Swiss Resilience Hub AG privacy policy

Content 

Status: 07.09.2023

With this privacy policy, we inform you about the personal data we collect and process in connection with our activities. It applies to all processing activities related to personal data. We handle the data received and collected responsibly, in accordance with applicable legal provisions, and in accordance with this privacy policy. Our processing is generally subject to the Swiss Data Protection Act (DSG). 

If we consider it useful, we will provide you with supplementary data protection declarations and other legal documents (in particular general terms and conditions, terms of use and conditions of participation) for individual or additional processing.

1. Who are we? 

We are Swiss Resilience Hub AG (Rieterstrasse 6, 8002 Zurich), and we are responsible for the processing of your personal data, as described here (unless otherwise specified in individual cases). In this Privacy Policy, references to “Swiss Resilience Hub,” “we,” or “us” refer to Swiss Resilience Hub AG.  

If you have any data protection concerns, you can contact us at:  

Swiss Resilience Hub AG 
Rieterstrasse 6 
8002 Zurich  

welcome@sr-hub.ch, Subject: “Data Protection” 

2. What personal data do we process? 

We collect and process the following personal data from you:  

  • Basic data, such as name, address, email address, phone number, gender, date of birth, social media profiles, photos, videos, relationship information (customer, service provider, etc.), history, official information (e.g., commercial register extracts, permits, etc.), information about subscribed newsletters or other advertising (including consents);  
  • Communication data, such as contact details, method of communication (phone, email, text messages, video messages, online comments, etc.), as well as the location, date, time, and content of the communication;  
  • Registration data, such as username, password, email address;  
  • Financial data, such as payment information, creditworthiness information;  
  • Contract data, data that arise in connection with contract conclusion or contract processing, such as information about contract conclusion, acquired claims and receivables, information on customer satisfaction, purchase information (e.g., purchase date, location, time, history, as well as quantity, type, and value of goods/services);  
  • Technical data, such as IP address, operating system, date, time, geographical information; 
  • Behavioral data, such as duration and frequency of visits to our website, date and time of a visit or opening of a message (newsletter, email, etc.), location of your device, interaction with our online presences on social networks or other third-party platforms;  
  • Preference data, such as user settings, data from the analysis of the collected data (especially behavioral data);  
  • Other data that you provide to us about yourself. 

3. How do we collect personal data? 

We collect your personal data in various ways. On one hand, we collect personal data that you provide to us (e.g., via email, phone, postal mail), that we receive from third parties (e.g., business partners, authorities), and that we gather about you (e.g., from publicly accessible registers, websites, business partners).  

3.1 Provided data 

You provide us with your personal data when you interact with us, including under the following circumstances:  

  • When you communicate with our staff;  
  • When you create a user account with us;  
  • When you visit our stores or other premises;  
  • When you participate in customer events and public events hosted by us;  
  • When you purchase our products or services (in a physical store or online);  
  • When you register to access certain offers and services (e.g., newsletters, free Wi-Fi);  
  • When you participate in one of our contests or giveaways.  

 The provided data includes, in particular, basic data, communication data, registration data, contract data, and preference data.  

 Generally, the provision of personal data is voluntary, meaning that in most cases, you are not obligated to disclose personal data to us. However, we must collect and process those personal data that are necessary or legally required for the execution of a contractual relationship and the fulfillment of associated obligations, e.g., mandatory basic and contract data. Otherwise, we may not be able to conclude or continue the respective contract.  

If you provide us with personal data about other individuals (e.g., family members, employees), we assume that you are authorized to do so and that the information is accurate. Please ensure that these other individuals are informed about this Privacy Policy.  

Failure to provide certain personal data may result in the inability to provide the associated service or conclude a contract. We will generally inform you where personal data requested by us are mandatory.  

 

3.2 Received data 

We may also receive personal data about you from third parties, including but not limited to:  

  • Business partners with whom we collaborate, such as banks, insurance companies, distribution and other contractual partners; 
  • Individuals who communicate with us;  
  • Credit reporting agencies, e.g., when we obtain creditworthiness information;  
  • Address vendors or the Swiss Post, e.g., for address updates;  
  • Providers of online services, e.g., internet analytics services;  
  • Authorities and courts, in connection with official and judicial proceedings.  

The received data includes, in particular, basic data, communication data, financial data, contract data, and preference data. 

 

3.3 Collected data 

We may also collect your personal data ourselves or through automated means, including but not limited to the following circumstances:  

  • When you use our offerings;  
  • When you avail our services;  
  • When you order and/or purchase products from us;  
  • When you visit our websites or use our SRH GROW platform;  
  • When we consult publicly accessible sources (e.g., public registers, websites, platforms); 
  • When we obtain information from your organization or another organization or enterprise about you (e.g., for reference purposes in the application process, if you consent);  
  • When we collaborate with business partners;  
  • When you click on a link in one of our newsletters or otherwise interact with our electronic advertising communications.  

 The collected data primarily includes behavioral data and technical data.  

We may also derive additional personal data from existing personal data, for example, by analyzing behavioral data. Frequently, such derived personal data are preference data. 

 

4. For what purposes do we process personal data? 

We primarily process your personal data to conclude and execute contracts with you, our customers, and our business partners. Specifically, we also process your personal data for the following purposes:  

  • To communicate with you;  
  • To provide and improve our services (including websites) to you and our customers;  
  • To manage the business relationship with you and our customers;  
  • To conduct advertising, marketing, market research, and product development;  
  • To ensure your and our security and prevent misuse (e.g., for IT security, theft prevention, fraud and abuse prevention, and for evidence purposes);  
  • To comply with legal and regulatory obligations;  
  • To enforce our claims and defend against claims from others;  
  • To prepare and carry out the sale or purchase of business areas, companies, or parts of companies, and other corporate transactions, including the transfer of personal data;  
  • For business management purposes. 

In processing personal data for the purposes described in this statement, we rely, among other things, on our legitimate interest in maintaining, expanding, and managing the business relationship and communicating with you as a business partner about our products and services. 

For certain purposes, you may provide us with consent to process your personal data. In cases where we do not have another legal basis, we process your personal data within the framework and based on this consent. You can revoke your consent at any time. Revoking consent does not affect previous processing activities. 

5. Why and how do we share data? 

We may share your personal data with trusted third parties, as necessary or appropriate for the provision of our services or to fulfill the purposes defined in this Privacy Policy. The following categories of recipients may receive your personal data: External service providers (e.g., IT service providers, auditors, logistics companies, payment services); Customers and other contract partners; Counterparties, their legal representatives, and involved individuals; Business partners with whom we may need to coordinate service delivery; Authorities and courts. Please note that these recipients may themselves involve third parties, which may also have access to your data. 

When we share your personal data with third parties who process your personal data on our behalf, it is done based on our instructions and in accordance with our Privacy Policy, as well as other appropriate confidentiality and security measures. For example, we use service providers to assist with the operation of our IT infrastructure, providing our products and services, improving our internal business processes, and offering additional support to our customers. 

We generally process your personal data only in Switzerland and the European Economic Area (EEA) (see also section 6 below). On our websites and the SRH GROW platform, we use services from third-party providers; please refer to our Cookie Policy (section 13 below) for independent data collection by third parties. 

 

6. Why and how do we transfer data abroad? 

We may transmit your personal data to recipients in the European Economic Area (EEA), as well as to recipients in the United States and other countries that do not provide a level of data protection comparable to Swiss law (so-called third countries). We typically do this when necessary to fulfill a contract or enforce legal claims. If we disclose data to additional third countries, and this is not already known to you (e.g., from a contract or communication with us), you can generally find information on the relevant state, international organization, or at least the region in this Privacy Policy, particularly in the Cookie Policy section. We only transfer your personal data to a third country if the data protection requirements are met (e.g., through the conclusion of recognized standard data protection clauses or obtained consent) or if we can rely on an exception. An exception may exist, especially in cases of overriding public interests or if the execution of a contract that is in your interest requires such disclosure. 

7. How do we use profiling? 

“Profiling” refers to the automated processing of personal data to analyze personal aspects or make predictions (e.g., analyzing personal interests and habits). Typically, profiling results in the derivation of preference data. We use profiling, particularly in the automatic processing of basic data, contract data, behavioral data, and preference data when using and purchasing our offerings and services, but also in connection with our websites, SRH GROW platform, events, contests, and giveaways. We use profiling primarily to improve our offerings, present them and our content in a needs-based manner, provide you with only the advertising and offers that are likely to be relevant to you, and determine which payment options are available to you based on a credit check. As a basis for profiling, we may also link personal data from different sources to improve the quality of our analyses and predictions.

8. How do we make automated individual decisions? 

“Automated individual decisions” are decisions made fully automatically, i.e., without human involvement, and that can have legal consequences or significantly affect the individual concerned. We generally do not use automated individual decisions; however, if we do, we will inform you separately in individual cases. 

9. How do we protect data? 

We implement appropriate technical measures (e.g., firewall, SSL encryption, password protection) and organizational security measures (e.g., access restrictions, training of authorized individuals) to safeguard the security of your personal data. Through these measures, we protect your personal data against unauthorized or unlawful processing, access, and/or accidental loss, alteration, disclosure. Please be aware that transmitting information over the internet and other electronic means carries certain security risks. We cannot guarantee the security of information transmitted in this manner. 

 

10. How long do we retain data? 

We retain your personal data for as long as necessary for our processing purposes (see section 4), as required by legal retention periods (usually five or ten years), and in accordance with our legitimate interests, especially for documentation and evidence purposes, or if storage is technically necessary (e.g., in the case of backups or document management systems). We delete or anonymize your personal data, unless legal or contractual obligations or technical reasons prevent this, generally after the expiration of the storage and processing period in accordance with our regular procedures and in line with our retention policy. 

11. Newsletter 

We provide you with the option to subscribe to our newsletter, in which we regularly inform you about news. To deliver the newsletter to you by email, you must give us your consent in a so-called double opt-in procedure, meaning we will only send you a newsletter if you have explicitly confirmed this beforehand. You can unsubscribe from the newsletter at any time, e.g., via the link at the end of each newsletter, or you can inform us of your wish to unsubscribe by email. 

For newsletter delivery, we use the services of:  

Mailchimp c/o The Rocket Science Group, LLC 
675 Ponce De Leon Ave NE Suite 5000 
Atlanta, GA 30308 USA. 

When you sign up for the newsletter, we collect your email address as well as your first and last name. Any other information is provided voluntarily. To determine whether a newsletter email has been opened and which links may have been clicked, we process certain data. Furthermore, technical information (e.g., time of retrieval, IP address, browser type, and operating system) is recorded. We process all data for the purpose of newsletter delivery and analysis of the newsletter campaign. We retain your data until you unsubscribe from the newsletter. Data stored for other purposes remain unaffected by this.  

For more information regarding the data collected, refer to Mailchimp’s comprehensive privacy policy at: https://www.intuit.com/privacy/statement/ and the data processing addendum at: https://mailchimp.com/de/legal/data-processing-addendum/ 

12. Social Media 

On social networks and other platforms operated by third parties, we may maintain pages and other online presences (e.g., fan pages, channels, profiles) and collect and process data (especially contact and profile data) about you or provided by the social networks. We receive data when you interact with us through our online presence (e.g., by accessing and commenting on posts). We receive aggregated or otherwise sufficiently anonymized data from the platforms for evaluation purposes to continue developing our offered posts and services. We process the data, in particular, for communication, marketing purposes (including advertising on these platforms), and market research. We may re-distribute content you have published yourself or delete or restrict content from or to you in accordance with the usage guidelines. Personal data may also be processed outside of Switzerland and the European Economic Area (EEA). 

Furthermore, the platforms analyze your use of our online presence and link this data with other data known to the platforms about you. They also process this data for their own purposes, especially for marketing and market research purposes (e.g., to personalize advertising) and to control their platforms (e.g., what content they display to you). 

In addition to the respective privacy policies, other legal documents (e.g., terms and conditions and usage conditions) also apply when using the platforms. 

Currently, we mainly use the following platforms:  

13. Cookie Policy 

Below, we describe how and why we use cookies and similar technologies when using our websites and the SRH GROW platform (hereinafter referred to collectively as “website”) and process personal and other data. 

13.1 What are Log Data? 

Certain information is logged and stored for technical reasons with each connection to a web server. When you visit our website, information is automatically sent to the server of our website. This information includes your computer’s IP address, the date and time of access, the name and URL of the accessed data, the website from which access originated (referrer URL), the browser type and version, and other information transmitted by the browser (e.g., the operating system of your computer, geographic origin, language settings). This information is temporarily stored in a so-called log file and is kept in accordance with legal requirements. We process this data for the purpose of ensuring smooth connectivity and comfortable use of our website, as well as for evaluating system security and stability. 

13.2 What are cookies and similar technologies? 

We may use cookies and similar technologies on our website. Cookies are usually small text files that your browser automatically creates and stores on your device (computer, tablet, smartphone, etc.) when you visit our site. Session cookies store your input as you navigate within the website from page to page. Session cookies are deleted after a short period, at the latest when you close your browser. Persistent cookies remain stored for a certain period of time even after you close your browser. Similar technologies include pixel tags (invisible images or program code loaded by a server that transmit certain information about the server operator), fingerprints (information from the end device and browser collected when a website is accessed that distinguishes the end device from others), and other technologies (e.g., “web storage”) for storing data in the browser. 

We use both persistent and session cookies on our website. We cannot identify you with a cookie in every case. We use cookies and similar technologies to statistically record the use of our website and evaluate it for the purpose of optimization and user-friendliness. We also use cookies for the purpose of providing our services (especially technically necessary cookies). Cookies have different storage durations. We have no control over the storage duration of cookies set by third parties. 

13.3 How can you disable cookies and similar technologies?

You can configure your browser to not automatically accept cookies and similar technologies or to delete existing cookies and other data stored in your browser. You can also enhance your browser with additional software (so-called “add-ons” or “plug-ins”) that prevent tracking by specific third parties. Typically, you can find more information on this topic in your browser’s help pages under “Privacy.” Please note that partially or completely disabling cookies may result in you not being able to use all of our website’s features. 

 

13.4 What cookies and similar technologies do we use and how do we use them?  

a) Technically Necessary Cookies  

We use persistent cookies to store your personal user settings (especially regarding cookies and language choice on our website). We will not process any personal data from you. The purpose of processing is to re-identify your personal settings on our website. These cookies are necessary for the functionality of our website. After at most three months, these cookies will be automatically deleted from your system. You can also manually delete the cookies at any time, but keep in mind that this will cause you to lose your user settings. 

b) Success and Reach Measurement  

We use the following services in particular for success and reach measurement:  

  • Google Analytics by Google Ireland Ltd., based at Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC in the USA as its data processor. This service monitors and records how our website is used. Google Analytics uses persistent cookies to collect anonymous information (e.g., number of website visitors, visitor origins, duration of visit). We do not generally transmit personal data or complete IP addresses to Google. Google provides us with the collected information in aggregated form. We do not have the ability to identify individual visitors. However, Google can use the data collected for additional purposes and insights. Google can identify you if you have registered with Google. Google processes your personal data in this case independently and according to its own privacy policies. For more information about the data collected, please see Google Ireland Limited’s privacy policy: https://policies.google.com/privacy 

 

  • Facebook Pixel, Signals, Domain Insights, Conversion Tracking, and Custom Audiences by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries. For us as the operator of this website, the data collected is anonymous, and we cannot draw any conclusions about the identity of the users. However, Facebook stores and processes the data so that it can be assigned to the respective user profile, and Facebook can use the data for its own advertising purposes in accordance with Facebook’s data usage policies. This allows Facebook to display ads on Facebook pages and outside of Facebook. As page operators, we have no influence on this data usage. Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found at https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. In cases where personal data is collected and transmitted to Facebook through the tool described here on our website, we and Meta Platforms Ireland Limited are jointly responsible for this data processing. The obligations that we jointly bear are set out in an agreement on joint processing: https://www.facebook.com/legal/controller_addendum. For more information on protecting your privacy, please see Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/. You can also deactivate the remarketing function “Custom Audiences” in the advertising settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this. If you do not have a Facebook account, you can disable Facebook’s usage-based advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/. 

c) Advertising and Marketing  

For advertising and marketing purposes, we use the following services in particular:  

  • Google Adsense by Google Ireland Ltd., based at Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC in the USA as its data processor. You can find Google Ireland Limited’s privacy policy at: https://policies.google.com/privacy 

13.5. Website Plugins 

On our website, we use various plugins (extensions) from third parties to enable additional features. We use plugins for the following functions in particular: 

 

a) Maps  

We use embedded map services from third parties on our website. In particular, we use the following services:  

  • Google Maps, including Google Maps Platform, by Google Ireland Ltd., based at Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC in the USA as its data processor. For more information about the data collected, please refer to Google Inc.’s privacy policy at: https://policies.google.com/privacy 

b) Fonts 

We use third-party services to embed fonts (including logos, icons, and symbols) into our website. In particular, we use the following services:  

c) Video  

We use third-party services to display videos on our website. In particular, we use the following services: 

d) Other Extensions for Providing the Website  

We use third-party services to provide our website and offer additional features. In particular, we use the following services:  

  • Google APIs by Google Ireland Ltd., based at Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC in the USA as its data processor. We use Google APIs to deliver our website content quickly and seamlessly on all devices. You can find Google’s privacy policy at: https://policies.google.com/privacy 
  • Cloudflare by Cloudflare, Inc., based at 101 Townsend Street, San Francisco, California 94107, USA. We use Cloudflare to deliver our website content quickly and seamlessly on all devices. You can find Cloudflare’s privacy policy at: https://www.cloudflare.com/privacypolicy/  
  • Smartsupp Live Chat by Smartsupp.com, s.r.o., ID No.: 036 68 681, based at Šumavská 31, 602 00 Brno, Czech Republic. We use Smartsupp Live Chat to provide you with the opportunity to communicate with us via this chat. You can find Smartsupp.com’s privacy policy at: https://help.smartsupp.com/de_DE/privacy-policy 

14. What are your rights? 

As a potentially affected individual, you can assert various claims against us in accordance with the applicable national and international regulations. We may process your personal data again to fulfill your claims. 

You have the following rights regarding your personal data: 

  • Right to information: You have the right to know what personal data we have about you and how we process it. 
  • Right to data disclosure or transfer: You have the right to request the disclosure or transfer of a copy of your personal data in a common electronic format if it is processed automatically and the data is processed with your consent or in direct connection with the conclusion or execution of a contract between you and us. 
  • Right to rectification: You have the right to have your personal data corrected if it is inaccurate. 
  • Right to erasure: You have the right to have your personal data erased. 
  • Right to object: You have the right to object to the processing of your personal data (especially for data processing for direct marketing purposes). 

Please note that there are conditions and exceptions for these rights. We may limit or refuse your request to exercise these rights if legally permissible. For data protection or confidentiality reasons, we may redact copies or provide them only in part. 

If you wish to exercise your rights with us or if you disagree with our handling of your rights or data protection, please contact us using the contact information provided in Section 1. To prevent misuse, we may need to verify your identity (e.g., with a copy of your ID if necessary). 

 

15. Legal basis under GDPR 

We do not assume that the EU General Data Protection Regulation (GDPR) applies in our case. However, if, exceptionally, it applies to certain data processing, this Section 15 applies in addition solely for the purposes of the GDPR and the data processing subject to it. 

We base the processing of your personal data on the following legal grounds: 

  • It is necessary, as described in Section 4, for the initiation and execution of contracts and their management and enforcement (Art. 6 (1) lit. b GDPR). 
  • It is necessary to protect legitimate interests of ours or third parties, as described in Section 4, including communication with you or third parties, operating our website, improving our electronic offerings, registration for specific offerings and services, security purposes, compliance with Swiss law and internal regulations for our risk management and corporate governance, and other purposes, such as training and education, administration, evidence and quality assurance, organization, implementation, and follow-up of events, and protecting other legitimate interests (see Section 4) (Art. 6 (1) lit. f GDPR). 
  • It is required by law under the law of the EEA or a member state or is permitted by such law (Art. 6 (1) lit. c GDPR), or it is necessary to protect your vital interests or those of other natural persons (Art. 6 (1) lit. d GDPR). 
  • You have separately consented to the processing, e.g., through a corresponding declaration on our website (Art. 6 (1) lit. a and Art. 9 (2) lit. a GDPR). 

If you are located in the EEA, you also have the right to restrict data processing and can lodge a complaint with the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en. 

 

16. How can we change this privacy policy 

We may change this Privacy Policy at any time or undertake new processing activities. We update this Privacy Policy from time to time to comply with legal requirements. We will inform you of such adjustments and additions in an appropriate manner, especially by publishing the current Privacy Policy on our website (see below). 

 

The current Privacy Policy can be accessed at any time at https://swiss-resilience-hub.ch/en/datenschutzerklaerung. 

 

You can contact us at datenschutz@sr-hub.ch for all data protection matters.

Customers