General conditions on the processing of personal data in connection with service contracts.
In providing the services under the applicable Service Agreement, HanseMerkur Swiss Trust AG (hereinafter HMTS) processes personal data provided by the Client to HMTS for the purpose of providing the services (“Personal Data”). These General Terms and Conditions describe the data protection obligations and rights of the parties in connection with the processing of Personal Data for the provision of services by HMTS pursuant to the applicable Service Agreement.
B. Place of data processing
The processing of data by HMTS takes place in Switzerland, a member state of the European Economic Area (EEA) or a third country that guarantees an adequate level of data protection. The transfer of personal data to a third country or to an international organization requires the prior consent of the customer.
C. Scope of processing
HMTS processes personal data in good faith and in accordance with the principle of proportionality.
Personal data is processed by HMTS in the manner, to the extent and for the purpose of fulfilling the service contract concluded with the customer.
The duration of the processing corresponds to the duration of the service contract and ends with its expiry.
D. Requirements for HMTS employees
HMTS has committed all employees to confidentiality with regard to the processing of personal data.
HMTS ensures that employees who have access to personal data only process it on the instructions of HMTS.
E. Processing security
HMTS shall take all appropriate technical and organizational measures necessary to ensure data security, taking into account the state of the art, the nature, scope, circumstances and purpose of the Processing of Personal Data.
HMTS shall, in particular, take the necessary technical and organizational measures prior to the start of the Processing of Personal Data and maintain them for the duration of the Service Agreement and ensure that the Processing of Personal Data is carried out in accordance with such measures.
F. Use of other order processors / data processing by third parties
The Customer hereby authorizes in a general manner the use of further order processors by HMTS. The further order processors currently used by HMTS are as follows:
HMTS shall inform the Customer of any changes regarding the involvement or replacement of additional order processors. In case of changes, HMTS shall update the aforementioned list of additional order processors and make it available on the homepage. The Customer may object to this change. If the Customer raises an objection, HMTS shall be prohibited from using the relevant Order Processor on behalf of the Customer.
HMTS will contractually impose the same data protection obligations on any further Order Processor as apply to HMTS itself.
HMTS will check before placing the order and regularly during the execution of the order that the other order processors comply with the imposed data protection obligations and have taken suitable technical and organizational measures to this end.
G. Rights of the data subjects
HMTS will assist the Client(s) under the applicable service agreement to comply with the obligation to respond to requests for information from individuals about the processing of their data.
HMTS will in particular:
- inform the Client without delay if a Data Subject should contact HMTS directly with a request to exercise his/her rights in relation to Personal Data;
- provide the customer, upon request, with all existing information on the processing of personal data that the customer needs to respond to a request for information from a data subject and that the customer does not possess him/herself.
H. Other duties of HMTS
HMTS shall notify the Customer as soon as possible of any breach of data security, in particular any incidents resulting in the destruction, loss, alteration, unauthorized disclosure of or unauthorized access to personal data.
In the event that the Customer is required to notify the supervisory authority FDPIC pursuant to Art. 24 FADP (notification of data security breaches), HMTS will assist the Customer upon its request to comply with its obligations.
HMTS shall ensure that the processing of personal data is in accordance with these General Terms and Conditions as well as the instructions of the Customer.
HMTS shall maintain a data processing register. HMTS will provide the Customer with information on this register upon request.
I. Data deletion and return
Upon written instruction of the Client, HMTS will either completely and irrevocably delete all Personal Data upon termination of the Service Agreement or return it to the Client, unless there is a legal obligation for HMTS to continue to retain the Personal Data.
J. Changes in the conditions
Changes to these terms and conditions may be made by HMTS at any time, in particular to reflect new legal and regulatory requirements. Such amendments may be made unilaterally by HMTS and shall be notified to the Customer in advance in an appropriate manner.
In the absence of a written objection by the Customer within a period of one month, the amendments shall be deemed to have been approved.
On the subject of personal data, you can contact us at any time at firstname.lastname@example.org.