Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Introduction

This privacy policy is based on the Swiss Data Protection Act (DSG and DSV) and, where applicable, on the General Data Protection Regulation of the European Union (GDPR). The European Commission recognises that Swiss data protection law ensures adequate data protection.

In this privacy policy, we inform you about the type, scope and purpose of the personal data we collect and process and what rights you are entitled to in this context. The protection of your privacy is important to us. We comply with our legal obligations and handle your personal data responsibly, carefully and for the intended purpose.

This data protection declaration is not an exhaustive description. For individual or additional offers or services from us, other PPCmetrics AG data protection declarations may regulate specific circumstances (e.g. in contracts). If you visit our website www.ppcmetrics.ch, the separate privacy policy applies.

For the purposes of this Privacy Policy, personal data (‘personal data’) means any information relating to an identified or identifiable natural person and which allows conclusions to be drawn about their identity on the basis of the data or with additional data (e.g. name, date of birth, residential or e‑mail address, financial data, etc.). Particularly sensitive personal data’ is data that is particularly protected under data protection law, for example data relating to the health or personality of a natural person. Below (see ‘What personal data do we process?’) you will find details of the data that we process.

The processing of personal data includes any handling such as the collection, storage, retention, use, modification, disclosure, archiving, erasure or final destruction of data. We process personal data in accordance with the principles of lawfulness, transparency, purpose limitation, good faith and proportionality, data integrity, data minimisation and data security (Art. 6 FADP, Art. 5 GDPR).


Person responsible for data processing (‘controller’) and data protection advisor (FADP) or data protection officer (GDPR)

The controller for data processing within the meaning of Art. 5 FADP is

PPCmetrics AG
Badenerstrasse 6
P.O. Box
CH-8021 Zurich
Phone: +41 44 204 31 11
Email: zurich@ppcmetrics.ch
Website: www.ppcmetrics.ch

Please send requests and enquiries in connection with the processing of data in writing, enclosing a copy of your identity card or passport, to the data protection advisor of the controller in accordance with Art. 10 FADP and 25 et seq. GDPR and, insofar as the GDPR applies, in accordance with Art. 15 GDPR:

PPCmetrics AG
Data protection advisor
Badenerstrasse 6
P.O. Box
CH-8021 Zurich
Email: dataprotection@ppcmetrics.ch

We endeavour to respond to data protection requests within 30 days of receipt. We will not charge a fee for processing your enquiry unless it is clearly unfounded or disproportionate. We may not be able to fulfil your request in full or at all for other conflicting legal reasons (Art. 26 FADP), which we will explain in the information request.


What personal data do we process?

We process various categories of data about you in connection with current and possibly also previous information if details change (e.g. change of address). The most important categories are communication data, master data, contract data, financial data or peripheral data when using our electronic infrastructure (e.g. log data).

We only process particularly sensitive personal data in exceptional cases and only with the consent of the data subject, unless the data was transferred to us indirectly and for legitimate purposes, such as in the context of contract fulfilment or to fulfil legal obligations.

Examples of particularly sensitive personal data that we may receive include

  • Personal identification documents that may provide information about race, ethnic origin or religious beliefs
  • Information about the health of individuals
  • Financial documents, bank statements, tax documents
  • Documents that provide information about trade union memberships, political views, criminal offences or criminal convictions
  • Food preferences when registering for events that provide information about religious beliefs or health status


Where does the personal data come from?

You provide us with personal data yourself, i.e. we generally collect it directly from you (e.g. as part of communication or the processing of contracts).

We also collect personal data that we receive as part of our business relationship with our customers and the persons involved in this relationship, as well as from our customers’ business partners, or personal data that we receive from users when operating our website, tools and applications.

To the extent permitted and if we have a need to do so, we also obtain data, including personal data, from publicly accessible sources (e.g. commercial registers, registers of supervisory authorities, media or the Internet).

If you transmit or disclose personal data and particularly sensitive personal data of other persons, e.g. colleagues, employees, work colleagues, insured persons, beneficiaries or family members, we assume that you are authorised to do so and that the data is correct. By transmitting the data, you confirm this. Please ensure that these third parties are aware of this privacy policy.


Why do we process personal data?

Business activity and operation

We process your data for the purposes explained below. Specific information for the website can be found at privacy-policy.

We use and process personal data for the initiation of business relationships, but primarily in order to conclude and professionally fulfil our contracts with our clients, business partners or suppliers; in particular as part of our advisory services in the areas of investment consulting and controlling, legal and actuarial consulting for our clients and for the purchase of products and services from our suppliers and service providers, as well as to comply with our legal obligations in Switzerland and abroad. If you work for such a client or business partner, you and your personal data may of course be affected by our data processing in this function.

In addition, we also process your personal data, where permitted and where we deem it appropriate, for the following purposes in which we have an overriding legitimate interest corresponding to the purpose (Art. 31 FADP):

  • Processing for purposes related to communication with you, your employer, your colleagues or family members or with your business partners
  • Processing to respond to enquiries, including project and quotation requests or to manage and process contractual relationships
  • Processing for relationship management, to promote our professional services and offers to existing and potential customers (including the organisation of events), provided you have not objected to the use of your data. You have the right to object to the use of your personal data for marketing purposes by us at any time, in which case we will of course place you on a blacklist
  • Processing as part of our internal processes and administration or for internal training and quality assurance purposes
  • Processing for internal market observation purposes, to improve our services and processes and for product development
  • Further development of our websites, apps and other platforms on which we are present
  • Managing, maintaining, developing and ensuring the security and functionality of our information, access or backup systems, our websites, apps and other platforms
  • As part of financial management (e.g. control of debtors and creditors), the prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analyses to combat fraud)
  • To comply with legal requirements and instructions or recommendations from authorities (e.g. compliance, archiving), to assert legal claims and defence in connection with legal disputes and official proceedings


Job applications

When you apply for an open position at PPCmetrics AG or submit a spontaneous application, we process your data for the entire application process (‘recruiting’). We base this on your consent, i.e. on data that you provide to us voluntarily or on our legitimate interests.

For example, we use your contact details to arrange and carry out application appointments with you. We process your information and personal data from your application documents (such as work and degree certificates or diplomas). In addition to this absolutely necessary data, you have the option of providing us with additional information for the application process as part of application correspondence and interviews. We process and use this information and data solely for the purpose of assessing the application and making a decision. We only share it with people who are involved in the recruitment process, such as our HR staff or potential line managers. Your data will generally be deleted six months after the end of the application process. If you agree, your application documents may be stored in the PPCmetrics AG candidate pool for future vacancies. We will delete the data provided to us no later than twelve months after the end of the recruitment process.

If you are hired by us following the application process, the data will be processed for the recruitment process and for the further implementation of the employment relationship. Further details are regulated in the employment contract.


Other purposes

We may also process personal data for internal use for other purposes (e.g. organisational or administrative purposes) in the interests of efficient company management and modern corporate development. In doing so, we adhere to the data processing principles mentioned in the introduction and rely on our legitimate interest or legal obligation.


On what basis do we process your data?

Data processing as a private individual

If we are not acting as a federal body (see below), we process your personal data as a private individual (e.g. activities in the area of investment consulting or controlling). We adhere to the data processing principles mentioned in the introduction and rely on our legitimate interest or legal obligation.

Where we require your consent as the basis for processing your personal data, we will inform you separately and also about the corresponding purposes of the processing. You can withdraw your consent at any time (see ‘Right to withdraw consent’).

Data processing as a federal body in the context of occupational pension provision

As part of the implementation and monitoring of occupational benefit schemes based on the Federal Law on Old Age, Survivors‘ and Disability Benefit Plans (’BVG”) of 25 June 1982, PPCmetrics AG processes personal data and possibly particularly sensitive personal data, possibly as a federal body, namely as an expert in occupational benefit schemes in accordance with Art. 52e BVG.

The entire processing procedure from the collection, processing, storage to the destruction of the data is only carried out in accordance with the FADP, namely with the special provisions of the FADP on data processing by federal bodies (Art. 33ff. FADP) and the specific data protection provisions of the Federal Law on Occupational Retirement, Survivors’ and Disability Pension Plans (Art. 85a BVG), where provided for by law.

Where applicable, this Privacy Policy also applies.


Right to withdraw consent

If you have given us your consent to process your personal data for specific purposes because we require it and we have no other legal basis, we will process this data within the scope of this purpose and based on your consent. You can withdraw your consent at any time in writing (by post or, unless otherwise stated, by e‑mail to the data protection advisor (see ‘Controller and data protection advisor’), but this has no effect on data processing that has already taken place and its lawfulness. In the event of a cancellation, we may no longer be able to provide you with certain services, which we will point out in the event of an application.


Who do we disclose your personal data to?

All our employees are subject to the professional duty of confidentiality pursuant to Art. 62 FADP and, insofar as they are involved in the implementation and monitoring of the BVG, the duty of confidentiality pursuant to Art. 86 BVG.

We protect your personal data and do not sell it to third parties.

In principle, we only process and store your personal data in Switzerland. If we have to transfer your personal data abroad (e.g. to your place of residence abroad or to potential or existing business partners designated by you), this will only take place if you have given your prior consent (in accordance with Art. 17 para. 1 lit. a FADP) or if there are statutory exceptions (in accordance with Art. 17 para. 1 lit. b to f FADP).

We do not pass on your data to third parties (e.g. outsourcing), but where appropriate or necessary, we process it together with third parties or commission third parties to process your data (processors) to fulfil contractual or legal obligations, for example with suppliers, IT and other service providers (e.g. fiduciary, cloud services, DDoS security). These service providers are located in Germany and are contractually obliged by us to maintain confidentiality and secrecy and to comply with the data protection laws applicable to them. Furthermore, they are obliged to process the data only for the purposes specified by us.

If we use foreign service providers, the same requirements apply to them as to our service providers in Switzerland and, if adequate data protection is not guaranteed in their country from a Swiss perspective, we oblige them to sign sufficient contractual guarantees based on the EU standard contractual clauses or the FDPIC.

We may also pass on data to research institutions and researchers for scientific research and statistical purposes. In this case, we ensure that the data is anonymised or pseudonymised.


How long do we process your data?

We process and store your personal data for as long as is necessary for the fulfilment of our contractual and legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond in accordance with the statutory retention and documentation obligations. We may also retain personal data for the period during which claims can be asserted against PPCmetrics AG (i.e. in particular during the statutory limitation period) and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as far as possible. Shorter retention periods of twelve months or less generally apply to operational data (e.g. system protocols, logs).


How do we protect your data?

The security of our company and customer data is of central importance to us. We take appropriate technical and organisational security precautions to protect your personal data from unauthorised access, loss, unintentional disclosure and alteration or misuse. These include a state-of-the-art IT infrastructure with appropriate network security solutions, regular external security audits for the early detection of potential vulnerabilities, internal data protection instructions and access controls and restrictions.

Our digital communication, like all digital communication, is subject to mass surveillance without cause or suspicion and other surveillance by security authorities in Switzerland, the rest of Europe, the USA and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police forces or other security authorities.


Profiling and automated individual decisions

In principle, we do not use automated processing of personal data (‘automated individual decisions’ as defined in Art. 4 GDPR or Art. 22 GDPR) for the establishment and implementation of the business relationship or otherwise, nor do we engage in profiling (Art. 5 FADP or Art. 22 GDPR). If we use such procedures in individual cases, we will inform you of this separately if this is required by law and inform you of the associated rights.


Legal basis for data processing in accordance with the GDPR

Insofar as the GDPR is applicable, we base our data processing (Art. 6 et seq. GDPR) either on your consent or, as described below, on our overriding legitimate interest or legal obligation. E.G:

  • Offering our services, initiating a business relationship, contract processing, customer support incl. correspondence
  • Ensuring a secure organisation and maintaining business operations, efficient company organisation and further development of our systems and customer relationship, data security, protection against unauthorised use and combating fraud, archiving of data
  • Processing in fulfilment of a legal obligation or, in the case of processing as part of the performance of public duties (see ‘Data processing as a federal body in the context of occupational pensions’)
  • Enforcement of own legal claims and compliance with Swiss law


Reference to your rights

You have rights under the FADP and other applicable data protection laws (including, where applicable, the GDPR) in relation to personal data that we collect about you and that we process.

You have the right to request information from us at any time about the personal data we have stored about you (Art. 25 FADP) and, insofar as the GDPR applies, in accordance with Art. 15 GDPR. In addition, you have a legal right (Art. 6 and Art. 32 FADP, Art. 16 et seq. GDPR) to rectification, blocking and erasure of your personal data, a right to object to the processing of personal data, to prohibit such processing or to request a confirmation notice (Art. 32 para. 3 FADP). If our processing is based on your consent, you also have the right to withdraw your consent to the processing of your data at any time (see ‘Right to withdraw consent’).

Furthermore, under the conditions of Art. 28 FADP, and insofar as the GDPR applies, you can request data transfer to another controller or a copy of your personal data in electronic form to yourself at any time (so-called data portability).

Please note that exceptions or restrictions apply to these rights. In particular, we may still need to process and store your personal data in order to fulfil a contract with you, to protect our own legitimate interests such as the assertion, exercise or defence of legal claims, or to comply with legal obligations. To the extent permitted by law, in particular to protect the rights and freedoms of other data subjects and to protect our legitimate interests (e.g. confidentiality and security interests as well as the consideration of our operational resources and possibilities), we can therefore also reject your data protection-related requests, e.g. requests for information and deletion, or only comply with them to a limited extent. However, you have the right to lodge a complaint with a competent supervisory authority (see ‘We are here for you if you have any questions!’).


How can this privacy policy be amended?

This privacy policy applies in addition to our contract with you. The version published on our website is deemed to be the valid version in each case.

We may amend this privacy policy unilaterally at any time in compliance with the legal requirements and framework conditions.


We are here for you if you have any questions!

If you have any questions about data protection or would like to request information about your data or the deletion of your data, including your personal data, please contact us by email at dataprotection@ppcmetrics.ch.


Supervisory authority:

To raise concerns about our handling of your data, you can also contact the relevant data protection supervisory authority and lodge a complaint. We recommend that you first contact PPCmetrics AG’s Data Protection Advisor (see ‘Data Controller and Data Protection Advisor’).

For Switzerland:
Federal Data Protection and
Commissioner for Data Protection and Freedom of Information (FDPIC)
Feldeggweg 1
CH-3003 Bern

www.edoeb.admin.ch

If you are located in the EEA or the United Kingdom, you also have the right to lodge a complaint with the data protection supervisory authority in your country.

The above text is an automatic translation by deepl.com — the german version is legally binding.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.