• SNV
  • Data protection

Data protection

In accordance with Article 13 of the Swiss Federal Constitution and the Swiss Confederation’s data protection regulations (Data Protection Act/FADP), the Telecommunications Act (FMG) and the European Union's General Data Protection Regulation (GDPR), every individual has a right to the protection of their privacy as well as protection from the misuse of their personal data. The operator of this website takes the protection of your personal data very seriously. We feel a particular responsibility to protect personal data, and we treat your data as confidential in accordance with statutory data protection regulations.

In cooperation with our hosting providers, we work hard to ensure that our databases are protected as thoroughly as possible from unauthorised access, losses, misuse or falsification. Here you will learn what happens to your data and who you can contact.

We, the Swiss Association for Standardization (SNV), are responsible for the security of your data.
What we do and what your rights are – a summary of our data protection:

  • First and foremost we process personal data in a trustworthy manner, with an awareness of our responsibility and in agreement with the applicable data protection laws. We receive data as part of our business relationship with our customers, business partners and other individuals, or from you as users through the running of our website.
  • We save and use only the data from you that we need or whose processing you have expressly consented to.
  • There is of course a law for everything. We only do what we are authorised to do.
  • Third parties only receive your data if we cannot take care of something ourselves on site and after we have consulted with you. We have of course concluded contracts with our service providers to ensure that they take the same care in processing your data as we do.
  • If we generally no longer require your data, it is automatically deleted, with the exception of the specific cases mentioned in the relevant areas.   If we are required to keep it, for example for the tax and revenue office, then the data will be locked. “Locking” means that it is protected by technical means such that it cannot be altered or further processed.
  • Your data is secured, and we regularly review our security measures.
  • If you would like to know whether we have your data and what we have, if you would like this data to be deleted or handed over, or if you would like to object to the processing of specific data, you can call or write to us. Likewise you can also contact us if you would like to withdraw your consent, or you can adjust the settings in the cookie banner accordingly.
  • If you are not satisfied with how we are handling your data, the Swiss Federal Data Protection and Information Commissioner (EDÖB) is cited at the end of the document as the responsible supervisory authority, which you can contact by telephone as well as in writing. Of course, we hope that we would be able to discuss the matter with you beforehand and that we could find a solution together.

Last revised: 5 January 2023

Further information is provided in the individual sections:
General data processing information

The SNV is the operator of the websites snv.ch , connect.snv.ch and switec.info . As such we are responsible for collecting, processing and using your personal data via these websites as well as for the compliance of our data processing activities with the applicable data protection laws. In the following you will find comprehensive information on how your personal data is processed when you visit our websites. Personal data is all data that is related to an identified or identifiable natural person, such as their name, address, e-mail addresses and user behaviour.

Who is responsible for the processing?

Controller in accordance with Art. 4 para. 7 GDPR:
Name: Urs Fischer
Address: Sulzerallee 70, P.O. Box, 8404 Winterthur
Tel: +41 52 224 54 08
E-mail: urs.fischer@snv.ch
Website: www.snv.ch

Website hosting

Our website is stored (hosted) on the web server of
Cyon GmbH
Brunngässlein 12
4052 Basel
If you want to know more about the company's data protection, details are available in its data protection policy: www.cyon.ch/legal/datenschutzerklaerung
We use All-Inkl based on Art. 6 para. 1 lit. f GDPR, i.e. we have a legitimate interest in our website being as reliably represented as possible.

Webshop hosting

Our webshop is hosted by Microsoft, Zurich, Switzerland
Additional information is available at: https://azure.microsoft.com/en-us/explore/global-infrastructure/geographies/#geographies
Microsoft has a data protection addendum that integrates the European Commission's standard data protection and liability clauses to protect against any transfer of data to a third country. We protect our users based on Art. 6 para. 1 lit. f GDPR.

switec-Website hosting

The switec-website is stored (hosted) on the web server of iWay AG
Badenerstrasse 569
8048 Zürich
If you want to know more about the company's data protection, details are available in its data protection policy: https://www.iway.ch/ueber-iway/datenschutzerklaerung/

 

Data concerned

Personal data is only collected if you provide it to us yourself. No personal data is collected beyond this. Personal data that extends beyond the range permitted by law is only processed if you provide your express consent.

Processing purpose:

Contract implementation

Categories of recipients:

Public institutions given overriding legislation. External service providers or other contractors. Other external bodies insofar as subjects have provided their consent or communication is permitted due to overriding interest.

Third-country transfers:

No contractors are being used from outside the European Union.

How long the data will be stored:

The duration of data storage complies with legal retention requirements and is usually ten years.

Specific details on the website

Usage data
When you load our websites, you transmit (due to technical necessity) data to our web server via your Internet browser. The following data is logged during the ongoing connection for the purpose of communication between your Internet browser and our web server:

  • The date and time of the request, time zone difference to Greenwich Mean Time (GMT)
  • The name of the requested file
  • The page from which you have accessed the file/our service
  • The web browser and operating system used
  • The access status: file transferred, file not found
  • The complete IP address of the requesting device with transfer protocol
  • The volume of data transferred
  • The content of the request (page visited)
  • Log files

For reasons of technical security, particularly for defence against attempts to attack our web server, we store this data in the short term. It is not possible to trace this data back to individuals. The data is later anonymised by shortening the IP address to the domain level so that it is no longer possible to attribute it to the individual user. In anonymised form, the data is also processed for statistical purposes; it is not compared with other data assets or transferred to third parties, even as extracts.

Specific details of the application process

Data concerned:

Application process

Processing purpose:

Implementation of application process

Categories of recipients:

Public institutions given overriding legislation.
External service providers or other contractors.
Other external bodies insofar as subjects have provided their consent or communication is permitted due to overriding interest.

Third-country transfers:

No contractors are being used from outside the European Union.

How long the data will be stored:

The duration of data storage complies with legal retention requirements and is three months if the applicant has been unsuccessful, or six months at most if the applicant has been accepted into our applicant pool.

Specific details on processing data of customers or interested parties

Data concerned:

Data provided to fulfil a contract: if necessary data beyond this for processing based on your express consent.

Processing purpose:

Fulfilling a contract, including bids, mandates, sales and invoicing, quality assurance

Categories of recipients:

Public institutions given overriding legislation.
External service providers or other contractors, including for data processing and hosting, for shipping, transport and logistics, service providers for printing and sending information.
Other external bodies insofar as subjects have provided their consent or communication is permitted due to overriding interest.

Third-country transfers:

No contractors are being used from outside the European Union.

How long the data will be stored:

The duration of data storage complies with legal retention requirements and is usually ten years.

Specific details on processing employee data

Data concerned:

Data provided to fulfil a contract: if necessary data beyond this for processing based on your express consent.

Processing purpose:

Fulfilling a contract within the context of an employment relationship

Categories of recipients:

Public institutions if there is legislation that takes precedence, including the tax and revenue office, social insurance agencies.
External service providers or other contractors, including for data processing and hosting, for payroll, for travel expenses, insurance and pension benefits. Other external bodies insofar as subjects have provided their consent or communication is permitted due to overriding interest.

Third-country transfers:

No contractors are being used from outside the European Union.

How long the data will be stored:

The duration of data storage complies with legal retention requirements and is usually ten years.

Specific details on using video conference/webinar software

Data concerned:

For the use of data communicated via video conference software or webinar software (in particular first name, surname, e-mail address; optional: audio transmission, optional: image transmission, optional: questions when using chat functions); in technically required scope, processing of data of their system in order to establish a connection with the provider of the conference software.

Processing purpose:

Conducting video conferences or webinars.

Categories of recipients:

Public institutions, international standards organisations, if there is legislation that takes precedence. External service providers or other contractors, including for data processing and hosting. Other external bodies insofar as subjects have provided their consent or communication is permitted due to overriding interest.

Third-country transfers:

Contractors from outside the European Union are being used (in this case: United States of America); the required standard contractual clauses have been concluded accordingly with the service provider.

How long the data will be stored:

Video conferences will be recorded only with prior documented permission from the participants. The technical data is deleted if it is no longer required. The duration of data storage complies with legal retention requirements and is usually ten years.

Legal basis:

Consent; Art. 6 para. 1 lit. a GDPR/Art. 6 FADP

Specific details on using the online shop

Data concerned:

Your contact data and contact data that has been shared

Processing purpose:

Selling the complete standards package, monitoring or as a subscription; completing cashless transaction using Saferpay Secure PayGate* (Worldline). The PCI DSS-certified payment platform provides a guarantee for simple and safe payment transactions using credit and debit cards via the Internet, both for the shop operator and the cardholder. *More information on its data protection policy is available at https://www.six-payment-services.com/de/services/legal/privacy-statement.html?gclid=EAIaIQobChMInNCkxZuh-wIVIYxoCR1EhAL3EAAYASACEgJ_s_D_BwE&gclsrc=aw.ds

Categories of recipients:

Public institutions given overriding legislation. External service providers or other contractors, other external bodies insofar as subjects have provided their consent to us.

Third-country transfers:

Contractors from outside the European Union are being used (in this case: United States of America); the required standard contractual clauses have been concluded accordingly with the service provider.

How long the data will be stored:

The duration of data storage complies with legal retention requirements and is usually ten years.

Legal basis:

Consent; Art. 6 para. 1 lit. a GDPR/Art. 6 Data Protection Act

Specific details on using Google Maps

Data concerned:

Location data, IP address of your computer

Processing purpose:

The map service of Google Maps, a programming interface, via "Application Programming Interface” (API) is used in the interest of contributing to an appealing representation of our online range of products and services and to make it easy to find us at the locations provided on the website. Google Maps automatically loads Google Web Fonts, which we have no influence over.

Categories of recipients:

If necessary, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Third-country transfers:

We, the SNV, have no influence on this data transmission, which is why your consent to it is required in order to comply with the Data Protection Act.  More information on dealing with user data is available in Google’s data protection policy: https://policies.google.com/privacy?hl=de .

How long the data will be stored:

The location history is automatically deleted as soon as it is older than 3, 18 or 36 months.

Legal basis:

Consent; Art. 6 para. 1 lit. a GDPR/Art. 6 Data Protection Act

Specific details on using cookies
Websites use technical aids for various functions, particularly cookies, which can be saved on an end device. Cookies are text files or information in a database that is saved to a hard disk and assigned to the browser you are using so that the party that sets the cookie can receive certain information. Our cookies cannot run any programmes or transfer viruses to your computer, and instead they primarily serve to make Internet services faster and more user-friendly. You can also generally prevent the use of cookies in your browser by declining to have cookies saved. A third-party cookie, such as Cookie Bot, is a functionally necessarily cookie that saves the status of the user's agreement for the current domain (IP address). This essential cookie represents an exception for which we need your consent in the cookie banner.

Specific details on using YouTube (Google)/Google Fonts (Web Fonts)

Data concerned:

Name, if necessary the e-mail address and locations, your IP address

Processing purpose:

If necessary, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Categories of recipients:

None; YouTube is provided exclusively in the interest of contributing to a unified, appealing representation and illustration of our standards content and online range of products and services.

Third-country transfers:

USA: When YouTube is called up, without any influence from us, Google automatically provides and loads Google Web Fonts for this functionality. You can prevent Google from collecting data relating to your use of the website using the cookie that is created as well as the processing and storage of this data by not consenting to the cookie being set or downloading and installing the browser add-on that deactivates Google Analytics HERE . Further information on the data protection policy and conditions of use for Google and Google Web Fonts is available at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de and at https://developers.google.com/fonts/faq#can_i_use_the_product_sans_or_google_sans_fonts as well as in Google's data protection policy https://policies.google.com/privacy?hl=de

Duration of data storage:

The data is stored for six months.

Legal basis:

Consent that can be withdrawn at any time with effect for the future; Art. 6 para. 1 lit. a GDPR/Art. 6 FADP

Specific details on using the etracker

Data concerned:

Pseudonymised IP address; technical information on your browser, operating system and end device; location information up to city level; the URL called up, the referrer website (the website from which you came to our website), the page that you click on next.

Processing purpose:

To measure how often the page is called up, to improve it for our visitors and to adapt it to their needs; to improve the usability of online products and to allow a statistical analysis of the use of this website and to allow user-related content to be shown.

Categories of recipients:

None

Third-country transfers:

According to the etrackers, the data is solely processed and stored in Germany and Switzerland and therefore subject to strict European data protection laws. The data is not used for anything else. It is also not combined with other etracker data or shared with third parties.

How long the data will be stored:

The duration of data storage complies with legal retention requirements and is usually ten years.

Legal basis:

Consent that can be withdrawn at any time with effect for the future; Art. 6 para. 1 lit. a GDPR/Art. 6 FADP

When do we share your data?

We only share your data with third parties if:

  • You have expressly provided your consent to this in accordance with Art.6 para. 6 FADP/Art.6 lit. a and Art. 7 para.1 f. GDPR;
  • Data is being shared in accordance with Art. 6 FADP, Art. 24 E-OFADP, Art.6 para.1 sentence 1 lit.f GDPR for enforcing, exercising or defending legal claims and there is no reason to assume that you have an overriding interest that necessitates protection in not sharing your data;
  • There is a legal obligation for the case of sharing in accordance with Art. 6 FADP, d24 OFADP, Art.6 para.1 sentence1 lit.c GDPR
  • This is legally permitted and required in accordance with Art.6 FADP and Art.6 para.1 sentence1 lit.b GDPR in order to conclude contractual relationships with you.

If we would like to use mandated service providers for individual functions of our products and services or use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you as follows below in detail about the processes taking place. We also list the set criteria for the storage duration.
If our service providers or partners have their head offices in a country outside the European Economic Area (EEA), we will inform you of the ramifications of this circumstance in the relevant description of our products and services.

When do we delete your data if no deletion deadline needs to be specified?

If there are no concrete deletion deadlines mentioned in this data protection policy for a specific case, then we generally delete your personal data as soon as the purpose of storage no longer applies. However, we must store your data if we are obliged to do so in accordance with national legislation or due to ordinances, laws or other regulations from European lawmakers that we are subject to. That means, in accordance with Art. 957 OR, that companies are subject to retention obligations of ten years for business documents as a result of accounting laws (Art. 957ff OR). If however the storage period designated in the specified standards runs out, your data is of course deleted – unless it is still required at that point in time in order to conclude a contract with us or to fulfil a contract that you concluded with us. As long as we obtain the consent of the data subject for the processing of personal data, Art. 13 para. 1 FADP or Art. 6 para. 1 lit. a of the GDPR serves as a legal basis. For processing of personal data that is required in order to fulfil a contract with a contracting party who is a data subject, the legal basis is Art. 13 para. 2 lit. a FADP or Art. 6 Abs. 1 lit. b GDPR. This also applies for processing activity that is required for conducting pre-contract measures. If processing of personal data is required to meet a legal obligation that our company is subject to, the legal basis is Art. 13 para. 1 FADP or Art. 6 para. 1 lit. c GDPR. If processing is required to protect the legal interest of our company or a third party, and the interests, basic rights and basic freedoms of the data subject do not outweigh the aforementioned interest, the legal basis for the processing is Art. 6 para. 1 FADP or Art. 6 para. 1 lit. f GDPR.

Contact form for SNV membership/online shop registration

You can contact us using the e-mail address provided or the contact form. In this case, the data you provide (your e-mail address, name, telephone number and any other information you may provide) is stored in order to process your request and answer your questions. We delete the data that is involved in this context if the enquiry is assigned to a contract, after the contract has expired or we limit processing if there are legal retention obligations. You can object to the processing of your data at any time. This will not lead to any disadvantages for you.

Newsletter delivery

Our newsletter subscription keeps you up to date about our products and services that may be of interest. We only send you newsletters after you have voluntarily provided your consent, which is documented via the double-opt-in procedure. The solicited goods and services are mentioned in the declaration of consent. The process: After you register, we send an e-mail to you at the e-mail address you provide that asks you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information is blocked and automatically deleted after one month. The IP address, the time of the registration and your confirmation are saved. The purpose of this process is to obtain evidence of your registration and to be able to provide an explanation to you should your personal data be misused. You can cancel your registration at any time using the link provided in the newsletter or by sending us a message. Your e-mail address will then be deleted. We save the data you enter when you subscribe to the newsletter only until you unsubscribe from our newsletter using the unsubscribe button. Providing additional specially marked data is voluntary and is used to be able to address you personally. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

What rights do you have as a data subject?

Information
In accordance with Art. 19 E-OFADP/Art.15 GDPR, you can request information from us at any time regarding the personal data we process. In particular we will provide you with information on processing purposes, the category of the personal data, the categories of recipients to whom your data has been or must be disclosed, and the planned storage duration.

Rectification
In accordance with Art. 19 E-OFADP/ Art.16 GDPR, you have the right to immediately request that incorrect personal data or that incomplete personal data stored with us be rectified.

Erasure
In accordance with Art. 6 FADP, Art. 19 E-OFADP/Art.17 GDPR, you have the right to immediately request that personal data stored with us be erased.

Restriction of the processing
In accordance with Art. 6 FADP, Art.18 GDPR, you can request that the processing of your personal data be restricted.

Data portability
In accordance with Art. 24 E-OFADP, Art.20 GDPR, you can request that we make the personal data that you provided to us available or transmit it to another responsible person designated by you in a structured, commonly used and machine-readable format.

Withdrawal of consent
In accordance with Art. 6 FADP, Art.7 para.3 GDPR, you can withdraw any consent you have provided to us at any time. As a consequence, the data processing that was based on your consent will not be allowed to continue in future.

Objection to collecting your data in special cases and objection to direct marketing
In accordance with Art. 19 E-OFADP/ Art.21 GDPR, you can object to the processing of your personal data as long as you have reasons to do so resulting from your personal situation or that are directed toward the OBJECTION TO DIRECT MARKETING. In the latter case, you have a general right to object without specifying a special situation, which we will then implement. You can informally communicate your objection to us via telephone, e-mail, or by post at the address provided at the beginning of this data protection policy.

If you would like to exercise any of your rights or need more detailed information about this, please feel free to contact us using the contact details provided.

Right to lodge a complaint with the supervisory authority

In accordance with Art.77 GDPR, you have the right to make a complaint to the supervisory authority. In order to do this you can generally contact the supervisory authority of your usual place of residence or workplace or our company's head office:

Federal Data Protection and Information Commissioner (EDÖB)
Postal address
Feldeggweg 1
3003 Bern
Switzerland
Telephone: +41 58 462 43 95
E-mail: contact20@edoeb.admin.ch

How safe is your data?
All the information that you provide to us is stored on servers within the European Union. Unfortunately the transfer of information via the Internet is never completely secure, which is why we cannot guarantee the security of data that is transmitted over the Internet to our website. We do however secure our website and other systems using technical and organisational measures against loss, destruction, access, misuse, alteration or distribution of your data by unauthorised persons. In particular your personal data is transmitted to us in encrypted form. For this purpose we operate the SSL (Secure Socket Layer) [or TLS (Transport Layer Security)] coding system.

Status and updating of this data protection policy

We reserve the right to alter these data protection regulations at any time with effect for the future. An up-to-date version is available on the website. Please regularly visit our website to learn about the applicable data protection regulations.

What is the sum of 7 and 9?

All your data will be treated as strictly confidential and will only be used for the purposes of answering your query. For details on how your data will be processed, please refer to our Privacy Statement.

Back to top
Languages available