Personal Data Protection Statement

SWIBECO SA makes protection of privacy a priority, particularly data protection. SWIBECO SA therefore endeavours to treat all data provided with the utmost care and complies with the provisions of Swiss legislation on the protection of personal data.

This statement also informs you of your personal data protection rights related to data processing by SWIBECO SA.

User data is collected during the user’s visits to our website and their potential interactions with the services and features we offer.

This statement has been drawn up in accordance with the provisions of the Federal Law on the Protection of Personal Data (“LPD”) of September 25, 2020, the Data Protection Ordinance (“DPO”) of August 31, 2022, and is inspired by the best practices indicated in the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

The Data Controller is:

SWIBECO SA, Chemin de Primerose 11, 1007 Lausanne, Switzerland

Host

This website is hosted by:

Exoscale SA, Boulevard de Grancy 19A, Lausanne, Switzerland

The Data Controller defines the purposes and methods of processing personal data, while the Data Processor processes the data in accordance with specific data protection guidelines, acting under the authority of the Data Controller.

Depending on the activities involved, our role may vary from Data Processor to Data Controller for the client company:

• In general, Swibeco SA acts as a Data Processor for its client companies (who then act as Data Controllers) with regard to the Personal Data collected under the service contract with Swibeco SA.
• However, Swibeco SA acts as the Data Controller for Personal Data collected for services provided, in particular during (1) creation and management of the Professional user administrator account; (2) purchase by users of online services.

Host

The host of the Platform and Lunch Card is:

Exoscale SA, Boulevard de Grancy 19A, Lausanne, Switzerland

This Privacy Policy does not govern how client companies (your employer), for example, handle your Personal Data. You should refer to the relevant client companies, particularly your employer, for information on how your data is processed by them.

Whether as Data Controller or Data Processor, we implement measures to guarantee the security and confidentiality of the Personal Data we manage, in compliance with the laws in force.

The data you send us

Contact: for example, to ask us a question or when you request information about a product or service (sex, first name, last name, e-mail, company telephone number, job title).

Data from third parties, including information about your use of www.swibeco.ch

We collect basic information relating to your connection to our website, which you provide when you browse the www.swibeco.ch website.

This includes IP address, device type, browser type, date, and time of connection, as well as information on visitor behaviour (pages visited, duration).

We use Google Analytics to collect this information, but it is only processed in a way that does not personally identify individuals.

Data provided by the employer

Employee account creation: sex, first name, last name, language, e-mail, date of birth, address.

In this context, Swibeco acts as a Data Processor and not as a Data Controller.

The data you send us

Administrator account creation: first name, last name, e-mail, telephone, address. Please note that compulsory data to be provided is indicated by an asterisk at the time of collection.

Contact: for example, to ask us a question or when you request information about a product or service (gender, first name, last name, e-mail, company telephone number, job title).

Placing an order: first name, last name, e-mail, telephone, delivery, and billing address.

Data from third parties, including information about your use of www.client-name.swibeco.ch

We collect basic information relating to your connection to our website, which you provide when you

• create an account
• buy a product on the website
• browse the website and
• view products

This includes IP address, device type, browser type, date, and time of connection, as well as information on visitor behaviour (pages visited, duration).

We use Google Analytics to collect this information, but it is only processed in a way that does not personally identify individuals.

Data provided by the employer

Employee account creation: sex, first name, last name, language, e-mail, nationality, date of birth, card delivery address.

In this context, Swibeco acts as a Data Processor and not as a Data Controller.

The data you send us

Employee account creation on our Lunch Card mobile application: phone number.

Data from third parties, including information about your use of the Lunch Card

We collect basic information relating to your use of the Lunch Card to be able to assist you if necessary, including:

• Lunch Card transactions

The personal information collected by SWIBECO SA is used for commercial and marketing purposes and is treated as strictly confidential.

We process your personal data for the following purposes:

When we have your consent

• SWIBECO SA may process your personal data for marketing purposes, to send you promotional information, product information and company news by e-mail, SMS, MMS, and push notifications.
• We place cookies and other trackers in accordance with our cookie policy.
• Occasionally and with your consent, we will use your personal data for the purposes described at the time of collection.

When processing is necessary to comply with a legal obligation

• This includes disclosing information to law enforcement agencies, in the exercise of legal rights, or for regulatory purposes.

When it is necessary for the legitimate interests of SWIBECO SA and when these interests prevail over your data protection rights

• We monitor user accounts to prevent, investigate and/or report any fraud, security incidents or criminal actions, in accordance with applicable laws.
• We use the information you provide to investigate any complaints or claims you make about www.swibeco.ch or our services.
• We analyse the use of www.swibeco.ch and use your information to help us improve, analyse and protect our content, products, and services.
• We use the information you provide to personalize the services we provide on the platform.
• We protect the rights of SWIBECO SA. This includes any use for legal, compliance, audit, investigative or regulatory purposes (including disclosure of such data in connection with legal proceedings or litigation).

In principle, your personal data will not be transferred to third parties, unless required by law, or if the execution of your order requires the use of one of our partner service providers (commercial partner, payment service providers, carriers, solvency check service providers).

In all cases, SWIBECO SA and any subcontractors who process or access your personal data will do so from Switzerland or the EEA. In the event that data is processed outside Switzerland or the EEA, and in accordance with the DPA, the DPO and EU Regulation 2018/1725, Swibeco SA will ensure in advance that an adequate level of protection of individuals’ fundamental right to data protection is provided, such as by adopting the European Commission’s Standard Contractual Clauses.

• Subcontractors public website www.swibeco.ch:

• The list of subcontractors for the Platform and the Lunch Card can be consulted upon request at privacy@swibeco.ch.

We may share your personal data with other members of SWIBECO SA located in Switzerland for the purposes of administration and client management.

Data will be kept for the time necessary to achieve the purposes for which it is collected and for a maximum period of:

• 2 years for contact (via our contact forms on Swibeco.ch),

or

• 60 days after the end of the contract for all contractual relationships;

unless a longer retention period is required by law. It will then be destroyed or anonymized.

We attach great importance to the accuracy of the data we hold about you.

At any time:

• You may request access to and modification of your personal data,
• You may request the deletion of your personal data,
• You may also restrict the processing of your personal data,
• If at any time we have asked for your consent, you may withdraw it at any time,
• You may request to receive your personal data in a structured, machine-readable format (portability),
• You may object to processing in certain situations.

In all cases, you can send us a request by e-mail to privacy@swibeco.ch or by post to the following address:

SWIBECO SA, Attn. Data Protection Officer, Chemin de Primerose 11, 1007 Lausanne Switzerland.

However, these rights may be limited in certain situations. If this is the case, you will be provided with the reason for the exception in the DPA, DPO or GDPR. (This is the case when we are able to prove that we are legally required to process your data, or when this data infringes the rights of a third party, including our rights, or when you ask us to delete data that we are legally required to retain, or when retaining it is in our legitimate interests).

We take appropriate security measures (both organizational and technological) to protect your information against unauthorized access, alteration, disclosure, or destruction.

Your credit card data is always stored and transmitted in encrypted form. The use of SSL (Secure Socket Layer) encryption technology ensures that your data is protected from outside access.

To make access to swibeco.ch more convenient and to provide you with the best possible experience, we use cookies. Cookies are small files that only record information related to your browsing preferences and never contain sensitive information. The purpose of these files is to identify you more quickly on your next visit and personalize certain aspects of the website, such as language, to improve your user experience.

On the www.swibeco.ch website, Swibeco SA uses various categories of cookies to improve the interactivity of the website and its services. These cookies may be used both by Swibeco SA and by third-party technical service providers, to optimize your user experience and offer advanced functions.

For more information, please consult the cookie policy.

You also have the right to notify the Swiss Federal Data Protection and Information Commissioner (FDPIC) at Feldeggweg 1 – CH-3003 Bern of any claims relating to the way in which Swibeco SA collects and processes your data.

Swibeco SA has appointed a Data Protection Officer and declared them to the Federal Data Protection Commissioner in accordance with Art. 10, line 3, let. d of the LPD.

E-mail address: privacy@swibeco.ch

This data protection statement may be amended by SWIBECO SA at any time. Consult it regularly.