The present website is part of the offer of the Swiss Kongresshaus Zürich AG (Zurich Convention Center Ltd.). This privacy statement provides information about how we process personal data in connection with our website and our other online offerings.
For individual or additional offerings and services, specific, additional or other privacy statements may apply together with other legal documents such as general terms and conditions (GTCs), conditions of use or conditions of participation.
Our online offering is subject to Swiss data protection law as well as any applicable foreign data protection law, and in particular the General Data Protection Regulation (GDPR) of the European Union (EU). The EU acknowledges that Swiss data protection law guarantees adequate data protection.
1. Contact details
1.1 Responsibility for the online offering
Kongresshaus Zürich AG
Zurich Convention Center Ltd.
1.2 Data protection representation in the EU / EEA
We enjoy the following data protection representation in the European Union (EU), or more particularly in the European Economic Area (EEA) including the Principality of Liechtenstein, in accordance with Art. 27 GDPR, as an additional point of contact for supervisory authorities and persons concerned for queries relating to the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner UG
Am Kaiserkai 69
2. Processing personal data
Personal data are all data referring to an identified or identifiable person. A person concerned is a person whose personal data are processed. Processing encompasses any handling of personal data, independent of the means and processes used, in particular the collection, deletion, destruction, disclosure, modification, procurement, saving, storage and use of personal data.
2.2 Legal bases
We process personal data in accordance with Swiss data protection law, and in particular the Federal Act on Data Protection (DSG) and the Ordinance to the Federal Act on Data Protection (VDSG).
If and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:
- Art. 6 para. 1b GDPR for the necessary processing of personal data for the performance of a contract with the person concerned and to take steps prior to entering into a contract.
- Art. 6 para. 1f GDPR for the necessary processing of personal data to protect the legitimate interests of our company or of third parties, insofar as the fundamental rights and freedoms as well as the interests of the person concerned do not prevail. In particular, legitimate interests refer to our ability to ensure the long-term, user-friendly, secure and reliable provision and, where necessary, advertising of our online service, information security and protection against improper and unauthorised use, the enforcement of our own legal claims and compliance with Swiss law.
- Art. 6 para. 1c GDPR for the necessary processing of personal data to comply with a legal obligation to which we are subject in accordance with any applicable law of the EU or of the member states of the European Economic Area (EEA).
- Art. 6 para. 1e GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
- Art. 6 para. 1a GDPR for the processing of personal data with the consent of the person concerned.
- Art. 6 para. 1d GDPR for the necessary processing of personal data to protect the vital interests of the person concerned or of any other natural person.
2.3 Type, scope and purpose
We process those personal data which are necessary in order to ensure the long-term, user-friendly, secure and reliable provision of our online service. Such personal data may fall into the categories of content data, inventory and contact data, peripheral data and usage data as well as contract data and payment information.
We process personal data for the time frame necessary to the relevant purpose or purposes or which is legally required. Personal data which no longer needs to be processed are anonymised or deleted.
In principle, we only process personal data with the consent of the person concerned, unless processing is permitted on other legal grounds, for example to fulfil a contract with the person concerned or to take steps prior to entering into a contract in order to protect our overriding legitimate interests because processing is evident from the circumstances or after prior information.
Within this framework, we essentially process information that the person concerned has made available to us, for example by letter post, e-mail, contact form, social media or telephone, or when registering voluntarily and in person for a user account. We can, for example, save this information in an address book, a customer relationship management system (CRM system) or using comparable tools. Insofar as you provide us with personal data about third parties, you are obliged to ensure data protection vis-à-vis these third parties as well as the accuracy of such personal data.
Furthermore, we process personal data which we receive from third parties, procure from publicly accessible sources or collect when providing our online service, if an insofar as such processing is permitted on legal grounds.
Personal data received from “applications” are only processed insofar as they relate to suitability for an employment relationship or are necessary for the subsequent execution of an employment contract. The personal data necessary to an application result from the information requested or provided within the framework of the job description. Candidates have the opportunity to volunteer other information relating to their respective applications.
2.4 Processing of personal data by third parties, potentially abroad
We can have personal data processed by third parties, in particular operators processing the order, or process them together with third parties or with the help of third parties or can communicate these data to third parties. Such third parties are essentially suppliers and other service providers. In the case of such third parties, we ensure suitable data protection.
Such third parties are, in principle, located in Switzerland and in the European Union (EU) or in the European Economic Area (EEA). Such third parties can be located in other states around the world and elsewhere in the universe insofar as the associated data protection law provides appropriate data protection in accordance with the assessment of the Federal Data Protection and Information Commissioner (FDPIC) and – if and insofar as the General Data Protection Regulation (GDPR) is applicable – in accordance with the assessment of the European Commission or if, for other reasons such as a relevant contractual agreement, in particular based on standard contractual clauses or relevant certification, appropriate data protection is provided. In the case of third parties in the United States of America (USA), certification in accordance with the Privacy Shield can guarantee appropriate data protection. In exceptional circumstances, such third parties can be located in a country without appropriate data protection insofar as the data protection requirements, such as the express consent of the person concerned, are satisfied.
3. Rights of the persons concerned
Persons concerned whose personal data we process enjoy the rights accorded by Swiss data protection legislation. These include the right of access to information as well as the right to rectify, erase and block the personal data that is processed.
Persons concerned whose personal data we process can – if and insofar as the General Data Protection Regulation (GDPR) is applicable – request, free of charge, confirmation of whether we are processing their personal data and, if this is the case, request information concerning the processing of their personal data, restrict processing of their personal data, exercise their right to data portability and rectify, erase (“right to be forgotten”), block or complete their personal data.
Persons concerned whose personal data we process can – if and insofar as the GDPR is applicable – revoke, at any time with future effect, consent that has already been granted and object to the processing of their personal data.
Persons concerned whose personal data we process enjoy the right of appeal to a relevant supervisory authority. The supervisory body for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
4. Data security
We take appropriate and adequate technical and organisational measures to ensure data protection, and in particular data security. Despite such measures, online personal data processing may nevertheless demonstrate security gaps. We cannot, therefore, guarantee absolute data security.
Access to our online service involves transport encryption (SSL / TLS with HTTPS).
Like, in principle, every Internet use – access to our online service is subject to unfounded mass supervision with any suspicion as well as additional supervision by the security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other states. We have no direct influence on the corresponding processing of personal data by intelligence services, police stations and other security agencies.
5. Use of our website
When you visit our website, cookies may be saved temporarily to your browser as so-called “session cookies” or for a specific period of time, as so-called permanent cookies. “Session cookies” are erased automatically when you close your browser. In particular, permanent cookies enable your browser to recognise our website the next time you visit it and thus to measure the coverage of our website, for example. Permanent cookies can also be used for online marketing.
In the case of cookies used for analytics or advertising, a general opt-out is available for numerous services via the Networking Advertising Initiative, YourAdChoices (Digital Advertising Alliance) and / or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
5.2 Logo files
Every time our website is accessed, we can record the following information, insofar as it is sent by your browser to our server infrastructure or can be determined by our web server: the date and time including the time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including the user interface and version, browser including the language and version, individual pages and data volume transferred and, finally, the website consulted (referrer).
We store this information, which can also be deemed personal data, in log files. The information is necessary to ensure the long-term, user-friendly and reliable provision of our online service and to be able to guarantee data security and, in particular, the protection of personal data – potentially by or with the assistance of third parties.
5.3 Tracking pixels
We can use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels – including those of third parties whose services we use – are small pictures which are retrieved when visiting our website. With tracking pixels, the same information can be recorded as in server log files.
6. Newsletter and other notifications
We can send newsletters and other notifications by e-mail and via other communication channels. We can have newsletters and other notifications sent by or with the assistance of third parties.
In principle, you must give your express consent to the use of your e-mail address and other contact details, unless use is permitted on other legal grounds. For any consent concerning e-mails, we use a “double opt-in”, which means that you receive an e-mail containing a web link, which you must click to confirm, thereby ensuring that no improper use can be made by unauthorised third parties. We can log such consents, including Internet Protocol (IP) addresses and the date and time.
Newsletters and other notifications may contain hyperlinks or tracking pixels, which record whether an individual newsletter or an individual notification has been opened and which hyperlinks have been clicked on (performance measurement). Such hyperlinks and tracking pixels record the use of newsletters and other notifications. We require this statistical measurement of use, including the coverage and success measurements, in order to be able to ensure effective, user-friendly, long-term, secure and reliable provision of newsletters and other notifications based on the reading habits of the recipients.
You can unsubscribe from newsletters and other notifications at any time and thus object to the aforementioned recording of use.
7. Social media
We are present on social media platforms and other online platforms in order to communicate with interested parties and provide information about our online service. The general terms and conditions (GTCs), data privacy statements and other provisions of the individual operators of these online platforms also apply.
For our social media presence on Facebook, we are – if and insofar as the GDPR is applicable – responsible, together with Facebook, for the so-called page insights which indicate how visitors interact with out Facebook presence. We use page insights to ensure that our social media presence on Facebook is effective and user-friendly. Facebook has published an Amendment concerning Responsibility for Page Insights.
8. Third-party services
We can call on the services of third parties in order to ensure the long-term, user-friendly, secure and reliable provision of our online service. Such services also serve to embed content in our online service. Such services – for example hosting and back-up services, video services and payment services – require your Internet Protocol (IP) address, otherwise they cannot transmit the relevant content. These services may be located outside Switzerland and the European Union (EU) or the European Economic Area (EEA) insofar as appropriate data protection is guaranteed.
For your own security-related, statistical and technical purposes, third-party services can also process data in connection with our online service and from other sources in an aggregated, anonymised or pseudonymised manner – among other things using cookies, log files and tracking pixels. Such data are not used to address people concerned in connection with our online service.
8.1 Performance and coverage measurement
We use Google Analytics to analyse how our website is used, whereby we can measure the coverage of our website and the success of third-party links on our website. This is a service provided by the American company Google LLC, while Google Ireland Limited is responsible for users in the European Economic Area (EEA) and in Switzerland.
Further information about the type, scope and purpose of data processing can be found in the Google Data Protection and Security Principles and in the Data Privacy Statement, in the Guidelines on Data Protection in Google Products (including Google Analytics), in the Information on how Google use data from websites on which Google services are used and in the Information about cookies at Google. Furthermore, you have the possibility to use the “browser add-on to deactivate Google Analytics” and to object to personalised advertising.
We use the Google Tag Manager to incorporate and manage analytics or advertising services provided by Google or third parties into our website. This is a service provided by the American company Google LLC, while Google Ireland Limited is responsible for users in the European Economic Area (EEA) and in Switzerland. No cookies are used, although cookies may be used within the framework of the services incorporated and managed. We provide information concerning the processing of personal data via these services in the present data privacy statement.
Through this type of advertising, we particularly want to address people who are interested in our online service or who already use our online service. To this end, we communicate relevant – and personal – data to Google (re-marketing). We can also determine whether our advertising is successful, i.e. whether it directs visitors to our website (conversion tracking).
Further information about the type, scope and purpose of data processing can be found in the Google Data Protection and Security Principles and in the Data Privacy Statement, in the Information on how Google use data from websites on which Google services are used and in the Information about cookies at Google. Furthermore, you can object to personalised advertising.
9. Extensions for the website
10. Final provisions
We can amend and extend this data privacy statement at any time. We will provide information concerning any such amendments and extensions in the appropriate format, in particular by publishing the updated data privacy statement on our website.