Text Link

Privacy Policy & Cookies Policy

Last updated
31 August 2023

1. Scope

The protection of your personal data and your privacy is important to us. Accordingly, it is a matter of course for us to comply with the legal requirements of the Swiss Federal Act on Data Protection (DSG), the Ordinance to the Federal Act on Data Protection (VDSG), the Swiss Telecommunications Act (FMG) and other provisions on data protection which might be applicable, in particular the EU General Data Protection Regulation (GDPR).

Personal data is defined as data/information relating to identified or identifiable natural persons. Online identification characteristics such as IP addresses are considered personal data, unless such were rendered anonymous.

Procivis AG (“Procivis”) is a Data Controller within the meaning of the DSG and GDPR. If you are a resident of the European Union or other regions with laws governing data collection and use, then you agree to the transfer of your information to Switzerland.

This Privacy Notice applies to all persons whose data we process (hereinafter referred to as “you”), regardless of which channel you use to contact us (e.g., in person, by phone, on a website, in an app, via a social network, at an event, etc.). It applies to the processing of personal data that have already been collected and personal data that will be collected in the future.

In the Privacy Notice below, we inform you about the claims and rights under data protection laws to which you are entitled and about the most important aspects of data processing performed in our company.

2. Contact

Procivis AG
Dietzingerstrasse 3
8003 Zürich
Switzerland
Telephone: +41 44 523 65 35
Email: legal@procivis.ch
Website: www.procivis.ch

3. Data Categories

3.1 Master Data

Master data comprise the fundamental data about you, such as title, name, contact details, or date of birth. We collect master data in particular as part of our regular business activities, in particular if you contact or connect with us through any digital channel or approach one of our representatives in person (e.g., trade fairs). We also collect master data if, for example, you take part in a survey, competition or prize draw, register for a newsletter or download materials such as whitepapers. Moreover, we collect master data for access controls to our events or office premises. We additionally collect master data about contacts and representatives of contractual partners, organizations, and authorities.

Examples of master data can include
3.2 Contract Data

Contract data are personal data accrued in connection with the conclusion or processing of a contract, e.g., information on the conclusion of the contract, acquired claims and receivables, or information about client satisfaction. We primarily conclude contracts with clients, business partners, and job applicants, but also with other contractual partners. If based on a contract, we often also collect transaction and behaviour data.

Contract data can include details
3.3 Communication Data

If you contact us or we contact you, for example when you contact support service, or when you write to us, or call us, we process the exchanged communication contents and information about the type, time, and place of communication. In certain situations, we may also ask you to provide proof of identity.

Examples of master data can include
3.4 Transaction and Behaviour Data

When we send you electronic messages (e.g., newsletter), you download our mobile apps, you visit our website or visit our premises and make use of our infrastructure, we frequently collect data about this usage and generally about your behavior.

Examples of transaction and behavior data can include the following information if available to us as personal data
3.5 Preference Data

We wish to tailor our offers and services to our clients as effectively as possible. We therefore also process data about your interests and preferences. To do so, we may combine transaction and behavior data with other data and analyze such data on a personal and non-personal basis. This enables us to draw conclusions about characteristics, preferences, and likely behavior, such as your preferences and affinities regarding specific products and services.

In particular, we may create segments (permanently or case-related), that is, groups of persons displaying similarities with regard to specific characteristics. Preference data may be used either personally (e.g., in order to send you relevant marketing material) or on a non-personal basis (e.g., for market research or product development purposes).

3.6 Technical Data

When you make use of our websites, apps, Wi-Fi networks, or other electronic services, we collect certain technical data such as your IP address or device ID. Technical data also include the protocols in which we record the use of our systems (log files). In some cases, we may also assign a unique code number (an ID) to your end device (tablet, PC, smartphone, etc.), for example by using cookies or similar technologies, in order to be able to recognize it. Further details concerning this can be found in section 6.

Technical data can include

Technical data can in particular also be used to collect behavior data, that is, details about your use of websites and mobile apps (see section 3.4). However, we are usually unable to derive who you are from technical data.

Concerning the processing of technical data, please also consult section 12.

3.7 Images, Videos and Sound Recordings

We regularly produce photos, videos, and sound recordings in which you might be featured, for example if you attend an event or visit our office premises.

For security and evidentiary purposes, the entrance areas of our office premises are secured via video recording. Thereby, we may obtain information on your behavior when accessing the premises. The use of video surveillance systems is localized and clearly indicated.

Examples of image and sound recordings can include

4. Data Origin

4.1 Provided Data

You often disclose personal data to us yourself, for instance when sending us data or communicating with us. Master, contract, and communication data in particular are generally something you disclose to us yourself. You are in many cases also responsible for disclosing preference data to us.

For example, you provide us with personal data yourself in the following cases

The provision of personal data is largely voluntary, which means that you are not generally obliged to disclose your personal data to us. However, we do have to collect and process the personal data that are required for processing contractual relationships and fulfilling associated obligations or that are prescribed by law, such as mandatory master and contract data, as we would otherwise be unable to conclude or continue the contract in question.

If you send us data about other persons (e.g., co-workers), we assume that you are authorized to do so and that these data are correct. Please also ensure that these other persons have been informed about this Privacy Notice.

4.2 Collected Data

We may also collect personal data about you ourselves or automatically, such as when you interact with our website, newsletters or any other electronic promotional materials, or procure our products and services. Such data frequently comprise transaction and behavior data and technical data.

For example, we independently collect personal data about you in the following cases

We may also derive personal data from personal data already available to us, for example by analyzing transaction and behavior data.

4.3 Received Data

We may also receive information about you from other third parties, such as from companies with which we cooperate, persons who communicate with us, or public sources.

For example, we may receive information about you from the following third parties

5. Purposes of Processing Personal Data

5.1 Communication

We wish to remain in contact with you and address your individual requirements. We therefore process personal data for the communication with you, in order to answer inquiries and support requests, for instance. In particular, we make use of communication and master data for this, as well as contract data if the communication concerns a contract. We may also personalize the content and time of dispatch of messages on the basis of behavior, transaction, preference, and other data.

The purpose of communication can comprise
5.2 Contract Processing

We wish to offer you the best possible service. We therefore process personal data in connection with the initiation, administration, and processing of contractual relationships, for instance to provide a service, or host a prize draw. Contract processing also includes any agreed personalization of services. For this purpose, we particularly make use of master data, contract data, communication data, transaction and behavior data, as well as preference data.

The purpose of contract processing generally comprises everything that is necessary or appropriate for concluding, executing, and, where applicable, enforcing a contract.

For example, this includes processing to
5.3 Information and Marketing

We wish to present you with attractive offers. We therefore process personal data for relationship management and marketing purposes, for example in order to send you written and electronic messages and offers and carry out marketing campaigns. These may comprise our own offers, or those of advertising partners. Messages and offers may also be personalized in order to – as far as possible – only send you information that is likely to be of interest to you. For this purpose, we in particular make use of master data, contract data, communication data, transaction data, behavior data, and preference data, but also image and sound recordings.

Examples include can include the following messages and offers

Unless we separately ask for your consent to contact you for marketing purposes, you may decline such contacts at any time. In the case of newsletters and other electronic messages, you can generally opt out of the corresponding service via an unsubscribe link integrated in the message.

The personalization of our messages enables us to tailor information to your individual needs and interests, and to only present you with information that is likely to be relevant for you.

5.4 Market Research and Product Development

We aim to improve our offers continuously and make them more attractive for you. We therefore process personal data for market research and product development purposes. To do so, we particularly process master, behavior, transaction, and preference data, as well as communication data and information from customer surveys, other surveys and studies, and further information, for example from the media, the Internet, and other public sources. As far as possible, we make use of pseudonymized or anonymized information for these purposes.

Market research and product development may include
5.5 Security and Prevention

We wish to guarantee your and our security and prevent misuse. We therefore also process personal data for security purposes, to guarantee IT security, to prevent theft, fraud, and misuse, and for evidentiary purposes. This can concern all the personal data categories, in particular also transaction and behavior data and image, video and sound recordings. We can acquire, analyze, and store these data for the purposes mentioned.

Examples of the purpose of security and prevention include
5.6 Compliance with Statutory Requirements

We wish to lay the foundations for compliance with statutory requirements. We therefore also process personal data to comply with legal obligations and to prevent and detect infringements. Examples of this include receiving and processing complaints and other messages, complying with court and administrative orders, and measures for detecting and investigating misuse. This can concern all personal data categories.

All such cases may concern Swiss law or foreign regulations to which we are subject, as well as self-regulations, industry and other standards, our own corporate governance, or official directives.

5.7 Protection of Rights

We wish to be able to enforce our claims defend ourselves against the claims of others. We therefore also process personal data for the protection of rights, for instance to enforce claims judicially, before or out of court, and before authorities in Switzerland and abroad, or to defend ourselves against claims. Depending on the situation, we process different categories of personal data, such as contact data and details of events that have led to or could lead to a dispute.

5.8 Administration and Support within the Group

Procivis AG is part of the Orell Füssli Group. As a Group we wish to shape our internal processes efficiently, use resources effectively and create synergies. We therefore process personal data for administration, marketing and sales within the Group. We can process master data, contract data, and technical data, as well as transaction data, behaviour data, and communication data.

Administration within the Group can include:

Administration within the Group can include

6. Legal basis

Depending on the purpose of the data processing, our processing of personal data is based on different legal grounds. In particular, we may process personal data if

  • doing so is necessary to fulfill an agreement with the person concerned or for pre-contractual measures (e.g., to review a request for an agreement);
  • doing so is necessary to safeguard legitimate interests;
  • doing so is based on consent;
  • doing so is required for compliance with Swiss and foreign legal obligations

In particular, we have a legitimate interest in processing for the purposes set out in section 5 above and the disclosure of data in accordance with section 8 and the associated objectives. These legitimate interests include our own interests and third-party interests.

7. Data Security

We take technical and organizational measures to protect your personal data against manipulation, loss, destruction or against the access by unauthorized persons. The measures taken permanently protect the confidentiality and integrity of your personal data and the availability and resilience of our systems and services in the processing of your personal data. Furthermore, they ensure a quick recovery of the availability of your personal data and the access to them in case of a physical or technical incident.

Our security measures also include an encoding of your personal data. All information that you enter online will be transferred through an encoded transmission path. Therefore, such information can, at no time, be inspected by any unauthorized third parties.

Our data processing and our security measures are subject to continuous improvement in line with technological developments and are audited on an annual basis as well as certified under the ISO 27001 standard.

We also take our own, internal data protection seriously. Our employees and the service providers engaged by us are committed to secrecy and to the compliance with provisions under data protection laws. Moreover, they are granted access to your personal data only to the extent necessary.

8. Data Recipients

We may disclose personal data, to the extent permitted, to service providers generally process personal data on our behalf as so-called “contract processors”. Our contract processors are obliged to only process personal data in accordance with our instructions and to take suitable measures to ensure data security. We ensure through the selection of service providers and suitable contractual agreements that data protection is upheld during the entire processing of your personal data.

In individual cases, it is also possible that we may disclose personal data to other third parties for their own purposes, for example if you have granted your consent or we are legally obliged or authorized to share such information. In such cases, the data recipient is legally responsible as the controller of the data.

Please take note of our Cookie Policy concerning independent data collection by third-party providers whose tools we have integrated into our websites and apps.

9. Disclosure of personal data abroad

We process and store personal data mostly in Switzerland and the European Economic Area (EEA). In certain cases, however, we may also disclose personal data to service providers and other recipients who are located outside this area or who process personal data outside this area, in principle in any country in the world. The countries in question may not have laws that protect your personal data to the same extent as in Switzerland or the EEA. If we transfer your personal data to such a country, we will ensure the protection of your personal data in an appropriate manner.

One means of ensuring adequate data protection is, for example, to conclude data transfer agreements with the recipients of your personal data in third countries that ensure the required level of data protection. This includes agreements that have been approved, issued, or recognized by the European Commission and the Swiss Federal Data Protection and Information Commissioner, known as standard contractual clauses. An example of the data transfer agreements generally used by us can be found here. Please note that such contractual arrangements can partially compensate for weaker or missing statutory protection but cannot rule out all risks completely (e.g., government access abroad). Data may also be transferred to countries without adequate protection in exceptional cases, for example if consent is granted, in connection with legal proceedings abroad, or if transfer is necessary for the processing of an agreement.

10. Storage Period

We process and store your personal data

  • for as long as it is required for the purpose of processing and compatible purposes, in the case of contracts normally for at least the duration of the contractual relationship;
  • for as long as we have a legitimate interest in storing it. This may be the case, in particular, if we need personal data to enforce or defend claims, for archiving purposes, and to ensure IT security;
  • for as long as it is subject to a statutory retention requirement. For example, a ten-year retention period applies to certain data. Shorter retention periods apply for other data, for example for recordings from video surveillance or for recordings of certain online processes (log data).

In certain cases, we will also ask for your consent if we want to store your personal data for longer periods (e.g., for job applications that we wish to keep on file). At the end of the periods specified, we will erase or anonymize your personal data.

For example, we adhere to the following retention periods, although we may deviate from them in individual cases

11. Your Rights

You have the right to object to data processing particularly if we process your personal data on the basis of a legitimate interest and the other applicable requirements are met. You can also object to data processing in connection with direct advertising (e.g., advertising e-mails) at any time.

Provided the applicable conditions are met and there are no applicable statutory exceptions, you also have the following rights:

  • the right to request information about your personal data stored by us;
  • the right to have inaccurate or incomplete personal data corrected;
  • the right to request the deletion or anonymization of your personal data;
  • the right to request that the processing of your personal data be restricted;
  • the right to receive certain personal data in a structured, commonly used and machine-readable format;
  • the right to revoke consent with effect for the future, insofar as processing is based on consent.

Please note that these rights may be restricted or excluded in individual cases, e.g., if there are doubts about the identity or if this is necessary to protect other persons, to safeguard interests worthy of protection or to comply with legal obligations.

You may use the contact options provided in chapter 1 of this Privacy Policy, if you have questions in connection with the data protection performed in our company and for information on your rights pursuant to this section as well as for asserting these rights. Furthermore, you can unsubscribe from newsletters and other advertising e-mails by clicking on the corresponding link at the end of the e-mail.

In addition, you are free to lodge a complaint with a competent supervisory authority if you believe that the processing of your personal data may be in breach of applicable law. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

12. Cookies

12.1 What are Log Files?

Whenever you visit our website, our servers will temporarily store the following data in a protocol file, the so-called server logfiles:

  • name and URL of the retrieved data and contents of the request (concrete page);
  • website from which the access is made (Referrer URL);
  • browser type used and the operating system of your computer as well as the name of your
  • internet access provider;
  • access status / HTTP status code;
  • respective data quantity transmitted.

The legitimate interest applies as basis for the temporary storage of your personal data and the log files. The legitimate interest exists to:

  • enable the use of our website (establishment of the connection);
  • permanently ensure the system security and stability;
  • further improve our offer and our internet presentation;
  • collect statistical data;
  • provide information necessary for a prosecution to the prosecution authorities, in case of an incident.

12.2 What are Cookies and Similar Technologies?

Our website uses so-called cookies. Cookies are small text files which the browser will place and store on your end device. If you call up a website, a cookie can be stored on your operating system. This cookie contains a characteristic string allowing for a unique identification of the browser if the website is visited again. The cookies we use only serve to make the offer more user-friendly and to obtain statistical information on the use of our website.

We may also use similar technologies such as pixel tags, fingerprints and other technologies for storing data in the browser. Pixel tags are small, normally invisible images or a program code loaded by a server that provide the server operator with specific information such as whether and when a website was visited. Fingerprints comprise information collected during your website visit about the configuration of your end device or your browser that enables your end device to be distinguished from other devices. Most browsers also support further technologies for the storage of data in the browser that are similar to cookies and that we may also make use of (e.g., web storage).

12.3 What Types of Cookies do we use?
12.3.1 Session / Temporary Cookies
12.3.2 Persistent / Permanent Cookies
12.3.3 Cookies of Third-Party Providers
12.4 What are Cookies and Similar Technologies?

Most internet browsers accept cookies automatically. If you do not want this to happen, you can set your browser settings that you are informed about the placing of cookies and only allow them to be used in individual cases or you may exclude them in general. You may also active the automatic erasure of cookies when you close the browser. However, if you deactivate cookies, you might not be able to use all functions of our website.

The procedure for controlling and erasing cookies depends on the browser you use. Use the following link https://www.youronlinechoices.com/ch-de/ to see different information on how to prevent the placing of cookies.

13. Third-party Services

We are using the following third party services to process personal data:

13.1 Website Hosting
13.2 Advertising
13.3 Analytics
13.4 Hosting
13.5 CRM, Newsletter, Messaging, Webforms and Surveys
13.6 Web Conferencing and Online Telephony
13.7 Application Tracking System
13.8 Social Media
13.9 Embedded media link
13.10 Links to Websites of Other Providers

14. Amendments to the Privacy Policy

We explicitly reserve the right to supplement or amend this Privacy Policy at any time. All amendments and supplements are subject to the sole discretion of the company. The privacy policy published on our website is valid in each case.