de_DE DE
Contact
Get in touch

2023

Privacy policy

Data protection is important to us

We take the protection of your personal data very seriously. In this privacy policy, we inform you about how we collect and otherwise process personal data via this website.

The protection of your personal data and your privacy are important to us. You can expect us to handle your data sensitively and carefully and to ensure a high level of data security.

We are committed to handling your data responsibly. Consequently, we consider it a matter of course to comply with the Swiss Federal Data Protection Act (FADP), the Ordinance to the Federal Data Protection Act (FADP) and other data protection regulations that may be applicable.

This privacy policy covers both the online and offline collection of personal data, including personal data obtained from various sources, e.g. website visitors, contractors, service providers and authorities.

Personal data is information that makes it possible to identify a natural person. This includes in particular name, date of birth, address, telephone number, e-mail address and also your IP address.

Scope and purpose of the collection, processing and use of personal data

When you visit our website, our servers temporarily store the following data in a log file, the so-called server log files:

  • IP address of the requesting computer
  • Date and time of access/retrieval
  • Name and URL of the retrieved data
  • Operating system of your computer and the browser you are using
  • Country from which our website is accessed
  • Name of your internet access provider
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred
  • Last visited website
    browser settings
  • Language and version of browser software
  • Activated browser plug-ins

 

The basis for the temporary storage of your personal data and the log files is our legitimate interest. The legitimate interest exists in order to

  • enable the use of our website (connection establishment);
  • to ensure system security and stability on a permanent basis;
  • to further improve our offer and our internet presence;
  • to collect statistical data;
  • to provide law enforcement authorities with the information necessary for prosecution in the event of an incident.

 

This data is not stored together with other personal data. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of your personal data for the provision of the website, this is the case when the respective session has ended.

On our website, you have the option of contacting us via a contact form and/or by e-mail. In this case, the information you provide will be processed for the purpose of handling your enquiry and processing it.

The personal data you provide will not be merged with other data.

The basis for processing your personal data is our legitimate interest in processing your enquiry. If the contact serves to fulfil a contract to which you are a party or to carry out pre-contractual measures, this is an additional basis for processing your personal data.

You can object to this data processing at any time. Please send your objection to the following e-mail address: info@siwssgrc.com and we will examine your request. In such a case, your request will not be processed further.

If you apply for a job with us, we process the personal data that we receive from you as part of the application process. In addition to your personal details, education, work experience and skills, this includes the usual correspondence data such as postal address, e-mail address and telephone number. In addition, all documents submitted by you in connection with the application, such as a letter of motivation, curriculum vitae and references, will be processed. In addition, applicants may voluntarily provide us with additional information. This data will only be stored, evaluated, processed or forwarded internally in connection with your application. Furthermore, they may be processed for statistical purposes (e.g. reporting). In this case, no conclusions can be drawn about individual persons.

Processing may also take place by other electronic means. This is particularly the case if you send us the relevant application documents electronically, for example by e-mail.

Your application data is stored separately from other user data and is not merged with it.

The basis for processing your personal data is our legitimate interest in processing your application. If a contract is concluded, the data is processed for the purpose of implementing the employment relationship. Prior to this, it is used to initiate an employment relationship as a pre-contractual measure.

You can object to this data processing at any time and withdraw your application. Please send your objection to the person named as contact person in the job advertisement or to the e-mail address: office@swissgrc.com.

If we conclude an employment contract with you, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

If the application procedure ends without employment, your personal data will be deleted.

If you visit us at a corporate event (e.g. SWISS GRC DAY), we process your personal data (e.g. names and addresses as well as your contact data). The processing of your personal data serves to ensure the smooth running of the respective event.

The basis for processing your personal data is the fulfilment of a contract or our legitimate interest in the smooth administration and implementation of the respective event.

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

For the purpose of fulfilling our contractual and pre-contractual obligations, we process your inventory and contractual data (e.g. services used, subject matter of the contract, contractual communication, names of contact persons). The data processed, the type, scope, purpose and necessity of its processing are determined by the underlying contractual relationship.

The deletion of the data takes place when the data is no longer required for the fulfilment of contractual or legal duties of care as well as for dealing with any warranty and comparable duties, whereby the necessity of retaining the data is reviewed at irregular intervals. In all other respects, the statutory retention obligations shall apply.

We process data within the scope of administrative tasks and organisation of our operations, financial accounting and in compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of providing our contractual services. Customers, interested parties, business partners and website visitors are affected by the processing.

The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve the maintenance of our business activities, the performance of our tasks and the provision of our services.

Furthermore, we store information on suppliers, organisers and other business partners on the basis of our business interests, e.g. for the purpose of later contact recording. This data, most of which is company-related, is generally stored permanently.

Cookies

We use so-called cookies on our website. Cookies are small text files that are placed and stored on your end device (laptop, tablet, smartphone or similar) with the help of the browser. They serve to make our website more user-friendly and effective overall and to make your visit to our website as pleasant as possible. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.

Most of the cookies we use are so-called session cookies. These are automatically deleted when you log out or close the browser. Other cookies remain stored on your computer beyond the respective usage process and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit. Insofar as other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these are dealt with separately in this data protection declaration.

The basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the basis for processing your data is your consent. Otherwise, the personal data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in analysing and optimising our services and offers) or, if the use of cookies is necessary to fulfil our contractual obligations.

Regardless of whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent you have given or to object to the processing of your data using cookie technologies. You can set up your browser so that it informs you about the setting of cookies and you only allow the acceptance of cookies for certain cases in individual cases or generally exclude them. You can also activate the automatic deletion of cookies when closing the browser. In addition, you can delete cookies that have already been set at any time via an Internet browser or other software programmes.

You can find out about this option for the most commonly used browsers via the following links:

·        Internet Explorer:

Deleting and managing cookies

·        Microsoft Edge:

Broswer data and data protection

·        Firefox:

Improved protection against activity tracking

·        Google Chrome:

Delete, activate and manage cookies in Chrome

·        Safari:

Managing cookies and website data

·        Opera:

Security and privacy

However, the complete deactivation of cookies may mean that you may not be able to use all the functions of our website to their full extent.

Analytics tools

We use a web analytics service on our website provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, or if you are a resident of the European Union (EU), the European Economic Area (EEA) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google uses cookies. The information generated by the cookie about your use of our website (including your IP address) may be transmitted to and stored by Google on servers in the United States.

Google uses this information to evaluate your use of our website, to compile reports on website activity and to provide us with other services related to website and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

We only use Google Analytics with IP anonymisation activated. This means that your IP address is shortened by Google within Switzerland or the EU/EEA before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

You can prevent the storage of cookies yourself by setting your browser software accordingly. In addition, you can prevent data collection and processing by Google by downloading and installing the browser add-on to deactivate Google Analytics.

An opt-out cookie is set that prevents the future collection of your data when visiting our website. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

Your personal data will be deleted or anonymised after 14 months.

For further information, please refer to the terms of use for Google Analytics, or Google’s privacy policy.

Our website uses the remarketing function of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, or if you have your habitual residence in the European Union (EU), the European Economic Area (EEA) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

The function is used to present website visitors with interest-based advertisements within the Google advertising network. A cookie with a limited validity is stored in your browser, which makes it possible to recognise you when you visit websites that belong to the Google advertising network. On these pages, you may be presented with advertisements that relate to content that you have previously accessed on websites that use Google’s remarketing function.

According to its own information, Google does not collect any personal data during this process. However, if you do not wish to use Google’s remarketing function, you can generally deactivate it by making the appropriate settings. Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative or the European Interactive Digital Advertising Alliance (EDAA).

On our website, we use the online advertising programme Google Ads, a service of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, which belongs to Google marketing services, or if you have your habitual residence in the European Union (EU), the European Economic Area (EEA) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

In the process, Google Ads will set a cookie on your terminal device (a so-called “conversion cookie”) if you have reached our website via a Google ad. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognise that you have clicked on the ad and have been redirected to our website. Each Google Ads customer receives a different cookie. Thus, there is no way that cookies can be tracked across Ads customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. We do not receive any information that identifies you personally.

The information collected by the cookie about your use of our website may be transmitted to and stored by Google on servers in the United States. Based on the information collected, categories relevant to your interests are assigned to your browser. These categories are used to display interest-related advertising.

You have the option to object to interest-based advertising by Google. To do so, call up the following link via the browser(s) you use and make the desired settings there: https://adssettings.google.ch/.

Further information on the terms of use and data protection of Google Ads can be found at https://policies.google.com/technologies/ads?hl=en.

We use the Google Marketing Platform (“GMP”), a service of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, on our website, or if you have your habitual residence in the European Union (EU), the European Economic Area (EEA) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

GMP enables us to show you personalised advertising. For this purpose, a cookie with a limited validity is stored on your terminal device. This cookie is used to assign an identification number (ID) to your browser and to collect information about the advertising displayed in your browser and how it is accessed. In addition, Google can use cookie IDs to record so-called conversions, i.e. whether a website visitor sees an advertisement and later calls up the advertiser’s website and makes a purchase there. According to Google, these cookies do not contain any personal data.

Your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this service. According to its own information, Google receives the information through the integration of these services that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider may obtain and store your IP address. In the context of using GMP, personal data may also be transmitted to the servers of Google LLC. in the USA.

We use GMP on the basis of our legitimate interest in the optimal marketing of our website.

You can refuse the use of cookies by making the appropriate settings in your browser. In addition to changing your browser settings, you have the option of permanently deactivating personalised advertising by installing a browser plug-in (available for Chrome, Firefox and Internet Explorer). You also have the option of disabling personalised advertising for a specific device and browser via Google’s advertising settings.

Further information about the Google Marketing Platform and data protection can be found at: https://policies.google.com/technologies/ads?hl=en.

We use Opentracker, a web analytics service provided by Opentracker.net (Opentracker, Torenallee 45 – 7.17, 5617 BA Eindhoven, The Netherlands), on our website.

Opentracker uses cookies that are stored on your terminal device. The data generated by the cookie about your use of this website is usually transmitted to a server of Opentracker, collected and stored. These cookies have a limited validity. The Opentracker servers are operated in various countries, including the Netherlands and Germany.

You can prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

Opentracker.net assures in its terms and conditions that the data and statistics are not sold or passed on to third parties. The information collected will not be used by Opentracker for marketing or other data collection purposes. Further information on data protection can be found in Opentracker’s privacy policy.

We use Hotjar to better understand the needs of our users and to optimise the offering and experience on this website. Hotjar’s technology gives us a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and helps us to tailor our offering to our users’ feedback. Hotjar uses cookies and other technologies to collect data about the behaviour of our users and their devices, in particular the IP address of the device (only collected and stored anonymously during your use of the website), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for viewing our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

For more information, please see the ‘about Hotjar’ section of Hotjar’s help page.

Content Management System (CMS)

We use the WPML plugin from OnTheGoSystems Ltd, 22/F 3 Lockhart Roard, Wanchai, Hong Kong, on our website.

This plugin enables us to display the website in different languages. When you visit our website, WPML stores a cookie with a limited validity on your end device to save the language setting you have selected. Personal data may also be stored and analysed. This mainly concerns the activities of the website visitor, e.g. which pages have been visited and which elements have been clicked on, as well as device and browser information, such as IP address and operating system used.

Further information on the collection and storage of data by WPML, as well as on the options for objection and removal vis-à-vis WPML, can be found in WPML’s privacy policy.

Our website uses the Yoast SEO plugin from Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, The Netherlands.

The plugin serves the technical optimisation of our website for search engines, which increases our visibility in them. No personal data is processed, collected or stored in any way by the Yoast plugin, neither at Yoast itself nor on their servers.

For more information, please refer to the Yoast BV privacy policy and the Yoast help centre.

We use the Wordfence security plugin from Defiant Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA on our website.

This plugin serves to protect our website. It is a malware scanner and a web application firewall for WordPress websites.

Wordfence collects your IP address as well as other data about your behaviour on our website, in particular URLs called up and header information, for protection against attackers from the Internet. Your IP address is compared with a list of known attackers. Cookies are also set for registered users.

The plugin enables us to block the IP address of persons who want to gain unauthorised access to the administration of our website or attack the website in other ways from any further access.

Further information on the handling of user data can be found in the Wordfence privacy policy.

Google reCAPTCHA

We use the reCAPTCHA function of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website, or if you have your habitual residence in the European Union (EU), the European Economic Area or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

This function is primarily used to distinguish whether an entry is made by a natural person or improperly by machine and automated processing. The service also includes the sending of the IP address and any other data required by Google for the reCAPTCHA service to Google.

The purpose of reCAPTCHA is to check whether the data input on our website (e.g. in a contact form) is made by a human being or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

The data processing is carried out on the basis of our legitimate interest in protecting our web offers from abusive automated spying and from spam.

Further information on Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.

Disclosure of personal data

As a matter of principle, we treat your personal data as confidential and only pass it on if you have expressly consented to this, if we are legally obliged or entitled to do so (e.g. as part of an order data processing) or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we pass on your personal data to third parties insofar as this is necessary or expedient within the framework of the use of the website or for the possible provision of the services requested by you (also outside the website).

In addition to the recipients already mentioned, we disclose your personal data to the following categories of recipients:

  • Service provider
  • Operators of our IT operating infrastructure
  • Business partners
  • Suppliers
  • Authorities and courts

We surely comply with the legal provisions on the disclosure of personal data to third parties. If we use contractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organisational measures to ensure the protection of your personal data in accordance with the relevant legal regulations.

If the level of data protection in a country in which the data is processed does not comply with the applicable data protection regulations, we will ensure by contract that the protection of your personal data corresponds to that in Switzerland or the EU/EEA at all times, for example by including the EU standard contractual clauses.

Storage duration

Unless expressly stated in this data protection declaration, we process and store your personal data only for as long as is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. e.g. for the duration of the entire business relationship (from the initiation and processing to the termination of a contract and the warranty period as well as a subsequent support phase) as well as beyond this in accordance with the statutory retention and documentation periods. It is also possible that personal data will be retained for the time during which claims can be asserted against us and insofar as we are otherwise legally obliged to do so or justified business interests require this (e.g. for evidence and documentation purposes).

As soon as your personal data is no longer required for the above-mentioned purposes or a prescribed retention period expires, your personal data will be deleted or blocked as a matter of principle and to the extent possible.

In addition, we will delete your personal data if you request us to do so at info@swissgrc.com and we have no legal or contractual obligation to retain or otherwise safeguard this data or any overriding interests in this regard.

Data security

We have taken technical and organisational security precautions to protect your personal data against manipulation, loss, destruction or access by unauthorised persons. The measures taken are intended to ensure the confidentiality and integrity of your personal data as well as the availability and resilience of our systems and services in the processing of your personal data on a permanent basis. They also ensure the rapid restoration of the availability of your personal data and access to it in the event of a physical or technical incident.

Our security measures also include encryption of your personal data. All information that you enter online is transmitted via an encrypted transmission path (e.g. encryption using SSL/TLS). This means that this information cannot be viewed by unauthorised third parties at any time.

Our security measures are continuously improved in line with technological developments.

We also take our own internal data protection seriously. Our employees and the service companies commissioned by us are obliged to maintain confidentiality and to comply with the provisions of data protection law. Moreover, they are only granted access to your personal data to the extent necessary.

Links to other websites

Our website may contain links to other websites which are not operated by us and to which this data protection declaration does not apply. After clicking on the link, we no longer have any influence on the processing of any data transmitted to third parties (such as the IP address or the URL), as the behaviour of third parties is naturally beyond our control. Therefore, we cannot assume any liability for these third-party contents. The respective provider or operator of the pages is always responsible for the content of the linked pages.

The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, a permanent control of the contents and examination of the linked pages without concrete indications of a violation of the law is not reasonable. Such links will be removed immediately if infringements become known.

Your rights as a person concerned

You have the right to information about the personal data we process about you, provided that your request does not conflict with any legal obligation. If the relevant legal requirements are applicable and the conditions for this are also met, you are also free to request data transfer, correction, deletion or restriction of processing.

Furthermore, you are free to revoke at any time any consent you have given for the processing of your personal data. Within the framework of the applicable legal provisions, you also have the right to object to certain processing operations, for example if they are carried out on the basis of a balancing of interests. In particular, you have the right to object to the processing of your data in connection with direct advertising.

Where applicable, you also have the right to pursue your claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Swiss Federal Data Protection and Information Commissioner (FDPIC) (https://www.edoeb.admin.ch).

For questions in connection with our data protection policy and for information regarding your rights and the assertion thereof, you can contact us using the contact options provided in this data protection declaration. If necessary, we reserve the right to request your identification in an appropriate manner for the processing of requests.

Changes to the privacy policy

We expressly reserve the right to amend and supplement this Privacy Policy at any time and at our sole discretion. All changes and additions are at the sole discretion of the Company.

Contact

Responsible in the sense of the data protection laws is:
Swiss GRC AG
Hirschmattstrasse 36
6003 Luzern
Schweiz
Phone: +41 41 220 75 00
Email: info@swissgrc.com
Website: www.swissgrc.com

Headquarters

Swiss GRC AG
Hirschmattstrasse 36
6003 Lucerne, Switzerland

International Offices

Germany | UK | UAE

Swiss GRC is among the top five percent of the most popular companies on kununu
Solutions
Swiss GRC is an official licensee of the BSI IT baseline protection compendium
Company
News & Events
ISO certified
ISO certified
Subscribe to newsletter

Always stay up to date with our newsletter.

Subscribe
Follow us
Twitter Linkedin Youtube Instagram

© Swiss GRC AG 2024. All rights reserved.

Privacy policy         Imprint