RGPD Compliance

Our website and the RGPD, the new European regulation on data protection.

We care about the protection of our customers' and partners' personal data, and are committed to respecting and complying with the new General Data Protection Regulation (GDPR) which comes into effect across the European Union from 25 May 2018.

This new regulation can be found here.

Context

The new Data Protection Regulation (GDPR) will enter into force on 25 May 2018 throughout the European Union (EU). From this date, the GDPR will be directly applicable to all actors active on the territory of the European Union. The new rules are designed to give citizens more control over their personal data, to make businesses more accountable while reducing their reporting burden, and to strengthen the role of data protection authorities. This text will have a direct impact on a large number of Swiss companies.

When does the new regulation apply?

The new GDPR regulation will apply from 25 May 2018.

Who is affected by the GDPR?

The RGPD affects all companies operating in the EU. However, companies based in Switzerland and other third countries may also be subject to it. It should also be noted that only "personal" data is covered by the GDPR (art. 4 GDPR).

What is personal data?

Data is considered to be "personal" when it concerns natural persons who are identified directly or indirectly. A person is identified when, for example, their name appears in a file. Data that we might consider anonymous may constitute personal data if it allows a specific person to be identified indirectly or by cross-checking information. It may in fact be information that is not associated with a person's name but which easily allows that person to be identified and to know his or her habits or tastes (source: Commission nationale de l'informatique et des libertés (CNIL)).

Is our site subject to the RGPD?

Yes, but only indirectly:

Our site may however have for some of its services customers from the EU, or may have personal data of natural persons from the EU having a professional activity in a Swiss company. For these or any other cases involving personal data of EU citizens, Our site is subject to this new European regulation and undertakes to respect its obligations.

  • no targeting or processing based on personal data;
  • no specific targeting of customers or prospects from the European Community;
  • no transfer of data to partners, either in Switzerland or in the EU;
  • end-to-end control of the data management chain.

What data is generally collected by our site?

Yes, but only indirectly:

We collect the data that our customers provide to us when the initial contract is established, as well as relevant data transmitted during their contacts with our site's commercial or technical services.

Does our site do any targeting?

Our site does not target personal data or consumption behaviour of services on our site; our site does not use the personal data of its customers and, therefore, is not impacted by art. 3 of the GDPR.

What are the commitments of our site towards its customers?

Art. 24

We undertake to constantly monitor its employees who have access to the main databases containing the personal data of its customers, and we will ensure that all its employees who come into contact with personal data have adequate knowledge of the requirements of the RGPD and our commitments in this regard.

Art. 25

We undertake to generate a systematic encryption of our customers' portal access systems as soon as their profile is created.

Art. 27

We undertake to manage the security and integrity of our clients' personal data, and endeavour to respond to all requests and enquiries from our clients in a timely manner in accordance with Swiss and European regulations.

Art 30

As we have not reached the critical mass of 250 employees, we are not required to keep a register according to Art. 30, paragraph 1.

Art 32

We undertake to do our utmost to ensure optimum security of our facilities and to continuously optimise the protection of our customers' personal data and their integrity by means of HW and SW upgrades in accordance with the regulations of our technical suppliers.

We are committed to proactively communicating with our employees, highlighting our commitments to our customers, ensuring that our employees' behaviour is in line with our values and the requirements of the new RGPD regulation on data protection. A very low staff turnover also guarantees this security and integrity.

Conclusions

We are not directly affected by the new EU data protection law RGPD but we strive to respond to all our clients directly or indirectly impacted by one or more articles of the law. We are committed to doing our utmost to meet the demands and requests of our current and future clients under the new EU RGPD regulation which comes into effect from 25.05.2018.