1.1 Name and address of responsible party
The party responsible for the processing of your data is:
2 Extent and Purpose of Collection, Processing and Use of Personal Data
Personal data is ‘any information relating to an identified or identifiable natural person’. Online identifiers, such as IP addresses may be considered as personalised data, unless they are deliberately made anonymous.
We process your personal data for the following purposes:
- Enquiries via contact forms
- Customer support
- Making an appointment
- Opening an account
- Orders (such as in our online shop)
- Applications (via online form or email)
- Marketing purposes
- Optimisation of the website (adapting the website to your needs)
- Defence against and recording of hacking attacks
- Generating usage statistics
- Needs assessment (such as via surveys and evaluations)
- Online meetings, product trainings or expert seminars
- Whistleblower message
2.1 Visits to the Website
When you visit our website, our servers temporarily store the following data in a log file, the so-called server log files:
- IP address of the requesting computer
- Date and time of access/retrieval
- Name and URL of the retrieved data
- Operating system of your computer and the browser you are using
- The country from which the access to our website occurred
- Name of your Internet access provider
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Last visited website
- Browser settings
- Language and version of browser software
- Activated browser plugins
We have a legitimate interest in temporarily storing your personal data and the log files. That legitimate interest is
- To accurately deliver the information on our website
- To optimise the content of our website and the advertising for it
- In the event of a cyber-attack, to provide law enforcement agencies any information necessary for law enforcement
- To continue to improve our services and our website
- To collect statistical data
- To process orders in our online shop
If you wish to subscribe to our newsletter, we need your email address.
After you sign up for our newsletter, our legitimate interest in processing your data lies in providing our existing business customers (business-to-business) with information and advertising about our products.
For the newsletter subscription, we use the so-called double opt-in procedure. This means that, after your give us your email address, we will send a confirmation email to the specified email address, requesting that you to confirm whether you wish to receive our newsletter. You can confirm by clicking on an activation link provided in the confirmation email.
The dispatch of our newsletter takes place via ‘MailChimp’, a newsletter delivery platform of the US vendor Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The email addresses of our newsletter recipients, as well as additional details mentioned here, are stored on MailChimp servers in the US. MailChimp uses this information for distribution purposes and to evaluate the newsletter on our behalf. In addition, MailChimp may use this data for optimising and improving its own services, such as email, technical optimisation of distribution and presentation of the newsletter or for economic purposes in order to determine which countries the recipients come from. However, MailChimp does not use data of our recipients to correspond directly with them with or with third parties. We have faith in the reliability of MailChimp and their data security measures. MailChimp is certified under the US-EU Data Protection Agreement ‘Privacy Shield’ and thereby commits itself to comply with EU data protection requirements. (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG).
You have the option to unsubscribe from our newsletter at any time. A link for cancelling the newsletter can be found at the end of every newsletter. To do this, click on the appropriate button in the newsletter that you receive. You also have the option of sending your request to the following email address: firstname.lastname@example.org .
2.3 Making Contact
On our website, you can get in touch with us by using the contact form and/or you can send us an email. The data collected on the contact form can be seen on the contact form in question.
- Contact form: https://www.siga.swiss/global_en/service/contact
- Academy registration: https://www.siga.swiss/global_en/services/academy
- Workshop registration: https://www.siga.swiss/global_en/services/workshop
- Webinar registration: https://www.siga.swiss/global_en/services/webinars
- Whistleblower message: https://www.siga.swiss/global_en/about-us/siga-whistleblowing-system
This data is stored and used only for the purposes of answering your request or for technical administrative purposes in order to make contact.
Our and your justified interest consists in responding to your request. If you are making contact in connection with the fulfilment of a contract to which you are a party, or within the context of pre-contractual steps, then this is an additional legal basis for processing your personal data.
You can always opt out of this data processing at any time. Please send your opt-out request to the following email address: email@example.com
2.4 Promotional Use
We use your personal data on the basis of our legitimate interest for the following purposes:
- For ongoing improvement of your shopping experience and to make it more customer-friendly and personal
- To communicate with you about your orders
- To communicate with existing business customers (business-to-business) from time to time about specific products or marketing campaigns that require your email address
- To recommend products or services that might interest you
At any time, you have the right to opt out of our direct mail or to unsubscribe from it: firstname.lastname@example.org
It is possible for you to offer comments. To do this, we need your name or a pseudonym. We request this information in order to permit transparent and personalised communications between authors and those making comments.
Additionally, your IP address and email address may be recorded or queried. This is done for our security in case someone leaves illegal content in their comments. Also, storing this information can prevent spam.
The personal information you provide will not be merged with other data.
2.6 Market Research
We do not use data collected in the context of market research for commercial purposes. Detailed information (in particular for evaluating your disclosures) can be found in the context of the survey or where you provide information. Your survey responses will not be disclosed to third parties or published.
The legal basis for the processing of your personal data is the existence of an agreement and/or a legitimate interest.
2.7 Online meetings
You have the option of logging into our homepage for online meetings. The mandatory information required for the organisation of online meetings is marked separately. Other information is voluntary.
SIGA will use your information to plan the execution of the online meeting and to contact you accordingly. During the course of the organisation of the online meeting, you will receive an appointment invitation from us sent to the email address provided.
2.7.1 Microsoft Teams
We use the “Microsoft Teams” tool in order to conduct teleconferences, online meetings, video conferences and/or online seminars (hereinafter referred to as: “online meetings”). “Microsoft Teams” is a service provided by Microsoft Corporation, which has its headquarters in the USA.
When using “Microsoft Teams”, various types of data are processed. The extent of the data depends on what data you provide before and during participation in an “online meeting”:
User information: First name, surname, phone number (optional), email address, password (if “single sign-on" is not used), profile image (optional),
Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
For dial-in over the phone: Information concerning the incoming and outgoing phone numbers, country name, start and end time. Where applicable, other connection data such as the IP address of the device may be stored.
Text, audio and video data: Where applicable, you have the option of using the chat, question or survey functions in an “online meeting”. The text input which you provide will be processed in this respect in order to display it in the “online meeting” and to record it where applicable. In order for video to be displayed and audio to be reproduced, the data from the microphone on your device and from any video camera your device may have will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time through the “Microsoft Teams” applications.
In order to participate in an “online meeting” and access the “meeting room”, you must at least provide your name.
If we want to record the “online meeting”, then we will communicate this to you transparently in advance and request consent. Recording will also be indicated in the “Microsoft Teams” app.
Where necessary for recording of the results of an online meeting, we will log the content of the chat. However, this will not usually be the case.
We may also process the questions asked by meeting participants for the purposes of recording and follow-up of the online meeting.
Automated decision-making within the meaning of Art. 22 of the GDPR is not used.
If you wish to take advantage of the services of our online shops at webshop.siga.swiss and shop.siga.swiss, you need to provide us with data required to process your order. Mandatory contractual obligations required for processing are marked separately. Additional information is voluntary.
During order processing, our service providers will receive the data necessary for orders and order processing. This data includes several items, such as your email address and telephone number, in order, for example, to set up an individual delivery date for you. More information about data protection at these vendors is available on their websites.
2.8.2 Setting up a Customer Account
When you open an account, you will be given password-protected direct access to the data that we have stored about you (such as your name and address). On your customer account, you can view data about orders you have placed and about orders recently dispatched.
To process your order, we need your correct name, address and numerical data. We need to have your email address so that we can confirm the receipt of your order and its shipping status, and also to communicate with you in general. We also use your email address for identification (your login name) when you log in to your account.
Customer accounts are not public and cannot be indexed by search engines. If you close your account, the related data, subject to legal retention requirements, will be deleted. If you terminate your contract before it ends, you are responsible for backing up your personal data. We reserve the right to permanently delete all data stored during the contract period.
2.8.3 Customer Accounts
You may use your account to log in to our online store.
If you do not log out of your account, you will remain automatically logged in for a certain period on the device used. This feature allows you faster access to the online store.
When you create an account or revise data you have previously provided, this data will be permanently stored in your account settings and can be used for future orders without re-entering it.
If you have set up an account at our online store, your personal data will be used to process your order and make it easy to process future orders. To prevent unauthorised third party access to your personal data, the ordering process is encrypted using TLS technology.
When you register or re-register for our online services, we store your IP address and the time of day for all user activity. Storage is based on our legitimate interests and protection against misuse and other unauthorised use. In principle, there is no disclosure of this data to third parties unless such is necessary for the pursuit of our claims or there is a legal obligation. We process usage data (such as web pages visited in connection with our online services, interest in our products) and content data (such as entries in a contact form or user profiles) for commercial purposes in a user profile so that we can make suggestions based on previously used services.
2.9 Online Applications
If you apply for a job with us, we will use your data in order to process your application. During the application process we will store information in our applicant database, such as your personal details, postal and contact addresses and other documents that are part of your application, including a cover letter, your CV and certificates. In addition, applicants may voluntarily submit additional information. This data is stored exclusively in connection with your application and will be analysed, edited and disclosed internally. The data may also be processed for statistical purposes (such as reporting). In this case, no conclusions regarding individuals would be possible. By submitting your application to us, you consent to the processing of your data for the purposes of the application process.
Apart from this, your application data will be processed by a host provider on our behalf on the basis of contracts pursuant to Article 28 of the General Data Protection Regulation (GDPR)
The legal basis for the processing of your personal data is a common interest in the processing of your application. If your application information is processed in connection with the fulfilment of a contract to which you are a party, or within the context of pre-contractual steps, then this will be an additional legal basis for processing your personal data.
If we enter into an employment contract with you, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the legal requirements. If the application process does not result in your employment, your personal records will be stored for six months and will then be deleted unless you have given us consent to use your information for further application procedures.
Quite aside from the foregoing, you have the option of deleting your electronic data at any time. Your deletion request may be sent to the person designated as a contact person or to: email@example.com .
We process and store your personal data only for the time needed to achieve the storage purpose or as provided by laws or regulations to which we are subject. If the storage purpose ceases to exist and a prescribed retention period expires, your data will be locked or deleted routinely and as required by law. If your data is not deleted because it is needed for other lawful purposes, processing will be restricted.
In addition, we will delete your data if you send a request to firstname.lastname@example.org and we have no legal or contractual retention obligations or other processing obligations with regard to such data.
4 Disclosure to Third Parties
We will disclose your personal data outside the SIGA group only if you have expressly agreed to this. We are obliged by law to have a legitimate interest in this or this must be necessary to enforce our rights, in particular the enforcement of claims arising from the contractual relationship. In addition, we will disclose your information to third parties if this is required for use of the website or is necessary to provide you the requested services. The use of the data disclosed to third parties is strictly restricted to the above-mentioned purposes.
We disclose certain items of your personal data to the following categories of recipients in the EU/EEA/CH areas, but at the same time we ensure the protection of your personal data:
- Companies of the SIGA Group
- Operators of information technology, financial and travel services
- Hosting providers
- Transport and logistics companies
- Official authorities
Your details are stored in our customer relationship management system (‘CRM’) are stored. We use the CRM system FileMaker/MS Dynamics on the basis of our legitimate interests (efficient and fast processing of user requests, customer service, marketing). To this end, we have entered into a contract with Microsoft containing so-called standard contractual clauses. Under this contract, Microsoft is committed to the processing of user data only in accordance with our instructions and in compliance with EU data protection standards. Microsoft is also certified under the Privacy Shield agreement and thus provides an additional guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK).
- External fonts from “fonts.com”. The fonts are integrated by means of a server call at “fonts.com”, a service of the third-party provider Monotype Imaging Holdings In. Privacy statement: https://www.monotype.com/legal/privacy-policy.
- Location detection is provided via Geo IP of the service “MaxMind” of the third-party provider MaxMind Inc. Privacy statement: https://www.maxmind.com/en/privacy-policy.
- Online survey tool of the service “Google Surveys” of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/.
- Social media management tool “Hootsuite” of the third-party provider Hootsuite Inc. Privacy statement: https://hootsuite.com/de/legal/privacy.
- Handling of booking requests for the SIGA Guesthouse via Protel from the third-party provider protel hotelsoftware GmbH, Europaplatz 8, 44269 Dortmund, Germany. Privacy statement: https://www.protel.net/de/rechtlich/privacy-policy/
When we employ subcontractors to provide our services, we make the appropriate legal arrangements as well as taking appropriate technical and organisational steps to ensure that your personal data is protected following the applicable legal provisions.
5 Transfer to Foreign Countries
On our website, we rely on the basis of a legitimate interest on so-called cookies. These are small text files that are stored by the browser on your mobile device. When you visit a website, a cookie may be stored on your operating system. This cookie contains a character string that allows unambiguous identification of the browser when you access the website again.
By means of a cookie, information and services on our website can be tailored to your needs. Cookies allow us to recognise visitors. The purpose of this recognition is to facilitate the use of our website.
We use temporary cookies. They are automatically deleted when you close your browser. These include especially session cookies. They store a so-called session ID that can assign several requests from your browser to a shared session. This allows your computer to be recognised when you return to the website. We use these types of cookies to ensure the operation and functionality of our website.
Preference cookies enable a website to remember information that affects the way a web page looks or behaves, including your preferred language or the region where you are.
You can view and delete the cookies stored on your computer and configure them generally in your browser settings. Further information can be obtained from the manufacturer or by using the help function of your Internet browser. However, disabling cookies may make some functions of our portal unavailable.
At the following links you can find out about the options available for this in the most frequently used browsers:
- Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
- Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB
- Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
7 Pixels, Local Storage and Similar Technologies
We also use other technologies such as web beacons and local storage. We use these technologies in order to determine which features are especially popular so that we can offer users a more personalised experience, and to adjust user-specific advertising.
Web beacons (also known as clear GIFs, tracking pixels or pixel tags) are small code units that are installed in or on a website, mobile app or advertisement. These web beacons can request specific information about your browser and your device, such as the operating system, browser type, device type and version, the referring webpage, the website visited, the IP address and other similar information.
Local storage is an industry-standard technology that enables a Web site or mobile app to store and retrieve data on a computer, mobile phone or other device.
8 Web Analytics and Tracking Tools
Our website uses features of the following web analytics and tracking services:
- Google Analytics
- Google AdWords
- Google Tag Manager
For details, see the explanations below..
8.1 Google (Universal) Analytics
We use Google Analytics in order to analyse activities on our sites across devices (cross-device tracking). This makes it possible to assign data, sessions and interactions across several devices to a pseudonymous user ID and thus analyse the activities of a user across devices.
The information generated by cookies about your use of this website (including your IP address) is usually sent to a Google server in the USA and stored there. Google has been certified under the Privacy Shield agreement and thus offers an additional guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google uses this information on our behalf in order to evaluate your use of our website, to compile reports about website activities and to provide us with other services related to website use and Internet use. The IP address provided by Google Analytics will not be merged with other Google data.
We use Google Analytics only with activated IP anonymisation. This means that user IP addresses
will be shortened by Google within the member states of the European Union or in other contracting countries of the European Economic Area Agreement. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
You may prevent Google from collecting and transferring data generated by cookies and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plugin available at the following link and installing it (https://tools.google.com/dlpage/gaoptout?hl=en). This will set an opt-out cookie, which prevents future collection of your information when you visit this website. However, you should be aware that you may not be able to use all the features of this website to their full extent in this case. To prevent Universal Analytics from tracking across various devices, you must opt-out on all systems that you use. More information on Universal Analytics is available at: https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376
8.2 Google AdWords
Based on legitimate interest, we use ‘Google AdWords, which is a component of the online advertising program Google Marketing Services.
Google AdWords creates a cookie on your computer (‘conversion cookie) if you arrived at our website via a Google ad. These cookies are no longer valid after 30 days. They do not contain personal data and thus are not used for personal identification. If you visit certain web pages on our website and the cookie has not yet expired, we as well as Google will know that you clicked on an ad and were directed to this page. Each Google AdWords advertiser has a separate cookie. Thus, there is no way that cookies can be tracked via the websites of AdWords clients. Information obtained using conversion cookies is used to generate conversion statistics for AdWords clients who have opted for conversion tracking. We receive no information that allows you to be identified individually.
The information collected by cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. Google has been certified under the Privacy Shield agreement and thus offers an additional guarantee of compliance with European data protection legislation.
You may opt out of Google’s content-related advertising. To do this you need to access the link https://www.google.com/settings/ads from all browsers that you use and adjust the desired settings there.
8.3 Google Tag Manager
For more information about Google’s data usage for marketing purposes, see the
If you wish to opt out of the interest-based advertising by Google Marketing Services, you may adjust the settings and opt-out options: http://www.google.com/ads/preferences.
We use functions of the Hotjar software (https://www.hotjar.com), Hotjar Ltd., St Julians Business Centre, 3, Elia Zammit Street St Julians STJ 1000, Malta) for improvements in the use of our website. Using Hotjar, we are able to analyse user behaviour on our website. To this end, Hotjar saves cookies on the user’s device and may save user information such as browser information, operating system, length of visit to the site, etc. This information about your use of this website generated by the cookies is generally communicated to a Hotjar Ltd. server and stored there. You can find out more about Hotjar Ltd.’s data security and processing at https://www.hotjar.com/privacy. You can use a browser plugin to prevent the information collected by cookies from being sent to Hotjar Ltd. and used. The following link leads to the appropriate plugin: https://www.hotjar.com/legal/compliance/opt-out.
9 Social Plugins
On our website, we have incorporated links to our social media profiles on the following social networks:
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
- Google Inc., 1600 Amphitheatre, Parkway, Mountain View, CA 94043, USA
- Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA
- Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
- YouTube, a service operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- LinkedIn Inc., 2029 Stierlin Ct, Mountain View, CA 94043, USA
- Xing SE, Dammtorstrasse 30, 20354 Hamburg, Germany
When you access a link to one of our social media profiles, a direct connection between your browser and the server of the social network in question is made. This provides the network with the information that you have visited our website with your IP address and called up the link. If you access a link to a network while logged in to your account on the relevant network, the contents of our page may be linked to your profile on the network, which means that the network might assign your visit to our website directly to your user account and we will receive your personal data such as name, e-mail, location, friends list and profile picture. From these data, we can provide certain functions on the web pages. To prevent this, you should log out before clicking on the corresponding links. In any case, an assignment will occur if you log on to the relevant network after clicking the link.
If you are logged on to a social network during your visit to our website via your user account, the provider may also assign the page visit to your user account. If you interact with a plugin, the corresponding information will also be transmitted directly to a server of the provider in the US and stored there. The information will also be posted to your account on the social network and displayed in your contacts.
Even if you are not logged in to the providers of the plugins while visiting our site, data collected by the plugins may be assigned under certain circumstances your user account. A plugin sets a cookie with an ID every time the web page is called up. Since your browser sends this cookie each time you connect to a server of the provider without being asked, the social networks could thus in principle create a profile of which website the user has called up that belongs to the identifier. If necessary, it would then be possible to assign this identifier to a person again later, for example, when logging in to the provider later.
In addition, you may choose the function ‘block third-party cookies’ in your browser settings, and then your browser will not send cookies to the social network server. With this setting, however, in addition to the plugins, other cross-page features of other providers may no longer work.
For more information on the purpose and scope of data collection and further processing and use of your personal data, please see the privacy policies of the various providers:
There you will also find further information on your rights in this respect and options to protect your privacy as well as information about your right to opt out of the creation of user profiles.
10 Your Rights
If the legal basis for processing is our legitimate interest in the processing of your personal data, you may object to such processing at any time and we will carefully review such concerns.
Similarly, you can at any time revoke your consent to processing your personal data.
In addition, you are entitled to the rights of access, rectification, cancellation, restriction and data portability with regard to your personal data. If you believe that the processing of your personal data violates data protection legislation or if your data protection claims have otherwise been violated in some way, you may also file a complaint with to the regulatory authority. In Switzerland this would be the Swiss Federal Data Protection and Information Commissioner (FDPIC).
Please contact us if you have any concerns, questions, suggestions or requests: email@example.com
11 Use of the Website by Minors
The website is aimed at an adult audience. It is prohibited for minors, especially minors under the age of 16, to transfer personally identifiable information to us or to register for a service. If we determine that such data has been transmitted to us, they will be deleted from our database. The parents (or the legal representatives) of the minor may get in touch with us and request deletion or cancellation.
12 Data security
We take technical and organisational precautions to protect your personal data against tampering, loss, destruction or access by unauthorised persons, and to protect your rights as well as to be in compliance with applicable data protection laws.
The measures taken are designed to ensure the confidentiality and integrity of your personal data and to ensure the availability and robustness of our systems and services in the processing of your personal data over the long term. These steps should also ensure the rapid restoration of data availability and access to in the event of a physical or technical incident.
Our data processing and security measures are continuously improved in line with technological developments.
We also take our own, in-house data protection very seriously. Our employees and the service companies engaged by us are sworn to observe confidentiality and to comply with data protection regulations. Moreover, they are allowed access to your information only to the extent necessary.
• First version
• EU-US Privacy Shield clauses deleted
• Addition of online meetings with Zoom & Hotjar
• Adjustment of Google address (new IE)
• Addition of new online shop shop.siga.swiss
• Contacts: Location EU now in Schönefeld
• Replacement of “Zoom” with “Microsoft Teams”
• Replacement of Google (Universal) Analytics with Google Analytics (as now Analytics 4) • Replacement of Google AdWords with Google Ads
• Addition of whistleblower form