Privacy Policy of Pasan SA
I. Legal framework, responsible body, definitions
II. Data subject rights
III. General information on data processing ( data processing for informational use of the website, technical background, cookies, etc.).
IV. Special notes on data processing in the context of the application of additional functions
V. Data processing in the application context
VI. other
I. General information, responsible entity and legal framework
1. legal framework and principles of data processing
We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations (within the context of the GDPR (EU); in the Federal Republic of Germany in accordance with the FDPA (BDSG) and in Switzerland in accordance with the DPA (DSG)) and this privacy policy.
When you use our website, we collect personal data about you.
This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
2. responsible body
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
The responsible body (hereinafter also "we", "us", "our") within the meaning of the Data Protection Act is:
Pasan SA
Rue Jaquet-Droz 8
2000 Neuchâtel
Switzerland
Tel.: +41 32 391 16 00
E-mail: info@pasan.ch
The contact details of our company data protection officers/counsel are:
Pasan SATHE DATA PROTECTION AGENCY -
Rue Jaquet-Droz 8
2000 Neuchâtel
Switzerland E-mail: dsb.pasan@meyerburger.com
3. definitions
Our data protection declaration is based on the terms used by the European Directive and Ordinance Maker when adopting the General Data Protection Regulation (GDPR) and in the swiss DPA (DSG). We would like to explain essential terms in the following:
a) Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
c) Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
(e) profiling means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
f) Pseudonymization means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
(g) Controller or controller means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
h) Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of and in accordance with the instructions of the Controller pursuant to Article 28 GDPR & Article 9 DPA
(i) recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
j) third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor.
k) Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
II. data subject rights
according to Art. 15 ff (DPA) and Art. 77 GDPR/Art. 25 ff. DPA CH
1. right to object to the collection of data in specific cases and to direct marketing
If the data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority or is necessary for the purposes of safeguarding the legitimate interests of the controller or of a third party (based on Art. 6 (1) e) or f) GDPR and Art. 4 DPA), you have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy.
If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising.
2. revocation of your consent to data processing
Many data processing operations are only possible with your express consent. We obtain this from you before the start of the data processing that requires your consent. You can revoke this consent at any time. Insofar as a revocation option does not already arise via the clicking of links or the adjustment of browser settings, an informal communication to us by e-mail is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
3. right of appeal to the competent supervisory authority
In the event of violations of data protection law, data subjects have a right of appeal to the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection commissioner of the federal state in which our company has its headquarters. A list of the data protection officers and their contact details can be found in the following link:
German complaint office:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html for german authorities
EU complaint office:
Startseite Beschwerden | European Data Protection Supervisor (europa.eu)
Swiss complaint office:
https://www.edoeb.admin.ch/edoeb/de/home.html
4. right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to another person responsible, in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
5. information, correction, blocking, deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given above in Section I.2.
III. data processing during informational use of the website, technical background, cookies etc.
We collect and process the personal data listed below in sections 3 to 7 for the purposes stated therein, on the basis of the legal grounds stated therein and for the duration stated therein.
1. legal basis and storage period
If you have consented to the processing of your personal data within the meaning of Art. 4 No. 1 GDPR by us, Art. 6 (1) a) GDPR and Art. 4 DPA CH serves as the legal basis for the processing. The processing of personal data, which we need to fulfill contractual or pre-contractual obligations, is based on Art. 6 para. 1 lit. b) GDPR and Art. 4 DPA CH. If the processing is necessary to safeguard our legitimate interests or those of a third party and the interests, fundamental freedoms and fundamental rights of the data subject do not override these, then Art. 6 (1) (f) GDPR and Art. 4 DPA CH serves us as the legal basis for the processing of personal data. For the processing operations carried out by us, we indicate below the applicable legal basis in each case. Processing may also be based on several legal bases.
For the processing operations carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. If no explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies.
However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by statutory provisions to which we are subject as the responsible party (e.g. Art. 958 lit.f OR & Art. 5 GeBüV). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
2. data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
We will be happy to provide you with more detailed information on request. Please contact our data protection officer/counsel (see above).
3. data processed during the (informational) use of the website
Inevitably, we can only provide you with the benefits of our Internet offering if, when you use it, we collect certain personal data from you that is necessary for the operation of the website.
We collect this data if this is necessary for the fulfillment of the contract between you and us (including in the form of terms of use for this website) (Art. 6 para. 1 lit. b) GDPR and Art. 4 para 3. DPA) or your consent is given (Art. 6 para. 1 lit. a) GDPR and Art. 4 DPA). Furthermore, we collect this data if this is necessary for the functionality of the website and your interest in the protection of your personal data does not outweigh this (Art. 6 para. 1 lit. f) and Art. 4 para. 3 GDPR).
We collect and process the following data from you:
- Device information: Access data includes the IP address, device ID, device type, device-specific settings, the date and time of the retrieval, time zone, the amount of data transferred and the message whether the data exchange was complete, crash of the terminal device, browser type and operating system. This access data is processed in order to technically enable the operation of the website.
- Information with your consent: Other information (e.g. geo-location data, personal data such as name and e-mail address, etc.) is processed by us if you allow us to do so. ) we process if you allow us to do so.
4. contact us
When you (proactively) contact us, via a contact form or chat provided by us, the data you provide will be stored by us in order to answer your inquiry. The provision of certain truthful data is required to process your request, other information is voluntary. Mandatory data required to answer your inquiry are marked as such, the remaining data are provided voluntarily. The processing of the above data is based on your consent, which you have expressed by contacting us, in accordance with Art. 6 (1) a) GDPR and Art. 4 DPA CH and, insofar as special categories of personal data (e.g. health data or other "sensitive" data) are concerned, in accordance with Art. 9 (2) a) GDPR and Art. 3 lit. c DPA CH. The collected personal data will be deleted immediately after the complete completion of your request, unless they are required for the initiation or execution of a contract with you pursuant to Art. 6 para. 1 lit. b) GDPR and Art. 4 para. 3 DPA CH.
If you are an entrepreneur and contact us via a contact form provided by us or via e-mail, your data may be stored in a customer care system, which may also be used to contact you for advertising purposes if you have given us the appropriate additional consent (see also the following section). Please note that in the case of contact forms with fixed subject selection options, you must select the correct subject for you or your capacity as a consumer or entrepreneur, in order to avoid you appearing as a business customer/entrepreneur by mistake and our response being correspondingly different from that of consumers.
5. sending specific information materials about products and services.
If consent is given, we may inform users of our website about specific Pasan products and services at a later date. The personal data that may be used when sending the information is specified in the input mask used for this purpose.
For legal reasons, a confirmation email is sent to the email address entered by a data subject using the double opt-in method. This confirmation e-mail serves to verify whether the owner of the e-mail address, as the data subject, has authorized the receipt of advertising content.
When registering or sending the contact form content, we also store the IP address of the computer system used by the data subject at the time of registration, as assigned by the Internet service provider (ISP), as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later point in time and therefore serves as a legal safeguard for the controller.
The consent to the processing of personal data that the data subject has given us for the purpose of sending information may be revoked at any time with effect for the future.
6. subscription to our newsletter
On our website, users are given the opportunity to subscribe to our enterprise's newsletter. The personal data transmitted to the controller when the newsletter is ordered is specified in the input mask used for this purpose.
In case of consent pursuant to Art. 6 Para. 1 lit. a) GDPR or Art. 6 (7) DPA (CH), we inform our customers and business partners at regular intervals by means of a newsletter about offers of our company. The newsletter of our company can only be received by the data subject if 1.) the data subject has a valid e-mail address and 2.) the data subject registers for the newsletter mailing. For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by a data subject for the first time for newsletter dispatch using the double opt-in procedure. This confirmation e-mail serves to verify whether the owner of the e-mail address as the data subject has authorized the receipt of the newsletter.
When registering for the newsletter, we also store the IP address of the computer system used by the data subject at the time of registration, as assigned by the Internet service provider (ISP), as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later point in time and therefore serves the legal safeguarding of the controller.
The personal data collected in the context of a registration for the newsletter will be used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes in the technical circumstances. No personal data collected as part of the newsletter service will be passed on to third parties. The subscription to our newsletter can be cancelled by the data subject at any time. The consent to the storage of personal data that the data subject has given us for the newsletter mailing can be revoked at any time. For the purpose of revoking consent, a corresponding link can be found in each newsletter. Furthermore, it is also possible to unsubscribe from the newsletter mailing directly on the website of the controller at any time or to notify the controller of this in another way.
Newsletter2Go from Sendinblue can be used as additional newsletter software. Your data will be transmitted to Sendinblue GmbH by way of order processing pursuant to Art. 28 GDPR. Sendinblue is also prohibited from selling your data and using it for purposes other than sending newsletters. Sendinblue is a German, certified provider, which was selected according to the requirements of the General Data Protection Regulation and the Federal Data Protection Act.
For more information, click here: https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go
6a. Newsletter tracking
Our newsletters may contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we can see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by the data subject.
Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the controller in order to optimize the newsletter dispatch and to better adapt the content of future newsletters to the interests of the data subject. This personal data will not be disclosed to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent given in this regard via the double opt-in procedure. After a revocation, this personal data will be deleted by the controller. We automatically interpret a withdrawal from the receipt of the newsletter as a revocation.
7. automated processing operations and use of cookies
Cookies may be used in the operation of our website. Cookies are small text files that are stored on the device memory of your end device and, if applicable, assigned to the mobile device you are using, and through which certain information flows to the location that sets the cookie. Cookies cannot execute programs or transfer viruses to your end device and therefore cannot cause any damage. They serve to make our Internet offer more user-friendly and effective overall, i.e. more pleasant for you.
Cookies cannot directly identify a user, but can contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information about certain settings that are not personally identifiable.
A distinction is made between session cookies, which are deleted again as soon as you close your Internet session, and permanent cookies, which are stored beyond the individual session. With regard to their function, cookies are again differentiated between:
- Technically necessary cookies: these are mandatory in order to navigate within our website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which web pages you have visited;
- Performance cookies: these collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;
- Advertising cookies, targeting cookies: These are used to offer the user tailored advertising within our Internet offering or third-party offerings and to measure the effectiveness of these offerings; advertising and targeting cookies are stored for a maximum of 36 months;
- Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 36 months.
Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) p. 1 lit. a) GDPR, § 25 (1) german TTDSG and Art. 4 DPA CH. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we will only disclose your personal data processed through cookies to third parties if you have given your express consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR, § 25 para. 1 german TTDSG and Art. 4 DPA CH. Please note that when using cookies, your data may be transferred to recipients outside the EEA where there is no adequate level of data protection in accordance with the GDPR or DPA CH (e.g. USA). Details on this can be found in the following description of the individual marketing tools.
The following cookies may be used on our website:
Cookie name | Purpose and stored data | Validity period |
necessary_opt_in | Saves the consent to set technically necessary cookies. | Session |
marketing_opt_in | Stores consent to set marketing cookies. | 1 year |
statistic_opt_in | Saves the consent to set statistics cookies. | 1 year |
_fbp | This cookie is set by Facebook to serve ads after you visit this website when you are on Facebook or a digital platform powered by Facebook Ads. | 3 months |
test_cookie | This cookie is set by doubleclick.net. The cookie is used to determine whether the user's browser supports cookies. | 15 minutes |
_gcl_au | This cookie is used by Google Analytics to understand user interaction with the website. | 3 months |
_ga | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session and campaign data and track site usage for the site analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. | 2 years |
_gid | This cookie is installed by Google Analytics. The cookie is used to store information about how visitors use a website and helps create an analytics report about how the website works. The data collected includes the number of visitors, the origin of visitors and the pages visited in anonymous form. | 1 day |
_gat_UA-3569181-3 | This is a sample type cookie set by Google Analytics, where the sample element in the name contains the unique identity number of the account or website it refers to. It is a variant of the _gat cookie, which is used to limit the amount of data recorded by Google on high-traffic websites. | 1 minute |
_hjFirstSeen | This is set by Hotjar to identify the first session of a new user. It stores a true/false value indicating whether Hotjar has seen this user for the first time. It is used by record filters to identify new user sessions. | 30 minutes |
site-language-preference | Determines and sets the preferred language for displaying the content. | 1 year |
browserupdateorg | Advises the user to update the browser if it is out of date | 7 days |
_ga_* | Stores anonymized statistics | 2 years |
_hjTLDTest | Checks if cookies from Hotjar can be loaded on the page and is removed shortly after. | Session |
_hjid | This cookie is set by Hotjar. This cookie is set when the customer lands on a page with the Hotjar script for the first time. It is used to retain the random user ID, unique to that site, in the browser. This ensures that behavior on subsequent visits to the same site is associated with the same user ID. | 1 year |
_hjIncludedInPageviewSample | This session cookie is set so that Hotjar knows if visitors are part of a specific audience. | 2 minutes |
_hjAbsoluteSessionInProgress | This cookie is used by Hotjar to recognize a user's first page view session. This is a true/false flag set by the cookie. | 30 minutes
|
_hjSession{site_id} | A cookie that contains the current session data. This causes subsequent requests within the session window to be attributed to the same Hotjar session. | 30 minutes |
_uetsid | Used by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website. | 60 minutes |
_hjIncludedInSessionSample | This cookie is set to tell Hotjar whether this user is included in the data sample defined by your site's daily session limit. | 30 minutes |
_hjSessionUser{site_id} | Hotjar cookie that is set when a user first views a page with the Hotjar script. It is used to store the Hotjar user ID that is unique to that page in the browser. This ensures that behavior on subsequent visits to the same website is associated with the same user ID. | 365 days |
personalization_id | This cookie is set due to Twitter's social media integration and sharing features. | 2 years |
_uetvid | Used by Bing to track visitors across multiple websites to present relevant ads based on the visitor's preferences. | 13 months |
MUID | Widely used by Microsoft as a unique user ID. The cookie enables user tracking by synchronizing the ID in many Microsoft domains. | 1 year |
IDE | Used by Google DoubleClick to record and report the user's actions on the website after viewing or clicking on one of the provider's ads, with the purpose of measuring the effectiveness of an advertisement and displaying targeted advertisements to the user. | 1 year |
NID | These Google cookies store information about user settings and information for Google Maps. | 6 months |
8. google maps
This site uses the map service Google Maps via an API interface. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google LLC server in the USA and stored there. The provider of this site has no influence on this data transmission.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents an overriding legitimate interest on our part within the meaning of Art. 6 para. 1 lit. f) GDPR, § 25 para. 2 German TTDSG and Art. 4 DPA CH .
You can find more information on the handling of user data in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.
9. circle of recipients; third country transfer
Within our company, the departments responsible for processing the requests have access to your data. In addition, we use external service providers, in particular order processors in accordance with Art. 28 GDPR and Art. 10 para 1 DPA CH, insofar as we cannot or cannot reasonably perform services ourselves. These external service providers are thereby primarily providers of IT services and telecommunications services. If certain service providers are explicitly mentioned, you will also find further information in the privacy statements of the service providers. In addition, we may transfer your data to external service providers who can provide you with further offers.
A transfer to third countries outside the European Economic Area (EEA) only takes place under certain conditions within the framework of Art. 44ff GDPR and Art. 6 para 2 DPA CH.
Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be obtained here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company regulations, standard data protection clauses of the European Commission for the protection of personal data (available at ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en), certificates or recognized codes of conduct. You can contact our data protection officer if you would like more information on this.
10. minors
Our website is not intended for children. Persons under the age of 16 may not transmit personal data to us or submit declarations of consent without the consent of their legal guardians. We would like to urge parents and guardians and minors to comply with the requirements of the GDPR and not to circumvent any age restrictions.
11 . no automated decision making (including profiling)
We do not intend to use any personal data collected from you for any automated decision making process (including profiling).
IV. Special notes on data processing in the context of the application of additional functions
V. Data processing in the application context
1. processing purposes, categories of personal data
We process the application data outlined in this section for the purpose of initiating or implementing an employment relationship or a relationship similar to employment to the extent outlined below.
In particular, the following categories of data may be processed:
- General personal data (name, address and other contact data, application photo, dates of birth, nationality, marital status, other (possibly also sensitive) data disclosed by you to us)
- Job-related data (professional contact information, current position, responsibilities/responsibilities, current employer, current compensation, notice period, holds).
- Experience-related data (previous positions and employers, school and university education, vocational training, experience, knowledge)
- Future-related data (wishes and ideas, assessments, conceivable areas of application, mediation ideas)
- Other data (information focusing on your professional life that is publicly available through social media services (e.g., XING, Google, LinkedIn, Experteer, etc.) or otherwise available on the Internet that may be relevant to your qualifications for a particular vacancy)
2. further data processing by the controller; legal basis for data processing
If you approach us proactively, we will process the data you provide as part of the initial contact, as well as any other data we may request.
As application data, we treat and process all information (CV, certificates, proof of qualifications) as well as all other information (e.g. in telephone interviews, in personal interviews). This is done for the contractual or pre-contractual purposes outlined above.
The provision of certain truthful data is required in order to process your request, further information (in particular the submission of a photo) is voluntary.
Insofar as your data is required to carry out the application procedure, Art. 88 GDPRGDPR in conjunction with. § Section 26 of the German Federal Data Protection Act (german BDSG and Art. 4 DPA CH is the legal basis for processing your data.
As far as special categories of personal data are concerned (e.g. health data, trade union or religious affiliation or other "sensitive" data), the processing is based on your consent pursuant to Art. 9 (2) a) GDPR and DPA CH, which you have expressed by communicating this data.
If your application is successful and an employment relationship is established with us, your data will initially be stored for the duration of the employment relationship. After you leave us, we will process your data for a maximum of three years for purposes of preserving evidence.
The processed personal data will be deleted insofar as the processing is no longer necessary for the fulfillment of the contract or you request us to delete the data in the context of asserting your rights as a data subject. This is regularly done at the latest after six (6) months following the conclusion of the application process, if no longer retention obligations apply after a position has not been filled. If no recruitment takes place, a longer storage period of 24 months from the last individual contact with you - for example to defend against potential AGG claims - may be necessary in individual cases on the basis of our legitimate interests pursuant to Art. 6 (1) f) GDPR and Art. 4 DPA CH.
VI. other
Amendment of this privacy policy
We reserve the right to change this privacy policy at any time in compliance with legal requirements.