Privacy Policy and compliance with requirement to provide information for visitors to the website
1. Name and address of the controller
Our company is active in the European Union/European Economic Area as well as in Switzerland. The information supplied here refers to the European General Data Protection Regulation with simultaneous consideration of the Swiss Data Protection Act. If deviations or additions are required in relation to these, they are included in the information laid out here.
Securiton AG
Alarm and Security Systems
Head office
Data protection
Alpenstrasse 20
3052 Zollikofen/Bern
Switzerland
E-Mail: info@securiton.ch
2. Name and address of the data protection officer
The data protection officer for the controller is:
Securiton AG
Data Protection Officer
Alpenstrasse 20
CH-3052 Zollikofen/Bern
E-Mail: Datenschutz@securiton.ch
3. General information about data processing
3.1 Scope of personal data processing
We generally only process our users’ personal data when this is required for the provision of our services. Processing of our users’ personal data occurs routinely only with the consent of the user or if a legal basis exists.
3.2 Legal basis for processing personal data
Art. 6 of the new Swiss Data Protection Act (revDPA) or Art. 6, Para. 1(a) of the EU General Data Protection Regulation (GDPR) is the legal basis for personal data processing as long as we obtain the consent of the data subject.
Art. 6 revDPA or Art. 6, Para. 1(b) GDPR is the legal basis for personal data processing to fulfil a contract, where the data subject is a contractual party. This is also valid for processing that is required for the implementation of measures prior to entering a contract.
Art. 6 revDPA or Art. 6, Para. 1(c) GDPR is the legal basis of personal data processing to fulfil a legal obligation to which our company is subject.
Art. 6 revDPA or Art. 6, Para. 1(f) GDPR is the legal basis for the processing if this is required to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest.
3.3 Data erasure and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage is no longer relevant. Data can also be stored if this is provided for by the European or national legislator in Swiss or Union ordinances, laws or other provisions to which the controller is subject. Data are also blocked or erased when the storage period prescribed in the mentioned provisions expires unless there is a requirement for the data to be stored for a longer period.
4. Service provision and log file creation
4.1 Data processing description and scope
Every time our website services are used, our system automatically records data and information from the computer accessing the services.
The following data shall be collected:
1. information about the type of browser and the version used
2. user’s operating system
3. user's Internet service provider
4. user’s IP address
5. date and time of access
6. websites from which the user’s system landed on our website
7. websites that are accessed by the user’s system via our website
The data are also stored in our system's log files. We do not store these data together with other personal data from the user.
4.2 Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 revDPA or Art. 6, Para. 1(f) GDPR.
4.3 Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website services to be delivered to the user’s computer. Therefore, the user’s IP address must be stored for the duration of the session.
Storage of the log files occurs to guarantee the functionality of the website services. In addition, the data help us improve the services and ensure the security of our information technology systems. In this context, the data are not evaluated for marketing purposes.
Our legitimate interest in the data processing also lies in these purposes in accordance with Art. 6 revDPA or Art. 6, Para. 1(f) GDPR.
4.4 Retention period
The data shall be erased as soon as they are no longer required for achieving the purpose for which they were collected. When data are recorded for providing services, this is the case when the relevant session is finished. When data are stored in log files, this is the case after six months at the latest. Storage beyond this is possible. In this case, the user’s IP address shall be erased or altered so it can no longer be attributed to the accessing client.
4.5 Option to object and remove data
Recording data for the provision of website services and storing the data in log files is absolutely necessary to operate the Securiton AG website. Consequently, the user does not have the option to object.
5. Use of cookies
5.1 Description and scope of the data processing
Our services use cookies. Cookies are text files that are stored on the Internet browser or by the Internet browser on the user’s computer system. When the user accesses a website, a cookie can be saved on the user’s operating system. This cookie contains a distinctive character string that enables the browser to be clearly identified when the website is accessed again.
We use cookies to make our website more user-friendly. Some elements of our website require a browser accessing the website to be identified again even after the user navigates away from the page.
Cookies save and transfer the following data:
1. display settings
2. login information
This website uses Google Analytics, a Google Inc. (“Google”) web analysis service. Google Analytics uses “cookies”, text files that are saved on your computer and which enable analysis of your use of the website.
In Google Analytics 4, all data from devices that are located in the EU (based on the geographic location as per the IP address) are collected via domains and servers in the EU before the traffic is forwarded to Analytics servers for processing.
If IP anonymisation is activated on this website, your IP address shall be shortened by Google within the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. The full IP address shall only be transferred to a server operated by Google in the USA and shortened there in exceptional cases. Google shall use this information on behalf of the website operator to evaluate your use of the website, to create reports on website activities and to provide more services related to the use of the website and Internet for the website operator. The IP address transferred from your browser as part of Google Analytics shall not be combined with other Google data. You can disable cookies using the corresponding settings in your browser software; we would like to advise you that in this case you will not be able to use all the functions of this website to their full extent. You can also prevent the collecting of the data created by the cookie and the data on your use of the website (incl. your IP address) being transferred to Google as well as the processing of these data by Google by downloading and installing the browser plugin available using this link.
Current link: http://tools.google.com/dlpage/gaoptout?hl=en
You can find more information about Google Analytics in the Google Analytics terms, in the Google Analytics security and data protection guidelines and in the Google privacy policy
There may be links on our websites to third-party websites – not connected with us – that use their own cookies. In particular, we also feature links to social networks (e.g., LinkedIn, Xing, Instagram, YouTube). After you click on the link, we have no further influence on the collection, storage and processing of data directly transferred to third parties by clicking on these links as we naturally have no control over the behaviour of third parties. We take no responsibility for the processing of such data by third parties. Please inform yourself from the privacy policies of the respective third parties about the purpose and scope of data collection, further processing and use of the data and settings options to protect your privacy:
LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=en_EN
Xing: Privacy at XING
Instagram: https://about.instagram.com/safety
YouTube: https://policies.google.com/privacy?hl=en-GB&gl=de
5.2 Legal basis for data processing
The legal basis for the processing of personal data through the use of cookies is Art. 6 revDPA or Art. 6, Para. 1(f) GDPR.
5.3 Purpose of data processing
The purpose of technically essential cookies is to simplify the use of the website services for the user. Some of the functions of our services cannot be offered without the use of cookies. It is necessary that the browser is recognised again after the user navigates away from the page.
We require cookies for the following applications:
1. to remember search terms
2. to remember display settings
3. to remember login information
4. to remember user preferences
The user data collected using technically essential cookies shall not be used to create a user profile.
Our legitimate interest in processing personal data also lies in these purposes in accordance with 6 revDPA or Art. 6, Para. 1(f) GDPR.
5.4 Duration of storage, option to object and remove data
Cookies are saved on the user’s computer and are then transferred to our services. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser and/or device, you can deactivate or limit the transfer of cookies. Cookies that have already been saved can be deleted at any time. This can also take place automatically. If cookies are deactivated for our services, some of the functions of our services may not work properly.
6. Newsletter
6.1 Description and scope of the data processing
On our website, users have the option to subscribe to a free newsletter. When a user signs up for the newsletter, the data from the input mask is transferred to us.
Your consent (double opt-in) is obtained for data processing as part of the sign-up process, and you are referred to this privacy policy.
In the context of processing data for the sending of newsletters, no data are transferred to third parties that are permitted to use these data for their own purposes. The data are used exclusively for sending the newsletter.
6.2 Legal basis for data processing
The legal basis for processing data after the user signs up for the newsletter is the user’s consent in accordance with Art. 6 revDPA or Art. 6. Para. 1(a) GDPR.
6.3 Purpose of data processing
The user’s e-mail address is used to send the newsletter. Other personal data are collected as part of the sign-up process to help prevent the misuse of services or the e-mail address used.
6.4 Retention period
The data shall be erased as soon as they are no longer required for achieving the purpose for which they were collected. The user’s e-mail address is then stored for as long as the subscription to the newsletter is active.
6.5 Option to object and remove data
The newsletter subscription can be cancelled at any time by the user. There is a corresponding link in each newsletter for this purpose.
This also allows for the withdrawal of consent to store the personal data collected during the registration procedure.
7. Rights of the data subject
If your personal data is processed by us, you as the data subject have the following rights with regard to the controller in accordance with revDPA or GDPR:
7.1 Right of access
You have the right to obtain confirmation from the controller as to whether or not personal data concerning you is being processed by us.
Where that is the case, you can request access to the following information from the controller, in accordance with Art. 25 revDPA or Art. 15 GDPR:
1. the purposes of processing the personal data;
2. the categories of personal data concerned;
3. the recipients or categories of recipient to whom the personal data concerning you have been or will be disclosed;
4. the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine the storage period;
5. the existence of the right to request rectification or erasure of personal data concerning you;
6. all information available about the source of the data where the personal data are not collected from the data subject.
You have the right to request information about whether personal data concerning you are transferred to a third country or an international organisation. Within this context, you can request to be informed about suitable safeguards in accordance with Art. 16 revDPA or Art. 46 GDPR in connection with the transfer.
7.2 Right to rectification
Pursuant to Art. 32 Para. 1 revDPA, you have the right to demand from the controller the rectification and/or completion of inaccurate and incomplete personal data concerning you.
7.3 Right to restriction of processing
Where processing of personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing pursuant to the above conditions, you shall be informed by the controller before the restriction of processing is lifted.
7.4 Right to erasure
You have the right to demand that the controller immediately erase personal data concerning you, and the controller is obliged to erase this data without delay where one of the following grounds applies:
1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You withdraw consent on which the processing was based in accordance with Art. 12, Para. 2(b) DPA or Art. 6, Para.1(a) or Art. 9, Para. 2(a) GDPR, and there is no other legal ground for the processing.
3. You object to the processing pursuant to Art. 21, Para. 1 GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21, Para. 2 GDPR.
4. The personal data concerning you have been unlawfully processed.
5. The personal data concerning you have to be erased for compliance with a legal obligation in accordance with Swiss or Union or Member State law to which the controller is subject.
6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8, Para. 1 GDPR.
7.5 Information for third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17, Para. 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
7.6 Exceptions
The right to erasure shall not apply to the extent that the processing is necessary for
1. exercising the right of freedom of expression and information;
2. for the establishment, exercise or defence of legal claims.
7.7 Right to be informed
If, pursuant to Art. 32 revDPA, you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, the latter is obliged to inform all recipients to whom your personal data have been disclosed of this rectification, erasure or restriction unless this is impossible or involves excessive expense. You have the right to be informed by the controller about these recipients.
7.8 Right to data portability
Pursuant to Art. 28 revDPA, you have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit these data to another controller without hindrance from the controller to which the personal data have been provided, where:
1. the processing is based on consent pursuant to Art.6, Para. 1(a) GDPR or Art. 9, Para. 2(a) GDPR or on a contract pursuant to Art. 28 Para. 1(b) revDPA or Art. 6, Para. 1(b) GDPR; and
2. the processing is carried out by automated means (Art. 28 Para. 1(a) revDPA).
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by this.
7.9 Right to object
Without prejudice to the preceding provisions, in particular in relation to the restriction of processing, you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6 revDPA or Art. 6, Para. 1(e) or (f) GDPR.
Under such circumstances the controller shall stop processing the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.
If you object to processing for direct marketing processes, the personal data concerning you shall no longer be processed for these purposes.
7.10 Right to withdraw your declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
7.11 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, as long as our data processing is subject to revDPA or GDPR, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes revDPA or GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint.
Version 1.0, August 2023
