Data protection declaration
Responsibility for the processing of personal data:
Loretta Scherler, SCI Schweiz
We point out if there are other persons responsible for processing personal data in individual cases.
2. Processing of personal data
Personal Data is any information relating to an identified or identifiable person. A Data Subject is a person about whom personal data are processed. Processing covers any handling of personal data, regardless of the means and procedures applied. In particular, it includes the storage, disclosure, acquisition, collection, deletion, storing, modification, destruction and use of personal data.
2.2 Legal basis
We process personal data in compliance with Swiss data protection law, particularly the Federal Data Protection Act (FADP), Bundesgesetz über den Datenschutz (DSG) and the Ordinance to the Federal Data Protection Act (FDPA), Verordnung zum Bundesgesetz über den Datenschutz (VDSG).
2.3 Nature, extent and purpose
We process the personal datarequired to provide our servicesin a permanent, user-friendly, secure and reliable way. Such personal data mayfall into the categories ofinventory and contact data, browserand device data, content data, meta ormarginal data and usage data, location data, sales, contract and payment data.
We process personal data for the period of time required for the relevant purpose(s) or as required by law. Personal data whose processing is no longer necessary is anonymized or deleted. Persons whose data we process generally have the right to have their data deleted.
As a matter of principle, we only process personal data with the consent of the data subject, unless the processing is permitted for other legal reasons. For instance, tofulfil a contract with the data subject and for corresponding pre-contractual measuresin order to protect our overriding legitimate interests, since the processing is evident from the circumstances or after prior information.
In this context, we process in particular information that the data subject provides to usvoluntarily and personallywhen contacting us – for example, by letter, email, contact form, social media or telephone – or when registering for a user account. We maystore such information, for example, in an address book or with comparable tools. In case you transmit personal data to us via third parties, you are obliged toguarantee data protection in relation to the third parties concerned and to ensure the accuracy of such personal data.
We also process personal data that we receive from third parties, obtain from publicly available sources or collect in the course of providing our services, if and insofar as such processing is permitted for legal reasons.
2.4 Processing of personal databy third parties, also abroad
We may have personal data processed by commissioned third parties or process it jointly with third parties or with the help of third parties or transmit it to third parties. Such third parties are in particular providers whose services we use. We also ensure appropriate data protection for such third parties.
Such third parties are generally located in Switzerland and in the European Economic Area (EEA). However, such third parties may also be located in other states and territories on earth as well as elsewhere in the universe, provided that their data protection law guarantees adequate data protection inthe opinion of the Federal Data Protection and Information Commissioner (FDPIC), Datenschutzrecht nach Einschätzung des Eidgenössischen Datenschutz- und Öffentlichkeitsbeauftragten (EDÖB), or if adequate data protection is guaranteed for other reasons. This may be the case, for example, through a corresponding contractual agreement, in particular on the basis of standard contractual clauses, or through a relevant certification. Exceptionally, such a third party may be located in a country without adequate data protection, provided that the requirements under data protection law, such as the explicit consent of the data subject, are met.
3. Rights of data subjects
Data subjects whose personal data we processdispose of the rightsaccording to Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of thepersonal data processed.
Data subjects whose personal data we process have the right to appeal to acompetent supervisory authority. The supervisory authority for data protection in Switzerland is theFederal Data Protection and Information Commissioner (FDPIC), Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (EDÖB).
4. Data security
We take appropriate andsuitable technical and organizational measures in order to ensure data protection andin particular data security. However, despite such measures, the processing of personal data on the Internet can always have security gaps. We can therefore notguarantee absolute data security.
Access to our online servicestakes place viatransport encryption (SSL / TLS, in particularwith the Hypertext Transfer Protocol Secure, abbreviated HTTPS).Most browsers mark transport encryption with a padlock in the address bar.
Access to our online servicesis subject -as is basically any use of the Internet-to mass surveillance and other monitoring by security authorities in Switzerland, in the European Union (EU), in the United States of America (USA) and in other countries without any reason or suspicion. We cannot directly influence the corresponding processing of personal data by secret services, police agencies and other security authorities.
5. Use of the website
Cookies can be stored in your browser temporarily as “session cookies” when you visit our website or for a certain period of time as so-called permanent cookies.“Session cookies” are automatically deleted when you close your browser. Permanent cookies have a specific storage period. In particular, they enable us to recognize your browser the next time you visit our website and thus, for example, to measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.
5.2 Server log files
We may record the following information for each access to our website, provided that this information is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including data volume transferred, website last accessed in the same browser window (referer or referrer).
We store such information, which may also constitute personal data, in server log files. This information is necessary to provide our online services permanently, user-friendly and reliably and to ensure data security and thus in particular the protection of personal data – also by third parties or with the help of third parties.
5.3 Tracking pixels
We may use tracking pixels on our website. Tracking pixels are alsoknownas web beacons. Tracking pixels – including those from third parties whose services we use – are small, usually invisible images that are automatically retrieved when you visit our website. Web beacons can be used tocollect the same information as server log files.
6. Notifications and communications
We send notifications and communications like newsletters via e-mail and other communication channels such as instant messaging.
6.1 Performanceand reach measurement
Notifications and communications may contain weblinks or tracking pixels that recordwhether an individual communicationhas been opened and which web links have thereby beenclicked. Such weblinks and tracking pixels may also record the use of notifications and messages on a personal basis. We need this statistical recording of usage for performance and reach measurement in order to be able to offer notifications and communications effectively and in a user-friendly manner based on the needs and reading habits of the recipients, as well as permanently, securely and reliably.
6.2 Consent and objection
In principle, you must expressly consent to the use of your e-mail address and other contact addresses, unless such use is permitted for other legal reasons. For any consent to receive e-mails, we use the “double opt-in” procedure wherever possible, i.e. you will receive an e-mail with a web link that you must click to confirm, so that no misuse by unauthorized third parties can take place. We may log such consents including Internet Protocol (IP) address, date and time for evidence and security reasons.
In principle, you can unsubscribe from notifications and communications such as newsletters at any time. This does not apply tonotifications and messages that are absolutely necessary for our services. By unsubscribing, you can in particular object to the statistical recording of usage for performance and reach measurement.
7. Social Media
We are present on social media platforms and other online platforms in order to communicate with interested persons and to inform them about our services. In this context, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
8. Success and reach measurement
8.1 Google Analytics
We use Google Analytics to analyse how our website is used, including, for example, the reach measurement of our website and the success of third-party links to our website. This is a service provided by the AmericanGoogle LLC. For users in the European Economic Area (EEA) and Switzerland, the Irish company Google Ireland Limited is responsible.
Google also attempts to record individual visitors to our website if they use different browsers or devices (cross-device tracking). Cookies are also used for this purpose. Google Analytics requires your Internet Protocol (IP) address, but this is not merged with other Google data.
In any case, we have your Internet Protocol (IP) address anonymised before it is analysed by Google. As a result, your full IP address will basically not be transmitted to Google in the USA.
We use Google Analytics with Google Signals. This provides us with enhanced statistics on visitors to our website who have activated personalised advertising as registered users of Google. We cannot establish a link to individual Google user accounts despite these extended statistics.
Further information on the nature, extent and purpose of data processing can be found inGoogle’s privacy and security policy, Grundsätzen für Datenschutz und Sicherheit and in the privacy statement, Datenschutz erklärung, in the guide to data protection in Google products (including Google Analytics), Leitfaden zum Datenschutz in Google-Produkten, in the information on how Google uses data from websites on which Google services are used, Informationen, wie Google Daten von Websites verwendet, auf denen Google-Dienste genutzt werden and in the information on cookies at Google, Informationen über Cookies bei Google. In addition, it is possible to use the “Browser Add-on to deactivate Google Analytics”, «Browser Add-on zur Deaktivierung von Google Analytics» as well as the Widerspruch gegen personalisierte Werbung to object to personalised advertising.
8.2 Google Tag Manager
We use the Google Tag Manager to integrate and manage services for analytics or advertising from Google as well as from third parties on our website. This is a service of the American Google LLC. For users in the European Economic Area (EEA) and in Switzerland, the Irish company Google Ireland Limited is responsible. No cookies are used, but cookies may be used as part of the services integrated and managed with it. We provide information on the processing of personal data by such services in this data protection declaration.
9. Services from third parties
We use third-party services in order to be able to provide our services in a permanent, user-friendly, secure and reliable way. Third-party services are also used to embed content on our website. Such services – for example hosting and storage services, video services and payment services – require your Internet Protocol (IP) address, as such services cannot otherwise transmit the corresponding content. Such services may be located outside of Switzerland and the European Economic Area (EEA), provided that adequate data protection is guaranteed.
For their own security-related, statistical and technical purposes, third parties whose services we use may also process data in connection with our services as well as from other sources – including cookies, log files and tracking pixels – in aggregated, anonymised or pseudonymised form.
9.1 Digital infrastructure
We use third party services to provide the necessary digital infrastructure for our services. This includes, for example, hosting and storage services from specialized providers.
In particular, we use:
9.2 Social media functions and social media content
We use ShareThis to enable you to share content from our online services on social media and other online platforms and to use other social media functions. Cookies are also used in this process. ShareThis is a service of the American ShareThis Inc. Social media and other online platforms to which you are registered as a user enable us to associate the use of our online services with your profile.
10. Final provisions
We can adapt and supplement this data protection declaration at any time. We will inform about such adjustments and additions in an appropriate form, in particular by publishing the respective current data protection declaration on our website.