Data protection
In this Privacy Policy we provide information concerning the personal data we process, the purposes for which this occurs, as well as how and where we do so, in particular, in connection with our swisslifearena.ch website and our other products and services. This Privacy Policy also contains information concerning the rights of the individuals whose data we process.
Special, supplementary or other privacy policies as well as other legal documents such as general terms and conditions (GTC), as well as terms and conditions of use or participation may apply to individual or additional offers and services.
Our operations are subject to Swiss data protection law and any applicable foreign data protection law, in particular the law of the European Union (EU) including the General Data Protection Regulation (GDPR). The European Commission has acknowledged that Swiss data protection law ensures adequate data protection.
1. Contact addresses
Controller:
ZSC Lions Ltd.
Vulkanstrasse 130b
Postfach
8048 Zurich
Please note that there may be different controllers for data protection purposes in specific individual cases.
2. Processing of personal data
2.1 Definitions
Personal data means any information concerning an identified or identifiable natural person. An data subject is any person whose personal data are processed. Processing includes all operations performed on personal data, irrespective of the means and procedures used, such as the retention, disclosure, procurement, recording, erasure, storage, alteration, destruction and usage of personal data.
The European Economic Area (EEA) encompasses the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to the “processing of personal data”.
2.2 Legal bases
We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Bundesgesetz über den Datenschutz, DSG) and the Ordinance to the Federal Act on Data Protection (Verordnung zum Bundesgesetz über den Datenschutz, VDSG).
Insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:
- point (b) of Article 6(1) GDPR where the processing of personal data is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract.
- point (f) of Article 6(1) GDPR where the processing of personal data is necessary to uphold our legitimate interests or those of a third party, unless these are overridden by fundamental rights and freedoms of the data subject. Legitimate interests include, in particular, our interest in being able to provide our services on an ongoing basis, in a user-friendly fashion, securely and reliably, and to promote this when required, as well as to protect against misuse and unauthorised use, enforcement of our own legal claims and compliance with Swiss law.
- point (c) of Article 6(1) GDPR where the processing of personal data is necessary for compliance with a legal obligation to which we are subject in accordance with any applicable law of any member state of the European Economic Area (EEA).
- point (e) of Article 6(1) GDPR where the processing of personal data is necessary for the performance of a task carried out in the public interest.
- point (a) of Article 6(1) GDPR where the processing of personal data is based on the consent of the data subject.
- point (d) of Article 6(1) GDPR where the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person.
2.3 Type, scope and purpose
We process the personal data that are necessary to provide our services on an ongoing basis, in a user-friendly fashion, securely and reliably. Such personal data may comprise in particular master data, contact information, browser and device data, content data, meta data, usage data, location data, as well as data relating to sales, contracts and payments.
We process personal data for the period of time that is required for the respective purpose or purposes or according to law. Personal data that no longer need to be processed are anonymised or erased. As a general rule, people whose data we process have the right to erasure.
As a general rule, we only process personal data with the consent of the data subject, unless processing is permitted according to another legal basis, such as for the performance of a contract concluded with the data subject or to take steps prior to entering into a contract, in order to protect our overriding legitimate interests, because the processing is apparent under the circumstances or following prior notification.
In this context, we process, in particular, information that a data subject voluntarily transmits to us himself/herself when contacting us – for instance by post, via e-mail, using the contact form, via social media or by telephone – or when registering for a user account. We may store any such information, for example, in an address book, in a customer relationship management system (CRM system) or using similar tools. If you transmit data to us concerning other persons, you are obliged to ensure data protection for those persons and to ensure the accuracy of any such personal data.
We also process personal data that we have received from third parties or that we have obtained from publicly accessible sources or that we collect in relation to the provision of our services, provided that there is a legal basis for such processing.
Personal data from job applications will only be processed where they are necessary to assess suitability for an employment relationship or for the subsequent performance of an employment contract. The personal data required for the conduct of a job application process are based on the information requested or communicated, for instance in the context of a job advertisement. Applicants have the option of voluntarily providing further information in support of their respective applications.
2.4 Processing of personal data by third parties, including abroad
We may have personal data processed by third party appointees, process data jointly with or with the assistance of third parties or transmit data to third parties. Such third parties include in particular providers whose services we use. We also ensure adequate data protection where such third parties are involved.
These third parties are generally located in Switzerland or the European Economic Area (EEA). However, these third parties may also be located in other countries and territories on earth and elsewhere in the universe, provided that, according to the assessment of the Federal Data Protection and Information Commissioner (FDPIC), and – insofar as the General Data Protection Regulation (GDPR) is applicable, according to the assessment of the European Commission – the data protection law applicable to them guarantees an adequate level of data protection, or if an adequate level of data protection is guaranteed in another manner, such as by the conclusion of a specific contractual agreement, including in particular on the basis of standard contractual clauses, or by appropriate certification. Under exceptional circumstances, such a third party may be located in a country without an adequate level of data protection, provided that the requirements under data protection law, such as the express consent of the data subject, are met.
3. Rights of data subjects
Data subjects whose personal data we process have the rights under Swiss data protection law. This includes the right of access and the right to rectification, to erasure and to obtain the blocking of personal data processed.
Data subjects whose personal data we processed may – where the General Data Protection Regulation (GDPR) is applicable – obtain confirmation free of charge as to whether we are processing any of their personal data and, if so, request information concerning the processing of their personal data, restrict the processing of their personal data, exercise their right to data portability and obtain the rectification, erasure (“right to be forgotten”), blocking or completion of their personal data.
Data subjects whose personal data we process may – where the GDPR is applicable – at any time withdraw consent to the processing of their personal data with future effect and object at any time to the processing of their personal data.
Data subjects whose personal data we process are entitled to lodge a complaint with a competent supervisory authority. The Swiss Federal Data Protection and Information Commissioner (FDPIC) is the data protection supervisory authority in Switzerland.
4. Data security
We take suitable and appropriate technical and organisational measures to ensure data protection and in particular data security. However, despite such measures, the processing of personal data on the internet may always entail security vulnerabilities. For this reason, we are unable to guarantee absolute data security.
Access to our online service occurs via transport encryption (SSL/TLS, in particular via the Hypertext Transfer Protocol Secure, abbreviated to HTTPS) Most browsers mark transport encryption using a padlock in the address bar.
As is the case in principle for any use of the internet, any access to our online content may be detected through mass surveillance without any requirement for good cause or suspicion as well as other monitoring by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We are unable to influence directly the corresponding processing of personal data by secret services, the police and other security authorities.
5. Use of the website
5.1 Cookies
We may use cookies on our website Cookies – including both proprietary cookies (first-party cookies) as well as the cookies of third parties whose services we use (third-party cookies) – are data packages stored in your browser. These stored data are not necessarily limited to traditional cookies in text form. Cookies cannot run programs or transmit malware such as Trojans and viruses.
When you visit our website, cookies may be temporarily stored either as “session cookies” in your browser or as permanent cookies for a certain period of time. Session cookies are automatically deleted when you close your browser. Permanent cookies are stored for a certain period of time. In particular, they make it possible to recognise your browser the next time you visit our website and thereby, for example, to measure the reach of our website. Permanent cookies may also be used for instance for online marketing.
You can disable and delete cookies at any time via your browser settings, either entirely or partially. However, it is possible that our website may no longer be fully operational if cookies are disabled. We shall actively request your express consent to cookies, where this is required.
Numerous services allow for opting out in general terms via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA) from cookies used to measure success and reach or for advertising purposes.
5.2 Server log files
We may collect the following information each time our website is accessed, provided that it is transmitted by your browser to our server infrastructure or can be identified by our web server: date and time including time zone, internet protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-pages of our website accessed including the data transmitted, website last visited using the same browser window (referrer).
We store this information, which may also contain personal data, in server log files. The information is required in order to provide our online service on an ongoing basis and in a user-friendly and reliable fashion as well as to ensure data security and thus, in particular, to protect personal data – acting also through or with the assistance of third parties.
5.3 Tracking pixels
We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels – including those of third parties whose services we use – are small, typically non-visible images that are automatically retrieved when you visit our website. Tracking pixels may collect the same information as server log files.
6. Notifications and messages
We send notifications and messages, such as newsletters, by e-mail and using other means of communication such as instant messaging.
6.1 Measurement of success and reach
Notifications and messages may contain web links or tracking pixels that log whether an individual message has been opened as well as any links that have been clicked on. Such web links and tracking pixels may also log how notifications and messages have been used by specific individuals. We need to keep these statistical records relating to usage in order to measure our success and reach so that we can send notifications and messages that are tailored to the needs and reading habits of the recipients effectively, in a user-friendly manner, on an ongoing basis, securely safely and reliably.
6.2 Consent and objection
As a general rule, you must expressly consent to the use of your e-mail address and other contact addresses, unless the use thereof is permitted according to another legal basis. Where possible, we use the “double opt-in” procedure for granting consent to receiving e-mails; this means that you will receive an e-mail containing a web link that you must click on to confirm in order to prevent misuse by unauthorised third parties. We may log such declarations of consent, including the internet protocol (IP) address along with the date and time for evidence and security purposes.
As a general rule, you can unsubscribe from notifications and messages such as newsletters at any time. This does not apply to notifications and messages that are absolutely necessary in relation to our content. By unsubscribing, you can object in particular to the keeping of statistical records for measuring success and reach.
6.3 Service providers for notifications and messages
We send notifications and messages using third-party services or with the assistance of service providers. Cookies may also be used for this purpose. We also ensure adequate data protection when using such services.
7. Social media
We are present on social media platforms and other online platforms in order to be able to communicate with interested individuals and provide information about our services. Personal data may also be processed outside Switzerland and the European Economic Area (EEA).
The general terms and conditions (GTC) and terms and conditions of use as well as the privacy policies and other provisions of the individual operators of such online platforms are also applicable. These provisions contain information concerning in particular the rights of data subjects, including, but not limited to, the right of access.
8. Measurement of success and reach
We use services and programs to determine how our online content is used. In this context, we can measure, for example, the success and reach of our online content as well as the efficacy of third-party links to our website. For example, we can also trial and compare how different versions of our online content or parts of our online content are used (“A/B Testing Method”). Based on the results of the measurement of success and reach, we can in particular fix errors, enhance particularly popular content or make improvements to our online content.
It is necessary to store the internet protocol (IP) addresses of individual users when operating services and programs for measuring success and reach. As a general rule, IP addresses are truncated in order to comply with the principle of data efficiency through the resulting pseudonymisation and to enhance data protection for visitors to our website (“IP masking”).
Cookies may be stored and user profiles may be created when using services and programs for measuring success and reach. User profiles record for instance the pages or content on our website that have been visited or displayed, information concerning screen size or the browser window as well as the – at least approximate – location. As a general rule, user profiles are created exclusively in pseudonymised form. We do not utilise user profiles to identify individual visitors to our website. Individual services for which you are logged in as a user may potentially allocate your use of our online content to your profile with the respective service, although you will generally have had to consent to this allocation in advance.
We use in particular:
- Google Analytics: Measurement of success and reach; providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; information concerning data protection: measurement also across different browsers and devices (cross device tracking) as well as pseudonymised internet protocol (IP) addresses that are only transferred in full to Google in the USA in exceptional cases, “Our privacy principles”, Privacy Policy, ”Google Product Privacy Guide” (including Google Analytics), “How we use data from websites or apps on or in which our services are used” (Google information), “How Google uses cookies”, “Google Analytics Opt-out Browser Add-on”, “Ads personalisation” (enable / disable / settings).
- Google Tag Manager: integration and management of services for measuring success and reach as well as other services of Google and third parties; providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; data protection information can be obtained from the providers of the respective services incorporated and managed.
9. Third-party services
We use third-party services to provide our services on an ongoing basis, in a user-friendly fashion, securely and reliably. These services are also used to embed content on our website. These services – such as hosting and storage services, video services, and payment services – require your internet protocol (IP) address as the services will otherwise be unable to transmit the relevant content. These services may be located outside Switzerland and the European Economic Area (EEA), provided that adequate data protection is ensured.
Third parties whose services we use may also process data in connection to our content as well as data obtained from other sources – including cookies, log files and tracking pixels – in aggregated, anonymised or pseudonymised form for their own security as well as for statistical and technical purposes.
9.1 Digital infrastructure
We use third-party services to access the digital infrastructure we need for our services. These include for instance hosting and storage services from specialist providers.
9.2 Social media functions and social media content
On our website, we use the option of embedding LinkedIn functions and content using plugins. This allows us for instance to enable you to use LinkedIn's “share” function on our website. This also involves the use of cookies. Further information can be found on LinkedIn’s page dedicated to plugins.
The plugins are offered by LinkedIn Ireland Unlimited Company, based in Ireland, or the US LinkedIn Corporation. If you are logged in to LinkedIn as a user, LinkedIn can allocate usage of our online content to your profile. Further information concerning the type, scope and purpose of data processing can be found in the LinkedIn Privacy Policy and Cookie Policy as well as on its Privacy Portal. It is also possible to object to personalised advertising.
9.3 Maps
We use third-party services to embed cards into our website.
We use in particular:
- Google Maps including the Google Maps Platform: map service; providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; information concerning data protection: “Privacy principles”, Privacy Policy, ”Google Product Privacy Guide” (including Google Maps), “How we use data from websites or apps on or in which our services are used” (Google information), “How Google uses cookies”, “Ads personalisation” (enable / disable / settings ).
9.4 Audio-visual media
We use third-party services to enable the direct playback of audio-visual media such as music or videos on our website.
We use in particular:
- YouTube: videos; providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; information concerning data protection: “Privacy principles”, Privacy Policy, Google Product Privacy Guide” (including YouTube), “How Google uses cookies”, “Ads personalisation” (enable / disable / settings ).
9.5 Yawave
We use the Yawave NewsHub for preparing and distributing content, including communications. The yawave software contains functions that may collect information such as your IP address or the publications or pages you visit on the website, or may store a cookie for the purpose of improving functionality. These functions are either coordinated by a third party or operated directly on our website. Your interactions with these functions are governed by this Privacy Policy. Users have the opportunity, using various engagement tools, to register as a fan, to get involved in the club and to pursue this commitment. Yawave is also used as newsletter management software. Your data will be transmitted to yawave AG. Yawave does not use any personal data for any purpose other than as envisaged in relation to this fan platform. Yawave AG is a Swiss software provider that processes personal data in accordance with Swiss data protection law and the General Data Protection Regulation (GDPR).
10. Final provisions
We have drawn up this Privacy Policy using the data protection generator provided by data protection partners.
We may amend and amend this Privacy Policy at any time. We shall inform you concerning any amendments and supplements in a suitable manner, in particular by publishing the currently valid version of the Privacy Policy on our website.