Data Privacy

1. Basic information on data processing and legal basis

This data protection declaration informs you about the type, scope and purpose of the processing of personal data within our offer and the websites, functions and content connected to it (hereinafter jointly referred to as “offer” or “website”).

For the terminology used, such as “personal data”, pseudonymization, consent, responsible party or their “processing”, we refer to the definitions in Art. 4 of the EU General Data Protection Regulation (GDPR).

For reasons of readability, the masculine form has been chosen in the text; nevertheless, the information refers to members of all genders.

We process users’ personal data in compliance with the relevant data protection regulations (Swiss data protection law, in particular the Federal Data Protection Act (FADP) and, in the case of an application of Art. 3 EU GDPR, the EU GDPR). This means that user data will only be processed if a legal permission exists. I.e., in particular if the data processing is necessary or required by law for the provision of our contractual services (e.g. processing of orders) and online services.

Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people. We do not knowingly collect such data or pass it on to third parties.

2. Collection of access data and log files

We collect a series of general data and information with each call of the website by a person or an automated system. This general data and information is stored in the log files of the server. The name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum period of six months and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.

3. Disclosure of data to third parties and third-party providers

Data logged when accessing our website will only be transmitted to third parties if we are obliged to do so by law, contract or court order.
In the case of ordering information material, brochures or products, we use the personal information you provide only within Swiss Global Cert. A transfer to third parties, for commercial or non-commercial purposes, does not take place.
Swiss Global Cert undertakes to use the personal data of the certified persons exclusively for certificate administration purposes (e.g. exchange of information in the event of certificate loss), control and abuse verification purposes (e.g. prevention of forged certificate documents) and quality assurance purposes.
The certification body Swiss Global Cert undertakes to implement the guidelines of the EU Data Protection Regulation (DSGVO/GDPR) with regard to “Privacy by Design”, i.e. the technical and organizational measures, and with regard to “Privacy by Default”, i.e. the scope and use of the collected data.

4. Data processing in the context of the provision of contractual services

We process inventory data (e.g. e-mail address, title, first and last name and private/company address) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. DSGVO, respectively according to Art. 4 para. 3 DSG.

5. Contact and order

When contacting us (via contact form or e-mail), the user’s details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 para. 1 lit. b) DSGVO, or pursuant to Art. 4 para. 3 DSG.

6. Cookies & Reach Measurement

This website uses cookies. Cookies are small text files that are permanently or temporarily stored in your computer when you visit this website. The purpose of the cookies is in particular the analysis of the use of this website for statistical evaluation as well as for continuous improvements.

In your browser, you can disable cookies in full or in part at any time in the settings. If cookies are deactivated, not all functions of this website may be available to you.

7. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The anonymization function has the effect that your IP address is shortened and thus anonymized before it is transmitted to the USA. This means that Google cannot associate your IP address with any other Google data.

The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (www.privacyshield.gov/participant).

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

As a user, you can prevent the storage of cookies by selecting the appropriate settings on your browser software. In addition, you can prevent the collection of data generated by the cookie and related to your use of the offer, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.

For more information about Google’s data use, settings and opt-out options, please visit Google’s websites: http://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when you use our partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“Data use for advertising purposes”), http://www.google.de/settings/ads (“Manage information Google uses to serve you ads”).

Further information and the applicable privacy policy of Google can be found at http://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html.
Further information about Google Analytics can be found under this link: http://www.google.com/intl/de_de/analytics/

8. Integration of third party services and content

Within our offer, we use content or service offers from third parties on the basis of our legitimate interests (i. e. interest in the analysis, optimisation and economic operation of our offer in accordance to Art. 6 Abs. 1 lit. f DSGVO, Art. 13, Abs. 2 DSG) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always assumes that the third party providers of this content are aware of the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore required for the display of this content. We make every effort to use only those contents whose respective providers use the IP address only to deliver the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information on the browser and operating system, referring websites, visiting times and other details on the use of our offer, as well as being linked to such information from other sources.

The following presentation offers an overview of third party providers and their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, the possibility to object (so-called opt-out):

• Maps provided by the “Google Maps” service of the third party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: www.google.com/policies/privacy/, Opt-Out: www.google.com/settings/ads/.
• Videos from “YouTube” the third-party provider YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Die YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Privacy policy: www.google.com/policies/privacy/, Opt-Out: www.google.com/settings/ads/.
• External code of the JavaScript framework “jQuery”, provided by the third-party provider jQuery Foundation, jquery.org.
• Newsletter tool, provided by the third-party provider: rapidmail, Augustinerplatz 2, 79098 Freiburg i.Br., Germany, Privacy policy: https://www.rapidmail.de/datenschutz.

9. Rights of the data subject

Every data subject has the right to request confirmation from us as to whether we are processing his or her personal data.

Any person affected by the processing of personal data may at any time request from us, free of charge (a fee may be charged in case of repeated or abusive assertion), information about the personal data stored by us about his person. We will provide the following information:

• the purposes of processing
• the categories of personal data processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed
  if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
• the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or to obtain the restriction of processing by Swiss Global Cert, or a right to object to such processing
• the existence of a right of appeal to a supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC)
  if the personal data is not collected from the data subject: All available information about the origin of the data.

Furthermore, the data subject has a right to information as to whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject shall have the right to obtain information on the appropriate safeguards in connection with the transfer.

Furthermore, the data subject shall have the right, taking into account the purposes of the processing, to request that incomplete personal data be completed, including by means of a supplementary declaration.

Any person concerned by the processing of personal data has the right to obtain the immediate erasure of personal data concerning him or her, unless such data are necessary for the processing. E.g. for the creation of certificates or the provision of services on the part of Swiss Global Cert.

Any person concerned by the processing of personal data has the right to obtain from us the restriction of processing if one of the following conditions is met:

• The accuracy of the personal data is contested by the data subject for a period enabling us to verify the accuracy of the personal data.
• The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
• We no longer need the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
• The data subject has objected to the processing and it is not yet clear whether our legitimate grounds override those of the data subject
• Any person concerned by the processing of personal data has the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her.

Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.
If a data subject wishes to exercise one or more data subject rights, he or she may, at any time, write to: Swiss Global Cert, Gartenstrasse 4, 6300 Zug, Switzerland, info@swissglobalcert.com.

10. Data deletion

The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes.

11. Right of objection

Users may object to the future processing of their personal data in accordance with the legal requirements at any time. The objection can be made in particular against the processing for purposes of direct advertising.

12. Safety measures

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

13. Changes to the privacy policy

In the course of the further development of our websites and the implementation of new technologies, changes to this data protection declaration may become necessary. Therefore, we recommend that you re-read this privacy statement from time to time.

Users are requested to inform themselves regularly about the content of the data protection declaration.