Data protection statement

Switzerland Cheese Marketing AG, which has its registered office in Switzerland, and its subsidiaries (also referred to together as “we”, “us” or “Switzerland Cheese Marketing”) are each responsible for data processing in accordance with this data protection statement.

Switzerland Cheese Marketing is represented in various countries. For that reason, a range of different legal bases apply at both national and EU level. We have listed the legal basis applicable in each case to the various types of processing of your personal data, as stipulated in the General Data Protection Regulation (GDPR). It would be beyond the scope of this data protection statement to name every legal basis applicable in every country.

The term “personal data” encompasses all information with which a natural person (an individual) can be identified directly or indirectly. “Processing” means the handling/use of personal data.

Find out more

Personal data can be divided into categories. Examples of such categories and the personal data they contain are:

• Master data (e.g. names, addresses, dates of birth)
• Contact data (e.g. e-mail address, telephone number)
• Content data (e.g. text entries on web forms, photographs, videos, sound recordings)
• Contract data (e.g. information on the contract such as the subject matter, contract type and term, customer category, CV)
• Usage data (e.g. recording of websites accessed and apps used, location and movement data, access times, preferences and affinities with content)
• Meta-data and communication data (e.g. device information, IP addresses, location of devices/persons)
• Financial data (e.g. credit card number, account number, payment history)
• Particularly sensitive data/special categories of personal data (e.g. religious or political views, race/ethnicity, sexual orientation)

This is not an exhaustive list; other personal data may also be processed.

Examples of processing include the collection, storage, alteration, use, forwarding or deletion of personal data.

We primarily process personal data when they come directly from you (e.g. when we write to each other or when you subscribe to our newsletter, order a product or take part in a competition). We also process personal data that we receive from third parties, for instance when we task them with collecting personal data (e.g. financial service providers for payments, providers of Internet analysis services). To the extent permitted, we also take personal data from publicly available sources (e.g. the commercial register, the Internet, the press).

The following section provides further details of the personal data that we process, the purposes for which we process it and the legal basis for processing.

We may transmit and provide access to personal data that we receive from you or from third parties both within and between each Switzerland Cheese Marketing company (“forwarding”).

We may also forward personal data that we receive from you or third parties, e.g. authorities, courts, persons and other bodies/companies.

We do not trade in personal data or sell it to third parties. The data forwarding only takes place within the scope defined in this data protection statement. We only pass personal data onto third parties who process your personal data on our behalf and in accordance with our instructions. We also forward your personal data to third parties if we are legally obliged or entitled to do so.

Transmission and provision of access to Switzerland Cheese Marketing companies: if this occurs for administrative reasons, we are exercising legitimate entrepreneurial and business interests. This may also take place – if required – in order to fulfil contractual obligations, on the basis of your consent or because there are legal grounds for doing so.

Transmission and provision of access to third parties outside of Switzerland Cheese Marketing: these may be, for example, IT service providers (e.g. hosting, e-mail newsletter, data analysis, website operation), logistics companies (dispatch of goods), payment service providers, advisory service providers (lawyers, tax advisors, accountants, recruitment agencies, etc.) and authorities or courts. In the process, we comply with the applicable statutory requirements and sign contracts with these recipients which guarantee the protection of your personal data.

The recipients of your personal data may also be located abroad, i.e. in a country of the European Union (EU), the European Economic Area (EEA) or another country elsewhere in the world. Where personal data are forwarded or disclosed to recipients in other countries or processed in other countries, this is always done in compliance with the applicable legal provisions.

Personal data are only forwarded, disclosed and/or processed abroad in countries with appropriate levels of data protection. If the countries in question do not have this, we impose contractual obligations – based on an assessment of the individual case – using the European Commission standard contractual clauses or the standard outsourcing contract of the Federal Data Protection Commissioner in the case of Switzerland and/or obtain a guarantee that the recipient has the necessary certifications or that binding internal data protection rules (“Binding Corporate Rules”) are in place.

Exceptions to this rule are possible in the following cases: after having the risks explained to you, you give your express consent to the forwarding/disclosure; the forwarding/disclosure of your personal data is required for the performance of the contract; the forwarding/disclosure occurs due to the pursuit of legal claims or the pursuit or safeguarding of other essential legitimate interests in special cases.

Within the scope of the applicable statutory requirements, we take suitable technical and organisational measures to guarantee appropriate protection of your personal data. In the process, we take into account the latest technological developments, the nature, scope, circumstances and purposes of the processing of the personal data and the different probabilities of occurrence and severity levels of the risks to the rights and freedoms of the individuals affected.

Technical measures include, for example, encryption of our website, maintenance of logs, access restriction, data-protection-friendly pre-settings and data back-up. Organisational measures include, for example, the conclusion of confidentiality agreements and other contracts, training for our employees and checks on service providers.

We generally do not engage in automated individual decision-making, i.e. legal decisions without human involvement (e.g. credit checks). If we do do this, we will notify you accordingly and obtain your consent if required.

We delete your personal data in accordance with the statutory requirements, i.e. when you revoke your consent to data processing, when we no longer have a legitimate interest in storing the personal data or we are no longer authorised to retain the data for other reasons (e.g. the purpose is no longer necessary). There are exceptions to this rule, specifically when the personal data are required for other purposes, including legal ones.

Your personal data will be stored:

• until you revoke your consent
• until the reason for processing your personal data ceases to apply or the processing is no longer necessary (e.g. after you have withdrawn your application for a job; in the case of contracts, the reason shall apply at least until the deadlines for warranty or compensation claims have expired, as long as personal data are required for the assertion of legal claims)
• until we no longer have a legitimate interest in storing it (e.g. when we no longer require personal data for defending against or asserting legal claims or guaranteeing IT security)
• for as long as we are under a legal obligation to do so (e.g. statutory retention periods for receipts, tax returns, etc., for tax or commercial-law purposes)

You can find further information on the topic of deletion in our data protection statement.

In accordance with the applicable statutory provisions, you have the following rights:

• Right to information: you have the right to be informed about whether we process your personal data and which data we process and to receive further information and a copy of the data in accordance with the legal requirements. The right to information may be restricted in certain cases (e.g. if this is necessary to protect other individuals).
• Right to correction: you have the right to have incorrect or incomplete personal data corrected/completed.
• Right to deletion and restriction of processing: within the scope of the applicable legal provisions, you have the right to request that your personal data be deleted or that their processing be restricted (e.g. temporary suspension of processing). There are exceptions to this; for example, deletion may not be possible if personal data are required for the assertion of legal claims.
• Right to data transmission: you have the right to obtain the personal data you provided to us in a structured, standard, machine-readable format or to have it forwarded to another controller, in accordance with the applicable legal provisions.
• Right to revoke consent: where we process your personal data on the basis of your consent, you have the right to revoke this consent for the future at any time.
• Right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 para. 1 (e) or (f) GDPR; this also applies to profiling based on these provisions. If personal data are processed in order to engage in direct marketing, you have the right to object to the processing of personal data concerning you for the purpose of such marketing at any time; this also applies to profiling, to the extent that it is connected to such direct marketing.

You have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data is in breach of data protection regulations.

You may lodge a complaint with a supervisory authority in the European Union (EU) or European Economic Area (EEA) Member State of your residence or your place of work or in the EU/EEA Member State whose data protection regulations you believe have been breached. A list of data protection supervisory authorities is provided here, for example.

In Switzerland, you can contact the Federal Data Protection and Information Commissioner.

We may amend this data protection statement, in particular in the event of changes in the law, our data processing procedures or companies’ contact details. If we are obliged to do so (e.g. if the basis for your consent changes), we will inform you individually about any changes.