1. Overview and scope
To run its business activities the Swiss Risk Association (hereinafter referred to as «SRA», «we» or
«us») collects and processes personal data.
SRA takes your privacy seriously. This privacy policy provides information on how and for what purposes we process your personal data (hereinafter «you»), which you disclose to us or which we collect from you. This privacy policy is not exhaustive; if necessary, further documents may contain additional information on the processing of your personal data (e.g. conditions of participation). «Personal data» means all details and information relating to an identified or identifiable natural person.
2. Data controller and point of contact
The name and address of the data controller are as follows:
Swiss Risk Association
8000 Zürich
E-Mail: info@swiss-risk.org
If you have any questions about data protection, please contact our address above.
3. Data origin and data categories
On principle, we only process personal data that we receive or collect from our board members, individual members, corporate members (hereinafter referred to as «members»), sponsors, any other involved stakeholders, interested parties, event participants and website visitors in the course of our association activities. To the extent permitted, we also collect certain data from public sources (e.g. debt collection register, commercial register, media, internet) or receive such data from other companies, public authorities or other third parties. If you provide us with the personal data of any third party, we ask you to ensure that these third parties are made aware of this privacy policy and that you only share their personal data with us if you have been permitted to do so and if the corresponding personal data is correct.
The personal data or categories of personal data processed by us include, as the case may be, in particular personal and contact data (e.g. first name, last name, company, department, postcode (address and contact number optional)); membership data (e.g. information provided in membership applications and data related to membership status); contractual data that we receive or collect in connection with the entering, conclusion and execution of contracts with you (e.g. products and services you have used, requested or ordered and related behavioural and transaction data, financial data for payment purposes such as bank account details); transaction data (e.g. payment information, details of your payment order and information on the payment recipient resp. the beneficiary and the purpose of a payment); information related to your professional profile (e.g. job title, position, type of employment); communication data (e.g., content of emails, written correspondence, chat messages, social media posts, comments on websites, phone calls, video conferences, identification and/or marginal data); documentation data or data from your contacts with third parties (e.g., minutes of advisory meetings or interviews, memoranda, references); preference and marketing data (e.g., data when you access our website or some of our applications, data related to the marketing of services, such as newsletter subscriptions and unsubscriptions, materials received and specific activities, personal preferences and interests); public data that can be obtained about you (e.g., land register and commercial register data, data from the media and the press); data in connection with proceedings or investigations by authorities, official agencies, courts, organisations or other bodies; data for compliance with legal requirements, such as in connection with combating money laundering; image and sound recordings (e.g., photos, videos and sound recordings, recordings of video surveillance systems and recordings of telephone and video conference calls) and technical data (e.g., IP address and other device IDs, identification numbers assigned to your device by cookies and similar technologies).
4. Purposes of processing as well as legal bases
4.1 General in the context of our business activities
We process your personal data primarily for those processing purposes that are necessary in connection with our association activities and the provision of our services. In particular, we process your personal data for the following purposes:
- to communicate with you, in particular, to provide you with information or process your requests, to authenticate and identify you, to provide support and assistance in connection with your membership or involvement with SRA;
- to process new membership applications and to manage and administer existing memberships;
- for the processing of contracts, namely in connection with the initiation, conclusion and execution of contractual relationships. This includes all data processing that is necessary or appropriate in order to conclude, execute and, if necessary, enforce a contract, such as processing in order to decide whether and how (e.g. with which payment options) we enter into a contract with you (including the credit check), in order to provide contractually agreed services, in order to invoice our services and generally for accounting, processing job applications (e.g. managing and evaluating job applications, conducting interviews incl. creating personal profiles, obtaining reference information), to enforce legal claims arising from contracts (debt collection, legal proceedings, etc.);
- to provide you with our services and our digital offers (e.g. website) and to evaluate and improve them;
- to invite you to events;
- to be able to carry out events to which we invite you;
- to inform you about new developments or to send you other information regarding our services;
- for statistical purposes;
- We may process your personal data to evaluate preferences or engagement trends (profiling), such as event participation frequency or newsletter interactions. This is done under legitimate interest to improve our services. Profiling does not involve automated decision-making that produces legal effects.
- in connection with accounting, archiving of data and management of our archives;
- for training and education: We may process your personal data to provide internal training and education to our employees;
- for security measures, namely for IT and building security (e.g. access control, visitor lists, prevention, defence against and investigation of cyber-attacks and malware attacks, network and mail scanners, video surveillance, telephone recordings), as well as for the prevention and investigation of criminal offenses and other misconduct or to carry out internal investigations, protection against mis-use, evidentiary purposes, data analysis to combat fraud, evaluation of system-side recordings of the use of our systems (log data);
- in connection with restructurings or other corporate actions (e.g. due diligence, sale of companies, etc;
- for the assertion of legal claims and defence in connection with legal disputes as well as administrative proceedings in Switzerland and abroad, including clarification of litigation prospects and other legal, economic and other issues;
- to comply with our legal, regulatory (including self-regulatory) and internal requirements and rules in Switzerland and abroad, including compliance with court or administrative orders;
- other purposes: We may process your personal data for other purposes that are necessary to protect our legitimate interests.
We process your personal data for the above-mentioned purposes, depending on the situation, in particular, based on the following legal bases:
- the processing of personal data is necessary for the fulfilment of a contract with you or pre-contractual measures;
- you have given your consent to the processing of your personal data;
- the processing of personal data is necessary for the fulfilment of a legal obligation;
- the processing is necessary to protect the vital interests of the data subject or another natural person; or
- we have a legitimate interest in processing the personal data, and our legitimate interests may include, in particular, the following interests: maintaining contact and communicating with members, sponsors, interested parties; providing information about our activities and initiatives; advertising and marketing activities; organising and improving our services and events; protecting our members, employees and others, as well as our data, trade secrets and assets; ensuring adequate security (both physical and digital); ensuring internal operations, including the development and maintenance of our website and communication channels; preserving the association’s interests in legal matters; managing and developing our activities; selling or buying companies, parts of companies and other assets; complying with Swiss and foreign law and other rules applicable to us.
4.2 Sponsoring and Corporate Membership
If you work with us as a sponsor or corporate member, we may process your personal data in particular for the following purposes:
- to process the sponsorship and corporate membership services (including invoicing and payment processing);
- for statistical evaluations;
- for the management and advertising of sponsors and corporate membership;
- for documentation and reporting on our website.
The legal basis for this personal data processing is your consent or our legitimate interest in analysing, managing, improving and advertising our sponsorship options.
4.3 When visiting our website
Our website collects a series of user information with each access, which is stored in the log files of the server. The information collected includes, among other things, the IP address, the date and time of access, the time zone difference to the GMT time zone, the name and URL of the file accessed, the website from which access is made, the browser used, and the operating system used. The collection of this information or data is technically necessary to display our website to you and to ensure its stability and security. This information is also collected to improve the website and analyse its use.
4.4 Registration
If you wish to benefit from our networking opportunities, exclusive content, and preferential pricing, you can register on our website as a SRA individual member and create a user account. During the registration process, we collect various types of personal data, including your name, address, telephone number, email address, and password. The personal data you provide will be processed for the purpose of registering your membership and setting up and managing your user account. The legal basis for this personal data processing is your consent, the performance of (pre-)contractual measures, and our legitimate interests. Our legitimate interests lie in providing you with access to our member offerings and services.
4.5 Events
We may process personal data that you disclose to us or that we collect from you in connection with your registration for and participation in events, in particular for the following purposes:
- for the organisation, participation and implementation of events organised by us or by third parties;
- for the reporting and media coverage of events (e.g. in the form of texts, photos, videos and voice recordings on our website, our social media channels and in marketing documents);
- for the marketing of other services, offers and products.
Photos and videos may be taken during our events for documentation and promotional use. Participants are informed in advance and may opt out by notifying us on-site. By attending, you may appear in group photos or general event impressions published on our website, newsletters, or social media platforms. If you appear in a published photo or video and wish to have it removed, you may contact us at any time. Individual speakers or persons actively involved in the event may be asked to provide consent for publishing their photo and short biography in event programmes or related materials.
In connection with events, we may also share your contact and membership data with third parties directly involved in the event. This may include partner organisations, event management companies, sponsored venues that require such data for organising and running events (e.g. invitation, security purposes such as ID verification at entry), or other organisations involved in the implementation of events. These third parties may also process the data for their own purposes, including for communication or marketing related to their activities or events.
The legal basis for this personal data processing, depending on the specific context and purpose, may be your consent or our legitimate interest in providing you with our services and analysing, improving and advertising our events, as well as enabling you to participate in events organised and held by third parties.
4.6 Newsletter
If you subscribe to our Newsletter, we use your e-mail address and other contact data to send you the newsletter. The newsletter is sent using the dispatch service provider MailChimp, a newsletter dispatch platform of The Rocket Science Group LLC d/b/a Mailchimp, Atlanta, USA. The privacy policy and further information for MailChimp can be found here: https://mailchimp.com/de/gdpr/ and https://www.in- tuit.com/privacy/statement/.
You can subscribe to our newsletter with your consent. Mandatory data for the transmission of the news- letter are your full name and your e-mail address, which we store after your registration. The legal basis for the processing of your data in connection with our newsletter is your consent to the sending of the newsletter. You can withdraw your consent at any time and unsubscribe from the newsletter. You can declare your withdrawal by clicking on the link provided in every newsletter, by e-mailing info@swiss- risk.org or by sending a message to the contact details provided in the imprint.
4.7 E-mail, telephone calls and video conferences
You can contact us via the e-mail address provided. The personal data you provide to us will be stored and processed by us for the purpose of fulfilling your request. The legal basis for this personal data processing is your consent and our legitimate interest in processing your request.
If you contact us by e-mail, you authorise us to reply to you via the same channel. Please note that unencrypted e-mails are transmitted via the open Internet, which is why it is viewed, accessed and/or manipulated by third parties and cannot be ruled out. We exclude – to the extent permitted by applicable law – any liability which you may incur in particular as a result of faulty transmission, falsification of content or disruption of the network (interruptions, overload, illegal interventions, blocking).
Telephone and video conference calls are not recorded. In the event we intend to record, we will inform you in advance and obtain your explicit consent.
4.8 Contact form
You can contact us via the contact form provided on our website. Mandatory information for the use of the contact form is the entry of your name, e-mail address and message. The personal data you send us will be stored and processed by us for the purpose of dealing with your inquiry. The legal basis for this personal data processing is your consent and our legitimate interest in processing your request.
4.9 Cookies and other third-party services
Our website may use cookies and other third-party services. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system or mobile device. The cookie contains a characteristic string of characters that enables the browser or mobile device to be uniquely identified when the website is called up again.
The purpose of using cookies is, on the one hand, to enable and simplify the use of our website for you. Some functions of our website cannot be offered without the use of cookies (so-called technically necessary cookies). On the other hand, we also use cookies/tools to analyse user behaviour on our website, namely to measure reach, and finally also for marketing purposes.
The other third-party services are services integrated on our website, which may result in your data being disclosed to the third-party provider via the use of our website and/or the services of the third-party provider (e.g. Google reCAPTCHA).
4.9.1 Technically necessary cookies
Technically necessary cookies are required for our website to function properly. Therefore, these cookies cannot be switched off in our systems. They usually record important actions, such as the number of requests made, editing your data protection settings or filling out forms. Although you can block these cookies in your browser, some parts of our website may then no longer function.
The legal basis for data processing when using technically necessary cookies is our legitimate interest, which lies primarily in ensuring the functionality and improvement of our website.
4.9.2 Analytical and marketing cookies
Analytical cookies allow us to analyse visitor behaviour and traffic sources so that we can measure the performance of our website and improve the user experience. They help us identify how popular which pages are and show how visitors move around our website.
Marketing cookies allow us to deliver advertising that is relevant to you. These cookies can remember that you have visited our website and share this information with other companies, including other advertisers.
In our cookie settings you can see which specific analysis and marketing cookies and third-party services we use. We have no influence on the data collected and data processing procedures of the cookie providers and third-party services. These are subject to the respective privacy policies of the cookie providers or third-party service providers. Further information on the purpose and scope of data collection and its processing by the cookie providers or third-party service providers can be found in the privacy policies of these providers. The legal basis for data processing when using analysis and marketing cookies and third-party services is your consent and our legitimate interest, which lies primarily in ensuring the functionality and improvement of our website.
In particular, we may use the following cookies and other third-party services:
- Bexio: The privacy policy for Bexio can be found here: https://www.bexio.com/en-CH/data-protection
- DocuSign: The privacy policy for Docusign can be found here: https://www.docusign.com/privacy
- Google Analytics: The privacy policy for Google Analytics can be found here: https://policies.google.com/privacy.
- Google Tag Manager: The privacy policy for Google Tag Manager can be found here: https://policies.google.com/privacy.
- Google reCAPTCHA: The privacy policy for Google reCAPTCHA can be found here: https://policies.google.com/privacy?hl=en.
- Stripe: The privacy policy for Stripe can be found here: https://stripe.com/de-ch/privacy.
You can object to the use of cookies, for example (i) by selecting the appropriate settings in your browser, (ii) by using appropriate cookie blocker software (e.g. ghostery) or by downloading and installing the browser plug-in available under the following link regarding cookies from Google: https://tools.google.com/dlpage/gaoptout?hl=de.
4.10 Social media
We have no influence on the data collected and processing practices of LinkedIn. These are subject to LinkedIn’s own privacy policy. For more information about the purpose and scope of data collection and how LinkedIn processes your personal data, please refer to their privacy policy:
LinkedIn: LinkedIn Ireland Unlimited Company: https://www.linkedin.com/legal/privacy-policy
4.11 Job applications
You can submit your application for a position with us by post or e-mail. The application documents and all personal data disclosed to us will be treated confidential, will not be disclosed to third parties and will only be processed for the purpose of handling your application for employment with us. Without your consent to the contrary, your application file will either be returned to you or deleted/destroyed after completion of the application process, unless it is subject to a legal obligation to retain it. The legal basis for processing your data is your consent, the fulfilment of the contract with you and our legitimate interests.
5. Disclosure of personal data to recipients and abroad
5.1 Disclosure of personal data to recipients
In addition to the data transfers to recipients expressly mentioned in this privacy policy, we may disclose personal data to the following categories of recipients, to the extent permitted:
- providers to whom we have outsourced certain services (e.g. IT and hosting providers; external accounting; debt collection services; photographers; banks, etc.) as well as other suppliers and sub-contractors;
- third parties directly involved in a specific SRA event or activity (e.g. partner organisations, event management companies, sponsored venues) or third parties who organise and hold their own events;
- third parties who collect data about you via websites;
- authorised representatives;
- insurance, social security;
- prospective buyers or investors in the event of restructuring or other corporate actions;
- auditors;
- (counter)parties in potential or actual legal proceedings or litigation;
- domestic and foreign authorities, administrative bodies or courts.
5.2 Disclosure of personal data abroad
In principle, we process your personal in Switzerland. However, in exceptional cases (e.g. when using certain service providers or certain software applications), your personal data may also be transferred abroad, primarily to the member states of the European Union and the EEA, but in some cases also to other countries worldwide, in particular to the USA.
If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection as provided by law by using appropriate contracts (namely on the basis of the so-called standard contractual clauses of the European Commission) or rely on the legal exceptions of consent, contract execution, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects. Nevertheless, we would like to point out that data transmitted abroad is no longer protected by Swiss law and foreign laws as well as official orders may require the transfer of this data to authorities and other third parties.
6. Retention period
We process and store your personal data for as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing or if there is another legal basis (e.g. statutory retention periods). We retain personal data that we store on the basis of a contractual relationship with you for at least as long as the contractual relationship exists and potential legal claims may be made or contractual retention obligations exist. As soon as your personal data is no longer required for the above-mentioned purposes, it will be set on passive, deleted or anonymised as far as possible.
7. Your rights
Within the scope of the data protection law applicable to you and insofar as provided therein, you have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing as well as to the disclosure of certain personal data for the purpose of transfer to another controller (so-called data portability). Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example, if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require it for the assertion of claims. If you incur costs, we will inform you in advance.
If data processing is based on your consent, you can withdraw your consent at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
The exercise of such rights generally requires that you positively prove your identity (e.g. by means of a copy of your ID or passport, if your identity is otherwise not clear or cannot be verified). To assert your rights, you may contact us at the address given in section 2 of this privacy policy (by e-mail).
In addition, every data subject has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/en).
8. Data security
We take appropriate technical and organizational measures to protect your personal data against unauthorized access, misuse, loss, alteration, or disclosure. While no system can be completely secure, we apply industry-standard safeguards to minimize risks.
8.1 Infrastructure & Hosting
Your data is hosted in Switzerland. Facilities feature multi-level physical security, redundant systems, and continuous surveillance.
8.2 Encryption & Transmission
All data transmitted between your browser and our website is encrypted using SSL/TLS. DNSSEC and DANE further enhance the integrity and authenticity of communications.
8.3 Backups & Availability
Backups are performed daily and stored redundantly across secure zones to ensure data recovery in case of failure. DDoS protection mechanisms help maintain service uptime.
8.4 Access & Monitoring
Access to personal data is restricted to authorized personnel only, following strict access controls. System activities are continuously monitored and logged for anomaly detection and response.
8.5 Compliance & Standards
Our hosting environment adheres to Swiss data protection standards and carries the “swiss hosting” quality seal. It is managed entirely within Switzerland by a fully Swiss-owned provider and supported by relevant security certifications and memberships.
9. Updates to this privacy policy
We expressly reserve the right to amend this privacy policy at any time. If such amendments are made, we will immediately publish the amended privacy policy on our website. The privacy policy published on our website is valid in each case.