Date: December 11, 2023
pec consulting GmbH
Bodenstrasse 45
8104 Weiningen ZH
Switzerland
Email Address:
info [at] pec-consult.com
Phone:
+41 43 8190 549
Imprint:
https://pec-consult.ch/imprint
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Relevant legal bases according to the Swiss Data Protection Act: If you are located in Switzerland, we process your data based on the Federal Act on Data Protection (abbreviated “Swiss DPA”). This also applies if our processing of your data otherwise affects you in Switzerland and you are affected by the processing. The Swiss DPA generally does not require (unlike, for example, the GDPR) that a legal basis for the processing of personal data be named. We only process personal data if the processing is lawful, carried out in good faith, and is proportionate (Art. 6 para. 1 and 2 of the Swiss DPA). Furthermore, personal data is only collected by us for specific and recognizable purposes for the data subject and only processed in a manner compatible with these purposes (Art. 6 para. 3 of the Swiss DPA).
We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transmission, ensuring availability, and their separation. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to data endangerment. Moreover, we consider the protection of personal data already in the development or selection of hardware, software, and procedures, according to the principle of data protection, through technology design and through data protection-friendly default settings.
IP Address Truncation: If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not necessary, the IP address is truncated (also known as “IP masking”). Here, the last two digits, or the last part of the IP address after a dot, are removed or replaced by placeholders. The truncation of the IP address is intended to prevent or significantly complicate the identification of a person based on their IP address.
TLS/SSL Encryption (https): To protect the data of users transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.
In the course of our processing of personal data, it may happen that the data is transferred to other bodies, companies, legally independent organizational units, or persons, or that it is disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements, which serve the protection of your data, with the recipients of your data.
Data Transfer within the Organization: We may transfer personal data to other entities within our organization or grant them access to this data. If this transfer is for administrative purposes, the transfer of the data is based on our legitimate business and commercial interests or takes place if it is necessary for the fulfillment of our contractual obligations or if the consent of the data subjects or a legal permission exists.
Disclosure of Personal Data Abroad: According to the Swiss Data Protection Act (DPA), we only disclose personal data abroad if adequate protection of the data subjects is guaranteed (Art. 16 Swiss DPA). If the Federal Council has not determined adequate protection (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we take alternative security measures. These can include international treaties, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC), or company-internal data protection regulations recognized in advance by the FDPIC or a competent data protection authority of another country.
According to Art. 16 of the Swiss DPA, exceptions for the disclosure of data abroad can be permitted if certain conditions are met, including the consent of the data subject, contract execution, public interest, protection of life or physical integrity, publicly disclosed data, or data from a legally provided register. These disclosures always take place in accordance with legal requirements.
Rights of Data Subjects under the Swiss DPA:
As a data subject, you have the following rights according to the provisions of the Swiss DPA:
Cookies are small text files or other storage markers that store information on end devices and read information from the end devices. For example, to store the login status in a user account, a shopping cart content in an e-shop, the accessed content or used functions of an online offer. Cookies can also be used for various purposes, e.g., for the functionality, security, and comfort of online offers as well as the creation of analyses of visitor flows.
Notes on Consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, unless this is not legally required. Consent is particularly not necessary if the storage and reading of information, including cookies, is absolutely necessary to provide the telemedia service (i.e., our online offer) expressly requested by the users. The absolutely necessary cookies usually include cookies with functions that display and run the online offer, load balancing, security, storing user preferences and selection options, or similar purposes related to the provision ofthe main and ancillary functions of the online offer requested by the users. The revocable consent is clearly communicated to the users and contains information about the respective cookie use.
Notes on Legal Bases for Data Protection: The legal basis on which we process personal data of users with the help of cookies depends on whether we ask users for consent. If the users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed with the help of cookies are processed based on our legitimate interests (e.g., in a business operation of our online offer and its improvement) or, if this is part of fulfilling our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. The purposes for which the cookies are processed by us are clarified in the course of this Privacy Policy or in the context of our consent and processing processes.
Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:
General Notes on Revocation and Objection (Opt-Out): Users can revoke their given consents at any time and object to the processing in accordance with legal requirements. For example, users can restrict the use of cookies in their browser settings (although this may also limit the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.
Further Information on Processing Processes, Procedures, and Services:
We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as “contractual partners”) within the framework of contractual and comparable legal relationships as well as related measures and within the framework of communication with the contractual partners (or pre-contractual), e.g., to respond to inquiries.
We process these data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedial action in the event of warranty and other performance disruptions. In addition, we process the data to protect our rights and for the purposes of the administrative tasks associated with these obligations and the corporate organization. Furthermore, we process the data based on our legitimate interests in proper and business-efficient management and in security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the framework of the applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or for the fulfillment of legal obligations. Contractual partners are informed about other forms of processing, e.g., for marketing purposes, within the framework of this Privacy Policy.
The data required for the aforementioned purposes are communicated to the contractual partners before or in the course of data collection, e.g., in online forms, by special marking (e.g., colors) or symbols (e.g., asterisks or similar), or personally.
We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as they must be kept for legal archiving reasons. The statutory retention period for tax-relevant documents and for commercial books, inventories, opening balances, annual financial statements, the working instructions and other organizational documents necessary for understanding these documents, and booking vouchers is ten years, and for received commercial and business letters and copies of sent commercial and business letters is six years. The period begins at the end of the calendar year in which the last entry in the book was made, the inventory, the opening balance, the annual financial statement or the management report was prepared, the commercial or business letter was received or sent, or the booking voucher was created, furthermore, the recording was made, or the other documents were created.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
We process the data of users to be able to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the contents and functions of our online services to the browser or the end device of the users.
Further Information on Processing Processes, Procedures, and Services:
When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within the framework of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to respond to the contact inquiries and any requested measures.
Further Information on Processing Processes, Procedures, and Services:
Consult with a specialist for a customized plan.
Copyright © 2023 pec consulting GmbH