We are subject to Swiss data protection law as well as any applicable foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognises that Swiss data protection legislation ensures adequate data protection.
1. Contact details
Responsibility for the processing of personal data:
There may be other persons responsible for the processing of personal data in individual cases.
Data protection representative in the European Economic Area (EEA)
We have the following data protection representative in accordance with Art. 27 GDPR. The data protection representation serves as a additional contact point for enquiries related to the General Data Protection Regulation (GDPR):
VGS Data Protection Partners UG
Am Kaiserkai 69
2. Terms and legal basis
Personal data means all information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed.
Processing includes every handling of personal data, independent of the means and procedures used, in particular the storage, disclosure, acquisition, collection, deletion, storage, modification, destruction and use of personal data.
The European Economic Area (EEA) comprises the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.
2.2 Legal bases
We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (FADP) and the Regulation to the Federal Data Protection Act (FADP).
If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:
- Art. 6(1)(b) GDPR for the necessary processing of personal data for the performance of a contract with the data subject and for the implementation of pre-contractual measures.
- Art. 6(1)(f) GDPR for the necessary processing of personal data in order to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and fundamental rights as well as the interests of the data subject prevail. Legitimate interests include, in particular, our interest in being able to carry out and communicate about our activities and activities in a durable, user-friendly, secure and reliable manner, ensuring information security, protecting against misuse, enforcing our own legal claims and complying with Swiss law.
- (1)(c) GDPR for the necessary processing of personal data in order to fulfil a legal obligation to which we are subject in accordance with the applicable law of member states in the European Economic Area (EEA).
- (1)(e) GDPR for the necessary processing of personal data for the performance of a task in the public interest.
- (1)(a) GDPR for the processing of personal data with the consent of the data subject.
- (1)(d) GDPR for the necessary processing of personal data in order to protect the vital interests of the data subject or another natural person.
3. Nature, scope and purpose
We process the personal data that is necessary in order to be able to carry out our activities and activities in a durable, user-friendly, secure and reliable manner. Such personal data may, in particular, fall into the categories of inventory and contact data, browser and device data, content data, meta and/or boundary data and usage data, location data, sales data, contract and payment data.
We process personal data during the period that is required for the respective purpose or purposes or by law. Personal data that is no longer required to be processed will be made anonymous or deleted.
We may have personal data processed by third parties. We may process personal data together with third parties or transmit it to third parties. Such third parties are, in particular, specialised providers whose services we use. We also guarantee data protection for such third parties.
We process personal data only with the consent of the data subject, unless the processing is permitted for other legal reasons. Processing without consent may, for example, be permissible for the performance of a contract with the data subject and for corresponding pre-contractual measures to safeguard our overriding legitimate interests, because the processing is apparent from the circumstances or after prior information.
In this context, we process in particular information that a data subject transmits to us when contacting us – for example, by letter post, e-mail, instant messaging, contact form, social media or telephone – or when registering for a user account voluntarily. We may store such information, for example, in an address book, in a customer relationship management system (CRM system) or by similar means. If we receive data about other persons, the persons transmitting the data are obliged to ensure the privacy of these persons and the accuracy of such personal data.
We also process personal data that we obtain from third parties, obtain from publicly available sources or collect in the course of our activities and activities, insofar as such processing is permitted for legal reasons.
We process personal data about applicants insofar as it is necessary for the assessment of their suitability for an employment relationship or for the subsequent performance of an employment contract. The necessary personal data arises in particular from the information requested, for example in the context of a job advertisement. We also process personal data that applicants voluntarily provide or publish, in particular as part of cover letters, CVs and other application documents as well as online profiles.
We process – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data about applicants in particular in accordance with Art. 9(2)(b) GDPR.
We use third-party services to advertise vacancies and to enable and manage applications via e-recruitment.
5. Personal data abroad
We process personal data in principle in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular to process or have it processed there.
We may export personal data to all countries, states and territories on Earth as well as elsewhere in the universe provided that the law there ensures adequate data protection according to Assessment of the Federal Data Protection and Information Commissioner (FDPIC) or in accordance with the decision of the Swiss Federal Council and – insofar as and insofar as the General Data Protection Regulation (GDPR) is applicable – adequate data protection according to the decision of the European Commission.
We may transfer personal data to countries where the law does not ensure adequate data protection if data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, such as the explicit consent of the data subjects or a direct connection with the conclusion or execution of a contract. We will be happy to provide affected persons with information on any warranties on request or provide copies of such warranties.
6. Rights of data subjects
Data subjects about whom we process personal data have the rights under Swiss data protection law. These include the right to information and the right to correction, deletion or blocking of the personal data processed.
Data subjects whose personal data we process may request confirmation free of charge as to whether we are processing personal data relating to them if and to the extent that the General Data Protection Regulation (GDPR) applies. In this case, data subjects may request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability and have their personal data corrected, deleted (‘right to be forgotten’), blocked or completed.
Data subjects whose personal data we process may – insofar as and to the extent that the GDPR is applicable – revoke their consent at any time with effect for the future and object to the processing of their personal data at any time.
Data subjects about whom we process personal data have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
7. Data security
We take appropriate technical and organisational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security.
Our website is accessed using transport encryption (SSL/TLS, in particular the Hypertext Transfer Protocol Secure, or HTTPS). Most browsers mark transport encryption with a padlock in the address bar.
Our digital communications are subject to mass surveillance without cause and suspicion, as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We have no direct influence on the processing of personal data by intelligence services, police authorities and other security authorities.
8. Use of the Website
Cookies can be stored in the browser temporarily as ‘session cookies’ or for a certain period as so-called ‘permanent cookies’. ‘Session cookies’ are automatically deleted when the browser is closed. Persistent cookies have a certain storage period. In particular, cookies enable us to recognise a browser the next time you visit our website and thus measure the reach of our website, for example. However, persistent cookies can also be used for online marketing, for example.
In the case of cookies used for performance and reach measurement or for advertising, a general opt-out is possible for many services via AdChoices (Digital Advertising Alliance of Canada), Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
8.2 Server log files
We may collect the following information each time our website is accessed, if it is transmitted from your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual sub-page of our website including the amount of data transmitted, last visited in the same browser window (Referrer).
We store such information, which may also represent personal data, in server log files. The information is necessary to provide our website in a durable, user-friendly and reliable manner as well as to ensure data security and thus in particular the protection of personal data – also by third parties or with the help of third parties.
8.3 Tracking pixels
We may use web beacons on our website. Web beacons are also known as web beacons. Web beacons. Web beacons – including those from third parties whose services we use – are small images that are usually invisible and are automatically retrieved when you visit our website. Web beacons can collect the same information as in server log files.
9. Notifications and communications
We send notifications and notifications by email and through other communication channels such as instant messaging or SMS.
9.1 Measurement of success and reach
Notifications and messages may contain web links or web pixels that record whether an individual message has been opened and which web links have been clicked on. Such web links and web pixels may also record the use of notifications and messages by individuals. We need these statistics of usage for measuring success and reach in order to be able to send notifications and messages based on recipients’ needs and reading habits in an effective and user-friendly way, as well as durable, secure and reliable manner.
9.2 Consent and objection
You must in principle expressly consent to the use of your e-mail address and other contact addresses, unless otherwise permitted by law. For any consent, we use the ‘double opt-in’ procedure wherever possible, i.e. you will receive an e-mail with a web link which you must click on to confirm in order to avoid misuse by unauthorised third parties. We may log such consent, including Internet Protocol (IP) address and date and time, for reasons of proof and security.
You may, in principle, object to receiving notifications and communications such as newsletters at any time. With such an objection, you may at the same time object to the statistical collection of usage for measuring success and reach. We reserve the right to notify and communicate required in connection with our activities and activities.
9.3 Notification and Notification Service Providers
We send notifications and messages with the help of specialised service providers.
10. Social Media
We are present on social media platforms and other online platforms in order to communicate with interested persons and to provide information about our activities and activities. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
11. Third party services
We use services from specialised third parties in order to be able to carry out our activities and activities in a durable, user-friendly, secure and reliable manner. Such services enable us, amongst other things, to embed functions and content on our website. In such embedding, the services used collect, at least temporarily, the Internet Protocol addresses of users for technically imperative reasons.
For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and activities in an aggregated, anonymised or pseudonymised form. This includes, for example, performance or usage data in order to be able to offer the respective service.
11.1 Digital Infrastructure
We use services from specialised third parties to access the digital infrastructure needed in connection with our activities and activities. This includes, for example, hosting and storage services from selected providers.
We use services from selected providers to better communicate with third parties, such as potential and existing customers.
11.3 Audio and video conferences
Depending on your life situation, we recommend that you mute the microphone by default, blur the background or display a virtual background when participating in audio or video conferences.
11.4 On-line cooperation
11.5 Social media features and content
We use third-party services and plug-ins to embed features and content from social media platforms and to enable content sharing on social media platforms and other means.
We use third-party services to embed selected fonts, icons, logos and icons on our website.
12. Measurement of success and reach
We use services and programs to determine how our online offer is used. In this context, we may, for example, measure the success and scope of our activities and activities, as well as the impact of third-party links to our website. However, we may also, for example, try and compare how different versions of our online offer or parts of our online offer are used (‘A/B test’). Based on the results of the success and reach measurement, we can in particular correct errors, strengthen popular content or make improvements to our online offering.
In the use of services and programs for measuring success and reach, the Internet Protocol addresses of individual users must be stored. IP addresses are in principle shortened (‘IP masking’) in order to comply with the principle of data economy through the appropriate pseudonymisation and thus improve user data protection.
Cookies and user profiles may be used in the use of services and programs for measuring success and reach. User profiles may include, for example, the pages visited or the content viewed on our website, information on the size of the screen or browser window, and the location at least approximate. In general, user profiles are created in pseudonymised form only. We do not use user profiles to identify individual users. Individual services of third parties with which users are logged in may only associate the use of our online offer with the user account or user profile for the respective service.
13. Final provisions
We may amend and supplement this data protection declaration at any time. We will inform you of such adjustments and supplements in an appropriate form, in particular by publishing the current data protection declaration on our website.