1. Introduction
In this Privacy Policy, we, MESYS AG (hereinafter also referred to as we or us), explain how we collect and otherwise process personal data. This is not an exhaustive description; other documents may regulate specific matters. Personal data refers to all information relating to an identified or identifiable person.
This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DPA). However, whether and to what extent these laws are applicable depends on the individual case.
We may amend this Privacy Policy at any time without prior notice. The current version published on our website applies.
2. Information about the Responsible Person (i.e. Contoller)
We are responsible under data protection law for the data processing described in this Privacy Policy. You can contact us as follows for your data protection concerns and to exercise your rights:
MESYS AG
Technoparkstrasse 1
8005 Zurich
info@mesys.ch
3. Collection and Processing of Personal Data
We primarily process the personal data that we receive from our customers and other business partners in context of our business relationships with them and other parties involved or that we collect from their users when operating our website.
Where permitted, we also obtain certain data from publicly accessible sources (e.g. debt collection register, commercial register, Internet) or receive data from authorities and other third parties. In addition to the data that you provide to us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and court proceedings, information in connection with your professional functions and activities (e.g. so that we can conclude transactions with your employer with your help) and information that we receive from third parties (e.g. so that we can process transactions with your employer). We may, for example, use this information to conclude and process transactions with your employer, information about you in correspondence and meetings with third parties, information to comply with legal requirements, information from the Internet about your person (insofar as this is appropriate in a specific case, e.g. in the context of a job application).
4. Purposes of Data Processing
We process your data for the following purposes (in addition to those that we communicate to you separately):
- in connection with the establishment, administration and fulfilment of our contractual relationships with our customers and business partners;
- to ensure our operations, in particular IT and our website;
- in connection with communication with you, in particular to answer enquiries and assert your rights and to contact you in the event of inqueries;
- for marketing purposes and to maintain relationships, e.g. to send our customers and other contractual partners personalised advertising about our products and services. This may also take the form of newsletters or invitations to events;
- to comply with laws, directives and recommendations from authorities and internal regulations (“Compliance”);
- for the assertion of legal claims and defence in connection with legal disputes and official proceedings;
- for security purposes;
- for the purposes of our risk management and as part of prudent corporate governance, including business organisation and corporate development;
- for other purposes, e.g. as part of our internal processes and administration or for training and quality assurance purposes.
If you have given us your consent to process your personal data for specific purposes, we will process your personal data within the scope of and based on this consent, unless we have another legal basis and require one. Consent that has been granted can be revoked at any time, but this has no effect on data processing that has already taken place.
5. Disclosure of Personal Data and Data Transfer Abroad
We also transfer your personal data to third parties, in particular to the following categories of recipients:
- Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or under joint responsibility with us or who receive data about you from us under their own responsibility (e.g. IT providers);
- Business partners such as suppliers, customers;
- Authorities in Switzerland and, where applicable, abroad: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or authorised to do so or if this appears necessary to protect our interests;
- Other persons: This refers to other cases where the inclusion of third parties arises from the purposes set out in para. 4 above.
These recipients are not only located in Switzerland. Your data can therefore also be processed in Europe, but in exceptional cases in any country in the world.
If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the fulfilment of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.
6. Duration of Storage
We process your data for as long as required by our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes or for as long as storage is technically necessary. If there are no legal or contractual obligations to the contrary, we delete or anonymise your data after the storage or processing period has expired as part of our normal processes.
7. Data Security
We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to counteract the risks of loss, unintentional modification, unwanted disclosure or unauthorised access.
8. Obligation to Provide Personal Data
As part of our business relationship, you must provide the personal data that is necessary for the establishment and implementation of a business relationship and the fulfilment of the associated contractual obligations (as a rule, you do not have a legal obligation to provide us with data). Without this data, we will generally not be able to enter into or fulfil a contract with you (or the entity or person you represent). The website can also not be used if certain information to secure data traffic (such as IP address) is not disclosed.
9. Rights of the Data Subject
You have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing, in particular for the purposes of direct marketing and other legitimate interests in processing, as well as to the disclosure of certain personal data for the purpose of transfer to another organisation (so-called data portability) within the framework of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR). Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we may invoke such interests) or require it for the assertion of claims. If you incur costs, we will inform you in advance. We have already informed you about the possibility of withdrawing your consent in para. 4 above. Please note that exercising these rights may conflict with contractual agreements and may have consequences such as premature cancellation of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated.
The exercise of such rights generally requires that you clearly prove your identity (e.g. by means of a copy of your identity card, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in section 2 address given in section 2.
Every data subject also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
10. Cookies
We typically use “Cookies” and similar technologies on our website to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. This enables us to recognise you when you return to this website, even if we do not know who you are. In addition to Cookies that are only used during a session and are deleted after your visit to the website (“Session Cookies”), Cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) (“Permanent Cookies”). However, you can set your browser so that it rejects Cookies, only saves them for one session or otherwise deletes them prematurely. Most browsers are preset to accept Cookies.
A distinction is made between the following Cookies (technologies with comparable functions such as fingerprinting are also included here):
- Necessary Cookies: Some Cookies are necessary for the functioning of the website as such or for certain functions. For example, they ensure that you can switch between pages without losing the information entered in a form. They also ensure that you remain logged in. These Cookies are only temporary (“Session Cookies”). If you block them, the website may not work. Other Cookies are necessary so that the server can save decisions or entries made by you beyond a session (i.e. a visit to the website) if you use this function (e.g. selected language, consent given, the function for automatic log-in, etc.). These Cookies have an expiry date of up to 24 months.
- Additional Cookies: We do not use any other additional cookies.