1. Introduction
This Privacy Policy contains information on how we, EDV Werke AG, Baar, Switzerland, collect, use and process your personal data (hereinafter also referred to as “process” or “processing”).
Depending on the personal data processing, not only the Swiss Federal Data Protection Act (FADP) or the associated Ordinance (OAD), but also the EU General Data Protection Regulation (GDPR) may apply.
In the following, we would like to inform you about how we process your personal data.
2. What data is collected
Personal data means any information relating to an identified or identifiable natural person (‘data subject’).
3. Scope and purpose of the collection, processing and use of personal data
3.1 Where do we get your data from?
Your data can reach us via the following ways:
3.1.1 Use of our website www.edvwerke.ch (“Website”).
3.1.2 Conclusion and management of an agreement with us
3.1.3 Your subscription to our newsletter
3.1.4 Your application for a job with us
3.1.5 Your contact via e-mail
3.2 What do we process your data for
The processing of your data primarily enables us to provide our services, such as consulting, project collaboration, software development etc. In addition, we regulate, analyse and continuously improve our services and related products. We also process the collected data for communication purposes. In addition, personal data may also be taken from publicly accessible sources, such as the Internet, public registers, the press or similar.
Your personal data will only be passed on to third parties in the event of your express consent, a legal obligation or the enforcement of contractual interests on our part.
Unless otherwise agreed, the personal data collected will only be stored for as long as is necessary for the conclusion and processing of the contract or for contractual or legal obligations or similar purposes. purposes. Personal data that is not required is subsequently deleted.
3.2.1 Use of our website or our subdomains
Every visit to our website or our subdomains is stored on our server. For this purpose, we use the generally known internet technology, the so-called “cookies”. The following data is collected without your intervention and stored until it is automatically deleted by us:
• the IP address of the requesting computer,
• the name of your internet access provider (usually your internet access provider),
• the date and time of access,
• the name and URL of the retrieved file,
• the website from which our URL was accessed and, if applicable, the search term used,
• the country from which our website is accessed,
• the operating system of your computer and the browser you use (provider, version and language) and
• the transmission protocol used (e.g. HTTP/1.1).
The primary aim of collecting and processing this data is to enable you to use our website (connection establishment) and to ensure the security of the website system as well as to optimize our internet content. Finally, we process the data internally for statistical purposes. The basis for our overriding private interest is provided by Art. 13 Para. 1 DSG in conjunction with Art. 6 Para. 1 lit. Art. 6 para. 1 lit. f GDPR. This basis covers the evaluation of personal data in the event of a cyberattack or suspected misuse of our website, our subdomains or our network infrastructure. If necessary, the evaluated personal data will be used in proceedings of a criminal or civil nature against the data subject(s).
3.2.2 Your application for a job
You have the possibility to apply via e-mail or by post. Depending on the data actually submitted, this is usually:
• Contact details of the applicant and the reference person
• Cover letter
• Application photo or video
• Performance records
• Curriculum Vitae
• Criminal record extract (only if expressly requested)
• Social Security number
We process this data for the purpose of recruitment. The processing of personal data is based on Art. 6 para. 1 lit. b GDPR. If no employment is found, we will delete your data without unnecessary delay, unless you agreed to participate in the recruitments announced by EDV in the future. In such case we will delete your data after 2 years without active processing, unless you provided a new consent.
3.2.3 Your contact via e-mail or telephone
It is possible to contact one of our experts via e-mail or telephone. Each sender/client is responsible for the data contained in the e-mail or passed on in the telephone call and thus made available to us. For our part, personal data is only collected to the extent that it is necessary to answer your enquiry or to provide our service.
The processing of personal data is based on Art. 6 para. 1 lit. b GDPR (see 11. Justification).
4. Cookies
Finally, we use cookies and other applications based on cookies when you visit our website(s). For more information, please see section 7 Cookies.
5. Social media plugins
Our internet pages use social plugins, e.g. Twitter, LinkedIn, Facebook and Instagram. The plugins are marked with the provider’s logo.
When you call up our Internet pages that contain such a plugin, your browser establishes a direct connection with the provider’s computers. The content of the plugin is transmitted directly to your browser by the provider and integrated into the website by the browser. By integrating the plugins, the provider receives the information that you have accessed our website. If you are logged in to the provider at the same time, the provider can assign the visit to your profile. If you interact with the plugins – for example, by clicking the button or posting a comment – the corresponding information is transmitted directly from your browser to the provider and stored there.
If you do not want the provider to collect data about you via our website, you must log out from the provider before visiting our website. Even when you are logged out, the providers collect anonymised data via the social plugins and set a cookie for you. If you log in to the provider at a later time, this data can be assigned to your profile.
If a login is offered via a social login service – e.g. Facebook Connect – data is exchanged between the provider and our website. In the case of Facebook Connect, this may be data from your public Facebook profile, for example. By using such login services, you agree to the data transfer.
For the purpose and scope of the data collection and the further processing of your data by the provider, as well as your rights in this regard and setting options for protecting your privacy, please refer to the provider’s privacy policy.
• Facebook Ireland Ltd. or Facebook Inc: [“https://www.facebook.com/policy.php”].
• LinkedIn Corporation: [“https://www.linkedin.com/legal/privacy-policy”]
• Twitter Inc: [“https://twitter.com/en/privacy”].
• Google Ireland Limited or You Tube: [“https://policies.google.com/privacy”]
If you do not want the providers to collect data about you via these cookies, you can select the function “Block third-party cookies” in your browser settings. Then the browser will not send any cookies to the server for embedded content from other providers. With this setting, other functions of our website may also no longer work.
6. Google Analytics
Our website uses the web analytics service Google Analytics from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies (see under 7. Cookies). These enable an analysis of the use of our website offer incl. IP addresses by Google in the USA.
We would like to point out that the code “gat._anonymizeIp();” has been added to Google Analytics on this website to ensure anonymised collection of IP addresses (so-called IP masking). If anonymisation is active, Google shortens IP addresses within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, which is why no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
For a GDPR-compliant use of Google Analytics, we use the plugin Google Analytics Germanized. Furthermore, Google complies with the data protection regulations Google uses the information collected to evaluate the use of our websites for us, to compile reports for us in this regard and to provide other related services to us.
The protection of personal data is considered to be given when using standard contractual clauses in a contract between data transmitters if they are transmitted from the EEA or UK and are not covered by an adequacy decision.
You can find more information at: http://www.google.com/intl/de/analytics/privacyoverview.html. Information regarding the possibility of deactivating Google Analytics can be found at http://tools.google.com/dlpage/gaoptout?hl=de. In connection with the Google Analytics web analysis service, the following data will be processed from you:
- Masked IP addresses
- In exceptional cases IP addresses
The said data will be processed for the following purposes:
- Ensuring a needs-based design
- Continuous optimisation of our website
- Statistical recording of the use of our website
This data processing is carried out on the basis of overriding private interests in accordance with Art. 13 para. 1 DSG or Art. 6 para. 1 p. 1 lit. f GDPR (see 11. Justification).
7. Cookies
We use cookies on our website. These are small files that your browser automatically creates and that are stored on your terminal device (laptop, tablet, smartphone, etc.) when you visit our site. A cookie does not necessarily mean that we can identify you.
The use of cookies serves to statistically record the use of our website and to evaluate it for the purpose of optimisation and user-friendliness. Three permanent cookies from Google Analytics are used for this purpose (_gat, _gid, _ga), which are automatically deleted after a defined period of time. Thanks to our Google Analytics Germanized plugin, cookies are only used with your consent.
The data processed by cookies is done to protect our legitimate interests pursuant to Art. 13 para. 1 DSG or Art. 6 para. 1 p. 1 lit. f GDPR (see 11. Justification).
8. Plugins and IFrame
We use the plugin Google Analytics germanized on our website to make our data processing via cookies GDPR-compliant.
We then use an IFrame from Google Maps by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. An IFrame serves to structure our website and is used to place other web content on our website. By clicking on the IFrame, the user is redirected to the provider’s website. We have no influence on the processing of personal data on third-party websites.
Data processing in connection with plugins and IFrames is carried out on the basis of our legitimate interests pursuant to Art. 13 para. 1 DSG or Art. 6 para. 1 p. 1 lit. f GDPR.
9. Disclosure of your personal data
Your personal data will not be transferred to third parties for purposes other than those listed.
10. Justification
In principle, a violation of personality is unlawful if it is not justified by the consent of the violated person, by an overriding private or public interest or by law (Art. 13 para. 1 FADP). An necessary interest of the processing person exists primarily in the cases of Art. 13 para. 2 lit. a – f FADP, if the personal data are directly related to the conclusion or performance of a contract (lit. a), is in economic competition with another person or intends to enter into economic competition with another person and processes personal data for this purpose without disclosing it to third parties (lit. b), processes neither particularly sensitive personal data nor personality profiles for the purpose of checking the creditworthiness of another person and only discloses data to third parties that they require for the conclusion or performance of a contract with the person concerned (lit. c), processes personal data in a professional capacity exclusively for publication in the editorial section of a periodically published medium (lit. d), processes personal data for non-personal purposes, in particular in research, planning and statistics, and publishes the results in such a way that the persons concerned cannot be identified (lit. e) or collects data on a public figure, provided the data relates to that person’s activities in public (lit. f).
The Swiss DPA must always be considered in conjunction with the European GDPR. According to Art. 6 para. 1 DPA, the processing of data is only lawful if at least one of the following conditions is met: the data subject has consented to the data processing (lit. a), the processing is necessary for the performance of a contract (lit. b), the processing is necessary for compliance with a legal obligation (lit. c), to protect the vital interests of the data subjects (lit. (d), necessary for the performance of a task carried out in the public interest or in the exercise of official authority (lit. e) or necessary for the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child (lit. f). Paragraphs 2 – 4 of the above-mentioned standard must also be observed.
11. Data Security
We have taken appropriate security measures to prevent your personal data from being accidentally lost, used or accessed, modified or disclosed in an unauthorised manner. In particular, by taking appropriate technical precautions (e.g. firewall, password protection, SSL encryption, etc.).
In addition, we restrict access to your personal data to those employees, agents, contractors and other third parties who have business needs for that data. They process your personal data only in accordance with our instructions and are subject to confidentiality obligations.
12. Retention
Your personal data will only be used by us for as long as necessary to:
• To provide the services you have requested or for the purposes you have consented to; and/or
• to enable the tracking, advertising and analysis services covered by our legitimate interest and mentioned in this privacy policy.
You are hereby explicitly informed that special statutory retention periods may apply to certain data, which obliges us to store this data until the end of the retention period.
13. Rights
Under Swiss data protection laws, you have rights in relation to your personal data, including the right to access, rectify (Art. 5 DPA or Art. 16 GDPR), erase (Art. 5 DPA or 17 GDPR), restrict, transfer, object to processing, portability of data (Art. 20 GDPR) and (where the lawful ground for processing is consent) to request consent to be withdrawn (Art. 7(3) GDPR).
If you wish to exercise any of the above rights, please email us at privacy@edvwerke.ch.
In the event of a disproportionately large expense, we reserve the right to request proof of identity from you and payment of the actual costs in advance.
If you are not satisfied with any aspect of the collection and use of your data, you have the right to complain to your local supervisory authority about data protection issues (Art. 77 GDPR).
We would be grateful if you would contact us first if you have a complaint so that we can try to resolve it for you.
14. Contact details of the contact person for data protection
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH – 3003 Bern
Tel. +41 58 462 43 95
15. Changes to our Privacy Policy
We reserve the right to change this privacy policy or adapt it to new processing methods at any time. The current data protection declaration can be accessed at any time at [https://edvwerke.ch/en/legal/].
16. Applicable law and Place of Jurisdiction
The applicable law is material Swiss law excluding the Swiss International Private Law (IPRG). Place of jurisdiction is exclusively Zurich, Switzerland.
Baar, Juni 2022