Privacy Notice

Who We Are

ELCA is one of the biggest independent Swiss full-service providers for business and technology solutions, and a leader in the fields of IT business consulting, software development and maintenance, and IT systems integration. ELCA solutions reduce complexity and increase innovation cycles, improve business outcomes and customer satisfaction.

 

The privately-owned company, with more than 1700 experts, has branches in Lausanne, Zurich, Rapperswil, Geneva, Bern, Basel, Amsterdam, Paris, Madrid, Granada (https://www.elca.ch), Mauritius (https://www.elca.ch/en/elca-mauritius) and Ho Chi Minh City (https://www.elca.vn/en, offshore development), and sales offices (Secutix) in several locations in EU and US, all operating according to a common process framework. Because we have engineering, product, and support operations distributed in the various locations mentioned and due to our broad range of services offered, Personal Data may be processed in, or accessed from these locations depending on each service, product or solution.

 

Most information is hosted by ELCA Cloud Services in Switzerland; however, depending on the region from which it is originating from, some information will be hosted at Amazon Web Services in the US (Virginia), EU (Dublin & Frankfurt), Oracle Cloud Infrastructure in US (Ashburn), UK (London), EU (Milan) and AU (Sydney), Microsoft Azure in CH and Salesforce in EU (Frankfurt & Paris). In addition, through our remote work environment, we may have employees or contractors who access the data from other countries.

 

If you have a privacy question or a question about this notice, you may contact the ELCA privacy team at privacy@elca.ch. We appreciate the opportunity to address your questions and concerns.

Our Data Values

  • Embedding privacy. We strive to embed privacy into our strategy and operations to continually manage privacy compliance and risk.
  • Responsible use. We help to promote responsible data use among our businesses and suppliers.
  • Purpose driven. We only collect, use, and share the information needed to provide and operate our solutions and to help our customers meet their accountability and regulatory compliance needs.
  • Always improving. We process data about the use of our solutions and the way we operate our own business in order to help us better understand the needs of our customers, prospects, and other stakeholders, and to continue to improve user experience, features, and functionality of our solutions.

Individual Rights

Depending on your location, you may have basic rights under privacy and data protection laws related to the data we process about you. You may exercise those rights by emailing privacy@elca.ch.

 

These rights are free in most cases, and we will aim to respond to your request within 30 days or the specific timeframe required by the applicable laws. We will honor the requests you make related to your rights as the law allows, which means in some cases there may be legal or other official reasons that we may not be able to address the specific request you make related to your rights. The rights relate to:

 

Access to the personal data we process about you;

Correction of inaccurate or incomplete personal data about you;

Deletion of personal data about you;

Restriction, temporarily or permanently, on our processing of some or all personal data about you;

Transfer of personal data to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated; and

Opt-out or object to our use of personal data about you, where either:

  • our use is based on your consent or our legitimate interests, or
  • you do not want us to share with third-parties data related to cookies and similar technologies for website functionality or advertising purposes.

When you submit an individual rights request, you are consenting to us using your information to respond to your request. We will communicate with you via email. If you wish to withdraw your consent for us to respond to your request, you may do so via that email.

Your Personal data

See chart below followed by more information in expandable sections.

 

What is Personal Data?

 

The data we process (collect, use, and share) about you depends on who you are and how we interact with you. Personal Data is data that identifies you or that makes you identifiable. It includes data that could be used to identify, locate, track, or contact you. Listed below is a reference chart to indicate the activities in which we collect personal data on or from you. These activities may overlap, for example, a customer may visit our website. Below the chart, we provide more specific information on these activities.

 

If you provide any personal data to us online, such as by filling out a form, attending an event, or through cookies (tracking technologies), we only use this information with your consent. You may withdraw your consent at any time by clicking the “unsubscribe” link in the email communications we send to you or via the Cookie Preferences manager.

 

 

 

Website Visitors

Customers / Partners

Personnel / Applicant

 

Those who visit our websites or online properties

Those who are customers, business partners, or express interest in our solutions or content

Those who are employees, direct contractors, job applicants, or former employees

ONLINE ACTIVITIES

     

Online Forms

x

x

x

Cookies, other passive trackers

x

x

x

Server log files

x

x

x

Other online activities

x

x

x

COMMUNICATION & ENGAGEMENT

     

Suggestions, Complaints, Inquiries

x

x

x

Opinion / Feedback Surveys

x

x

x

Customer Engagement

 

x

 

Webinars

x

x

x

Interest in our Solutions

x

x

x

Marketing Communications

x

x

x

Telephone / Video Calls

x

x

x

Contracts / Relationship Management

 

x

x

USING OUR SERVICES & SOLUTIONS

     

B2B (Business-facing)

x

x

x

B2C (Consumer-facing)

x

x

x

EMPLOYEMENT-RELATED

     

Employment Activities

   

x

Using Devices for Work Activities

   

x

ELCA’s Personnel Scope of Work

   

x

Keeping and Securing Your Personal data

We will keep personal data about you for as long as we provide solutions to you or your company; as long as you work for or with us; as long as we are addressing a concern, question, complaint, or request you have made to us; as applicable to our interactions with you; as long as the law requires us to do so; or for the time period we need to maintain the information, e.g., to respond to investigations or lawsuits. If we have a contract or other agreement with you or your company, we will follow the retention obligations of that agreement.

 

We may keep data longer if we have a legal obligation to keep it or to maintain necessary records for legal, financial, compliance, or other reporting obligations, and to enforce our rights and agreements. We also may keep data about you for statistical analysis or research purposes.

 

We take appropriate security measures to protect personal data against loss, misuse, and unauthorized access, alteration, disclosure or destruction. We also have implemented measures to maintain the ongoing confidentiality, integrity and availability of the systems and services that process personal data and will restore the availability and access to data in a timely manner in the event of a physical or technical incident.

Sharing Your Personal Information

At ELCA, we only share personal data in ways that we tell you about. We do not sell or rent personal data to third parties, and we do not share personal data with third parties that are not owned by us, under our control or direction, or in a direct business relationship with us except as described in this Notice.

 

Service providers / Vendors. We share personal data with service providers / vendors that help us with our business activities. Service providers support us in processing the types of personal data described above in the section “What personal data” and for the purposes described in the section “Why do we process personal data.” They only are authorized to process that information as necessary and as directed by us. Some of these providers qualify as “sub processors” under the General Data Protection Regulation (GDPR) because they are used in the provision of services that our customer purchase, in which case the list will be included in any relevant agreement like a DPA (Data Processing Agreement).

 

Business partners. ELCA forms a variety of partnership relationships, to whom we may share your information legitimately under one of the reasons described in the Notice or receive information from them. We only permit partners to process your information as necessary and directed by us. In some cases, the partners may be contracted through ELCA, such as customers who purchase our services through one of our partners. In other cases, partners may share your information with us, and their privacy notices will also apply.

 

Third-party cookies and similar technologies. While ELCA does not sell personal data to third parties, ELCA does share data related to cookies and similar technologies with third parties to evaluate and optimize the performance of and analyze your use of our online services and for advertising purposes. You may choose to consent to our use of these technologies, reject non-essential technologies, or further manage your preference with our Cookie Preferences.

 

Required by law. If we are required to disclose personal data as part of a legal process, we will take commercially reasonable steps to inform you as part of that process. We may also be required to disclose personal data in response to lawful requests by government authorities, including law enforcement. Some of these requests may be by regulatory oversight agencies investigating a complaint where others may be by law enforcement looking for information.

 

Safety, fraud prevention, government requests and protection of our rights are all reasons where we may share personal data where we believe in good faith it is necessary.

 

Mergers, acquisitions, divestitures, but only if the acquiring organization agrees to this Notice’s protections, where this is within our control. If we are under the control of a court, such as bankruptcy proceedings, we may not have full authority to ensure this protection.

International Data Transfers

ELCA is headquartered in Switzerland and personal data we process will be transferred to or accessed from Switzerland or through our subsidiaries in the EU, Vietnam, Mauritius or other locations.

 

Customers have the option for their data to be hosted in the United States, Australia, Switzerland or EU. Customers should make sure that their notices reflect our transfer arrangements for their Data Subjects. Customers can refer to ELCA TOMs (Technical and Organizational Measures) for more information on how we protect customer data in international transfers.

 

This means that we may transfer, access, or store personal data about you outside of the European Economic Area (“EEA”), Switzerland, the United Kingdom or another country that requires legal protections for international data transfer. When we do, we will ensure that an adequate level of protection is provided for the information by using one or more of the following approaches:

 

  • We may transfer personal data to countries that have privacy laws that have been recognized by the country from which the data are transferred as providing similar protections for the data (“Adequacy”).
  • We may enter into written agreements, such as Standard Contractual Clauses (SCC) and other data transfer agreements, with recipients that require them to provide the same level of protection for the data.
  • We may seek your consent for transfers of your personal data for specific purposes.
  • We may rely on other transfer mechanisms approved by authorities in the country from which the data are transferred.

Business Information and Links to Other Sites

In the course of using our services, we may ask you to provide business information related to the company where you work. Business information may include information about your company’s practices, policies, processes, and supporting documentation. This business information is stored on ELCA systems, and we use it to provide the solutions you have contracted us to provide and in accordance with the terms and conditions set forth in agreements between ELCA and your company.

 

Links to other websites – This Notice applies only to ELCA practices, technologies, solutions and services. Our online properties may include links to websites and online services that are operated by other companies not under the control or direction of ELCA. If you provide or submit personal data to those websites or online services, the privacy policies on those websites or online services apply to your personal data. We encourage you to carefully read the privacy policies of any website you visit.

Changes to this Notice

We may make changes to this Notice from time to time based on changes to applicable laws and regulations or other requirements applicable to us, changes in technology, or changes to our business. New laws and decisions occur relatively frequently but may not impact this Notice. Any changes we make to the Notice in the future will be posted on this page, and where we change this Notice in substantive ways that also affect how we process personal data about you, please visit our website regularly to make yourself aware of such changes. Change from January, 1st 2022.

By continuing to browse this site, you accept the use of cookies or similar technologies whose purpose is to produce statistics on visits to our site (tests and measurement of visitor numbers, visit frequency, page views and performance) and to offer you content and promotions which will be of interest to you.

Our cookie policy has been updated. Please feel free to manage your preferences.

close
save

Manage your cookie preferences

Update your cookie preferences

Find out about the type of cookies stored on your device, accept or block them for the entire site, all services or on a service-by-service basis.

OK, accept all

Disable all

Visitor flow

These cookies provide us with insight into traffic sources and allow us to better understand our visitors anonymously.

(Google Analytics and CrazyEgg)

New

Sharing tool

Social media cookies allow content sharing on your preferred networks.

(ShareThis)

New

Visitor understanding

These cookies are used to track visitors across websites.

The intention is to enable us to offer more relevant, targeted content to existing contacts (ClickDimensions) and display ads that are relevant and engaging for users (Facebook Pixels).

 

New
For more information about these cookies and our cookie policy, click here