Privacy policy of Universal-Job AG

Personal data that we collect on our websites can be found in the section Website, social media and cookie information.

Version 2.2 from 27/09/2024

Valid from 01.10.2024

In this privacy policy, we, Universal-Job AG, provide information about the collection and processing of personal data. Personal data is all information relating to an identified or identifiable natural person. Please note that other data protection declarations, general terms and conditions, conditions of participation and similar documents regulate specific circumstances.

We take measures to ensure comprehensive data protection. These include commissioning a data protection consultant, creating a processing directory, regularly training our employees in data protection and committing them to data protection. We also check our service providers carefully and conclude order processing contracts with them, carry out annual data security assessments, check data transfers abroad and obtain the necessary assurances.

1. Person responsible
2. Purpose of processing in the context of our services and offers
3. Website, social media and cookie notices
4. Origin of personal data
5. Data transfer and data transmission abroad
6. Duration of storage of personal data
7. Data security
8. Preferences and automated individual decisions
9. Rights of the data subjects
10. Consent in the context of employment services and staff leasing
11. Changes to this privacy policy
12. Copyright and licence
13. Categories of personal data

Person responsible

The controller within the meaning of the Swiss Federal Act on Data Protection (FADP) for the data processing described here is

Universal-Job AG
Schulstrasse 36
8050 Zurich

Our data protection advisor is:

impunix AG - Data protection full service
Lagerhausstrasse 18, CH-8400 Winterthur
privacy@impunix.ch
www.impunix.ch

If you have any questions or concerns regarding data protection and the exercise of your rights, please contact this office.

Our data protection representative in the European Union can be contacted by supervisory authorities and data subjects with any questions relating to EU data protection law as follows:

Universal-Job AG

Lettstrasse 2

9490 Vaduz

Purpose of processing in the context of our services and offers

We obtain and process the personal data that we receive in the course of our business activities, in particular with passers-by, visitors, interested parties, customers, applicants, business partners and other persons involved, or that is collected during the operation of our websites. The last section contains an overview of the categories of personal data used. If you provide us with information about other persons, please ensure that these persons have been informed in advance and that the data provided is correct.

The personal data obtained is used for the provision of our services and offers such as recruitment, staff leasing, payroll and the provision of other services. Subcontractors may also be used to provide these services. Further information on the processing and its purposes can be found in the following chapters.

If you have given us your consent to process your personal data for specific purposes (for example, when you register to receive newsletters or carry out a background check), we will process your personal data within the scope of and based on this consent, unless we have another legal basis and require one. Consent that has been given can be revoked at any time, but this has no effect on data processing that has already taken place.

Legal basis

If the General Data Protection Regulation (GDPR) is applicable, we process personal data based on at least one of the following legal bases:

• Contract fulfilment (Art. 6 para. 1 lit. b GDPR): Processing of personal data required for the fulfilment of a contract with the data subject or for the implementation of pre-contractual measures.
• Legitimate interests (Art. 6 para. 1 lit. f GDPR): Necessary processing of personal data for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and interests of the data subject. This includes safeguarding our business operations, information security, protection against misuse, the enforcement of legal claims and compliance with Swiss law.
• Legal obligation (Art. 6 para. 1 lit. c GDPR): Processing of personal data required to fulfil a legal obligation.
• Public interest (Art. 6 para. 1 lit. e GDPR): Processing of personal data necessary for the performance of a task carried out in the public interest.
• Consent (Art. 6 para. 1 lit. a GDPR): Processing of personal data on the basis of the data subject's consent.
• Vital interests (Art. 6 para. 1 lit. d GDPR): Processing of personal data that is necessary to protect the vital interests of the data subject or another natural person.

Recruitment agency

As part of the recruitment process, we collect personal data from applicants and potential candidates. This data generally includes information such as names, contact details, professional qualifications and background and other relevant information required for the selection of suitable candidates. We use this data exclusively for the purpose of placing jobs or projects with our clients.

Staff leasing

In connection with staff leasing, we collect personal data of employees who are loaned to our customers for temporary assignments or projects. This data generally includes information such as names, contact details, professional qualifications, work history and other relevant details required for the assignment of suitable employees to customer projects. We use this data exclusively for the purpose of hiring personnel and implementing the employment relationship.

Recruitment Process Outsourcing

In Recruitment Process Outsourcing (RPO), we collect personal data from applicants and potential candidates on behalf of our clients. As a recruitment outsourcing partner, we support our clients with the entire recruitment pipeline, including candidate search, selection and management.

The data collected typically includes information such as names, contact details, professional qualifications, work history and other relevant details required for the selection of suitable candidates. We use this data solely for the purpose of recruiting on behalf of our clients.

Job application

In order to determine your application and suitability for employment, we process the personal data that we have received from you as part of the application process. This may also include criminal record and debt enforcement extracts or similar documents that you have provided to us.

If you have provided references, we can obtain information about you from these references. You have the right to know what we have been told. Tests to objectively determine your suitability for the position in question may form part of the application process. Insofar as it is a question of determining suitability as a manager, the test may also relate to your personality.

If the documents submitted do not yet provide a complete and reliable picture, we take the liberty of using publicly accessible sources that are suitable for clarifying the specific professional suitability, such as Xing or LinkedIn, but also Google in general, for the research. Research in private networks such as Facebook or Instagram is not relevant for us.

If there are objective reasons in your person that restrict or disqualify you for the relevant employment relationship, you are obliged to disclose these to us. This may also include an examination of your state of health. The information is provided to us within the legal framework.

Payroll

For the payrolling process, we collect personal data from employees on behalf of our clients in order to manage payroll and related administrative tasks. The data collected typically includes information such as names, contact details, national insurance numbers, bank details, tax information, working hours and other relevant payroll information. We use this data solely for payroll purposes and to fulfil legal requirements on behalf of our clients.

Supplier management

As part of our business relationship with our partners or suppliers, we receive your professional contact details, which we store in our systems. This may also include your interests or preferences in order to maintain a personalised business relationship.

Development and operation of software solutions

When developing and operating the systems, we access existing concepts and technical data, as well as professional contact and access data. In this context, your business data is sometimes transferred between systems for the purpose of migration projects or we are given access to it. We do not process the content of this data, but ensure its availability in the systems, including access authorisations, backup systems, etc.

Service and support

When providing service and support, we access existing documentation, technical data, as well as professional contact and access data. In this context, we sometimes gain insight into your business data for the purpose of processing incidents, problems or changes. We do not process the content of this data, but rectify the faults and ensure the availability of the systems, including access authorisations, backup systems, etc.

Events and functions

If you take part in an event, we may take photos and videos during the event for reporting and public relations purposes. As a rule, a photographer will be commissioned to take the photographs. The recordings will not be passed on to third parties. Please let us know if you or an accompanying minor should not appear in the photographs. The person depicted has no right to compensation or similar from the organiser and person responsible, but does have the right to information or correction.

Websites and online offers

We use websites and other online offerings to provide our services and to market our offers. When you access our website, we collect usage data. In some cases, contact data and data on your interests and preferences are also collected. Further information about the website can be found in the relevant section.

Marketing

We process your contact data for marketing purposes in relation to our products and services. This includes mailings, events, new products, personalised advertising based on your customer profile, market research and newsletters. Further information on marketing can be found in the relevant section. For quality assurance purposes, we conduct customer satisfaction surveys ourselves or in cooperation with third parties.

Newsletter

We also use your contact details as an interested party, customer or potential customer to send you information about our products, services and events by newsletter. If you no longer wish to receive newsletters or wish to be informed via other channels, you can unsubscribe via the link in our e-mail newsletter or contact us via the e-mail address published on the website of the respective company.

In our newsletters and other marketing emails, we sometimes include visible and invisible elements that allow us to determine whether and when you have opened the email when you open it, so that we can better understand whether and how our offers are used and we can tailor them to you. You can block this in your e-mail programme; most e-mail programmes are preset to do so.

We use MailerLite from MailerLite Limited, based in Ireland and the USA, to send our newsletter. This enables us to contact subscribers directly. In addition, we analyse your usage behaviour in order to optimise our offer. For this purpose, we pass on your contact and usage data to MailerLite. MailerLite is the recipient of your personal data and acts on our behalf as a processor when it comes to sending our newsletter. MailerLite also collects information about you from other sources. We have no influence over this.

Print media

We sometimes send out personalised print media, for which your contact details or professional contact details are processed. We reserve the right to work with third parties for the dispatch of print media and to pass on your contact details for this purpose.

Website, social media and cookie notices

The privacy policy applies to all websites operated by Universal-Job AG, including:

• <https://universaljob.ch>
• <https://my.universaljob.ch/>
• <https://lebenslauf.ch>

Usage data is collected via the website and automatically stored in so-called server log files, which your browser automatically transmits to us. This data cannot be assigned by us to specific persons. This data is not merged with other data sources. However, we reserve the right to check this data retrospectively if we receive concrete evidence of unlawful use of the website.

For security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the website operator, this website uses SSL/TLS encryption.

The website may contain links to other websites that are beyond our control and are therefore not covered by this privacy policy. If you use these links and access other websites, the operators of these websites may collect information about you.

CV.ch

For the use of lebenslauf.ch, a free CV generator, we collect personal data from users to enable the creation of CVs and other application documents. The data collected may include information such as name, contact details, professional qualifications, educational background, work history and other relevant details required to create a CV.

Contact form

If you send us enquiries via the contact form, we store the information from the form, including the contact details you provide. This serves to process your enquiry and enables us to contact you in the event of any queries. We will not pass this data on to third parties without your consent.

Permanent cookies or other tracking technologies

We generally use cookies and similar technologies on our websites to identify your browser or device. A cookie is a small file that is automatically sent to your computer or stored on your computer or mobile device by the web browser you use when you visit our website. If you visit this website again, we can recognise you, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after visiting the website ("session cookies"), cookies can also be used to store user settings and other information for a certain period of time ("permanent cookies"). However, you can set your browser to reject cookies, store them for one session only or otherwise delete them prematurely. Most browsers are set to accept cookies. We use permanent cookies to save user settings (e.g. language, auto-login), to better understand how you use our offers and content, and to be able to show you customised offers and advertising (which may also be the case on websites of other companies). Some cookies are set by us, others by contractual partners with whom we work. If you block cookies, some functions (e.g. language selection, shopping basket, order process) may no longer work. If you do not wish this to happen, you must set your browser or e-mail programme accordingly.

Social media including plugins and pixels

We operate presences on social networks and other platforms operated by third parties and process data about you in this context. You can contact us via these platforms and we receive data such as statistics from these platforms. The providers of the platforms may analyse your use and use the data about you for their own purposes such as marketing and market research. The providers of the platforms act as independent controllers in this regard.

We may also use plugins or pixels from social networks such as Meta formerly Facebook, X formerly Twitter, YouTube, LinkedIn, Pinterest or Instagram on our websites. The plugins are recognisable to you. If they are activated, the operators of the respective social networks can register that you are visiting our website. When pixel technologies are used, corresponding codes are implemented on our website that enable your usage data to be transmitted. These are used to measure the reach of our social media campaigns. The processing of your personal data is the responsibility of the respective operator in accordance with their data protection regulations.

Most of these providers are located outside Switzerland. Further information on data transmission abroad can be found in the corresponding section.

Hotjar

We use Hotjar to better understand the needs of our users and to optimise the offer and experience on this website. Hotjar's technology gives us a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and helps us to tailor our offering to our users' feedback. Hotjar works with cookies and other technologies to collect data about the behaviour of our users and their end devices, in particular the IP address of the device (is only recorded and stored in anonymised form during your website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

Google Analytics statistics services

We use Google Analytics on our websites. These are third-party services that may be located in any country in the world. In the case of Google Analytics, this is Google Ireland (based in Ireland), which uses Google LLC (based in the USA) as a processor (together "Google") (<http://www.google.com>). These services enable us to measure and analyse the use of the website (not on a personal basis). Permanent cookies are also used for this purpose, which are set by the service providers. They use Google Analytics with activated IP anonymisation, which shortens the IP address before it is transmitted to the USA to prevent it from being traced.

Although the information we share with Google is not personal data for us, it is possible that Google can use this data to draw conclusions about the identity of visitors, create personal profiles and link this data to the Google accounts of these persons.

Google Ads

This website uses Google Conversion Tracking. If you have reached our website via an advert placed by Google, Google Ads will set a cookie on your computer. The conversion tracking cookie with reference to doubleclick.net is set when a user clicks on an advert placed by Google. These cookies lose their validity after 30 days. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognise that the user clicked on the ad and was redirected to this page. The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking.

Google, Adobe or other tag managers

The Google Tag Manager, Adobe Audience and Tag Manager or other tag managers are solutions with which we can manage so-called website tags via an interface and thus integrate Google Analytics and other marketing services into our online offering, for example. The tag manager itself, which implements the tags, does not usually process any personal data of users, but usage data is transmitted to Google. With regard to the processing of users' personal data, please refer to the information provided by the respective provider.

Google Fonts or other web fonts

This website uses so-called fonts from Google or other providers to ensure a standardised display of fonts. When you call up the page, your browser loads the required fonts into the browser cache in order to display the texts and fonts correctly. To protect your privacy, we have installed the fonts on our own web server as far as possible so that your IP address is not passed on to other service providers when the fonts are loaded. However, please note that when using certain services, such as Maps or Captcha, fonts from these service providers may be used. If your browser does not support external fonts, a standard font from your computer will be used automatically. Further information on Google Fonts and their data protection provisions can be found on the Google website or the respective provider's website.

Google Maps or other map services

This website uses the map service Google Maps or similar map services. In order to use the functions of these services, it is necessary for usage data to be transmitted. This data is generally transmitted to a server of the provider and stored there. We have no influence on this data transfer and the further processing of the data by the provider.

LinkedIn Analytics statistics services and LinkedIn Ads

This website uses the conversion tracking technology and retargeting function of LinkedIn Corporation to display personalised advertisements to visitors on LinkedIn. In addition, the technology makes it possible to create anonymous reports on the performance of adverts and interaction with the website. The LinkedIn Insight tag on our website establishes a connection to the LinkedIn server when you visit the site and are logged into your LinkedIn account at the same time. For more information on data collection and use, as well as your rights and options for protecting your privacy, please refer to LinkedIn's privacy policy. If you are logged in to LinkedIn, you can deactivate data collection at any time.

New Relic

This website uses functions of the monitoring and analysis tool New Relic to monitor and improve the performance and stability of our web offerings. New Relic collects information on website usage, such as loading times, pages visited and possible errors, so that we can optimise the user experience.

By integrating New Relic, a connection to their servers can be established, whereby cookies or similar technologies are used. These collect data such as your IP address, browser type and usage behaviour. Further information on data collection and use as well as your rights can be found in New Relic's privacy policy.

Vimeo

Functions of the streaming service Vimeo are integrated on this website. We use these to embed videos on our website. The plugins are recognisable to you. The processing of your personal data is the responsibility of the respective operator in accordance with their data protection regulations.

Origin of personal data

In most cases, the data that we process originates from you, e.g. in connection with the provision of our services, the use of our website or communication with us. If you wish to conclude contracts with us or utilise our services, you must provide us with certain data. This also applies to the use of our website. In addition, you are obliged to disclose data in order to fulfil legal obligations. Otherwise, you are free to decide whether you wish to provide us with data about yourself.

We may also receive data from third parties, in particular from our service providers or contractual partners, financial service providers and insurance companies. In addition, we may receive data from publicly accessible sources such as websites, company registers, land registers, commercial registers, credit agencies, address dealers, associations, telephone directories and internet analysis services.

Data transfer and data transmission abroad

As part of our business activities and in accordance with the purposes mentioned, we may share information with third parties, in particular with the following categories of recipients:

• Group companies or affiliated companies: Our group companies or other affiliated companies may use the data mentioned in this privacy policy for the same purposes;
• Service providers: We work with service providers who process data on our behalf or under joint responsibility, such as distributors, marketing agencies, other suppliers or subcontractors, manufacturers, business partners;
• Authorities: We may also disclose data to authorities in Switzerland and abroad, official bodies or courts if we are legally obliged to do so;
• Financial service providers and insurance companies: We work with distributors, credit agencies, banks, insurance companies and guarantors in connection with creditworthiness, guarantee and insurance services;
• Other third parties: All other third parties with whom we cooperate in order to fulfil the aforementioned purposes. This may include, for example, the media, the public, including visitors to websites and social media, competitors, industry organisations, associations, organisations and other bodies. In addition, they may also be parties in connection with a corporate transaction such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or part of our company.

These categories of recipients may include third parties to whom personal data is disclosed. We may contractually oblige service providers and certain contractual partners who work on our behalf not to use the data for their own purposes. Other third parties such as financial service providers, insurance companies or authorities use the data for their own purposes, e.g. to fulfil legal requirements, which is why we cannot restrict this processing.

We process your personal data primarily in Switzerland. However, the personal data may also be disclosed to recipients abroad. In particular to the following countries: Germany, the Netherlands, the Czech Republic, Denmark, Ireland and the USA. The data may also be transferred to other countries in the European Economic Area. Due to today's global networking and internationally active companies, it is also possible for data to be processed anywhere in the world. If a recipient is located in a country without an adequate legal level of data protection, we will contractually oblige our suppliers or partners to comply with the applicable level of data protection, unless they are already subject to a legally recognised set of rules to ensure data protection and we cannot invoke an exemption clause.

Duration of storage of personal data

We process and store your personal data for as long as is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data may be stored for the period in which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes).

Data security

We take appropriate technical and organisational security precautions to protect your personal data. In doing so, we take into account the state of the art, the risk of processing, the investment costs and, in addition to the Swiss Data Protection Act, we are guided by the Data Protection Ordinance. The measures are intended to prevent data protection violations, such as unauthorised access and misuse of data. We also instruct the processors to whom we pass on data to take appropriate technical and organisational security precautions.

Contact by e-mail

Communication by email is generally not encrypted. There is a possibility that data may be lost or intercepted and/or manipulated by third parties, for example in order to feign authenticity. We take suitable technical and organisational security measures to prevent this within the system. Nevertheless, the confidentiality of data cannot be guaranteed when transmitting any data by e-mail. This note applies in particular to the transmission of particularly sensitive personal data. Please do not send us this data by e-mail, but contact us in advance to arrange a secure channel. External access devices (PC, smartphone, etc. of end users) and parts of the infrastructure involved in the transmission between the sender and recipient are outside the area under our control. We are not liable for consequences and damages that may result from the electronic exchange of information and in particular from misuse of the e-mail system. We reserve the right to indemnify ourselves for any wilful damage arising from business transactions with the person concerned via the electronic exchange of information. Furthermore, we reserve the right not to reply by e-mail in individual cases or to require another form for the order or information received by e-mail, e.g. a form with a signature.

Preferences and automated individual decisions

We process your personal data partially automatically in order to determine possible suitability and personal preferences for job profiles. We use the preferences in particular to inform and advise you specifically about jobs and, if applicable, about other jobs that might match your profile. Fully automated processing does not currently take place. As part of this automated processing, a ranking can also be created that assesses your suitability for certain positions based on predefined criteria. This ranking serves exclusively to support internal decision-making. However, this is not a fully automated decision. The final assessment and decision are always made by an employee.

Rights of the data subjects

As a data subject, you have the rights provided for by law in connection with data processing. In particular, you have the right to request information about our data processing, to have incorrect data corrected or to object to data processing, in particular for direct marketing purposes. You can also request the erasure of data and the disclosure of certain personal data or its transfer to other controllers.

However, we would like to point out that we reserve the right to assert legal restrictions, for example if we are obliged to store or process certain data, have a legitimate interest in doing so or require the data to assert legal claims. Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as premature cancellation of the contract or cost consequences. We will inform you in advance in such a case, unless this is already contractually regulated.

The exercise of these rights generally requires that you clearly prove your identity (e.g. by providing a copy of your identity document if your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact the data protection advisor named in section 1.

Every data subject also has the right to assert their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (<https://www.edoeb.admin.ch>).

Furthermore, you have the right to lodge a complaint with a data protection authority at any time.

Consent in the context of employment services and staff leasing

The customer confirms the accuracy of all information provided by him and expressly agrees that we may process all data voluntarily provided by him and, to the extent necessary for the placement or hiring, pass it on to potential employers or deployment companies as well as other branches. In addition, he authorises us to obtain reference information from the persons he has provided.

If further consent is required, this consent will also be obtained verbally or in writing in individual cases. All of the aforementioned consents are given voluntarily and independently of each other. The customer can revoke their consent at any time with effect for the future.

Changes to this privacy policy

We may change this privacy policy at any time without prior notice. This privacy policy is not part of any contract with you. In principle, the current version published on our website applies.

Copyright and licence

This privacy policy was created by impunix AG as part of the full data protection service. If you have any questions or comments, please feel free to contact us using the contact details in section 1. The use of this privacy policy is reserved exclusively for customers of our full data protection service.

Categories of personal data

Depending on the business transaction, we process one or more of the following categories of personal data in the table below.

• Creditworthiness and bank data: Salary, data from credit agencies, score values, financial circumstances, account details, etc.;
• Data on administrative offences: Information on fines, reports, criminal prosecution, etc.
• Health data: Physical impairments, medical certificates, etc.;
• Geo and location data: Information on the location of employees, etc.;
• Identity details: Data to establish your identity, e.g. ID, etc.
• Interests and preferences: Information provided or collected by you about your areas of interest, such as the products you are interested in, hobbies and other personal preferences;
• Contact details: Name, address, telephone number, e-mail address;
• Extended contact data: data on spouse or children, marital status, portrait photo, honorary position, job title, professional career, length of service, tasks, activities, qualifications, evaluations/assessments, certificates, date of birth, etc;
• Professional contact details: Surname, first name, title, address, e-mail address, telephone number, mobile phone number, employer, function, department, responsibilities, etc.;
• Website and app usage data: IP address, browser type and version, operating system used and device type, referrer URL (the previous website from which you accessed our site), internet service provider, host name of the accessing computer, time of the server request, etc. You also provide us with information about how you use the website. We explain data processing when using the website and the app, including tracking with cookies, in the information on the website;
• Online account data: Online ID, account information, customer and prospect portals;
• Service requests and information: Interactions with support;
• Technical data: Data on the technical features of the systems, such as configurations, IP addresses, serial numbers, product information, licences, documentation, etc.
• Contract data: Data on the business relationship, customer number, offers and services purchased, etc.;
• Video recordings: Image and (rarely) sound recordings, etc.;
• Payment and transaction data: Information on payments, transactions or financial agreements in connection with services, etc;
• Access data: Access data for authentication in systems;