We use cookies in order to optimize your user experience. Several cookies are necessary to
operate the site, while others are used for statistical purposes, to provide user-friendly
settings, or to display personalized content. You can decide for yourself which cookies you
wish to allow. Please note that some of the site’s functions may be unavailable as a result
of your settings. You can find further information in our data privacy statement.
Show details
Data protection declaration
This data protection declaration lets you know which personal data we process in connection with our actions and activities, including our website . In particular, we inform you of the purpose for which, how and where we process which particular personal data; we also inform you of the rights of the persons whose data we process.
Other data protection declarations, together with other legal documents such as general terms and conditions of business (AGB), conditions of use or conditions of participation, may also apply to certain individual or additional actions and activities.
We are governed by Swiss data protection law and by any applicable foreign data protection law including, in particular, that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission the fact that Swiss data protection law assures appropriate data protection.
1. Data controller and data protection officer
GS Swiss PCB AG
Fännring 8
6403 Küssnacht
SWITZERLAND
Tel.:+41 41 854 48 00
Email: datenschutz(at)gs-swiss.com
2. Definitions and legal bases
2.1 Definitions
Personal data are all particulars that concern an identified or identifiable natural person. A data subject is a person whose personal data we process.
Processing means every handling of personal data, irrespective of the means and procedures used, such as the retrieval, matching, adapting, archiving, storing, reading out, notifying, procuring, acquiring, collecting, deleting, disclosing, filing, organizing, storing, altering, circulating, linking, destroying and using of personal data.
The European Economic Area (EEA) comprises the Member States of the European Union (EU), together with the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) defines the processing of personal data as the processing of data relating to a particular person.
2.2 Legal bases
We process personal data in compliance with Swiss data protection law, including in particular the (Data Protection Act, DSG) and the Ordinance on Data Protection (Data Protection Ordinance, DSV).
We process – in so far and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data in compliance with at least one of the following legal bases:
- Art. 6 para. 1 letter b GDPR for the processing of personal data that is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract.
- Art. 6 para. 1 letter f GDPR for the processing of personal data that is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests of fundamental rights and freedoms of the data subject. Legitimate interests are in particular our interest in pursuing our actions and our activities permanently, in a user-friendly manner, securely and dependably and in being able to communicate about them, in assuring the security of information, protecting against misuse, enforcing our own lawful claims and complying with Swiss law.
- Art. 6 para. 1 letter c GDPR for the necessary processing of personal data to comply with a legal obligation to which we are subject pursuant to the applicable law of Member States of the European Economic Area (EEA).
- Art. 6 para. 1 letter e GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
- Art. 6 para. 1 letter a GDPR for the processing of personal data with the data subject’s consent.
- Art. 6 para. 1 letter d GDPR for the processing of personal data necessary in order to protect the vital interests of the data subject or those of another natural person.
3. Nature, scope and purpose
We process such personal data as are necessary in order to pursue our actions and our activities permanently, in a user-friendly manner, securely and dependably, Such personal data may in particular fall into the categories of inventory and contact data, browser and device data, content data, meta or peripheral data and data on use, location data, sales data, together with contract and payment data.
We process personal data for the period of time necessary for the particular purpose or purposes or as required by law. Personal data whose processing is no longer necessary will be anonymized or erased.
We may arrange for personal data to be processed by third parties. We may process personal data jointly with third parties or transfer such data to third parties. Those third parties are in particular specialist suppliers whose services we use. We likewise guarantee data protection by such third parties.
We only process personal data with the data subject’s consent unless processing is permitted for other legal reasons. Processing without consent may be permissible for example to perform a contract with the data subject and to take appropriate steps prior to entering into a contract, in order to safeguard our overriding legitimate interests, because processing is apparent from the circumstances or after providing prior information.
In this context we process, in particular, information that a data subject transfers to us voluntarily when contact is made – for example by letter post, email, instant messaging, contact form, social media or telephone – or when registering for a user account. We may store such information for instance in an address book or with comparable aids. If data about other persons are transferred to us, the persons making such transfers must guarantee data protection for the persons concerned and assure the accuracy of these personal data.
We likewise process personal data that we receive from third parties, procure from sources that are open to the public or collect in the performance of our actions and our activities in so far and to the extent that such processing is permitted on legal grounds.
4. Applications
We process personal data about job applicants in so far as that is necessary to judge their suitability for an employment relationship or for the subsequent implementation of a contract of employment. The necessary personal data are determined in particular by the information that is sought, for example when a vacancy is advertised. We likewise process such personal data as candidates may communicate or publish voluntarily, in particular as part of a covering letter, curriculum vitae and other application documents or online profiles.
In so far as and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data about job applicants in particular in compliance with Art. 9 para. 2 letter b GDPR.
We may enable job applicants to store their particulars in our talent pool to enable their applications to be considered when future vacancies arise. We may likewise use such particulars to maintain contact and provide information about new developments. If we assume that a candidate may be suitable for a vacancy on the basis of her or his particulars, we may notify the candidate accordingly.
We use third-party services in order to publicize vacancies via E-recruitment and to enable applications to be made and administered.
5. Personal data in other countries
In principle, we process personal data in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other states, in particular to process them or arrange for them to be processed there.
We may export personal data to all states, provided that their domestic law assures appropriate data protection according to a decision of the Swiss Federal Council and – in so far as and to the extent that the General Data Protection Regulation (GDPR) is applicable – according to a decision of the European Commission.
We may transfer personal data to states whose law does not guarantee appropriate data protection, in so far as data protection is assured for other reasons, in particular on the basis of standard data protection clauses or of other suitable guarantees. By way of exception, we may export personal data to states which do not have appropriate or suitable data protection if the special requirements of data protection law are satisfied there, for instance with the express consent of the data subject or if there is a direct connection with the conclusion or performance of a contract. On request, we will be happy to inform data subjects of any guarantee or to provide a copy of any such guarantees.
6. Data subjects’ rights
6.1 Entitlements under data protection law
We grant data subjects all entitlements under the applicable data protection law. In particular, data subjects have the following rights:
- Information: data subjects may ask to be informed whether we process their personal data and if so which personal data are involved. Data subjects likewise receive such information as may be necessary to enforce their entitlements under data protection law and to assure transparency. That includes the processed personal data as such, but also e.g. information about the purpose of processing, the duration of retention, potential notification or potential exporting of data to other states and about the origin of the personal data.
- Rectification and restriction: data subjects may rectify incorrect personal data, complete incomplete data and ask for the processing of their data to be restricted.
- Erasure and objection: data subjects may ask for personal data to be erased (“right to be forgotten”) and object to the processing of their data with effect for the future.
- Data release and data transfer: data subjects may ask for personal data to be released or for their data to be transferred to a different data controller.
We may defer, restrict or decline the exercise of the data subjects’ rights to the extent that this is permitted by law. We may call the data subjects’ attention to the requirements that may have to be satisfied for the exercise of their entitlements under data protection law. We may, for example, decline to provide either all or some of the information on grounds of business secrecy or of the protection of other persons. We may likewise decline in whole or in part the erasure of personal data by referring to statutory retention obligations.
By way of exception, we may require costs to be paid for the exercise of rights. We inform the data subjects in advance of any such costs.
We are required to take appropriate measures to identify data subjects who seek information or enforce other rights. Data subjects must cooperate.
6.2 Right to appeal
Data subjects are entitled to enforce their claims under data protection law through legal channels or to appeal to a competent data protection supervisory authority.
The data protection supervisory authority for private data controllers and Federal entities in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
In so far as and to the extent that the General Data Protection Regulation (GDPR) is applicable, data subjects are entitled to appeal to a that has competence in this area.
7. Data security
We take suitable technical and organizational measures to guarantee a degree of data security that is appropriate to the particular risk. However, we cannot guarantee any absolute data security.
Our website is accessed by means of transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, HTTPS for short). Most browsers identify transport encryption by a padlock on the address bar.
As is the case in principle for every digital communication, our digital communication is subject to mass surveillance without any specific reason and suspicion and to other surveillance by the security authorities in Switzerland, elsewhere in Europe, in the United States of America (USA) and in other states. We have no direct influence on the relevant processing of personal data by the secret services, police forces and other security authorities.
8. Website use
8.1 Cookies
We may use cookies. Cookies – both first-party cookies and cookies of third parties whose services we use (third-party cookies) are data that are stored in the browser. Such stored data must not be confined to traditional cookies in the form of text.
Cookies may be stored temporarily in the browser as “session cookies” or for a given period of time as permanent cookies. Session cookies are deleted automatically when the browser is closed. Permanent cookies are stored for a specified length of time. Cookies enable, in particular, a browser to be recognized again on the next visit to our website, so enabling for instance our website’s outreach to be measured. However, permanent cookies may also be used for example for online marketing.
All or some cookies may be deactivated and deleted at any time, in the browser settings. However, our website is no longer fully available without cookies. At least in so far as and to the extent that this is necessary, we actively seek specific consent to the use of cookies.
8.2 Server log files
Whenever our website is accessed, we may record the following details if they are sent to our server infrastructure by your browser or can be ascertained by our webserver: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and release, browser including language and release, individual subpage of our website retrieved, including volume of data transferred, website most recently retrieved in the same browser window (referer or referrer).
We store such details, which may also constitute personal data, in server log files. The details are necessary in order to make our website available at all times in a user-friendly and dependable manner and also to assure data security and hence, in particular, the protection of personal data – including by third parties or with the help of third parties.
8.3 Tracking pixels
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – including those of third parties whose services we use – are small images that can as a rule hardly be seen and are retrieved automatically when our website is visited. The same information can be acquired with tracking pixels as in server log files.
9. Social media
We are present on social media platforms and other online platforms to enable us to communicate with interested persons and provide information about our actions and our activities. In connection with such platforms, personal data may be processed even outside Switzerland and the European Economic Area (EEA).
The general terms and conditions of business (AGB) and the terms and conditions of use, together with data protection declarations and other provisions of the individual operators of such platforms, likewise apply. These provisions give information primarily about the rights of data subjects directly in relation to the particular platform, including for example the right to information.
10. Third-party services
We use the services of specialized third parties in order to enable our actions and our activities to be performed at all times in a user-friendly, secure and dependable manner. We may for instance embed functions and contents in our website using such services. If such embedding takes place, the services that are used record, for binding technical reasons, the users’ Internet Protocol (IP) addresses, at least temporarily.
For necessary security-relevant, statistical and technical purposes, third parties whose services we used may process data connected with our actions and our activities on an aggregated, anonymized or pseudonymized basis. This includes, for instance, performance or use data in order to enable the particular service to be provided.
In particular, we use:
- Google services: provider: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and in Switzerland. General information about data protection: “Data protection and security principles”, Data protection declaration, “Google must comply with the applicable data protection legislation,” “Guideline on data protection in Google products”, “How we utilize data of websites or apps on or in which our services are used” (information supplied by Google), “Types of cookies and other technologies used by Google,” “Personalized advertising” (Activation/Deactivation/Settings).
- Microsoft services: provider: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), in Great Britain and in Switzerland; general information about data protection: “Data protection by Microsoft”, “Data protection and privacy (Trust Center)”, Data protection declaration, Data protection dashboard (data and data protection settings).
10.1 Digital infrastructure
We use specialized third-party services in order to be able to call upon the requisite digital infrastructure in connection with our actions and our activities. This includes, for instance, the hosting and storage services of selected providers. In particular, we use:
- METANET: hosting; provider: METANET AG (Switzerland); information about data protection: Data protection declaration, “Technical-organizational measures”.
10.2 Audio and video conferences
We use specialized services for audio and video conferences to be able to communicate online. We may for example use them in order to hold virtual discussions or to provide online tuition or webinars. The legal texts of the individual services, such as data protection declarations and terms and conditions of use, likewise apply to participation in audio and video conferences.
When taking part in audio or video conferences, depending on the prevailing situation, we advise switching the microphone to silent as standard and setting a blurred background or enabling a virtual background to be displayed.
We use in particular:
- Microsoft Teams: platform e.g. for audio and video conferences; provider: Microsoft; Teams-specific information: “Data protection and Microsoft Teams”.
- Webex: video conferences; provider: Cisco Systems Inc. (USA); information about data protection: “Cisco Online Data Protection Guideline”, “Compliance and certifications for Cisco Webex”.
10.3 Online cooperation
We use third-party services in order to facilitate online cooperation. In addition to this data protection declaration, any directly visible terms and conditions of the services used likewise apply, such as terms and conditions of use or data protection declarations.
11. Success and outreach measurement
We use services and programs to determine how our online offering is used. In this context, we may for example measure the success and outreach of our actions and our activities and the impact of links with third parties on our website. However, we may also for instance test and compare how different releases of our online offering or parts of our online offering are used (“A/B-Test” method). Based on the outcomes of the success and outreach measurement, we may in particular remedy faults, strengthen popular contents or make improvements to our online offering.
When services and programs are used for success and outreach measurement, individual users’ Internet Protocol (IP) addresses must be stored. On principle, IP addresses are abbreviated (“IP masking”) in order to respect the principle of data minimization by appropriate pseudonymization and hence to improve the users’ data protection.
When services and programs are used for success and outreach measurement, cookies may be employed and user profiles compiled. User profiles include, for example, the pages visited or contents watched on our website, data about the screen size or browser window and – at least the approximate – location. On principle, user profiles are always compiled in a pseudonymized manner. We do not use user profiles to identify individual users. Individual third-party services with which users are registered may, however, associate the use of our online offering with the user account or user profile held by the service concerned.
In particular, we use:
- Google Analytics: success and outreach measurement: provider: Google; information specific to Google Analytics: measurement, including across different browsers and devices (cross-device tracking) and with pseudonymized Internet Protocol (IP) addresses which are only transferred in full to Google in the USA in exceptional cases, “Data protection”, “Browser add-on to deactivate Google Analytics”.
12. Video surveillance
We use video surveillance to prevent criminal acts and provide evidence if criminal acts are committed and also to assure compliance with our house rules. This involves – in so far as and to the extent that the General Data Protection Regulation (GDPR) applies – superior justified interests within the meaning of .
On principle, we do not store any recordings of our video surveillance. By way of exception, we may store recordings in so far as storage is necessary to provide evidence for a limited period of time. We may secure recordings to comply with statutory obligations, to enforce our own legal rights and in cases where criminal acts are suspected and we may transfer such recordings to responsible bodies, such as courts of law or criminal prosecution authorities in particular.
13. Final provisions
We may adapt and supplement this data protection declaration at any time. We will provide information about such adaptations and supplements in a suitable manner, in particular by publishing the latest text of the data protection declaration on our website.