Privacy Policy

Responsibility for data processing described in this privacy policy is held by:

Association of Swiss Electricity Companies (VSE) 
Hintere Bahnhofstrasse 10
5000 Aarau

Phone::  +41 62 825 25 25
Email: info@strom.ch

For questions in connection with data protection and for information regarding your rights, as well as their assertion, can be directed to our data protection office under: datenschutz@strom.ch

By default, we process the following data categories on our website:

• Contact data: This includes surname, first name, email address, postal address and telephone numbers (private and business).
• Data on online forms: This includes the contact data and additional information that is required (such as a new address or product).
• Authentication data: This includes the user name and password for the VSE member area and the VSE campus.
• Content data: This includes text entries.
• User data: This includes visited websites, access data, click behaviour, interest in contents
• Professional and educational data: This includes contact data of participants, date of birth, attended events, professional background and, if applicable, performance records and examination results.
• Payment data: This includes bank details and payment history.
• Credit rating data: This includes contact data, payment experience as well as court, debt collection and insolvency data.
• Meta/Communication data: This includes the IP address, date, time, pages visited, device information.
• Meeting meta data: This includes participant IP addresses, device/hardware information
• Server log files:  When our websites are accessed the following data is stored in log files: IP address, date, time, browser query and general information on the operating system or browser. This usage data is the basis for statistical, anonymous analyses to identify trends so that we can improve our offerings accordingly.
• Marketing data: This includes leads (contact/sales potential), subscription and cancellation of newsletters, and transmitted marketing announcements.
• Newsletter data: This includes personal data and the email address, access rates, click rates, click-to-open rates, logins and log outs, and mailing size.
• Applicant data: In addition to your personal information, this includes educational and professional background, skills, comments to previous jobs, as well as availability.
• Notice period and the usual correspondence data such as postal address, email address and telephone number.

Furthermore, we also process the following data as part of our customer and business relationships:

• Contract data: This includes consumption groups, consumption types, information regarding collections, services used, and payment information.
• Customer data: This includes personal information, customer number, customer type, customer history, data on purchased goods or services, order data, and payment data.
• Meta data: This includes consumption data and load profile data.
• System data: This includes load control data.
• Data on own consumption communities: This includes personal information of the representative of ZEV, object, registration, electricity procurement, grid and production.
• Telecommunications data: This includes proof of connection.

As a rule, we collect personal data directly from you or your company. The majority of data processed by us is provided by you (or your end device), for example, in connection with our services, the use of our website and apps, or in communication with us. You are not obligated to provide your data with the exception of individual cases (e.g. legal obligations). However, if you wish to conclude contracts with us or make use of our services, you must provide us with certain data. In addition, it is not possible to use our website without data processing.

We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet including social media) or receive such data from (i) authorities, (ii) your employer or client who either has a business relationship with us or is otherwise involved with us, as well as from (iii) other third parties (e.g. clients, counter-parties, legal expenses insurers, credit reference agencies, address dealers, associations, contractual partners, internet analysis services) This includes, in particular, the data that we process in the context of the initiation, conclusion and execution of contracts as well as data from correspondence and discussions with third parties, but also all other categories of data.

We process your data on our website and for the provision of our services, in particular for the following purposes:

• Visiting our website
• Making contact
• Online forms
• In the context of providing services
• In the context of the VSE member area
• Newsletter mailing
• Competitions
• Product rating and satisfaction surveys
• Marketing
• Application processes
• Security and access control
• Risk management in the context of association activity

The legal basis for the processing of your personal data is:

• Your permission, which you can revoke at any time,
• the conclusion or fulfilment of a contract with you or your prior request in this context,
• weighing up interests, which you can object to under certain circumstances,
• a legal obligation, which can also be considered when weighing up interests.

Another legal basis for the processing of your personal data is our overriding interest in the processing of this data. Our overriding interests include, among other things,

• supporting our customers and members and maintaining our business relationships (e.g. maintaining contacts, communication with our business partners and association members),
• our advertising and marketing activities,
• opportunities to become better acquainted with the users of our website and online services,
• improvement and development of our products and services (e.g. IT security in connection with the use of our website, improvement of our online services offering).

If required, we will obtain your consent. If you have given your consent electronically by activating a check-box, the declaration of consent will be logged by us; we store, for example, the user account name, the corresponding location on the website and the date and time.

You have the option of informally revoking your declaration of consent or objecting to processing at any time. The revocation and/or objection must be sent to the contact under point 1 or to the following e-mail address: datenschutz@strom.ch.

6.1 Visiting our website

In principle, you can visit our website without providing any information about yourself. Access to our website takes place by means of transport layer security (TLS), although access can take place without TLS on some microsites.

When you visit our website, our servers temporarily, automatically store the following data in a protocol file, the so-called server log-file:

• IP address of the requesting computer
• Access page (website from which you landed on our website)
• Browser settings
• Language and version of the browser software
• Date and time of access
• Name and URL of the retrieved data
• Operating system of your computer and browser
• Country from which access to our website took place
• Name of your internet provider
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Transmitted data volume per session
• Last used website
• Activated browser plug-ins

Processing of this data is to optimise use (connection to) our website, to constantly guarantee system security and stability, and to enhance our offerings; in addition, processing is used for internal statistical purposes. A personal user profile is not created.

We also use cookies as well as applications and tools based on the use of cookies when you visit our websites. You can find more information on this in section 7 “What are cookies and when are they used”?

The legal basis for processing your personal data is our overriding interest in processing this data.

6.2 Contact

You can contact us personally by email, contact form, via social media, the VSE campus or by telephone. In order to process your request by e-mail, it is necessary to enter your e-mail address and your message. Providing additional data is voluntary.

Processing this data is in our overriding interest to communicate with you and to process and handle your request.

You can object to this data processing at any time. If you object, we will no longer process your personal data for this purpose. Please send your objection to the contact under point 1 or to the following email address: datenschutz@strom.ch.

6.3 Online forms

On our website, we offer the possibility to contact us via various online forms (such as applying for membership, registering for events and newsletters, contact inquiries or booking advertising services). In order to use the online forms and process your request, it is essential that you enter your contact details (including title, first name, surname, street, house number, zip code, town/city, email address, telephone number) and your message. Depending on the form, additional information such as professional function or product is necessary.

Processing this data is in our overriding interest to communicate with you and to process and handle your request.

You can object to this data processing at any time. If you object, we will no longer process your personal data for this purpose. Please send your objection to the contact under point 1 or to the following email address: datenschutz@strom.ch.

6.4 Collaboration tools

We use various collaboration tools for telephone conferences, online meetings and video conferences (hereafter referred to as "online meeting". Various types of data are processed when using these tools. The scope of data depends on what data is provided before and during participation at an online meeting. For example, this includes

• First name and surname, participant name, company email address
• Meeting meta-data: e.g. date, time, meeting ID, telephone numbers, city
• Audio, video or chat contents
• Name of the meeting and the password to participate
• Profile picture
• If necessary, additional personal data made available during the meeting

When an online meeting is recorded, this will be communicated transparently prior to the meeting, and, if required, you will be requested to give your consent.

Processing this data is in our overriding interest. Our overriding interest in this case is to conduct meetings effectively. Furthermore, the legal basis for data processing during online meetings is the contract if the meeting is being conduct in the context of a contractual relationship.

Send your objection to the contact under point 1 or to the following email address: datenschutz@strom.ch.

6.5 Microsoft Teams

We use the tool "Microsoft Teams" to conduct telephone conferences, online meetings, video conferences and/or online seminars (hereafter referred to as "online meeting"). Microsoft Teams is a product of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Various types of data are processed when using Microsoft Teams. The scope of data depends on what data is provided before and during participation at an online meeting. For example,

• User information: e.g. display name, if necessary the email address, profile picture (optional), preferred language
• Meeting meta-data: e.g. date, time, meeting ID, telephone numbers, city
• Text, audio and video data: In an online meeting, the chat function can be used. The respective user text entries are processed in order to display them in the online meeting. For video display or audio playback, the respective data is processed by the microphone or a video camera on your end device for the duration of the meeting. Cameras or microphones can be turned off or muted by the user at any time via the Microsoft Teams application.

When online meetings are recorded, this is clearly communicated, and, if necessary, consent is requested. Please send your objection to the contact under point 1 or to the following email address: datenschutz@strom.ch

The chat content is logged when using Microsoft Teams. We will also log the chat content if this is necessary for the purposes of logging the results of an online meeting.

Additional information regarding data processing with MS Teams can be found in the data protection information of this tool.

Processing this data is in our overriding interest. Our overriding interest in these cases is to carry out online meetings effectively.

6.6 Membership

We collect the following personal data for association membership:

• Contact person of the association member as well as user information (title, first name/surname, email address, telephone number of the contact person, language).

Data processing supports member management and administration, maintaining member rights and ensuring the adherence of member obligations and quality assurance according to the statutes.

Processing your personal data takes place on the legal basis of (pre-) contractual obligations in the context of membership, as well as our rightful interest in processing your membership.

6.7 Photos and/or filming

Photos and/or videos of participants are taken at our events and published in the following:

• On the website strom.ch
• In (print) publications of the Association of Swiss Electricity Companies VSE)
• On the social media channels of the Association of Swiss Electricity Companies (VSE)

When you register we will ask for your general consent. Consent is voluntary and can be withdrawn from the VSE at any time with effect for the future. If recordings are available in the internet, these will be removed if possible. The withdrawal can be directed to the contact listed under point 1 or sent to the following email address: datenschutz@strom.ch

6.8 Customer and business relationships (including professional and further training areas)

We process personal data to the extent necessary in each case in order to provide our contractual or pre-contractual services to you and to perform other services requested by you. The data processed in this context and the type, scope, purpose and necessity of its processing are determined by the underlying contractual relationship.

Personal data that is processed includes:

• Master data: For example, name, address
• Contact data: For example, the email address, telephone number
• Professional and further training data: This includes, for example, participants' contact details, date of birth, events attended, professional background, performance records and examination results.
• Contract data: This includes, for example, services used, subject matter of the contract, contractual communication, names of contact persons.
• Payment data: This includes, for example, bank details, payment history.

The processing of this data takes place, in particular, for the following purposes:

• Communication
• Providing services and products offered by VSE
• Customer care

The processing of your personal data takes place on the legal basis of our (pre-) contractual obligations in the context of customer and business relationships (including professional and further training offerings) as well as our rightful interest in effective implementation of our vocational and further training programme.

6.9 Member area

In our member area, you can use your profile to view your title, first name, surname, function, company, location, email address, telephone number, newsletter subscriptions and orders placed. In addition, you can change your password in the member area.

When registering, the following information must be provided:

Title, first name, surname, email, telephone number, academic title, function, company, street, postal code

You can log in with your email address and password on future visits to our websites. Your password is stored in encrypted form and cannot be viewed by us.

To prevent unauthorised use, a two-stage procedure (“double opt-in”) is used during registration. This means that after registration you will receive an e-mail in which you must click on a link to confirm your registration.

All data that we are not required to retain by law (e.g. in accounting) will be deleted as soon as the order is completed. You can delete your customer account at any time. The withdrawal can be directed to the contact listed under point 1 or sent to the following email address: datenschutz@strom.ch

6.10 Newsletter mailing

You can subscribe to a newsletter on our website. In our newsletter, you receive information on our products, offerings, services, promotions and about our association.

If you have subscribed to our newsletter, we will use your e-mail address to inform you about the association and our offerings.

The newsletter contains images that are retrieved from the server of the mailing service provider when the newsletter is opened. As part of this retrieval, technical information, such as information about your browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or the access times. The surveys also include determining whether the newsletters are opened, when they are opened and which links are accessed. Although this information can be assigned to individual newsletter recipients for technical reasons, it is neither our intention nor that of the mailing service provider to monitor individual users. Rather, the evaluations help us to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

You can unsubscribe from the newsletter at any time and revoke your consent. To do this, click on the corresponding button (link) in the newsletter sent to you. You will find the link to unsubscribe from the newsletter at the end of each newsletter. You can send your objection to the contact under point 1 or to the following email address: datenschutz@strom.ch.

6.11 Competitions

When you take part in competitions, we collect the personal data that is required to run the competition. As a rule, this is the name and contact data. We may pass on your personal data to our competition partners,  e.g. to provide you with a possible prize. Participation in a competition and the associated data collection is of course voluntary. Detailed information can be found in our conditions of participation for the respective competition.

The legal basis for data processing for these purposes is the fulfilment of a (preliminary) contract.

The use of data for the aforementioned purpose can be revoked at any time. The withdrawal can be directed to the contact listed under point 1 or sent to the following email address: datenschutz@strom.ch

6.12 Product rating and satisfaction surveys

From time to time we carry out surveys on our products and services in order to improve the customer experience and respond to customer needs. To do so, we need your name or a pseudonym, which is displayed together with your country of origin.

The legal basis for data processing for these purposes is our overriding interest in optimising our offerings and services.

The use of data for the aforementioned purpose can be revoked at any time. The withdrawal can be directed to the contact listed under point 1 or sent to the following email address: datenschutz@strom.ch

6.13 Marketing measures

We use your contact data for the following purposes:

• To maintain contact with you
• To inform you on specific services
• To recommend services that could be of interest to you
• For statistical purposes

Processing your personal data is in our overriding interest.

You can object to this data processing at any time. If you object, we will no longer process your personal data for this purpose.

The withdrawal can be directed to the contact listed under point 1 or sent to the following email address: datenschutz@strom.ch

6.14 Security purposes and access control

We obtain and process personal data in order to ensure and continuously improve the appropriate security of our IT and other infrastructure. This includes, for example, the monitoring and control of electronic access to our IT systems and physical access to our premises (including by means of procedures in which biometric data is processed), analyses and testing our IT infrastructures, system and error checks and the creation of backup copies. For documentation and security purposes (preventive and to clarify incidents), we may also keep access logs or visitor lists in relation to our premises and use surveillance systems (e.g. security cameras). We will inform you of any monitoring systems at the relevant locations by means of appropriate signs.

Processing your personal data is in our overriding interest.

6.15 Risk management in the context of association activities

We obtain and process personal data as part of risk management (e.g. to protect against criminal activities) in connection with the association's activities. Among other things, this includes our operational organisation (e.g. resource planning) and association development.

Processing your personal data is in our overriding interest.

6.16 Application procedure

If you apply for a job with us, we will process the personal data that we receive from you as part of the application process. These include:

• Personal information
• Education
• Work experience
• Skills
• Information on previous positions
• Availability/period of notice
• The usual correspondence data such as postal address, email address and telephone number

We also process all documents submitted by you in connection with the application, such as letters of motivation, CVs, references, certificates, diplomas and other documents provided by you. Furthermore, you can voluntarily provide us with additional information.

This data will only be stored, evaluated, processed or forwarded as part of your application. We can also use your personal data for statistical purposes (e.g. reporting). However, in this case, no conclusions can be drawn about an individual person.

Your applicant data is processed on the legal basis of our (pre-) contractual obligations as part of the application process and our legitimate interests in processing your application.

You can object to this data processing at any time and withdraw your application. Send your objection to the contact under point 1.

If an employment contract is concluded with the applicant, the data provided is retained for the purpose of processing the employment relationship in compliance with legal provisions.

If you have given us your consent to store your data for further application procedures and to contact you again if necessary, we will delete this data after three years. You have the option of revoking your consent at any time. The withdrawal can be directed to the contact listed under point 1 or sent to the following email address: datenschutz@strom.ch

We use cookies and similar technologies on our website and when using other digital services (hereinafter all these are summarised under the term “cookies”). We may also use cookies and similar technologies (e.g. pixel tags or fingerprints) to recognize website visitors, evaluate their behaviour and identify preferences.

A cookie makes it possible to recognise a specific device or browser. Cookies are small data files that a web portal leaves on your computer, tablet, or smart phone when you visit the site. In this way, the portal “remembers” certain inputs and settings (e.g. login, language, font size and other display preferences) over a certain period of time, and the user does not have to re-enter these parameters when returning to the site or navigating the portal.

A distinction is made between the following cookies (technologies with similar functions such as fingerprinting are also included here):

Essential cookies: Certain cookies are necessary for the functioning of the website as such or for specific functions. For example, they ensure that you can change between pages without losing information entered into a form. They also ensure that you stay logged in. These cookies only exist temporarily ("session cookies"). If you block these cookies, the website may not function. Other cookies are necessary so that the server can store decisions or entries you make beyond one session (i.e. one visit to the website) if you use this function (e.g. language selected, consent given, automatic login function, etc.).

Performance Cookies: These cookies are used to collect information on how the website is used, e.g. how users found our website, which pages a visitor opened most often, how visitors navigated our website during their visit or whether they received error messages. We can also use these cookies to collect certain statistical and analytical information, e.g. how many users visited our website. These cookies are used to monitor the level of activity on our website and to improve website performance.

As a rule, the technical data and cookies we collect do not contain personal data. However, personal data that we or third-party providers commissioned by us store about you (e.g. if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person.

Most internet browser accept cookies as a default setting. If you do not want this, you can set your browser so that it informs you about the setting of cookies and you only allow their acceptance in individual cases or generally exclude them. You can activate automatic deletion of cookies when you close the browser. You can also delete cookies that have already been set at any time via an Internet browser or other software programs. The procedure for checking and deleting cookies depends on the browser you are using.

You can refuse the use of cookies by selecting the appropriate settings in your browser. Please note, however, that this may affect your ability to use our website. For more information about cookies, including how to manage, reject or delete them, please visit https://allaboutcookies.org/.

You can use the following links to find out how to handle cookies for the most commonly used browsers:

• Microsoft Edge
• Firefox
• Google Chrome
• Safari
• Opera

Google services

We use the following services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or, if you have your habitual residence in the European Economic Area (EEA) or in Switzerland, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (in short: Google):

• Google Analytics 4
• Google Tag Manager

As a rule, Google uses cookies. The cookies used by Google allow us to analyse website usage. The information generated by the cookies about your use of our website (including your IP address) are transmitted to a Google server in Ireland or the USA and stored there.

According to its own statements, Google can process personal data for advertising products in any country in which Google or subcontractors of Google maintain facilities. Information about the locations of Google's data centres can be found at www.google.com/about/datacenters/locations/.

The following subcontractors may be used for Google: https://business.safety.google/adssubprocessors/. Google assures that it guarantees an adequate level of data protection by relying on the EU standard contractual clauses (see https://business.safety.google/processorterms/).

For more information on the processing of personal data by Google and privacy settings, please refer to Google's privacy policy or privacy settings.

Google Analytics 4

We use Google Analytics 4 on our website. This is a Google web analysis service that enables the analysis of your use of our website.

Google Analytics uses cookies that are stored on your end device (lap top, tablet smart phone, etc.) and enable the analysis of your use of our website. This allows us to evaluate user behaviour on our website and to make our offering more interesting based on the collected statistics/reports.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. As a result, your IP address will be shortened by Google within Switzerland or the EU/EEA before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there.

We have concluded an order processing contract with Google, which ensures the protection of the data of our website visitors and prohibits unauthorised disclosure to third parties. For the transfer of data to the USA, Google relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection. Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found here.

Google Signals: As an extension to Google Analytics 4, Google Signals can be used on the website to generate cross-device reports. If you have activated personalised ads and linked your devices to your Google account, Google can use Google Analytics 4 to analyse your usage behaviour across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop the cross-device analysis, you can deactivate the “personalised advertising” function in the settings of your Google account. Follow the instructions on this page.

User IDs: As an extension of Google Analytics 4, the function "User IDs" can be used on the website. If you have set up an account on this website and log-in to this account from different devices, your activities, including conversions, can be analysed across all devices.

Google uses this information to analyse your  [pseudonym] use of the website, to generate reports on website activities, and to provide additional services in connection with the website and internet usage. According to Google, the IP address transmitted to Google Analytics from your browser is not combined with other Google data. When you visit our website, your user behaviour is recorded in the form of events (such as page views, purchase activities including sales, interaction with the website or your “click path”) as well as other data such as your approximate location (country and city), technical information about your browser and the end devices you use or the referrer URL, i.e. the website/advertising media via which you came to our website.

If you enable the storage of cookies, Google Analytics will store your data for two months. Data that has reached the end of this retention period is automatically deleted. An overview of data usage in Google Analytics and the measures taken by Google to protect your data can be found in the Google Analytics Help section.

Google Tag Manager

We use the Google Tag Manager to integrate and manage the Google analysis and marketing services in our website. Google Tag Manager is a tag management system that allows you to create and monitor tags on a user interface without having to write new code each time. The tool itself, which implements the tags, is a cookie-less domain and does not collect any personal data. However, the tool triggers other tags, which in turn may collect data. The Google Tag Manager does not access this data.

If a deactivation has been made on a domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

Further information in connection with Google Tag Manager can be found in Google's terms of use.

We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. We receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics).

We use various social plug-ins from various social networks on our website. With the help of these plug-ins, you can, for example, share content or recommend products.

These are as follows:

• YouTube
  Videos from the "YouTube" platform may be integrated in our online offering. Service providers: Google Ireland Limited, Gordon House, Barrow Street. Dublin 4, Ireland, Parent company: Google LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Privacy Policy: https://policies.google.com/privacy?hl=de,

• Facebook
  Functions and contents of our online offering can be a Facebook service. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offering within Facebook. If the users are members of the Facebook platform, Facebook can assign access to the above mentioned content and functions to the users' profiles there. The list and appearance of the Facebook social plug-ins can be viewed here: developer/docs/plug-ins/; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent company: Facebook Inc., 1601 Willow Avenue, Menlo Park, CA 94025, USA; Privacy Policy: facebook.com/privacy/policy,

• X
  Functions and contents of our online offering can be a service of X Corp. This may include, for example, contents such as images, videos or texts and buttons with which users can share content from this online offering within X Corp.  If users are members of the X Corp. platform, X Corp. can assign access to the above mentioned content and functions to the users' profiles there. If you live in the USA or another country outside the European Union, the EFTA States or the United Kingdom, X Corp. at the address below is responsible for your personal data: X Corp., Attn: Privacy Policy Inquiry, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. If you live in the European Union, the EFTA States or the United Kingdom, Twitter International at the address below is responsible for your personal data: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. Privacy Policy: twitter.com/de/privacy. You can contact Twitter's Data Protection Officer in confidence via their privacy request form.

• LinkedIn
  Functions and contents of our online offering can be a service of LinkedIn. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offering within LinkedIn. If users are members of LinkedIn, it can assign access to the above mentioned content and functions to the users' profiles there. Service providers: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, Parent Company: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA; Privacy Policy: LinkedIn, Privacy Policy; Cookie Policy: de.linkedin.com/legal/cookie-policy.

The processing of data by Facebook takes place within Facebook's data usage guidelines. Accordingly, general information on the display of Facebook ads, in the Facebook Data Usage Policy: www.facebook.com/policy.php. Special information and details to Facebook Pixel and its functioning can be found in Facebook's help section: www.facebook.com/business/help.

When you visit our website and one of the mentioned social plug-ins is active, a direct connection between your browser and the social network servers is made. Plug-in content is transmitted from the social network directly to the browser and integrated in the website. In doing so, the network receives information that you have visited our website. If you are logged into the social network, the visit can be assigned to your account. When you interact with the plug-ins, the respective information from the browser is transmitted directly to the social network and stored there.

If you are not logged into the social networks when visiting our website, data can be sent to the networks from the website by means of the active plug-ins. An active plug-in sets a cookie with an identifier each time the website is accessed. Since your browser sends this cookie without being asked every time you connect to a server of the respective networks, the social networks could in principle use it to create a profile of which websites the user belonging to the identifier has visited. If necessary, it would then be possible to assign this identifier to a person again later – for example when logging into the social network at a later date.

We disclose your personal data if you have expressly consented to the disclosure of the data, if we are legally obliged to do so, or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.

In addition, we pass on your personal data to third parties insofar as we are authorised to do so and this is necessary or expedient in the context of the use of the website or for the possible provision of services.

Depending on the purpose of processing your personal data, we disclose your personal data to the following categories of recipients:

• Other companies in the Group (association member companies)
• Service providers who process the personal data on our behalf and on our instructions (so-called processors, such as IT providers, newsletter mailing service providers)
• Additional service providers such as debt collection companies or consulting firms
• Customers, partners, suppliers, insurance companies, credit assessment service providers and other business partners
• Portal operators
• Buyers or parties interested in acquiring business units, the company or other parts of the Group
• Courts, arbitration bodies, law enforcement agencies, regulators, attorneys and other parties to potential or actual legal proceedings where it is necessary to comply with the law or to establish, exercise or defend rights or legal claims.

We select our partners and processors carefully and only entrust them with the task if we can sufficiently guarantee that they have suitable technical and organisational measures in place in accordance with the legal requirements.

Our processors can only process personal data on our documented instructions. They are all subject to confidentiality obligations and may only use your personal data to the extent necessary to fulfil the purpose for which your personal data was collected and unless otherwise required by law.

We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case – for example via subcontractors of our service providers or in proceedings before foreign courts or authorities.

If we also disclose your personal data to third parties abroad (i.e. outside Switzerland or the European Economic Area (EEA)), third parties are obliged to comply with data protection regulations to the same extent as we are. If the level of data protection in the country concerned is not adequate, but there is no suitable alternative for us, we will ensure that your personal data is adequately protected.

We ensure this, in particular, by concluding so-called standard data protection clauses of the EU Commission (available here) with the companies concerned and/or by the existence of other guarantees that comply with the applicable data protection law. Where this is not possible, we base the disclosure of the data on the necessity of the disclosure for the fulfilment of the contract.

We process and store your personal data only for the period required to achieve the stated purpose or, if this is provided for, in laws or regulations to which we are subject. If the purpose of storage no longer applies or if a prescribed retention period expires, your data will be routinely blocked or deleted in accordance with the statutory provisions.

In addition, we will delete your data if you request us to do so and we have no legal or other obligation to retain or secure this personal data.

If we store the data on the basis of a contractual relationship with you, this data will remain stored for at least as long as the contractual relationship exists and for no longer than the limitation periods for possible claims on our part or for as long as statutory or contractual retention obligations exist.

We take technical and organisational security precautions to protect your personal data against manipulation, loss, destruction or access by unauthorised persons and to ensure the protection of your rights and in compliance with the applicable data protection regulations.

The measures taken are intended to guarantee the confidentiality and integrity of your data and to ensure the availability and resilience of our systems and services when processing your data in the long term. They should also ensure the rapid restoration of the availability of your data and access to it in the event of a physical or technical incident.

Our security measures also include the encryption of your data. All information that you enter online is transmitted via an encrypted transmission channel. This means that this information cannot be viewed by unauthorised third parties at any time.

Our data processing and security measures are continuously adapted in line with technological developments.

We also take our own internal data protection very seriously. Our employees and the service companies commissioned by us are obliged to maintain confidentiality and to comply with data protection regulations. Furthermore, they are only granted access to personal data to the extent necessary.

You have the following rights in relation to your personal data:

• Right to information: You have the right to know what personal data we process, what happens to it and how long it is stored.
• Right to blocking and rectification: You have the right to supplement, correct or block your personal data at any time.
• Right to erasure: You have the right at any time to request the erasure of your personal data.
• Right to disclosure and transfer of your data: You have the right to request all your personal data from the controller and to transfer it in full to another controller.
• Right to object: You have the right to object to the processing of your data. We adhere to this, unless there are justified reasons for processing.
• Right to withdraw consent: If you give us your consent to process your personal data, you have the right to withdraw this consent and have your personal data deleted.

So that we can rule out any unauthorised use of data, we must identify you (e.g. with a copy of your ID, if necessary).

Please note that conditions, exceptions or restrictions apply to these rights (e.g. to protecting third parties or business secrets or due to our professional duty of confidentiality).

You can contact us regarding your rights at the contact point mentioned under point 1 or at the following e-mail address: datenschutz@strom.ch.

You can also lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) if you believe that the processing of your personal data violates data protection law.