Data protection

This privacy policy informs you about the processing of personal data in connection with our offer (when using our websites, platforms, etc.). This privacy policy does not conclusively regulate the data processing that takes place. Our data processing may be covered by further data protection information, in particular in the General Terms and Conditions for Events (GTC), or may result from the circumstances or be regulated by law.

This privacy policy complies with the requirements of the Swiss data protection law and - if and to the extent applicable - the General Data Protection Regulation (GDPR) of the European Union.

If you provide us with personal data of other persons (e.g. data of beneficiaries, data of reference persons), please ensure that these persons are aware of this privacy policy, and please only share their personal data with us if you are allowed to do so and ensure that these personal data are correct.

1. Processing personal data

Personal data are any information relating to an identified or identifiable person. A data subject is a person about whom personal data are processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.

We process personal data in accordance with the Swiss data protection law and, where applicable, with the GDPR. In particular, we process the data on the basis of the following legal grounds:

  • Consent of the data subject;
  • For the fulfilment and execution of a contract with the data subject as well as for the implementation of corresponding pre-contractual measures;
  • To fulfil a legal obligation;
  • To safeguard the legitimate interests of us or of third parties, unless the fundamental freedoms and fundamental rights and interests of the data subject prevail. Legitimate interests are in particular our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.

2. Collection of personal data

AIAG collects personal data within the scope of the membership relationship, by means of a form to be filled in by you, because you have provided us with the data, when visiting our website or within the framework of participation in our events. In addition, where permitted, we may also extract data from publicly accessible sources (such as the commercial register, the media, the Internet, etc.).

We collect the following personal data:

  • Master data (name, address, telephone number, e-mail address, etc.)
  • Financial and debt collection data (account details, amount of contribution payment, etc.)
  • Marketing data (followers social media, newsletters, etc.)
  • Data related to deliveries (e.g. telephone number, e-mail address, payment details, etc.)
  • Website usage (IP address, pages viewed, etc.)
  • Behavioural and preference data (website usage, social media interaction, etc.)
  • Content and registration data (user account data, etc.)
  • Other data (protection concepts, visitor lists, etc.)

3. Purpose of the processing of personal data

We use the data collected when you visit our website in particular for administration purposes and to ensure the functionality of the website. Personal data are also used for the administration of the membership and for the organisation and implementation of events. Furthermore, personal data are used for the purpose stated at the time of collection, for which you have given your consent or which is provided for by law.

In addition to this, we also process personal data of you and other persons, to the extent permitted and deemed appropriate by us, for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

  • Membership administration, administrative and support activities, communication in general;
  • Provision of information about AIAG activities and operations;
  • Organisation, handling and implementation of AIAG events (physical and online);
  • Offering and further developing our products, services and websites, apps and other platforms;
  • Analysing data and keeping statistics;
  • Creating member segments and profiles;
  • Testing and optimisation of demand analysis procedures for the purpose of direct customer approach;
  • Advertising and marketing (including the implementation of events, competitions and the use on social media), insofar as you have not objected to the use of your data (if we send you – as a member – advertising or newsletters, you can object to this at any time);
  • Collection of personal data from publicly available sources;
  • Ensuring our operations, in particular IT, our websites, apps and other platforms (e.g. event platforms);
  • Meeting legal and regulatory requirements and complying with laws, directives and recommendations issued by authorities and internal regulations ("Compliance");
  • Assertion of legal claims and defence in connection with legal disputes and official proceedings;
  • Other purposes such as internal training, quality assurance, administration, etc.

Insofar as you have given us your consent to process your personal data for certain purposes, we process your personal data within the scope of and based on this consent, insofar as we have no other legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.

4. Data transfer and data transmission in Switzerland and abroad

Your personal data will mainly be forwarded to involved third parties if the processing is necessary to fulfil a legal obligation or to process a contract with you.

In this context, we pass on your personal data in particular to the following recipients:

  • Other members of the association (e.g. membership lists, board/committee lists);
  • Service providers in connection with the organisation of events (e.g. event organisers, agencies, hotels, transport companies, etc.);
  • Other participants of events (e.g. lists of participants).
  • Other service providers (e.g. IT service providers, auditors);
  • Providers of registration platforms, newsletter or survey tools;
  • Domestic and foreign authorities, government agencies or courts;
  • Lawyers and external experts;

We may also disclose personal data, to the extent permitted by applicable (data protection) law, to contracted service providers (e.g. in connection with the organisation and implementation of events) within Switzerland, the EEA and worldwide. In connection with data collected on the website, these are in particular IT service providers in the area of hosting, maintenance and administration as well as data storage and data analysis. Personal data obtained in connection with the use of the website may also be disclosed to third parties inside or outside Switzerland if we are required to do so by law or by court order or by official order or if this is necessary to support internal or external investigations, other legal investigations or proceedings in the home country or abroad or any transactions under company law.

If we store personal data outside Switzerland or the EEA, we will take all reasonable steps required by applicable data protection law to ensure that your personal data are treated as securely and safely as they would be in Switzerland or within the EEA. If a recipient is located in a country without adequate legal data protection, we will contractually oblige the recipient to comply with the applicable data protection. To this end, we generally use the standard contractual clauses issued or recognised by the European Commission and the Swiss Data Protection and Information Commissioner (FDPIC) (for further details and a copy of these clauses, see https://www.edoeb.admin.ch), insofar as the recipient is not already subject to a legally recognised set of rules for ensuring data protection and we cannot rely on an exceptional provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract requires such disclosure, if you have given your consent or if the data in question have been made generally accessible by you and you have not objected to their processing.

Moreover, your personal data will neither be sold nor passed on to other third parties.

5. Rights of data subjects

When we process your personal data, you have the rights granted under Swiss data protection law and, if and to the extent applicable, under the GDPR.

In particular, you may exercise the following rights:

  • Information about your stored personal data;
  • Correction of incorrect personal data;
  • Deletion of your data stored with us, insofar as we are not obliged or authorised to retain your data due to applicable laws and regulations;
  • Restriction of data processing, insofar as we are not yet permitted to delete your data due to legal obligations;
  • Objection to the processing of your data;
  • Disclosure of your personal data for the purpose of transfer to another body (data transferability).

Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke this) or need it for the assertion of claims.

Data subjects whose personal data are processed by us have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). To assert your rights, please contact our responsible office (see below).

6. Data retention

We store your personal data for as long as it is required by the mentioned processing purposes, the legal regulations on storage and our legitimate interests in processing for documentation and evidence purposes, or as long as storage is technically conditioned. Aggregated or anonymised data may furthermore be used for internal purposes.

Processing purposes also include safeguarding our interests (e.g. enforcing or defending claims, archiving purposes, ensuring IT security). Documentation and evidence purposes include our interest in documenting processes, interactions and other facts for the case of legal claims, discrepancies, IT and infrastructure security purposes and evidence of good corporate governance and compliance. Retention may be technically conditioned if certain data cannot be separated from other data, and we therefore need to retain them with them (e.g. in the case of backups or document management systems).

7. Access data/server log files

In close cooperation with our hosting providers, we do our utmost to protect the databases as well as possible from unauthorised access, loss, misuse or forgery.

When you access our website, the following data are stored in log files: IP address, date, time, browser request and generally transmitted information on the operating system or browser. These usage data form the basis for statistical, anonymous evaluations so that trends can be identified, which we can use to improve our offers accordingly.

8. SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.

9. Data security

We use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties (e.g. encryption of data transmission, access controls and restrictions, training in data protection, issuing internal directives, etc.). Our security measures are continuously improved in line with the technological development.

We take appropriate precautionary measures to protect your data. The transmission of information via the Internet and other electronic means always involves certain security risks and we cannot guarantee the security of information transmitted in this way.

10. Responsible office

If you have any questions about data protection, please contact the person responsible for data protection in our association:

AIAG
Datenschutzbeauftragter (Data Protection Commissioner)
Seilergraben 61
8001 Zurich
info@aiag-iahi.org

11. Modification of the privacy policy

We reserve the right to adapt this privacy policy at any time and without prior notice. The respective current version, which can be viewed on AIAG's website, shall apply.

AIAG's privacy policy, August 2023