1 a: Personal Data of Natural Persons
‘Personal data’ means specific information on personal or factual characteristics relating to an identified or identifiable natural person. This includes data such as name, address, e-mail address, telephone number and date of birth. Any data that cannot be directly linked to your identity, such as preferred websites or number of users of a website, is not deemed to be personal data. The Provider processes any personal data that is required to guarantee or render its services and associated services. Moreover, the Provider processes any personal data that users of the service record themselves, for example to register for the customer portal. The Provider may process such personal data with the assistance of third parties or may have it processed by third parties and forward it to partners of the swissconnect network who may process it for the same purposes as the Provider.
1 b: Data in Connection with the Use of Websites
When accessing the offering, further data will be generated, including, but not limited to date and time stamps, Internet Protocol (IP) addresses used, addresses and names of the sites retrieved, specifications on the operating systems and browsers used as well as any released location data. The Provider uses such data to statistically evaluate the use of the offering and to detect technical issues in order to continuously improve the offering. The Provider does not use such data to identify users. The Provider may process such data with the assistance of third parties or may have it processed by third parties and forward it to partners of the swissconnect network who may process it for the same purposes as the Provider.
1 c: Forwarding of the Data
The Provider does not forward personal data to third parties without the consent of the data subjects. This does not apply to statutory forwarding obligations, forwarding for ensuring the offering and providing and improving services in connection with the offering, forwarding with the consent of the relevant users, forwarding to partners of the swissconnect network who may process such data for the same purposes as the Provider and forwarding for enforcing legal claims and safeguarding legitimate interests, unless the fundamental rights or interests of the relevant users requiring data protection prevail.
1 d: Protection of the Processed Data
The Provider takes reasonable organisational and technical measures to ensure data protection and data security (Technical & Organisational Measures).
2: Cookies and Tracking Pixels
3: Third-Party Services
The Provider uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, i.e. text files retained on your computer allowing to analyse how you use the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the US and stored there. If IP anonymisation is enabled on this website, however, your IP address will first be shortened by Google within Member States of the European Union or in other States which are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. Google uses this information to analyse how you use the website, to compile reports about the website activities for the website operators and to render further services associated with the use of the website and of the Internet. If legally required, or where third parties process such data on behalf of Google, Google may also transmit this information to third parties. We use Remarketing with Google Analytics to advertise online and make ads more relevant (“Remarketing”). Remarketing cookies will be used by third parties (including Google) to show our ads on websites other than our own. Both us and third parties (including Google) will also use Remarketing cookies to serve more relevant ads to users based on such users’ past visits to our website, whether those users are on our Website or on other websites. The IP address transferred by your browser in the context of Google Analytics will not be combined with any other data from Google. You can prevent cookies from being installed by changing your browser software settings accordingly. However, we would like to point out that doing this may result in you not having full access to all functions of this website. By using this website, you agree that Google may process the data collected about you in the manner and for the purpose described above.
The Provider uses Mouseflow, a web analysis tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. Data processing serves to analyse this website and its visitors. To that end, data is collected and retained for marketing an optimisation purposes. Pseudonymous user profiles may be generated based upon such data. Cookies may also be used for this purpose. The Mouseflow web analysis tool records randomly selected individual visits (only with anonymised IP address). In this context, a log of the mouse movements and clicks is generated to randomly replay website visits and to derive potential improvements for the website from such replay. The data collected with Mouseflow will not be used to identify the user of this website personally and will not be not combined with personal data on the holder of the pseudonym without the explicit consent of the data subject. Processing is based on point (f) of Art. 6(1) GDPR for the legitimate interest in direct customer communication and in the needs-based design of the website. You have the right to object, on grounds relating to your particular situation, at any time to such processing based on point (f) of Art. 6(1) GDPR of any personal data concerning you. To that end, you may globally disable a recording on all websites using Mouseflow for the browser currently used by you at the following link: https://mouseflow.com/opt-out/
The Provider may notify and contact users in connection with the offering by e-mail and via other communication channels. Notifications may contain graphics or web links gathering information as to whether an individual notification had been read and what web links had been clicked on in this case. Such graphics and web links record the use of the notifications to statistically evaluate and to detect technical issues in order to continuously improve the notifications. Users receiving notifications may log off at any time and thus object to the use of such graphics and web links. This does not apply to any notifications that the Provider deems mandatory for the use of the offering.
5: Users’ Rights
Users and other persons whose personal data is processed by the Provider may request in writing to be informed of the processing of their personal data, have their data rectified, erased or blocked and object to the processing of their personal data. According to privacy law, staking out such claims and requesting such information must be made by letter mail to the Provider’s data protection officer at the following address: swissconnect ag / Data Protection Officer / Mr Fabio Christen / Güterstrasse 3 / P. O. box 4254 / 6002 Lucerne.
Technical & Organisational Measures
The measures specified below are of a general nature and applicable, unless derogating measures had been stipulated in any agreement. If the data is processed by third parties, a relevant order processing agreement ensures that the third party takes and complies with equivalent measures.
1 a: Entry Control
The computer centres used by the Provider meet the highest security requirements. Entry is permitted only to a selected, known group of persons.
1 b: Admission Control
The Provider’s systems are accessed using personalised user accounts. In case of any incorrect authentication, the account will first be blocked temporarily and, after further failed attempts, permanently. All log-in attempts are logged. External access is secured by firewall systems.
1 c: Access Control
The permissions on the systems are structured in groups. The individual employee accounts have one or several group(s) assigned to them which is/are required to ensure execution of the function of the relevant employee. The groups are structured such that only data required to perform the task can be accessed.
2 a: Forwarding Control
Personal data is forwarded only with the consent of the data subject or based on a legal duty.
2 b: Input Control
The Provider’s system in general and the systems processing personal data in particular log accesses and events (log-ins, log-outs, changes, etc.).
3 a: Data Protection by Default
The “privacy by design” and “privacy by default” principles in IT operations and IT development are observed.
3 b: Order Control
No order processing takes place without relevant instruction by the principal, e.g.: unambiguous contractual arrangements, formalised order management, strict selection of the service provider, obligation to convince in advance, follow-up checks.
Do you have questions?
Whether on the telephone, via e-mail or a visit in person – we’re here for you.