DATA PROTECTION STATEMENT
The following data protection information provides an overview of the collection and processing of your data on the website www.gladschweiz.ch, www.gladsuisse.ch, www.gladsvizzera.ch.
With the following information, we would like to give you an overview of how we process your personal data on our website and of your rights under data protection law. Which specific data is processed in detail and how it is used depends largely on the specific circumstances.
To whom does this privacy notice apply?
When we process personal data, this means that we collect, store, use, transmit or delete it, for example. This privacy notice applies to personal data of the following natural persons in connection with our website:
- Interested parties and customers of GLA:D® Switzerland, Suisse, Svizzera who are natural persons, in particular in the areas of training and services
- All other natural persons who are in contact with our institution, e.g. authorised representatives, legal guardians, messengers as well as representatives or employees of legal entities, but also visitors to our website and persons who register on the website
Until a possible change in the legal situation in the IDG and the FADP, this data protection notice also applies to legal persons, insofar as the IDG or the FADP are applicable.
WHAT SOURCES AND DATA DO WE USE?
We process the data that arises in the context of the use of our website or the data that is provided by you (e.g. in the context of newsletter subscriptions, registrations for events, filling out web forms or other orders). In particular, this may be in connection with further training or services.
We collect your personal data in particular when you contact us, for example through our website, as an interested party, applicant, customer, etc. We process personal data that we receive from our customers in the course of our business relationship. In addition, we process – to the extent necessary for the provision of our services – personal data that we obtain from publicly accessible sources in a permissible manner.Furthermore, we process the data that arise in the context of the use of our website or the data that are provided by you (e.g. in the context of newsletter orders or registrations for events or in other web forms).Relevant personal data are personal details (name, address and other contact details, date and place of birth and nationality) and identification data (e.g. ID card data). In addition, this may also include order data, data from the fulfilment of our contractual obligations, advertising and sales data, documentation data and other data comparable with the categories mentioned.We do not collect any personal data when you use the website for information purposes only, i.e. if you do not fill in any web forms and do not register for a course or otherwise send us any information. Only the data transmitted by your browser are transmitted, for example masked IP address, visitor path through the website, date and time of the website visit, browser type and version, type of end device, referring website, etc. No identification is possible on the basis of this data.
WHAT DO WE PROCESS YOUR DATA FOR (PURPOSE OF PROCESSING) AND ON WHAT LEGAL BASIS?
We process personal data in accordance with the provisions of the Information and Data Protection Act (IDG) of the Canton of Zurich, the Swiss Federal Data Protection Act (DSG) and the European General Data Protection Regulation (GDPR), in each case to the extent that the relevant regulations are applicable. As the GDPR requires us to list these individually, the legal bases on which we base our processing, insofar as the GDPR applies, are listed below. In the case of processing of personal data in accordance with the IDG or DSG, we rely in each case on the comparable legal bases in these laws:
For the fulfilment of contractual obligations (Art. 6 para. 1 b DSGVO)
The processing of data is carried out for the provision of services by GLA:D® Switzerland, Suisse, Svizzera in the context of the performance of our contracts (e.g. in the area of further training and concerning our services) with our customers or for the performance of pre-contractual measures which take place upon request. The purposes of the data processing primarily depend on the specific service and may include activities such as training or consulting. The contractual documents and terms and conditions may contain further details on the data processing purposes.
Within the framework of the balancing of interests (Art. 6 para. 1 f DSGVO)
Where necessary, we process your data beyond the actual performance of the contract to protect legitimate interests on our part or on the part of third parties. Examples:
- Advertising or market and opinion research, insofar as you have not objected to the use of your data,
- assertion of legal claims and defence in legal disputes,
- newsletters, event registrations and orders (insofar as the data subject can be expected to receive them)
- to ensure IT security and IT operations,
- to analyse internet traffic on our website, to improve the functionality of our website
- Prevention and investigation of criminal offences,
- Measures for business management and further development of services and products
Based on your consent (Art. 6 para. 1 a DSGVO)
Insofar as you have given us consent to process personal data for certain purposes (e.g. forwarding of data, evaluation of personal data for marketing purposes; newsletter, insofar as there is no legal basis for this based on lit. b), the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to 25 May 2018. The revocation of consent does not affect the lawfulness of the data processed until the revocation.
Due to legal requirements (Art. 6 para. 1 c DSGVO) or in the public interest (Art. 6 para. 1 e DSGVO)
In addition, as GLA:D® Schweiz, Suisse, Svizzera, we are subject not only to the provisions of higher education law but also to the other legal requirements of the Swiss legislator, so that personal data may also be processed if this is required by law or if the processing is in the public interest. The basis for this, particularly for continuing education, is, among other things, Section 6a of the Universities of Applied Sciences Act.
The data you enter in a form is transmitted in encrypted form. They are also stored on our servers, kept with all due care and protected from access by third parties. Only those employees have access to your data who need it to fulfil their tasks. GLA:D® Switzerland, Suisse, Svizzera will only pass on your data to third parties if this has been expressly stated elsewhere or to external service providers who process this data on behalf of GLA:D® Switzerland, Suisse, Svizzera on the basis of an order processing contract.The data collected will only be used for the declared purpose and will not be passed on.
We are pleased to inform you about current topics concerning GLA:D® Switzerland, Suisse, Svizzera, and our products via our various newsletters. In order to send you a newsletter, we need at least your e-mail address, usually your name and gender and, if applicable, your address (in order to be able to determine the applicable legal basis). If you wish to subscribe to one or more newsletters, you can enter this information in the fields provided. After you have sent this data, you will receive an e-mail from us to the e-mail address you have provided, in which you must click on a confirmation link to verify the e-mail address you have provided.You can unsubscribe from our newsletters at any time and thus object to the further use of your data. You can unsubscribe at the end of each GLA:D® Switzerland, Suisse, Svizzera newsletter.
WHO GETS MY DATA?
Within GLA:D® Switzerland, Suisse, Svizzera, access to your data is granted to those offices that need it to fulfil our contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for these purposes. These include companies in the categories of IT services, logistics, printing services, telecommunications, advice and consulting as well as sales and marketing.
Recipients of personal data may be, for example:
- Public bodies and institutions (e.g. law enforcement agencies) if there is a legal or official obligation.
- Institutions within GLA:D® Switzerland, Suisse, Svizzera for risk management due to legal or official obligation.
Further data recipients may be those bodies for which you have given us your consent to transfer data or for which you have released us from the obligation of confidentiality in accordance with the agreement or consent.
This website uses Google Analytics, a web analytics service provided by Google, Inc (“Google”). Information is collected about your use of the website, including browser type and version, operating system used, referrer URL (previously visited page), IP address or date/time of request.
Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookies about your use of these websites is usually transferred to a Google server in the USA and stored there. Because IP anonymisation is activated on these websites, your IP address will be shortened by Google within member states of the European Union or the EEA (European Economic Area) and only transmitted anonymously. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. This transfer takes place on the basis of the EU-U.S. Privacy Shield Agreement.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
These purposes also constitute our legitimate interest in data processing. The legal basis for the use of Google Analytics is Art. 6 para. 1 lit. f DSGVO. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 26 months. The deletion of data whose retention period has been reached takes place automatically once a month.
You can also prevent the collection of data generated by the cookies and related to your use of the websites (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link. The link is: http://tools.google.com/dlpage/gaoptout
For more information, please contact Google at https://policies.google.com/privacy/partners.Note: Google Analytics is not used in the register.
IS DATA TRANSFERRED TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANISATION?
Data is transferred to bodies in countries outside the European Union and Switzerland (so-called third countries) (e.g. in the context of research cooperation with foreign universities/organisations), insofar as
- it is required by law or
- you have given us your consent, or
- we have provided suitable guarantees through appropriate mechanisms (e.g. contracts).
HOW LONG WILL MY DATA BE STORED?
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations or as long as we consider it necessary for the purposes for which it is processed or our legitimate interests exist or your consent has not been revoked.If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its – temporary – further processing is necessary for the following purposes:
- Fulfilment of retention obligations under commercial and tax law: These include, among others, the Code of Obligations (OR) and the tax laws. The periods specified there for storage or documentation are usually ten years.
- Preservation of evidence within the framework of the statutory limitation provisions. According to Art. 127 et seq. of the Swiss Code of Obligations (OR), these limitation periods can be up to 10 years. The retention period for diploma documents is as long as 50 years.
WHAT DATA PROTECTION RIGHTS DO I HAVE?
You have different rights depending on the applicable legal basis. If the IDG or DSG are applicable, your rights are governed by these enactments.
If the GDPR is applicable, the following applies: Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR,the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR,the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR.In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 DSGVO).
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
IS THERE AN OBLIGATION FOR ME TO PROVIDE DATA?
In the context of our business relationship, you must provide those personal data that are necessary for the establishment and performance of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to enter into or perform a contract with you.
TO WHAT EXTENT IS THERE AUTOMATED DECISION-MAKING?
As a matter of principle, we do not use fully automated decision-making pursuant to Article 22 of the GDPR for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law.
DOES “PROFILING” TAKE PLACE?
We process your data partly automatically with the aim of evaluating certain personal aspects (profiling). We use profiling for example:
- In order to be able to inform and advise you about products in a targeted manner, we use evaluation tools. These enable needs-based communication and advertising, including market and opinion research.
COOKIES / WEB-STORAGE
Cookies are files that are placed and stored on a computer system via an Internet browser. The data subject can prevent the storage of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programmes.
Web storage (also called DOM storage or supercookies) is a technique for web applications to store data in a web browser. DOM storage supports permanent data storage, similar to cookies, as well as local, session-dependent storage.
In contrast to cookies, which can be accessed by both servers and clients (browsers), DOM storage is completely controlled by the client (browser). Data is not transferred to the server with every HTTP request and a web server cannot write data directly in the DOM storage. Access is exclusively via scripts on the website.
We use the session storage mechanism of the DOM storage standard, for example, to save the filter selection when searching for continuing education offers. This data is automatically deleted immediately when the browser window is closed and is thus no longer available in subsequent browser sessions.
The saving of data in web storage can also be prevented by not accepting cookies. However, we would like to point out that refusing web storage can lead to restrictions in the function of accessed ZHAW websites.
STATISTICS / IT SYSTEM PROTOCOLS
The website GLA:D® Switzerland, Suisse, Svizzera and the direct subpages use software for web analytics. This so-called tracking can be prevented by the Do-Not-Track setting in common Internet browsers. This setting has the effect that the tag “Do-Not-Track” is sent in the header block of the browser request and the visitor’s actions are not evaluated.
IT system logs
Every time the Internet is used, e.g. when websites are called up and e-mails are sent, data is automatically transmitted, some of which could be classified as personal data and is stored by us in so-called system logs. The system logs are stored by GLA:D® Switzerland, Suisse, Svizzera for the purpose of identifying faults and for security reasons. If the data are no longer required for the fulfilment of operational or legal obligations, they are deleted.
LINKS TO SOCIAL MEDIA PLATFORMS
We would also like to point out the following: Links to social media platforms are suspected of transmitting data to e.g. X or other social media providers simply by calling up the individual websites. The share links on our website to X and other social media platforms behave like normal links. As long as the links are not clicked and thus our website is not left and the user switches to X, for example, within the browser, no user data is transmitted to this social media platform.
To display social media content on our website, such as X’s or Instagram posts, GLA:D® Switzerland, Suisse, Svizzera uses a so-called social aggregator. By means of this, we collect individual posts from our social media presences and display them on the website of GLA:D® Switzerland, Suisse, Svizzera. In the process, your user data is neither transmitted to the aggregator, the aggregator operator nor the social media platforms concerned, nor is it temporarily stored by GLA:D® Switzerland, Suisse, Svizzera.
Posts by social media users who mention GLA:D® Schweiz, Suisse, Svizzera in these posts can thus also be displayed on our website. Apart from the publicly accessible information such as profile/user name, link to pictures or videos, etc., GLA:D® Schweiz, Suisse, Svizzera does not publish any data of these users on its website. Thanks to the use of this social aggregator, GLA:D® Switzerland, Suisse, Svizzera can dispense with otherwise widespread social media plug-ins that send user data from website visitors directly to the social media platform operators. This does not apply to social media content that cannot be integrated into our website by means of an aggregator. See the following point “External content”.
External content from Youtube, Vimeo, SRF, Issue, Soundcloud, Slideshare and Google Maps, among others, is displayed on the website via iframe. The IP address is transmitted and the content providers can set cookies etc.. If the website visitor is simultaneously logged into the network of the respective third-party provider, the visit to the website can be assigned to his/her user account, depending on the provider. GLA:D® Schweiz, Suisse, Svizzera has no influence on the way in which data is transmitted and has a legitimate interest in the integration of this external content.
We reserve the right to change this privacy notice at any time. The date of the last update can be found at the end of the privacy notice.
WHO IS RESPONSIBLE FOR DATA PROCESSING?
The responsible party is:
GLA:D® Switzerland, Suisse, Svizzera, Katharina-Sulzer-Platz 9, 8400 Winterthur.
Last update: 12.09.2023