Under the FADP personal data is defined as 'all information relating to an identified or identifiable individual'. Under the GDPR personal data is defined as 'any information relating to an identified or identifiable natural person ('Data Subject'), by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'.
THE DATA CONTROLLER
Under the FADP a data controller is the private person or federal body that decides on the purpose and content of a data file. SGR is the data controller as defined by FADP ('Data Controller'). Under the GDPR a data controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files. SGR is the Data Controller as defined by the GDPR.
The lawful bases for processing personal data are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:
Your Data Subject rights are listed below:
PERSONAL DATA WE COLLECT
Information that you provide by completing forms in writing, email, through our web sites or social media. This includes information provided at the time of registering with us, to use our website (where applicable), to login into our database, to participate to our events (webinar, fair, conference), to receive newsletter, to become a member of staff, to enter into a contract for our services, to support or subscribe to our services (where applicable), to request materials or to request further services, when you respond to a survey and/or when you report a problem with any of our communication channels or services. We collect the following classes of information:
HOW WE COLLECT YOUR PERSONAL DATA
There are two main ways in which we collect your personal data:
a) directly from you
b) from third parties.
Personal data that you give to us may be through one of a number of ways. These may include:
HOW WE USE YOUR PERSONAL DATA
We will process any of your personal data, in accordance with our obligations under the FADP and the GDPR, for the following reasons:
SHARING YOUR PERSONAL DATA
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements, or to protect the rights, property, or safety of the organisation, or other individuals. This includes exchanging information with other companies and organisations for the purposes of safeguarding or other statutory regulations we have to comply with as well as those organisations with whom you and we have reciprocal agreements for providing services for education or professional development.
THIRD PARTY WEBSITES
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
PROTECTING YOUR PERSONAL DATA
The data that we collect from you will be processed at our servers in Switzerland. It may also be processed by organisations operating in the EEA that SGR has instructed and with which Data Processing Agreements have been implemented. If we send personal data to a country that does not have appropriate data protection legislation, nor is deemed as an adequate country under the adequacy rating of Switzerland or the European Commission, we will ensure an appropriate level of protection by employing contracts accordingly, or we will act on the basis of the following statutory requirements, consent, performance of the contract, execution or enforcement of legal claims, in accordance with the requirements imposed by FADP. We may also use the binding corporate rules, standard contractual clauses or ad hoc contractual clauses that stipulate that the data will be processed in accordance with the GDPR. At any time, you have the right to request information about the contractual guarantees mentioned. However, we reserve the right to censor copies, or to supply them only in part in order to protect the privacy of any third parties mentioned or to protect our confidentiality duty.
SECURITY OF YOUR INFORMATION
To help protect the privacy of data and personally identifiable information you transmit through use of this our website, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
HOW LONG WE STORE YOUR PERSONAL DATA FOR
We store your personal data in accordance with our Data Retention Policy. This policy is reviewed and updated internally to ensure we do not store your data for longer than is necessary. We also review how and where we store any data to ensure that we meet our obligation to store data securely. We process and store your personal data to the extent that it is required to fulfil our contractual and legal obligations or for the purposes pursued by the processing, which means, for example, for the entire duration of the business relationship (from the initiation and performance of a contract to its conclusion) and beyond that in accordance with legal obligations for storage and documentation. It is therefore possible that personal data is stored for the period of time when claims can be made against the SGR and to the extent that we are legally obliged or authorised to do so, or legitimate business interests necessitate this