contractual obligations and services according to Art. 6(1)(b) GDPR, as well as for invoicing and communication purposes.

d) Data Collection at Physical Events

In the context of physical events such as trade fairs or other events, we collect personal data (e.g., name, email address, telephone number) provided to us via business cards, forms, or in-person conversations. The data is used for contacting you, post-event follow-up, and, if applicable, for marketing purposes. The affected persons are informed about their rights according to FADP/GDPR and can object to the use of their data at any time.

F) Profiling and Automated Decision-Making

We may automatically evaluate certain of your personal characteristics (“profiling”) if we want to determine preference data, but also to detect misuse and security risks, conduct statistical analyses, or for operational planning purposes. For the same purposes, we may also create profiles, i.e., we can combine behavioral and preference data, as well as master and contract data, and technical data assigned to you, to better understand you as a person with your different interests and other characteristics.

In certain situations, for reasons of efficiency and uniformity in decision-making processes, it may be necessary to automate discretionary decisions with legal effects or potentially significant disadvantages (“automated individual decisions”). In such cases, we will inform you accordingly and take the measures required under applicable law.

G) Disclosure to Third Parties

We treat your personal data confidentially and only disclose it to third parties listed in this Privacy Policy. Such disclosure is in connection with our contracts, the Website, our services and products, our legal obligations, or to protect our legitimate interests and the purposes described under Section E). For various administrative activities, we use external service providers. These external providers may have access to your personal data due to their activities, but are contractually obliged to always treat your data confidentially. Where necessary, we have concluded data processing agreements with them. We may disclose your personal data in particular to the following recipients:

1. Trustees in connection with bookkeeping as well as the preparation and dispatch of invoices;
2. Tax advisors, if necessary for the preparation of tax returns;
3. Logistics service providers in connection with the shipment of our products;
4. Banks and insurance companies, if required in connection with our contracts;
5. Our group companies;
6. IT service providers providing the software and services we use, as well as managing the Website and related services (e.g., web hosting, newsletter providers, tracking and analytics providers);
7. Debt collection agencies, if we need to assert our claim through debt enforcement;
8. Law firms, particularly in the case of disputes;
9. Credit card acquirers, if you use our paid services;
10. Social media companies, if you access one of our social media profiles via plugins;
11. Authorities, courts, and other governmental agencies if legally obliged or entitled, or if necessary to protect our interests;
12. Project participants such as architects, subcontractors, suppliers, and clients.

We only disclose your data to these third parties if:

H) Data Transfer and Cross-Border Data Transmission

We are entitled to transfer your personal data to companies abroad if this is done for the purposes described under Section E). We disclose your personal data to the following countries: EU and USA. If this involves a country outside Switzerland, the EU, or the EEA, and adequate legal data protection is not ensured, we contractually oblige the recipient to comply with applicable data protection. We use the Standard Contractual Clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?

I) Your Rights

You have the right to assert your data protection rights at any time and to request information about whether data concerning you is being processed by us. You also have the right to request that the data you have provided be transmitted to a third party of your choice in a commonly used format (right to data portability). The legal basis is Art. 15(3) GDPR. Upon request, we will provide the data to a third party of your choice. Additionally, you have the right to correct incorrect data and, within the scope of the GDPR, to complete your data, as well as the right to have your personal data deleted at any time, provided no statutory retention obligation or legal basis for processing prevents this. According to Art. 18 GDPR, you have the right to request restriction of processing. Processing may be objected to for reasons arising from the special situation of the data subject. This general right of objection applies to all processing purposes described in this Privacy Policy based on our legitimate interests. If we process your data for direct marketing purposes, you have the right to object at any time according to Art. 21(2) GDPR. You also have the right to enforce your claims in court or to file a complaint with the competent data protection authority concerning the processing of your personal data. You may do so at the data protection authority at your place of residence, work, or the location of the alleged data protection violation. The competent data protection authority for Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/de/home.html). For processing activities you have consented to, you may revoke your consent at any time. The lawfulness of processing carried out prior to revocation remains unaffected. You can contact us for the above purposes via email: info@bamtec.com. We may request proof of identity to process your requests.

J) Data Security

We use appropriate technical and organizational security measures to protect your personal data stored with us against unintentional, unlawful, or unauthorized manipulation, deletion, alteration, disclosure, partial or total loss, and unauthorized access by third parties. Our security measures are continuously adapted and improved according to technological developments. We assume no liability for loss of data or its knowledge and use by third parties. We also take internal data protection very seriously. Our employees and service providers commissioned by us are obligated to maintain confidentiality and comply with data protection regulations. As a registered user, access to your account is only possible after entering your personal password. You should always keep your access data confidential and log out from your account when finished communicating with us, especially if the device you use is not exclusively used by you.

K) Data Retention Period

We retain your personal data only as long as legally required or necessary for the processing purpose. For analyses, we store your data until the analysis is completed. Contract data is retained longer, at least as long as the contractual relationship exists and at most as long as statute of limitations for potential claims of ours runs or statutory or contractual retention obligations apply. Retention obligations arise from accounting and tax regulations. According to these regulations, business communication, contracts, and booking records must be kept for up to 10 years. Once these data are no longer needed to provide services for you, they are blocked, meaning they may only be used for accounting and tax purposes.

L) External Links

Our Website contains links to external websites. We are not responsible for their content or privacy practices. We recommend carefully reading the privacy policies on the linked websites.

M) Currency and Updates

We reserve the right to update and modify this Privacy Policy at any time without prior notice. The version published on our Website is always the applicable version. We therefore recommend visiting our Website regularly to stay informed about any updates.

BAM AG, December 2025