A. Controller and Responsibility
The responsible for the processing of personal data and therefore the controller in accordance with this privacy statement is APSS Software & Services AG, Thurgauerstrasse 39, 8050 Zürich (“APSS”). The data protection officer at our company can be reached at the aforementioned postal address or by e-mail to dataprotection[at]casra.ch
B. Personal data and terminology
Personal data is all information relating to a specific or identifiable (i.e., identified or identifiable) natural person such as name, address, telephone number, e-mail address, date of birth, etc. (“personal data”).
Processing means any operation with personal data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of data (“processing” or processed”).
Data Subject is any natural person whose personal data is processed (“data subject”).
Any private natural or legal person, public authority, agency or other entity that alone or jointly with others decides on the purpose and the means of the processing is a controller (“controller”).
Any natural or legal person, public authority, agency or other entity which processes personal data on behalf of the controller is a processor (“processor”).
C. Collection of personal data
You or the persons concerned provide us with some of the personal data yourself by making it available to us, using our services or contacting us by e-mail, telephone or in person. This includes, for example, name, contact data, date of birth, professional function, financial situation, pictures, other data in connection with the business relationship (e.g. personal data in correspondence, contracts), etc. We also process personal data that we receive from applicants for jobs. We may also collect personal data ourselves, e.g., if you or the company for which you work use our services, or we obtain data (e.g. information from media and Internet, credit information, your addresses and possibly interests and other socio-demographic data) from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, press, internet, media, social media). Furthermore, we may collect data from other companies (including those within the Company Group), from authorities and other third parties or your personal surroundings, or if you use our website (see section J). We collect this data for the purposes laid down in section D, unless otherwise referred to.
If you have given us consent to process your personal data for specific purposes (for example, when you register to receive newsletters), we will collect your personal data within the scope set and based on this consent. We may also base the collecting and processing of personal data on other legal grounds, if at all necessary. These include the fulfillment of a contract, the implementation of pre-contractual measures or the protection of other legitimate interests (see section D).
If you are acting on behalf of a third party or providing us with information about a third party, you declare that you are an authorized representative or agent of that third party and/or that you have obtained all necessary consents from that third party to the collection, processing, use and disclosure of their personal information to us or by us in accordance with the terms of this privacy statement.
D. Purposes of processing and categories of personal data processed for this purpose
We use personal data mentioned under section C in particular to fulfill the purposes of our organization, to provide our services and to initiate and execute agreements with our customers and business partners, as well as to comply with our legal obligations. If you work for our customers or business partners, your personal data may also be affected in this function.
In addition, we also process personal data about you and other individuals, to the extent permitted and as we deem appropriate, for the following purposes (the personal data to be processed for each purpose are indicated in brackets):
- providing and developing our products, services and websites, apps and other platforms, on which we are active; (name, contact details, professional and business functions, financial situation, data in connection with the business relationship [e.g. personal data in correspondence, contracts], data from public sources [including data from the media and Internet], data from other companies, from other third parties; data that we receive from your environment or through the use of our website);
- communication with third parties and processing of their inquiries (e.g., job applications, media inquiries); (name, contact details, date of birth, professional and business functions, financial situation, data from application documents and interviews, data in connection with the business relationship [e.g. personal data in correspondence, contracts], data from public sources [including data from the media and Internet], data from other companies, from other third parties; data that we receive from your environment or through the use of our website, […]);
- customer acquisition; (name, contact details, professional and business functions, data in connection with the business relationship [e.g. personal data in correspondence, contracts], data from public sources [including data from the media and Internet], data from other companies, from other third parties; data that we receive from your environment or through the use of our website);
- advertising and marketing (including the organization of events), provided you have not objected to the use of your data; (name, contact details, professional and business functions, data in connection with the business relationship [e.g. personal data in correspondence, contracts], data from public sources [including data from the media and Internet], data from other companies, from other third parties; data that we receive from your environment or through the use of our website);
- market and opinion research, media monitoring; (name, contact details, professional and business functions, data in connection with the business relationship [e.g. personal data in correspondence, contracts], data from public sources [including data from the media and Internet], data from other companies, from other third parties; data that we receive from your environment or through the use of our website);
- guarantees of our operations, in particular IT, our websites, apps and other platforms; (name, contact details, professional and business functions, data in connection with the business relationship [e.g. personal data in correspondence, contracts], data from public sources [including data from the media and Internet], data from other companies, from other third parties; data that we receive from your environment or through the use of our website);
- video surveillance to maintain house rules and other measures for IT, building and facility security and protection of our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings, pictures of you);
E. Duration of retention
Unless an explicit retention period is specified at the time of collection or in this privacy statement, we process and store personal data until it is no longer required to fulfill the purpose for which it was collected, unless legal retention obligations (e.g., commercial and tax retention obligations) do not allow deletion. It is possible that personal data will also be retained for the period in which claims can be asserted and insofar as we are otherwise legally obligated to do so, or legitimate business interests require this (e.g., for evidence and documentation purposes).
F. Rights of the data subject
Consent given can be revoked at any time, without affecting the lawfulness of the data processing carried out already. In addition, depending on the circumstances and the applicable data protection law you may have the right to Information, correction, deletion, or restriction of the processing of your personal data, the right to object to the processing and the right to data portability. Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as the premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated. We are also entitled to make use of the statutory restrictions on your rights, for example if we are obliged to retain or process certain data, have an overriding interest in doing so, or require it for the assertion of claims.
In addition, every data subject has the right to enforce his or her claims in court or to file a complaint with the competent data protection authority, if the applicable data protection law provides such a right. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC/EDÖB).
Regarding your rights as well as further questions, suggestions, and comments on the subject of data protection, please contact the person responsible for data protection at the contact data mentioned at the beginning (see section A).
G. Security
We take appropriate measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. For this purpose, we use appropriate technical and organizational measures. However, we cannot guarantee the absolute security of the data.
Unless otherwise agreed, we do not accept any liability for breaches of these safety regulations unless they are intentional or due to gross negligence.
H. Data transfer
Within the scope of our business activities, we also disclose personal data to third parties, insofar as this is permissible and appears to us to be appropriate, either because they process data for us or because they use the data for their own purposes. This concerns in particular the following entities:
- service providers of us (e.g., banks, insurance companies), including order processors (such as newsletter, cloud or IT providers);
- dealers, suppliers, subcontractors and other business partners;
- customers;
- media;
- the public, including website and social media visitors;
- industry organizations, associations, organizations and other bodies;
- other companies of the Company Group.
In this context, your personal data may be stored in Switzerland as well as in other countries in Europe and the United States where the service providers we use are located (such as Micro-soft). If personal Data is processed outside of Switzerland or the European Economic Area, we will take the steps required by applicable data protection law to ensure that your personal Data is treated as securely and safely as it is in Switzerland or within the European Economic Area, unless we can rely on an exception clause. An exception may apply in the case of legal proceedings abroad, but also in cases of prevailing public interests, if the performance of a contract requires such disclosure or if you have consented.
I. Data processing through use of the website
During your visit to the website, general information is automatically collected (e.g., date of your visit, time zone, type of web browser and its settings, version and language, your IP address, MAC address of the terminal device (e.g., computer or cell phone), the operating system used, content retrieved and the domain name of your internet service provider, geolocation data). We use this data for the in lit. D named purposes, therefore in particular for marketing and administrative purposes as well as to ensure the functionality of the website. This data is also necessary to correctly operate and optimize the content of the website, to ensure the long-term functionality of our IT systems and the website, and to provide law enforcement authorities with the information they need to prosecute in the event of a cyber-attack. You can deactivate or activate some services on our website individually.
1. SSL-encryption
This website uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”.
2. Server-Log-Files
The provider of this website automatically collects and stores information in so-called “server log files”, which your browser automatically transmits to us. In particular, the information listed at the beginning under section J is transmitted.
3. Cookies
3.1 Definition
Cookies are small files that are stored on your terminal device when you use our website.
3.2 Essential and non-essential cookies
Essential cookies are files that are sent to the browser on your computer’s hard drive to ensure the functionality of the website and to enable us to provide you with certain features. They do not require the consent of the users of the website.
With the help of non-essential cookies, we collect information about visits to the website. In addition, we use non-essential cookies to improve the user-friendliness of the website, to adapt our offer to customer preferences and to make your browsing experience on the website as comfortable as possible. We also use cookies to optimize our advertising. Non-essential cookies require depending of the applicable law the consent of the users of the website.
3.3 Session-cookies and persistent cookies
So-called “session cookies” are automatically deleted after the end of your visit. For example, we may use session cookies for already completed online forms or language settings across different pages of an internet session. In addition, we also use persistent cookies. These remain stored on your terminal device after the end of the browser session if you do not delete them. When you visit our website again, it will then automatically recognize which inputs and settings you prefer. Depending on the type of cookie, these cookies remain stored on your terminal device for a limited period of time (e.g., two years) and are automatically deactivated after the programmed time has expired. They serve to make our website more user-friendly, more effective and more secure. Thanks to these cookies, you will, for example, be shown information on the page that is specifically tailored to your interests.
3.4 Activation, deactivation, and deletion of cookies
All web browsers offer the possibility to activate, deactivate or delete the use of cookies by configuring the settings or options of the browser accordingly. If cookies are completely or partially disabled or deleted, not all functions of the website may be available.
3.5 Cookies and personal data
For the cookies we use, no personal data is usually stored. However, personal data that we or third-party providers commissioned by us store from you (e.g., if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.
4. Integration of Google services
On our website we use the following services from Google: reCAPTCHA, fonts, Tag manager. The Google company in question is based in Ireland. Google Ireland relies on Google LLC (based in the USA) as a sub-processor (both “Google”). Although we can assume that the data Google retrieves and stores when our website is used is not personal data, it is possible that Google may draw conclusions about the identity of visitors from this data in conjunction with data collected by Google itself for its own purposes and link this data to the Google accounts of these persons. If you have registered with Google yourself, Google may also be able to recognize you. The processing of your personal data by Google then takes place under its responsibility in accordance with its data protection provisions. For further information on data protection (in particular the scope, nature and purpose of data processing), please refer to the relevant Google data protection statement.
When using Google Analytics, we can measure and evaluate the use of the website (not person related). For this purpose, permanent cookies are used, which Google itself sets. For Google Analytics, we have configured the service in a way that the IP addresses of visitors are shortened by Google in Europe before any forwarding to the USA and thus cannot be traced. We have switched off the “Data forwarding” and “Signals” settings. Google only tells us how our respective website is used (no information about you personally).
5. Links to other Websites
The website contains links to other websites. We have no influence on whether their operators comply with the applicable data protection provisions. We exclude any responsibility or liability for websites of third parties that can be accessed via the links.
6. Social-Media-presence
We may operate online presences on social networks and other platforms operated by third parties. We receive data from you and the platforms when you get in contact with us via our online presence on the respective platforms (e.g., when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms (e.g., about your behavior and preferences). They also process this data for their own purposes under their own responsibility, in particular for branding purposes and to control their platforms (e.g., which content they provide to you).
Content published by you (e.g., comments) may be redistributed by us (e.g., in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or to you in accordance with the usage guidelines (e.g., inappropriate comments).
For further information on the processing of the platform operators, please refer to the data protection notices of the respective platforms. In there you will also find out in which countries they process your data, what rights you have to information, deletion or other data subject rights and how you can exercise these or obtain further information. We currently use the following platforms:
LinkedIn (https://ch.linkedin.com/)
J. Final provisions
This privacy statement is not part of any contract with you. We reserve the right to change the content of this privacy statement at any time and without notice. The current version published on our website applies. We therefore recommend that you consult this privacy statement regularly. In addition to this data protection statement, we may inform you separately about the processing of your data, for example by means of further separate data protection statements relating to specific relationships (e.g., customer, client, or applicant relationships).