By means of this Privacy Statement, the ENSI Board informs you of what personal data are processed in connection with its activity and its website «ensi-rat.ch». Furthermore, the ENSI Board informs you what these data are needed for and what rights you have in respect of the data processing.
Individual activities may be subject to further privacy statements and other legal documents such as General Terms and Conditions (GT&Cs).
1 Contact Addresses
The controller responsible under data protection law for the processing activities described in this Privacy Statement is:
ENSI Board
Industriestrasse 19
5201 Brugg, Switzerland
You can send any concerns or questions regarding data protection to the following address:
ENSI Board
Data protection
Industriestrasse 19
5201 Brugg, Switzerland
Email: fachsekretariat@ensi-rat.ch
2 Definitions and Legal Bases
2.1 Definitions
Personal data are any information relating to a particular or identifiable natural person. In addition to details relating to a particular person, the data recorded also include factual data that, individually or in their entirety, can be used to identify a particular person.
A data subject is any natural person concerning whom personal data are processed.
Processing includes any handling of personal data, irrespective of the means and procedures used, for example the consultation, alignment, adaptation, archiving, retention, retrieval, disclosure, procurement, recording, collection, erasure, revealing, structuring, organisation, storage, alteration, dissemination, combination, destruction or use of personal data.
2.2 Legal bases
The ENSI Board processes personal data in conformity with the Swiss data protection legislation (Federal Act on Data Protection, FADP; SR 235.1 and the Ordinance to the Federal Act on Data Protection,; SR 235.11).
3 Nature, Scope and Purpose of the Data Processing
The ENSI Board is entrusted with the performance of a multitude of different tasks, including the processing of personal data. Such personal data may, in particular, fall into the categories: contact details, communication data, registration data, browser and device data, content data, meta or marginal data and usage data as well as contract data.
All data processing activities are conducted only for specific purposes and only as long as they are necessary for the respective purpose(s) or by law. If the purpose ceases to exist, or a prescribed retention period expires, your data shall be anonymized or erased/destroyed in accordance with the statutory provisions.
Generally, the ENSI Board processes personal data only if a legal basis allows this, or the ENSI Board has received the data subject’s consent. Within this scope, the ENSI Board processes, in particular, details voluntarily communicated by a data subject when contacting us (e.g. by post, email, contact form or telephone).
The ENSI Board may have personal data processed by third parties on a legal basis or on the basis of your consent. The personal data are disclosed to the third parties for this purpose. Disclosure of personal data is also permissible if this is essential in order for the ENSI Board or the recipients to perform a statutory task or in the other exceptional cases as set out in Art. 36 of the Federal Act on Data Protection (FADP). Such third parties include, in particular, specialised providers whose services are used by the ENSI Board (e.g. hosting providers, IT support service providers) and public authorities. Where the ENSI Board engages processors to render services, suitable legal precautions as well as technical and organisational measures shall be taken in order to ensure the protection of your personal data in accordance with the relevant statutory provisions.
4 Personal Data Abroad
As a rule, the ENSI Board shall process your personal data in Switzerland and in the European Economic Area (EEA). However, the ENSI Board may also transfer personal data to other countries, in particular in order to process them or have them processed there.
If the data protection legislation in a country where the data are processed does not safeguard adequate protection, the ENSI Board shall contractually ensure that the protection of your personal data matches that in Switzerland at all times (for example by incorporating the EU standard contractual clauses, including the supplements necessary for Switzerland).
By way of exception, the ENSI Board may also disclose personal data abroad without safeguarding adequate protection insofar as it can rely on an exemption clause in this respect. An exception may apply, in particular, in the case of legal proceedings abroad, but also in cases of an overriding public interest, or where you have expressly consented.
5 Your Rights as the Data Subject
In connection with the processing of your personal data, data protection law grants you a series of rights which you can assert in writing in relation to the ENSI Board:
- Right to information: You have the right to obtain information on whether the ENSI Board processes data from you and, if so, what data. The restriction options provided for by law as well as the right to refuse access (cf. in this regard Art. 26 et seq. FADP) shall remain reserved.
- Right to rectification, deletion or restriction of processing: You have the right to obtain rectification of incorrect personal data and, in certain circumstances, their deletion or destruction. Moreover, you may request that the ENSI Board’s decision on rectification, deletion or destruction, the objection to the disclosure or the note of objection be communicated to third parties or be published.
- Right to release or transfer of your data: In certain circumstances, you have the right to receive, in a commonly used electronic format, personal data you have disclosed to the ENSI Board or to obtain their transfer to another controller.
- Right to object: You have, if you have a legitimate interest in doing so, the right to request that the disclosure of certain personal data be blocked or to lodge an objection to such disclosure. This right does not exist where a legal duty to disclose exists, or where approval of the request would cause the performance of the ENSI Board’s tasks to be jeopardised.
- Right to withdraw consent: Where the ENSI Board processes personal data on the basis of your consent in any individual case, you shall be entitled to withdraw your consent at any time with effect for the future. This shall not affect the lawfulness of the data processing conducted on the basis of your consent up to the time of withdrawal.
- Right to lodge a complaint: If you are of the opinion that the processing of your personal data by the ENSI Board violates data protection law or that your rights under data protection law have been otherwise breached, you can complain to the Swiss Federal Data Protection and Information Commissioner (FDPIC).
The ENSI Board may postpone, restrict or refuse the exercise of your rights to the extent permissible by law.
If you request information or assert other rights, the ENSI Board shall be obliged to use appropriate measures to identify you. You shall be obliged to cooperate.
The ENSI Board may, by way of exception, stipulate costs for the exercise of your rights. You shall be given prior notification of any costs, where applicable.
6 Data Security
The ENSI Board shall take suitable technical and organisational security precautions in order to protect your personal data against manipulation, loss, destruction or against access by unauthorised persons and to ensure the protection of your rights and compliance with the applicable provisions of data protection law.
Within the website visit, The ENSI Board uses encrypted data communication on the basis of Transport Layer Security (TLS) in conjunction with the respective highest encryption level supported by your browser.
7 Use of the Website
7.1 Cookies
The ENSI Board uses cookies on its website. Cookies are small text files that will be stored on your computer or mobile device (laptop, tablet, smartphone or the like) when you visit the ENSI Board’s website. They serve to make the ENSI Board’s website more user-friendly as a whole and enable the use of certain features.
Cookies may be stored in the browser temporarily as session cookies or for a certain period as so-called permanent cookies. Most of the cookies used by the ENSI Board are session cookies. These will be automatically erased when you log out or close the browser. Other cookies will remain stored on your computer beyond the respective usage process and enable the ENSI Board or third parties whose services are used by the ENSI Board (third-party cookies) to recognise your browser when you next visit.
Cookies can be wholly or partly disabled and erased in the browser settings at any time. Please note that the disabling of cookies may lead to you being unable to use all the features of the ENSI Board’s website. To find out how to manage the cookies in your browser, refer to the respective support website of your browser.
7.2 Server log files
Every time its website is accessed, the ENSI Board may record the following details insofar as these are transferred from your browser to the server infrastructure of the the ENSI Board website or can be determined by the web server:
- Internet Protocol (IP) address;
- name and URL of the retrieved data;
- date of access, along with the time and time zone;
- access status (status code);
- URL of the website from which you accessed the website;
- version of the transfer protocol used;
- type and version of the browser used;
- user agent.
The ENSI Board stores such details, which may also constitute personal data, in server log files. The details are necessary in order to be able to provide the website on a long-term, user-friendly and reliable basis and to be able to ensure data security and, therefore, in particular the protection of personal data – also by third parties or with the aid of third parties.
7.3 Performance and range measurement
The ENSI Board measures the performance and range of its website. No personal data is processed as part of this measurement. IP addresses are recorded in anonymised form. The ENSI Board may create anonymous user profiles that include, for example, the pages visited, or the content viewed, or the country from which the website visit originates. The data obtained is used exclusively for web analysis; it is not shared or merged with other data sets. Based on the results of the measurements, the ENSI Board can in particular enhance popular content, make improvements and further optimise the site overall.
The ENSI Board uses the software solution Matomo for the web analysis. The provider is InnoCraft Ltd. (New Zealand). General information on data protection: data protection declaration, anonymisation of the IP address.
8 Contacting
8.1 General contact
You have the option of contacting the ENSI Board by post, telephone or email. You are responsible for the content you send to the ENSI Board.
The data you provide will be used by the ENSI Board for communicating with you, insofar as this necessary for dealing with your concern. These data will encompass, in particular, the content of the communication, your contact details and the marginal data of the communication.
8.2 Contact forms
On the ENSI Board’s website, you have the option of using the contact form to send the ENSI Board general concerns, requests for access to official documents as well as proposals for research projects supported by the ENSI Board. You are responsible for the content of the message.
In order to be able to answer your concern, the ENSI Board will need from you your first name, surname, email address and, depending on the contact form, the message, reference to the requested documents or the research project proposal. The other details are voluntary. You permit the ENSI Board to contact you by post or telephone and to approach you more personally.
The data you provide will be used by the ENSI Board for communicating with you, insofar as this necessary for dealing with your concern. These data will encompass, in particular, the content of the communication, your contact details and the marginal data of the communication.
9 Services from Third Parties
The ENSI Board uses services from specialised third parties in order to be able to perform its activity on a long-term, user-friendly, secure and reliable basis. By means of such services, the ENSI Board can embed features and content into its website, among other things. With such embedding, the services used record the users’ IP addresses, at least temporarily, for technically essential reasons.
The ENSI Board uses in particular:
- services from Microsoft: The providers are Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users ordinarily resident in the European Economic Area (EEA), the United Kingdom or Switzerland. General information on data protection: data privacy at Microsoft, data protection and sphere of privacy (Trust Center), privacy statement, management of privacy settings.
In particular, the ENSI Board uses the following services from specialised third parties in connection with its website:
- WPEngine: web hosting; the provider is WPEngine Inc. (USA). General information on data protection: privacy statement.
- Cloudflare: Content Delivery Network (CDN) – protection against so-called DDoS attacks; the provider is Cloudflare, Inc. (USA). General information on data protection: privacy policy.
- Gravity Forms: plugin for contact forms; the provider is Rocketgenius Inc. (USA). General information on data protection: privacy statement..
MultilingualPress: Multilingual plugin for WordPress – serves to display the website in different languages; the provider is Syde GmbH (Germany). General information on data protection: data protection information.
10 Amendment of the Privacy Statement
The ENSI Board may adapt and supplement this Privacy Statement at any time. Such adaptations and supplements shall be communicated in suitable form, in particular by publishing the respective current Privacy Statement on the ENSI Board’s website.