We take the protection of your personal data very seriously. In this Privacy Notice, we inform you about how we collect and otherwise process your personal data (hereinafter also referred to as “data”) in connection with the processing activities described below. In addition to this Privacy Notice, we may inform you separately about the processing of your data (e.g., in forms or contract terms).
We are committed to handling your data responsibly. Consequently, we consider it a matter of course to comply with the Swiss Federal Act on Data Protection (FADP), the associated Ordinance (FADP) and other applicable data protection regulations, in particular the provisions of the EU General Data Protection Regulation (GDPR).
This Privacy Notice covers the collection of personal data both online and offline, including personal data that we have received from various sources, e.g., website visitors, contractual partners, service providers, and authorities.
When you visit our website, our servers temporarily store the following data in a log file, known as a server log file:
The purpose of processing this information is to display our website and its content and offers correctly and to ensure data traffic, to optimize our website, content, and offers, to ensure the stability and security of our website and systems on an ongoing basis, and to enable the investigation, defense, and prosecution of cyberattacks, spam, and other illegal activities in relation to our website and systems and to enforce related claims.
We delete your personal data as soon as it is no longer required for the purpose for which it was collected. In the case of data collection for the provision of our website, deletion takes place when the respective session is ended.
If you contact us via our contact addresses and channels (e.g., by email, telephone, or contact form), your personal data will be processed. The data you have provided us with (e.g., your name, email address, or phone number and your request) will be processed. The data collected in the case of a contact form can be seen on the respective form. In addition, the time of receipt of the request is documented. Mandatory fields in contact forms are marked with an asterisk (*).
We process this data exclusively for the purpose of responding to your request (e.g., providing information about our GRC software, assisting with contract processing, such as questions about your license, incorporating your feedback into the improvement of our services, etc.). The basis for this data processing is our legitimate interest in processing your request. If the purpose of the contact is to fulfill a contract to which you are a party or to carry out pre-contractual measures, this is an additional basis for the processing of your personal data.
We use Calendly to schedule appointments with you. This is a service provided by Calendly LLC, 115 E Main St, Ste A1B, Buford, GA 30518, USA.
If you click the corresponding button on our website or wish to schedule an appointment through a link we provided (such as in an email), you will be connected to our scheduling account with Calendly. After selecting your appointment, confirming it, and entering your contact details, you will receive an email with the appointment confirmation from Calendly. The following personal data will be processed: name, email address, possibly phone number, as well as your inquiry and appointment details.
The basis for data processing is our legitimate interest in efficient appointment handling. The use of the Calendly function is voluntary. If you do not wish to submit your data through Calendly, you can alternatively reach us via email or phone.
Calendly uses cookies and similar technologies when embedding the appointment booking tool on our website. These can be managed and declined through our cookie consent banner.
We have concluded a Data Processing Agreement with Calendly, including EU standard contractual clauses, along with Switzerland-specific adjustments. Calendly also relies on additional subprocessors (including for infrastructure, support, and product analysis) that are also based in the USA.
Calendly is also certified under the Swiss-U.S. Data Privacy Framework (Swiss-US DPF).
Your data provided in the Calendly form will be stored as long as necessary for the processing of your request or due to an existing contractual relationship. After the purpose has been fulfilled, your data will be deleted, subject to contractual or legal retention periods.
For more information on data protection at Calendly, please visit calendly.com/privacy.
On our website, you have the option to subscribe to our newsletter as well as to the newsletter covering similar offers and services provided by our affiliated company, Swiss Infosec AG (see section «Transfer of personal data»). When you register for one of our newsletters, various data will be collected from you (e.g., your email address), depending on the newsletter. Mandatory fields in the registration form are marked with an asterisk (*). With these newsletters and marketing mailings , we inform you about current specialist topics, new products, services, events, and the like.
In addition, where permitted by law, you may also receive information about similar offers and services from our affiliated companies (see section «Transfer of personal data»; generally Swiss Infosec AG). You acknowledge that the affiliated Swiss GRC AG and Swiss Infosec AG, as well as their respective group companies, operate within a shared economic context and may exchange your contact details with one another for this purpose.
Some information is sent by our affiliated companies or third parties. By registering, you agree that we may process your data and transfer it to affiliated companies or third parties located abroad (including outside Switzerland), that we may track your clicking and opening behavior, and that we may track your data and information about your use of our services, as well as any information received from you or third-party sources or already stored by us. third parties located abroad (including outside Switzerland), that we track your clicking and opening behavior, that we combine your data and information about your use of our services, as well as any information about you received from you or third-party sources or already stored by us, in a user profile and evaluate it individually in order to address you with tailored and relevant advertising, and that we contact you directly in individual cases. Where required by law, we will obtain your consent in advance, unless we have obtained your contact details in the course of providing our services and you have not expressly refused to receive such marketing measures. If you no longer wish to receive such communications from us, you can unsubscribe at any time using the contact details provided. You can unsubscribe from newsletters and marketing mailings at any time; there is an unsubscribe link at the end of each email.
For information about the Swiss Infosec AG newsletter, please refer to their privacy policy.
If you apply for a job with us, we will process the personal data that we receive from you as part of the application process. In addition to your personal details, education, work experience, and skills, this includes the usual correspondence data such as postal address, email address, and telephone number. In addition, all documents submitted by you in connection with the application, such as cover letters, resumes, and references, will be processed.
We use this and other data you voluntarily provide to review your application. Application documents from unsuccessful applicants will be deleted after the application process has been completed, unless you explicitly agree to a longer retention period or we are legally obliged to retain them for a longer period. Your application data is processed in order to fulfill our (pre)contractual obligations within the framework of the application process.
When we hold events (such as SWISS GRC DAY), we also process personal data. This includes the name and postal or e-mail address of participants or interested parties and, depending on the event, other data such as photographs taken during the event. We process this information for the preparation, implementation, and follow-up of the events. Data relevant to the implementation may also be passed on to third parties. The basis for data processing is your consent or our legitimate interest in the smooth administration and implementation of the respective event.
We will include your name and details of your role in the organization or company you work for in a list of participants. We will make this list available to other participants. Please let us know if you do not want this.
We process the data of our contractual partners and interested parties as well as other clients, customers, and clients (“contractual partners”) in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope, and purpose of the processing, and the necessity of the processing are determined by the underlying contractual relationship.
The data processed includes the master data of our contractual partners (e.g., names and addresses), contact details (e.g., email addresses and telephone numbers), contract data (e.g., services used, contract content, contractual communication, names of contact persons), and payment data (e.g., bank details, payment history).
The legal basis for processing your data for this purpose is the fulfillment of a contract.
We process data in the context of administrative tasks and the organization of our business, financial accounting, and in compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of providing our contractual services. Customers, interested parties, business partners, and website visitors are affected by this processing.
The purpose and our interest in processing lies in administration, financial accounting, office organization, and data archiving, i.e., tasks that serve to maintain our business activities, perform our duties, and provide our services.
Furthermore, based on our business interests, we store information about suppliers, event organizers, and other business partners, e.g., for the purpose of contacting them at a later date. We generally store this data, most of which is company-related, on a permanent basis.
We use cookies on our website. Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) with the help of your browser. They serve to make our website more user-friendly and effective overall and to make your visit to our website as pleasant as possible. Cookies do not cause any damage to your device. They cannot execute programs or contain viruses.
Most of the cookies we use are so-called session cookies. These are automatically deleted when you log out or close your browser. Other cookies remain stored on your computer beyond the respective usage process and enable us or our partner companies (third-party cookies) to recognize your browser the next time you visit. If other cookies (e.g., cookies for analyzing your surfing behavior) are stored, these are treated separately in this Privacy Notice.
The basis on which we process your personal data using cookies depends on whether we ask for your consent. If this applies and you consent to the use of cookies, the basis for processing your data is your consent. Otherwise, the personal data processed using cookies is processed on the basis of our legitimate interests (e.g., in analyzing and optimizing our services and offers) or, if the use of cookies is necessary to fulfill our contractual obligations.
Regardless of whether processing is based on consent or legal permission, you have the option of revoking your consent at any time or objecting to the processing of your data by cookie technologies. You can set your browser to inform you when cookies are set and only allow cookies in specific cases or exclude them altogether. You can also activate the automatic deletion of cookies when you close your browser. In addition, you can delete cookies that have already been set at any time via an Internet browser or other software programs. You can find out how to manage cookies in your browser in the help menu of your browser.
Completely deactivating cookies may mean that you cannot use all the functions of our website to their full extent.
We use the privacy-friendly analytics service Simple Analytics (Simple Analytics B.V., Netherlands) on our website.
Simple Analytics does not collect any personal data and does not use cookies. Instead, only anonymous usage data such as page views, referrers (if available), or device types used are collected. This information helps us understand how our website is used without creating personal profiles.
The data is stored on servers within the European Union and is subject to the strict requirements of the General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DSG).
Since Simple Analytics does not process any personal data, explicit consent via a cookie banner is not required for this service.
For more information on data collection and processing by Simple Analytics, please refer to the Simple Analytics Privacy Notice.
We use a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, or, if you are a resident of the European Union (EU), the European Economic Area (EEA), or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), on our website.
Google uses cookies. The information generated by the cookie about your use of our website (including your IP address) may be transmitted to and stored by Google on servers in the United States.
Google uses this information to evaluate your use of our website, to compile reports on website activity and to provide us with other services relating to website and internet usage. Pseudonymous user profiles may be created from the processed data.
The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.
We only use Google Analytics with IP anonymization enabled. This means that your IP address will be truncated by Google within Switzerland or the EU/EEA before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
You can prevent the storage of cookies by adjusting your browser software settings accordingly. In addition, you can prevent Google from collecting and processing data by downloading and installing the browser add-on to deactivate Google Analytics. An opt-out cookie will be set, which will prevent the future collection of your data when you visit our website. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
Your personal data will be deleted or anonymized after 14 months.
For further information, please refer to the Google Analytics Terms of Service or Google’s Privacy Policy.
We use the Google Marketing Platform (“GMP”), a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, or, if you are a resident of the European Union (EU), the European Economic Area (EEA), or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
GMP enables us to show you personalized advertising. For this purpose, a cookie with limited validity is stored on your device. With the help of this cookie, your browser is assigned an identification number (ID) and information about the advertising displayed in your browser and its retrieval is collected. In addition, Google can use cookie IDs to track so-called conversions, i.e., whether a website visitor sees an ad and later visits the advertiser’s website and makes a purchase there. According to Google, these cookies do not contain any personal data.
Your browser automatically establishes a direct connection to Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this service. According to its own information, Google receives information through the integration of these services that you have accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is possible that the provider may find out and store your IP address. When using GMP, personal data may also be transferred to the servers of Google LLC. in the USA.
We use GMP on the basis of our legitimate interest in the optimal marketing of our website.
You can refuse the use of cookies by adjusting the settings in your browser. In addition to changing your browser settings, you can permanently disable personalized advertising by installing a browser plug-in (available for Chrome, Firefox, and Internet Explorer). You can also disable personalized advertising for a specific device and browser via Google’s advertising settings.
For more information about the Google Marketing Platform and data protection, please visit: https://policies.google.com/technologies/ads?hl=en.
We use the online advertising program Google Ads, which is part of Google Marketing Services, a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, or, if you are a resident of the European Union (EU), the European Economic Area (EEA), or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Ads places a cookie on your device (a so-called “conversion cookie”) if you have accessed our website via a Google ad. These cookies have a limited validity, do not contain any personal data, and therefore do not serve to personally identify you. If you visit certain pages on our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to our website. Each Google Ads customer receives a different cookie. This means that cookies cannot be tracked across the websites of Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. We do not receive any information that can be used to personally identify you.
The information collected by the cookie about your use of our website may be transmitted to a Google server in the USA and stored there. Based on the information collected, your browser is assigned categories relevant to your interests. These categories are used to display interest-based advertising.
You have the option to opt out of interest-based advertising by Google. To do so, visit the following link using the browser you are using and make the desired settings there: https://adssettings.google.ch/.
Further information on the terms of use and data protection of Google Ads can be found athttps://policies.google.com/technologies/ads?hl=us
We use the Google Marketing Platform (“GMP”), a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, or, if you are a resident of the European Union (EU), the European Economic Area (EEA), or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
GMP enables us to show you personalized advertising. For this purpose, a cookie with limited validity is stored on your device. With the help of this cookie, your browser is assigned an identification number (ID) and information about the advertising displayed in your browser and its retrieval is collected. In addition, Google can use cookie IDs to track so-called conversions, i.e., whether a website visitor sees an ad and later visits the advertiser’s website and makes a purchase there. According to Google, these cookies do not contain any personal data.
Your browser automatically establishes a direct connection to Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this service. According to its own information, Google receives information through the integration of these services that you have accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is possible that the provider may find out and store your IP address. When using GMP, personal data may also be transferred to the servers of Google LLC. in the USA.
We use GMP on the basis of our legitimate interest in the optimal marketing of our website.
You can refuse the use of cookies by adjusting the settings in your browser. In addition to changing your browser settings, you can permanently disable personalized advertising by installing a browser plug-in (available for Chrome, Firefox, and Internet Explorer). You can also disable personalized advertising for a specific device and browser via Google’s advertising settings.
For more information about the Google Marketing Platform and data protection, please visit: https://policies.google.com/technologies/ads?hl=en.
We use the lead generation service provided by Leadinfo B.V., Rotterdam, Netherlands. This service recognizes visits by companies to our website based on IP addresses and shows us publicly available information, such as company names or addresses. In addition, Leadinfo sets two first-party cookies to evaluate user behavior on our website and processes domains from form entries (e.g., “leadinfo.com”) to correlate IP addresses with companies and improve its services. For more information, visit www.leadinfo.com. You can opt out on this page:www.leadinfo.com/en/opt-out . If you opt out, Leadinfo will no longer collect your data.
Our website uses the All in One SEO plugin from Awesome Motive Inc., 2701 W. Busch Blvd., Suite 141, Tampa, FL 33618, USA.
The plugin is used for the technical optimization of our website for search engines, thereby increasing our visibility in them. No personal data is processed, collected, or stored in any way by the All in One SEO plugin, either by All in One SEO itself or on its servers.
Further information can be found in the Privacy Notice of Awesome Motive Inc. and in the All in One SEO Help Center.
We use the Defender Pro plugin from WPMU DEV, Inc., LLC, 1309 Coffeen Avenue STE 1200, Sheridan, WY 82801, USA, on our website.
This plugin is used to protect our website. It is a malware scanner and web application firewall for WordPress websites. Defender Pro collects your IP address and other data about your behavior on our website, in particular URLs accessed and header information, to protect against attackers from the Internet. Your IP address is compared with a list of known attackers. Cookies are also set for registered users.
The plugin enables us to block the IP address of individuals who attempt to gain unauthorized access to the administration of our website or attack the website in any other way from further access.
For more information on how user data is handled, please refer to the WPMU DEV Privacy Notice.
We use the reCAPTCHA function from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website, or if you are a resident of the European Union (EU), the European Economic Area, or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
This function is primarily used to distinguish whether an entry is made by a natural person or abusively by machine and automated processing. The service also includes sending the IP address and, if necessary, other data required by Google for the reCAPTCHA service to Google.
reCAPTCHA is used to verify whether data entry on our website (e.g., in a contact form) is performed by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. reCAPTCHA evaluates various information for the analysis (e.g., IP address, length of time the website visitor stays on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.
Data processing is based on our legitimate interest in protecting our web offerings from abusive automated spying and spam.
Further information about Google reCAPTCHA and Google’s Privacy Notice can be found at: https://policies.google.com/privacy?hl=en .
Chat Window
By using this chat, you agree to our terms of service and privacy policy. Please do not enter personal data (e.g., name, phone number) or confidential information in the chat window.
Terms of Service
The AI-powered chat assistant (“Grace AI”) from Swiss GRC AG is available 24/7 and provides automated responses to general inquiries about Swiss GRC AG’s services.
The responses are generated by a language model (Large Language Model, LLM) and are intended to guide users on the website as well as to assist them in finding information.
Users are solely responsible for any content they input in the chat. No personal data or confidential information should be provided (e.g., name, address, identification numbers, or health information).
The information obtained through the use of the AI-powered chat assistant is an informal information offering. Swiss GRC AG assumes no responsibility for any consequences arising from the use of this information.
Swiss GRC AG strives to ensure the chat assistant’s availability with minimal interruptions, but cannot guarantee it. No responsibility is taken for:
Maintenance work and system adjustments will be conducted during low-usage periods whenever possible.
On our website, we utilize an AI-driven chat assistant (“Grace AI”). When you use the chat, the messages you send and the assistant’s responses are processed. The following data is collected and processed:
Collected Data:
Purpose of Processing: The data is used to provide you with relevant information about our solutions, respond to inquiries, and improve the offerings on our website. An automated AI analysis of the conversation serves the internal evaluation of user inquiries (e.g., topics, industry, regulations) for marketing and sales purposes.
Third-Party Service Providers:
Anthropic, PBC (USA): The processing of chat content is done through the API of Anthropic, PBC, 548 Market St, PMB 90375, San Francisco, CA 94104, USA. Data is transmitted to the USA. The transmission is based on the standard contractual clauses of the EU Commission. For more information, visit anthropic.com/privacy. We have signed a data processing agreement including the standard contractual clauses with Anthropic.
IPinfo.io (USA): To determine location and company information based on the IP address, we use the service IPinfo.io, IBit, LLC, 268 Bush St #4429, San Francisco CA 94104, USA. For more information, visit ipinfo.io/privacy-policy.
Apollo.io (USA): To identify companies and find potential contacts based on the IP address and the company name mentioned in the chat, we utilize Apollo.io, Inc., 535 Mission St, San Francisco, CA 94105, USA. The processed data includes the IP address and, if provided by the user in the chat, the company name. Data is transmitted to the USA. The transmission is based on the standard contractual clauses of the EU Commission. For more information, visit apollo.io/privacy-policy. We have signed a data processing agreement including the standard contractual clauses with Apollo.io.
Google LLC (Sheets) — Conversation data and resulting analysis results are stored in Google Sheets (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). There may be a transfer to the USA. The transfer is based on a data processing agreement including the standard contractual clauses. For more information on the processing by Google, refer to Google’s privacy policy.
Legal Basis:
The processing of your personal data in connection with the use of our chatbot is based on the following legal grounds:
Consent
By using the chat, you consent to the processing of your personal data. Consent can be revoked at any time with effect for the future. The legality of processing carried out before the revocation remains unaffected.
Legitimate Interest
Moreover, processing may be based on our legitimate interest, provided that your interests or fundamental rights and freedoms do not override. A legitimate interest particularly exists in processing customer inquiries through the chatbot, as long as only the information necessary to answer the respective inquiry is processed, as well as in creating anonymized or pseudonymized statistical evaluations of the use of the chatbot for quality assurance and optimization of our offerings. Even when processing is based on legitimate interest, the principle of purpose limitation applies: Processing is limited to the purposes that you as a user can reasonably expect when using the chatbot.
Retention Duration: Data will only be stored to the extent and as long as necessary for the fulfillment of the purposes mentioned in this privacy policy. Swiss GRC AG takes appropriate technical and organizational measures to ensure the integrity and confidentiality of the data.
Note: The use of the chat assistant is voluntary. Please do not share any sensitive personal data in the chat (e.g., health data, passwords, or payment data).
We treat your personal data as confidential and only pass it on if you have expressly consented to this, if we are legally obliged or entitled to do so (e.g. in the context of order data processing) or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. Under no circumstances do we sell your data.
We also disclose your personal data to third parties within the scope of our business activities and for the above-mentioned purposes, insofar as this is permitted and appropriate, either because they process it for us (contract data processing) or because they wish to use it for their own purposes (data disclosure). This applies in particular to:
We may share your personal data, which we receive from you or from third-party sources, with companies in our group for administrative support purposes, but also for marketing activities. In connection with marketing activities, we share the following data, among other things:
In doing so, we naturally comply with the legal requirements for the disclosure of personal data to third parties. If we use processors to provide our services, we take appropriate legal precautions and technical and organizational measures to ensure that your personal data is protected in accordance with the relevant legal requirements.
We generally process personal data in Switzerland or in an EU/EEA country or in another country that has an adequate level of data protection. With regard to certain processing operations, you must expect your data to be transferred to other countries within and outside Europe, where some of the IT service providers we use are located. If we disclose data to a country that does not have an adequate level of legal data protection, we require the recipient to take appropriate measures to protect your privacy (e.g., by agreeing to so-called EU standard clauses, the current version of which is available here, other precautions, or based on justifications).
In addition to our website, we also maintain a presence on various social media platforms. If you visit such an online presence, personal data may be transmitted to the social network provider. We would like to point out that user data may also be transmitted to a server in a third country and thus processed outside Switzerland.
Furthermore, user data within social networks is generally processed for market research and advertising purposes. For these purposes, cookies are usually stored on users’ computers, in which the usage behavior and interests of users are stored. Furthermore, data may also be stored in user profiles independently of the devices used by users (in particular if users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer you to the data protection regulations and information provided by the operators of the respective networks. There you will also find out in which countries they process your data, what rights you have to information, deletion, and other rights of data subjects, and how you can exercise these rights or obtain further information.
Unless expressly stated in this Privacy Notice, we only process and store your personal data for as long as is necessary to fulfill our contractual and legal obligations or otherwise for the purposes pursued with the processing , i.e., for example, for the duration of the entire business relationship (from the initiation and execution to the termination of a contract and the warranty period, as well as a subsequent support phase) and beyond, in accordance with the statutory retention and documentation periods. It is also possible that personal data may be retained for the period during which claims can be asserted against us and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes).
As soon as your personal data is no longer required for the above-mentioned purposes or a prescribed retention period expires, your personal data will be deleted or anonymized as a matter of principle and as far as possible.
In addition, we will delete your personal data if you request us to do so and we have no legal or contractual retention or other security obligations with regard to this data or any overriding interests in this regard.
We take appropriate technical and organizational security measures to protect your personal data and continuously improve these in line with technological developments. This includes protection against accidental or intentional manipulation, loss, destruction, or unauthorized access by third parties, such as the use of recognized encryption methods (e.g., encryption using SSL/TLS).
The measures taken are designed to ensure the confidentiality and integrity of your personal data as well as the availability and resilience of our systems and services when processing your personal data on a permanent basis. They also ensure the rapid restoration of the availability of your personal data and access to it in the event of a physical or technical incident.
We also take our own internal data protection seriously. Our employees and the service providers we commission are obliged to maintain confidentiality and comply with data protection regulations. Furthermore, they are only granted access to your personal data to the extent necessary.
You have the right to obtain information about the personal data we process about you, provided that there is no legal obligation to the contrary. If the relevant legal requirements apply and the conditions are met, you are also free to request data transfer, correction, deletion, or restriction of processing.
You are also free to revoke your consent to the processing of your personal data at any time. Within the framework of the applicable legal requirements, you also have the right to object to certain processing operations, for example if these are based on a balancing of interests. In particular, you have the right to object to the processing of your data in connection with direct marketing.
Where applicable, you also have the right to enforce your claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC) (https://www.edoeb.admin.ch/en).
Please note that we reserve the right to apply the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are permitted to invoke this) or need it to assert claims.
Please also note that exercising these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract or cost implications. In this case, we will inform you in advance if this is not already regulated in the contract.
If you have any questions regarding our data protection practices or would like information about your rights and how to exercise them, please contact us using the contact details provided in this Privacy Notice. If necessary, we reserve the right to request your identification in order to process your request in an appropriate manner.
We expressly reserve the right to amend and supplement this Privacy Notice at any time and at our sole discretion. All changes and additions are at the sole discretion of the company.
The responsible party within the meaning of data protection laws is:
Swiss GRC AG
Hirschmattstrasse 36
6003 Lucerne
Switzerland
Tel.: +41 41 220 75 00
Email:info@swissgrc.com
Website: www.swissgrc.com
Our data protection advisor is:
Swiss Infosec AG
Meienriesliweg 15
6210 Sursee
Tel.: +41 41 984 12 12
Email infosec@infosec.ch
Website: www.infosec.ch
We have the following data protection representative in accordance with Art. 27 GDPR. The data protection representative serves as an additional point of contact for supervisory authorities and data subjects in the European Union (EU) and the rest of the European Economic Area (EEA) for inquiries relating to the General Data Protection Regulation (GDPR):
Swiss Infosec (Germany) GmbH
Unter den Linden 24
10117 Berlin, Germany
Tel.: +41 41 984 12 12
Email privacy@swissinfosec.de
We have the following data protection representative in accordance with Art. 27 UK GDPR. The data protection representative serves as an additional point of contact for supervisory authorities and data subjects in the United Kingdom for inquiries relating to the UK GDPR:
Swiss GRC (UK) Ltd.
5th Floor 167-169 Great Portland Street
London W1W 5PF
England
DE