Last update : 09.2023
In the present case, the Provider is responsible for the careful and conscientious handling of the personal information of its customers. The Provider is responsible for the collection, processing, disclosure, storage and protection of its customers' personal information and ensures compliance with applicable data protection legislation, in particular the Swiss Federal Data Protection Act ("FADP") with respect to the Protected Data of Swiss Customers; it shall also comply with the EU General Data Protection Regulation ("GDPR") insofar as the Protected Data of Customers from the European area is concerned.
1. Contact information
The data controller responsible for data processing is:
Climate Services SA
Passage du Cardinal 11
+41 26 508 58
2. Governing law
Data of Swiss customers
The processing of data of Swiss customers is exclusively subject to Swiss law, in particular the Federal Act on Data Protection (FADP) (DSG, SR 235.1) and the Ordinance to the Federal Act on Data Protection (SR 235.11). The EU General Data Protection Regulation (GDPR) is not applicable. The GDPR remains applicable (i) if it is expressly provided for certain areas of this Data Protection Policy and (ii) if its application is mandatory for the data of Swiss customers due to special circumstances.
Data of customers from the EU area
In addition to Swiss law, Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) applies to the processing of data of customers located in the EU area. See also item 13 (Additional provisions for customers based in the EU area).
3. Nature and scope of the collection of personal data
When visiting our website (without login)
When customers visit the provider's online presence outside the login-protected area, the web server technology used automatically logs general technical visit information. This includes, among other things, the IP address of the device used, which is, however, anonymized by Google before being stored so that it can no longer be assigned to the customer. Google uses the _anonymizeIp() method for this purpose. Furthermore, this includes information about the browser type, the Internet service provider and the operating system used.
When using the CO2-Platform (with Login)
In addition, during the period of use of the CO2-Platform, all data that the Customer enters in the area secured by identification as part of the registration process and the use of the software become the subject of a registration. This is particularly the case when the Customer registers, fills out online forms, communicates online or offline with the Provider or contacts the Provider via social networks, blogs or other interactive media.
Here, as a rule, the personal master data (name, address, e-mail address) as well as the settings required for the respective service are collected.
Data exchange with third parties / partners
The Customer retains full control over the third party's access rights to its data at all times and may restrict or deny access at any time.
In addition, the Provider allows the third party (partner) to have customer accounts. In this case, the third party manages the access rights and can grant, restrict or deny them to third parties.
4. Data security
The Provider uses technical and organisational security measures in accordance with recognised market standards to protect stored personal data against unintentional, unlawful or unauthorised manipulation, deletion, alteration, access, disclosure or use and against partial or complete loss. The Provider's servers are located in Switzerland. Certain services can be processed via servers in other countries – with an appropriate level of data protection – whereby the requirements of the FADP or GDPR are fully complied with at all times. The connection to our servers is made using SSL encryption. The Provider regularly performs backups of customer data. In order to prevent data loss even in extreme cases (e.g., destruction of the data centre by an earthquake), the encrypted backups are stored in parallel in several data centres in Switzerland and abroad. Our security measures are continuously adapted and improved in line with technological developments. Incidentally, the Provider cannot assume any guarantee for the security of data transmission on the Internet; in particular, there is a risk of access by third parties when data is transmitted by email. However, access is protected using HTTPS. If explicitly requested by the customer, the customer can opt for two-factor authentication at any time.
5. Purposes of the data processing and legal basis
The Provider processes the collected data in order to continuously improve the desired products and services, to manage the use of and the desired access to applications, products and information, to maintain the business relationship with the Customers, to analyze and improve the performance of the offer, to identify, prevent or investigate illegal activities or to provide the Customers with offers, information or marketing material on products or services that the Provider, based on the collected data, believes may be of interest to the Customers. The Provider subcontracts some of the above processes and services to service providers that are contractually obligated to comply with data protection regulations. These companies are based in Switzerland. In particular, they are companies active in the field of IT services, which the Provider can draw on as part of the development of its tools.
Cookies help make visits to the Provider's website easier, more pleasant and more meaningful. Cookies are information files that the web browser automatically stores on the computer's hard drive when the customer visits the Provider's website and takes advantage of offers.
The customer can independently manage their security settings in their browser and thus block or disable set cookies, though this may mean that certain services of the Provider may no longer be (fully) usable.
Tracking- und Analyse-Tools / Social Media
The use of the Provider's digital offerings is measured and evaluated by means of various technical systems, predominantly from third-party providers such as Google Analytics. These measurements can be both anonymous and personal. In this context, it is possible that the collected data is in turn passed on by the provider or the third-party providers of such technical systems to third parties in Germany and abroad for processing. The most commonly used and best-known analysis tool is Google Analytics, a service provided by Google Inc. This means that the data collected may in principle be transmitted to a Google server in the USA (or a location specified by Google).
The provider's website uses Google Analytics, a web analysis service provided by Google Inc., with its registered office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses so-called cookies, which are text files that are stored on the customer's computer and which enable the analysis of their usage of the website. The information generated by these cookies about use of the website (including the IP address, though this is anonymised by Google before being stored, so that it can no longer be associated with the customer) is transmitted to a Google server in the USA (or a location determined by Google) and stored there. Google will use this information to evaluate the use of the website, to compile reports on website activities for the Provider, and to provide other services connected to use of the website and Internet. Google may also pass this information on to third parties insofar as this is required by law or if third parties process the data on Google's behalf. Google shall in no event link customers' IP addresses with other Google data.
If the customer does not want their website activities to be available for Google Analytics, they can install the browser add-on to disable Google Analytics: https://support.google.com/analytics/answer/181881?hl=en
The analysis of data by other tools of the website owner is not prevented if the customer uses the add-on. Data can still be sent to the website or to other web analysis services.
Finally, the Provider collects certain information via its website in so-called server log files, which are automatically transmitted by the customer's Internet browser. These include, among other things, the user agent (browser type and browser version, operating system used), http header information (referrer URL, IP address of the accessing computer), the time of the server request and the login status. These server log files are merged with other data sources only for error analysis.
7. Duration of storage
The Provider processes and stores the Customer's personal data for as long as the Customer uses the Service. Upon termination of the contractual relationship, the Provider is generally not obliged to store the Customer's data. Therefore, data that is no longer required is regularly deleted, with the exception of data whose processing may prove necessary at a later date, e.g. due to legal retention obligations or for absolutely necessary internal purposes.
8. Data access, rectification, erasure, restriction of processing, and consent
Customers have the following rights with regard to their personal data in accordance with the FADP (in particular, Art. 25 ff FADP) or GDPR (in particular, Arts. 12–23 GDPR). In principle, the Provider also grants the rights contained in the GDPR to Swiss customers. However, the Provider reserves the right to make a different assessment in individual cases.
- The right of access
- The right to rectification;
- The right to erasure;
- The right to restriction of processing;
- The right to data portability
- The right to object.
Please note, however, that we reserve the right to enforce the limitations imposed by law, such as when we are obliged to retain or process certain data, have an overriding interest in doing so (as far as we may invoke it), or require the data to assert claims. In the event that costs are incurred for you, we will inform you of this in advance. Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract or cost consequences. In this case, we will inform you of this in advance, if it is not already contractually regulated.
The exercise of such rights usually requires that you clearly prove your identity (e.g., by means of a copy of an identity card, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in section 1.
9. Links to other websites
The Provider's website contains hyperlinks to third-party websites that are not operated or controlled by the Provider. The Provider is not responsible for their content or data protection practices.
10. Additional provisions for customers domiciled in the European area
The following provisions apply only to customers who are resident in the European area. They do not apply to Swiss customers.
Legal basis of the processing
The processing of data for the purposes stated in point 5 is carried out in accordance with Article 6(1)(b) DSGVO for the performance of the contract. The subject of the contract are the services mentioned above.
As stated above, data processing is also carried out to protect the legitimate interests of the Provider (Article 6(1)(f) DSGVO). These include the improvement of products and services (including the distribution of direct mail) and the control and optimization of the fight against possible illegal activities.
In addition, the data is processed pursuant to Article 6(1)(c) DSGVO in order to fulfill the provider's legal obligations (including storage and documentation obligations). This concerns in particular the personal master data.