Data privacy

Data privacy is a matter of trust. Knowing that you trust us is vital to our company (“SwissP Defence AG” and/or “SwissP Defence” and/or “we” and/or “us”).

 

1. Responsible body

1.1 Data Protection Team

1.2 EU representative

2. General information in relation to data processing

2.1 Personal data processed by us

2.2 Legal basis for processing and processing purposes 

2.3 Third parties to whom we disclose personal data

2.4 Duration of data processing

3. Visits to our premises / video recordings

4. Visiting out website

4.1 Server log files

4.2 Making contact

4.3 Job applications

4.4 Cookies

4.5 Google services

4.5.1 Google Tag Manager

4.5.2 Google Analytics

4.5.3 YouTube

4.6 Social Media presence

4.7 Links to third party websites

5. Data security

6. Your rights

 

Thank you very much for your interest in our company. Data protection is a high priority for SwissP Defence AG. It is generally possible to use the SwissP Defence AG website (hereinafter: “SwissP Defence”) without providing any personal data. However, if you would like to use particular services provided by our company via our website, it may be necessary to process your personal data. 

We are committed to handling your personal data in a responsible way. Consequently, we consider compliance with the Swiss Federal Data Protection Act, the associated regulation and other applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR), as self-evident principles. 

In this data protection policy contains information about the most important aspects of data processing at SwissP Defence and the data protection rights to which you are entitled. This data protection policy covers both online and offline collection of personal data, including information received from various sources such as suppliers, business partners, third-party social networks or events.

We would like to point out that this Data Protection Policy does not represent an exhaustive description of our data processing and that individual matters may be regulated in whole or in part by specific data protection statements or general terms and conditions of business (with or without reference to them in this Data Protection Policy).

1     Responsible body

The responsible body under the terms of data protection law is:

SwissP Defence AG
Uttigenstrasse 67
3602 Thun, Switzerland

Telefon: +41 33 854 44 00
E-mail: info (at) swisspdefence.com 

1.1     Data Protection Team

The contact details for our Data Protection Team are as follows:

SwissP Defence AG Data Protection Team
Uttigenstrasse 67
3602 Thun, Switzerland

E-mail: datenschutz (at) swisspdefence.com

1.2     EU representative

The representative in the EU under the terms of GDPR is:

Swiss Infosec (Deutschland) GmbH
Unter den Linden 24
10117 Berlin
E-mail: swisspdefence.dataprivacy (at) swissinfosec.de

2     General information in relation to data processing

The following is a condensed account of the personal data we process, the purposes and legal basis of such processing, third parties to whom we may disclose personal data and the duration of data processing. This is followed by further information, particularly on data processing when you visit our premises and website.

2.1     Personal data processed by us

SwissP Defence is primarily active in the business-to-business (B2B) sector. A variety of personal data is also processed in the B2B sector, for example if you work for one of our customers or business partners and contact us in this capacity. The personal data we process is mainly:

  • Personal data that we receive in the context of our business relationships from customers, future customers, interested parties, service providers, suppliers, business partners or other people involved in the business relationships;
  • Personal data that we receive from job applicants;
  • Personal data that we are legally or contractually obliged to collect;
  • Personal data that we collect when you use our website;
  • Personal data that we collect when you visit our premises;
  • Personal data that we receive from authorities and other third parties (list brokers, credit bureaus).

 

Depending on the nature of the relationship, we will process personal data belonging to you, such as:

  • Contact, communication and identification data such as last name, first name, address, e-mail address, telephone number;
  • Personal details such as age, gender, nationality, place of birth, residence status, marital status, language, details of relatives;
  • Data relating to business partners such as name, function, all citizenships (including previous citizenships), nationality/nationalities (including previous nationalities), residence permit(s) and place of residence and title;
  • Contract data such as contract type, contract content, type of products and services, consumer groups, consumer types, forecast data, applicable terms and conditions, contract start date, contract term, invoice data;
  • Financial data such as account information, payment information, payment history, credit information;
  • Metadata from telecommunications such as telephone number, value-added service numbers, date, time and duration of the connection, type of connection, location data, IP address, device identification numbers such as MAC address;
  • Interaction and user data: correspondence, preferences and target group information, device type, device settings, operating system, software, information deriving from the assertion of rights;
  • Website information: IP address, cookie information, browser settings, frequency of visits to the website, duration of visits to the website, search keywords, click-throughs, originating website.

2.2     Legal basis for processing and processing purposes 

In general, we rely on the following legal bases when processing your personal data:

  • Your consent, which you can revoke at any time (for example for the use of the applicant portal or in connection with cookies on our website).
  • The conclusion or fulfilment of a contract with you or your associated advance request (for example when you submit a job application)
  • A balancing of interests (for example to ensure information security), which you can veto under certain circumstances
  • A legal obligation (for example an obligation on us to retain accounting-related documents) that can also be included in the context of a balancing of interests

We primarily use the personal data we collect to conclude and process contracts with our customers and business partners. 

We also process personal data when purchasing products and services from our suppliers and subcontractors. If you work for one of our customers or business partners, your personal data may of course also be affected in this context. 

In addition, we process personal data belonging to you and other persons, to the extent permitted by law and as deemed appropriate by us, also for the following purposes in which we (and sometimes also third parties) have a legitimate interest according to the purpose:

  • The offering and further development of our products, services and website and other platforms on which we are present;
  • The communication and processing of inquiries (for example e-mail, telephone, job applications, media inquiries);
  • Advertising and marketing, provided you have consented/not objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time, and we will then place you on a restricted list to prevent further advertising);
  • Collaboration with business partners such as suppliers, commercial customers of goods and services, as well as service providers (for example IT service providers)
  • Customer relationship management, such as customer orientation, customer satisfaction and customer loyalty;
  • Administration and accounting;
  • Market research, media monitoring;
  • Assertion of legal claims and defence in connection with legal disputes and official proceedings;
  • Compliance with legal provisions (for example supply chain law);
  • Prevention and investigation of criminal offenses and other misconduct (for example conducting internal investigations, whistleblowing system, data analysis to combat fraud);
  • Warranties offered by our business, in particular IT, our website and other platforms.

If you have consented to allow us to process your personal data for specific purposes, we will process your personal data within these constraints and based on this consent, if we have no other legal basis and require such a basis. Any consent granted can be revoked at any time, however this has no effect on data processing that may already have taken place. You can send your notice of withdrawal to us by e-mail or post using the (e-mail) address mentioned in Section 1.1.

2.3     Third parties to whom we disclose personal data

We also disclose personal data to third parties as part of our business activities and for the purposes mentioned above, to the extent permitted by law and as appropriate, either because the said third parties process the data for us (contract data processing) or because they wish to use it for their own purposes (data disclosure). This mainly relates to:

  • Service providers, including contracted administrators;
  • External third parties such as tax advisors, lawyers, management consultants, recruiters/headhunters
  • Logistics services for the delivery of goods
  • Business information and debt collection services
  • IT service providers (e.g. web hosting providers, e-mail delivery service providers, online tools);
  • Suppliers;
  • Official agencies;
  • Insurance companies;
  • Banks and payment service providers;
  • Government offices and courts.

Some of the recipients are in Switzerland, but some are also located abroad. In particular, you can expect your data to be transferred to other countries in Europe and the USA, where some of the IT service providers we use are located. If we transfer data to a country that does not have an adequate legal level of data protection (such as the USA), we require that the recipient to take appropriate measures to protect personal data (for example by agreeing so-called EU standard clauses - the current version can be retrieved here - other precautions, or based on justified reasons).

2.4     Duration of data processing

We process personal data as long as this is necessary to fulfil our contractual obligations or otherwise for the purposes pursued by processing, for example for the duration of the entire business relationship (from commencement and active management to termination of a contract) and beyond in accordance with statutory retention and documentation obligations. It is possible that personal data will be retained for the period in which claims can be asserted against us and insofar as we are otherwise legally obliged to do so or legitimate interests require this (for example for evidential and documentation purposes). As soon as your personal data is no longer required for the purposes mentioned above, it will generally be deleted or anonymised.

3     Visits to our premises / video recordings

Based on our legitimate interests in protecting our property rights and in order to ensure the protection of our employees and other persons as well as values, data and secrets belonging to or entrusted to us, we use video surveillance systems and other measures (for example access controls, visitor lists, network and e-mail scanners, telephone records) for IT, building and plant security at our location. The purpose of video surveillance is not to monitor the behaviour of our employees. 

You can recognise the areas where video surveillance takes place by the characteristic notices. 

In principle, only our security department has access to recorded data. The recorded data is not generally shared with third parties. If a relevant incident occurs (for example vandalism, damage to property, burglary, etc.), the recordings will be shared with the responsible authorities (for example law enforcement authorities) in order to allow the relevant incident to be investigated. 

Unless a relevant incident occurs, the recorded images are retained for a maximum of 21 days and then irretrievably deleted. 

In addition, when you enter our building and register at reception, your name and your employer will be noted down and saved. A copy of your ID is also required. The copy will be irretrievably deleted after 6 months at the latest. We collect this personal data for security reasons and to meet legal requirements (trade compliance). You will also be able to use our Wi-Fi. In this case, we collect device-specific data during your registration and ask you to enter your name and e-mail address when registering.

4     Visiting out website

As a rule, you can use our website without providing any personal information. This does not include areas and services that naturally require your name, address or other personal data, for example if you apply to us for a job. 

In addition, you may contact us on a voluntary basis via e-mail and/or telephone. The data generated and/or provided by you will be processed or stored for the respective purpose for which it was communicated to us or used by us to contact you.

4.1     Server log files

When you visit our website, our servers temporarily save each access in a log file, known as server log files. 

The information recorded includes, for example, your IP address, the date and time of your visit, the name of the file accessed, the access status (accessed, partially accessed, not accessed, etc.), the web browser and operating system used, as well as other similar information that is necessary for security purposes in the event of attacks on our information technology systems. 

The purpose of processing this information is to correctly display our website and its content and offers to you and to secure data traffic, to optimise our website, content and offers, to ensure the long-term stability and security of our website and systems, and to provide information, defend against and track cyber attacks, spam and other illegal activities in relation to our website and systems and to enforce claims in this regard on the basis of our legitimate interests. 

We will deleted your personal information as soon it is no longer required to achieve the purpose for which it was gathered. If data is collected for the purpose of providing our website, it will be deleted when the relevant session has ended. 

We may use the services of third parties in Switzerland and abroad to host the website and to carry out the above-mentioned processing on our behalf. Our websites are currently hosted exclusively by Swiss hosting providers and on servers in Switzerland.

4.2     Making contact

Our website gives you the option of contacting us by e-mail or telephone. If you contact us by e-mail, we process the information provided there, such as your e-mail address, your reason for contacting us (subject line) and your message for the purpose of processing and handling your inquiry and handling it and to deal with any follow-up questions. This information is stored by us and will not be shared with unauthorised third parties without your consent. Naturally, the same also applies to inquiries that you submit to us by post. 

We may use your name and e-mail address to send you notifications, updates, event invitations and other information by e-mail. However, we will first ask for your consent to do this, unless we have already received your contact details from you elsewhere in connection with our services. 

You can revoke you consent to such data processing at any time. Please send your objection to the e-mail address mentioned in Section 1.1 and we will check your concerns. In such cases, your contact will not be processed further. 

Your personal data will be deleted as soon as your issue has been resolved. This is the case if it is apparent from the circumstances that the matter in question has been conclusively investigated and deletion does not conflict with any legal retention obligations.

4.3     Job applications

If you apply for a position with us, we process the personal data that we receive from you as part of the application process. 

We may also actively contact people, in particular using professional social networks such as Xing and LinkedIn, who could become potential candidates or employees based on their professional career and qualifications (this process is referred to as "active sourcing"). The purpose of this measure is the specific recruitment of qualified personnel.
Your application data will only be only stored, evaluated, processed or forwarded internally in the context of your application. Processing is mainly electronic. 

Details on data processing for job applications can be found in our data protection policy for applicants.

4.4     Cookies

We use so-called cookies on our website. Cookies are small text files that are placed and stored on your device (laptop, tablet, smartphone, etc.) by means of the browser. They help to make our website more user-friendly and effective overall and to make your visit to our website as pleasant as possible. Cookies do not cause any harm to your device. They cannot run programs and do not contain viruses. 

Most of the cookies we use are so-called session cookies. These are automatically deleted when you log out or close the browser. Other cookies remain stored on your device after use and enable us or our partner companies (third-party cookies) to recognise your browser when you next visit our website. If other cookies (for example cookies to analyse your surfing patterns) are stored, they will be treated separately in this data protection declaration. 

If we seek your consent to use certain cookies, you can revoke this at any time with future effect. To do this, open our cookie banner and adjust your cookie settings accordingly. 

You can restrict or block the storing of cookies on your device using your browser settings. You can also prevent the use of cookies that are used for measuring reach and for advertising purposes via the deactivation page of the Network Advertising Initiative and also on the US website YourAdChoices website (USA) or the Your Online Choices website (Europe). However, please be aware that in this case you may not be able to use all functions of our websites to their fullest extent.

4.5     Google services

Based on your consent on our website, we use various services from Google LLC, based in the USA, or if you are regularly domiciled in the European Economic Area (EEA) or Switzerland, Google Ireland Ltd., based in Ireland ("Google"). Responsibility for the processing of personal data when “YouTube” is used always remains with Google LLC. We use the following Google services on our websites:

  • Google Tag Manager
  • Google Analytics
  • YouTube 

Further information on the various services can be found below. 

Google uses technologies such as cookies, web storage in the browser and tracking pixels that enable us to analyse your use of our website. The information generated in this way about your use of our website may be transmitted to a Google server in the USA or other countries and stored there. Information about the locations of Google's data centres can be found here

We use tools provided by Google that Google states may process personal data in countries where Google or its subcontractors have facilities. In its "Data Processing Addendum for Products where Google is a Data Processor", Google undertakes to ensure an appropriate level of data protection based on EU standard contractual provisions. Google is also certified under the EU-US or Swiss-US Privacy Shield Agreement

Further information on processing by Google and privacy settings can be found in Google's data protection policy and data protection settings.

 

4.5.1 GoogleTag Manager

Our website uses Google Tag Manager. Google Tag Manager enables website tags to be managed efficiently. Website tags are placeholders stored in the source code of the relevant website, for example to register the integration of frequently used website elements, such as code for web analysis services. The Google Tag Manager causes other tags to be activated, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has taken place at domain or cookie level, this will remain in effect for all tracking tags implemented with Google Tag Manager.

Further information can be found in the terms of use for Google Tag Manager

 

4.5.2 Google Analytics

We use the Google Analytics 4 web analysis service to analyse our website and its visitors, as well as for marketing and advertising purposes. 

Google Analytics uses cookies that are stored on your device (laptop, tablet, smartphone, etc.) and that enable us to analyse your use of our website. This allows us to evaluate usage patterns on our website and to use the statistics/reports obtained to make our content more interesting. 

The anonymisation of IP addresses is the default in Google Analytics 4. This means that your IP address will be truncated by Google within Switzerland or the EU/EEA before transfer. The full IP address will only be transferred to a Google server and truncated there in exceptional cases. 

Google uses this information to evaluate your anonymous use of our website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be combined with other Google data. When you visit our website, your usage patterns will be recorded in the form of events (such as page views, interaction with the website or your “click path”) as well as other data, such as your approximate location (country and city), technical information about your browser and the devices you use or the referrer URL, i.e. which website/advertising material brought you to our website. 

You can prevent the collection and transmission of the data generated by the cookie and related to your use of our website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on for disabling Google Analytics. If you want to avoid interest-based advertising by Google, you can use the settings and opt-out options provided by Google. 

Your personal data will be deleted or anonymised after 2 months. 

You will find an overview of data usage in Google Analytics and the measures taken by Google to protect your data in the Google Analytics Help

Further information about the terms of use of Google Analytics and data protection at Google can be found in the relevant documents.

 

4.5.3 YouTube

We use the services of the provider YouTube LLC, based in the USA (“YouTube”), a subsidiary of Google LLC ("Google"), to integrate videos on our website. 

A connection to YouTube's servers is established when you start a YouTube video on our website. The YouTube server receives information indicating which of our pages you have visited. This information (including your IP address) can be transferred to a Google server in the USA and stored there. If you are logged into your YouTube account at the same time, you can enable YouTube to match your surfing patterns directly to your personal profile. You can prevent this by logging out of your YouTube account before visiting our website. 

We use YouTube's extended data protection mode. According to YouTube, this mode means that YouTube does not store any data about you as a visitor to our website before you watch or play the video. However, extended data protection mode does not necessarily preclude the sharing of data with YouTube partners. 

Further information can be found in the terms of use of YouTube and Google's data protection policy.

4.6     Social Media presence

We maintain social media profiles on LinkedIn, XING and YouTube.

 

The data you enter on our social media profiles will be published by the social media platform and will never be used or processed by us for any other purpose. However, we reserve the right to delete content if necessary. If necessary, we will communicate with you via the social media platform. The basis for this is your and our legitimate interest in exchanging ideas with each other using this channel. 

Please be aware that the social media platform operator uses web tracking methods. We have no influence on web tracking and this can also occur regardless of whether you are logged in or registered with the social media platform. 

More detailed information on data processing as well as further information on your rights in this regard and setting options to protect your privacy as well as your right to veto the creation of user profiles by the social media platform provider can be found in the data protection policy of the relevant provider:

  • LinkedIn
 
LinkedIn Corporation (USA)/LinkedIn Ireland Unlimited Company (Ireland)                                                                                                      Data privacy policy
  
  • XING
 
New Work SE (Germany):Privacy policy
  
  
  • YouTube
 
YouTube LLC (USA):Privacy policy
  

 

4.7     Links to third party websites

Some links on this website lead to third party websites. These are beyond the influence of SwissP Defence. SwissP Defence therefore accepts no responsibility for the accuracy, completeness and legality of the content contained there or links to other websites as well as any offers, products and services contained there. The use of linked websites is your own responsibility.

5     Data security

We implement technical and organisational security precautions to protect your personal data against manipulation, loss, destruction or unauthorised access. 

Our security measures are continuously improved in line with technological developments. 

Our employees and the service companies commissioned by us are obliged to maintain confidentiality and to comply with data protection regulations. In addition, they are only allowed as much access to your personal data as absolutely necessary.

6     Your rights

In principle, you have access, rectification, deletion, restriction and portability rights and can veto processing and withdraw your consent with regard to your personal data. 

Please note, however, that we reserve the right to enforce the restrictions imposed by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or need it to assert claims. 

Please note that exercising these rights may conflict with contractual agreements and this may have consequences such as early termination of the contract or cost implications. We will inform you accordingly in advance if this is not already contractually agreed. 

If you believe that the processing of your personal data is in breach of data protection law, or your data protection rights have been breached in some other way, you can also complain to the responsible supervisory authority. The relevant body in Switzerland is the Federal Data Protection and Information Commissioner

The exercise of your data protection rights usually requires you to clearly prove your identity (for example by means of a copy of your ID if your identity is otherwise not unclear or cannot be verified). To assert your rights, please contact us by e-mail at the e-mail address indicated in Section 1.1.