Privacy policy

This privacy statement covers all data processing activities of all Rey companies.

For the data processing activities of the companies Rey 360 Holding AG [UID: CHE-398.217.352], Rey Technology Holding AG [CHE-275.651.197], Rey Automation AG [UID: CHE-108.042.994], Rey Informatik AG [UID: CHE-115.251.959], Rey Immobilien AG [UID: CHE-398.018.189] as well as Rey Digital AG [UID: CHE-284.008.847] is responsible for data protection, unless communicated otherwise:

Rey Technology Holding AG
Rütihofstrasse 6
CH-8370 Sirnach

Data protection officer:
Rey Technology Holding AG
Michael Engler
Rütihofstrasse 6
CH-8370 Sirnach
Phone: +41 58 810 04 00

For the data processing activities of Rey GmbH in 79111 Freiburg im Breisgau [HRB 703684] described in this privacy policy, the following is responsible under data protection law:

Rey GmbH
Burkheimer road 3
DE-79111 Freiburg im Breisgau

Data protection officer according to Art. 37 ff. DSGVO:
Rey GmbH
Karl Georg Manuel Hirsch
Burkheimer Strasse 3
DE-79111 Freiburg im Breisgau
Phone: +49 761 3896 40 00

Federal Data Protection and Information Commissioner (Switzerland):
Feldeggweg 1
CH - 3003 Bern

EEA and UK:
A list of authorities in the EEA can be found here:
The UK regulatory authority can be reached here:


Every individual is entitled to protection of their privacy as well as protection from misuse of their personal information. We comply with these provisions. Your personal data will be kept strictly confidential. In close cooperation with our hosting providers, we make every effort to protect the data as well as possible from unauthorized access, loss, misuse or falsification. Your security is important to us. Therefore, the protection of your privacy and your data is a very special concern to us.

The following is all information about what data we collect at the Rey Companies when you use our websites, obtain our services or products, otherwise interact with us under contract, communicate with us or otherwise deal with us, and how or for what we use that data. Where appropriate, we will notify you by timely written notice of additional processing activities not mentioned in this Privacy Policy. In addition, we may inform you separately about the processing of your data, for example, in consent forms, contract terms, additional privacy statements, forms and notices.

If you transmit or disclose data to us about other persons, such as family members, work colleagues, etc., we assume that you are authorized to do so and that this data is correct. By submitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this privacy policy.

Basis for processing

The basis for data processing is derived from the Swiss Data Protection Act or, in individual cases, the EU General Data Protection Regulation ("GDPR"). The main focus is on processing in direct connection with the conclusion or execution of a contract (Art. 31 para. 2 lit. a DSG) as well as credit rating and collection efforts (Art. 31 para. 2 lit. c DSG). The various retention periods are based on our legitimate interests, in particular for evidentiary purposes (Art. 31 para. 1 DSG). The duration is based on the applicable legal provisions in each case.

Categories of personal data

We process the following categories of personal data in particular, depending on the purpose for which we process them:

  • Contact data (e.g. name, address, phone number, email)

  • Customer detail information (e.g. projects, contracts, project participant data)

  • Marketing services information (e.g. newsletter management)

  • Employee data (e.g. salary, social security details, accounting data)

  • Application management (e.g. CV, diplomas, certificates, reference information)

  • Financial relationship information (e.g., bank account data, accounting data)

  • Website data (e.g. IP address, date and time of use, browser type, browser information, website usage incl. transmitted information (analysis of usage behavior)

  • Data from public sources (e.g. debt collection registers, creditworthiness directories, commercial registers)

Purpose of data processing

In the course of our activities, various categories of personal data are processed for diverse purposes. Your personal data will be processed non-exhaustively for the following purposes:

Maintenance of master data

We refer to master data as the basic data that we require, in addition to contractual data, for the processing of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information about, for example, your role and function, your bank account(s), your date of birth, customer history, powers of attorney, signature authorizations and consent forms. We process your master data if you are a customer or other business contact or work for one (e.g. as a contact person of the business partner) or because we want to address you for our own purposes or the purposes of a contractual partner (e.g. as part of marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.). We receive master data from you yourself (e.g. when you make a purchase or as part of a registration), from bodies for which you work, or from third parties such as our contractual partners, associations and address dealers, and from publicly accessible sources such as public registers or the Internet (websites, social media, etc.). We may also process health data and information about third parties as part of master data. We may also collect master data from our shareholders and investors. We generally retain this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if this is necessary for reasons of evidence or to comply with legal or contractual requirements, or if it is technically required. For pure marketing and advertising contacts, the period is usually much shorter.

Contract data

This is data that arises in connection with the conclusion or performance of a contract, e.g., information about contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, the information required or used for processing and information about reactions (e.g., complaints or information about satisfaction, etc.). Health data and information about third parties are also included. We generally collect this data from you, from contractual partners and from third parties involved in the processing of the contract, but also from third-party sources (e.g. providers of creditworthiness data) and from publicly available sources. We generally retain this data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer, insofar as this is necessary for reasons of proof or to comply with legal or contractual requirements or is technically required.


We process your personal data in order to be able to contact you and third parties via means of communication (e-mail, telephone, letter)

Marketing and advertising services

We process your personal data for marketing and advertising purposes as well as for relationship management, e.g. to send our customers and other contractual partners personalized advertising on products and services from us and from third parties (e.g. from advertising contractual partners). This may take the form of newsletters and other regular contacts (electronically, by mail, by telephone), through other channels for which we have contact information from you, but also as part of individual marketing campaigns (e.g., events, contests, etc.) and may also include freebies (e.g., invitations, coupons, etc.). If you would like to receive the newsletter offered on this website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected. The newsletter is sent using the dispatch service provider Brevo, a newsletter dispatch platform of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. You can view the privacy policy of the shipping service provider here: You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe link" in the newsletter.


We process your personal data for administrative purposes. This primarily includes processing for billing and accounting or other related administrative services. We also process data for the purposes of our risk management and as part of prudent corporate governance. We also reserve the right to obtain additional data from third parties if this appears to be appropriate for us. This is predominantly for credit assessment and fraud prevention purposes.

Application Management

We process your personal data if you apply for a job with us or if your application has been included in our pool of interested parties, e.g. also as part of a recruiting event. The data is processed to carry out the application process and with a view to filling and starting a new position and may be shared within the group companies.

Operation and analysis of the website

When you access our websites, data is stored in log files. This usage data forms the basis for statistical, anonymous evaluations, so that trends can be identified, which we can use to improve our offers accordingly. We then process your data to the extent technically necessary to establish the connection you have requested and to deliver the requested content. This data also includes logs in which the use of our systems is recorded. We generally retain technical data for 6 months. In order to ensure the functionality of these offers, we may also assign an individual code to you or your end device. The technical data in itself does not allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls or the processing of contracts, they may be linked to other data categories (and thus possibly to your person)

Other data

We also collect data from you in other situations. For example, in connection with governmental or legal proceedings, we may collect data (such as files, evidence, etc.) that may also relate to you. We may also collect data for health protection reasons (e.g. as part of protection concepts). We may obtain or produce photos, videos and sound recordings in which you may be recognizable (e.g. at events, through security cameras, etc.). We may also collect data about who enters certain buildings when or has corresponding access rights (incl. during access controls, based on registration data or visitor lists, etc.), who participates in events or campaigns (e.g. competitions) and when, or who uses our infrastructure and systems. Finally, we collect and process data about our shareholders and other investors; in addition to master data, this includes information for the relevant registers, regarding the exercise of their rights and the holding of events (e.g. general meetings). The retention period for this data depends on the purpose and is limited to what is necessary. This ranges from a few days for many of the security cameras and usually a few weeks for contact tracing data to visitor data, which is usually kept for 3 months, to reports on events with pictures, which can be kept for several years or longer. Data about you as a shareholder or other investor will be kept according to company law requirements, but in any case as long as you are invested.

Much of the aforementioned data you disclose to us yourself (e.g. via forms, in the course of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g. in the context of binding protection concepts (legal obligations). If you wish to conclude contracts with us or claim services, you must also provide us with data, in particular master data, contract data and registration data, as part of your contractual obligation under the relevant contract. When using our website, the processing of technical data is unavoidable. If you wish to gain access to certain systems or buildings, you must provide us with registration data. However, in the case of behavioral and preference data, you generally have the option to object or not to give consent.

As far as this is not inadmissible, we also take data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, media or the Internet incl. social media) or receive data from other companies within our group, from public authorities and from other third parties (such as credit agencies, address dealers, associations, contractual partners, Internet analysis services etc.)

Disclosure of personal data

We keep your personal data strictly confidential. Your personal data may be disclosed to third parties in connection with our contracts, the website, our services and products, our legal obligations, or otherwise to protect our legitimate interests and the other purposes mentioned, provided that:

  • you have given your consent to this,

  • the processing is necessary for the performance of a contract with you,

  • the processing is necessary for compliance with a legal obligation, or

  • the processing is necessary to protect legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognized as a legal basis by the respective applicable data protection law. However, this also includes the marketing of our products and services, the interest to better understand our markets and to safely and efficiently manage and develop our business, including operations.

The transfer of your personal data is made in particular to the following categories of recipients:

  • Rey companies: A list of our group companies can be found on our homepage. The Rey Companies may use and share the data for themselves under this Privacy Policy for the same purposes. We may also disclose health information to our group companies.

  • Service Providers: We work with service providers, both domestic and international, who process data about you on our behalf or in joint responsibility with us, or who receive data about you from us in their own responsibility (for example. IT providers, cloud services, system monitoring, remote maintenance, communication service providers, shipping companies, advertising service providers, login service providers, cleaning companies, auditors, trustees, legal persons, security companies, banks, insurance companies, debt collection companies, business information or address auditors). This may also include health information.

  • Contractual partners including customers: Meant are first the customers (e.g. service recipients) and other contractual partners of us, because this data transfer arises from these contracts. They receive, for example, registration data on issued and redeemed vouchers, invitations, etc.. If you work for such a contractual partner yourself, we may also transfer data about you to them in this context. This may also include health data. The recipients also include contractual partners with whom we cooperate or who advertise on our behalf and to whom we therefore transfer data about you for analysis and marketing purposes (these may again be service recipients, but also, for example, sponsors and providers of online advertising). We require these partners to only send you advertising or play it out based on your data if you have consented to this.

  • Authorities: We may disclose personal data to offices, courts and other authorities at home and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. This may also include health data. The authorities process data about you that they receive from us on their own responsibility.

  • Other persons: Meant are other cases where the inclusion of third parties arises from the purposes listed, such as service recipients, media and associations in which we participate.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict the majority of processing by certain third parties (e.g. auditors, trustees), but not those of other third parties (e.g. authorities, banks, etc.).


In addition, we reserve the right to disclose such data even if it concerns secret data (unless we have expressly agreed with you that we will not disclose such data to certain third parties, unless we would be legally obliged to do so). Notwithstanding the foregoing, your data will continue to be subject to appropriate data protection in Switzerland and the rest of Europe even after disclosure. If you do not wish certain data to be disclosed, please let us know so that we can consider whether and to what extent we can accommodate you.

Locations of data processing

As explained above, we also disclose data to other entities. These are not only located in Switzerland. Your data may therefore be processed both in Europe and outside. If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection law (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here:, unless it is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it is a matter of data made generally available by you, the processing of which you have not objected to.
Please also note that data exchanged via the Internet is often routed via third countries. Your data may therefore end up abroad even if the sender and recipient are in the same country.

Duration of processing

We process your data as long as this is necessary to achieve the purposes stated here and the legal retention periods and our legitimate interests of processing for documentation and evidence purposes require it or storage is technically necessary. After the respective purpose ceases to apply or this period expires, we delete or anonymize your data after the storage or processing period has expired within the scope of our usual processes if you have not consented to further processing and use.

Application documents from job applicants are stored in our systems with restricted access. At the latest after the decision to fill a position, the remaining application documents are disposed of. Data processing in the employment relationship is subject to the contractual provisions and the privacy policy for employees.

Protection of your data

We take reasonable security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing, and to protect against the risks of loss, accidental alteration, unintentional disclosure or unauthorized access.

Your Data Subject Rights

As a data subject, you have various rights in connection with our data processing activities. You may at any time request information about your stored data and its processing, have incorrect personal data corrected, arrange for the deletion of your personal data, restrict the data processing of your personal data - if we are not yet allowed to delete your data due to legal obligations -, object to the data processing or request the transfer of your personal data to other data controllers.

When you contact us, we reserve the right to identify you (e.g. with a copy of your ID card). In the case of disproportionate effort for the processing of your request, we can also require a cost sharing of up to CHF 300.00 from you. This would be communicated to you in advance.

Our response will be provided electronically and in PDF format, provided that the information is available. Otherwise, you will be informed that we do not process any data about you. Your request and our response will be kept by us for two years and then deleted. For evidence purposes, your request remains noted in the log (only with name, date and completion type) during the general statutory limitation period.

Please note that conditions, exceptions or limitations apply to these rights under applicable data protection law (e.g., to protect third parties or trade secrets). We will inform you accordingly if necessary.

If you have given us consent, you can revoke this at any time with effect for the future. You can also contact the supervisory authority responsible for you at any time with a complaint. The revocation of your consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Cookies and third-party technologies

In order to make our website more user-friendly, as well as to provide our services in a technically error-free, needs-oriented and secure manner, we use cookies as well as various third-party offers and technologies.


Our Internet pages use so-called cookies in several places. Cookies are small text files that are placed on your computer and stored by your browser. Furthermore, cookies enable our systems to recognize your browser and offer you services. Cookies do not contain any personal data.

Of course, you can generally view our website without cookies. Internet browsers are regularly set to accept cookies. You can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your Internet browser to find out how to change these settings. It is not guaranteed that you will be able to access all functions of this website without restrictions if your browser does not allow cookies.

According to the best efforts of those responsible, IP anonymization takes effect. The IP address of users is shortened, which eliminates the personal reference of your IP address.

Plugins and technologies from third parties

Our website currently uses the following offerings:

Social networks

We may operate pages and other online presences ("fanpages," "channels," "profiles," etc.) on social networks and other platforms operated by third parties, where we may collect the data about you described in this statement. We receive this data from you and the platforms when you come into contact with us through our online presence (e.g., when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms (e.g., about your behavior and preferences). They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalize advertising) and to control their platforms (e.g. which content they show you).

We process this data for the purposes described, so in particular for communication, marketing purposes (including advertising on these platforms) and market research. Content you publish yourself (e.g., comments on an announcement) may be redistributed by us (e.g., in our advertising on the Platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or to you in accordance with the usage guidelines (e.g. inappropriate comments).

For more information about the edits of the operators of the platforms, please refer to the privacy notices of the platforms. There you will also learn in which countries they process their data, which rights of access, deletion and other data subjects you have and how you can exercise these or obtain further information. Please note that we have no influence on the data processing by the operators of the platforms.

We currently use the following platforms: 

Change to privacy policy

This Privacy Policy is not part of any contract with you. The privacy policy is regularly adapted to the changed factual or legal circumstances. Binding is always the currently published version at:

Last updated: 09/27/2023

This cookie policy has been created and updated by Cookie Consent | CookieFirst.