1. Contact details

Switzerland Cheese Marketing AG, which has its registered office in Switzerland, and its subsidiaries (also referred to together as “we”, “us” or “Switzerland Cheese Marketing”) are each responsible for data processing in accordance with this data protection statement.

Switzerland Cheese Marketing AG
Laubeggstrasse 68
CH-3006 Bern

Joint-stock company under Swiss law (CHE-140.749.178)

Tel. +41 (0)31 385 26 26
info@STOP-SPAM.scm-cheese.com

Websites: https://www.schweizerkaese.ch / https://www.fromagesuisse.ch / https://www.formaggiosvizzero.ch / https://www.cheesesfromswitzerland.com

Data Protection Officer and Representative

Data Protection Officer:

Switzerland Cheese Marketing AG
Mr Stefan Emmenegger
Secretary General
Laubeggstrasse 68
CH-3006 Bern

2. Legal bases

Switzerland Cheese Marketing is represented in various countries. For that reason, a range of different legal bases apply at both national and EU level. We have listed the legal basis applicable in each case to the various types of processing of your personal data, as stipulated in the General Data Protection Regulation (GDPR). It would be beyond the scope of this data protection statement to name every legal basis applicable in every country.

3. Definition of personal data and processing

The term “personal data” encompasses all information with which a natural person (an individual) can be identified directly or indirectly. “Processing” means the handling/use of personal data.

Find out more

Personal data can be divided into categories. Examples of such categories and the personal data they contain are:

  • Master data (e.g. names, addresses, dates of birth)
  • Contact data (e.g. e-mail address, telephone number)
  • Content data (e.g. text entries on web forms, photographs, videos, sound recordings)
  • Contract data (e.g. information on the contract such as the subject matter, contract type and term, customer category, CV)
  • Usage data (e.g. recording of websites accessed and apps used, location and movement data, access times, preferences and affinities with content)
  • Meta-data and communication data (e.g. device information, IP addresses, location of devices/persons)
  • Financial data (e.g. credit card number, account number, payment history)
  • Particularly sensitive data/special categories of personal data (e.g. religious or political views, race/ethnicity, sexual orientation)

This is not an exhaustive list; other personal data may also be processed.

Examples of processing include the collection, storage, alteration, use, forwarding or deletion of personal data.

4. Personal data processed and purposes of processing

We primarily process personal data when they come directly from you (e.g. when we write to each other or when you subscribe to our newsletter, order a product or take part in a competition). We also process personal data that we receive from third parties, for instance when we task them with collecting personal data (e.g. financial service providers for payments, providers of Internet analysis services). To the extent permitted, we also take personal data from publicly available sources (e.g. the commercial register, the Internet, the press).

The following section provides further details of the personal data that we process, the purposes for which we process it and the legal basis for processing.

Your personal data are processed when you contact us or we contact you, e.g. by e-mail, post or telephone. In general, the data consists of your name and further contact details and the content of the message (including any personal data of third parties). The scope and purpose depend heavily on the content of the communication. We will forward certain personal data to the responsible unit within the Switzerland Cheese Marketing Group or, if necessary, to third parties.

Personal data processed (in categories)
  • Master data
  • Contact data
  • Usage data (e.g. time and content of communication)
  • Meta-data and communication data (e.g. device information, IP addresses, location of devices/persons)
  • Where necessary, information about third parties
  • Where necessary, particularly sensitive personal data
Purpose of processing
  • Communication with you
  • Customer care
  • Quality assurance and training
  • Further purposes for which communication is required (e.g. contract performance)
Legal basis for processing
  • Consent, if communication is taking place on your initiative
  • Our legitimate interests in relation to customer satisfaction, improving our services, avoiding errors in our processes, becoming more competitive

Your personal data will be processed if you purchase goods or services from us. This will be done, in particular, for the purpose of contract/order processing, delivery and invoicing. In some cases, the processing of orders (e.g. of merchandise items or information materials) is carried out by other companies/third parties. We have to forward/disclose the necessary information to these third parties to enable them to process the orders.

Personal data processed (in categories)
  • Master data (e.g. names, addresses)
  • Contact data (e.g. e-mail address, telephone number)
  • Content data (e.g. user account information to set up a customer account)
  • Financial data
  • Contract data
  • Where necessary, particularly sensitive personal data
Purpose of processing
  • Pre-contractual enquiries or contract performance
  • Statistical purposes for evaluating the interaction with customers
Legal basis for processing
  • Processing pre-contractual enquiries, contract performance
  • Legitimate interests (e.g. delivering goods to third parties)
  • Legal obligation
  • Express consent, if particularly sensitive personal data are being processed

We offer payment options, e.g. banks or other financial institutions or service providers (“payment service providers”), for the purpose of processing contracts and other legal relationships. To this end, the payment service providers process contact and identification data (e.g. name, address), bank details (e.g. bank account, account or credit card numbers), passwords and other payment information. Please refer to the terms and conditions and other statements of the payment service providers for more information on this. We only receive information about the confirmation or rejection of the payment. Where required for the purpose of identity verification and credit checks, payment service providers may forward data to third parties in accordance with their terms and conditions and data protection statements.

We process your data for the purpose of online marketing – primarily in order to market advertising spaces or content that we use on the basis of your potential interests and to measure efficacy. This enables us, based on your user behaviour on a particular website, to display adverts that are individually tailored to you on partner websites, for example.

On the basis of your user behaviour on our website, on social networks or on partner websites, we create user profiles (profiling) that are saved in cookies (files) or via similar processes. Data saved in this way can also be evaluated on other websites, supplemented with other data and saved on servers of online marketing providers.

User behaviour includes, for example, websites accessed and their content, technical data (e.g. browsers used, IP addresses), usage times and location data (if you gave your consent to the latter).

In general, pseudonymised user profiles – containing, for example, no names or e-mail addresses and only truncated IP addresses – are used. This means that we and other providers do not know your actual identity; we only have access to the information saved in the user profiles. In exceptional cases, however, we are able to attribute your personal data to the user profiles (e.g. when we use an online marketing process on a social network that you access as a logged-in user and the social network links your profile with the user behaviour).

We have information about the efficacy of our online marketing measures (e.g. whether they led to a contract being concluded with us) and use this to measure the success of our marketing measures.

We use Facebook Pixel, Twitter Analytics, Google Ads, Google Tag Manager and Google Ad Manager.

You can opt out of the processing of your personal data on the website of the provider in question or in your browser’s cookie settings.

Facebook Pixel including Custom Audiences

Facebook Pixel and Custom Audiences can be used for the following purposes:

  • Facebook can define people who access our online offering as a target group for adverts, as a result of which potential interested users will be shown adverts by Facebook
  • We can measure the efficacy and the success of our marketing measures and use this information for statistical purposes, for instance by being able to see whether users are forwarded to our website by Facebook adverts

We are jointly responsible together with Facebook Ireland Ltd. for the collection and maintenance of event data upon transmission (e.g. for direct messaging via Facebook Messenger and for displaying adverts). We have signed a contract with Facebook for this purpose (“Controller Addendum”, see: https://www.facebook.com/legal/controller_addendum).

If Facebook provides us with information, analyses, etc., we are not joint controllers; rather, Facebook is the contract processor: https://www.facebook.com/legal/terms/dataprocessing). 

Facebook collects certain contact data (e.g. names and e-mail addresses) or we transmit these data to Facebook in order to form target groups for potential interests. After the target groups have been formed, these contact data are deleted. The contact data are transmitted in encrypted form (hash values).

Twitter Analytics

Twitter Analytics enables us to measure the efficacy of our online marketing measures by transmitting information to us about how many users clicked on our adverts and were forwarded to our website. The data we receive cannot be used to draw conclusions about your identity. However, Twitter itself can save and process your personal data and create a connection to a user profile. This enables Twitter and its partners in particular to display adverts on websites. Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; website: https://twitter.com; data protection statement: https://twitter.com/en/privacy 

 

Google Ads including conversion measurement (formerly AdWords)

Google Ads enables us to display adverts that are tailored to users’ potential interests in the area of the Google services (e.g. Google search results, YouTube videos). In addition, information that is transmitted to us regarding how many users have clicked on our adverts allows us to measure the efficacy of our online marketing. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; data protection statement: https://policies.google.com/privacy.

Google Tag Manager

Google Tag Manager makes it easier to implement web analysis tools. The user’s IP address is transmitted/disclosed to Google so that it can run Google Tag Manager. However, no user profiles are created and no cookies are saved. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; data protection statement: https://policies.google.com/privacy.

Google Ad Manager (formerly DoubleClick)

Google Ad Manager enables us to carry out re-marketing activities, i.e. to display adverts tailored to users’ potential interests in real time in the area of the Google services (e.g. Google search results, YouTube videos). Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; data protection statement: https://policies.google.com/privacy.

Personal data processed (in categories)
  • Usage data (e.g. websites accessed, access times, interest in content)
  • Meta-data and communication data (e.g. device information, IP addresses, location data)
  • Contact data (e.g. e-mail addresses, names)
Purpose of processing
  • Marketing and re-marketing
  • Creation of user profiles
  • Measurement of efficacy and success of marketing measures
  • Creation of target groups for marketing purposes
Legal basis for processing
  • Consent
  • Legitimate interests in improving our services and offers and making them more profitable

We use third-party applications to hold video and telephone conferences and share computer screens. Certain personal data of yours (e.g. log-in and contact details, video and audio data, chat messages, usage data and meta-data and, in some cases, data for marketing purposes) are saved by these providers on their servers and processed. Please refer to the data protection statements of the relevant providers.

We use Zoom, Google Meet or Microsoft Teams.

We use the following service providers:

Zoom

Video conferences, web conferences, service provider; Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; website: https://zoom.us; data protection statement: https://zoom.us/docs/de-de/privacy-and-legal.html.

Google Meet

Video conferences, web conferences, service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://apps.google.com/meet/; data protection statement: https://policies.google.com/privacy

Microsoft Teams

Video conferences, web conferences, service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; website: https://products.office.com; data protection statement: https://privacy.microsoft.com/en-us/privacystatement.

Personal data processed (in categories)
  • Usage data (e.g. websites accessed, access times, interest in content)
  • Meta-data and communication data (e.g. device information, IP addresses)
  • Contact and content data (e.g. e-mail addresses, telephone numbers, text entries during registration)
Purpose of processing
  • Provision of contractual services
  • Communication
  • Administrative organisation of the company
Legal basis for processing
  • Consent
  • Pre-contractual enquiries or contract performance
  • Legitimate interests

We use software services supplied by third-party providers to save and manage data via the Internet (e.g. calendar, e-mail addresses, chats, accounting programmes, exchange of data). Your personal data may be processed in the course of these activities. In terms of the personal data used, please refer to the data categories listed in this data protection statement for details of the respective processes. The third-party providers may also process personal data in connection with the processes, e.g. certain contact details or usage and meta-data.

We use Microsoft Cloud, Dropbox, Google Drive and Abacus.

We use the following service providers:

Microsoft cloud services

Cloud provider, service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; website: https://microsoft.com/en-us; data protection statement: https://privacy.microsoft.com/en-us/privacystatement.

Dropbox

Cloud provider, service provider: Dropbox, Inc., 333 Brannan Street, San Francisco, California 94107, USA; website: https://www.dropbox.com/en; data protection statement: https://www.dropbox.com/privacy.

Google cloud services

Cloud provider, service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://cloud.google.com/; data protection statement: https://www.google.com/policies/privacy.

Abacus

Abacus Research AG
Abacus-Platz 1
9300 Wittenbach
Switzerland

+41 71 292 25 25
info@abacus.ch

Website: https://www.abacus.ch

Data protection statement: https://www.abacus.ch/en/data-protection

 

Personal data processed (in categories)
  • Usage data (e.g. websites accessed, access times, interest in content)
  • Content data (e.g. videos, photographs, text content)
  • Contact data (e.g. e-mail addresses, telephone numbers)
  • Meta-data and communication data (e.g. device information, IP addresses)
Purpose of processing
  • Administrative organisation of the company
Legal basis for processing
  • Consent
  • Pre-contractual enquiries or contract performance
  • Legitimate interests

We hold competitions and other, similar events (“Competitions”). In the process, we collect both contact and content data. We require these data for communication with you, for reporting on the Competition and for marketing purposes. More detailed information is provided in the terms and conditions of participation. Competitions may also be conducted via social networks or third-party platforms. In these cases, the data protection provisions of these networks and platforms also apply.

Personal data processed (in categories)
  • Master data (e.g. names, addresses, date of birth, gender)
  • Contact data (e.g. e-mail address, telephone number)
  • Content data (e.g. content from the online form, reporting on the Competition)
Purpose of processing
  • Holding Competitions
  • Processing for marketing purposes
Legal basis for processing
  • Consent
  • Pre-contractual enquiries or contract performance
  • Legitimate interests in improving our services and offers, the security of the Competition and the prevention of abuse
  • Compliance with legal obligations

We process your personal data when we send out newsletters that are only published in electronic form. These may be contact details (e.g. your name), content data (e.g. content from the online form), communication data (e.g. device information) and usage data (e.g. which articles you click on). You receive newsletters on the basis of your consent, e.g. because you subscribed to them, or our legitimate interests in direct marketing. We use the service provider Mailchimp for newsletters. You can ask us to stop sending you newsletters at any time.

We process personal data when we send newsletters, e-mails and other electronic notifications (“Newsletters”) about specific matters, about our services and about ourselves. We process your contact details (e-mail address, form of address and name for personalisation), content data and communication data. In addition, technical information is collected when you open the newsletter (e.g. IP address, time at which the newsletter was opened, your browser and system) and open and click rates are measured. Our aim in processing the technical data and analysing target groups, your reading behaviour (access locations according to IP address) and access times is to tailor our products and services more closely to your needs and to generally improve them.

You receive newsletters on the basis of your consent, i.e. because you subscribed to them, or our legitimate interests (e.g. marketing to existing customers). To prevent people from signing up with others’ e-mail addresses, you will receive an e-mail after you have registered requesting that you confirm your registration (double opt-in method). IP address, changes of registration data and time of registration and confirmation are recorded for documentation purposes. Provided that you confirm that you previously gave your consent, you can request that it be deleted at any time.

You can unsubscribe from newsletters at any time via the link at the end of the newsletter or contact us using the contact details provided to request that we no longer send the newsletter to you (with effect for the future). We save unsubscribed e-mail addresses for documentation purposes and to prevent newsletters from being sent to these recipients again (blocking lists).

We send e-mail newsletters via Mailchimp, a company that has its registered office in the US. User data may be processed outside the EEA and Switzerland (e.g. in the US).

Mailchimp

E-mail marketing platform, service provider: Mailchimp – Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; website: https://mailchimp.com; data protection statement: https://mailchimp.com/legal/privacy/.

Personal data processed (in categories)
  • Master data (e.g. names, addresses, date of birth, gender)
  • Contact data (e.g. e-mail address, telephone number)
  • Content data (e.g. content from online form)
  • Usage data (e.g. access times, websites accessed, interest in content)
  • Meta-data and communication data (e.g. IP address, device information)
Purpose of processing
  • Direct marketing (e.g. via e-mail)
  • Provision of contractual services
  • Customer service
Legal basis for processing
  • Consent
  • Legitimate interests in direct marketing
Post, fax, telephone

We process personal data transmitted by post, telephone or fax for marketing purposes in relation to specific matters, our services and ourselves. We process your contact details (address, telephone number, form of address and name for personalisation).

You receive such messages on the basis of your consent or our legitimate interests (e.g. marketing to existing customers). You can unsubscribe from messages and request that we stop sending them to you at any time (with effect for the future). We save unsubscribed contact details for documentation purposes and to prevent newsletters from being sent to these recipients again (blocking lists). Provided that you confirm that you previously gave your consent, you can request that it be deleted at any time.

Personal data processed (in categories)
  • Master data (e.g. names, addresses, date of birth, gender)
  • Contact data (e.g. e-mail address, telephone number)
Purpose of processing
  • Direct marketing (e.g. by post)
  • Provision of contractual services
  • Customer service
Legal basis for processing
  • Consent
  • Legitimate interests in direct marketing

We are represented on social networks, specifically Facebook, Instagram, YouTube, Twitter, LinkedIn and TikTok. We process users’ data by communicating with them or offering them information about us. In general, these social networks use users’ data for marketing and market research purposes over which we have no influence. User data may be processed outside the EEA and Switzerland (e.g. in the US). Please refer to the data protection statements and opt-out options of the respective social networks.

Facebook

social network, service provider. Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA. Website: https://www.facebook.com. Information on data protection: www.facebook.com/policy.php

Together with Facebook Ireland Ltd., we are responsible for collecting the data of visitors to our Facebook page (“Fan Page”). As the operator of a Fan Page, we have signed a contract with Facebook (“Information about Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum). In particular, this defines the security measures that Facebook must take and the rights of data subjects that Facebook must respect (e.g. whether users can send information or requests for deletion directly to Facebook).

YouTube

Social network, video platform, service provider. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Website: https://www.youtube.com/. Information on data protection: https://policies.google.com/privacy

Instagram

Social network, service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.instagram.com; data protection statement: https://instagram.com/about/legal/privacy

Twitter

Social network, service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; website: https://twitter.com, data protection statement: https://twitter.com/en/privacy.

LinkedIn

Social network, service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com; data protection statement: https://www.linkedin.com/legal/privacy-policy.

TikTok

Social network; service provider: musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA; users in the EEA: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; users in the UK: TikTok Information Technologies UK Limited, 6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; website: https://www.tiktok.com; data protection statement: https://www.tiktok.com/legal/privacy-policy.

Personal data processed (in categories)
  • Master data (e.g. names, addresses, dates of birth)
  • Contact data (e.g. e-mail address, telephone number)
  • Content data (e.g. content from online form)
  • Usage data (e.g. access times, websites accessed, recognition of returning visitors)
  • Meta-data and communication data (e.g. IP address, device information)
Purpose of processing
  • Communication, contact requests
  • Tracking (e.g. creation of user profiles, interest and behaviour-based marketing, use of cookies)
  • Measuring reach (e.g. recognition of returning users, creation and use of access statistics)
  • Appealing to users of our websites on other sites (re-marketing)
  • Interest and behaviour-based marketing
Legal basis for processing
  • Legitimate business and communication-related interests in the offering of an information and communication channel

We process personal data (e.g. name, postal or e-mail address, other data as required) when we hold events for customers or business partners (e.g. sponsorship or marketing events) or for our shareholders/the Board of Directors (e.g. an annual general meeting). Further information will be provided in the relevant terms and conditions of participation.

We process data in order to hold these events and for communication and marketing purposes, e.g. targeted communications to draw your attention to certain events.

Personal data processed (in categories)
  • Master data (e.g. names, addresses)
  • Contact data (e.g. e-mail address, telephone number)
  • Content data (e.g. information from the registration form, data related to the event)
Purpose of processing
  • Events
  • Communication, contact requests
  • Interest and behaviour-based marketing
Legal basis for processing
  • Contract performance and pre-contractual enquiries
  • Compliance with legal obligations
  • Legitimate business and communication-related interests in the offering of an information and communication channel

We process personal data when you apply for a job with us. The information required is detailed in the job description, the requirements profile or the online form entries you have to make. Normally the information we need will be your name, address and further contact details, your CV, certificates for your qualifications and references.

Job applications via online forms are transmitted in encrypted form using state-of-the-art technology. Applications sent by e-mail are not encrypted, so we do not accept responsibility for the transmission. If you would like to send us your application by another means, please contact us.

We generally delete personal data from job applications within six months of the completion of the application process. If you give us your consent, we may keep your application with a view to considering it for future vacancies.

Personal data processed (in categories)
  • Master data (e.g. names, addresses, date of birth, gender)
  • Contact data (e.g. e-mail address, telephone number)
  • Content and contract data (e.g. information related to the application, such as references and qualifications)
  • Particularly sensitive data in individual cases (e.g. if health data are relevant for the job in question)
Purpose of processing
  • Assessment of the applicant’s suitability for the job advertised
  • Retention of application for potential future vacancies (if requested by applicant)
Legal basis for processing
  • Contract performance and pre-contractual enquiries
  • Express consent if particularly sensitive data are required for the application
  • Processing for preventive healthcare or occupational medicine purposes if particularly sensitive data are being processed

We process personal data in order to comply with legal requirements. These include, for example, complying with applicable laws and regulations, handling complaints, carrying out internal investigations, responding to enquiries from courts and authorities and asserting, exercising and defending ourselves against legal claims.

Personal data processed (in categories)
  • Master data (e.g. names, addresses, date of birth, gender)
  • Contact data (e.g. e-mail address, telephone number)
  • Contract data
  • Content data
  • Usage data (e.g. websites accessed, interest in content, access times, user preferences)
  • Meta-data and communication data (e.g. device information, IP addresses, information for identifying/authenticating users)
  • Financial data
  • Where necessary, particularly sensitive personal data
  • Further data required for the purpose of processing
Purpose of processing
  • Adherence to legal requirements
  • Ensuring compliance
  • Detecting and investigating abuse
  • Asserting our claims and defending ourselves against those asserted against us
Legal basis for processing
  • Compliance with legal obligations
  • Legitimate interests in avoiding loss/damage and compliance with requirements
  • Contract performance

We process personal data for administrative and organisational purposes within each individual Switzerland Cheese Marketing company. Data is also transmitted between the Switzerland Cheese Marketing companies (e.g. to forward enquiries and credit information or review and improve our processes). We also forward personal data to third parties outside Switzerland Cheese Marketing for such purposes (e.g. accounting by third-party providers, advisory services from lawyers and tax advisors, IT management by IT companies, payment collection by payment collection companies).

Personal data processed (in categories)
  • Master data (e.g. names, addresses, dates of birth, gender)
  • Contact data (e.g. e-mail address, telephone number)
  • Contract data
  • Content data
  • Usage data (e.g. websites accessed, interest in content, access times, user preferences)
  • Meta-data and communication data (e.g. device information, IP addresses, information for identifying/authenticating users)
  • Financial data
  • Where necessary, particularly sensitive personal data
Purpose of processing
  • Management of data that are used by more than one Switzerland Cheese Marketing company
  • IT management
  • Accounting
  • Data archiving
  • Forwarding of enquiries to responsible bodies
  • Review and improvement of processes
Legal basis for processing
  • Compliance with legal obligations
  • Legitimate interests in the purposes of processing of the individual Switzerland Cheese Marketing companies, in the overall interest of all companies within Switzerland Cheese Marketing
  • Contract performance

5. Transmission and provision of access to personal data

We may transmit and provide access to personal data that we receive from you or from third parties both within and between each Switzerland Cheese Marketing company (“forwarding”).

We may also forward personal data that we receive from you or third parties, e.g. authorities, courts, persons and other bodies/companies.

We do not trade in personal data or sell it to third parties. The data forwarding only takes place within the scope defined in this data protection statement. We only pass personal data onto third parties who process your personal data on our behalf and in accordance with our instructions. We also forward your personal data to third parties if we are legally obliged or entitled to do so.

Transmission and provision of access to Switzerland Cheese Marketing companies: if this occurs for administrative reasons, we are exercising legitimate entrepreneurial and business interests. This may also take place – if required – in order to fulfil contractual obligations, on the basis of your consent or because there are legal grounds for doing so.

Transmission and provision of access to third parties outside of Switzerland Cheese Marketing: these may be, for example, IT service providers (e.g. hosting, e-mail newsletter, data analysis, website operation), logistics companies (dispatch of goods), payment service providers, advisory service providers (lawyers, tax advisors, accountants, recruitment agencies, etc.) and authorities or courts. In the process, we comply with the applicable statutory requirements and sign contracts with these recipients which guarantee the protection of your personal data.

6. Forwarding of personal data abroad

The recipients of your personal data may also be located abroad, i.e. in a country of the European Union (EU), the European Economic Area (EEA) or another country elsewhere in the world. Where personal data are forwarded or disclosed to recipients in other countries or processed in other countries, this is always done in compliance with the applicable legal provisions.

Personal data are only forwarded, disclosed and/or processed abroad in countries with appropriate levels of data protection. If the countries in question do not have this, we impose contractual obligations – based on an assessment of the individual case – using the European Commission standard contractual clauses or the standard outsourcing contract of the Federal Data Protection Commissioner in the case of Switzerland and/or obtain a guarantee that the recipient has the necessary certifications or that binding internal data protection rules (“Binding Corporate Rules”) are in place.

Exceptions to this rule are possible in the following cases: after having the risks explained to you, you give your express consent to the forwarding/disclosure; the forwarding/disclosure of your personal data is required for the performance of the contract; the forwarding/disclosure occurs due to the pursuit of legal claims or the pursuit or safeguarding of other essential legitimate interests in special cases.

7. Technical and organisational measures

Within the scope of the applicable statutory requirements, we take suitable technical and organisational measures to guarantee appropriate protection of your personal data. In the process, we take into account the latest technological developments, the nature, scope, circumstances and purposes of the processing of the personal data and the different probabilities of occurrence and severity levels of the risks to the rights and freedoms of the individuals affected.

Technical measures include, for example, encryption of our website, maintenance of logs, access restriction, data-protection-friendly pre-settings and data back-up. Organisational measures include, for example, the conclusion of confidentiality agreements and other contracts, training for our employees and checks on service providers.

8. Automated individual decision-making

We generally do not engage in automated individual decision-making, i.e. legal decisions without human involvement (e.g. credit checks). If we do do this, we will notify you accordingly and obtain your consent if required.

9. Deletion of personal data

We delete your personal data in accordance with the statutory requirements, i.e. when you revoke your consent to data processing, when we no longer have a legitimate interest in storing the personal data or we are no longer authorised to retain the data for other reasons (e.g. the purpose is no longer necessary). There are exceptions to this rule, specifically when the personal data are required for other purposes, including legal ones.

Your personal data will be stored:

  • until you revoke your consent
  • until the reason for processing your personal data ceases to apply or the processing is no longer necessary (e.g. after you have withdrawn your application for a job; in the case of contracts, the reason shall apply at least until the deadlines for warranty or compensation claims have expired, as long as personal data are required for the assertion of legal claims)
  • until we no longer have a legitimate interest in storing it (e.g. when we no longer require personal data for defending against or asserting legal claims or guaranteeing IT security)
  • for as long as we are under a legal obligation to do so (e.g. statutory retention periods for receipts, tax returns, etc., for tax or commercial-law purposes)

You can find further information on the topic of deletion in our data protection statement.

10. Rights in connection with the processing of personal data

In accordance with the applicable statutory provisions, you have the following rights:

  • Right to information: you have the right to be informed about whether we process your personal data and which data we process and to receive further information and a copy of the data in accordance with the legal requirements. The right to information may be restricted in certain cases (e.g. if this is necessary to protect other individuals).
  • Right to correction: you have the right to have incorrect or incomplete personal data corrected/completed.
  • Right to deletion and restriction of processing: within the scope of the applicable legal provisions, you have the right to request that your personal data be deleted or that their processing be restricted (e.g. temporary suspension of processing). There are exceptions to this; for example, deletion may not be possible if personal data are required for the assertion of legal claims.
  • Right to data transmission: you have the right to obtain the personal data you provided to us in a structured, standard, machine-readable format or to have it forwarded to another controller, in accordance with the applicable legal provisions.
  • Right to revoke consent: where we process your personal data on the basis of your consent, you have the right to revoke this consent for the future at any time.
  • Right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 para. 1 (e) or (f) GDPR; this also applies to profiling based on these provisions. If personal data are processed in order to engage in direct marketing, you have the right to object to the processing of personal data concerning you for the purpose of such marketing at any time; this also applies to profiling, to the extent that it is connected to such direct marketing.

11. Lodging complaints with the data protection supervisory authority

You have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data is in breach of data protection regulations.

You may lodge a complaint with a supervisory authority in the European Union (EU) or European Economic Area (EEA) Member State of your residence or your place of work or in the EU/EEA Member State whose data protection regulations you believe have been breached. A list of data protection supervisory authorities is provided here, for example.

In Switzerland, you can contact the Federal Data Protection and Information Commissioner.

12. Changes to the data protection statement

We may amend this data protection statement, in particular in the event of changes in the law, our data processing procedures or companies’ contact details. If we are obliged to do so (e.g. if the basis for your consent changes), we will inform you individually about any changes.