SAQ handles your personal data confidentially, carefully and for a specific purpose. In doing so, we comply with the relevant provisions of the applicable data protection law.
Responsible for the collection, processing and use of your personal data is:
SAQ Swiss Association for Quality
Ramuzstrasse 15
CH-3027 Bern
Tel: +41 (0)31 330 99 00
1. Basic information on data processing and legal bases
1.1
Personal data (personal data, according to GDPR) are all details that refer to a specific or identifiable natural person. A data subject is a person about whom we process personal data.
Processing (processing, according to GDPR) includes any handling of personal data, regardless of the means and procedures used, for example querying, comparing, adapting, archiving, storing, reading out, disclosing, procuring, recording, collecting, deleting, disclosing, arranging, organizing, storing, modifying, disseminating, linking, destroying and using personal data.
1.2
For reasons of readability, the male form was chosen in the text, nevertheless the information refers to individuals of all genders.
1.3
We process personal data of users in compliance with the relevant data protection regulations (Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and, where applicable under Art. 3 para. 2 GDPR, the EU GDPR). This means that users' data are only processed if there is a legal permission. That is, in particular if data processing is required to provide our contractual services (e.g. processing of orders) as well as online services or is legally required.
1.4
Persons under the age of 18 should not transmit personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and adolescents. We do not knowingly collect such data nor do we pass it on to third parties.
1.5
This privacy policy informs you about the nature, scope and purpose of the processing of personal data within our offer and the associated websites, functions and content (hereinafter collectively referred to as “offer” or “website”).
2. Collection of access data and log files
2.1
Each time the website is accessed, by a person or an automated system, a range of general data and information is collected. These general data and information are stored in the log files of the server (cyon GmbH, Brunngässlein 12, CH – 4052 Basel). The following may be recorded: name of the accessed website, file, date and time of access, amount of data transferred, report on successful access, browser type including version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
2.2
Log file information is stored for a maximum of six months for security reasons (e.g. to clarify misuse or fraudulent acts) and then deleted. Data whose further storage is necessary for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
3. Transfer of data to third parties and third-party providers
3.1
Data recorded when accessing our internet offer are only transmitted to third parties insofar as we are legally, contractually or by court order obligated to do so.
Personal data of our members are generally not transmitted to third parties.
In the case of ordering informational material, brochures or products, we use the personal data provided by you only within SAQ. There is no transmission to third parties for commercial or non-commercial purposes.
SAQ transmits the personal data of certificate holders to UXQB. UXQB and SAQ undertake to use the personal data of certified persons exclusively for certificate administration purposes (e.g. information exchange in case of certificate loss), control and misuse check purposes (e.g. prevention of forged certificate documents) as well as for quality assurance purposes.
The certification body SAQ undertakes to implement the guidelines of the EU General Data Protection Regulation (GDPR) regarding “privacy by design,” i.e. the technical and organizational measures, and regarding “privacy by default,” i.e. the scope and use of the collected data.
4. Data processing in the context of the provision of contractual services
4.1
We process personal data (e.g. email address, salutation, first and last name and private/company address) for the purpose of fulfilling our contractual obligations and service provisions according to Art. 6 para. 1 lit. b GDPR, or Art. 6 para. 3 FADP.
4.2
Certificate holders are published with their surname, first name, year of certification and certificate title in the ‘Register of Certified Persons’ on the SAQ website. This serves to make the qualifications achieved transparently visible. Upon request, you can apply to the SAQ at any time to have your entry changed, corrected or deleted.
5. Contact and order
5.1
When contacting us (via contact form or email), the user's data are processed for handling the contact request and its processing according to Art. 6 para. 1 lit. a) and/or b) GDPR, or Art. 6 para. 3 FADP.
6. Cookies & reach measurement
6.1
This website uses cookies. Cookies are small text files that are permanently or temporarily stored on your computer when visiting this website. The purpose of the cookies is in particular to analyze the use of this website for statistical evaluation and for continuous improvements.
6.2
As part of cookies and reach measurement, we use Matomo Cloud, whose servers are located within the EU. This enables us to conduct anonymized analysis of the use of our website to continuously improve our offer. The data collected by Matomo Cloud are not forwarded to third parties. Users have the option to object to the data collection.
6.3
In your browser, you can deactivate cookies in the settings at any time partially or entirely. If cookies are deactivated, not all functions of this website may be available to you.
6.4
You can object to the use of cookies for reach measurement and advertising purposes via the opt-out page of the Network Advertising Initiative (optout.networkadvertising.org), and additionally the U.S. website (www.aboutads.info/choices) or the European website (www.youronlinechoices.com/uk/your-ad-choices/).
6.5
Matomo Cloud: Success and reach measurement with pseudonymized IP addresses;
Provider: InnoCraft Ltd. (New Zealand); Data protection information: MATOMO CLOUD PRIVACY POLICY
7. Integration of third-party services and content
7.1
We use content or service offers from third-party providers within our offer based on our legitimate interests (i.e. interest in analysis, optimization and economical operation of our offer in the sense of Art. 6 para. 1 lit. f GDPR or Art. 31 para. 2 FADP), in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content perceive the IP address of the users, as they could not send the content to the users’ browsers without the IP address. The IP address is therefore required for the display of this content. We strive to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring websites, visit time, as well as other details about the use of our offer and may be linked with such information from other sources.
7.2
The following overview shows third-party providers and their content, along with links to their privacy policies, which contain further information on data processing and, where already mentioned here, opt-out options:
- Maps from the service “Google Maps” by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: www.google.com/policies/privacy/, Opt-out: www.google.com/settings/ads/.
- Videos from the platform “YouTube” of the third-party provider YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Privacy policy: www.google.com/policies/privacy/, Opt-out: www.google.com/settings/ads/.
- External code of the JavaScript framework “jQuery,” provided by the third-party provider jQuery Foundation, jquery.org.
- Videos from the platform “Vimeo” of the third-party provider Vimeo.com, Inc: Vimeo.com, Inc., Attention: Data Protection Officer, 330 West 34th Street, 10th Floor, New York, New York 10001, USA, , Privacy policy: https://vimeo.com/privacy.
8. Social Media
8.1
We integrate services and plugins from third-party providers on our website to enable interaction with social media platforms. This includes features for embedding content from these platforms and for sharing content from our website on social networks. Using these features may result in the transfer of data, including personal data, to the service providers. We recommend reviewing the privacy policies of the respective social media platforms.
8.2
- Facebook, Meta Platforms Inc. (USA)/Meta Platforms Ireland Ltd. (Ireland): https://de-de.facebook.com/privacy/policy/
- LinkedIn, LinkedIn Corporation (USA)/LinkedIn Ireland Unlimited Company (Ireland): https://de.linkedin.com/legal/privacy-policy?
- X, X Corp. (USA)/Twitter International Company (Ireland): https://twitter.com/de/privacy
- XING, New Work SE (Germany): https://privacy.xing.com/de/datenschutzerklaerung
9. Notifications and Communications
9.1
By subscribing to our newsletter and/or our mailing lists, you agree to receive them and the procedures described. Subscription to the newsletter is carried out in a so-called double opt-in process: after registration, you will receive an email in which you must click a link to confirm your registration.
9.2
Content of the notifications and communications: We send newsletters, emails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the content of the newsletter is specifically described as part of a registration, it is decisive for the consent of the users. Otherwise, our newsletters contain information about our products, offers, promotions and our association.
9.3
Newsletter registrations are logged to be able to prove the registration process according to legal requirements. This includes storing the registration and confirmation time.
9.4
Dispatch service provider: The newsletters are sent using “rapidmail,” a platform for sending newsletters by the company: rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany, hereinafter referred to as “dispatch service provider.” You can view the dispatch service provider’s privacy policy here: https://www.rapidmail.de/datenschutz.
9.5
Registration data: To register for the newsletter, you must provide your email address. We also ask for your first and last name for a personal salutation in the newsletter.
9.6
The newsletters contain a so-called “web beacon,” i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. During this retrieval, technical information such as information about the browser, your system and the time of retrieval are initially collected. The statistical evaluations also include determining whether the newsletters are opened, when they are opened and which links are clicked. This information can technically be assigned to individual newsletter recipients; however, it is neither our intention nor that of the dispatch service provider to monitor individual users. The evaluations serve to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
9.7
The use of the dispatch service provider, carrying out statistical surveys and analyses, is based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR, or Art. 31 para. 2 FADP. Our interest is aimed at using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of users.
9.8
rapidmail GmbH is prohibited from using your data for purposes other than sending the newsletter. Transfer or sale of your data is not permitted. rapidmail is a German, certified newsletter software provider, carefully selected according to the requirements of the GDPR and the BDSG.
9.9
Cancellation/Revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consents. This also terminates your consent to its dispatch by the dispatch service provider and the statistical analyses. You will find a link to unsubscribe from the newsletter at the end of each newsletter.
10. Rights of the data subject
10.1
Every data subject has the right to request confirmation from us as to whether we are processing their personal data.
10.2
Every data subject may at any time request free (in cases of repeated or abusive assertion, a fee may be charged) information from us about the personal data stored concerning them. We provide the following information:
- the identity and contact details of the controller;
- the processed personal data as such;
- the purpose of processing;
- the retention period of the personal data or, if not possible, the criteria for determining this period;
- available information about the origin of the personal data, insofar as they were not obtained from the data subject;
- where applicable, the existence of automated individual decision-making and the logic on which the decision is based;
- where applicable, the recipients or categories of recipients to whom personal data are disclosed, as well as the information according to Article 19 paragraph 4;
- the existence of a right to lodge a complaint with a supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC);
- if the personal data are not collected from the data subject: all available information about the origin of the data.
10.3
Furthermore, the data subject has the right, considering the purposes of the processing, to request the completion of incomplete personal data — also by means of a supplementary statement.
10.4
Every data subject has the right to request the immediate deletion of personal data concerning them, insofar as these are no longer necessary for processing. For example, for the creation of certificates or the provision of services by SAQ. If deletion is not possible, the data will be anonymized.
10.5
Every data subject has the right to request restriction of processing if one of the following conditions is met:
- The accuracy of the personal data is contested by the data subject, for a period enabling us to verify the accuracy of the personal data.
- The processing is unlawful, the data subject refuses deletion of the personal data and instead requests the restriction of the use of the personal data.
- We no longer need the personal data for processing purposes, but the data subject requires them for the assertion, exercise or defense of legal claims.
- The data subject has objected to the processing and it has not yet been determined whether our legitimate grounds outweigh those of the data subject.
10.6
Every data subject has the right to object at any time to the processing of personal data concerning them for reasons arising from their particular situation.
10.7
Every data subject has the right to revoke their consent to the processing of personal data at any time. If a data subject wishes to exercise one or more data subject rights, they may contact us in writing at: SAQ Swiss Association for Quality, Ramuzstrasse 15, CH-3027 Bern, .
11. Deletion of data
11.1
Personal data stored with us are deleted or anonymized as soon as they are no longer necessary for their intended purpose and no statutory retention obligations oppose the deletion. If the users' data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. That is, the data are blocked and not processed for other purposes.
12. Right to object
12.1
Users may object at any time to the future processing of their personal data in accordance with legal requirements. The objection can especially be made against processing for direct marketing purposes.
13. Security measures
13.1
We take organizational, contractual and technical security measures according to the state of the art to ensure that the provisions of data protection laws are observed and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
14. Links to third-party websites
14.1
Some links on this website lead to third-party websites. These are no longer under the influence of SAQ. Therefore, SAQ assumes no responsibility for the accuracy, completeness and legality of the contents and links contained there as well as for any offers, products and services possibly contained therein. The use of linked websites is at your own responsibility.
15. Changes to the privacy policy
15.1
In the course of further development of our websites and the implementation of new technologies, changes to this privacy policy may become necessary. Therefore, we recommend that you reread this privacy policy from time to time.
15.2
Users are asked to regularly inform themselves about the content of the privacy policy.