We operate the website https://www.outsight-in.com and offer consulting services. As a service provider, the protection of your data and personal rights with regard to the collection, use and processing are important to us. Therefore, we only process your data in compliance with the relevant legal provisions: The following information refers to the Federal Act on Data Protection (FADP, CH) with consideration of the GDPR (General Data Protection Regulation, EU).
The controller’s data protection officer is:
OUTSIGHT-IN, Sabine Shah
In the following, we will show you whether and how we process your data:
1. Data Processing, storage, deletion
We only process personal data that we collect directly via our website and the linked applications, via external platforms or as part of the business relationship with our customers and other business partners. Processing only takes place after consent or if there is a corresponding legal basis.
Within the scope of giving consent, we will only process your data within the limits of this consent, unless one of the legal bases mentioned below applies. You can revoke your consent at any time, whereby processing actions that have already been carried out - legally - are not affected by this.
The following can be considered as a legal basis:
Consent of the data subject (Art. 13 para. 1 FADP or Art. 6 para. 1 lit. a GDPR);
Performance of the contract with the data subject as a contracting party or necessary pre-contractual measures at the request of the data subject (Art. 13 para. 2 lit. a FADP or Art. 6 para. 1 lit. b GDPR);
Compliance with necessary legal obligations of our company (Art. 13 para. 1 or Art. 6 para. 1 lit. c GDPR);
Performance or exercise of a task in the public interest (Art. 13 para. 1 FADP or Art. 6 para. 1 lit. e GDPR);
Legitimate interests of our company, provided that the interests of the data subject or their fundamental rights do not prevail (Art. 13 para. 1 FADP or Art. 6 para. 1 lit. f GDPR).
The personal data collected will be deleted as soon as it is no longer required for the stated purpose, or the purpose of storage no longer applies. On the other hand, storage must take place if the Swiss or European legislator provides for a corresponding obligation in the respective laws or regulations. Such obligations arise, among other things, from contract and tax law as well as from the provisions on commercial accounting. Business documents, contracts or accounting vouchers require a retention period of 10 years. This data, which also contains personal data but which we no longer need to provide our services, is blocked and subsequently used solely for accounting and tax purposes.
2. Transfer to third parties
While processing an order, it may be necessary to use the services of third parties. In this case, it may be necessary to pass on data to these external service providers to provide the services in accordance with the contract. The legal basis for passing on data is identical to the legal basis for lawful processing and can be found under digit 1. In any case, we contractually ensure that third parties commissioned to process your data comply with the requirements of data protection. Finally, under certain circumstances we may also be obliged by official and court order to hand over data to third parties or government agencies.
3. Provision of our services and creation of log files
Our system automatically collects and stores information in so-called log files as soon as you visit our website. These are:
Browser type and version
Internet service provider
Date and time
The data cannot be directly assigned to any person. The data collected and stored in this way is not merged with other personal data of yours and stored but is in our system. The legal basis for the collection and storage in log files is Art. 13 para. 2 lit. a FADP or Art. 6 para. 1 lit. f GDPR.
The storage in log files exclusively serves the functionality of our services. In addition, it supports their optimisation and ensures the security of our information technology systems. In any case, the log files are only stored if this corresponds to achieving the purpose of their collection. Deletion takes place automatically after each session.
The collection of your data and its storage in log files is necessary for the operation of our website; there is no possibility to object to this.
5. Right of information
As a data subject, you may request confirmation from us as to whether personal data concerning you is being processed by us. If this is the case, you have the right to information about the following (Art. 15 FADP):
The purposes for which the personal data are processed;
The categories of personal data that are processed;
The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
The planned duration of the storage of personal data relating to you or, if this is not possible, the criteria for determining this duration;
The existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by us or a right to object to such processing;
The existence of a right of appeal to a supervisory authority;
Any available information about the origin of personal data which has not been collected from you;
The existence of automated decision-making, including profiling, and meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You also have the right to request information on whether personal data concerning you is transferred to a third country or an international organisation, in which case you have the right to be informed about the appropriate safeguards in connection with the transfer.
6. Right to correction and modification
You have the right to request that we correct and/or complete any inaccurate and/or incomplete personal data relating to you without undue delay.
7. Right to deletion
You have the right to request that we delete personal data concerning you without delay, provided that one of the following reasons applies (Art. 17 FADP):
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
You withdraw your consent and there is no other legal basis for the processing;
You object to the processing on grounds relating to your particular situation and there are no overriding legitimate grounds for the processing or you object to the processing for the purposes of direct marketing;
The personal data concerning you has been processed unlawfully;
The erasure of the personal data concerning you is necessary for compliance with a legal obligation;
The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
8. Right to restrict processing
You - as the data subject - have the right to demand that we restrict processing if one of the following conditions is met (Article 18 GDPR):
The accuracy of the personal data is disputed. Restriction may be requested for the period of time that allows us to verify the accuracy of the personal data;
The processing is unlawful and you request restriction instead of deletion;
We no longer need the personal data for processing, but you need it to assert, exercise or defend legal claims;
You object to the processing.
If the processing of personal data relating to you is restricted, we may, except for their storage, only process the data with your consent or for the assertion, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of public interest.
If you have obtained a restriction of processing in accordance with the conditions, you will be informed by us before this restriction is lifted (Article 18 (3) GDPR).
9. Information and duty of notification to third parties
If we have made the personal data concerning you public and we are obliged to erase it pursuant to Art. 17 of the GDPR, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform the data controller processing the personal data that you have requested the erasure of all links to the personal data concerning you.
We will notify all recipients to whom personal data has been disclosed of any rectification or deletion of the personal data and any restrictions on processing unless this proves impossible or involves a disproportionate effort.
10. Exceptions to the right of deletion
The right to deletion does not apply if the processing is necessary for the exercise of the right to freedom of expression and information and/or for the assertion, exercise and/or defence of legal claims.
11. Right to data portability
You - as the data subject - have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data has been provided, provided that the processing is based on consent (Article 6(1)(a) GDPR or Article 9(2)(a) GDPR) or on a contract (Art. 6(1)(b) GDPR) and the processing is carried out with the help of automated procedures.
You also have the right to have the personal data concerning you transferred directly from us to another controller, insofar as this is technically feasible. The rights and freedoms of other persons must not be affected by this.
12. Right of objection
You - as the data subject - have the right to object at any time, on grounds relating to your situation, to the processing of personal data concerning you which is carried out based on Article 6(1)(e) or (f) GDPR (Article 21 GDPR). We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms. An additional exception is processing for the purpose of asserting, exercising, or defending legal claims.
If we process personal data relating to you for the purposes of direct marketing, you have the right to object at any time to the processing for the purposes of such marketing. If you object to the processing for the purpose, we will no longer use your personal data for this purpose.
13. Revocation consent
You have the right to revoke your consent at any time. This revocation does not affect the lawfulness of the - lawful - processing that has already taken place.
14. Right to complain to a supervisory authority
You have - without prejudice to any other administrative or judicial remedy - the right to lodge a complaint with a supervisory authority, at your place of residence (EU/CH), your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy (cf. Article 78 GDPR).
Version Sabine Shah, March 2022