Privacy statement

The purpose of this privacy statement is to inform you what personal data we process in connection with our website and the corresponding services offered. In particular, we provide information on what personal data we process, how and where we process it and for what purpose. This privacy statement also clarifies the rights of individuals whose data we process.

1. Contact addresses

Body responsible for the processing of personal data: Federal Coordination Commission for Occupational Safety FCOS

Please see the imprint for contact details.

2. Processing of personal data

2.1 Terms

Personal data is any information that relates to an identified or identifiable person. A data subject is an individual whose personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the retention, disclosure, acquisition, collection, deletion, storage, modification, destruction and use of personal data.

2.2 Legal basis

We process personal data in accordance with Swiss data protection law, such as in particular the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).

2.3 Nature, scope and purpose

We process the personal data that is required for us to provide our services in a sustainable, user-friendly, secure and reliable way. Such personal data may, in particular, fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales, contract and payment data.

We process personal data for the period of time necessary for the relevant purpose(s) or as required by law. Personal data that no longer needs to be processed is anonymised or deleted. In principle, individuals whose data we process have the right to have their data deleted.

As a matter of principle, we only process personal data with the consent of the data subject, unless the processing is permitted for other legal reasons, such as for the fulfilment of a contract with the data subject and for corresponding pre-contractual measures, in order to safeguard our overriding legitimate interests, for the performance of statutory duties, because the processing is evident from the circumstances or after information has been provided in advance.

In this context, we process, in particular, information that data subjects provide to us themselves and on a voluntary basis when contacting us, when using our services or when registering for a user account. We may store such information, for example in a directory or by similar means. If you transfer personal data to us via third parties, you shall be obliged to ensure data protection vis-à-vis such third parties and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of providing our services, if and to the extent that such processing is permitted for legal reasons.

2.4 Processing of personal data by third parties, including abroad

We may have personal data processed by commissioned third parties or process it jointly with third parties. We may also process personal data with the help of third parties or transmit it to third parties. These third parties include, in particular, providers whose services we use. We also ensure appropriate data protection with such third parties.

These third parties are, as a general rule, located in Switzerland or in the European Economic Area (EEA). However, they may also be located in other states and territories on earth, provided that their data protection law guarantees adequate data protection in the opinion of the Federal Data Protection and Information Commissioner (FDPIC), or if adequate data protection is guaranteed on other grounds, such as through a corresponding contractual agreement, in particular on the basis of standard contractual clauses, or through a corresponding certification. In exceptional cases, such third parties may be located in a country without adequate data protection, provided that the requirements under data protection law, such as the explicit consent of the data subject, are met.

3. Rights of data subjects

Data subjects whose personal data we process have rights under Swiss data protection law. These include the right to information as well as the right to rectification, deletion or blocking of the personal data processed.

Data subjects whose personal data we process have the right to appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

4. Data security

We take appropriate and suitable technical and organisational measures to ensure data protection and, in particular, data security. However, in spite of such measures, there is always the possibility of gaps in security when personal data is processed on the Internet. We therefore cannot guarantee absolute data security.

Our online services are accessed via transport encryption (SSL/TLS, in particular with Hypertext Transfer Protocol Secure, or HTTPS). Most browsers indicate transport encryption with a padlock symbol in the address bar.

5. Use of the website

5.1 Cookies

We may use cookies for our website. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data that is stored in your browser. This kind of stored data is not necessarily limited to traditional cookies in text form. Cookies cannot run programs or transmit malware such as Trojans and viruses.

Cookies can be stored in your browser temporarily as “session cookies” when you visit our website or for a certain period of time as “permanent cookies”. Session cookies are automatically deleted when you close your browser. Permanent cookies have a specific storage period. In particular, they enable us to recognise your browser the next time you visit our website and thus, for example, help us measure our website’s reach. However, permanent cookies can also be used for online marketing, for example.

You can disable or delete cookies completely or partially in your browser settings at any time. Without cookies, our website may no longer be fully available.

In particular, we use:

Usercentrics: consent management platform; provider: Usercentrics GmbH (Germany); data protection information: Privacy policy

For cookies used to measure performance and reach, it is possible to opt out of the use of these cookies in general for numerous services via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 Server log files

We may collect the following information each time you access our website, provided that this information is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including amount of data transferred, last web page accessed in the same browser window.

We store this kind of information, which may also be defined as personal data, in server log files. We need this information to provide our online services in a sustainable, user-friendly and reliable way and to enable us to ensure data security and thus, in particular, the protection of personal data – including by or with the help of third parties.

5.3 Tracking pixels

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are small, usually invisible images that are automatically retrieved when you visit our website. They can be used to collect the same information as server log files.

5.4 Reviews and comments

We allow you to post reviews and comments on our website. In this context, we process, in particular, the information that is transmitted to us by the individuals submitting reviews or comments themselves, but we also process data such as the Internet Protocol (IP) address used and the date and time. This information is required to enable comments to be published and to ensure protection against misuse, which is in our overriding legitimate interests.

6. Notifications and messages

We send notifications and messages such as newsletters by e-mail and through other communication channels such as instant messaging.

6.1 Performance and reach measurement

Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked on. Such web links and tracking pixels may also record the use of notifications and messages on a person-specific basis. We need this statistical record of usage for measuring performance and reach, so that we can offer notifications and messages based on recipients’ needs and reading habits in an effective and user-friendly way that is also sustainable, secure and reliable.

6.2 Consent and opting out

In principle, you must expressly consent to the use of your e-mail address and other contact addresses, unless such use is permitted for other legal reasons. For any consent to receive e-mails, we use the “double opt-in” procedure where possible, i.e. you will receive an e-mail with a web link which you must click to confirm, to avoid any misuse by unauthorised third parties. We may log consent given in this way (including the Internet Protocol (IP) address, date and time) for evidence and security purposes.

In principle, you can unsubscribe from notifications and messages such as newsletters at any time. Unsubscribing enables you, in particular, to opt out of the statistical recording of usage for the purposes of performance and reach measurement. However, we reserve the right to send notifications and messages that are absolutely necessary for the services we offer.

6.3 Service provider for notifications and messages

We send notifications and communications via services provided by third parties or with the help of service providers. Cookies may also be used in this process.

In particular, we use:

Mailchimp: communication platform; provider: The Rocket Science Group LLC d/b/a Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); data protection information: Privacy Statement.

7. Third-party services

We use third-party services to enable us to provide our services in a sustainable, user-friendly, secure and reliable way. These services may also be used to embed content in our website. Such services – e.g. hosting and storage services – require your Internet Protocol (IP) address, as otherwise they cannot transmit the relevant content.

For their own security, statistical and technical purposes, third parties whose services we use may also process data in connection with our services as well as from other sources – including cookies, log files and tracking pixels – in aggregated, anonymised or pseudonymised form.

In particular, we use:

Google services: providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; general information on data protection: “Security and privacy”, Privacy Policy,
Hostpoint: hosting; provider: Hostpoint AG (Switzerland); data protection information: Privacy Policy.

8. Performance and reach measurement

We use services and programs to determine how our online services are used. Within this framework, we can, for example, measure the success and reach of our online services as well as the effect of third-party links to our website. However, we can also, for example, try out and compare how different versions of our online services or elements of these are used (A/B test method). Based on the performance and reach measurement results, we can, in particular, correct errors, strengthen content that is in high demand or make improvements to our online services.

When using services and programs for performance and reach measurement, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are always shortened in line with the principle of data minimisation through pseudonymisation and to improve data protection for visitors to our website (“IP masking”).

When using services and programs for performance and reach measurement, cookies may be used and user profiles may be created. User profiles include, for example, the pages visited or content viewed on our website, information on the size of the screen or browser window and the (at least approximate) location. As a basic principle, user profiles are created exclusively on a pseudonymised basis. We do not use user profiles to identify individual visitors to our website. Individual services for which you are registered as a user may link the use of our online services to your profile with the service in question, whereby you usually have to give your consent to this in advance.

In particular, we use:

Google Analytics: performance and reach measurement; data protection information specific to Google Analytics: including measurement across different browsers and devices (cross-device tracking) and using pseudonymised Internet Protocol (IP) addresses, which are only transmitted in full to Google in the USA in exceptional cases, “Data protection”, “Google Analytics Opt-out Browser Add-on”.

9. Final provisions

We may amend and supplement this privacy statement at any time. We will inform you about any such amendments and additions in an appropriate manner, in particular by publishing the latest version of the privacy statement on our website.