Data Privacy and Security

    Data that are provided to us by you will be gathered, collected, processed and used in compliance with Swiss law and other applicable laws concerning data protection. The law that applies in Switzerland is the Swiss Federal Act on Data Protection 1992 (“Swiss DPA”). (https://www.admin.ch/opc/en/classified-compilation/19920153/index.html).

    This data privacy statement sets out for you, the personal data that we process, why we need the data and also tells you how you can reject or stop the collection or processing of data. Processing of data means any collecting, handling of your personal data, which means the saving, processing, use, changing and deletion of personal data. What personal data means is set out below.

    The following applies to the Swiss DPA:

    1. Personal Data

    Personal data means all data relating to an identified or identifiable person. This can be information that directly identifies you or information that can be used to identify you when combined with other data. Sensitive personal data are data on:

    • Religious, ideological, political or trade union-related views or activities,
    • Health, the intimate sphere or the racial origin,
    • Social security measures,
    • Administrative or criminal proceedings and sanctions.

    Data file means any set of personal data that is structured in such a way that the data is accessible by data subject. Data subjects are natural or legal persons whose data are processed.
    PERILS CRESTA AG is the controller of the data file.
    You have the right to request information from CRESTA as to whether we are processing data concerning you. If you do, we must notify you:

    • of all available data concerning you, if you are a data subject, in the data file, including the available information on the source of the data;
    • of the purpose of and, if applicable, the legal basis for the processing as well as the categories of the personal data processed, the other parties involved with the file and the data recipient.

    (Individual items of information about the personal or material circumstances of a specified or specifiable natural or legal person. This will generally include information such as your name and e-mail address).

    2. Collection and Use of Personal Data

    CRESTA is responsible for the processing of your data when you visit our Site. We collect the following data about you when you do so:

    • The fact that you have accessed this Site;
    • The name of your Internet service provider;
    • The IP address of the computer or other instrument (this could be a mobile telephone) requesting access;
    • The site from where you came to this Site;
    • The name and URL of the accessed file (URL means Uniform Resource Locator);
    • The pages of this Site that you visit; and
    • Your browser in use when you visited the Site;
    • The transfer protocol used; and
    • The date, time and duration of your access.

    The above data will be used by CRESTA for statistical purposes only. A user profile may be created, using a pseudonym. Cookies can be used for this purpose.

    Active transfer of data:

    When we ask you to input information about yourself, the data is transferred to us in encrypted form over the Internet using 128-bit SSL encryption (Secure Socket Layers) or higher, an internationally recognized security standard. SSL means the protocols used for establishing authenticated and encrypted links between networked computers.
    If you communicate with us using a contact form we will ask for the following data:

    • Your e-mail address
    • Your name
    • The message that you send to us

    3. Purposes of Collection of Data

    Access and Security

    CRESTA processes your data to try to ensure that you can obtain a smooth and functioning connection to the Site, and to avoid misuse or data theft. We also evaluate our systems so as to try to ensure that they are kept up to date. This helps to improve your experience of the Site and assists us in keeping it secure. In addition, we use personal data for internal administrative reasons.
    Technical Improvement of the Service
    For the technical improvement of the service, technical information (e.g. IP address, browser type and version, time of retrieval) is collected.

    Marketing

    CRESTA processes your data so that it can send you its newsletter or other information about our products and services. You can choose to allow us to use your data so that we can send you our newsletter or information about our products and services and you agree to let us use your data for that purpose. You will find a link to unsubscribe at the end of each newsletter. You may also withdraw your consent to this by going to the following link (e-mail): mailto:cresta@perils.org?subject=Please%20remove%20me%20from%20the%20CRESTA%20distribution%20list.

    Security

    CRESTA processes your data (IP-address) when you use the Map Viewer, to avoid misuse or data theft. Data is stored for a maximum of one year.

    Legal

    CRESTA processes your data so that it can process any order that you may make, invoice you correctly for any charges that you may have incurred, enforce our rights against you or others as needs be and protect our commercial interests.

    4. Cookies

    ookies are text files that are placed on your computer and work with data that are saved in your internet browser. CRESTA uses cookies to keep you logged in to our Site and to improve your experience of it by helping us to understand how you use it.
    Cookies save settings about your browser and data about the interactions you have with the Site through your browser. A cookie can be assigned an identification number, this does not mean, though, that we obtain knowledge about your identity as a result of this.
    Any data that is collected in this way will be stored anonymously and used for statistical purposes. CRESTA may store cookies on your hard drive. They contain a unique number that has no meaning outside the Site. You can refuse to allow us to use Cookies in these ways, but you may not be able to view all the information available in some parts of the Site.
    Most of the cookies we use are ‘session cookies’. These are automatically deleted at the end of your visit. Other cookies remain on your terminal device until you delete them. These cookies make it possible for us to recognise your browser the next time you visit us. You can adjust the settings of your browser in such a way that you will be informed about the placement of cookies, and allow them only in individual cases, or you can decline to accept them in specific cases or decline them altogether. You can also activate the automatic deletion of cookies when you close your browser. When cookies are disabled, you may not be able to use the full functionality of our website. Further information about cookies may be found here: http://www.allaboutcookies.org

    5. Third Party Content and Cookies

    Monotype Web Fonts

    For the display of fonts on our website we use font types that are provided by Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA (Monotype). This involves use of a Content Delivery Network (CDN), which forms a basis for the display of fonts. The CDN is linked in by means of a JavaScript code, which is conditional on Monotype’s being able to see the IP address of the user. This use of web fonts in connection with Monotype’s services may involve calling an external Monotype server located outside of Switzerland and the EEA (e.g. in the USA). Monotype has its own privacy guidelines, which are independent of our own. Please look at Monotype’s data protection provisions at: https://www.monotype.com/legal...
    The EEA means the countries of the European Union, Iceland, Norway and Liechtenstein.
    Web fonts are based on a JavaScript code. If you want to you, can always prevent them functioning altogether by disabling JavaScript in the settings of your browser. You could also install a JavaScript blocker. If you do that, though, please be aware that in that case our webpages may not display correctly.

    Campaign Monitor

    For our newsletter we use Campaign Monitor (Campaign Monitor, Level 38, 201 Elizabeth Street, Sydney NSW 2000, Australia). The data can be stored on servers in the USA.

    When you register for our newsletter, we will record your name and e-mail address. Registration takes place over the website of Byrne Ventures Limited: https://www.createsend.ie/

    Campaign Monitor offers statistical analysis of usage data. This includes information such as whether an e-mail reached the recipient or was rejected by the server and which links were clicked. Campaign Monitor uses a so-called “tracking pixel”, which is called up by the Campaign Monitor Server when the newsletter is opened. If you do not wish your data to be processed by Campaign Monitor, you should not subscribe to the newsletter.

    Further information on data protection and the cookies used can be found at https://www.campaignmonitor.com/policies. You have the right to revoke your consent to receive our newsletter at any time with effect for the future. Simply unsubscribe from the newsletter. You will find a link to unsubscribe at the end of each newsletter. Further information about Campaign Monitor may be found here: https://www.campaignmonitor.com/policies

    Mapbox

    This Site uses Mapbox, a location data and map service for mobile and web applications. Mapbox uses cookies for this purpose. Further information about Mapbox may be found here: https://www.mapbox.com/legal/privacy/

    Google Analytics

    This Site uses Google Analytics, a web analysis service of the Google company (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses cookies for the purpose. These form the basis for analysis of your use of our Site.
    The information generated by the cookie about your use of this Site will be transmitted to a Google server in the USA and stored there. We use Google Analytics with the extension ‘anonymizeIp()’, so that the IP addresses transmitted to Google will be abbreviated before further processing takes place, to exclude any direct reference to your personal identity (this is known as ‘IP masking’). Google will make use of this information to evaluate your visit to the website, to compile reports about activities on our Site and to provide further services associated with website and internet use. Google may also pass on this information to third parties, in so far as this is required by statute or in case the data is to be processed by a third party on Google’s behalf. On no account will Google combine your IP address with other data in its possession.
    You can prevent the installation of the cookie for Google Analytics by adjusting your browser software accordingly; in this case, however, you may not be able to make use of all the functions of our Site to the full extent. You can prevent the collection and storage of data for Google Analytics at any time, with effect for the future, by using Google’s opt-out browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en.
    Please be aware that you will have to opt out more than once if you make a practice of deleting the cookies on your browser, or if you access our Site with a different browser.
    Further information about Google Analytics may be found here: http://www.google.com/intl/de/analytics/learn/privacy.html

    Google Tag Manager

    Google Tag Manager is another Google product, which makes it possible for us to manage website tags by way of an interface. The Tag Manager is a cookie-free domain, and does not register any personal data. The tool serves for the activation of other tags, which, in turn, may then register data in certain circumstances. Google Tag Manager does not access these data itself. If a deactivation is carried out at domain or cookie level, this remains in force for all tracking tags that have been implemented by Google Tag Manager. If you would rather not be sent advertising based on your interests, you can disable the use of cookies by Google for these purposes by going to https://www.google.com/settings/ads/plugin.

    YouTube Plug-in

    YouTube videos are embedded on some of our webpages. The operator of the plug-ins in this case is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a page which has a YouTube plug-in, it sets up a link to the YouTube servers. As a result, YouTube learns what pages you are visiting. If you are logged in to your YouTube account, YouTube can associate your surfing practices with you personally. You can prevent this by logging out of your YouTube account before you visit our site.

    When a YouTube video starts, the provider places cookies on your computer which collect indications of user behaviour.

    If you have disabled the storage of cookies for the Google AdWords program, you will be able to watch YouTube videos without worrying about cookies of this kind. YouTube does however also store non-personal use information on other cookies. If you want to prevent this, you need to block the storage of cookies in your browser settings.

    Further information about data protection on YouTube may found in the data protection declaration of the provider at: https://www.google.de/intl/de/policies/privacy/.

    Vimeo Plug-in

    For the integration of our videos we utilize Vimeo. Vimeo is run by Vimeo, LLC, whose headquarters are located at 555 West 18th Street, New York, New York 10011. When you access websites that have such a plug-in, a connection is established to the Vimeo servers, from which the video will be played. As part of this process, these Vimeo servers will receive data as to which of our website pages you have visited. If at that time you are logged in as a Vimeo member, this visitation data will be assigned to your membership account. Using a Vimeo plugin, for instance by clicking on the start button of a video, will also be assigned to your user account. This can be prevented by logging out of your Vimeo user account and deleting the corresponding Vimeo cookies, before using our internet site. Further information about data processing and notices about data protection from Vimeo can be viewed at https://vimeo.com/privacy.

    6. Security and Confidentiality of Personal Data

    We have used our best efforts to apply the necessary technical and organizational means to ensure that your personal information is handled with a high level of security and PERILS CRESTA AG’s network and computers are protected by security systems against unauthorized access. In addition, all accesses and attempted accesses are recorded, as a protective security measure.

    Other than as stated herein your personal data are processed only on our server in Switzerland. By accessing our Site you consent to the processing of your personal data outside of Switzerland and outside of the EEA for the purposes of the below. If you do not wish your data to be processed as set out below, please do not access our site. You can withdraw your consent to such processing by sending us a notice by email (cresta@perils.org). If you do withdraw your consent, however, we will not be able to provide you with any services.

    Your data will not be shared with unauthorized third parties, or sent out of Switzerland or the EEA unless you give your consent, except as authorised under Article 6 of the Swiss DPA or in cases specified by law.

    We make your data available to the following third parties:

    • Our service providers. These can include our bookkeepers and IT service providers who need access to the data so that they can perform the services that they have agreed to provide and the companies named in “Third Parties” above.
    • Any third party, if we are ordered to so by a court or other official body.
    • Any third party in an emergency.
    • Any third party to pursue an overriding legitimate interest.

    If your data are transferred abroad this will only be done so in accordance with the Swiss DPA and the GDPR (see below).

    7. GDPR

    The EU’s General Data Protection Regulation (General Data Protection Regulation (EU) 2016/679) (GDPR) may apply to you. If it does, in addition to the rights set out above, you may have the following rights (Italicised definitions mean here as used in the GDPR):

    • The right to access. The right to request us to let you have copies of your personal data. We may charge you for this service.
    • The right to rectification. If you believe that any information that any personal data that CRESTA processes where you are the data subject is inaccurate, you have the right to ask us to correct it.
    • The right to erasure. You can ask CRESTA to erase your personal data under certain conditions.
    • The right to object to processing. You can object to CRESTA’s processing of your personal data.
    • The right to data portability. You can ask CRESTA to transfer your personal data to another organisation or to you, under certain conditions.

    8. Storage

    We store data about each visit that you make temporarily in our log file. We automatically store data (IP-address), which is also automatically deleted after 12 months. Otherwise data are stored for as long as we are required to store such data in accordance with Swiss law.

    9. Updates

    We may amend our data privacy statement. If we do, assuming you have agreed to be contacted, you will be notified about changes to these data privacy guidelines.

    10. Questions about Data Privacy and Security

    If you have questions about how your personal data is being processed, please contact us at:

    PERILS CRESTA AG
    Marktgasse 3
    CH-8001 Zurich
    Switzerland

    cresta@perils.org
    Phone: +41 44 256 81 00

    If you have any complaints or wish to exercise any of the rights listed above, whether under the Swiss DPA or the GDPR, please contact us at the above address. You also have the right to complain to the supervisory authorities. If you reside in Switzerland, you should contact the following:

    Eidgenössischer Datenschutz- und Informationsbeauftragter
    (Swiss Federal Data Protection and Information Commissioner)
    Feldeggweg 1
    CH-3003 Berne
    Switzerland

    Further information can be found at www.edoeb.admin.ch. If you live outside of Switzerland, you can contact the respective supervisory authority in your country.

    Last updated in October 2019.

    This website uses cookies, with the aim of ensuring that you have the best possible online experience. In using our website, you are giving your consent to the terms and conditions of our Privacy policy

    Your web browser is out of date

    Update your browser for more security, speed and the best experience.

    Update my browser Continue