Personal Data Protection Statement

SWIBECO SA makes protection of privacy a priority, particularly data protection. SWIBECO SA therefore endeavours to treat all data provided with the utmost care and complies with the provisions of Swiss legislation on the protection of personal data. This statement also informs you of your personal data protection rights related to data processing by SWIBECO SA. User data is collected during the user’s visits to our website and their potential interactions with the services and features we offer. This statement has been drawn up in accordance with the provisions of the Federal Law on the Protection of Personal Data (“LPD”) of September 25, 2020, the Data Protection Ordinance (“DPO”) of August 31, 2022, and is inspired by the best practices indicated in the General Data Protection Regulation (EU) 2016/679 (“GDPR”).  

1. Website: Data Controller 

The Data Controller is:   SWIBECO SA  , Chemin de Primerose 11, 1007 Lausanne, Switzerland   This website is hosted by:  Exoscale SA, Boulevard de Grancy 19A, Lausanne, Switzerland   

2. Platform and Lunch Card: Who is the Data Controller? 

The Data Controller defines the purposes and methods of processing personal data, while the Data Processor processes the data in accordance with specific data protection guidelines, acting under the authority of the Data Controller.  Depending on the activities involved, our role may vary from Data Processor to Data Controller for the client company: 
  • In general, Swibeco SA acts as a Data Processor for its client companies (who then act as Data Controllers) with regard to the Personal Data collected under the service contract with Swibeco SA. 
  • However, Swibeco SA acts as the Data Controller for Personal Data collected for services provided, in particular during (1) creation and management of the Professional user administrator account; (2) purchase by users of online services. 

Host 

The host of the Platform and Lunch Card is:  Exoscale SA, Boulevard de Grancy 19A, Lausanne, Switzerland   This Privacy Policy does not govern how client companies (your employer), for example, handle your Personal Data. You should refer to the relevant client companies, particularly your employer, for information on how your data is processed by them.  Whether as Data Controller or Data Processor, we implement measures to guarantee the security and confidentiality of the Personal Data we manage, in compliance with the laws in force.   

 3. Collecting your personal data

When you consult and navigate on the website www.swibeco.ch  
How? In what context? 
The data you send us  Contact: for example, to ask us a question or when you request information about a product or service (sex, first name, last name, e-mail, company telephone number, job title). 
Data from third parties, including information about your use of www.swibeco.ch We collect basic information relating to your connection to our website, which you provide when you browse the www.swibeco.ch website.  This includes IP address, device type, browser type, date, and time of connection, as well as information on visitor behaviour (pages visited, duration).  We use Google Analytics to collect this information, but it is only processed in a way that does not personally identify individuals.
  When you visit and browse our Swibeco Benefits Platform.  
How? In what context? 
Data provided by the employer  Employee account creation: sex, first name, last name, language, e-mail, date of birth, address.   In this context, Swibeco acts as a Data Processor and not as a Data Controller. 
The data you send us Administrator account creation: first name, last name, e-mail, telephone, address. Please note that compulsory data to be provided is indicated by an asterisk at the time of collection. 
Contact: for example, to ask us a question or when you request information about a product or service (gender, first name, last name, e-mail, company telephone number, job title). 
Placing an order: first name, last name, e-mail, telephone, delivery, and billing address. 
Data from third parties, including information about your use of   www.swibeco.swibeco.ch We collect basic information relating to your connection to our website, which you provide when you 
  • create an account  
  • buy a product on the website  
  • browse the website and  
  • view products  
This includes IP address, device type, browser type, date, and time of connection, as well as information on visitor behaviour (pages visited, duration).  We use Google Analytics to collect this information, but it is only processed in a way that does not personally identify individuals.
  If you are a Lunch Card user 
How? In what context? 
Data provided by the employer  Employee account creation: sex, first name, last name, language, e-mail, nationality, date of birth, card delivery address.   In this context, Swibeco acts as a Data Processor and not as a Data Controller. 
The data you send us  Employee account creation on our Lunch Card mobile application: phone number. 
Data from third parties, including information about your use of the Lunch Card  We collect basic information relating to your use of the Lunch Card to be able to assist you if necessary, including:  
  • Lunch Card transactions 
 

4. Use of your personal data 

The personal information collected by SWIBECO SA is used for commercial and marketing purposes and is treated as strictly confidential.  We process your personal data for the following purposes: 
On what basis? Purposes 
When we have your consent  – SWIBECO SA may process your personal data for marketing purposes, to send you promotional information, product information and company news by e-mail, SMS, MMS, and push notifications.  – We place cookies and other trackers in accordance with our cookie policy.  – Occasionally and with your consent, we will use your personal data for the purposes described at the time of collection. 
When processing is necessary to comply with a legal obligation  – This includes disclosing information to law enforcement agencies, in the exercise of legal rights, or for regulatory purposes. 
When it is necessary for the legitimate interests of SWIBECO SA and when these interests prevail over your data protection rights.  – We monitor user accounts to prevent, investigate and/or report any fraud, security incidents or criminal actions, in accordance with applicable laws.  – We use the information you provide to investigate any complaints or claims you make about www.swibeco.ch or our services.  – We analyse the use of www.swibeco.ch and use your information to help us improve, analyse and protect our content, products, and services.  – We use the information you provide to personalize the services we provide on the platform.  – We protect the rights of SWIBECO SA. This includes any use for legal, compliance, audit, investigative or regulatory purposes (including disclosure of such data in connection with legal proceedings or litigation). 
 

5. Data transfer / Retention period

In principle, your personal data will not be transferred to third parties, unless required by law, or if the execution of your order requires the use of one of our partner service providers (commercial partner, payment service providers, carriers, solvency check service providers).  In all cases, SWIBECO SA and any subcontractors who process or access your personal data will do so from Switzerland or the EEA. In the event that data is processed outside Switzerland or the EEA, and in accordance with the DPA, the DPO and EU Regulation 2018/1725, Swibeco SA will ensure in advance that an adequate level of protection of individuals’ fundamental right to data protection is provided, such as by adopting the European Commission’s Standard Contractual Clauses. 
Supplier name  Location  Service category  Type of task performed  Guarantees for transfers outside Switzerland 
EXOSCALE Switzerland  Hosting  Swibeco data hosting service  N/A
AXEPTIO European Union  Consent management platform  Helps Swibeco manage cookie consent  Approved countries 
ZOHO European Union  CRM Swibeco client management tool  Approved countries 
 
  • The list of subcontractors for the Platform and the Lunch Card can be consulted upon request at privacy@swibeco.ch 
  We may share your personal data with other members of SWIBECO SA located in Switzerland for the purposes of administration and client management.  Data will be kept for the time necessary to achieve the purposes for which it is collected and for a maximum period of:  
  • 2 years for contact (via our contact forms on Swibeco.ch), 
or 
  • 60 days after the end of the contract for all contractual relationships; 
unless a longer retention period is required by law. It will then be destroyed or anonymized.   

6. Rectification of your personal data 

We attach great importance to the accuracy of the data we hold about you.  At any time:  
  • You may request access to and modification of your personal data, 
  • You may request the deletion of your personal data, 
  • You may also restrict the processing of your personal data, 
  • If at any time we have asked for your consent, you may withdraw it at any time, 
  • You may request to receive your personal data in a structured, machine-readable format (portability), 
  • You may object to processing in certain situations. 
In all cases, you can send us a request by e-mail to privacy@swibeco.ch or by post to the following address:   SWIBECO SA, Attn. Data Protection Officer, Chemin de Primerose 11, 1007 Lausanne Switzerland.  However, these rights may be limited in certain situations. If this is the case, you will be provided with the reason for the exception in the DPA, DPO or GDPR. (This is the case when we are able to prove that we are legally required to process your data, or when this data infringes the rights of a third party, including our rights, or when you ask us to delete data that we are legally required to retain, or when retaining it is in our legitimate interests).    

7. Data security

We take appropriate security measures (both organizational and technological) to protect your information against unauthorized access, alteration, disclosure, or destruction.   

8. Payment security

Your credit card data is always stored and transmitted in encrypted form. The use of SSL (Secure Socket Layer) encryption technology ensures that your data is protected from outside access.   

9. Use of cookies (see cookie policy)

To make access to swibeco.ch more convenient and to provide you with the best possible experience, we use cookies. Cookies are small files that only record information related to your browsing preferences and never contain sensitive information. The purpose of these files is to identify you more quickly on your next visit and personalize certain aspects of the website, such as language, to improve your user experience.  On the www.swibeco.ch website, Swibeco SA uses various categories of cookies to improve the interactivity of the website and its services. These cookies may be used both by Swibeco SA and by third-party technical service providers, to optimize your user experience and offer advanced functions.  For more information, please consult the cookie policy.   

 10. Right to file a claim 

You also have the right to notify the Swiss Federal Data Protection and Information Commissioner (FDPIC) at Feldeggweg 1 – CH-3003 Bern of any claims relating to the way in which Swibeco SA collects and processes your data.   

 11. Data Protection Officer

Swibeco SA has appointed a Data Protection Officer and declared them to the Federal Data Protection Commissioner in accordance with Art. 10, line 3, let. d of the LPD.  E-mail address: privacy@swibeco.ch   

 12. Changes

This data protection statement may be amended by SWIBECO SA at any time. Consult it regularly.   

Cookie policy 

To make access to swibeco.ch more convenient and to provide you with the best possible experience, we use cookies. Cookies are small files that only record information related to your browsing preferences and never contain sensitive information. The purpose of these files is to identify you more quickly on your next visit and personalize certain aspects of the website, such as language, in order to improve your user experience.  On the www.swibeco.ch website, Swibeco SA uses various categories of cookies to improve the interactivity of the website and its services. These cookies may be used both by Swibeco SA and by third-party technical service providers, to optimize your user experience and offer advanced functions.  Please note that this cookie policy is an essential part of our privacy policy for the website, demonstrating our commitment to the protection of your personal information.   

1. What is a cookie? 

A cookie is a small file stored by a server on a user’s terminal (computer, telephone, etc.) and associated with a web domain (i.e., in most cases with all the pages of a single website). This file is automatically sent when you contact the same domain again.  The purpose of cookies is to identify you more quickly on your next visit and personalize certain aspects of the website, such as language, in order to improve your user experience. Some of these uses are strictly necessary for the functions expressly requested by the user, or to establish communication, and are therefore exempt from consent. Others, which do not meet these criteria, require user consent before reading or writing.  The distinction between “third-party” and “first-party” cookies is technical.   
  • “First-party” cookies are deposited by the website visited by the user, more precisely on the website’s domain. They may be used for proper operation of the website or to collect personal data to track user behavior and for advertising purposes; 
  • “Third-party” cookies are cookies deposited on domains other than that of the main website, generally managed by third parties who have been asked to do so by the website visited and not by the user themselves. These cookies may also be necessary for the website to function properly, but their main purpose is to enable the third party to see which pages have been visited on the website in question by a user, and to collect information about them, mainly for advertising purposes. 
 

2. Cookie management 

You can manage your cookie preferences at any time by clicking on “Cookie Management”. This will allow you to accept, refuse or modify your choice of cookies according to your preferences.  If you refuse cookies, some aspects of the website and platform may not function on your device, and you may not be able to access certain areas of the www.swibeco.ch website or platform.  This is why we recommend that you accept cookies.   

3. Cookies we use 

3.1. Required cookies 

Required cookies are essential for using the website and its functions. They are therefore deposited without your consent. These cookies enable the website to function optimally.  List of required cookies 
Required cookies 
Cookie name  Supplier  Purposes  Expiration
_zcsr_tmp crm.zoho.eu Zoho CRM connection on the website. Session
_zcsr_tmp maillist-manage.com Zoho Campaigns connection on the website.  Session
_zcsr_tmp salesiq.zohopublic.eu Zoho Salesiq connection on the website.  Session
bscookie linkedin.com Login to connect to a website via LinkedIn.  1 year
hex (10) crm.zoho.eu Records which zoho crm server group serves the visitor in order to optimize the user experience.  Session
hex (10) forms.zoho.eu Records which zoho form server group serves the visitor in order to optimize the user experience.  Session
hex (10) ma.zoho.com Records which zoho ma server group serves the visitor in order to optimize the user experience. Session
hex (10) maillist-manage.com Records which zoho Campaigns server group serves the visitor in order to optimize the user experience. Session
hex (10) salesiq.zoho.eu Records which zoho Salesiq server group serves the visitor in order to optimize the user experience. Session
hex (10) salesiq.zohopublic.eu Records which zoho Salesiq server group serves the visitor in order to optimize the user experience. Session
JSESSIONID maillist-manage.com Preserves user settings through page requests.  Session
li_gc linkedin.com Stores permission to use cookies.  180 days
test_cookie doubleclick.net Cookie test for Doubleclick.  1 day
zc_consent Swibeco Determines whether the user has accepted the cookie consent box.  1 year
#_zldp Swibeco Sets a unique identifier for the user.  1 year
#_zldt Swibeco Sets a unique identifier for the user.  1 day
ln_or Swibeco Records user behavior.  1 day
siqlsdb Swibeco Sets a unique identifier for the user.  Persistent
utsdb Swibeco Records visitor behavior data.   Persistent
 

3.2. Preference cookies 

Preference cookies enable a website to remember information that modifies the way the website behaves or displays, such as your preferred language or the region in which you are located.  Preference cookie list 
Preference cookies 
Cookie name  Supplier  Purposes  Expiration
_icl_visitor_lang_js Swibeco Saves the user’s preferred language.  2 days
lidc linkedin.com Records which LinkedIn server group serves the visitor in order to optimize it.  1 day
LS_CSRF_TOKEN salesiq.zohopublic.eu Identifies the user through devices.  Session
wpml_browser_redirect_test Swibeco Saves the user’s preferred language.  Session
wp-wpml_current_language Swibeco Designates the country code according to the user’s IP address.  Session
 

3.3. Statistical cookies 

Statistical cookies help website owners, by collecting and communicating information anonymously, to understand how visitors interact with websites.  Statistics cookies list 
Cookies de statistiques
Cookie name  Supplier  Purposes  Expiration
AnalyticsSyncHistory linkedin.com Synchronization of analysis data.  30 days
ZCAMPAIGN_CSRF_TOKEN maillist-manage.com Distinguishes between humans and robots.  Session
_ga Google Analytics Stores a unique identifier used to generate statistical data on how the visitor uses the website.  2 years
_ga_# Google Analytics Used by Google Analytics to collect data on the number of times a user has visited the website as well as the dates of the first and most recent visits.  2 years
 

3.4. Marketing cookies 

Marketing cookies are used to track visitors through websites. The aim is to display ads that are relevant and interesting to the individual user, and therefore more valuable to third-party publishers and advertisers.  Marketing cookies list 
Cookies marketing
Cookie name  Supplier  Purposes  Expiration
_fbp Facebook Facebook ad tracking.  3 months
_gcl_au Google Ads Google advertising effectiveness.  3 months
_uetsid Bing.com Tracks users on the website.  Persistent
_uetsid Bing.com Collects user data.  1 day
_uetsid_exp Bing.com Contains the expiration date of the cookie with identical name.  Persistent
_uetvid Bing.com Tracks users on the website.  1 year
_uetvid_exp Bing.com Contains the expiration date of the cookie with identical name.  Persistent
bcookie linkedin.com Tracks use of services.  1 year
crmcsr crm.zoho.eu Collects user preference data.  Session
gclid Google Ads Collects user data.  30 days
li_sugr linkedin.com Collects user data.  3 months
MUID Bing.com Creates a unique user ID.  1 year
pagead/1p-user-list/# Google Ads Session
uesign salesiq.zohopublic.eu Creates a unique user ID.  30days
UserMatchHistory linkedin.com Guarantees visitor security  30 days
utm_medium Google Ads Collects user preference data.  7 days
utm_source Google Ads Determines how users access the website.  7 jours
zc_show maillist-manage.com Collects user preference data.  1 year
 

3.5. Unclassified cookies 

Unclassified cookies are cookies that are in the process of being classified, as well as those from individual cookie providers.  List of unclassified cookies 
Cookies non classés
Cookie name  Supplier  Purposes  Expiration
B-CapG Swibeco 1 day 
cDPdRvQNgwuysiL Swibeco 1 day 
DfCYnE Swibeco 1 day 
JnCr_itlVPhd Swibeco 1 day 
 

4. Disabling cookies through your browser 

You can also disable cookies at any time by changing your browser settings. However, please note that disabling cookies may alter the conditions of access to our services that require the use of cookies.  Most browsers accept cookies by default, but you can block them by activating the private browsing function or by setting your browser to notify you when a website attempts to place a cookie on your device.  To adjust your browser’s cookie management settings, access the privacy options in your browser’s settings. This will allow you to customize your cookie preferences.  Each browser has its own specific settings. You can consult your browser’s help menu for detailed instructions on how to change your cookie preferences. You can also find specific instructions on how to disable cookies in your browser at the following links:   

5. Updates to this policy 

We reserve the right to update this cookie policy at any time. Any change to this policy will take effect as soon as it is published on the website. We recommend that you consult this page regularly to keep up to date with the latest information on the cookies used on the website.   

6. Data Protection Officer

SWIBECO SA has appointed a Data Protection Officer and declared them to the Federal Data Protection Commissioner in accordance with Art. 10, line 3, let. d of the LPD.  E-mail address: privacy@swibeco.ch