Privacy Policy
With this Privacy Policy, we inform you about which personal data we process in connection with our activities and operations, including our qualitynow.ch website. In particular, we inform you about for what purpose, how and where we process which personal data. We also inform you about the rights of persons whose data we process.
Additional privacy policies and other legal documents such as General Terms and Conditions (GTC), terms of use or participation conditions may apply to individual or additional activities and operations.
We are subject to Swiss data protection law and, where applicable, to foreign data protection law, in particular that of the European Union (EU) with the European General Data Protection Regulation (GDPR).
By Decision of 26 July 2000, the European Commission recognized that Swiss data protection law ensures an adequate level of data protection. By Report of 15 January 2024, the European Commission confirmed this adequacy decision.
If you transmit or disclose to us data about other persons such as family members, colleagues, etc., we assume that you are authorized to do so and that such data is accurate. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this Privacy Policy.
1. Contact Addresses
Responsibility for the processing of personal data:
Quality.Now AG
Quality.Now AG
Turmstrasse 18
6312 Steinhausen
Switzerland
In individual cases, there may be other controllers responsible for the processing of personal data or joint controllership with at least one other controller.
1.1 Data Protection Officer or Data Protection Advisor
We have appointed the following Data Protection Officer or Data Protection Advisor as a contact point for data subjects and authorities for inquiries relating to data protection:
Data Protection Officer
Quality.Now AG
Turmstrasse 18
6312 Steinhausen
Switzerland
1.2 Data Protection Representative in the European Economic Area (EEA)
We have appointed the following Data Protection Representative pursuant to Art. 27 GDPR:
Andrej Korocencev
Albbrucker Straße 6
79804 Dogern
Germany
The Data Protection Representative serves as an additional contact point for data subjects and authorities in the European Union (EU) and the remaining European Economic Area (EEA) in connection with the GDPR.
2. Terms and Legal Bases
2.1 Terms
Personal data means all information relating to an identified or identifiable natural person. A data subject is a person about whom we process personal data.
Processing includes any handling of personal data, regardless of the means and procedures used, for example querying, comparing, adapting, archiving, storing, reading, disclosing, obtaining, collecting, deleting, revealing, arranging, organizing, saving, modifying, disseminating, linking, destroying and using personal data.
The European Economic Area (EEA) comprises the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.
The General Data Protection Regulation (GDPR) refers to the processing of personal data as processing of personal data and to the processing of particularly sensitive personal data as processing of special categories of personal data (Art. 9 GDPR).
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Data Protection Act, FADP) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).
Where and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:
- Art. 6(1)(b) GDPR for the necessary processing of personal data for the performance of a contract with the data subject and for the implementation of pre-contractual measures.
- Art. 6(1)(f) GDPR for the necessary processing of personal data to safeguard legitimate interests of ours or of third parties, provided that the fundamental freedoms and fundamental rights as well as the interests of the data subject do not prevail. Legitimate interests include in particular our interest in being able to carry out our activities and operations permanently, in a user-friendly, secure and reliable manner and to communicate about them, ensuring information security, protection against misuse, enforcement of our own legal claims and compliance with Swiss law.
- Art. 6(1)(c) GDPR for the necessary processing of personal data for compliance with a legal obligation to which we are subject under any applicable law of member states in the European Economic Area (EEA).
- Art. 6(1)(e) GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
- Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
- Art. 6(1)(d) GDPR for the necessary processing of personal data in order to protect vital interests of the data subject or another natural person.
3. Categories of Personal Data
We process various categories of personal data about you. The most important categories are as follows:
- Technical data: When you use our website or other electronic services, we collect technical data to ensure the functionality and security of these services. In particular, we may log the following information in log files for each access: IP address, date and time including time zone, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed page including amount of data transferred and the last visited website (referrer). The technical data alone generally does not allow any conclusions to be drawn about your identity. However, in connection with user accounts, registrations or the processing of contracts, it may be linked with other data categories (and thus possibly with your person).
- Registration data: Certain offers and services (e.g. login areas of our website) can only be used with a user account or registration, which may take place directly with us or via our external login service providers. In doing so, you must provide us with certain data, and we collect data about the use of the offer or service.
- Communication data: If you contact us by email, telephone or other means of communication, we record the data exchanged between you and us, including your contact details and the metadata of the communication.
- Master data: We refer to master data as the basic data that we require, in addition to contract data (see below), for the handling of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information, for example about your role and function. We process your master data if you are a customer or other business contact or work for such a person (e.g. as a contact person of the business partner), or because we wish to address you for our own purposes or the purposes of a contractual partner (e.g. within the framework of marketing and advertising, with newsletters, etc.). We receive master data from you yourself (e.g. within the framework of a registration), from entities for which you work, or from third parties such as our contractual partners, and from publicly accessible sources such as public registers or the Internet (websites, social media, etc.).
- Contract data: This includes data arising in connection with the conclusion of a contract or the performance of a contract, e.g. information about contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, the information required or used for processing and information about reactions.
- Other data: We also collect data from you in other situations. For example, in connection with official or court proceedings, data may arise that may also relate to you (such as files, evidence, etc.).
We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit it to third parties. Such third parties are in particular specialized providers whose services we use. We also ensure data protection with such third parties.
Many of the personal data mentioned in section 3 are disclosed to us by yourself, for example via forms, in the course of communication with us, when concluding contracts or when using the website. You are not obliged to do so, subject to individual cases, e.g. within the framework of binding protection concepts (legal obligations). If you wish to conclude contracts with us or use services, you must also provide us with data within the scope of your contractual obligation pursuant to the relevant contract, in particular master, contract and registration data. When using our website, the processing of technical data is unavoidable. If you wish to obtain access to certain systems, you must provide us with registration data. We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the exercise of our activities and operations, insofar as and to the extent such processing is permitted for legal reasons.
4. Purposes and Duration of Data Processing
We process your data for purposes in connection with communication with you, in particular to respond to inquiries and to assert your rights, and to contact you in case of follow-up questions. For this purpose, we use in particular communication data and master data and, in connection with offers and services used by you, also registration data. We retain this data in order to document our communication with you, for training purposes, for quality assurance and for follow-up inquiries.
We process data for the initiation, administration and performance of contractual relationships.
We process data for marketing purposes and for relationship management. This may take place, for example, in the form of newsletters and other regular contacts, via channels for which we have contact information from you, but also within the framework of individual marketing campaigns.
We process data to comply with laws, directives and recommendations of authorities and internal regulations (“compliance”).
We also process data for the purposes of our risk management and within the framework of prudent corporate governance, including business organization and corporate development.
We further process your data for market research and to improve our services and our operations.
We may also process your data for security purposes.
We may process your data for other purposes, for example within the framework of our internal processes and administration or for training and quality assurance purposes.
We process personal data for the duration that is necessary for the respective purpose or purposes or required by law, and as long as our legitimate interests in processing for documentation and evidentiary purposes require it or storage is technically necessary. Personal data whose processing is no longer necessary is anonymized or deleted.
5. Applications
We process personal data about applicants insofar as this is necessary to assess their suitability for an employment relationship or for the subsequent performance of an employment contract. The required personal data result in particular from the requested information, for example in the context of a job advertisement. We may publish job advertisements with the assistance of suitable third parties, for example in electronic and printed media or on job portals and job platforms.
We also process the personal data that applicants voluntarily provide or publish, in particular as part of cover letters, CVs and other application documents as well as online profiles.
We process – insofar and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data about applicants in particular in accordance with Art. 9 para. 2 lit. b GDPR.
We may allow applicants to store their details in our talent pool in order to consider them for future vacancies. We may also use such details to maintain contact and provide information about news. If we assume that an applicant is suitable for an open position based on the provided information, we may inform the applicant accordingly.
6. Data Security
We take appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. With our measures, we ensure in particular the confidentiality, availability, traceability and integrity of the processed personal data, but without being able to guarantee absolute data security.
Access to our website and our other online presence takes place by means of transport encryption (SSL / TLS, in particular using Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a small padlock in the address bar.
Our digital communication is subject – like in principle any digital communication – to mass surveillance without cause or suspicion by security authorities in Switzerland, in the rest of Europe, in the United States of America (USA) and in other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police authorities and other security authorities. We also cannot exclude the possibility that individual data subjects may be specifically monitored.
7. Personal Data Abroad
We process personal data in principle in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular in order to process it there or have it processed there.
We may export personal data to all states and territories on Earth and elsewhere in the universe, provided that the law there ensures an adequate level of data protection in accordance with the decision of the Swiss Federal Council and – insofar and to the extent that the General Data Protection Regulation (GDPR) is applicable – in accordance with the decision of the European Commission.
We may transfer personal data to countries whose laws do not ensure an adequate level of data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or with other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, for example the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, we will be happy to inform data subjects about any safeguards or provide a copy of any safeguards.
8. Rights of Data Subjects
8.1 Data Protection Claims
We grant data subjects all claims in accordance with the applicable data protection law. Data subjects have, in particular, the following rights:
- Access: Data subjects may request information as to whether we process personal data about them and, if so, which personal data are involved. Data subjects also receive the information required to assert their data protection claims and to ensure transparency. This includes the personal data processed as such, but also, among other things, information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries and the origin of the personal data.
- Rectification and restriction: Data subjects may rectify inaccurate personal data, complete incomplete data and request the restriction of the processing of their data.
- Erasure and objection: Data subjects may request the erasure of personal data (“right to be forgotten”) and object to the processing of their data with effect for the future.
- Data disclosure and data transfer: Data subjects may request the disclosure of personal data or the transfer of their data to another controller.
We may postpone, restrict or refuse the exercise of the rights of data subjects within the legally permissible framework. We may inform data subjects of any requirements to be fulfilled for the exercise of their data protection claims. For example, we may refuse to provide information in whole or in part with reference to trade secrets or the protection of other persons. For example, we may also refuse the erasure of personal data in whole or in part with reference to statutory retention obligations.
We may exceptionally provide for costs for the exercise of rights. We inform data subjects in advance of any costs.
We are obliged to identify data subjects who request information or assert other rights by means of appropriate measures. Data subjects are obliged to cooperate.
8.2 Legal Remedies
Data subjects have the right to enforce their data protection claims through legal proceedings or to file a report or complaint with a competent data protection supervisory authority.
The data protection supervisory authority for complaints by data subjects against private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
European data protection supervisory authorities for complaints by data subjects – insofar and to the extent that the General Data Protection Regulation (GDPR) is applicable – are organized as members of the European Data Protection Board (EDPB). In some member states in the European Economic Area (EEA), the data protection supervisory authorities are structured on a federal basis, in particular in Germany.
9. Use of the Website
9.1 Cookies
We may use cookies. Cookies – our own cookies (first-party cookies) as well as cookies from third parties whose services we use (third-party cookies) – are data that are stored in the browser. Such stored data need not be limited to traditional text-based cookies.
Cookies may be stored temporarily in the browser as “session cookies” or for a specific period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies make it possible, in particular, to recognize a browser on the next visit to our website and thereby, for example, measure the reach of our website. However, permanent cookies can also be used, for example, for online marketing.
Cookies can be deactivated and deleted in whole or in part at any time in the browser settings. Without cookies, our website may no longer be fully available. We actively request – at least insofar and to the extent necessary – explicit consent to the use of cookies.
9.2 Logging
As described in section 3, technical data may be logged each time our website is accessed.
9.3 Tracking Pixels
We may integrate tracking pixels into our online presence. Tracking pixels are also referred to as web beacons. Tracking pixels – including those of third parties whose services we use – are typically small, invisible images or scripts formulated in JavaScript that are automatically retrieved when our online presence is accessed. With tracking pixels, at least the same information as in log files can be collected.
10. Notifications and Communications
We send notifications and communications by e-mail and via other communication channels such as instant messaging or SMS.
10.1 Success and Reach Measurement
Notifications and communications may contain web links or tracking pixels that record whether an individual communication has been opened and which web links have been clicked. Such web links and tracking pixels may also record the use of notifications and communications on a personal basis. We require this statistical recording of usage for success and reach measurement in order to be able to send notifications and communications effectively and in a user-friendly manner as well as permanently, securely and reliably based on the needs and reading habits of the recipients.
10.2 Consent and Objection
You must in principle consent to the use of your e-mail address and your other contact addresses, unless the use is permissible for other legal reasons. For obtaining any double-confirmed consent, we may use the “double opt-in” procedure. In this case, you will receive a communication with instructions for double confirmation. We may log obtained consents including IP address and timestamp for evidentiary and security reasons.
You may in principle object at any time to receiving notifications and communications such as newsletters. With such an objection, you may at the same time object to the statistical recording of usage for success and reach measurement. Necessary notifications and communications in connection with our activities and operations remain reserved.
11. Social Media
We are present on social media platforms and other online platforms, for example on LinkedIn (https://ch.linkedin.com/company/quality-now), in order to communicate with interested persons and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
The general terms and conditions (GTC), terms of use, privacy policies and other provisions of the individual operators of such platforms also apply. These provisions provide information in particular about the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right of access.
12. Services of Third Parties
We use services of specialized third parties in order to be able to carry out our activities and operations permanently, in a user-friendly, secure and reliable manner. With such services, we can, among other things, embed functions and content into our website. In the case of such embedding, the services used collect, for technically compelling reasons, at least temporarily the IP addresses of users.
For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymized or pseudonymized form. This includes, for example, performance or usage data in order to be able to offer the respective service.
- Services of Microsoft: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General information on data protection: “Privacy at Microsoft”, “Data Protection and Privacy”, Privacy Statement, “Data and Privacy Settings”.
12.1 Digital Infrastructure
We use services of specialized third parties in order to make use of the required digital infrastructure in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.
We use in particular:
- Hostfactory: Hosting; Provider: OptimaNet Schweiz AG (Switzerland); Information on data protection: Privacy Policy.
12.2 Automation and Integration of Apps and Services
We use specialized platforms to integrate and connect existing apps and services of third parties. With such “no-code” platforms, we may also automate processes and activities with apps and services of third parties.
We use in particular:
- Microsoft Power Automate including Microsoft Power Platform: Integrated application platform; Provider: Microsoft; Microsoft Power Platform-specific information on data protection: “Compliance and Data Privacy”, “Data Storage and Governance”, “Security”.
12.3 Audio and Video Conferences
We use specialized services for audio and video conferences in order to communicate online. For example, we may hold virtual meetings or conduct online classes and webinars. Participation in audio and video conferences is also subject to the legal texts of the individual services, such as privacy policies and terms of use.
Depending on the life situation, we recommend muting the microphone by default when participating in audio or video conferences and blurring the background or displaying a virtual background.
12.4 Online Collaboration
We use third-party services to enable online collaboration. In addition to this privacy policy, any directly visible terms of the services used, such as terms of use or privacy policies, also apply.
We use in particular:
- Microsoft Teams: Platform for productive collaboration, in particular with audio and video conferences; Provider: Microsoft; Teams-specific information: “Privacy and Microsoft Teams”.
12.5 Maps
We use third-party services in order to embed maps into our website.
We use in particular:
- OpenStreetMap (OSM): Map service; Provider: OpenStreetMap Foundation (United Kingdom); Information on data protection: Privacy Policy.
13. Final Provisions
We may amend and supplement this privacy policy at any time. We will inform about such amendments and supplements in an appropriate manner, in particular by publishing the current privacy policy on our website.