Privacy Notice for Users of Bureau Veritas Switzerland AG Website

PRIVACY NOTICE FOR USERS OF BUREAU VERITAS SWITZERLAND AG WEBSITE pursuant to Article 19 of Federal Act on Data Protection (“FADP”)

This privacy notice describes the processing of personal data relating to users and visitors (collectively, the "Users") of the Bureau Veritas Switzerland AG website https://www.bureauveritas.ch/en (the “Site”).

1. DATA CONTROLLER

The Data Controller is Bureau Veritas Switzerland AG, with registered office in Grossächerstrasse 25, CH-8104, Weiningen, Switzerland; VAT no. CHE107701676 (hereinafter “Bureau Veritas” or the “Data Controller”).

2. DATA COLLECTED

2.1 Personal data provided by Users
The Data Controller may process the personal data of Website Users, such as:

(i) Personal data, first name, last name, company name, function within the company;

(ii) Contact details, such as residence address, e-mail address, company e-mail address, telephone number;

(iii) CV data, information commonly found within the curriculum vitae, such as: job title, educational qualification, university exams taken, specialization, years of experience.

These personal data are collected through the Site and are provided by Users through any notifications or e-mails sent directly to the Data Controller, via the contact details provided in the "Contacts", "Newsletter" and "Careers" sections of the Site.
The content of the notifications received, including any personal data contained therein, will be processed to respond to any questions and respond to requests received. 
Users are invited to provide Bureau Veritas with updated and relevant data, limited to what is necessary in relation to the purposes for which it is shared.

2.2 Browsing data and cookies
The Data Controller may collect the personal data of the Users of the Site in the following ways:

(i) Through the Users’ navigation on the Site;

(ii) Through cookies installed on the Site, for the purposes and in the manner indicated in the cookie policy available at the following link: https://www.bureauveritas.ch/en/cookie-declaration

The personal data acquired via browsing are, in particular, information relating to the devices with which Users connect to the Site, IP address, log data, information on the browser used by the User, pages visited, date, time and duration of each visit, as well as other parameters relating to the User's operating system and computer environment, etc. (the "Navigation Data"). 
Personal data acquired through cookies are those strictly necessary to achieve the purposes indicated in the cookie policy referred to in the link indicated in paragraph (ii) which precedes (the "Cookies").

3. PROCESSING PURPOSES

The Personal Data provided by Users and the Browsing and Cookies data (hereinafter, jointly “Data”) will be processed for the following purposes:

3.1 Follow up on Users' requests
The Data will be processed to respond to and follow up on requests that Users send to Bureau Veritas through the e-mail address and contact details found within the various sections of the Site.

The legal basis of this processing is the execution of a contract or the execution of pre-contractual measures (here to be understood as a "legal relationship" established between the Data Subjects and the Data Controller following the requests submitted by the Users).

The provision of Data for the purposes indicated above is necessary for the correct management and execution of the Users’ requests. Any partial or total refusal to provide the Data for these purposes will make it impossible for the Data Controller to comply with such requests.

3.2 Carrying out the candidate selection procedure
The Data will be processed exclusively to carry out candidate selection procedures in view of a potential employment relationship with the Data Controller.

The legal basis of the Data processing is the execution of pre-contractual steps taken at the Users' request.

Data provision for the above-mentioned purposes is obligatory and, therefore, necessary. In the event of a total or partial refusal to provide the Data, the Data Controller will not be able to carry out the selection procedure for the eventual establishment of an employment relationship with the Data Controller in relation to which the Data is collected.

3.3 Subscription to the newsletter service
The Data provided by Users is processed for the sole purpose of sending the Data Controller's newsletter and to allow them to benefit from this service and to receive commercial offers, promotions and notifications on Bureau Veritas products.

Such processing finds its legal basis in the consent given by the Users.

Users can withdraw their consent and cancel their subscription to the newsletter service at any time by clicking on the Unsubscribe link in the newsletters and then clicking on the Confirm button on the relevant page. Alternatively, Users may send a specific notification to the Data Controller through the portal for the exercise of rights indicated in article 7 below, expressing the desire to unsubscribe from the newsletter service and to delete the data held by the Data Controller. The withdrawal of consent does not affect the processing that has already taken place.

Providing Data is optional. Any refusal to provide Data will make it impossible to use the newsletter service.

3.4 Correct functioning and maintenance of the Site
The Data will also be processed in order to monitor the correct functioning of the Site and allow the Data Controller to make changes and improvements to it, as well as to resolve any functioning problems. 

The legal basis for this processing lies in the overriding private interest of the Data Controller to offer the correct functioning of the Site. Overriding private interest that does not affect the rights and freedoms of the Users as it finds its respective balance in the interest and in the reasonable expectation of the Users to browse the Owner's Site.

The provision of the Data takes place automatically through the connection to the Site and any partial or total refusal to provide the Data for these purposes will make it impossible for the Data Controller to correctly manage the functioning and maintenance of the Site.

3.5 Exercising the Bureau Veritas rights (legal protection)
The Data will be processed specifically to allow the Data Controller to protect its rights and interests in court proceedings and extra-judicial settings in the event that illegal activities are carried out on the Site and/or through it. 

The legal basis of the processing is the overriding private interest of the Data Controller in the protection of its rights. Overriding private interest that does not violate and does not affect the rights and freedoms of the Data Subjects as the processing finds its respective balance in the interest and in the reasonable expectation of the Users to exercise the constitutionally guaranteed right of defence. 

Data provision for this purpose is necessary to allow the Data Controller to defend itself in court.

4. METHODS OF PROCESSING AND RECIPIENTS OF DATA

The Data will be processed using manual and IT tools and will be notified and may be known (i) by the Data Controller’s employees and collaborators, duly instructed and designated for processing and to whom Bureau Veritas has given detailed instructions, with particular regard to the implementation of appropriate technical and organizational security measures;  (ii) by third parties who provide ancillary or instrumental services to the Data Controller's activities, in relation, for example, to the development, supply and operational maintenance of the Site;  and (iii) external subjects operating as autonomous data controllers such as, for example, Authorities and supervisory and control bodies and, in general, to subjects – including private individuals – entitled to request such Data (such as, for example, accounting consultants, legal consultants), Public Authorities that make an express request for administrative or institutional purposes, in accordance with the provisions of current national legislation.

The complete list of recipients of the Data is available on request, to be sent to the addresses indicated in article 7 below.

5. RETENTION PERIOD

The Data collected and processed by Bureau Veritas, for the purposes referred to in article 3 above, may be kept for the period necessary to achieve the purposes of the processing and, in particular:

(i) Purpose 3.1: in the case of sharing information through the contacts made available by the Data Controller on the Site, for a period of 12 months from the last contact made and, in any case, where applicable, for the entire duration of any contractual relationship established with the Data Controller, as well as for the time necessary to (i) comply with regulatory and/or legal obligations and (ii) ensure the judicial protection of the Data Controller's rights, in compliance with the prescribed limitation periods. Further information will be provided, based on the relationships established between the parties, in the specific privacy policies submitted by the Data Controller to the various categories of subjects involved (e.g. addressed to clients, suppliers, etc.);

(ii) Purposes 3.2: The Data is processed for the time strictly necessary to achieve the purposes for which it was collected and, in any case, for no longer than 12 (twelve) months from the date of receiving the CV.

(iii) Purposes 3.3: The Data collected will be kept for a maximum period of 24 months from the registration to the newsletter service. With one month's notice, we will ask you if you wish to continue receiving the newsletter: in case of refusal, the Data provided will be deleted; in case of consent, it will be kept and processed for a further period of 24 months.

(iv) Purpose 3.4: In the case of processing of Data for the correct maintenance and functioning of the Site, the Data will be kept as long as it is necessary to resolve any bugs and malfunctions of the Site, as well as for as long as required by law to which the Data Controller must comply

(v) Purpose 3.5: In the case of judicial protection of the Data Controller, and in particular in the case of legal disputes, for a period equal to the entire duration of such disputes or until the limitation periods are reached.

6. PLACE OF DATA PROCESSING AND TRANSFER

The Data Controller may disclose the Data to the European Union, accordingly to the European Commission Decision No 2000/518/EC of 26 July 2000 (as confirmed by the Report from the Commission to the European Parliament and the Council of 15 January 2024). The processing of the Data will be carried out at the Data Controller's offices and the Data will be stored in servers and/or archives in Switzerland, the European Union and in third countries. Data may be disclosed abroad only if the Swiss Federal Council has decided that the legislation of the State concerned or the international body guarantees an adequate level of protection, accordingly to art. 16 FADP. In the absence of a decision by the Federal Council, Data may be disclosed abroad only if an adequate level of data protection is guaranteed in accordance with the provisions of art. 16.1 FADP or by the exception of art. 17 FADP.

7. USER RIGHTS AND CONTACT DETAILS

Users, as data subjects (i.e., subjects to whom the Data refers), are holders of the rights conferred by the FADP. In particular, pursuant to articles 25, 28, 32 and 49 of FADP, data subjects have the right to request and obtain, at any time, access to their personal data, information on the processing carried out, the correction and/or updating of personal data. Additionally, they also have the right to object to the processing and to request data portability (i.e. to receive personal data in a structured, commonly used, machine-readable format). Finally, data subjects always have the right to revoke their consent at any time (this, in any case, will not affect the lawfulness of the processing carried out on the basis of the consent given before the revocation) and to lodge a complaint with a supervisory authority (in Switzerland: the Federal Data Protection and Information Commissioner). 
 
Requests relating to the exercise of the above rights must be sent to the following addresses:

Users may also send requests regarding the recipients of the Data, as well as requests for clarification regarding this privacy notice, to the same addresses indicated above.