Menu

Privacy policy

Preamble

With the following privacy policy, we would like to explain to you what types of your personal data (herein­after also referred to as “data”) we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in parti­cular on our websites, in mobile appli­ca­tions and within external online presences, such as e.g. our social media profiles (herein­after collec­tively referred to as “online offer”).

The terms used are not gender-specific.

Status: September 20, 2023

Table of contents

Person respon­sible

swissnet ag
Andhau­ser­strasse 62
8572 Berg

E‑mail address:

info@swissnet.ch

Phone:

+41 55 462 38 83 

Imprint:

www.swissnet.ch/impressum/

Overview of processing

The following overview summa­rizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  • Inventory data.
  • Payment data.
  • Contact details.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, commu­ni­cation and process data.

Categories of affected persons

  • Interested parties.
  • Commu­ni­cation partner.
  • Users.
  • Business and contractual partners.

Purposes of the processing

  • Provision of contractual services and fulfillment of contractual obliga­tions.
  • Contact requests and commu­ni­cation.
  • Office and organiza­tional proce­dures.
  • Managing and responding to inquiries.
  • Feedback.
  • Marketing.
  • Provision of our online services and user-friend­liness.

Relevant legal bases

Relevant legal bases according to the Swiss Data Protection Act: If you are located in Switz­erland, we process your data on the basis of the Swiss Federal Act on Data Protection (“Swiss FADP” for short). This also applies if our processing of your data otherwise affects you in Switz­erland and you are affected by the processing. In principle, the Swiss FADP does not stipulate (unlike the GDPR, for example) that a legal basis for the processing of personal data must be specified. We only process personal data if the processing is lawful, is carried out in good faith and is propor­tionate (Art. 6 para. 1 and 2 of the Swiss FADP). Furthermore, we only obtain personal data for a specific purpose that is recognizable to the data subject and only process it in such a way that it is compa­tible with these purposes (Art. 6 para. 3 of the Swiss FADP).

Safety measures

We take appro­priate technical and organiza­tional measures in accordance with the legal requi­re­ments, taking into account the state of the art, the imple­men­tation costs and the nature, scope, circum­s­tances and purposes of the processing as well as the different proba­bi­lities of occur­rence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appro­priate to the risk.

The measures include, in parti­cular, safeguarding the confi­den­tiality, integrity and availa­bility of data by controlling physical and electronic access to the data as well as the access, input, disclosure, safeguarding of availa­bility and its separation. Furthermore, we have estab­lished proce­dures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the develo­pment or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Deletion of data

The data processed by us will be deleted in accordance with the legal requi­re­ments as soon as the consent to process it is revoked or other permis­sions cease to apply (e.g. if the purpose for processing this data no longer applies or it is not required for the purpose). If the data are not deleted because they are required for other and legally permis­sible purposes, their processing is restricted to these purposes. I.e. , the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person. . Our data protection notices may also contain further infor­mation on the retention and deletion of data, which take priority for the respective processing opera­tions.

Rights of the data subjects

Rights of data subjects under the Swiss DPA:

As a data subject, you are entitled to the following rights in accordance with the provi­sions of the Swiss Data Protection Act:

  • Right of access: You have the right to obtain confir­mation as to whether or not personal data concerning you is being processed and to receive the infor­mation necessary for you to exercise your rights under this law and to ensure trans­parent data processing.
  • Right to data surrender or transfer: You have the right to request the surrender of your personal data that you have provided to us in a commonly used electronic format.
  • Right to recti­fi­cation: You have the right to request the recti­fi­cation of inaccurate personal data concerning you.
  • Right to object, erasure and destruction: You have the right to object to the processing of your data and to request that the personal data concerning you be erased or destroyed.

Use of cookies

Cookies are small text files or other storage notes that store infor­mation on end devices and read infor­mation from the end devices. E.g. B. to store the login status in a user account, shopping cart content in an e‑shop, the content accessed or functions used on an online offer. Cookies can also be used for various purposes, e.g. B. to ensure the function­ality, security and conve­nience of online services and to analyze visitor flows.

Notes on consent: We use cookies in accordance with the statutory provi­sions. We therefore obtain prior consent from users, unless this is not required by law. In parti­cular, consent is not required if the storage and reading of infor­mation, including cookies, is absolutely necessary in order to provide the user with a telemedia service expressly requested by them (i.e. our online offer). Strictly necessary cookies generally include cookies with functions that serve the display and opera­bility of the online service, load balancing, security, storage of user prefe­rences and selection options or similar purposes related to the provision of the main and secondary functions of the online service requested by the user. The revocable consent is clearly commu­ni­cated to the users and contains the infor­mation on the respective use of cookies.

Infor­mation on legal bases under data protection law: The legal basis under data protection law on which we process users’ personal data with the help of cookies depends on whether we ask users for their consent. If users give their consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and improving its usability) or, if this is done in the context of fulfilling our contractual obliga­tions, if the use of cookies is necessary to fulfill our contractual obliga­tions. We explain the purposes for which we process cookies in the course of this privacy policy or as part of our consent and processing proce­dures.

Storage duration: A distinction is made between the following types of cookies with regard to storage duration:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their end device (e.g. e.g. browser or mobile appli­cation).
  • Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. If we do not provide users of with explicit infor­mation on the type and storage duration of cookies (e.g. B. when obtaining consent), users should assume that cookies are permanent and that they can be stored for up to two years.

General infor­mation on revocation and objection (so-called “opt-out”): Users can revoke the consent they have given at any time and object to processing in accordance with the legal requi­re­ments. Among other things, users can restrict the use of cookies in their browser settings (although this may also restrict the function­ality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further infor­mation on processing opera­tions, proce­dures and services:

  • Borlab­s­Cookie: Cookie consent management; Service provider: Hosted locally on our server, no data transfer to third parties; Website: https://de.borlabs.io/borlabs-cookie/. Further infor­mation: An individual user ID, language and types of consent and the time they were given are stored on the server and in the cookie on the user’s device.

Business services

We process data of our contractual and business partners, e.g. B. customers and interested parties (collec­tively referred to as “contractual partners”) in the context of contractual and compa­rable legal relati­onships and related measures and in the context of commu­ni­cation with the contractual partners (or pre-contractual), e.g. B. to answer inquiries.

We process this data in order to fulfill our contractual obliga­tions. These include, in parti­cular, the obliga­tions to provide the agreed services, any updating obliga­tions and remedies in the event of warranty and other service disrup­tions. In addition, we process the data to safeguard our rights and for the purpose of the adminis­trative tasks associated with these obliga­tions and the company organization. In addition, we process the data on the basis of our legitimate interests in proper and efficient business management and in security measures to protect our contractual partners and our business opera­tions from misuse, threats to their data, secrets, infor­mation and rights (e.g. B. for the invol­vement of telecom­mu­ni­ca­tions, transport and other auxiliary services as well as subcon­tractors, banks, tax and legal advisors, payment service providers or tax autho­rities). Within the framework of appli­cable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the afore­men­tioned purposes or to fulfill legal obliga­tions. Contractual partners will be informed about other forms of processing, e.g. B. for marketing purposes, as part of this privacy policy.

We inform the contractual partners which data is required for the afore­men­tioned purposes before or as part of the data collection, e.g. B. in online forms, by special marking (e.g. B. colors) or symbols (e.g. B. asterisks or similar), or perso­nally.

We delete the data after the expiry of statutory warranty and compa­rable obliga­tions, i.e. i.e. generally after 4 years, unless the data is stored in a customer account, e.g. B., as long as it must be retained for legal archiving reasons. The statutory retention period is ten years for documents relevant under tax law and for trading books, invent­ories, opening balance sheets, annual financial state­ments, the work instruc­tions required to under­stand these documents and other organiza­tional documents and accounting records, and six years for commercial and business letters received and repro­duc­tions of commercial and business letters sent. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial state­ments or the management report was prepared, the commercial or business letter was received or sent or the accounting document was created, the record was made or the other documents were created.

Insofar as we use third-party providers or platforms to provide our services, the terms and condi­tions and data protection notices of the respective third-party providers or platforms apply in the relati­onship between the users and the providers.

  • Processed data types: inventory data (e.g. B. names, addresses); payment data (e.g. B. bank details, invoices, payment history); contact data (e.g. B. e‑mail, telephone numbers); contract data (e.g. .B. subject matter of the contract, term, customer category).
  • Persons concerned: Interested parties. Business and contractual partners.
  • Purposes of Processing: Provision of contractual services and perfor­mance of contractual obliga­tions; contact requests and commu­ni­cation; Office and organiza­tional proce­dures. Managing and responding to inquiries.
  • Legal basis: Fulfilment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further infor­mation on processing opera­tions, proce­dures and services:

  • Project and develo­pment services: We process the data of our customers and clients (herein­after uniformly referred to as “customers”) in order to enable them to select, purchase or commission the selected services or works and related activities as well as their payment and provision or execution or perfor­mance.

    The required infor­mation is identified as such in the context of the conclusion of the contract, order or compa­rable contract and includes the infor­mation required for the provision of services and invoicing as well as contact infor­mation in order to be able to hold any consul­ta­tions. Insofar as we receive access to infor­mation from end customers, employees or other persons, we process this in accordance with legal and contractual requi­re­ments;
    Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Technical services: We process the data of our customers and clients (herein­after uniformly referred to as “customers”) in order to enable them to select, purchase or commission the selected services or works and related activities as well as their payment and provision or execution or perfor­mance.

    The required infor­mation is identified as such in the context of the conclusion of the contract, order or compa­rable contract and includes the infor­mation required for the provision of services and invoicing as well as contact infor­mation in order to be able to hold any consul­ta­tions. Insofar as we receive access to infor­mation from end customers, employees or other persons, we process this in accordance with legal and contractual requi­re­ments;
    Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Contact and inquiry management

When contacting us (e.g. e.g. by post, contact form, email, telephone or via social media) and in the context of existing user and business relati­onships, the data of the inquiring persons are processed insofar as this is necessary to answer the contact inquiries and any requested measures.

  • Processed data types: Contact data (e.g. B. e‑mail, telephone numbers); Content data (e.g. B. entries in online forms); Usage data (e.g. B. websites visited, interest in content, access times); Meta, commu­ni­cation and process data (e.g. .B. IP addresses, time data, identi­fi­cation numbers, consent status).
  • Affected persons: Commu­ni­cation partner.
  • Purposes of processing: Contact requests and commu­ni­cation; managing and responding to requests; feedback (e.g. e.g. collecting feedback via online form). Provision of our online services and user-friend­liness.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Contract perfor­mance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further infor­mation on processing opera­tions, proce­dures and services:

  • Contact form: If users contact us via our contact form, e‑mail or other commu­ni­cation channels, we process the data provided to us in this context to process the commu­ni­cated request; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to commu­nicate with the users active there or to offer infor­mation about us.

We would like to point out that user data may be processed outside of the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights. .

Furthermore, user data within social networks is generally processed for market research and adver­tising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place adver­ti­se­ments within and outside of the networks that presu­mably corre­spond to the interests of the users. B. For these purposes, cookies are generally stored on the user’s computer, in which the user’s usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection decla­ra­tions and infor­mation provided by the operators of the respective networks.

In the case of requests for infor­mation and the assertion of data subject rights, we would also like to point out that these can be asserted most effec­tively with the providers. Only the providers have access to the user’s data and can take appro­priate measures and provide infor­mation directly. If you still need help, you can contact us.

  • Processed data types: Contact data (e.g. B. e‑mail, telephone numbers); Content data (e.g. B. entries in online forms); Usage data (e.g. B. websites visited, interest in content, access times); Meta, commu­ni­cation and process data (e.g. .B. IP addresses, time data, identi­fi­cation numbers, consent status).
  • Data subjects: Users (e.g. .B. website visitors, users of online services).
  • Purposes of processing: Contact requests and commu­ni­cation; feedback (e.g. e.g. collecting feedback via online form). Marketing.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further infor­mation on processing opera­tions, proce­dures and services:

  • Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com. Privacy Policy: https://instagram.com/about/legal/privacy.
  • Facebook pages: Profiles within the Facebook social network — We are jointly respon­sible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (known as a “fan page”). This data includes infor­mation about the types of content users view or interact with, or the actions they take (see under “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as infor­mation about the devices used by users (e.g. B. IP addresses, operating system, browser type, language settings, cookie data; see under “Device infor­mation” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this infor­mation?”, Facebook also collects and uses infor­mation to provide analytics services, known as “Page Insights”, for page operators to help them under­stand how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook (“Infor­mation on Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in parti­cular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e. i.e. users can, for example, send infor­mation or deletion requests directly to Facebook). The rights of users (in parti­cular to infor­mation, deletion, objection and complaint to the competent super­visory authority) are not restricted by the agree­ments with Facebook. Further infor­mation can be found in the “Infor­mation on Page Insights”(https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses(https://www.facebook.com/legal/EU_data_transfer_addendum). Further infor­mation: Agreement on joint control­lership: https://www.facebook.com/legal/terms/information_about_page_insights_data. The joint control­lership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole respon­si­bility of Meta Platforms Ireland Limited, which in parti­cular concerns the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.)
  • LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data processing agreement: https://legal.linkedin.com/dpa; Basis for third country transfers: Standard Contractual Clauses(https://legal.linkedin.com/dpa). Option to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Plugins and embedded functions and content

We incor­porate functional and content elements into our online offering that are obtained from the servers of their respective providers (herein­after referred to as “third-party providers”). These may be, for example, graphics, videos or city maps (herein­after uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content or function. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statis­tical or marketing purposes. Pixel tags can be used to analyze infor­mation such as visitor traffic on the pages of this website. The pseud­onymous infor­mation may also be stored in cookies on the user’s device and may contain, among other things, technical infor­mation about the browser and operating system, referring websites, time of visit and other infor­mation about the use of our online offer, as well as being linked to such infor­mation from other sources.

  • Processed data types: Usage data (e.g. B. websites visited, interest in content, access times); meta, commu­ni­cation and proce­dural data (e.g. .B. IP addresses, time data, identi­fi­cation numbers, consent status).
  • Data subjects: Users (e.g. .B. website visitors, users of online services).
  • Purposes of processing: Provision of our online offer and user-friend­liness.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further infor­mation on processing opera­tions, proce­dures and services:

  • Google Fonts (provision on own server): Provision of font files for the purpose of a user-friendly presen­tation of our online offer; Service provider: The Google Fonts are hosted on our server, no data is trans­mitted to Google; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Font Awesome (provision on own server): Display of fonts and icons; Service provider: The Font Awesome icons are hosted on our server, no data is trans­mitted to the provider of Font Awesome; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Amendment and updating of the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of coope­ration on your part (e.g. e.g. consent) or other individual notifi­cation.

If we provide addresses and contact infor­mation of companies and organiza­tions in this privacy policy, please note that the addresses may change over time and please check the infor­mation before contacting us.

Defini­tions of terms

This section provides you with an overview of the terms used in this privacy policy. Insofar as the terms are defined by law, their legal defini­tions apply. The following explana­tions, on the other hand, are primarily intended to aid under­standing.

  • Personal data: “Personal data” means any infor­mation relating to an identified or identi­fiable natural person (herein­after referred to as “data subject”); an identi­fiable natural person is one who can be identified, directly or indirectly, in parti­cular by reference to an identifier such as a name, an identi­fi­cation number, location data, an online identifier (e.g. B. Cookie) or to one or more factors specific to the physical, physio­lo­gical, genetic, mental, economic, cultural or social identity of that natural person.
  • Controller: The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, deter­mines the purposes and means of the processing of personal data.
  • Processing: “Processing” means any operation or set of opera­tions which is performed on personal data, whether or not by automated means. The term is broad and covers practi­cally every handling of data, be it collection, analysis, storage, trans­mission or deletion.