Privacy Policy
This Privacy Policy provides information on which personal data we process in connection with our activities and operations, including our website https://www.ahbe.ch. In particular, we provide you with information on why, how and where we process which personal data. We also provide information on the rights of individuals whose data we process.
Additional privacy policies and other legal documents such as General Terms and Conditions (GTC), Terms of Use or Conditions of Participation may apply to individual or additional activities and operations.
1. Contact address
Responsibility for the processing of personal data and data protection officer as point of contact for data subjects and as contact for supervisory authorities in the event of enquiries regarding data protection law:
Chantal D. König
Executive Director
Schwarztorstrasse 9
3007 Bern
chantal.koenig@ahbe.ch
We shall indicate if others are responsible for the processing of personal data in specific cases.
2. Definitions and legal basis
2.1 Definitions
Personal data is all information relating to a specific or identifiable person. A data subject is a person about whom personal data is processed.
Processing includes any handling of personal data, regardless of the means and procedures used, in particular the retention, disclosure, acquisition, collection, erasure, storage, modification, destruction and use of personal data.
2.2 Legal basis
We process personal data in accordance with Bernese and Swiss data protection law, in particular the Data Protection Act of the Canton of Bern (KDSG) and the Cantonal Data Protection Ordinance (DSV), as well as the Federal Act on Data Protection (DSG) and the Ordinance to the Federal Act on Data Protection (VDSG).
3. Nature, scope and purpose
We process the personal data that is necessary to be able to carry out our activities and operations in an sustained, user-friendly, secure and reliable manner. Such personal data may in particular fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales data and contract and payment data.
We process personal data for the period required for the relevant purpose(s) or by law. Personal data whose processing is no longer required shall be anonymised or erased.
We may have personal data processed by third parties. We may process personal data together with third parties or transfer it to third parties. Such third parties are, in particular, specialised providers whose services we use. We also guarantee data protection for such third parties.
In principle, we process personal data only with the consent of data subjects. If and insofar as processing is permissible for other legal reasons, we may refrain from obtaining consent. For instance, we may process personal data without consent in order to fulfil a contract, meet legal obligations or protect overriding interests.
In this context, we process in particular information that a data subject voluntarily transmits to us when contacting us – such as by letter, email, instant messaging, contact form, social media or telephone – or when registering for a user account. We may store such information, for example, in an address book, in a customer relationship management system (CRM system), or using similar tools. If we receive data about other persons, the persons transmitting the data are obliged to guarantee data protection vis-à-vis these persons and to ensure the accuracy of this personal data.
We also process personal data that we receive from third parties, obtain from publicly available sources or collect in the course of carrying out our activities and operations, insofar as such processing is permitted for legal reasons.
4. Personal data abroad
In principle, we process personal data in Switzerland. However, we may also disclose or export personal data to other countries, particularly in order to process or have it processed there.
We may disclose personal data to any or all states and territories on Earth and elsewhere in the universe, provided that the law there guarantees appropriate data protection in line with the assessment of the Federal Data Protection and Information Commissioner (FDPIC) or in accordance with the resolution of the Swiss Federal Council.
We may disclose personal data to countries whose laws do not guarantee adequate data protection, provided that appropriate data protection is ensured for other reasons. Appropriate data protection may be ensured, for instance, by corresponding contractual arrangements, on the basis of standard data protection clauses or using other appropriate guarantees. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the special requirements of data protection law are met, such as the express consent of data subjects or a direct connection to the conclusion or execution of a contract. Upon request, we will be happy to provide subjects with information on any guarantees or provide a copy of guarantees.
5. Rights of data subjects
Data protection rights
We grant data subjects all rights in accordance with applicable data protection law. In particular, data subjects shall have the following rights:
Access: Data subjects may request access to information regarding whether we process personal data about them and, if so, which personal data is concerned. Data subjects shall also obtain the information necessary to assert their rights under data protection law and to ensure transparency. This includes the processed personal data as such, but also, among other things, information on the purpose of the processing, the storage period, any disclosure or export of data to other countries, and the origin of the personal data.
Rectification and restriction: Data subjects may rectify inaccurate personal data, complete incomplete data and restrict the processing of their data.
Data disclosure and transfer: Data subjects may request the disclosure of personal data or the transfer of their data to another controller.
We may postpone, restrict or refuse the exercise of data subjects’ rights to the extent permitted by law. We may advise data subjects of any conditions that need to be fulfilled for the exercise of their rights under data protection law. For instance, we may refuse to provide access to information in whole or in part with reference to trade secrets or the protection of other persons. We may also, for instance, refuse the erasure of personal data in whole or in part with reference to statutory retention obligations.
In exceptional cases, we may stipulate costs for the exercise of rights. We shall inform data subjects of any costs in advance.
We are obliged to use appropriate measures to identify data subjects who request access to information or assert other rights. Data subjects are obliged to cooperate.
5.2 Right to lodge a complaint
Data subjects are entitled to enforce their rights under data protection law by taking legal action or to lodge a complaint with a competent data protection supervisory authority. The data protection supervisory authority for private data controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
6. Data security
We take appropriate technical and organisational measures to ensure data security appropriate to the relevant risk. However, we cannot guarantee absolute data security.
Our website is accessed by means of transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, or HTTPS for short). Most browsers label transport encryption with a padlock in the address bar.
Our digital communications – like any digital communications in principle – are subject to mass surveillance without cause or suspicion and other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police forces and other security authorities.
7. Use of the website
7.1 Cookies
We may use cookies. Cookies – our own (first-party cookies) as well as cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data need not be limited to traditional text-based cookies.
Cookies can be temporarily stored in the browser as “session cookies” or for a certain period as what are known as “permanent cookies”. “Session cookies” are automatically deleted when the browser is closed. Permanents cookies have a specific storage duration. In particular, cookies make it possible to recognise a browser on the next visit to our website and thus, for instance, to measure our website’s reach. However, permanent cookies can also be used for online marketing, for instance.
Cookies can be fully or partially disabled and deleted at any time in the browser settings. Without cookies, our website may no longer be available in its entirety. We actively request – at least if and to the extent necessary – your express consent to the use of cookies.
7.2 Server log files
We may collect the following information for each access to our website, provided that it is transmitted from your browser to our server infrastructure or can be detected by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of our website accessed including amount of data transmitted, last website accessed in the same browser window (referer or referrer).
We store such information, which may also constitute personal data, in server log files. The information is required in order to provide our website in a sustained, user-friendly and reliable manner, as well as to be able to ensure data security and therefore, in particular, the protection of personal data – including through third parties or with the help of third parties.
8. Social media
We are present on social media platforms and other online platforms in order to communicate with interested persons and provide information on our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland.
The General Terms and Conditions (GTC) and Terms of Use as well as Privacy Policies and other provisions of the individual providers of such platforms shall also apply in each respective case. These provisions shall in particular provide information on the rights of data subjects directly vis-à-vis the relevant platform, including, for instance, the right of access.
9. Third-party services
We use the services of specialised third parties in order to be able to carry out our activities and operations in a sustained, user-friendly, secure and reliable manner. Such services enable us to do things like embed functions and content on our website. In the case of such embedding, the services used at least temporarily record users’ Internet Protocol (IP) addresses for technically required reasons.
For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymised or pseudonymised form. This includes, for instance, performance or usage data, in order to be able to offer the relevant service.
In particular, we use:
Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection:
Principles on data protection and security
Google is obliged to comply with applicable data protection laws
How Google uses information from sites or apps
that use our services (information provided by Google)
Types of cookies and other technologies used by Google
Personalised advertising (activation / deactivation / settings)
Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom and Switzerland; General information on data protection:
Data Protection and Privacy (Trust Center)
Privacy Dashboard (privacy and data protection settings)
9.1 Digital infrastructure
We use the services of specialised third parties to provide the necessary digital infrastructure in connection with our work and activities. This includes, for instance, hosting and storage services from selected providers.
In particular, we use:
Cyon: Hosting; Provider: cyon GmbH (Switzerland); Data protection information:
Microsoft Azure: Storage space and other infrastructure; Provider: Microsoft; Microsoft Azure-specific information:
9.2 Contact options
We use services from selected providers to better communicate with third parties, such as potential and existing customers.
9.3 Scheduling
We use the services of specialised third parties to make appointments online, for instance, for meetings. In addition to this Privacy Policy, any directly visible terms and conditions of the relevant services used, such as Terms of Use or Privacy Policies, shall also apply.
In particular, we use:
Microsoft Bookings: Online appointment scheduling; Provider: Microsoft; Microsoft Bookings-specific information:
Microsoft Bookings: Frequently Asked Questions
9.4 Audio and video conferencing
We use specialised services for audio and video conferencing to communicate online. For instance, we may use them to hold virtual meetings or conduct online lessons and webinars. Participation in audio and video conferences is also subject to the legal texts of the individual services, such as Privacy Policies and Terms of Use.
Depending on your living situation, when taking part in audio or video conferences, we recommend muting the microphone as standard and blurring the background or using a virtual background.
In particular, we use:
Microsoft Teams: Platform for services such as audio and video conferencing; Provider: Microsoft; Teams-specific information:
9.5 Maps
We use third party services to help embed maps into our website. In particular, we use:
Google Maps including Google Maps Platform: Map service; Provider: Google; Google Maps-specific information:
How Google uses location information
10. Closing provisions
We created this Privacy Policy using the Datenschutz-Generator [Privacy Generator] from Datenschutzpartner.
We may amend and supplement this Privacy Policy at any time. We shall provide information about such amendments and supplements in an appropriate form, in particular by publishing the relevant up-to-date Privacy Policy on our website.