Data Protection Policy
Purpose of data collection
The legal basis for the processing of personal data is as follows:
- Consent of the data subject;
- Establishment, execution and termination of a contractual relationship;
- Fulfillment of a legal obligation;
- Protection of the vital interests of the data subject;
- Safeguarding a legitimate interest of our company or a third party;
In doing so, we comply with both the DSV/ FADP (SR 235.1) and the GDPR / DSGVO. The FADP and the GDPR differ in certain terminology. The following terms are to be understood as synonyms according to the respective law:
| FADP | GDPR |
|---|---|
| Sensitive personal data | Special categories of personal data |
| Breach of data security | Personal data breach |
However, this is only a legal basis, if the interests, fundamental rights and freedoms of the data subject do not outweigh the interests of our company. Legitimate interests can be:
- Processing and transfer of personal data for internal or administrative purposes (Art. 31 FADP / Art.6 GDPR).
- Ensuring compliance with legal requirements, contractual obligations and industrial standards (Art. 31 FADP / Art.6 GDPR).
- Assertion, exercise or defense of legal claims (Art. 31 FADP / Art.6 GDPR).
- Avoiding damage and / or liability to our company (Art. 31 FADP / Art.6 GDPR).
Legitimate interests
Rights of the persons affected
You have the right
- To obtain information about your personal data processed by our company;
- To request the handout of your data in the restrictions of ZGB Art. 641 para. 2 or GDPR Art. 20 in a common electronic, machine-readable data format;
- To request us to correct your data if it is incorrect, inaccurate and / or incomplete;
- To ask us to delete your personal data immediately if one of the reasons listed in Art. 32 FADP or Art. 17 GDPR applies. Unfortunately, we are not allowed to delete data that is subject to a statutory retention period;
- To revoke your previously given consent;
- To request us to restrict processing if one of the conditions listed in Art. 18 FADP or Art. 18 GDPR is met;
Duty to provide information pursuant to Art. 19 para. 4 FADP
Information for applicants and employees
In order to guarantee our clients and candidates the best possible service, we also maintain locations in other European countries. In particular, our employees in Berlin (Germany) and Sofia (Bulgaria) have access to personal data to the same extent as our Swiss employees. In addition, we work with software companies that have their server locations in the UK and Ireland.
If you apply for a position in our company, we process and store your personal data. Therefore, we would like to inform you about the handling of your applicant data. Should you want to transmit data via email, then we suggest to use an encryption method.
Purpose of data collection
Prior entering our company or during the application process, we process your personal data exclusively for the purpose of communication and establishing a possible contractual relationship if the application is successful. During your employment, your personal data are mainly processed for the execution and / or termination of the contractual relationship.
Types of data that we process (Please note that the following list is not exhaustive):
Types of data that we process (Please note that the following list is not exhaustive):
- Applicant data; name, date of birth, curriculum vitae, nationality / work permit, knowledge, skills, experience history for the selection and recruitment process, entry and exit management
- Private contact details; address, telephone number, email (for the purpose of contacting)
- (optional) data in the context of personnel screening (e.g. police certificate of conduct, reliability check) – depending on the client and / or work location
- potential data subject to professional secrecy; e.g. health suitability data and any restrictions
- other data in personnel management: severe disability (if relevant), driver license holder
These types of data are also processed for employees:
- Identification / payment data; ID card data or work permit to identify and determine the legitimacy of employment, place of birth, marital status, tax identification number, health insurance membership, wage tax class, allowances, denomination for church tax, account number
- Health data e.g. for billing with health / accident insurance
- Time registration and access data, vacation times, working times
Data transfer to third parties
Retention periods
Personal data will only be disclosed if the data subject has given its consent or if there is a legal obligation to do so. Consent is given either by applying to one of our vacancies or by responding to a separate request. The RM Group is not responsible for compliance with data protection law by data recipients outside the company.
If you do not give your consent to the further storage and processing of your personal data in the event of an unsuccessful application, then these will be deleted. If accounting processes have been involved, such as reimbursement of travel expenses, the data required for this will be deleted, after taking into account the statutory retention periods (generally 10 years). If your profile is saved on the basis of consent, the data will only be deleted after the consent has been withdrawn. You can withdraw your consent at any time after the employment relationship has ended. Your data will then be deleted unless the statutory retention periods hasn’t come to an end yet.
Changes to this policy
Our privacy policy can be updated at any time. We therefore recommend that you check it regularly.
Status 03.01.2025
If you have any questions regarding data protection, please contact dataprotection@rmgroup.ch!
