Data Policy

With this Privacy Notice, SPIE Switzerland Ltd and its affiliated companies in Switzerland (hereinafter "SPIE", "we", "us", or "our") inform our website visitors, newsletter subscribers, event participants, current and prospective clients, suppliers as well as business partners, job applicants and any other party (or person acting on behalf of such party) (you) about the processing of personal data (data) in connection with our activities and operations (services), including our website at the domain name spie.ch (hereinafter referred to as “website”). We explain in accordance with the Swiss Federal Act on Data Protection (FDAP) and the EU Data Protection Regulation (GDPR) for what purposes, how, and where we process which data. We also provide information about the rights of individuals whose data we process.

For certain or additional activities and operations, we may issue separate privacy policies or other notices regarding data protection.

1 Who we are

SPIE is a leading provider of comprehensive technical services in the fields of energy and communications. We offer a wide range of services, including engineering, installation, and maintenance solutions, to support our clients in their digital transformation and sustainable development initiatives.

2 Contact information

Responsibility for the Processing of Personal Data

SPIE Switzerland Ltd
Alter Winterthurerstrasse 14b
8034 Wallisellen
dpo.ch@spie.com

3 Scope of this Privacy Notice

This Privacy Notice applies to personal data we collect through:

  • Our website [www.spie.ch]
  • Our applications and online services
  • Communications via phone, email, newsletter, or other channels
  • Events, workshops, and training sessions we organize
  • Interactions with customers, suppliers, and business partners
  • Job Applications

4 Personal data we collect

We may collect and process the following categories of personal data:

  • Identification Data: Name, gender, date of birth, nationality
  • Contact Data: Postal address, email address, telephone numbers
  • Professional Data: Job title, employer, professional qualifications
  • Financial Data: Bank account details, payment information
  • Technical Data: IP address, login data, browser type and version, time zone setting, operating system
  • Usage Data: Information about how you use our website, products, and services
  • Marketing and Communications Data: Your preferences in receiving marketing materials from us and our third parties
  • Special Categories of Personal Data: Health data or other sensitive information, only with your explicit consent

5 How we collect your personal data

  • Direct Interactions: Filling out forms, subscribing to our newsletters, applying for jobs, or corresponding with us
  • Automated Technologies: Using cookies and similar technologies to collect Technical and Usage Data when you interact with our website
  • Third Parties and Public Sources: Analytics providers, advertising networks, social media platforms, public registers

6 Legal basis for processing

In accordance with the Swiss Federal Data Protection Act (FDPA), SPIE processes personal data based on the lawful bases defined by the applicable Swiss data protection regulations. These include obtaining the explicit consent of the data subject, when required, for processing personal data.

If the processing of personal data is necessary for the performance of a contract to which you are a party, or to carry out pre-contractual measures, this constitutes a legal basis for the processing under both the FDPA and the GDPR. In addition, if processing is required to fulfill a legal obligation to which SPIE is subject, this also serves as the legal basis under both the FDPA and the GDPR.

When processing is necessary to protect the vital interests of the data subject or another individual, the FDPA and Article 6 para. 1 lit. d of the GDPR provide the legal basis.

Lastly, if processing is necessary to safeguard a legitimate interest of SPIE or a third party, and the interests, rights, and freedoms of the data subject do not outweigh this interest, this constitutes a lawful basis for processing under both the FDPA and Article 6 para. 1 lit. f of the GDPR."

7 Purpose of processing

We process personal data for the following purposes in connection with the operation of our website and the provision of our services:

  • Marketing and information
    To inform users about our activities, services, events, news, and updates — including through newsletters, social media, and other channels — where legally permitted or based on consent.
  • Communication
    To respond to inquiries and maintain contact with visitors, customers, partners, and other interested parties via email, contact forms, or other communication channels.
  • Event Management
    To organize events, workshops, and training sessions.
  • Analytics 
    To analyse the usage of our website and services, understand user behaviour, and continuously improve user experience and service offerings.
  • Providing and maintaining our website
    To ensure the secure, stable, and functional operation of our website, including performance monitoring and troubleshooting.
  • Service delivery
    To provide, deliver and support our products & services, including access to digital content, customer support, and fulfilment of contractual obligations.
  • Customer Support
    To respond to support inquiries and provide technical assistance.
  • Recruitment
    To process job applications and manage employment relationships

8 Disclosure of personal data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties are specialized service providers whose services we use.

We may share your personal data with:

  • Service Providers: Third-party vendors who provide IT, marketing, and administrative services
  • Affiliates: Other companies within the international SPIE Group in Europe
  • Professional Advisors: Lawyers, auditors, and insurers providing consultancy services
  • Government Authorities: Regulators and law enforcement agencies as required by law
  • Business Transfers: Third parties in the event of a merger, acquisition, or sale
  • Partners: With your consent, for marketing or promotional activities

9 Communication

We process personal data to communicate with individuals, as well as with authorities, organizations, and companies. In doing so, we particularly process data that a data subject provides to us when making contact, for example, via postal mail or email. We may store such data in an address book or similar tools.

Third parties who transmit data about other individuals to us are obligated to ensure the data protection of those affected independently. In particular, they must ensure that the data is accurate and that its transmission is lawful.

We use selected services from suitable providers to facilitate and improve communication with individuals and other communication partners. Through these services, we may also manage and process the data of affected individuals beyond direct communication.

10 Duration of processing

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Once these purposes no longer apply, the data is deleted or access to it is blocked.

Personal data may also be retained if required by applicable legal provisions. In such cases, the data will be blocked or deleted once the legally mandated retention period has expired—unless further storage is necessary for the performance or conclusion of a contract. 

Data retained solely for service restoration purposes, such as technical backups, are exempt from deletion obligation.

11 Security measures (Technical and Organizational Measures – TOMs)

We implement appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risks. In particular, our measures are designed to guarantee the confidentiality, availability, traceability, and integrity of the personal data we process. However, we cannot guarantee absolute data security.

Access to our website and other online services is secured through transport encryption (TLS). 

We have no direct influence over the processing of personal data by intelligence agencies, police forces, and other security authorities. It also cannot be ruled out that individuals may be subject to targeted surveillance. Such procedures, plus other legal requirements may take precedence over the implemented measures.

We implement appropriate technical and organizational measures to protect your personal data on SPIE Services, as outlined in the following list:

  • Access Controls: Restricted access to personal data on a need-to-know basis
  • Encryption: Secure data transmission and storage using encryption technologies
  • Physical Security: Secure facilities with access controls and surveillance systems
  • Network Security: Firewalls, intrusion detection systems, and regular vulnerability assessments
  • Data Minimization: Collecting only the data necessary for specific purposes
  • Regular Audits: Conducting security audits and compliance checks
  • Employee Training: Regular training on data protection and information security
  • Incident Response Plans: Procedures to handle data breaches promptly and effectively
  • Data Processing Agreements: Ensuring third-party processors comply with data protection standards

Additionally, SPIE operates an Information Security Management System (ISMS) that is certified according to ISO/IEC 27001 standards. Certificates

12 Personal data processing abroad

As a rule, we process personal data in Switzerland and within the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly for processing activities carried out there.

We may transfer personal data to any country provided that the local legal framework ensures adequate data protection according to a decision by the Swiss Federal Council or, where and to the extent that the General Data Protection Regulation (GDPR) applies, by the European Commission.

We may also transfer personal data to countries without adequate data protection if appropriate safeguards are in place, particularly based on standard contractual clauses or other suitable guarantees. 

In exceptional cases, we may export personal data to countries without adequate or appropriate protection if the specific data protection requirements are fulfilled — for example, the explicit consent of the affected individuals or a direct connection with the conclusion or performance of a contract.

13 Usage of our website

Every time you visit our website, our system automatically collects data and information about the computer system you used to access our website.

13.1 Logging

We may log at least the following information for each access to our website and other online services, provided this information is transmitted to our digital infrastructure during such access:

  • Date and time, including time zone
  • IP address
  • Access status (HTTP status code)
  • Operating system, including user interface and version
  • Browser, including language and version
  • Accessed individual sub-page of our website, including the amount of data transferred
  • Last page visited in the same browser window (referrer)

We log this information, which may also constitute personal data, in log files. This data is necessary to provide our online services in a sustainable, user-friendly, and reliable manner. It is also essential for ensuring data security — either by ourselves or with the assistance of third parties.

13.2 Cookies, tracking and technologies

Our website uses cookies and similar technologies. For simplicity, all such technologies are referred to as "cookies." Additionally, third parties that we collaborate with may place cookies on your device. 

13.2.1 What are cookies?

A cookie is a small text file that is sent along with the pages you visit on this website and stored by your browser on your device's hard drive. The information stored in these files can be sent back to our servers or the servers of third parties when you visit the site again.

13.2.2 What are scripts?

A script is a segment of program code that ensures our website functions correctly and interactively. This code is executed either on our server or on your device.

13.2.3 What is a web beacon?

A web beacon, also known as a pixel tag, is a small, invisible element (text or image) embedded on a webpage to track website traffic. It allows the collection of data about your activity on the site.

13.3 Cookie types we are using

Our website uses cookies and other related technologies (such as pixels or web beacons) to enable certain functions, analyze usage patterns, and enhance our services. You can manage cookies through your browser settings. If you choose not to accept cookies, this may limit certain functionalities on the site.

13.3.1 Essential and functional cookies: 

These cookies are necessary for the proper functioning of the website. They ensure that specific sections of the site work correctly and that your preferences are remembered. We may place these cookies without your consent.

13.3.2 Statistics and analytics

We use statistical cookies to improve the websites experience for users. These cookies provide insights into how the site is being used. We request your consent before placing these cookies.

13.3.3 Marketing or advertising

By accepting this setting, you enable us to personalize your website experience, such as saving your username or language preferences. Additionally, we can track your usage behavior to better understand your interests and tailor our content.

13.4 Active cookies in use

Please refer to the cookie banner to view a comprehensive list of cookies placed on our website.

13.5 Cookie consent

Upon your first visit to our website, we will present a pop-up to explain the use of cookies. By clicking "Save options," you consent to the use of cookies and plugins selected in the pop-up, as outlined in this Cookie Policy. You can disable cookies through your browser settings, but please note that this may impact the functionality of the website.

13.6 Managing cookies

You can configure your internet browser to automatically or manually delete cookies. You can also set your browser to notify you whenever a cookie is placed. For further details, please consult the Help section of your browser.

Please be aware that if you disable all cookies, the website might not work properly. Additionally, if you delete cookies, they will be placed again after your consent when you revisit the site.

14 Third party services

We use services provided by specialized third parties to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. These services may allow us, for example, to embed functions and content into our website. For technical reasons, the services used may temporarily collect users’ IP addresses during such embedding.

For essential security, statistical, and technical purposes, the third parties whose services we use may process data in connection with our activities in an aggregated, anonymized, or pseudonymized form. This may include, for example, performance or usage data required to provide the respective service.

In particular, we use:

14.1 Hosting providers

For hosting activities we use:

14.2 Customer support portals

To deliver and manage customer support activities effectively and efficiently, we use a professional IT Service Management (ITSM) solution. This system enables us to record, monitor, and manage all types of service-related activities, including incident management, service requests, change management, and other support processes.

Our ITSM solution is based on the ServiceNow platform. All personal data and service-related information processed within our ITSM system are stored exclusively in Switzerland. Data is hosted in certified data centers that comply with the applicable Swiss data protection regulations and, where relevant, with the European General Data Protection Regulation (GDPR).

Access to the ITSM system is strictly controlled and limited to authorized personnel who require access to perform their duties. We implement appropriate technical and organizational measures to safeguard the confidentiality, integrity, and availability of the data processed within the ITSM environment.

The processing of personal data within the ITSM solution is carried out solely for the purpose of providing, maintaining, and improving our customer support and service delivery operations.

Data is not processed for any other purposes, nor is it disclosed to third parties unless explicitly required by law or contractually agreed upon with the customer.

ServiceNow Data Processing Addendum: DPA-03.05.24

14.3 Digital conferencing services

We use specialized services for audio and video conferencing to enable online communication. This allows us to conduct virtual meetings, online training sessions, and webinars. Participation in audio and video conferences is additionally subject to the respective service providers’ legal documents, such as privacy policies and terms of use.

We recommend, depending on the individual situation, that participants keep their microphones muted by default and either blur their background or use a virtual background when attending audio or video conferences.

In particular, we use:

14.4 Digital content 

We use services provided by specialized third parties to embed digital content into our website. Such digital content includes, in particular, images, videos, music, and podcasts.

In particular, we use:

14.5 Social media

We maintain a presence on social media platforms and other online platforms in order to communicate with interested individuals and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

In particular, we use:

15 Automated decision-making and profiling

We do not carry out automated decision-making or profiling activities.

16 Your rights

Under the FADP and GDPR, you have in particular the following rights:

  • Right to Access: Obtain confirmation and access to your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data under certain conditions
  • Right to Restrict Processing: Request limitation of processing activities
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: At any time, where processing is based on consent
  • Right to Complain: Lodge a complaint with a supervisory authority

For any question or exercise of a right please refer to SPIE’s DPO through the contact information provided in art. 2 of this document.

17 Changes to this privacy notice

We may update this Privacy Notice from time to time. Changes will be posted on this page with an updated revision date. The latest version is applicable.

Published: 23.06.2025

 

Your privacy is important to us. We are committed to handling your personal data responsibly and in compliance with applicable data protection laws. Thank you for placing your trust in SPIE.

en