We are subject to Swiss data protection law and, if applicable, foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
Responsibility for processing personal data:
eine Tochtergesellschaft des TCS
We will indicate if there are other responsible parties for the processing of personal data in specific cases.
Personal data refers to all information relating to an identified or identifiable natural person. An affected person is an individual whose personal data we process.
Processing includes any handling of personal data, regardless of the means and methods used, such as querying, matching, adjusting, archiving, storing, reading, disclosing, acquiring, recording, collecting, deleting, revealing, arranging, organizing, storing, modifying, distributing, linking, destroying, and using personal data.
The European Economic Area (EEA) includes the member states of the European Union (EU) as well as Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal-related data.
We process personal data in accordance with Swiss data protection law, especially the Federal Data Protection Act (Data Protection Act, DPA) and the Data Protection Ordinance (Data Protection Regulation, DPR).
We process – provided and insofar as the General Data Protection Regulation (GDPR) is applicable – personal data according to at least one of the following legal bases:
We process those personal data that are necessary in order to carry out our activities and tasks in a sustainable, user-friendly, secure, and reliable manner. Such personal data can particularly fall into the categories of inventory and contact data, browser and device data, content data, meta or edge data, usage data, location data, sales data, and contract and payment data.
We process personal data for the duration required for the respective purpose or purposes or as legally required. Personal data that is no longer required to be processed will be anonymized or deleted.
We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit it to third parties. Such third parties are particularly specialized providers whose services we use. We also ensure data protection with such third parties.
We process personal data fundamentally only with the consent of the affected persons. In cases where the processing is permissible for other legal reasons, we may refrain from obtaining consent. For example, we can process personal data without consent to fulfill a contract, to comply with legal obligations, or to safeguard overriding interests.
In this context, we particularly process details that an affected person voluntarily provides to us when contacting us - for example by regular mail, email, instant messaging, contact form, social media, or phone - or when registering for a user account. We may, for instance, store such details in an address book or similar tools. If we receive data about other people, those who provide the data are obliged to ensure data protection towards these persons and ensure the accuracy of this personal data.
We also process personal data that we obtain from third parties, procure from publicly accessible sources, or collect during the performance of our activities and tasks, provided that such processing is legally permissible.
We process personal data of applicants to the extent necessary to assess their suitability for an employment relationship or for the subsequent execution of an employment contract. The necessary personal data are primarily derived from the information requested, for example, within a job advertisement. We also process the personal data that applicants voluntarily provide or publish, especially as part of cover letters, CVs, and other application documents, as well as online profiles.
In cases where the General Data Protection Regulation (GDPR) applies, we process personal data of applicants particularly in accordance with Art. 9 Para. 2 lit. b GDPR.
We process personal data primarily in Switzerland and the European Economic Area (EEA). However, we can also export or transmit personal data to other countries, especially for processing or to have them processed there.
We can export personal data to any country or territory on Earth, as well as elsewhere in the Universe, provided the local law meets the decision of the Swiss Federal Council standards for adequate data protection and - if and when the General Data Protection Regulation (GDPR) applies - meets the decision of the European Commission for adequate data protection.
We can transfer personal data to countries whose laws do not guarantee adequate data protection, provided data protection is ensured for other reasons, especially based on standard data protection clauses or other appropriate guarantees. Exceptionally, we can export personal data to countries without adequate or appropriate data protection, if the special data protection legal requirements are met, such as the explicit consent of the affected persons or a direct connection with the conclusion or execution of a contract. We are happy to provide information or supply a copy of possible guarantees upon request.
We grant affected persons all claims in accordance with applicable data protection laws. Affected persons have the following rights in particular:
We may, within the legally permissible framework, delay, limit, or deny the exercise of the rights of affected persons. We can point out any prerequisites to be met for the assertion of their data protection claims. For example, we may fully or partially refuse to provide information, citing trade secrets or the protection of other persons. Similarly, we may fully or partially refuse to delete personal data, citing statutory retention obligations.
We may exceptionally charge fees for exercising these rights. We inform affected persons in advance of any possible charges.
We are obliged to identify affected persons who request information or assert other rights using appropriate measures. Affected persons are obligated to cooperate.
Affected persons have the right to assert their data protection claims in court or file a complaint with a competent data protection supervisory authority.
The supervisory authority for private entities and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Affected persons have – if and when the General Data Protection Regulation (GDPR) applies – the right to file a complaint with a competent European data protection supervisory authority.
We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security.
Access to our website is secured using transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.
Our digital communication is - as is fundamentally the case with all digital communication - subject to mass surveillance without cause or suspicion as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police agencies, and other security authorities.
Cookies can be stored temporarily in the browser as "Session Cookies" or for a specified duration as so-called permanent cookies. "Session Cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies, in particular, allow us to recognize a browser the next time it visits our website and, for instance, measure the reach of our website. However, permanent cookies can also be used for online marketing.
For cookies used for performance and reach measurement or for advertising, a general objection ("Opt-out") is possible for numerous services via the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
For every access to our website, we may record the following information, provided it is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including timezone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the specific sub-page of our website accessed including the amount of data transferred, and the last webpage accessed in the same browser window (referrer).
We store such information, which may also constitute personal data, in server log files. This data is necessary to provide our website consistently, user-friendly, and reliably and to ensure data security, especially the protection of personal data – either by ourselves or with the help of third parties.
We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels - also from third parties whose services we use - are small, typically invisible images that are automatically retrieved when visiting our website. The same information as in server log files can be captured with tracking pixels.
We are present on social media platforms and other online platforms to communicate with interested parties and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
We use services from specialized third parties to be able to carry out our activities and operations on a permanent, user-friendly, safe, and reliable basis. With such services, we can, for example, embed functions and content into our website. For such embedding, the used services capture at least temporarily the Internet Protocol (IP) addresses of users for technical reasons.
For necessary security-related, statistical, and technical purposes, third parties whose services we use can process data in connection with our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data to be able to offer the respective service.
We particularly use:
We use services from specialized third parties to be able to utilize the required digital infrastructure in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.
We recommend, depending on the situation, to mute the microphone by default when participating in audio or video conferences, to blur the background, or to display a virtual background.
We particularly use:
We use services from specialized third parties to enable the direct playback of digital audio and video content such as music or podcasts.
We specifically use:
We attempt to determine how our online offer is used. Within this context, we can, for example, measure the success and reach of our activities and operations as well as the impact of third-party links on our website. We can also test and compare how different parts or versions of our online offer are used ("A/B testing" method). Based on the results of success and reach measurements, we can in particular fix errors, strengthen popular content, or make improvements to our online offer.
For success and reach measurement, in most cases, the Internet Protocol (IP) addresses of individual users are saved. In this case, IP addresses are fundamentally shortened ("IP masking") to comply with the principle of data minimization through appropriate pseudonymization.
During success and reach measurement, cookies may be used and user profiles created. Any user profiles created typically include, for instance, the individual pages visited or viewed content on our website, details about the size of the screen or browser window, and the—at least approximate—location. Fundamentally, any user profiles are only pseudonymized and are not used for identifying individual users. Some third-party services, where users are logged in, may potentially associate the use of our online offer with the user account or user profile of the respective service.
We specifically use: