Data Privacy Policy
With this data protection policy, we inform you which personal data we process in connection with our activities, including our website (www.kalaidos.ch). In particular, we provide information on for what, how and where we process personal data. We also provide information about the rights of persons whose data we process.
Individual or additional activities may be subject to further legal documents such as General Terms and Conditions (GTC) or Terms of Use.
This privacy policy applies exclusively to the activities of Kalaidos Bildungsgruppe AG and Kalaidos ICT AG. For all other companies of the Kalaidos Education Group Switzerland, their own data protection declarations apply exclusively.
1 Contact addresses
Responsibility for the processing of personal data:
Christian Zumbach, Kalaidos Bildungsgruppe AG, Jungholzstrasse 43, 8050 Zurich
Data Security and Data Protection Commissioner:
Caroline Boeriis, Kalaidos Bildungsgruppe AG, Jungholzstrasse 43, 8050 Zurich
We point out if other persons are responsible for processing personal data in individual cases.
2 Terms and legal bases
2.1 Terms
Personal data is any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed.
"Processing" includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, collection, deletion, modification, destruction and use of personal data.
2.2 Legal basis
We process personal data in accordance with Swiss data protection laws, such as, and in particular the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (DPO).
3 Method, scope and purpose
We process the personal data required to carry out our activities in a permanent, user-friendly, secure and reliable manner. Such personal data may, in particular, fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales data and contract and payment data.
We process personal data for the duration required for the respective purpose or by law. Personal data for which processing is no longer necessary are anonymised or deleted.
We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit it to third parties. Such third parties are, in particular, specialised providers whose services we use. We also guarantee data protection for such third parties.
We only process personal data with the data subject's consent unless the processing is permitted for other legal reasons. Processing without consent may be permissible, for example, for the performance of a contract with the data subject and for corresponding pre-contractual measures in order to protect our overriding legitimate interests when the processing is evident from the circumstances or after prior information.
In this context, we process in particular information that a data subject voluntarily provides to us when contacting us. We may store such information, for example, in an address directory or with similar tools. If we receive data about other persons, the transmitting persons are obliged to guarantee data protection vis-à-vis these persons and to ensure the accuracy of this personal data.
We also process personal data that we receive from third parties, obtain from publicly available sources or collect in the course of our activities, if and to the extent that such processing is permitted for legal reasons.
4 Job applications
We process personal data about applicants to the extent necessary for assessing their suitability for an employment relationship or the subsequent implementation of an employment contract. The necessary personal data result in particular from the information requested, for example, in the context of a job advertisement. We also process personal data that applicants voluntarily provide or publish, particularly as part of cover letters, CVs and other application documents, and online profiles.
Submitted application documents will be deleted five months after rejection, unless otherwise agreed. The same applies to applications in paper form; they will be physically destroyed.
However, with the applicant's consent, we will store their personal data and application documents for up to 24 months in order to be able to consider the application with regard to any future vacancies.
We reserve the right to process data for the assertion, exercise or defence of legal claims or with regard to other justifications that allow the data to be stored beyond the aforementioned periods in individual cases.
5 Personal data abroad
We process personal data in Switzerland as a matter of principle. However, we may also disclose or export personal data to other countries, in particular, in order to process it or have it processed there.
We may disclose personal data to all states and territories provided that the law there guarantees adequate data protection in the assessment of the Federal Data Protection and Information Commissioner (FDPIC) or in accordance with the decision of the Federal Council.
We may disclose personal data to countries whose laws do not ensure adequate data protection, provided that adequate data protection is ensured for other reasons, for example, through appropriate contractual agreements, based on standard data protection clauses or with other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the particular data protection law requirements are met, for example, the express consent of the data subjects or a direct connection with the conclusion or performance of a contract.
6 Rights of data subjects
Data subjects about whom we process personal data have rights under Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of the personal data processed.
Data subjects about whom we process personal data have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
7 Data security
We take suitable technical and organisational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security.
Like all digital communication in principle, our digital communication is subject to mass surveillance without cause or suspicion and other monitoring by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We cannot directly influence the corresponding processing of personal data by secret services, police agencies and other security authorities.
8 Use of the website
8.1 Cookies
We may use cookies. Cookies - both own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) - are data stored in the browser. Such stored data need not be limited to traditional cookies in text form.
Cookies can be temporarily stored in the browser as session cookies or for a certain period as persistent cookies. Session cookies are automatically deleted when the browser is closed. Permanent cookies have a specific storage period. Cookies make it possible, in particular, to recognise a browser the next time it visits our website and thus, for example, to measure the reach of our website. Permanent cookies can also be used for online marketing.
Cookies can be completely or partially deactivated and deleted in the browser settings at any time. Without cookies, our website may no longer be fully available.
8.2 Tracking pixel
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels - including those from third parties whose services we use - are small, usually invisible images that are automatically retrieved when you visit our website. Counting pixels can be used to record the following information: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-pages of our website called up including the amount of data transferred, website last called up in the same browser window (referrer).
9 Third-party services
We use services from specialised third parties in order to carry out our activities in a durable, user-friendly, secure and reliable manner. With such services, we can, among other things, embed functions and content on our website. In the case of such embedding, the services used record the Internet Protocol (IP) addresses of the users, at least temporarily, for technically compelling reasons.
For necessary security-related, statistical and technical purposes, third parties whose services we use may process data related to our activities in an aggregated, anonymised or pseudonymised form. This is, for example, performance or usage data to be able to offer the respective service.
In particular, we use:
- Google services: Provider: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; general information on data protection: "Privacy and Security Principles", "Privacy Policy".
9.1 Map material
We use third-party services to embed maps on our website. In particular, we use:
- Google Maps including Google Maps Platform: mapping service; provider: Google; Google Maps-specific information: "How Google uses location information".
9.2 Fonts
We use third-party services to embed selected fonts as well as icons, logos and symbols on our website.
In particular, we use:
- Google Fonts: fonts; provider: Google; Google Fonts-specific information: "Privacy and Google Fonts", "Privacy and Data Collection".
9.3 Audio and video conferencing
We use specialised audio and video conferencing services to communicate online. We can use them, for example, to hold virtual meetings or to conduct online lessons and webinars. For participation in audio and video conferences, the legal texts of the individual services, such as data protection declarations and terms of use, also apply.
Depending on the life situation, we recommend muting the microphone by default when participating in audio or video conferences and blurring the background or having a superimposed virtual background.
In particular, we use:
- Microsoft Teams: a platform for telephony audio and video conferencing, among other things; provider: Microsoft; Teams-specific information: "Data protection and Microsoft Teams".
10 Success and reach measurement
We use services and programmes to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our activities as well as the effect of third-party links to our website. Based on the success and reach measurement results, we can, in particular, correct errors, strengthen popular content or make improvements to our online offer.
When using services and programmes for performance and reach measurement, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are always shortened ("IP masking") in order to follow the principle of data economy through the corresponding pseudonymisation and thus to improve the data protection of users.
When using services and programmes for performance and reach measurement, cookies may be used, and user profiles may be created. User profiles include, for example, the pages visited or content viewed on our website, information on the size of the screen or browser window and the - at least approximate - location. As a matter of principle, user profiles are only created pseudonymously. We do not use user profiles to identify individual users. Individual services of third parties with which users are registered may be able to assign the use of our online services to the user account or user profile of the respective service.
We use in particular:
- Siteimprove Analytics: performance and reach measurement; provider: Siteimprove A/S (Denmark); data protection information: "Privacy and Security", "Privacy Policy" ("Siteimprove Intelligence Platform"), "Privacy Policy" (website and social media), "Information Security Notice".
11 Video surveillance
We use video surveillance for the prevention of criminal offences and the preservation of evidence in the event of criminal offences, as well as for the exercise of our house rights.
We store recordings from our video surveillance for as long as needed to preserve evidence. As a rule, the recordings are deleted or overwritten after seven days.
We may secure recordings based on legal obligations to enforce our own legal claims and in the event of suspected criminal offences, as well as transmit them to competent bodies such as, in particular, court or law enforcement authorities.
12 Final provisions
We have created this data protection declaration with the data protection generator of Datenschutzpartner and last updated it in February 2024.
We can adapt and supplement this data protection declaration at any time. We will inform you about such adjustments and additions in an appropriate form, in particular by publishing the respective current data protection declaration on our website.
Contact
Kalaidos Education Group
Jungholzstrasse 43
8050 Zurich
Telefon +41 44 307 31 16
postfach@kalaidos.ch