Privacy policy
With this privacy policy, we provide information about the processing of personal data in connection with our activities and operations, including our fidentity.ch website. fidentity.ch website. In particular, we provide information on why, how and where we process which personal data process. We also provide information about the rights of persons whose data we process.
For individual or additional activities and operations, further data protection declarations or other information on data protection may apply.
We are subject to Swiss data protection law as well as any applicable foreign data protection law data protection law, in particular that of the European Union (EU) with the European General Data General Data Protection Regulation (GDPR).
In its decision of26 July 2000, the European Commission recognized that Swiss data protection law data protection law guarantees adequate data protection. In a report dated January 15, 2024, the European Commission confirmed this adequacy decision.
1. Contact addresses
Responsibility for the processing of personal data:
Thorsten Hau
fidentity AG
Waldeggstrasse 30
CH-3097 Liebefeld
Switzerland
In individual cases, third parties may be responsible for the processing of personal data or there may be joint there may be joint responsibility with third parties.
Data protection officer or data protection advisor
We have the following data protection officer or data protection advisor at our disposal as a point of contact for data subjects and authorities for inquiries in connection with in connection with data protection:
Thorsten Hau
fidentity AG
Waldeggstrasse 30
CH-3097 Liebefeld
Switzerland
2. Terms and legal basis
2.1 Definitions
Data subject: Natural person about whom we process personal data.
Personal data: Any information relating to an identified or identifiable natural person.
Particularly sensitive personal data: Data relating to trade union, political, religious or ideological views and activities, data concerning health, privacy or membership of an ethnic or racial group. or belonging to an ethnic or racial group, genetic data, biometric data that uniquely identifies a natural person, data relating to criminal or administrative sanctions or prosecutions, and data on social assistance measures.
Processing: Any handling of personal data, regardless of the means and procedures used and procedures used, such as querying, matching, adapting, archiving, storing, reading out, disclosing, obtaining, recording, collecting, deleting, disclosing, arranging, organizing, storing, modifying, disseminating, linking, destroying and using personal data.
European Economic Area (EEA): Member States of the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway.
2.2 Legal bases
We process personal data in accordance with Swiss data protection law, such as in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).
We process - if and to the extent that the European General Data Protection Regulation (GDPR) is applicable - personal data or personal data in accordance with at least one of the following
- Article 6(1)(b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject or to carry out pre-contractual measures.
- Article 6(1)(f) GDPR for the necessary processing of personal data to safeguard legitimate interests – including the legitimate interests of third parties – provided these are not overridden by the fundamental rights and freedoms or interests of the data subject. Such interests particularly include the ongoing, humane, secure, and reliable execution of our activities and operations, ensuring information security, protection against misuse, enforcement of our own legal claims, and compliance with Swiss law.
- Article 6(1)(c) GDPR for the necessary processing of personal data to comply with a legal obligation to which we are subject under any applicable law of member states in the European Economic Area (EEA).
- Article 6(1)(e) GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
- Article 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
- Article 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
- Article 9(2) et seq. GDPR for the processing of special categories of personal data, particularly with the consent of the data subject.
The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data, and the processing of especially sensitive personal data as the processing of special categories of personal data (Article 9 GDPR).
3. Type, Scope, and Purpose of Processing Personal Data
We process the personal data that is necessary to ensure that we can perform our activities and operations on a permanent, humane, secure, and reliable basis. The personal data processed may particularly fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data, including inventory and contact data, location data, transaction data, contract data, and payment data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of performing our activities and operations, insofar as such processing is legally permissible.
We process personal data, where necessary, with the consent of the data subjects.
In many cases, we may process personal data without consent, for example, to fulfill legal obligations or to protect overriding interests. We may also request consent from data subjects even if their consent is not required.
We process personal data for as long as is necessary for the respective purpose.
We anonymize or delete personal data particularly in accordance with legal retention and limitation periods.
4. Disclosure of Personal Data
We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties include, in particular, specialized service providers whose services we utilize.
We may disclose personal data to banks and other financial service providers, authorities, educational and research institutions, advisors and lawyers, advocacy groups, IT service providers, cooperation partners, credit and business reporting agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, and insurance providers.
5. Communication
We process personal data to be able to communicate with third parties. In this context, we particularly process data that a data subject transmits when making contact, for example, by postal mail or email. We may store such data in an address book or similar tools.
Third parties that transmit data about other individuals are required to ensure data protection for such data subjects. This includes, among other things, ensuring the accuracy of the transmitted personal data.
We use selected services from suitable providers to enhance communication with third parties.
6. Applications
We process personal data about applicants as far as it is necessary to assess their suitability for employment or for the subsequent execution of an employment contract. The required personal data arises in particular from the information requested, for example, as part of a job posting. We may publish job postings with the help of suitable third parties, such as in electronic and print media or on job portals and job platforms.
We also process personal data that applicants voluntarily disclose or publish, particularly as part of cover letters, resumes, other application documents, and online profiles.
In cases where the General Data Protection Regulation (GDPR) is applicable, we process personal data about applicants in accordance with Article 9(2)(b) GDPR.
We may allow applicants to store their information in our talent pool so they can be considered for future job openings. Additionally, we may use such information to maintain contact and provide updates. If we believe an applicant may be a good fit for an open position based on their information, we may inform them accordingly.
We use selected services from suitable third parties to post job openings via e-recruiting, enable application submission, and manage applications.
In particular, we use:
- JOIN: E-recruiting; Provider: JOIN Solutions AG (Switzerland); Data protection information: Privacy Policy.
7. Data Security
We take appropriate technical and organizational measures to ensure data security that is commensurate with the respective risk. Our measures particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data, although we cannot guarantee absolute data security.
Access to our website and other online presence is secured through transport encryption (SSL/TLS, particularly with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers will warn users before visiting websites without transport encryption.
Our digital communication is subject—like any digital communication—to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries.
We have no direct influence over the corresponding processing of personal data by intelligence agencies, law enforcement, and other security authorities. We also cannot rule out that an individual may be specifically monitored.
8. Personal Data Abroad
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly to process it there or have it processed.
We may export personal data to any country on Earth and elsewhere in the universe, provided that the law in that location ensures adequate data protection according to the decision of the Swiss Federal Council and—where the General Data Protection Regulation (GDPR) is applicable—also according to the decision of the European Commission.
We may transfer personal data to countries whose laws do not ensure adequate data protection, provided that data protection is guaranteed for other reasons, particularly on the basis of standard data protection clauses or other appropriate safeguards.
In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the special data protection conditions are met, for example, the explicit consent of the data subject or a direct connection with the conclusion or execution of a contract. Upon request, we are happy to inform data subjects about any guarantees in place or provide a copy of any applicable guarantees.
9. Rights of Data Subjects
9.1 Data Protection Claims
We grant data subjects all claims in accordance with the applicable data protection law. Data subjects, in particular, have the following rights:
- Access: Data subjects may request information about whether we are processing personal data about them and, if so, what personal data is being processed. Data subjects will also receive the information necessary to assert their data protection rights and ensure transparency. This includes the personal data being processed as well as details regarding the purpose of processing, retention period, any disclosure or export of data to other countries, and the source of the personal data.
- Correction and Restriction: Data subjects may request the correction of inaccurate personal data, the completion of incomplete data, and the restriction of the processing of their data.
- Erasure and Objection: Data subjects may request the deletion of their personal data ("right to be forgotten") and object to the processing of their data with effect for the future.
- Data Portability and Transfer: Data subjects may request the release of personal data or the transfer of their data to another controller.
We may postpone, restrict, or refuse the exercise of data subjects' rights within the legally permissible framework. We may inform data subjects about any conditions that need to be met in order to exercise their data protection rights. For example, we may refuse to provide information by citing confidentiality obligations, overriding interests, or the protection of other individuals.
We may also refuse the deletion of personal data, particularly by referring to legal retention obligations.
In exceptional cases, we may charge costs for the exercise of these rights. We will inform data subjects in advance of any potential costs.
We are obligated to take appropriate measures to verify the identity of data subjects who request access or assert other rights. Data subjects are required to cooperate in this process.
9.2 Legal Remedies
Data subjects have the right to enforce their data protection claims through legal channels or to file a complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (EDÖB).
European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities are structured federally, particularly in Germany.
10. Use of the Website
10.1 Cookies
We may use cookies. Cookies – both first-party cookies (our own) and third-party cookies (from services we use) – are data stored in the browser. Such stored data are not necessarily limited to traditional cookies in text form.
Cookies can be stored in the browser temporarily as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies allow, in particular, the recognition of a browser on subsequent visits to our website, thereby enabling the measurement of our website's reach. Permanent cookies may also be used for online marketing purposes.
Cookies can be disabled or deleted entirely or partially in the browser settings at any time. Without cookies, our website may no longer be fully available. We actively request explicit consent to the use of cookies, at least where and to the extent required.
For cookies used for success and reach measurement or for advertising purposes, a general opt-out for many services is available via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
10.2 Logging
We may log the following information for each access to our website and other online presence, provided such information is transmitted to our digital infrastructure: date and time including time zone,IP address, access status (HTTP status code), operating system including interface and version, browser including language and version, the individual sub-page of our website accessed including data transferred, and the last website visited in the same browser window (referrer).
We log such information, which may include personal data, in log files. The information is necessary to ensure the ongoing, user-friendly, and reliable availability of our online presence. Additionally, the information is required to ensure data security, including by third parties or with the assistance of third parties.
10.3 Tracking Pixels
We may integrate tracking pixels into our online presence. Tracking pixels are also referred to as web beacons. Tracking pixels – including those from third parties whose services we use – are typically small, invisible images or JavaScript scripts that are automatically retrieved when our online presence is accessed. Tracking pixels can capture at least the same information as log files.
11. Notifications and Messages
11.1 Success and Reach Measurement
Notifications and messages may contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked. Such web links and tracking pixels can also track the usage of notifications and messages on a personal basis. We need this statistical tracking for success and reach measurement in order to send notifications and messages effectively and user-friendly, based on the needs and reading habits of the recipients, as well as reliably, securely, and on an ongoing basis.
11.2 Consent and Objection
You generally need to consent to the use of your email address and other contact details, unless such use is permitted for other legal reasons. For obtaining double-confirmed consent, we may use the "double opt-in" process. In this case, you will receive a message with instructions for confirming your consent. We may log any consent obtained, including theIP address and timestamp, for evidence and security purposes.
You can generally object to receiving notifications and messages, such as newsletters, at any time. With such an objection, you can also object to the statistical tracking for success and reach measurement. Exceptions apply to necessary notifications and messages related to our activities and operations.
12. Social Media
We are present on social media platforms and other online platforms to communicate with interested parties and to inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
The general terms and conditions (GTC), usage conditions, and privacy policies of the individual platform operators apply. These terms particularly inform data subjects about their rights directly with the respective platform, such as the right to access.
13. Third-Party Services
We use services from specialized third parties to carry out our activities and operations on an ongoing, user-friendly, secure, and reliable basis. With such services, we can integrate features and content into our website. For such integration, the services used must at least temporarily collect the IP addresses of the users for technical reasons.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in aggregated, anonymized, or pseudonymized form. This may include performance or usage data to enable the provision of the respective service.
We specifically use:
- Google Services: Provider: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General privacy information: "Privacy and Security Principles", "How Google Uses Personal Data", Privacy Policy, "Google's Commitment to Data Protection Laws", "Privacy Guide for Google Products", "How We Use Data from Sites or Apps That Use Our Services", "Types of Cookies and Similar Technologies Used by Google", "Ads You Can Control" (Personalized Advertising).
- Microsoft Services: Provider: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General privacy information: "Microsoft Privacy", "Privacy and Security", Privacy Policy, "Data and Privacy Settings".
13.1 Appointment Scheduling
We use services from specialized third parties to enable online appointment scheduling, such as for meetings. In addition to this privacy policy, the terms visible directly within the services used, such as terms of use or privacy policies, apply.
We specifically use:
- Calendly: Appointment scheduling platform; Provider: Calendly LLC (USA); Privacy information: Privacy Policy, "Security".
13.2 Online Collaboration
We use services from third parties to enable online collaboration. In addition to this privacy policy, the terms visible directly within the services used, such as terms of use or privacy policies, apply.
We specifically use:
- Microsoft Teams: Platform for productive collaboration, particularly for audio and video conferences; Provider: Microsoft; Teams-specific information: "Security and Compliance in Microsoft Teams", particularly "Privacy".
- Slack: Platform for productive collaboration, particularly via chat; Providers: Slack Technologies LLC (USA) for users in Canada and the USA / Slack Technologies Limited (Ireland) for users in the rest of the world; Privacy information: Privacy Policy, "Trust Center", "Frequently Asked Questions About Privacy", "Data Management: Transparency and Simplicity", Cookie Policy.
13.3 Digital Content
We use services from specialized third parties to embed digital content into our website. Digital content includes, in particular, images and videos, music, and podcasts.
We specifically use:
- YouTube: Video platform; Provider: Google; YouTube-specific information: "Privacy and Safety Center", "My Data on YouTube".
13.4 Documents
We use services from third parties to embed documents into our website. Such documents may include PDF files, presentations, spreadsheets, and text documents. We can allow viewing, editing, or commenting on such documents.
13.5 Fonts
We use services from third parties to embed selected fonts, icons, logos, and symbols into our website.
We specifically use:
- Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: "Your Privacy and Google Fonts", "Privacy and Data Collection" (for Google Fonts).
13.6 Advertising
We use the option to display targeted advertising with third parties, such as on social media platforms and search engines, for our activities and operations. With such advertising, we particularly aim to reach individuals who are already interested in our activities and operations or who may be interested in them (remarketing and targeting). For this, we may transfer relevant – potentially personal – information to third parties that enable such advertising. We can also determine if our advertising is successful, particularly whether it leads to visits to our website (conversion tracking).
Third parties with whom we advertise and with whom you are registered as a user may be able to associate the use of our website with your profile on those platforms.
We specifically use:
- Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: Advertising, including based on search queries, using various domain names, particularly doubleclick.net, googleadservices.com, and googlesyndication.com, Privacy Policy for Advertising, "Manage Ads Directly via Ad Settings".
- LinkedIn Ads: Social media advertising; Providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); Privacy information: Remarketing and targeting, particularly with the LinkedIn Insight Tag, "Privacy", Privacy Policy, Cookie Policy, Opt-out of personalized advertising.
14. Website Extensions
We use extensions for our website to enable additional features. We may use selected services from suitable providers or run such extensions on our own digital infrastructure.
We specifically use:
- Google reCAPTCHA: Spam protection (distinguishing between desired content from humans and unwanted content from bots and spam); Provider: Google; Google reCAPTCHA-specific information: "What is reCAPTCHA?".
15. Success and Reach Measurement
We aim to measure the success and reach of our activities and operations. In this context, we may also measure the effectiveness of third-party referrals or test how different parts or versions of our online offerings are used ("A/B testing" method). Based on the results of the success and reach measurement, we may fix errors, strengthen popular content, or make improvements.
In most cases, the IP addresses of individual users are collected for success and reach measurement. IP addresses are generally shortened in this case ("IP masking") to follow the principle of data minimization through corresponding pseudonymization.
Cookies may be used for success and reach measurement, and user profiles may be created. These user profiles may include the specific pages visited or content viewed on our website, information about the size of the screen or browser window, and the (at least approximate) location. User profiles, if created, are generally only pseudonymized and are not used to identify individual users. Certain third-party services, where users are registered, may associate the use of our online offerings with the user account or profile at the respective service.
We specifically use:
- Matomo Cloud: Success and reach measurement with pseudonymized IP addresses; Provider: InnoCraft Ltd. (New Zealand); Privacy information: Privacy Policy, No cross-site tracking and no data sharing with third parties ("100% Data Ownership").
16. Final Provisions
We have created this privacy policy with the help of the privacy policy generator from Datenschutzpartner.
We may modify or supplement this privacy policy at any time. We will inform about such changes and additions in an appropriate manner, particularly by publishing the current privacy policy on our website.
This is a translation of the original German privacy policy. In the event of any discrepancies between this translation and the original German version, the original version will prevail.
fidentity AG
Waldeggstrasse 30
CH-3097 Liebefeld
Schweiz
info@fidentity.ch
Authorized representatives
Thorsten Hau
Company name
fidentity AG
Data protection officer
Thorsten Hau
+41 31 550 18 29
thorsten@fidentity.ch