Data protection and imprint – procure.ch

Data protection and imprint at procure.ch (March 2021)

This data privacy statement provides information on how and why our website collects and processes your personal data. In this way, we protect the personality and fundamental rights of all persons whose data is processed at procure.ch. procure.ch ensures data security appropriate to the risk by means of appropriate technical and organisational measures.

  • Personal data is only obtained by procure.ch for a specific purpose that is clearly recognisable to the data subject. Such data may only be processed in a way that is compatible with the purpose.
  • Personal data is destroyed or anonymised as soon as it is no longer required for the purpose of processing.
  • If the data subject’s consent is required for processing, their consent will only be valid if it is given voluntarily and unambiguously for one or more specific processing operations after having been informed appropriately. Consent must be given expressly, in particular for the processing of particularly sensitive personal data and profiling.

Consent

Consent is NOT required for all data processing and will be obtained where necessary via the general terms and conditions. Where consent is required, it must be given expressly for

  • the processing of personal data requiring special protection;
  • high-risk profiling by a private person.

Personal data requiring special protection

In exceptional cases, procure.ch will obtain access to particularly sensitive personal data. The handling of such is regulated in the data inventory. This includes, for example, data on health, on administrative or criminal prosecutions and sanctions, or on social assistance.

Profiling

Profiling is the assessment of certain characteristics of a person on the basis of automatically processed personal data, in particular in order to analyse or predict work performance, economic circumstances, health, behaviour, preferences, place of residence or mobility.

The data controller (also data owner)

The data controller is the responsible person in the relevant organisational unit of procure.ch who, alone or together with others, determines the purpose and means of processing.

The data controller is obligated to ensure, by means of appropriate default settings, that the processing of personal data is limited to the minimum necessary for the purpose of use, unless the data subject specifies otherwise. Personal addresses may have only one address owner; company addresses may have several address owners. The address owner is stored in the central customer relationship management (CRM) system and is controlled with the settings of the respective role.

The data processor

A data processor is an entity outside procure.ch that processes personal or business data on behalf of the data owner.

The processing of personal data may be entrusted by contract or by law to a data processor if

  • the data is processed only as the data owner would be allowed to do;
  • no legal or contractual confidentiality obligation prohibits the transmission of data.

The data owner must ensure that the data processor is able to guarantee data security.

The data processor may only transfer the processing to a third party with the prior consent of the data owner. The data processor may invoke the same grounds for justification as the data controller.

Personal data of our three areas (Association, Training, Certification)

Employees in Training and Association do not have access to any data relevant to certifications. Our CRM system ensures the protection of this data by means of different roles, which are based on the functional area of the respective employee.

For personal data that procure.ch collects for participation in an event (training, event, certification), we obtain consent that the information may be used/transferred by the Association area in future.

CRM – leading system

The CRM and course/member management system contains the entire address master of procure.ch and is thus the leading system for the management and use of addresses.

This address master contains the addresses of

  • all employees of members, participants, customers, interested parties, suppliers and those active in committees;
  • all companies, organisations and authorities that are in contact with procure.ch;
  • all employees (office).

Privacy by design

Our CRM system is technically and organisationally designed to comply with the principle of data minimisation. Data processing is carried out in accordance with the Swiss Data Protection Act and takes into account the relevant criteria by means of authorisations and other settings.

The CRM system of procure.ch keeps a record of all data processing. It contains information on the identity of the data processor and the data controller as well as on the categories of processing carried out on behalf of the controller. In addition, procure.ch maintains a data inventory.

Responding to requests from data subjects (access requests, erasure requests, rectification requests, data portability, data security breaches)

The data protection officer will respond to requests or confirm the relevant execution within 30 days at the latest.

Revocation of data transmission to the Association

Participants have the option of defining the disclosure of their data in their personal profile myProcure by means of a yes/no selection field. Or they can contact the procure.ch data protection officer by email.

Photos and film footage

Our events are photographed and filmed. By registering, you consent to the publication of any photographs in which you may be recognisable.

Data protection officer

Elisabeth Frey, Head of Marketing & Communication, freynoSpam@procure.noSpamch

The data protection officer

  • ensures compliance with the data protection regulations of procure.ch by taking appropriate measures;
  • initiates an investigation if there are indications that data processing may violate data protection regulations.
    The data controller must report these to the Swiss Federal Data Protection and Information Commissioner (FDPIC). The data subject must also be informed if the FDPIC so requires or if it is necessary for the protection of the data subject;
  • informs the managing director about the violation of data protection regulations and requests appropriate measures;
  • takes a position on high-risk data (data protection impact assessment) and proposes measures.

ONLINE MARKETING

We use personal data to operate this website and to offer and advertise our services. Different types of data are collected and processed, depending on how you use our online services. Profiling is performed through an automated analysis of behaviour.

One type of data concerns information that you actively provide, for example, via a contact form or e-mail.

Other data are automatically collected as soon as you visit our website. In this case, the data mainly concern technical data such as your IP address or the web browser you use.

By submitting the data, you agree that we may store and process the data until you revoke your consent to the storage or until the storage of the data is no longer necessary for the intended purpose and the deletion does not conflict with any statutory retention obligations.

In addition, we evaluate how visitors navigate our website. These data are collected for statistical analysis and are never used to observe or identify individuals. The information gathered helps us to optimise our web presence and to improve your online experience.

Security measures

We have adopted technical and strategic measures to protect your data from being misused when you visit our website and use its related functions and services. The security measures include the encryption of data transmitted from your browser to the server (https) as well as a secure e-mail connection (SSL/TLS). We recommend that you also activate SSL/TLS in your personal e-mail application.

Please note that security risks associated with transmitting data in the internet can never be completely eliminated.

Retaining and deleting data

Data you send, for example, via a contact form, are used solely for the stated purpose and never passed on to third parties without your consent.

When you send us this data, you give us your consent to retain and process your data until you either retract your consent or until the data are no longer relevant to the original purpose, provided that no legal obligation to retain information rules out deleting the data.

Cookies

Like most websites, we also use “cookies”. Cookies are small text files that are stored on your computer. So-called session cookies are automatically deleted when you close your browser. Other cookies are stored for a pre-defined time or are stored permanently, allowing a website to recognise your browser when you next visit the site.

We use cookies to enable certain functions and to ensure that your visit to our site runs smoothly. We also use cookies to understand how visitors use our website. Detailed information about the use of cookies is available in the relevant sections below, including information on how you can block cookies.

Information on how to control the use of cookies for marketing purposes, in particular with regard to tracking, is available on the following websites: the US website www.aboutads.info/choices or the EU website www.youronlinechoices.com.

You can block or delete cookies at any time by adjusting your browser settings. This can, however, block certain functions of our website.

Google Analytics

Our website is linked to Google Analytics, a web analysis service of Google LLC. Google processes data on our behalf, sends us reports on website activity and provides other services that enable us to evaluate and improve our online services. Anonymised user profiles can be created on the basis of the data processed.

Google is certified under the Privacy Shield Framework and guarantees that it observes European data protection law.

We use Google Analytics with IP anonymisation. This feature shortens the IP address of Google users within the member states of the European Union and in countries with contractual agreements within the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the US and shortened there. The IP address will not be linked to other Google data.

We use the Google Analytics feature “Demographics and Interests”. The reports provide information on age, gender and interests of visitors to our website. These data stem from users who are logged into a Google service, or they are data derived from activities in Google products and the Google Display Network. These data cannot be traced to a specific person.

To prevent us from collecting your data via Google Analytics, you can either deactivate cookies in your browser or install the following plugin: https://tools.google.com/dlpage/gaoptout?hl=en

The following webpages provide additional information on how Google uses data as well as on setting preferences and ways to opt out:

https://policies.google.com/technologies/partner-sites?hl=en
https://policies.google.com/technologies/ads?hl=en
https://adssettings.google.com/authenticated

Google Web Fonts

We use Google Web Fonts on our website to ensure the uniform display of fonts. Your browser loads the required web fonts from the server when you call up the website in order to display the texts and fonts correctly. In doing so, your browser establishes a connection to Google servers, as a result of which Google becomes aware that our website is being visited by a device with your IP address. The use of Google Web Fonts and the associated data processing serve our interest in providing an attractive presentation of our website.

Integration of Google Maps

This website uses the Google Maps product from Google Inc. By using this website, you consent to the collection, processing and use of automatically collected data by Google Inc., its representatives and third parties. The terms of use of Google Maps can be found under Terms of Service of Google Maps.

Integration of YouTube videos

We have embedded YouTube videos on our website, which are stored on www.youtube.com and can be played directly from our website. YouTube is a service of YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, which belongs to the Google Group. These videos are embedded in extended data protection mode, that is, no data about you as a user is transmitted to YouTube if you do not play the videos. The data mentioned in the next paragraph are only transmitted when you play the videos. We have no control over such data transmission.

When you visit the website, YouTube receives the information that you have accessed the relevant sub-page of our website. This happens regardless of whether you have a YouTube or Google user account and whether you are logged in there or not. Your data will be directly assigned to your account if you are logged in to YouTube or Google. If you do not wish to be associated with your YouTube profile, you must log out before clicking on the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website as needed. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in the data protection statement at this link: https://policies.google.com/privacy?hl=en .

Matomo (previously PIWIK)

Matomo is an open-source platform that uses cookies to analyse how our online services are used. Anonymised user profiles can be created on the basis of the data collected.

The following data are saved on our server in Switzerland: browser type and version; operating system; country; date and time of server request; number of visits; time spent on the website; external links clicked.

IP addresses are shortened before they are retained.

You can opt out of Matomo’s anonymised collection of data at any time (this regards future collection of data) by selecting “deactivate”, see below. When you select this feature, an opt-out cookie is stored in your browser, preventing Matomo from collecting data on your visit. Important: when you delete cookies from your browser, you also remove the opt-out cookie; you must therefore re-activate the opt-out cookie to block data collection.

Newsletter

Subscriptions to our newsletter are registered via a double opt-in process. After signing up for the newsletter on our website, you will receive an e-mail asking you to confirm your registration. The confirmation is required to verify that it was you who subscribed to the newsletter. This procedure is logged as proof of your subscription.

You can cancel your subscription at any time via the link at the end of every newsletter. The personal data linked to the newsletter subscription are deleted upon cancellation.

When you open a newsletter, a link to the server is created via a small embedded graphic. This enables collection of technical data such as your browser and operating system versions, your IP address and the time of access. These data reveal whether the newsletter was opened, when it was opened and which links were clicked. Technically, this information could be linked to an individual user. We, however, have no interest in observing individual users. We analyse anonymised data to learn about reading behaviours and optimise our newsletter.

Social Media

We maintain an online presence on social networks and platforms to communicate with current and potential clients who are active in these media and to inform them about our activities. When these social media networks and platforms are accessed, the general terms and conditions as well as the data processing policies of the provider apply.

The social media buttons on our website – for example, “share” and “like”– are embedded using Shariff technology, which allows a link to a social network to be established only when a user actively clicks a button.

If you are logged in to an external service when you visit our website, it is possible that your personal data are open to additional data processing procedures over which we have no control. For more information, please refer to the social media provider in question.

LinkedIn

Privacy policy: www.linkedin.com/legal/privacy-policy

Facebook

Privacy policy: https://www.facebook.com/policy.php

PROCURE SWISS MAGAZINE

Copyright: Association procure.ch, Aarau, Switzerland. All rights reserved.
Articles published are the responsibility of the author. The editors reserve the right to make adjustments to improve understanding and ensure quality.

Imprint

Association procure.ch
Laurenzenvorstadt 90
5000 Aarau
062 837 57 00
contactnoSpam@procure.noSpamch