Data protection policy
Who are we ?
ELCA informatique SA is a public limited company with capital assets of EUR 800,000, headquartered in Lausanne and registered in the Trade Registry of Switzerland under CHE-105.944.452, intra-community VAT number CHE-116.309.260,
Tel: +41 21 613 21 11, fax no; +41 21 613 21 00, email address: firstname.lastname@example.org.
The Company's primary business is to provide IT consultancy and services.
Its public website URL is www.elca.ch (hereafter the 'website') which gives information about the company and the range of products and services it offers. When you browse and interact with the website, the Company may collect and process some items of your personal data in its capacity as a data controller. As a Company, we respect an individual's right to privacy and we attach great importance to the protection of personal data. These guidelines seek to explain in detail the website data processing procedures and methods employed by the Company itself or its intermediaries, in whole or in part.
What is the objective of this policy?
The objective of this policy is to inform customers visiting the website (known hereafter as 'online users' or 'you') of the procedures for the collection, processing and use of their personal data as well as their prevailing rights under applicable legal provisions.
What circumstances might lead us to process your data?
Your personal data is usually collected and manually or automatedly processed in whole or in part when you browse the website or when you volunteer information in data collection questionnaires that feature on the website. Collection usually occurs as a result of your relationship and subsequent interactions with the Company.
Generally speaking, your data is collected directly from you in the above-mentioned cases.
Apart from this information, we wish to inform you that we may add value to any personal data we collect and process, in particular for sales, prospecting, communication or marketing purposes by means of other information sources (social networks, so-called 'public' information sources, data rentals, etc.).
Moreover, for information processed in the context of our recruitment operations in particular, we use information you share with us (e.g., the specific form on the website) and include it in our candidate file (CVthèque). However, we may also have to approach third parties (for example a recruitment agency, previous employers, training supervisors or customers with whom you have worked on previous assignments) in order to gather information about you when considering your application or your profile. In accordance with legal and regulatory provisions in force, we may collect information about you which is held by public authorities or organisations.
What categories of data do we collect?
We may collect several categories of your personal data and in particular, the following:
- Your ID: in practice, this means your title, first name and surname, email address, telephone number, postal address, date of birth etc.
- Historical data relating to your visits, pages you have browsed, including information about actions carried out, interaction with the website as well as location data (the location of your IP address), data relating to your device or even data tracking responses to emails that we may send you (opens, click-throughs, etc.)
- Data relating to tracking your relationship with the Company: requests for meetings, contact or information, correspondence and dealings, habits, interests, business opportunities, language and preferred method of contact, involvement in events organised by us, economic or financial information, etc.
- Information and documentation about you (particularly your CV and cover letters) which you sent when applying for a new job or Internship as well as any information we may collect within the context of recruitment (school and university career, training courses, diplomas, your work and professional career to date, general information about your professional life, economic and financial information and, if necessary, information about your personal life, etc.).
Do I have to allow my data to be collected?
Whenever you enter personal data into a form on the website, you are informed that you must supply answers to certain questions and, more generally, that information is being collected, by the presence of an asterisk next to the field(s) concerned. Where there is no asterisk, you are not obliged to supply the information requested.
If you fail to supply information where it is mandatory, the request linked to this data collection (e.g., a request for contact, information or a meeting, submission of an ITT, or a job application, etc.) maybe rejected or delayed.
For what purposes are your data collected?
Depending on the case, the Company processes manually or automatedly your data collected from the website in whole or in part for the following main purposes:
- In general, management, processing and follow-up of your requests and dealings with the Company initiated from the website (e.g., a request for contact, information or a meeting, submission of an ITT, or a job application etc.)
- Prospecting, lead generation and communication (emails, newsletters, and post, telemarketing, targeting, segmenting and personalising of exchanges, offers of employment or training courses)
- By evaluation of your profile, management and implementation of sales, communication and marketing activities by the Company as a whole
- Keeping track of and processing job applications and performing all the tasks leading to the recruitment of a new employee in order to fill certain roles (offer matching the profile you have set up may also be sent to you for this purpose). This implies among others selecting candidates and CV’s, setting up a new candidate file and using recruitments methods and techniques.
- Accessing and benefiting from features offered on the website
- Understanding and analysing how users use our website and how user behaviour changes based on improvements to our online communication
- Improving and optimising the website and its features
- Developing and producing research papers, analyses, reports and statistics
- Managing and processing requests from users of the website and generally responding to those wanting to get in touch with the Company intending to exercise their rights in the protection of personal data
- Complying with legal and regulatory provisions resulting from Company activities.
Depending on the objectives, the basis for processing any such personal data may vary. Generally speaking, this processing is necessary:
- In order to manage, process and follow-up any requests directed at the Company (in particular answers to questions, requests for information, a meeting or contact, reviewing ITTs or analysing job applications etc.); in certain circumstances, these actions may be considered necessary in carrying out any pre-contractual tasks requested by you (for example, within the context of a job application or a training course);
- In order to pursue the legitimate interests of the Company in managing and following up relationships, in particular those of a commercial nature with website users; and more generally, with its contacts and organising marketing, prospecting and general communications;
- In order for the Company to comply with legal and regulatory obligations.
Who are the recipients of this data?
Your personal data will be sent to services and authorised members of the Company and other organisations within the parent group.
The data may be shared for some of the aforementioned purposes and only if such communication proves necessary with contracted, commercial service providers and partners who may be involved in the processing of personal data referred to above.
Furthermore, your data may be shared with any legally empowered authority, particularly when requisitioned by a member of the judiciary, police or administrative authorities.
Specifically, the recipients above are not necessarily entitled to receive all items of your data but rather only that data necessary to serve the purpose behind such a communication.
Moreover, we should inform you that your data may be sent to organisations that are outside the European Union. indeed, for the purposes mentioned above, some of your data (Cf. the data detailed above) may be transferred to and exchanged between various organisations of our group established in the following countries:
- Switzerland (a country considered by the European Commission as providing a level of data protection equivalent to EU law (1)
- France (EU)
- Spain (EU)
- Germany (EU)
- UK (EU)
- Vietnam (contractual clauses dedicated to the protection of personal data are in place)
Some of the aforementioned data may also be transferred to providers or partners outside the European Union, in countries that do not provide a level of data protection considered adequate by the European Commission. In particular, the Company uses some Microsoft solutions, which means the data may be transferred to the United States as well as all countries in which the service provider has affiliated entities or subcontractors (list below: https://aka.ms/Online_Serv_Subcontractor_List). This transfer of data is covered under a contract with Microsoft, which is compliant with standard contractual clauses drawn up by the European Commission relating to the protection of personal data (2) and it should be noted that Microsoft is also a member of the Privacy Shield (3) .
A copy of the reference material referred to in this article may be obtained (excluding any commercial information considered sensitive, confidential or deemed to be a trade secret) from the contact mentioned in the paragraph below entitled "What are your rights?".
 Decision 2000/518/EC dated 20 July 2000
 Decision 2010/87/EU dated 5 February 2010
 To find out more visit: https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active.
How long is your data retained?
Unless otherwise specified:
- Your data collected and processed by the Company is retained for a period of three years from the date of your last contact with the Company (online request, email or letter, phone call, registration for the newsletter, clicking on an email addressed to you from the Company, taking part in an event etc.) or from the end of your business relationship with the Company
- Information relating to job applications is kept for a maximum of two years
- Data relating to connecting to online sessions, browsing and traffic are kept for a maximum of 18 months.
Please note that these sets of data may be kept for longer than specified:
- Either with your agreement
- Or as archives to cater for any future legal and regulatory obligations which the Company may be called upon to fulfil even during the statutory limitation periods.
The aforementioned retention periods have been defined to allow us to carry out our commercial, communication, marketing and recruitment activities, while respecting the principle of proportionality, which states that personal data should not be kept longer than the time necessary to achieve the purpose for which they were collected.
What are your rights?
In accordance with the aforementioned legal and regulatory provisions, you have the right to inspect and access your data.
You also have the right to correct, erase and limit the amount of processing of your data to a certain extent as well as the right to data portability.
In addition, you have the right to oppose attempts to process your personal data, and the right to object to your data being used for the purposes of prospecting, especially sales prospecting.
You have the right to set general and/or specific guidelines regarding what happens to your personal data and how your rights are exercised after your death. In this respect, in the event of your death being notified to us, your data will be deleted except where it must be kept for a finite period of time to comply with our legal and regulatory obligations and/or with any statutory limitation periods, if necessary, after we have informed a third-party appointed by you.
Any request relating to the exercise of these rights as well as any request for information about the protection of personal data should be sent to us via the contact form on this website or by writing to us at the address below:
ELCA HOLDING S.A.
Av. de la Harpe 22-24
1000 Lausanne 13
You can obtain more information about your data by contacting us using the form provided or by writing to us at the address above.
In order to ensure confidentiality and the protection of your personal data, the Company must verify your identity before replying to such a request. Therefore, any request relating to the exercise of these rights should be accompanied by a copy of a signed piece of identification.
Finally, you should be aware that you have the right in any event to lodge a complaint with a national authority responsible for the protection of personal data if you consider that your data has not been processed in accordance with the applicable provisions.
Cookies and other tracking or similar technologies
Cookies and other tracking or similar technologies (hereafter called 'cookies') may be installed and/or read in your browser when you visit the website. For more information, click here
What measures are in place to ensure the security of your data?
In order to guarantee the security of your data, the Company takes all constructive and appropriate precautions and measures, whether physical, logical, technical, functional, administrative or organisational regarding the state-of-the-art, implementation costs, the nature, scope, context and the purpose of processing as well as the risks for which the level of tolerability and severity varies, for the rights and freedoms of the individual, to maintain the security and confidentiality of data and to guarantee a level of security commensurate with the risks and in particular, to prevent them from becoming distorted, damaged or accessed by any unauthorised third party.
Moreover, the publisher of the website guarantees compliance with and certification under ISO/IEC 27001:2013
Because of the inherent difficulties in operating a web-based business, and as you are aware, the risks resulting from the electronic transmission of data, the Company cannot be held to an obligation of result.
In the event of difficulties, the Company will make its best efforts to contain the risks and will take all appropriate measures, in accordance with its legal and regulatory obligations (corrective action, informing the national authority responsible for the protection of personal data and, where appropriate, the individuals concerned, etc.).
In the event that some or all of the processing of personal data is subcontracted, the Company will put in place a legally binding contract with the subcontractors guaranteeing the security and confidentiality of the personal data to which they have been granted access (all appropriate technical and organisational measures to protect the data).
What will happen to your data on third-party websites?
Sometimes links on this website will point to other websites not subject to these provisions regarding the protection of privacy.
In this respect, your attention is drawn to the fact that the policies relating to the protection of personal data on these websites may be different from those of the Company.
We therefore recommend that you obtain information about the personal data protection policies for each of the websites involved.
In any event, the Company cannot be held responsible where the processing of data at one of these websites might contravene applicable legal and regulatory provisions.
How to keep up-to-date with these policies?
This policy relating to the protection of personal data may be subject to modification or change at any time.
In the event of any modification or change, details of the new policy will be posted on the website. Therefore, we invite you to check it regularly.