1. Data controller
The Swiss Structured Products Association SSPA is responsible for the data processing that we describe here. You can contact us at the following address if you have any concerns about data privacy: Rämistrasse 4, 8001 Zürich, Switzerland firstname.lastname@example.org.
2. Collection and processing of personal data
We primarily process personal data that we collect within the context of our Association activities, in particular the favourable influencing of operating conditions for structured products on the Swiss financial centre, from our members and other involved persons or that we collect from users during the operation of our website and other applications.
Where permitted, we also collect some data from publicly accessible sources (e.g. the commercial register, press, internet) or receive such data from other Association members, public authorities and other third parties. In addition to the data that you provide to us directly, the categories of personal data that we receive about you from third parties include information from public registers, information relating to your professional functions and activities, your addresses and, where applicable, interests and other socio-demographic data (for marketing purposes), data relating to the use of the website (e.g. IP address, MAC address of the smartphone or computer, details of your device and settings, cookies, date and time of your visit, pages and content accessed, functions used, referring website, location information).
3. Purpose of the data processing
We process personal data primarily in conjunction with our Association activities, in particular for the administration of the membership list and for communicating with our members and other interested parties. If your employer is a member of our Association and he designates you as a contact person, your data may also be affected. Our data processing includes, inter alia, (i) the sending of our Newsletter and other information (e.g. concerning current events); (ii) the organisation of events, in particular for our members (iii) the operation and further development of our website; (iv) the conclusion and processing of contracts with our service providers and suppliers.
4. Legal basis
If you have given us your consent to process your personal data for specific purposes (in particular when registering to receive newsletters), we shall process your personal data within the scope of and based on this consent, unless we have another legal basis that is required. Consent that has been granted can be revoked at any time, although this has no effect on data processing that has already taken place.
Insofar as we require a legal basis for the processing of personal data in accordance with the applicable data protection legislation, this usually concerns the conclusion or execution of contracts or, where permitted and where we consider this appropriate, the following legitimate interests of us (or, where applicable, of third parties):
- offering and developing our offers, services and websites, apps and other platforms on which we are present;
- communicating with third parties and processing their enquiries (e.g. job applications, media enquiries);
- advertising and marketing (including the organisation of events), unless you have objected to the use of your data;
- assertion of legal claims and defence in connection with legal disputes and administrative proceedings;
- guarantees of our operations, especially IT, our websites, apps and other platforms;
- for the effective and efficient management of the Association and for the promotion of the purpose of the Association as well as possible transactions under company law and the associated transfer of personal data and compliance with legal and regulatory obligations.
5. Cookies | tracking and other technologies associated with the use of our website
We also typically use “cookies” and equivalent technologies on our website that enable the identification of your browser or your device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the browser you use when you visit our website. This means that when you visit this website again, we are able to recognise you even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after your visit to the website (“session cookies”), cookies can also be used to store user settings and other information for a specific period of time (e.g. two years) (“permanent cookies”). We use permanent cookies, enabling you to save user settings (e.g. language, autologin). You can set your browser to reject cookies, save them only for one session or otherwise delete them prematurely. Most browsers are preset in such a way that they accept cookies. If you block cookies, it is possible that certain functionalities (such as language selection) will no longer work.
By using our websites and consenting to receive newsletters, you agree to the use of these methods. If you do not want this to happen, you must set your browser or e-mail programme accordingly.
We use Google Analytics or similar services on our websites. This is a service provided by third parties who may be located in any country of the world (in the case of Google Analytics it is Google LLC in the US, www.google.com), which we deploy to measure and evaluate the use of the website. Permanent cookies, set by the service provider, are also used for this purpose. The service provider does not receive any personal data from us (and does not store any IP addresses), but may track your use of the website, combine this information with data from other websites you have visited and which are also tracked by service providers, and use these findings for its own purposes (medication (e.g. to control advertising). If you are registered with the service provider, the service provider also recognises you. The service provider’s processing of your personal data is then the responsibility of the service provider and is carried out in accordance with its data protection provisions. The service provider merely informs us how our respective website is used (without any information about you personally).
6. Data forwarding and data transfer abroad
Within the context of the purpose of our Association and the purposes pursuant to Fig. 3, we also disclose to third parties, to the extent permitted and deemed appropriate, either because they process this data for us or because they wish to use this data for their own purposes. This concerns the following positions in particular:
- our service providers (such as e.g. banks), including processors (such as e.g. IT providers);
- traders, suppliers, subcontractors and other partners;
- competitors, industry organisations, associations, organisations and other bodies;
- other parties in possible or actual legal proceedings as well as any possible interested parties or buyers within the context of possible transactions under company law;
all collectively recipients.
Some of these recipients are located in Switzerland, although they may be located anywhere around the globe. In particular, you must expect your data to be transferred to other countries in Europe and the USA where the service providers we use are located (such as hosting provider in London). If we transfer data to a country without adequate statutory data protection, we shall ensure an adequate level of protection as required by law by using appropriate contracts (specifically on the basis of the so-called standard contractual clauses of the European Commission) or shall rely upon the legal exceptions of consent, the execution of the contract, the establishment, exercise or enforcement of legal claims, overriding public interests, the published personal data or because it is necessary to protect the integrity of the data subjects. You can obtain a copy of the contractual guarantees mentioned above at any time from the contact person mentioned in Fig. 1. We however reserve the right to redact transcripts for reasons of data protection or confidentiality, or to deliver only excerpts thereof.
7. Duration of the storage of personal data
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for example for the duration of your Association membership or as long as your employers are members and you are stored as our contact person as well as beyond the duration of the membership in accordance with the legal storage and documentation obligations. Within this context, it may be that your personal data is stored for the period in which claims may be asserted against our Association, and insofar as we are otherwise legally obliged to do so or this is required by legitimate business interests (e.g. for evidential or documentation purposes). As soon as your personal data is no longer needed for the above purposes, it is in principle deleted or anonymised as far as possible. As a basic principle, the shorter retention periods of twelve months or less shall apply for operational data (medication (e.g. system protocols, logs).
8. Data security
We take appropriate technical and organisational security precautions to protect your personal data against unauthorised access and misuse, such as e.g. IT and network security solutions, access controls and access restrictions.
9. Obligation to provide personal data
Within the context of your membership, you must provide the personal data required for admission to the Association and the fulfilment of obligations under association law (however, you generally do not have a legal obligation to provide us with data). Without this data we will generally not be able to admit you (or the body or person you represent) to our Association. The website can also not be used if certain information required to safeguard data traffic (such as IP address) is not disclosed.
10. Rights of the data subject
Within the context of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR), you have the right of access, correction, erasure, the right to limit data processing and otherwise to object to our data processing and to surrender certain personal data for the purpose of transferring this to another body (so-called data portability). Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, if we have an overriding interest in doing so (insofar as we are entitled to refer to this) or if we need this data in order to assert claims. If this means you incur costs, we shall inform you in advance. We informed you in Fig. 3 that you are entitled to withdraw your consent.
The exercise of such rights usually requires that you clearly prove your identity (e.g. by producing a copy of your identity card where your identity is otherwise not clear or cannot be verified). To assert your rights, you may contact us under the address specified in Fig. 1.
Data subjects can also assert their rights in court and have the right to file a complaint with the competent data protection authority. In Switzerland, the competent data protection authority is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).