Privacy policy
RESPONSIBLE FOR THIS WEBSITE.

SACO | Swiss Association of
Compliance Officers
c/o Glück Treuhand & Services
Brunnenwiese 38
8132 Egg b. Zürich

info@complianceofficers.ch

In this Privacy Policy, we, the Swiss Association of Compliance Officers (hereinafter SACO), explain how we collect and process personal data. This is not an exhaustive description; other privacy policies, general terms and conditions, participation terms, or similar documents may regulate specific matters. Personal data refers to any information that relates to an identified or identifiable individual.

If you provide us with personal data of other individuals (e.g., family members, data of colleagues), please ensure that these individuals are aware of this Privacy Policy and only share their personal data with us if you are permitted to do so and if the data is correct.

This Privacy Policy is designed to comply with the requirements of the EU General Data Protection Regulation (GDPR), the Swiss Data Protection Act (DSG), and the revised Swiss Data Protection Act (revDSG). Whether and to what extent these laws apply depends on the specific case.

1. Data Controller / Data Protection Officer / Representative

The data controller for the processing of data described herein is (unless otherwise specified in individual cases):

SACO | Swiss Association of Compliance Officers
c/o Glück Treuhand & Services
Brunnenwiese 38
8132 Egg b. Zürich
info@complianceofficers.ch

If you have any concerns regarding data protection, you can contact us at the above address.

2. Collection and Processing of Personal Data

We primarily process personal data that we receive in the course of our business relationships with customers and other business partners, as well as from additional parties involved, or data we collect from users when operating our websites, apps, and other applications.

Where permitted, we also retrieve certain data from publicly accessible sources (e.g., debt collection registers, land registries, commercial registers, press, internet) or receive such data from other companies, authorities, and third parties. In addition to the data you provide directly to us, the categories of personal data we receive from third parties include, in particular, data from public registers, information related to legal and court proceedings, data related to your professional roles and activities (so that we can conclude and process transactions with your employer), information from correspondence and meetings with third parties, creditworthiness information (where relevant to our dealings with you), data provided by individuals in your environment (e.g., family, advisors, legal representatives) to facilitate contracts with you or involving you (e.g., references, your address for deliveries, powers of attorney, information to comply with legal requirements such as anti-money laundering and export restrictions), information from banks, insurers, distributors, and other contractual partners related to services used by you (e.g., payments, purchases), information from media and the internet about you (where appropriate, e.g., in the context of an application, press review, marketing/sales), your addresses and possibly interests and further sociodemographic data (for marketing), as well as data related to the use of the website (e.g., IP address, MAC address of smartphones or computers, information about your device and settings, cookies, date and time of visit, pages accessed, features used, referring website, location data).

3. Purposes of Data Processing and Legal Bases

The personal data we collect is primarily used to fulfill our contractual obligations to customers and business partners. This also includes the purchase of products and services from our suppliers and subcontractors. Additionally, we use this data to comply with our legal obligations both domestically and internationally. If you act on behalf of such a customer or business partner, your personal data may also be affected in this capacity.

Beyond this, we process personal data about you and others where allowed and as deemed appropriate for the following purposes, which are in line with our legitimate interests (and sometimes the legitimate interests of third parties):

  • Offering and further developing our services, products, and websites, apps, and other platforms where we are present;
  • Communication with third parties and processing of their inquiries (e.g., job applications, media inquiries);
  • Evaluation and optimization of procedures for analyzing needs to facilitate direct customer engagement and collecting personal data from publicly accessible sources for customer acquisition;
  • Advertising and marketing (including organizing events), as long as you have not objected to the use of your data (if we send you advertising as an existing customer, you can object at any time, and we will add you to a do-not-contact list);
  • Market and opinion research, media observation;
  • Enforcement of legal claims and defense in legal disputes and official proceedings;
  • Prevention and investigation of crimes and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);
  • Ensuring the security of our operations, particularly IT, our websites, apps, and other platforms;
  • Video surveillance to uphold property rights and other measures for IT, building, and facility security, and protection of our employees and other individuals, as well as property entrusted to us (e.g., access control, visitor lists, network and email scanners, phone recordings);
  • Business transactions such as purchases and sales of business units, companies, or parts of companies, and other corporate transactions involving the transfer of personal data, as well as measures related to business management and compliance with legal and regulatory obligations and internal SACO policies.

If you have given consent for the processing of your personal data for certain purposes (e.g., for receiving newsletters or conducting background checks), we process your personal data within the scope of and based on that consent, unless we have another legal basis for the processing and require one. Consent can be withdrawn at any time, but this does not affect any data processing that has already occurred.

4. Cookies / Tracking and Other Technologies Related to the Use of Our Website

We typically use “cookies” and similar technologies on our websites to identify your browser or device. A cookie is a small file sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. If you visit our site again, we may recognize you even if we do not know who you are. Session cookies are used during a visit and deleted afterward, while persistent cookies are used to store user preferences and other information over a period of time (e.g., two years). Most browsers are set to accept cookies by default. You can configure your browser to reject cookies, only store them for one session, or delete them early. However, rejecting cookies may limit the functionality of some features (e.g., language selection, shopping cart, order processes).

We may embed visible and invisible image elements in our newsletters and other marketing emails, which, when retrieved from our servers, enable us to determine whether and when you have opened the email. This helps us measure and understand how you use our services and tailor them to your needs. Most email programs are set to block this by default.

By using our websites and agreeing to receive newsletters or other marketing emails, you consent to the use of these techniques. If you do not want this, you must adjust your browser or email program accordingly.

We also use services like Google Analytics or similar on our websites. This is a service provided by third parties, which can be located anywhere in the world (for Google Analytics, it is Google Ireland, which relies on Google LLC in the USA as a processor), allowing us to measure and evaluate the use of our website. We have configured the service to anonymize IP addresses before they are transmitted to the USA.

5. Data Disclosure and Transfer Abroad

In the course of our business activities and for the purposes outlined in Section 3, we may also disclose personal data to third parties, provided this is permissible and appropriate, including for processing or for their own purposes. This includes the following categories of recipients:

  • Our service providers, including processors;
  • Suppliers, subcontractors, and other business partners;
  • Customers;
  • Authorities, agencies, or courts, both domestic and foreign;
  • The public, including visitors to websites and social media;
  • Competitors, industry organizations, associations, and other bodies;
  • Acquirers or parties interested in acquiring business units, companies, or parts of SACO;
  • Other SACO entities;
  • Other parties in potential or actual legal proceedings.

These recipients may be located in Switzerland or abroad. If a recipient is located in a country without adequate legal data protection, we require the recipient to contractually comply with the applicable data protection standards.

6. Duration of Data Retention

We process and store your personal data for as long as necessary to fulfill our contractual and legal obligations or for the purposes for which it was processed. After that, the data will generally be deleted or anonymized. Operational data, such as system logs, may have shorter retention periods of 12 months or less.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access and misuse, such as issuing instructions, conducting training, using IT and network security solutions, and implementing access controls and encryption.

8. Obligation to Provide Personal Data

In the context of our business relationship, you must provide the personal data necessary for the establishment and performance of that relationship. Without such data, we will generally not be able to conclude or fulfill a contract with you (or the entity you represent). Certain data is also necessary for the use of our website.

9. Profiling

We may process your personal data partially automatically to assess certain personal aspects (profiling), particularly to provide targeted information about products or to customize marketing efforts.

10. Rights of the Data Subject

Under applicable data protection laws, you have the right to access, rectify, delete, restrict the processing of your data, object to our data processing, and data portability in certain cases. However, we reserve the right to enforce legal restrictions, for example, if we are required to retain certain data or have a legitimate interest in doing so.

You also have the right to file a complaint with the competent data protection authority in Switzerland or seek legal remedies.

11. Changes

We may update this Privacy Policy at any time without prior notice. The current version published on our website applies. If the Privacy Policy is part of an agreement with you, we will inform you of any updates by email or another appropriate means.