Privacy policy

1. Contact addresses

The person responsible for data protection is:

Marc Mosimann

044 442 44 23
hc.aronas@ofni

In individual cases, third parties may be responsible for the processing of personal data or there may be joint responsibility with third parties. We will gladly inform the persons concerned about the respective responsibility upon request.

2. Definitions and Legal Bases

2.1 Definitions

Data subject: a natural person whose personal data we process.

Personal data: any information relating to an identified or identifiable natural person.

Sensitive personal data: data relating to trade union membership, political opinions, religious or philosophical beliefs, health, sexual life, racial or ethnic origin, genetic data, biometric data used for the purpose of identifying a natural person, data relating to criminal convictions or offences or related security measures, and data relating to social security measures.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

2.2 Legal Bases

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance to the Federal Act on Data Protection (Data Protection Ordinance, DPO).

3. Type, scope and purpose of processing personal data

We process the personal data that is necessary for us to be able to carry out our activities and operations in a sustainable, human-friendly, safe and reliable manner. The personal data processed may in particular fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data. The personal data processed may also represent special categories of personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect when carrying out our activities and operations, provided that such processing is permitted.

We process personal data if and to the extent that we have the consent of the affected persons. We may process personal data without consent in many cases, for example to fulfil legal obligations or to protect overriding interests. We may also ask affected persons for their consent even if it is not required.

We process personal data for the duration that is necessary for the respective purpose. We anonymise or delete personal data in particular depending on legal retention and limitation periods.

4. Disclosure of personal data

We may disclose personal data to third parties, have them processed by third parties or process them jointly with third parties. These third parties are in particular specialist providers whose services we use.

We may disclose personal data in the context of our activities and operations, in particular to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and economic information agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister and subsidiary companies, organisations and associations, social institutions, telecommunications companies, insurers and payment service providers.

5. Communication

We process personal data in order to communicate with individual persons as well as with authorities, organisations and companies. In this context, we process in particular data that a person concerned has sent to us when contacting us, for example by post or e-mail. We may store such data in an address book or with similar tools.

Third parties who send us data about other persons are obliged to ensure the data protection of these persons themselves. They must in particular ensure that such data is correct and may be sent to us.

6. Data security

We take appropriate technical and organisational measures to ensure that data security is adequate to the respective risk. With these measures, we ensure in particular the confidentiality, availability, traceability and integrity of the processed personal data, without being able to guarantee absolute data security.

Access to our website and our other digital presence is by means of transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers warn against visiting a website without transport encryption.

Our digital communication is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries, just like any digital communication in principle. We cannot directly influence the corresponding processing of personal data by intelligence services, police authorities and other security authorities. We cannot rule out that a person concerned is being monitored specifically.

7. Personal data abroad

We generally process personal data in Switzerland. However, we can also disclose or export personal data to other countries, in particular to have it processed or to have it processed there.

We can disclose personal data to any country in the world and elsewhere in the universe, provided that the law there ensures adequate data protection according to a decision of the Swiss Federal Council.

We can disclose personal data to countries whose law does not ensure adequate data protection if other reasons ensure adequate data protection, in particular on the basis of standard data protection clauses or with other appropriate guarantees. Exceptionally, we can export personal data to countries without adequate or appropriate data protection if the special legal requirements for data protection are met, for example if the persons concerned have given their express consent or if there is a direct connection with the conclusion or performance of a contract. We are happy to provide information about any guarantees to affected persons upon request or to provide a copy of guarantees.

8. Rights of the data subject

8.1 Data protection claims

We grant data subjects all claims pursuant to the applicable law. Data subjects in particular have the following rights:

• Right to information: Data subjects may request information as to whether we process personal data about them and, if so, which personal data we process. Data subjects will also receive the information they need to assert their data protection rights and to ensure transparency. This includes the personal data processed as such, but also information about the purpose of the processing, the duration of the storage, any disclosure or export of data to other states and the origin of the personal data.
• Right to correction and restriction: Data subjects may correct incorrect personal data, supplement incomplete data and have the processing of their personal data restricted.
• Right to deletion and objection: Data subjects may have their personal data erased (‘right to be forgotten’) and may object to the processing of their personal data with effect for the future.
• Right to data portability and data transfer: Data subjects may request the transfer of their personal data or the transfer of their personal data to another controller.

We may suspend, restrict or refuse the exercise of the rights of data subjects within the legally permissible scope. We may inform data subjects about any conditions that must be met in order to exercise their data protection rights. For example, we may refuse to provide information in whole or in part with reference to confidentiality obligations, overriding interests or the protection of other persons. For example, we may also refuse to delete personal data, in whole or in part, especially with reference to legal retention obligations.

We may exceptionally charge fees for the exercise of rights. We will inform the persons concerned in advance of any such fees.

We are required to identify the persons concerned who request information or exercise other rights with appropriate measures. The persons concerned are required to cooperate.

8.2 Legal recourse

Data subjects have the right to enforce their data protection rights in court or to file a notification or complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

9. Use of the website

9.1 Cookies

9.2 Logging

We can log at least the following information for every access to our website and our other digital presence, provided that this information is transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of our website accessed including data volume transmitted, and the last website accessed in the same browser window (referrer).

We log such information, which may also represent personal data, in log files. This information is necessary to be able to provide our digital presence in a permanent, user-friendly and reliable manner. The information is also necessary to be able to ensure data security – also by third parties or with the help of third parties.

9.3 Tracking pixels

We can embed tracking pixels in our digital presence. Tracking pixels are also referred to as web beacons. Tracking pixels – also from third parties whose services we use – are usually small, invisible images or scripts formulated in JavaScript that are automatically retrieved when our digital presence is accessed. With tracking pixels, at least the same information as with logging in log files can be recorded.

10. Social Media

We are present on social media platforms and other online platforms in order to be able to communicate with interested parties and to inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland.

The general terms and conditions and terms of use as well as data protection declarations and other provisions of the individual operators of such platforms also apply. These provisions inform in particular about the rights of affected persons directly vis-à-vis the respective platform, which include, for example, the right to information.

11. Third-party services

We use services from specialised third parties in order to be able to carry out our activities and operations in a sustainable, user-friendly, secure and reliable manner. With such services, we can, among other things, embed functions and content in our website. In the case of such embedding, the services used record the IP addresses of users for technically compelling reasons, at least temporarily.

For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymised or pseudonymised form. This includes, for example, performance or usage data in order to be able to offer the respective service.

We use in particular:

• Google services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland), partly for users in the European Economic Area (EEA) and Switzerland; General information on data protection: “Privacy principles and security”, “Learn more about how Google uses personal data”, Privacy Policy, “Google is committed to complying with applicable data protection laws”, “Google Product Privacy Guide”, “How we use data from websites or apps that use our services”, “Types of cookies and similar technologies used by Google”, “Advertising that you can control” (“Personalised advertising”).

11.1 Digital infrastructure

We use services from specialised third parties to be able to take advantage of the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

We use in particular:

• Cyon: Hosting; Provider: cyon GmbH (Switzerland); Data protection information: “Privacy”, Privacy Policy.

11.2 Appointment scheduling

We use services from specialised third parties to be able to arrange appointments online, for example for meetings. In addition to this data protection declaration, the terms of the services used that are directly visible may also apply, such as terms of use or data protection declarations.

11.3 Maps

We use services from third parties to be able to embed maps in our website.

We use in particular:

• Google Maps including Google Maps Platform: Map service; Provider: Google; Google Maps-specific information: “How Google uses location information”.

12. Website extensions

We use extensions for our website to be able to use additional functions. We can use selected services from suitable providers or use such extensions on our own digital infrastructure.

We use in particular:

• Google reCAPTCHA: Spam protection (distinguishing between desired content from humans and unwanted content from bots and spam); Provider: Google; Google reCAPTCHA-specific information: “What is reCAPTCHA?”.

13. Success and reach measurement

We try to measure the success and reach of our activities and operations. In this context, we can also measure or check the effect of references from third parties or how different parts or versions of our digital presence are used (“A/B test” method). Based on the results of success and reach measurement, we can in particular correct errors, strengthen popular content or make improvements.

For success and reach measurement, the IP addresses of individual users are recorded in most cases. IP addresses are in this case generally shortened (“IP masking”) in order to follow the principle of data minimisation through the corresponding pseudonymisation.

Cookies may be used in success and reach measurement and user profiles may be created. Any user profiles created include, for example, the individual pages visited or content viewed on our digital presence, information about the size of the screen or browser window and the – at least approximate – location.

Generally, any user profiles are created exclusively in pseudonymised form and are not used to identify individual users. Individual third-party services where users are logged in may be able to associate the use of our online offering with the user account or user profile with the respective service.

We use in particular:

• Google Marketing Platform: Success and reach measurement, in particular with Google Analytics; Provider: Google; Google Marketing Platform-specific information: measurement across different browsers and devices (cross-device tracking) with pseudonymised IP addresses, which are only transmitted in full to Google in the USA in exceptional cases, Google Analytics Privacy Policy, “Browser add-on to deactivate Google Analytics”.
• Google Tag Manager: Integrates and manages services from Google and third parties, especially for measuring success and reach; Provider: Google; Google Tag Manager-specific information: Google Tag Manager Privacy Policy; further information about data protection can be found in the individual integrated and managed services.

14. Final notes on the Privacy Policy

We have created this privacy policy with the privacy generator from Datenschutzpartner.

We can update this privacy policy at any time. We will inform you about updates in an appropriate manner, in particular by publishing the current privacy policy on our website.