This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
We are committed to protecting the privacy and security of your personal information, in accordance with the applicable data protection laws, including the General Data Protection Regulation, together the “Data Protection Laws”.
What information do we collect?
We may collect and process the following data about you:
- Information that you provide by filling in forms on our site https://forbis.ch/ or by post or over the telephone. This includes information provided in the course of expressing an interest in, using our services and/or to enable us to contact you in relation to our services.
- Information that you provide to us in the course of subscribing to newsletters and email notifications.
- If we contact each other in writing, we may keep a record of that correspondence.
- If we contact each other by telephone, we will record and keep a record of all inbound and outbound calls to and from our contact centre.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of transactions you carry out via links from our site.
How we keep your data secure
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We may need to transfer your personal data outside the European Economic Area (EEA), for example, if one of our suppliers or group companies is located outside the EEA. We will ensure that any transfer of your data will be subject to appropriate safeguards, such as a European Commission approved contract (if appropriate) that will ensure you have appropriate remedies in the unlikely event of a security breach.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer our customer, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
Under certain circumstances, by law, you have the right to:
- Request access to your personal information (commonly known as a “subject access request”). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information (often referred to as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interests but we need to hold some of it for the purpose of legal proceedings.
- Request the transfer of your personal information to another party.
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill). This is to allow us to verify your identity and prevent disclosure to unauthorised third parties; and
- Let us know the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.
Please note that if you request erasure, object to our processing of your personal data or request the restriction of our processing of your personal data we may not be able to provide our services.
You also have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at: firstname.lastname@example.org.