We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
When you visit this website, various personal data of yours are processed. Personal data is data with which you can be personally identified. This data protection declaration explains which data we collect. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
The entity responsible for the data processing is:
Phone: +41 44 396 22 44
The EU representative of Manres AG within the meaning of Article 27 GDPR is:
Phone: +49 30 8877 429 450
You can reach our data protection officer at: datenschutz[at]manres.com
In making our website available, we process only personal data that we need in order to present the offered content, in order to be able to contact you or remain in contact with you in a value-adding manner and to be able to provide you with the requested information or services. In addition, we process the personal data that you voluntarily provide to us, such as when you contact us via our contact form.
The data we process are:
When you access our website, certain personal data is processed automatically in order to enable us to present the content of our website. Your browser automatically transmits "server log files" to us, which contain the following data:
This data is not combined with data from other sources.
Personal master data, e.g.
Further information about you as a person, e.g.
Information about the company where you work, e.g.
Data related to the sales process, e.g.
Various statistical or analytical data, for example,
Data for managing your record in the system, e.g.
Data from email contact
Depending on the specific case, not all of these personal data or data categories may be processed (e.g. if you are a private individual and no information is available about the company for which you work). If required, we will gladly inform you about which of your personal data we specifically process (see 11. Rights of data subject).
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act and/or the Swiss Federal Data Protection Act (abbreviated as "Swiss DPA", effective from 01 September 2023.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations apply to data protection in Germany. This includes in particular the Law on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special provisions on the right to access, the right to erase, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated individual decision-making, including profiling. Furthermore, data protection laws of the individual federal states may apply.
Relevant legal basis according to the Swiss Data Protection Act: If you are located in Switzerland, we process your data based on the Federal Data Protection Act (abbreviated as "Swiss DPA", effective from 01 September 2023). This also applies if our processing of your data otherwise affects you in Switzerland and you are affected by the processing. The Swiss DPA does not generally provide that a legal basis for the processing of personal data must be stated (unlike, for example, the GDPR). We process personal data only when the processing is lawful, is conducted in good faith, and is proportionate (Article 6 (1) and (2) of the Swiss DPA). Furthermore, we only collect personal data for a specific purpose that is recognisable to the person concerned and process it only in a manner that is compatible with these purposes (Article 6 (3) of the Swiss DPA).
Reference to the applicability of the GDPR and the Swiss DPA: These privacy notices serve both to provide information in accordance with the Swiss Federal Act on Data Protection (Swiss DPA) and the General Data Protection Regulation (GDPR).
We process personal data in order to ensure that our website is made available without errors. Other data may be processed for statistical analysis of your user behavior. The legal basis for this processing is our legitimate interest (Article 6(1)f of the GDPR) in being able to offer you a flawlessly functioning website and to optimize our website technically taking into account user behavior.
Additional processing activities based on our legitimate interest may include:
In cases where the processing of your data is required by law, processing takes place based on Article 6(1)c of the GDPR. This may be done e.g. in order to satisfy documentation requirements vis-à-vis tax or other authorities.
We also process your personal data in cases where you consent to such processing (Article 6(1)a of the GDPR). You may revoke such consent at any time; to do so, you need only send us an informal e-mail message. However, the lawfulness of the data processing which takes place prior to the revocation of consent will remain unaffected by such revocation.
Furthermore, we process your personal data for the following purposes:
4.1 Processing and responding to requests (contact form)
The processing of the data entered in the general contact form (at minimum e-mail address, title, first and last name, company name; optionally: phone number, interests) is undertaken based on a weighing of interests in accordance with Article 6(1)f GDPR. Our legitimate interests consist in communicating with you and responding to your enquiry.
The data entered by you in the contact form will remain with us until you request us to delete them or declare your objection or if the purpose for data storage no longer applies after your request has been processed. The latter is not automatically the case after we have responded to your request, as we would also like to provide you with optimal support across several potential requests (see also 4.6 Other purposes in connection with the aforementioned purposes). Mandatory provisions of law - e.g. retention periods - are not prejudiced hereby.
4.2 Processing of publication orders (form: Publication order)
The processing of your personal data that you enter in the order form (at minimum first and last name, e-mail, phone number, desired publication and number of copies; optionally: private or business address) takes place on the basis of Article 6(1)b GDPR in order to be able to process your enquiry in the course of initiating and performing the contract.
The data entered by you in the order form will remain with us until you request us to delete them or declare your objection or if the purpose for data storage no longer applies after your request has been processed. The latter is not automatically the case after your publication order has been processed, as we would like to provide you with optimal support even across several potential requests (see also 4.6 Other purposes in connection with the purposes mentioned above). Mandatory provisions of law - e.g. retention periods - are not prejudiced hereby.
4.3 Processing your event registration (form: Event registration)
The processing of the data entered in the event registration form (at minimum title, first and last name, e-mail address, company name) is based on a weighing of interests in accordance with Article 6(1)f GDPR. Our legitimate interests consist in the processing of your registration and in communicating with you concerning the respective event.
In the case of a paid event, Article 6(1)b GDPR (contract initiation or performance) may also be the legal basis for processing your personal data.
The data entered by you in the event registration form will remain with us until you request us to delete them or declare your objection or if the purpose for data storage no longer applies after your request has been processed. The latter is not automatically the case after your registration has been processed, as we would like to provide you with optimal support even across several potential inquiries (see also 4.6 Other purposes in connection with the aforementioned purposes). Mandatory provisions of law - e.g. retention periods - are not prejudiced hereby.
4.4 Sending newsletters, information about products and offers as well as event information and invitations
If you have consented to receive newsletters from us, we will process your personal data (e.g. your title, first and last name, and e-mail address, and in the case of event invitations, possibly also your postal address) in order to send them and, if necessary, to address you personally in them. Our newsletters contain, for example, information on Manres products and news and on topics in which we specialise and which may be of interest to you, such as leadership and transformation. Likewise, our newsletters contain notices or invitations to upcoming Manres events, such as our annual "From CEO to CEO" event.
Unless you are a customer of Manres and/or have shown a clear interest in our services (e.g. by requesting an offer), we will only process your personal data for this purpose if you have given us your consent to do so. In this case, the legal basis for the data processing is Article 6(1)a GDPR. You may revoke your consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. However, the legality of the data processing carried out until the revocation shall remain unaffected by the revocation. Our email communications (e.g., newsletters) usually contain one or more links that allow you to unsubscribe from the particular newsletter category you are receiving or from some or all newsletter categories. For example, these links have titles such as "Unsubscribe" and "Manage settings". Please note: As long as we generally process your personal data (i.e. as long as your data are stored in our system, regardless of whether you are registered for one or more newsletter categories), you will always receive legal and data protection information from us. The reason for this is that we are legally obliged (e.g. by the EU GDPR) to provide you this information. This communication is therefore not based on your consent. Instead, the legal basis is the fulfillment of legal obligations (Article 6(1)c GDPR). Furthermore, your data will remain stored in our system even if you unsubscribe from all newsletter categories; your data record will not be automatically deleted by unsubscribing from all types. This serves the purpose of being able to resume communication with you seamlessly and to process your requests as well as possible, for example, taking into account your preferences from the past. Should you wish us to remove your data completely from our system, please write us an informal e-mail to email@example.com. We will of course be pleased to comply with your request, although we would regret losing contact with you.
If you are an existing customer of Manres or have shown a clear interest in our services (e.g. by requesting a quote or by attending one or more of our events), we may process the aforementioned personal data to inform you about existing or new products and to notify you about certain (e.g. limited-time) offers from Manres. In this case, the legal basis for the data processing is Article 6(1)f GDPR, whereby our legitimate interest is to recommend to you as an interested party or customer products or offers of ours that could be of interest and benefit to you. If you have also given us your consent, the legal basis for data processing is Article 6(1)a GDPR.
4.5 Ensuring seamless contact with you
If you send emails to employees of Manres AG and/or Manres GmbH, we may process your personal data (such as your salutation, first and last name, email address, email metadata, as well as the content of the email text, also known as 'body') to ensure seamless and satisfactory contact with you, which, among other things, avoids redundancies. By storing the data of the email conversation in our Customer Relationship Management system, multiple employees of Manres AG and/or Manres GmbH can seamlessly handle your request, even in the case of illness or vacation-related absences. If we have a contract with you or are in the process of negotiating a contract, the legal basis for data processing is Article 6(1)b GDPR. Otherwise, Article 6(1)f is the legal basis, with our legitimate interest being to process your request as effectively as possible.
4.6 Other purposes in connection with the aforementioned purposes (4.1 - 4.5)
If we process your personal data for any of the aforementioned purposes, we will also process these personal data and, if applicable, other personal data for the following purposes:
4.6.1 Maintaining the relationship with you
We process your personal data (e.g. your first and last name, address, email address, preferred language of communication, date of most recent email communication; employee responsible for you, LinkedIn bio, Twitter username if it can be found via your email address, number of times you have contacted us, access to the most recent email sent via Outlook integration) to maintain our relationship with you as a valued or prospective customer. Examples include sending physical or digital Christmas cards or facilitating communication by providing easily accessible information such as the date of our most recent communication.
If you have given us your consent to this type of data processing, the legal basis for the data processing is Article 6(1)a GDPR. You may revoke your consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. However, the legality of the data processing carried out until the revocation shall remain unaffected by the revocation.
If we have an existing customer relationship or you have a clear interest in us and our services (e.g. because we are in the process of preparing an offer, you have ordered a publication from us or you have expressed such an interest by sending us a message via the contact form), we process your data on the basis of Article 6(1)f GDPR. Our legitimate interest is to maintain the relationship with you as a customer or prospective customer.
4.6.2 Development of a potential customer or customer relationship
We process your personal data (e.g. personal master data; name of the company you work for; assessment of your role in the customer relationship, e.g. "lead", "opportunity", "subscriber: in"; most recent contact; more recent form submitted by you) in order to make the development of prospects through the initiation of a customer relationship up to the actual customer relationship effective, efficient and convenient for you. For example, we might record when we communicated about a particular request, by what date you expected an offer, when we sent you a quote, and when you responded.
If you have given us your consent to this type of data processing (e.g. if you only subscribe to our newsletter), the legal basis for the data processing is Article 6(1)a GDPR. You may revoke your consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. However, the legality of the data processing carried out until the revocation shall remain unaffected by the revocation.
If we have an existing customer relationship or you have a clear interest in us and our services (e.g. because we are in the process of preparing an offer, you have ordered a publication from us or you have expressed such an interest by sending us a message via the contact form), we process your data on the basis of Article 6(1)f GDPR. Our legitimate interest is to meet your needs in a timely, efficient and overall professional manner and to provide you with a smooth experience, for example, even when multiple consultants are involved.
4.6.3 Understanding your interests and needs
We process your personal data (e.g. the links in our emails that you click on, date of the most recent response to a marketing email, number of marketing emails sent since last interaction, last website from which you were referred to our website) to understand which topics and content are of particular interest to you and other customers or potential customers.
The legal basis for this data processing is Article 6(1)a GDPR. Our legitimate interest is to understand your interests and needs and to provide you with even more interesting content tailored to your needs and to further develop our services and products.
4.6.4 Managing your record in our system
We process your personal data (e.g. registration date in our system, confirmation status of your e-mail address, automatically generated contact ID, opt-out information regarding certain e-mail types, applicable legal basis of data processing) to manage your data record in our system.
The legal basis for this data processing is Article 6(1)a GDPR. Our legitimate interest is to process your data accurately and reliably and to respect your wishes regarding marketing communications (e.g. opt-out).
4.7 Email Contact
We process your personal data (such as your first and last name, email address, additional contact information, and any personal data you provide in your messages during contact) to respond to your email messages and address any concerns you may have.
The legal basis for this data processing depends on the nature of your message or request:
4.8 Online marketing
We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "Content") based on the potential interests of users and the measurement of their effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedure in which the relevant user information for the display of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, communication partners and technical information such as the browser used, computer system used and information on usage times and used functions. If users have consented to the collection of their sideline data, these can also be processed.
The IP addresses of the users are also stored. However, we use provided IP masking procedures (i.e. pseudonymisation by shortening the IP address) to ensure the protection of the user's by using a pseudonym. In general, within the framework of the online marketing process, no clear user data (such as e-mail addresses or names) is secured, but pseudonyms. This means that we, as well as the providers of online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or similar memorizing procedures. These cookies can later, generally also on other websites that use the same online marketing technology, be read and analyzed for purposes of content display, as well as supplemented with other data and stored on the server of the online marketing technology provider.
Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing technology we use and the network links the profiles of the users in the aforementioned data. Please note that users may enter into additional agreements with the social network providers or other service providers, e.g. by consenting as part of a registration process.
As a matter of principle, we only gain access to summarised information about the performance of our advertisements. However, within the framework of so-called conversion measurement, we can check which of our online marketing processes have led to a so-called conversion, i.e. to the conclusion of a contract with us. The conversion measurement is used alone for the performance analysis of our marketing activities.
Unless otherwise stated, we kindly ask you to consider that cookies used will be stored for a period of two years.
Further information on processing methods, procedures and services used:
4.8.2 Google Ads and Conversion Tracking
4.8.4 Google Tag Manager
4.8.5 Google Analytics 4
4.8.6 Google Ads Remarketing
Cookies are small text files or other data records that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the contents accessed or the functions used. Cookies can also be used for various purposes, e.g. for purposes of functionality, security and convenience of online offers as well as the creation of analyses of visitor flows.
Retention period: With regard to the retention period, a distinction is drawn between the following types of cookies:
Further information on processing methods, procedures and services used:
Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may, for example, be graphics, videos or city maps (hereinafter uniformly referred to as "Content").
The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.
Further information on processing methods, procedures and services used:
Within our enterprise, those offices that need your data in order to fulfil our contractual and legal obligations will receive them. Job processors used by us (Article 28 GDPR) may receive data for these purposes. These are in the present case companies in the categories: IT services, telecommunications as well as sales and marketing, in particular the processor that provides us with the customer relationship management tool. If your enquiry is addressed to our affiliated company Manres GmbH, we may transfer the data for further processing of the request. In addition, data will only be passed on to recipients outside our enterprise if this is prescribed by law, if you have given your consent or if we are authorised to provide the information. Under these conditions, the recipients of the personal data can be, for example: public bodies and institutions (e.g. supervisory authorities) where there is a legal or official obligation.
Other data recipients may be those for whom you have given us your consent to data transmission.
In the context of the joint administration of our database of prospective customers and customers, it is foreseeable that employees of Manres GmbH in Germany will enter your personal data into the corresponding system of Manres AG. This is necessary because Manres GmbH, as a subsidiary, shares the IT and service provider infrastructure of Manres AG. As part of the joint cultivation of relationships with our prospective customers and customers, it is highly likely that employees of Manres AG will also access the data entered by employees of Manres GmbH. This refers to Purposes 4.1 up to and including 4.6 and, under certain circumstances, purpose 4.7 (provided that the data from email contact has been stored in our customer relationship management system), as well as possibly purpose 4.8. The legal basis for this third country transmission is an adequacy decision of the EU Commission for Switzerland.
EU-US Trans-Atlantic Data Privacy Framework: Within the context of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA as secure within the adequacy decision of 10th July 2023. The list of certified companies as well as additional information about the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you which of our service providers are certified under the Data Privacy Framework as part of our data protection notices.
In certain cases, the processing of your personal data for the purpose of online marketing (4.8) may result in your data being transferred to the United States of America. The legal basis for this third country transfer is then the Standard Data Protection Clauses that are applied in the order processing contract with the respective data processor, or the DPF.
No further data is transferred to third countries (countries outside the European Economic Area (EEA)).
In accordance with the Swiss Data Protection Act (DSG), we only disclose personal data abroad when an appropriate level of protection for the affected persons is ensured (Art. 16 Swiss DSG). If the Federal Council does not determine that there is an adequate level of protection, we implement alternative security measures. These measures may include international agreements, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC), or internal company data protection regulations previously recognised by the FDPIC or a competent data protection authority of another country.
Under Art. 16 of the Swiss DSG, exceptions can be made for the disclosure of data abroad if certain conditions are met, including the consent of the affected person, contract execution, public interest, protection of life or physical integrity, publicly made data or data from a legally provided register. Such disclosures always comply with the legal requirements.
This site uses SSL and TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
The customer relationship management system we use makes some automated assessments based on the available (mainly statistical and analytical) data. For example, it determines an automatic "lead score", i.e. a value for the probability that a contact will become a customer. However, such values are for our information only.
No automated decision making takes place based on personal data.
If the provisions of the GDPR are applicable, every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR and the right to data portability under Article 20 GDPR. The restrictions in accordance with §§ 34 and 35 FDPA (if applicable) shall apply to the right to information and the right to erasure. In addition, there is a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR as related to § 19 FDPA).
If the provisions of the GDPR are applicable, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Article 6(1)f of the GDPR (data processing on the basis of a weighing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR, which we use for credit assessment and for advertising purposes. If you lodge an objection, we will no longer process your personal data, unless we can demonstrate compulsory grounds worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend against legal claims.
You may withdraw previously granted consent to the processing of your personal data at any time informally without any special reason. A notification by e-mail to us is sufficient for this purpose. However, the legality of the data processing carried out until the withdrawal shall remain unaffected by the withdrawal.
The objection or withdrawal may be made informally and should be addressed if possible to: datenschutz[at]manres.com
If the provisions of the Swiss DPA are applicable, every data subject has the following rights: