We comply with the legal provisions on data protection (DSGVO) and also do everything we can to protect your data. The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States of the European Union (EU) and other data protection regulations is:

Swiss Data Center Association
Secretariat
Rue de la Vernie 12
1023 Crissier
info@sdca.ch
www.sdca.ch

INTRODUCTION

This data protection declaration is intended to provide you with a detailed overview of how and to what extent your data is collected, stored, processed, passed on and transmitted by us when you visit our pages or use our services. In addition, we want to give you an overview of the data protection measures we have in place and the options available to you when you visit our site.

1. WHAT DATA IS INVOLVED?

We process personal data only in compliance with the law. This means that data will only be processed if we have legal permission to do so. In particular, if the data processing is necessary for the provision of our contractual services or for the use or online services or is required by law. In addition, we process data if we have obtained consent or if we have a legitimate interest in processing (e.g. interest in the analysis, optimization, economic operation, security of our online offering, especially in the case of reach measurement, creation of profiles for advertising and marketing purposes, as well as collection of access data and use of third-party services.

2. WHY DO WE PROCESS PERSONAL DATA?

The content and works created by the site operators on these pages are subject to Swiss copyright law. Duplication, processing, distribution, or any form of commercialization of such material beyond the scope of the copyright law shall require the prior written consent of its respective author or creator. Downloads and copies of this site are not permitted for commercial use. Insofar as the content on this site was not created by the operator, the copyrights of third parties are respected. In particular, third-party content is identified as such.

3. WHEN AND TO WHAT EXTENT DO WE PROCESS PERSONAL DATA?

The use of our website is generally possible without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our pages, this is always done, as far as possible, on a voluntary basis. This data will not be passed on to third parties without your express consent.

3.1 For the provision of contractual services/registration

We process inventory data and contractual data in order to fulfill our contractual obligations and services. (Art. 6 para. 1 lit. b DSGVO).

3.2 Contacting

If contact is made by e-mail, the information is processed to the extent necessary to answer the questions.

3.3 Visiting our website

When you use our website and services, we or our authorized service providers may use cookies or similar technologies. The information collected in this way helps us to better adapt our services to the needs of our members and partners, above all to make them even more secure. They also serve advertising purposes.

4. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a of the General Data Protection Regulation (DSGVO) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c DSGVO serves as the legal basis. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis. If the processing is necessary to protect a legitimate interest of our association or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.

5. DELETION OF DATA AND STORAGE PERIOD.

The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data will be blocked and not processed for other purposes.

6. HOW DO WE PROTECT PERSONAL DATA?

We implement physical, technical and administrative security measures to adequately protect personal data from loss, misuse, unauthorized access, disclosure and alteration. These security measures include firewalls, data encryption, authorization controls for access to data, and we select our server locations very carefully. We are committed to securing our systems and services. However, you are responsible for maintaining the security and confidentiality of your passwords and account profile/registration information. In addition, it is your responsibility to verify that the personal information we have about you is accurate and up to date. We are not responsible for the protection of personal information that we share with third parties based on an account linkage authorized by you.

7. WHERE IS YOUR DATA STORED?

7.1 Switzerland

The servers underlying the hosting service and also the server for our own infrastructure/data processing (dashboard, monitoring, configuration management, etc.) are located in the data centers of Infomaniak AG in Switzerland. Infomaniak AG provides services which are used by us as a platform for hosting.

8. WHEN DO WE SHARE YOUR DATA?

First of all, we would like to assure you that we do not sell, lend or rent your personal data. Data will only be passed on if, for example, this is indispensable for the fulfillment of our contractual obligations, we have a legitimate interest or we have your consent. Every contractual partner of ours is conscientiously and carefully selected and we oblige them to protect all data according to the legal regulations.

9. LINKS

Our website may contain links to websites of other providers, for whose content we are not responsible and to which this privacy policy does not extend.

10. YOUR RIGHTS

As soon as personal data of yours is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller (i.e. us):

• Right to information,
• Right to correction or deletion,
• Right to restriction of processing,
• Right to object to processing,
• Right to data portability.

You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data. Switzerland: Federal Data Protection and Information Commissioner (FDPIC) www.edoeb.admin.ch

11. COOKIES AND OTHER TECHNOLOGIES

The following section is intended to give you a better understanding of the various technologies we use and how they are used. When you use our website, we or our authorized service providers may use cookies or similar technologies. The information collected in this way helps us to better tailor our services to the needs of our customers, to make them better and faster and, above all, to make them even more secure. They also serve advertising purposes.

11.1. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

11.1.1 Description and scope of data processing

As soon as you call up our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

• Information about the browser type and the version used
• The operating system of the user
• The IP address of the user
• Date and time of access
• Websites from which the user’s system accesses our website

This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

11.2 Legal basis

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) lit. f DSGVO.

11.3 Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, your IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 lit. f DSGVO.

11.4 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

11.5 Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

12. COOKIES

12.1 Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If you as a user call up a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.

When calling up our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of personal data used in this context is obtained. In this context, a reference to this privacy policy is also made. Further information on cookies can be found in the next sections.

12.2 Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f DSGVO. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) lit. a DSGVO if the user has given his consent in this regard.

12.3 Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

12.4 Duration of storage, objection and removal options

Cookies are stored on your computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

13. NEWSLETTER, E-MAIL MARKETING AND INFORMATION

13.1 Description and scope of data processing

13.1.1 Newsletter and e-mail marketing dispatch based on the registration for the newsletter.

On our website there is the possibility to subscribe to a free newsletter. In doing so, the data from the input mask is transmitted to us when registering for the newsletter. To register for the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter your first name in order to address you personally in the newsletter. In addition, the following data is collected during registration:

• Your e-mail address
• IP address of the calling computer
• Date and time of registration

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy.

13.1.2 Newsletter dispatch & e-mail marketing based on product information

If you purchase services on our website and enter your e-mail address, this may subsequently be used by us to send you information. In such a case, only direct advertising for our own services will be sent via the newsletter.

No data will be passed on to third parties in connection with the processing of data for the dispatch of newsletters. The data is used exclusively for sending the newsletter.

13.2 Legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 (1) lit. a DSGVO if the user has given his consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG. The use of the shipping service provider MailChimp is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO.

13.3 Purpose of the data processing

The collection of the user’s email address serves to deliver the newsletter. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that both serves our business interests and meets the expectations of the users.

13.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Accordingly, your e-mail address will be stored as long as the subscription to the newsletter is active.

13.5 Possibility of objection and removal

You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. After cancellation, the data will be deleted except for the e-mail address. The e-mail address is stored in a blacklist and is only used to ensure that we do not send any further e-mails to your e-mail address.

14. CONTACT FORMS, CONTACT E-MAIL

14.1 Description and scope of data processing

Our website contains forms that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. At the time the message is sent, the following data is also stored:

• E-mail address of the user
• The IP address of the user
• Date and time of registration

For the processing of the data, your consent is obtained during the sending process and reference is made to this privacy policy. Alternatively, it is possible to contact us via our provided e-mail address. In this case, the user’s personal data transmitted with the e-mail will be stored.

14.2 Legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1) lit. a DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

14.3 Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

14.4 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation shall be deemed to have ended when it can be inferred from the circumstances that the relevant matter has been conclusively clarified.

14.5 Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time.

15. GOOGLE ANALYTICS

15.1 Scope of data processing

We use Google Analytics on our website to analyze the surfing behavior of our users. The software sets a cookie on the user’s computer (for cookies, see already above). If individual pages of our website are called up, the following data is stored:

• Two bytes of the IP address of the user’s calling system
• The website called up
• The website from which the user accessed the accessed website (referrer)
• The subpages accessed from the accessed website
• The time spent on the website
• The frequency with which the website is accessed

We use the marketing and remarketing services (in short “Google marketing services”) of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law. Google’s marketing services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. For example, if a user is shown ads for products he or she has been interested in on other websites, this is referred to as “remarketing”. For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases is transmitted in full to a Google server in the USA and shortened there. The IP address is not merged with the user’s data within other Google offerings. The aforementioned information may also be linked on the part of Google with such information from other sources. If the user subsequently visits other websites, he can be shown ads tailored to his interests. The user’s data is processed pseudonymously as part of Google’s marketing services. This means that Google does not store and process the name or e-mail address of the user, for example, but processes the relevant data on a cookie basis within pseudonymous user profiles. I.e. from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA. The Google marketing services we use include, among others, the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked across the websites of AdWords customers. The information obtained using the cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. We may integrate third-party advertisements based on the Google marketing service “DoubleClick”. DoubleClick uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or other websites on the Internet. We may include third-party advertisements based on Google’s “AdSense” marketing service. AdSense uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or other websites on the Internet. We may also use the “Google Optimizer” service. Google Optimizer allows us to track the effect of various changes to a website (e.g. changes to the input fields, design, etc.) as part of so-called “A/B testing”. For these testing purposes, cookies are placed on users’ devices. Furthermore, we may use the “Google Tag Manager” to integrate and manage the Google analysis and marketing services on our website. For more information on the use of data for marketing purposes by Google, see the overview page, Google’s privacy policy is available here.

16.2 Legal basis of data processing

We use on these services based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f. DSGVO.

16.3 Purpose of the processing

Google marketing services give us the opportunity to display advertisements for us and on our website in a more targeted manner in order to present users only with ads that potentially match their interests.

16.4 Duration of storage

According to its own information, the log data collected by Google is anonymized by deleting part of the IP address and cookie information after 9 and 18 months, respectively. You can find more information here.

16.5 Revocation and elimination options

If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google.

17. SOCIAL PLUGINS

17.1 Scope of data processing

We use social plugins (“Plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white “f” on blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here. The plugins are only activated when you click on the corresponding button. If they are grayed out, the plugins are inactive. You have the option to activate the plugins once or permanently. Facebook is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law. When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with Facebook’s servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated by the latter into the online offer. In the process, usage profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform the users according to our level of knowledge. By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will learn and store his or her IP address. According to Facebook, only an anonymized IP address is stored in Germany. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found in the privacy notices of Facebook.

17.2 Legal basis of data processing

The data processing is based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO)

17.3 Purpose of data processing

The Facebook social plugins show us the interests of visitors in order to display them on our website in a more targeted manner, to present users only with posts that potentially match their interests.

17.4 Duration of storage

According to its own information, Facebook stores the date and time of your visit, the specific Internet address on which the social plugin is located, and other technical data such as the IP address, browser type, operating system for a period of 90 days in order to further optimize Facebook’s services. After 90 days, the data is anonymized so that it cannot be further associated with you.

17.5 Revocation and removal options.

If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored with Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer. Further settings and objections to the use of data for advertising purposes, are possible within the Facebook profile settings or via the US side or the EU side. The settings are made platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

18. INTEGRATION OF THIRD-PARTY SERVICES AND CONTENT

We use content or service providers within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus necessary for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources. The following presentation provides an overview of third-party providers and their content, along with links to their data protection statements, which contain further information on the processing of data and, in part already mentioned here, options for objection (so-called opt-out):

External Fonts from Google, Inc, https://www.google.com/fonts (“Google Fonts”). The integration of Google Fonts is done by a server call at Google (usually in the USA). Privacy policy, opt-out.

Maps of the service “Google Maps” of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy,Opt-Out.

Videos from the “YouTube” platform of the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy, opt-out.

Functions of the Google+ service are integrated within our online offer. These functions are offered by the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged in to your Google+ account, you can link the content of our pages to your Google+ profile by clicking on the Google+ button. This allows Google to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Google+. Privacy Policy, Opt-Out.

Within our online offer, functions of the service Instagram are integrated. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA integrated. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram. Privacy Policy,

Within our online offer, functions of the service Twitter can be integrated. These functions are offered by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data is also transmitted to Twitter. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. Privacy policy, of Twitter. You can change your privacy settings on Twitter in the account settings.

18.1. your rights

18.1.1. RIGHT TO INFORMATION

You may at any time request confirmation as to whether personal data concerning you is being processed by us. This information is, of course, free of charge, unless it is requested more often than average. In order to be able to provide you with this information, it is necessary to carry out a further verification. Therefore, as soon as you make the request, a randomly generated verification code will be sent to your e-mail address on file with us, which you must confirm.

18.2. RIGHT TO RECTIFICATION

If the personal data we have stored is incorrect or incomplete, you may submit a request for rectification at any time. The correction shall be made by us without undue delay.

18.3. RIGHT TO RESTRICTION OF PROCESSING.

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

(1) If you dispute the accuracy of the personal data concerning you for a period of time that allows us to verify the accuracy of the personal data;

(2) The processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

(3) We no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims; or

(4) If you have objected to the processing pursuant to Article 21 (1) DSGVO and it has not yet been determined whether the legitimate grounds of us override your grounds.

If the processing of personal data relating to you has been restricted, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

18.4. RIGHT TO ERASURE

Unless there is a legitimate interest to the contrary, you may exercise your right to erasure at any time.

18.5. REVOCATION OF CONSENT

Any data processing based on your consent may be discontinued as soon as you revoke your consent. The revocation can be made at any time and with effect for the future. As we are obliged to store the giving consents due to our accountability, the revocation must be made in writing, whereby a revocation by e-mail is sufficient.