gfs.bern (hereinafter also referred to as ‘we’, ‘us’) obtains and processes personal data that concerns both you and other people (so-called ‘third parties’). We use the term ‘data’ as a synonym for ‘personal data’.
Controller for the processing of personal data:
We shall make it clear if a different controller is responsible for processing personal data in a specific case.
The following data protection officer is our point of contact for data subjects and au-thorities for enquiries relating to data protection:
Our data protection representative pursuant to Article 27 GDPR is as follows:
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
The data protection representative is as an additionalpoint of contact for data subjects and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) for enquiries in connection with the GDPR.
We process various categories of personal data. The main categories are as follows:
We collect various pieces of information within surveys that help support statistical decision-making. Our aim is to analyse behaviours, opinions and attitudes. We do not consider individual personal data in this process. Instead, we evaluate summarised information from groups of people. This data is not used for automated decision-making processes or for profiling purposes.
If we record or listen to phone calls or video conferences for reasons such as training or quality assurance, we will specifically draw your attention to this. These recordings are exclusively made in accordance with our internal guidelines and are used accordingly. You will always be notified in advance, for example at the start of a phone call, if and when such recordings are made. If you object to this recording, please let us know or end the call. If you only object to video recording, please turn your camera off.
Much of the data mentioned in Point 3 is provided by you. You are not obliged to do so, conditional on specific cases, e.g. as part of binding protection concepts (statutory obligations). If you want to conclude contracts with us or use our services, you must also provide us with data, especially master, contract and registration data, as part of your contractual obligation in accordance with the relevant contract. It is unavoidable that technical data will be processed when you use our website.
Provided we are permitted to do so, we also take data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, the media or the internet, including social media) or receive data from authorities and other third parties (such as credit agencies, address brokers, associations, contractual partners, internet analysis services, etc.).
We process your data for the purposes explained below. More information regarding online operations is available in Points 12 and 13. These purposes and/or the goals on which they are based represent our legitimate interests and possibly those of third parties. You can find more information about the legal basis of our processing in Point 5.
We process your data for purposes related to communicating with you, especially replying to queries and asserting your rights (Point 10) and to contact you if you have any questions. To do this, we use communication and master data, in particular. We retain this data in order to document our communication with you and to answer your questions.
Market, social and opinion research observes, measures and describes behaviours, attitudes, opinions and so on. We record and collect information from you to provide companies, associations and authorities with statistically-based decision-making assistance. This does not involve your personal data. Rather, this relates to aggregated values for a group of people. Your data may be collected in various ways (online, by phone, in writing or face-to-face during an interview).
We process data to establish, manage and handle contractual relationships.
We process data for marketing purposes and to maintain relationships, e.g. to send our customers and other contractual partners personalised adverts for our products and services. This can occur, for example, in the form of newsletters and other regular contacts (electronically, by post, by phone), via other channels for which we have your contact information, as well as for specific marketing campaigns (e.g. events, competitions, etc.) and may also include free services (e.g. invitations, vouchers, etc.). You can decline such contacts at any time (see the end of Point 4) and/or revoke or withdraw your consent to be contacted for advertising purposes.
We also process your data for market research, to improve our services and our operations and for product development.
We may also process your data for security purposes and for access control.
We process personal data to comply with legislation, directives and recommendations from authorities and internal regulations (compliance).
We also process data for our risk management purposes and within the context of prudent corporate governance, including operational organisation and corporate development.
We may process your data for other purposes, e.g. as part of our internal procedures and administration.
To the extent that the General Data Protection Regulation (GDPR) applies, we process personal data on at least one of the following legal grounds:
If we ask for your consent for specific instances of processing, we will provide information separately about the relevant purposes of that processing. You can withdraw your consent at any time by writing to us (by post) with future effect; our contact details are available in Point 2. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purposes to which you originally agreed, unless we have another legal basis for this. Withdrawing your consent will not affect the legitimacy of any processing undertaken based on your consent prior to its withdrawal.
If we do not ask for your consent to processing, we base the processing of your personal data on the fact that this processing is required to initiate or execute a contract with you (or the entity you represent) or that we or a third party have a legitimate interest, in particular to pursue the purposes and associated objectives described in Point 4 above and implement appropriate measures. Our legitimate interests also include complying with statutory requirements, unless this is already recognised as a legal basis by the applicable data protection legislation (e.g. under the GDPR, the law in the EEA and in Switzerland). They also include marketing our products and services, our interest in better understanding our markets and the secure and efficient management and ongoing development of our company, including our operational business.
With regard to our surveys, we use your personal information exclusively in accordance with the purposes described in Section 4 and share it with the third parties listed below, provided you have given your consent to the disclosure of your personal data to other third-party categories elsewhere. gfs-zürich takes reasonable steps to ensure that your personal data is processed, protected and transmitted in accordance with the applicable legislation.
We also transmit your personal data to third parties in connection with our contracts, website, services and products, our statutory obligations or to otherwise protect our legitimate interests, as well as the other purposes listed in Point 4.This includes the following recipient categories, in particular:
All these recipient categories may in turn involve third parties at their end, meaning that your data may also be accessible to these third parties. We may restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
As explained in Point 6, we also disclose data to third parties. They are not only located in Switzerland. Your data may therefore be processed both in Europe and in our survey lab in Kosovo. In exceptional cases, your data may be processed in any country in the world.
If a recipient is based in a country without adequate statutory data protection, we contractually oblige the recipient to comply with applicable data protection (we use the European Commission’s revised standard contractual clauses for this, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless they are already subject to a legally recognised data protection policy and we are able to rely on an exemption clause. Exemptions may apply in the case of legal proceedings abroad, in particular, as well as in cases of overriding public interest or if the execution of a contract requires such disclosure, if you have given your consent or if it concerns data that you have made generally accessible and whose processing you have not objected to.
Please also note that data exchanged over the internet is often routed via third countries. This means that your data may also be transferred abroad even if the sender and recipient are based in the same country.
We process your data for the duration required for our processing purposes, statutory retention periods and our legitimate interests in the processing for documentation and evidence purposes, or for the retention duration required for technical purposes. Further information about the relevant retention and processing period for the individual data categories is available in Point 3 and/or for cookie categories in Point 12. Provided there are no legal or contractual obligations to the contrary, we delete or anonymise your data at the end of the retention or processing period in line with our standard procedures.
We take appropriate security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or illegal processing and to counteract the risk of loss, inadvertent modification, accidental disclosure or unauthorised access.
Under certain circumstances, the applicable data protection legislation gives you the right to object to the processing of your data, especially if this is for the purposes of direct marketing, profiling undertaken for direct advertising and other legitimate interests in the processing.
To make it easier for you to control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection legislation:
If you wish to exercise the above-mentioned rights towards us, please submit your written concerns by letter or email; our contact details are available in Point 2. In order for us to rule out fraud, we will have to verify your identity (e.g. using a copy of your ID, unless we can do this some other way).
Please note that these rights are subject to conditions, exemptions or restrictions, depending on the applicable data protection legislation (e.g. to protect third parties or trade secrets). We will inform you accordingly if necessary.
If you do not agree with our handling of your rights or data protection, please let us know. If you are based in the EEA, the United Kingdom or Switzerland, in particular, you also have the right to complain to your country’s supervisory authority for data protection.
Cookies can be stored temporarily in your browser as session cookies or for a specific period of time as permanent cookies. Session cookies are deleted automatically when the browser is closed. Permanent cookies are stored for a specific period of time. In particu-lar, cookies enable us to recognise a browser when you next visit our website and in doing so, for example, measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.
Numerous services such as AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) and Your Online Choices (European Interactive Digital Advertising Alliance) are available to opt out of all cookies which are used to measure success and reach statistics or for advertising purposes.
Whenever you visit our website, we can collect the following information if your browser transfers it to our server infrastructure or if our web server is able to collect it: date and time, including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, indi-vidual pages of our website visited including the volume of data transferred, referrer URL.
We store this information – which can also represent personal data – in server log files. The information is necessary in order for us to make our website permanent, user-friendly and reliable, as well as to ensure data security, especially the protection of per-sonal data – including through third parties or with the help of third parties.
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are small, usually invisible images that are accessed automatically when you visit our website. Tracking pixels can be used to collect the same information as is stored in server log files.
We send notifications and messages by email and over other communication channels such as instant messaging or SMS.
Notifications and messages can contain links or tracking pixels that log whether an individual message has been opened and what links were clicked on. Such web links and tracking pixels can even record personal use of notifications and messages. We require these usage statistics to gauge our success and coverage in order to make notifications and messages effective and user-friendly on the basis of the needs and reading habits of their recipients and send them permanently, securely and reliably.
We send notifications and messages with the help of specialised service providers.
In particular, we use:
We maintain a presence on social media platforms and other online platforms in or-der to communicate with potential customers and provide information about our activities and operations. In connection with such platforms, personal data can also be processed outside of Switzerland and the European Economic Area (EEA).
If and in so far as the General Data Protection Regulation (GDPR) applies, we are jointly responsible with Meta Platforms Ireland Limited (Ireland) for our social media presence on Facebook, including Page Insights. Meta Platforms Ireland Limited is part of Meta (including in the USA). The Page Insights show how users interact with our Facebook page. We use Page Insights to make our social media presence on Facebook effective and user-friendly.
We use services provided by specialised third parties in order to carry out our activities and operations in a durable, user-friendly, secure and reliable manner. These services can be used for various activities, such as embedding functions and content in our website. In the case of embedding, the services used record the Internet Protocol (IP) addresses of the users at least temporarily for technically compelling reasons.
Third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymised or pseudonymised form for necessary security-related, statistical and technical purposes. For example, this relates to performance or usage data that is required for them to be able to offer the service in question.
In particular, we use:
We use services from specialised third parties to provide us with the digital infrastructure we need in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.
In particular, we use:
Depending on your situation, we recommend muting your microphone by default and blurring your background, or displaying a virtual background, when attending audio or video conferences.
In particular, we use:
We use third party services to embed maps on our website.
In particular, we use:
We use third-party services to embed selected fonts, as well as icons, logos and symbols into our website.
In particular, we use:
We use the option of displaying targeted advertisements for our activities and operations on third parties such as social media platforms and search engines.
We would like to use such advertising, in particular, to reach people who are already interested in our activities and operations or who might be interested in them (remarketing and targeting). For this purpose, we may transmit corresponding information to third parties who enable such advertising; this may potentially include personal information. We may also determine whether our advertising is successful, i.e. in particular whether it leads to visits to our website (conversion tracking).
Third parties with whom we advertise and where you are registered as a user may be able to assign the use of our website to your profile there.
In particular, we use:
We try to determine how our online service is used. For example, we may measure the success and reach of our activities and operations and the impact of third-party links to our website. However, we can also, for example, test and compare how different parts or versions of our online service are used (‘A/B test’ method). Based on the results of the success and reach measurement, we can, in particular, correct errors, strengthen popular content or make improvements to our online service.
The Internet Protocol (IP) addresses of individual users are usually stored when meas-uring success and reach. In this case, IP addresses are always shortened (‘IP masking’) in order to follow the principle of data economy through the corresponding pseudonymisation.
Cookies may be used and user profiles may be created to measure success and reach. Any user profiles created include, for example, the individual pages visited or content viewed on our website, information on the size of the screen or browser window and the – at least, approximate – location. As a matter of principle, user profiles are only created pseudonymously and are not used to identify individual users. Individual third-party services with which users are registered may be able to assign the use of our online service to the user account or user profile of the service in question.
In particular, we use:
What data do we process on our social media pages?
We may operate pages and other websites (‘channels’, ‘profiles’, etc.) on social networks and other platforms operated by third parties and collect the data about you described in Point 3 and below. We receive this data from you and these platforms when you come into contact with us via our website (e.g. when you communicate with us, comment on our content or visit our site). At the same time, these platforms evaluate your use of our website and link this data with other data relating to you that is known to them (e.g. about your behaviour and preferences). They also take responsibility for processing this data for their own purposes, especially for marketing and market research purposes (e.g. to personalise adverts) and manage their platforms (e.g. what content they show you).
We process this data for the purposes described in Point 4, especially for communication, marketing purposes (including advertising on these platforms, see Point Error! Reference source not found.) and market research. Information on the relevant legal basis is available in Point 5. We may repost (e.g. in our adverts on the platform or elsewhere) any content you publish (e.g. comments on an announcement). We or the operators of the platforms may also delete or restrict content posted by or about you in accordance with the usage guidelines (e.g. inappropriate comments).
For further information regarding the processing undertaken by the operators of these platforms, please refer to their privacy policies, where you can also see in which countries they process your data, which information, deletion and other data subject rights you have and how you can exercise these or obtain more information. We currently use the following platforms:
Last updated: 1 September 2023